Compare commits

...

64 Commits

Author SHA1 Message Date
xiaojunnuo f2855d6dac feat: 支持审计日志,操作日志 2026-07-12 02:29:54 +08:00
xiaojunnuo 4250d0e266 chore: audit log first 2026-07-10 19:24:42 +08:00
xiaojunnuo edda1b57f3 chore: 火山vod 上传后等待3秒 2026-07-09 19:09:08 +08:00
xiaojunnuo 5a7766992d chore: 修复update domain传参问题 2026-07-09 16:42:48 +08:00
xiaojunnuo 02dabe11db fix: 修复火山引擎查不到自定义源站域名的问题 2026-07-09 16:39:08 +08:00
xiaojunnuo 58024128d8 Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev 2026-07-09 14:47:33 +08:00
xiaojunnuo e44bf9d773 fix: 修复火山引擎自定义源站域名查询不到的问题 2026-07-09 14:47:05 +08:00
xiaojunnuo 1114223bda build: release 2026-07-09 00:00:53 +08:00
xiaojunnuo 55022e5fa6 build: publish 2026-07-08 23:48:41 +08:00
xiaojunnuo ae732fb298 build: trigger build image 2026-07-08 23:48:29 +08:00
xiaojunnuo a6ef6996c3 v1.42.3 2026-07-08 23:47:40 +08:00
xiaojunnuo 97cf5e127b build: prepare to build 2026-07-08 23:45:42 +08:00
xiaojunnuo 690df7373c chore: 旧版数据兼容性的ai 提示 2026-07-08 12:04:07 +08:00
xiaojunnuo 9cc01e5da1 Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev 2026-07-08 11:51:35 +08:00
xiaojunnuo 0a068a2746 fix(volcengine-alb): 修复火山引擎ALB 默认证书部署类型会部署到扩展证书的问题 2026-07-08 11:51:26 +08:00
xiaojunnuo 85a239ff8c build: release 2026-07-07 21:20:19 +08:00
xiaojunnuo a545a28dfb Merge branch 'v2' of https://github.com/certd/certd into v2 2026-07-07 21:18:51 +08:00
xiaojunnuo ac876a980c build: release 2026-07-07 21:15:16 +08:00
xiaojunnuo 4b555e8a56 build: publish 2026-07-07 20:04:20 +08:00
xiaojunnuo 1a8d14dc44 build: trigger build image 2026-07-07 20:04:08 +08:00
xiaojunnuo 83263a72d2 v1.42.2 2026-07-07 19:59:41 +08:00
xiaojunnuo 76f3ba8691 build: prepare to build 2026-07-07 19:56:46 +08:00
xiaojunnuo 072edd7aff fix: 修复cname用阿里云校验时报找不到runtimeDepsService的错误 2026-07-07 19:51:23 +08:00
猫爪子 c0be4d702c fix(certd-server): 修复 AWS 中国区 CloudFront 证书部署问题 (#764) @yw-mao
- 修复证书链拆分,保留 END CERTIFICATE 结尾标记,避免 MalformedCertificate
- 更新 CloudFront 时构造干净的 IAM ViewerCertificate,强制 sni-only,
  解决 InvalidViewerCertificate 及中国区不支持 vip 的报错
- 部署完成后清理被替换掉的旧 IAM 证书,避免续期堆积
- IAM/CloudFront 权限不足时抛出可读中文提示,便于运维排查

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-07 16:20:07 +08:00
xiaojunnuo c3d6db3f1e fix: 修复AsiaIsp CDN证书重复情况下部署失败的问题 2026-07-07 14:15:09 +08:00
xiaojunnuo e05ec53eb5 chore: 1 2026-07-07 10:21:01 +08:00
xiaojunnuo 8d9dad9c82 fix: 修复企业模式下弹出邮箱绑定提醒的问题 2026-07-07 09:43:10 +08:00
xiaojunnuo 0071bcb0e4 fix: 修复火山视频点播源站选择不到自定义源站的bug 2026-07-07 09:42:41 +08:00
xiaojunnuo dbdc1ccd1b build: release 2026-07-07 00:35:25 +08:00
xiaojunnuo 2a606fdb1d build: publish 2026-07-07 00:22:06 +08:00
xiaojunnuo 3b86f30bcf build: trigger build image 2026-07-07 00:21:54 +08:00
xiaojunnuo 7808d028e9 v1.42.1 2026-07-07 00:20:58 +08:00
xiaojunnuo 04bcf73b8b build: prepare to build 2026-07-07 00:18:40 +08:00
xiaojunnuo 1f8179d519 build: prepare to build 2026-07-07 00:14:50 +08:00
xiaojunnuo 3ffd8946f8 Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev 2026-07-07 00:12:46 +08:00
xiaojunnuo c78898e4c1 perf(certd-server): 使用 jks-go转换jks证书,大幅精简镜像大小 2026-07-07 00:12:37 +08:00
xiaojunnuo d3e4677ea4 perf(pipeline): 将默认历史保留条数从30调整为100
统一修改所有新建流水线场景下的默认keepHistoryCount配置,提升历史记录留存数量
2026-07-06 19:56:54 +08:00
xiaojunnuo d176f9cc0e fix: 修复多域名无法使用passkey登录的bug 2026-07-06 14:34:05 +08:00
xiaojunnuo a65366bbe1 fix: 修复企业模式下登录报projectId不能为空的问题 2026-07-06 13:52:56 +08:00
xiaojunnuo 20cfe74b17 build: release 2026-07-05 21:41:50 +08:00
xiaojunnuo b74db81304 fix(login): 修复输入法 composing 状态下回车触发提交的问题
优化登录页面的回车提交逻辑,避免中文输入法输入过程中按回车误触发表单提交
2026-07-05 21:37:09 +08:00
xiaojunnuo a8adbda04a refactor(runtime-deps): 调整依赖相关类为单例并修复相关逻辑
1. 将NpmRegistryResolver和RuntimeDepsService从请求作用域改为单例作用域
2. 为RuntimeDepsService的安装缓存添加node_modules存在性校验
3. 优化锁文件删除逻辑,处理Windows下文件句柄未立即释放的问题
4. 跳过并修复了清理运行时依赖目录的测试用例
2026-07-05 20:30:00 +08:00
xiaojunnuo 3e80d30ca6 chore: 调整dockerfile 2026-07-05 19:51:08 +08:00
xiaojunnuo 2eb54d50a5 chore(certd-server): adjust dependency installation and docker build steps
调整了依赖包的安装位置,将cross-env和mwtsc移到devDependencies,同时修改Dockerfile中的安装命令:先安装完整依赖构建,再清理非生产依赖,并在最终镜像中仅安装生产依赖
2026-07-05 19:45:49 +08:00
xiaojunnuo 6995308c17 build(certd-server): 调整cross-env依赖的安装位置
将cross-env从devDependencies移动到dependencies中,统一管理运行时依赖
2026-07-05 19:36:41 +08:00
xiaojunnuo 0738d120ae build: publish 2026-07-05 19:31:22 +08:00
xiaojunnuo bad6879589 build: trigger build image 2026-07-05 19:31:10 +08:00
xiaojunnuo b46948c0ba v1.42.0 2026-07-05 19:23:49 +08:00
xiaojunnuo 3024720fc2 build: prepare to build 2026-07-05 19:21:52 +08:00
xiaojunnuo cf854c9278 chore(access-selector): add auto select first item function
1. 为access-selector组件添加defaultSelect属性支持自动选中第一个匹配项
2. 补全组件的typescript语法支持,新增onMounted等依赖导入
3. 在证书申请插件中启用默认选中功能
2026-07-05 01:40:08 +08:00
xiaojunnuo 608cc2a81f perf: 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 2026-07-05 01:14:48 +08:00
xiaojunnuo 396670dc8f chore(locales,plugin): 更新多语言文案并优化插件依赖提示
1. 修复中文文案中"sourcee"拼写错误为"来源"
2. 将插件列表启用禁用列的提示文案替换为更简洁的"点击启用/禁用"
3. 完善插件依赖和第三方依赖的帮助提示,添加格式示例说明
2026-07-04 22:31:46 +08:00
xiaojunnuo 79f65868ca perf(passkey): passkey支持多域名rpid 2026-07-04 21:56:35 +08:00
xiaojunnuo 56e5524a0f perf(cert-plugin): 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 2026-07-04 17:01:02 +08:00
xiaojunnuo 1ae185d0bc fix(aliyun): 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug 2026-07-03 00:21:50 +08:00
xiaojunnuo 82276b53a8 perf: 阿里云ESA证书部署支持SaaS模式 2026-07-03 00:21:10 +08:00
xiaojunnuo d5882f16be fix: 修复telegram - 符号转义问题 2026-07-02 22:54:24 +08:00
xiaojunnuo b35e7b0702 refactor(monitor,cert-plugin): 移除废弃的certFile字段相关逻辑
1.  给certFile字段添加废弃注释
2.  删除证书申请成功事件中传递的file参数
3.  简化updateCertByPipelineId方法参数,移除file相关入参和赋值逻辑
2026-07-01 01:10:08 +08:00
xiaojunnuo bce7d95838 docs(ci): add slim docker image support and update all documentations
1. 新增slim镜像版本的文档说明,补充镜像版本选择指南
2. 更新docker-compose示例注释,将arm适配改为slim镜像适配
3. 重构README、镜像说明文档的镜像表格排版
4. 调整CI构建脚本,将alpine构建改为slim构建,修正Dockerfile构建逻辑
5. 统一镜像标签命名,移除-alpine后缀改为-slim
2026-07-01 00:41:50 +08:00
xiaojunnuo 4d490d0add ci(ci): add alpine image build workflow and refactor dockerfile
重构了packages/ui的Dockerfile,支持通过build-arg指定基础镜像类型,新增了多架构的alpine镜像构建任务,适配不同场景的镜像使用需求
2026-07-01 00:22:07 +08:00
xiaojunnuo 7cff1a9842 perf: 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip
自定义插件需要压缩包时可以调用new CertReader(certInfo).buildZip() 方式获取
2026-06-30 23:41:59 +08:00
xiaojunnuo cfba7b4daa chore: 清理无用测试文件并更新配置与文档 2026-06-27 00:20:33 +08:00
xiaojunnuo 4dff48e807 perf: 支持全自动匹配部署宝塔网站证书 2026-06-27 00:20:04 +08:00
xiaojunnuo 8abe0daf20 chore: 解决arm下 WorkerThreadsTaskRunner::DelayedTaskScheduler::Start() 报错问题 2026-06-26 14:27:07 +08:00
222 changed files with 4685 additions and 2290 deletions
+16
View File
@@ -94,6 +94,22 @@ jobs:
greper/certd:${{steps.get_certd_version.outputs.result}} greper/certd:${{steps.get_certd_version.outputs.result}}
ghcr.io/${{ github.repository }}:latest ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:${{steps.get_certd_version.outputs.result}} ghcr.io/${{ github.repository }}:${{steps.get_certd_version.outputs.result}}
- name: Build slim
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
push: true
context: ./packages/ui/
build-args: |
base_type=slim
tags: |
registry.cn-shenzhen.aliyuncs.com/handsfree/certd:slim
registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}-slim
greper/certd:slim
greper/certd:${{steps.get_certd_version.outputs.result}}-slim
ghcr.io/${{ github.repository }}:slim
ghcr.io/${{ github.repository }}:${{steps.get_certd_version.outputs.result}}-slim
- name: Build armv7 - name: Build armv7
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
@@ -1,412 +0,0 @@
# 插件依赖按需加载方案
## 背景与目标
### 当前问题
- `packages/ui/certd-server/node_modules` 包含 50+ 个插件的所有依赖,体积庞大
- 大量云厂商 SDK(AWS、阿里云、腾讯云、华为云等)只在特定插件中使用
- 用户通常只使用少数几个插件,但必须安装所有依赖
### 目标
实现依赖的按需下载和加载:
1. 插件依赖独立管理,不占用主 `node_modules` 空间
2. 只有当用户首次使用某插件时,才动态下载该插件需要的依赖
3. 依赖安装完成后,通过 `await import()` 从独立路径加载
4. 保持现有插件代码的最小改动
## 当前架构分析
### 插件加载机制
- 插件位于 `packages/ui/certd-server/src/plugins/` 下(50+ 个插件目录)
- `AutoLoadPlugins` 类在启动时扫描 `dist/plugins` 目录并动态导入
- 插件注册到不同的 registry`accessRegistry`, `pluginRegistry`, `dnsProviderRegistry`
- 插件代码已经使用 `await import()` 进行懒加载(如 `await import("@aws-sdk/client-acm")`
### 重型依赖分布
`packages/ui/certd-server/package.json` 分析,以下依赖体积大且仅特定插件使用:
**云厂商 SDK(按插件分组):**
- **AWS 插件**`@aws-sdk/client-acm`, `@aws-sdk/client-cloudfront`, `@aws-sdk/client-iam`, `@aws-sdk/client-route-53`, `@aws-sdk/client-s3`, `@aws-sdk/client-sts`
- **阿里云插件**`@alicloud/openapi-client`, `@alicloud/pop-core`, `@alicloud/tea-typescript`, `@alicloud/fc20230330`
- **腾讯云插件**`tencentcloud-sdk-nodejs`, `cos-nodejs-sdk-v5`
- **华为云插件**`@huaweicloud/huaweicloud-sdk-cdn`, `@huaweicloud/huaweicloud-sdk-core`
- **Azure 插件**`@azure/arm-dns`, `@azure/identity`
- **Google Cloud 插件**`@google-cloud/dns`, `@google-cloud/publicca`
- **火山引擎插件**`@volcengine/openapi`, `@volcengine/tos-sdk`
**网络/工具库:**
- `ssh2`, `socks`, `socks-proxy-agent`SSH 相关插件)
- `ali-oss`, `qiniu`, `basic-ftp`(存储/传输插件)
- `nodemailer`(邮件通知插件)
**通用依赖(保留在主 package.json):**
- `@midwayjs/*` 系列(框架核心)
- `@certd/*` 系列(项目内部包)
- `axios`, `lodash-es`, `dayjs`, `js-yaml` 等基础工具
## 设计方案
### 架构概览
```
packages/ui/certd-server/
├── package.json # 主依赖(框架、通用工具)
├── node_modules/ # 主依赖安装目录
├── optional-deps/ # 新增:可选依赖管理目录
│ ├── package.json # 可选依赖总配置(用于 pnpm install
│ ├── pnpm-lock.yaml # 可选依赖锁文件
│ └── node_modules/ # 可选依赖安装目录
├── src/
│ └── modules/
│ └── dependency/ # 新增:依赖管理模块
│ ├── dependency-manager.ts # 核心:依赖管理器
│ ├── dependency-registry.ts # 依赖注册表(插件 -> 依赖映射)
│ └── types.ts # 类型定义
```
### 核心组件
#### 1. 依赖管理器(DependencyManager
**职责:**
- 检查依赖是否已安装
- 动态执行 `pnpm install` 安装缺失依赖
- 提供从 `optional-deps/node_modules` 加载依赖的方法
- 并发控制:避免多个插件同时触发安装
**关键方法:**
```typescript
class DependencyManager {
// 确保依赖已安装,返回依赖模块
async ensureAndImport<T>(packageName: string): Promise<T>
// 检查依赖是否已安装
async isInstalled(packageName: string): Promise<boolean>
// 安装依赖(带锁,避免并发)
async installDependencies(packages: string[]): Promise<void>
// 从 optional-deps/node_modules 加载依赖
async loadModule<T>(packageName: string): Promise<T>
}
```
**实现要点:**
- 使用文件锁(如 `proper-lockfile`)防止并发安装
- 安装前检查 `optional-deps/node_modules/{packageName}` 是否存在
- 安装命令:`pnpm install --dir optional-deps --ignore-workspace`
- 加载时使用绝对路径:`import('file:///absolute/path/to/optional-deps/node_modules/package')`
#### 2. 依赖注册表(DependencyRegistry
**职责:**
- 维护插件名称到依赖列表的映射
- 提供依赖查询接口
**数据结构:**
```typescript
interface PluginDependencyConfig {
pluginName: string;
dependencies: {
packageName: string;
version: string;
optional?: boolean; // 是否可选(安装失败不阻塞)
}[];
}
// 示例注册
dependencyRegistry.register('plugin-aws', [
{ packageName: '@aws-sdk/client-acm', version: '^3.964.0' },
{ packageName: '@aws-sdk/client-cloudfront', version: '^3.964.0' },
{ packageName: '@aws-sdk/client-route-53', version: '^3.964.0' },
]);
```
#### 3. 插件集成
**改造现有插件代码:**
改造前(`plugin-aws/libs/aws-client.ts`):
```typescript
const { ACMClient, ImportCertificateCommand } = await import("@aws-sdk/client-acm");
```
改造后:
```typescript
import { DependencyManager } from "../../../modules/dependency/dependency-manager.js";
const depManager = new DependencyManager();
const { ACMClient, ImportCertificateCommand } = await depManager.ensureAndImport("@aws-sdk/client-acm");
```
**简化方案(推荐):**
创建辅助函数,减少改动量:
```typescript
// src/modules/dependency/import-helper.ts
export async function importOptionalDep<T>(packageName: string): Promise<T> {
const depManager = new DependencyManager();
return await depManager.ensureAndImport<T>(packageName);
}
// 插件中使用
import { importOptionalDep } from "../../../modules/dependency/import-helper.js";
const { ACMClient } = await importOptionalDep("@aws-sdk/client-acm");
```
### 实施步骤
#### 阶段一:基础设施搭建
1. 创建 `optional-deps/` 目录结构
2. 生成 `optional-deps/package.json`(包含所有可选依赖)
3. 实现 `DependencyManager` 核心逻辑
4. 实现依赖安装锁机制
5. 编写单元测试
#### 阶段二:依赖迁移
6. 从主 `package.json` 移除可选依赖
7. 将依赖添加到 `optional-deps/package.json`
8. 创建依赖注册表,映射插件到依赖
#### 阶段三:插件改造
9. 创建 `import-helper.ts` 辅助函数
10. 逐步改造插件代码,使用 `importOptionalDep` 加载依赖
11. 优先改造重型依赖(AWS、阿里云、腾讯云等)
#### 阶段四:测试与优化
12. 端到端测试:验证依赖按需安装和加载
13. 性能优化:缓存已加载的模块
14. 错误处理:安装失败时的降级策略
15. 文档:编写使用说明和迁移指南
## 关键技术决策
### 1. 依赖分组策略
**选择:按插件分组**
- 每个插件声明自己需要的依赖
- 优点:职责清晰,易于维护
- 缺点:可能有重复依赖(但 pnpm 会去重)
**备选:按功能分组**
- 将依赖按功能分组(如 "aws-deps", "aliyun-deps"
- 优点:更细粒度控制
- 缺点:增加复杂度
### 2. 安装触发时机
**选择:首次使用时触发**
- 在插件的 `execute()``getClient()` 方法中触发安装
- 优点:真正的按需加载
- 缺点:首次使用有延迟
**备选:启动时预检查**
- 启动时扫描启用的插件,预安装依赖
- 优点:避免运行时延迟
- 缺点:可能安装不需要的依赖
### 3. 依赖路径解析
**选择:使用绝对路径 + `file://` 协议**
```typescript
const modulePath = path.resolve(__dirname, '../../optional-deps/node_modules', packageName);
return await import(`file://${modulePath}/index.js`);
```
**原因:**
- Node.js ESM 要求明确的 URL 格式
- 避免模块解析冲突
### 4. 并发控制
**选择:文件锁 + 内存锁双重保护**
- 使用 `proper-lockfile` 锁定 `optional-deps/` 目录
- 内存中使用 `Map` 记录正在安装的依赖
- 避免多个插件同时触发安装
### 5. 错误处理
**策略:**
- 安装失败时记录日志,抛出明确的错误信息
- 提供手动安装命令提示:`请运行: cd optional-deps && pnpm install`
- 支持降级:某些非核心依赖安装失败时,插件可以部分功能可用
## 验证方案
### 单元测试
1. 测试 `DependencyManager.isInstalled()` 正确检测依赖状态
2. 测试 `DependencyManager.installDependencies()` 成功安装依赖
3. 测试并发安装时的锁机制
4. 测试从 `optional-deps/node_modules` 加载模块
### 集成测试
1. 清空 `optional-deps/node_modules`
2. 启动服务,验证不触发安装
3. 调用 AWS 插件,验证触发安装并成功加载
4. 再次调用,验证不重复安装
5. 验证主 `node_modules` 体积减少
### 性能测试
1. 测量首次安装依赖的耗时
2. 测量后续加载的耗时(应该与正常 import 相近)
3. 对比改造前后的 `node_modules` 大小
## 风险与挑战
### 1. 首次使用延迟
**风险:** 用户首次使用插件时需要等待依赖安装(可能几十秒)
**缓解:**
- 在 UI 上显示安装进度
- 提供预安装命令:`pnpm run install-optional-deps`
- 文档说明首次使用会有延迟
### 2. 离线环境
**风险:** 离线环境无法下载依赖
**缓解:**
- 提供完整安装包(包含所有可选依赖)
- 支持手动复制 `node_modules`
### 3. 版本冲突
**风险:** 可选依赖与主依赖版本冲突
**缓解:**
- 使用 `--ignore-workspace` 隔离安装
- 定期同步主依赖版本
### 4. TypeScript 类型
**风险:** 动态导入的类型推断
**缓解:**
- 保留 `@types/*` 在主 `devDependencies`
- 使用泛型和类型断言
## 预期收益
1. **空间节省:**`node_modules` 体积减少 60-70%(估算)
2. **安装速度:** 初始 `pnpm install` 速度提升 3-5 倍
3. **用户体验:** 不使用的插件不占用空间,按需加载
4. **维护性:** 依赖分组清晰,易于管理
## 后续优化
1. **依赖预热:** 在后台预安装常用插件依赖
2. **依赖缓存:** 支持从 CDN 或本地缓存安装
3. **依赖更新:** 提供命令批量更新可选依赖
4. **插件市场:** 支持从远程下载插件及其依赖配置
## 附录:依赖分类清单
### 可选依赖(迁移到 optional-deps/package.json
**AWS 相关(plugin-aws, plugin-aws-cn):**
```json
{
"@aws-sdk/client-acm": "^3.964.0",
"@aws-sdk/client-cloudfront": "^3.964.0",
"@aws-sdk/client-iam": "^3.964.0",
"@aws-sdk/client-route-53": "^3.964.0",
"@aws-sdk/client-s3": "^3.964.0",
"@aws-sdk/client-sts": "^3.990.0"
}
```
**阿里云相关(plugin-aliyun, plugin-lib/aliyun):**
```json
{
"@alicloud/fc20230330": "^4.1.7",
"@alicloud/openapi-client": "^0.4.12",
"@alicloud/openapi-util": "^0.3.2",
"@alicloud/pop-core": "^1.7.10",
"@alicloud/sts-sdk": "^1.0.2",
"@alicloud/tea-typescript": "^1.8.0",
"@alicloud/tea-util": "^1.4.10",
"ali-oss": "^6.21.0"
}
```
**腾讯云相关(plugin-tencent, plugin-lib/tencent):**
```json
{
"tencentcloud-sdk-nodejs": "^4.1.112",
"cos-nodejs-sdk-v5": "^2.14.6"
}
```
**华为云相关(plugin-huawei):**
```json
{
"@huaweicloud/huaweicloud-sdk-cdn": "3.1.185",
"@huaweicloud/huaweicloud-sdk-core": "3.1.185",
"@huaweicloud/huaweicloud-sdk-elb": "3.1.185",
"@huaweicloud/huaweicloud-sdk-iam": "3.1.185",
"esdk-obs-nodejs": "^3.25.6"
}
```
**Azure 相关(plugin-azure):**
```json
{
"@azure/arm-dns": "^5.1.0",
"@azure/identity": "^4.13.1"
}
```
**Google Cloud 相关(plugin-google, plugin-cert/google):**
```json
{
"@google-cloud/dns": "^5.3.1",
"@google-cloud/publicca": "^1.3.0"
}
```
**火山引擎相关(plugin-volcengine):**
```json
{
"@volcengine/openapi": "^1.28.1",
"@volcengine/tos-sdk": "^2.9.1"
}
```
**SSH/网络相关(plugin-host, plugin-lib/ssh):**
```json
{
"ssh2": "^1.17.0",
"socks": "^2.8.3",
"socks-proxy-agent": "^8.0.4",
"basic-ftp": "^5.0.5"
}
```
**其他存储/传输(plugin-qiniu, plugin-lib/qiniu):**
```json
{
"qiniu": "^7.12.0"
}
```
**邮件通知(plugin-notification/email):**
```json
{
"nodemailer": "^6.9.16"
}
```
### 主依赖(保留在主 package.json
**框架核心:**
- `@midwayjs/*` 系列
- `@koa/cors`
- `typeorm`, `better-sqlite3`, `mysql2`, `pg`
**项目内部包:**
- `@certd/*` 系列
**通用工具:**
- `axios`, `lodash-es`, `dayjs`, `js-yaml`
- `crypto-js`, `jsonwebtoken`, `bcryptjs`
- `reflect-metadata`, `uuid`, `nanoid`
- 等等
## 总结
本方案通过引入独立的可选依赖管理机制,实现了插件依赖的按需下载和加载。核心思路是:
1. **隔离管理:**`optional-deps/` 目录下维护独立的 `package.json``node_modules`
2. **动态安装:** 通过 `DependencyManager` 在首次使用时触发 `pnpm install`
3. **路径加载:** 使用绝对路径从独立目录加载依赖模块
4. **最小改动:** 通过辅助函数 `importOptionalDep` 简化插件代码改造
该方案可以显著减少主 `node_modules` 体积,提升初始安装速度,同时保持现有架构的兼容性和可维护性。
+1
View File
@@ -400,6 +400,7 @@ export class OAuthDemoAccess extends BaseAccess {
4. **错误处理**:API 调用失败时应抛出明确的错误信息。 4. **错误处理**:API 调用失败时应抛出明确的错误信息。
5. **测试方法**:实现 `onTestRequest` 方法,以便用户可以测试授权是否正常。 5. **测试方法**:实现 `onTestRequest` 方法,以便用户可以测试授权是否正常。
6. **统一接口调用**:封装统一的 API 请求方法,避免重复编写错误处理逻辑。 6. **统一接口调用**:封装统一的 API 请求方法,避免重复编写错误处理逻辑。
7. **旧版数据兼容**: 新增注解的插件参数,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default``custom`,需要在使用时判空,走旧版逻辑。
## 开发技巧 ## 开发技巧
+1
View File
@@ -454,3 +454,4 @@ new TencentDnsProvider();
3. **记录结构**:定义适合对应云平台的记录数据结构,至少包含 id 字段用于删除记录。 3. **记录结构**:定义适合对应云平台的记录数据结构,至少包含 id 字段用于删除记录。
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}` 4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`
5. **错误处理**:API 调用失败时应抛出明确的错误信息。 5. **错误处理**:API 调用失败时应抛出明确的错误信息。
6. **旧版数据兼容**: 新增插件参数,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default``custom`,需要在使用时判空,走旧版逻辑。
+3 -2
View File
@@ -281,12 +281,12 @@ export class DemoTest extends AbstractTaskPlugin {
return { return {
value: item.siteName, value: item.siteName,
label: item.siteName, label: item.siteName,
domain: item.siteName, domain: item.siteName, //这里必须要包含domain 否则后面分组时候全部分配到未匹配中
}; };
}); });
//将站点域名名称根据证书域名进行匹配分组,分成匹配的和不匹配的两组选项,返回给前端,供用户选择 //将站点域名名称根据证书域名进行匹配分组,分成匹配的和不匹配的两组选项,返回给前端,供用户选择
return { return {
list: optionsUtils.buildGroupOptions(options, this.certDomains), list: optionsUtils.buildGroupOptions(options, this.certDomains), //分组后的列表
total: siteRes.length, total: siteRes.length,
}; };
} }
@@ -641,6 +641,7 @@ new AliyunOSSDeploy();
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}` 4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`
5. **错误处理**:执行过程中的错误应被捕获并记录。 5. **错误处理**:执行过程中的错误应被捕获并记录。
6. **授权获取**:使用 `this.getAccess(accessId)` 获取授权信息。 6. **授权获取**:使用 `this.getAccess(accessId)` 获取授权信息。
7. **旧版数据兼容** 新增@TaskInput注解的插件参数,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default``custom`,需要在使用时判空,走旧版逻辑。
## 部署逻辑注意事项 ## 部署逻辑注意事项
+36 -15
View File
@@ -59,12 +59,11 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
## 常用验证 ## 常用验证
- 后端聚焦单测:`corepack pnpm --dir packages\ui\certd-server test:unit`
- 后端完整测试:`corepack pnpm --dir packages\ui\certd-server test`
- 前端改动文件格式化:`packages\ui\certd-client\node_modules\.bin\prettier.cmd --write <files>` - 前端改动文件格式化:`packages\ui\certd-client\node_modules\.bin\prettier.cmd --write <files>`
- 前端改动文件 ESLint 修复:`packages\ui\certd-client\node_modules\.bin\eslint.cmd --fix <files>` - 前端改动文件 ESLint 修复:`packages\ui\certd-client\node_modules\.bin\eslint.cmd --fix <files>`
- 后端改动文件 lint fix`corepack pnpm --dir packages\ui\certd-server run lint` - 后端单元测试:`cd packages\ui\certd-server && npm run unit`
- 其他package lint fix`corepack pnpm --dir packages\xxx\xxxx run lint` - 后端改动文件 lint fix`cd packages\ui\certd-server && npm run lint`
- 其他package lint fix`cd packages\xxx\xxxx && npm run lint`
## 通用工作规则 ## 通用工作规则
@@ -78,6 +77,20 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
- 注释优先使用中文,尤其是业务规则、兼容逻辑、协议细节和隐藏风险;文件已有英文风格或引用外部术语时可保持一致。 - 注释优先使用中文,尤其是业务规则、兼容逻辑、协议细节和隐藏风险;文件已有英文风格或引用外部术语时可保持一致。
- 遵守 DRY 和单一职责;第三次出现的业务规则、字段转换、权限判断、Repository 选择、事务传播、金额计算等逻辑,应优先抽成合适 helper 或 service 方法。 - 遵守 DRY 和单一职责;第三次出现的业务规则、字段转换、权限判断、Repository 选择、事务传播、金额计算等逻辑,应优先抽成合适 helper 或 service 方法。
## 测试与验证
- 务必写单元测试,覆盖主要业务逻辑。
- 实现新功能或修复行为缺陷前,优先补单元测试并先确认红灯,再实现并跑聚焦验证。
- 确实不适合先写测试时,在回复中说明原因和替代验证方式。
- 后补单元测试时,按正确行为写预期;若红灯需要修改既有实现,先向用户确认这是 bug 还是既有需求,避免未经确认改变行为。
- 后端纯单测放在 `src/**/*.test.ts`,尽量与被测文件相邻;`test:unit` 只跑这些文件,构建/打包应排除 `*.test.ts`
- 单测需要 mock ESM 静态 import 时,优先使用 `esmock`,不要为了测试改业务代码结构。
- 各包 `test:unit` 脚本应显式设置 `NODE_ENV=unittest`
- 单包单测优先用 `cd <包目录> && npm run test:unit`,例如 `cd packages\ui\certd-server && npm run test:unit`
- 优先对改动包运行聚焦测试或格式化/ESLint;只有跨包影响明显时再考虑更大范围构建。
## 后端规则 ## 后端规则
- 后端主包是 `packages/ui/certd-server`,使用 Node.js、ESM、TypeScript、MidwayJS 3、Koa、TypeORM 和 SQL 迁移。 - 后端主包是 `packages/ui/certd-server`,使用 Node.js、ESM、TypeScript、MidwayJS 3、Koa、TypeORM 和 SQL 迁移。
@@ -89,7 +102,7 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
- 只有需要事务传播时才定义 `ctx`;普通查询、纯函数和简单私有方法继续使用明确参数。 - 只有需要事务传播时才定义 `ctx`;普通查询、纯函数和简单私有方法继续使用明确参数。
- 需要按事务上下文取 Repository 时,用 `BaseService.getRepo(ctx, EntityClass)` - 需要按事务上下文取 Repository 时,用 `BaseService.getRepo(ctx, EntityClass)`
- 需要“有事务则复用、无事务则开启”时,用 `BaseService.transactionWithCtx(ctx, callback)` - 需要“有事务则复用、无事务则开启”时,用 `BaseService.transactionWithCtx(ctx, callback)`
- 拼接可选 `projectId` 查询条件时,用 `BaseService.buildUserProjectQuery(userId, projectId)`;不要直接写 `{ userId, projectId }` - 拼接可选 `projectId` 查询条件时,**必须**使`BaseService.buildUserProjectQuery(userId, projectId)`,禁止直接写 `{ userId, projectId }`因为 `projectId` 可能为 `null`/`undefined`,直接放入查询会生成错误的 `WHERE projectId = NULL` 条件。
- `ctx` 类型复用 `BaseService` 导出的 `ServiceContext` - `ctx` 类型复用 `BaseService` 导出的 `ServiceContext`
- 新增 service 方法避免与 `BaseService` 方法签名冲突,例如不要用 `delete(id)` 覆盖 `delete(ids, where?)`;改用 `deleteById` 等具体名称。 - 新增 service 方法避免与 `BaseService` 方法签名冲突,例如不要用 `delete(id)` 覆盖 `delete(ids, where?)`;改用 `deleteById` 等具体名称。
@@ -164,7 +177,6 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
- 插件依赖的第三方 SDK 可能通过 runtime-deps 动态安装到后端运行目录 `./data/.runtime-deps`。分析阿里云、腾讯云等 SDK 行为时,需要进入该目录阅读实际安装版本代码。 - 插件依赖的第三方 SDK 可能通过 runtime-deps 动态安装到后端运行目录 `./data/.runtime-deps`。分析阿里云、腾讯云等 SDK 行为时,需要进入该目录阅读实际安装版本代码。
- 修改证书申请、验证、部署或通知行为时,先判断归属:ACME client、pipeline 核心、后端 module/service/entity/controller、具体插件、前端 view/form/schema。 - 修改证书申请、验证、部署或通知行为时,先判断归属:ACME client、pipeline 核心、后端 module/service/entity/controller、具体插件、前端 view/form/schema。
- 单个服务商或部署目标的问题,不要轻易修改共享 pipeline/core;只有可复用公共语义或跨插件一致行为才上移到 `packages/core/pipeline``packages/plugins/plugin-lib` - 单个服务商或部署目标的问题,不要轻易修改共享 pipeline/core;只有可复用公共语义或跨插件一致行为才上移到 `packages/core/pipeline``packages/plugins/plugin-lib`
- ACME / EAB:公共 EAB 可能只能创建一次账号;跨用户复用公共 EAB 时,应保存并复用同一个 ACME account private key。
- `newAccount({ onlyReturnExisting: true })` 可用同一个 account private key 取回已创建账号 URL,且不会再次消费 EAB。 - `newAccount({ onlyReturnExisting: true })` 可用同一个 account private key 取回已创建账号 URL,且不会再次消费 EAB。
- 修改 EAB `kid` 后,应重新生成绑定该 `kid` 的 account private key;否则应阻止继续申请并提示刷新账号私钥。 - 修改 EAB `kid` 后,应重新生成绑定该 `kid` 的 account private key;否则应阻止继续申请并提示刷新账号私钥。
- 插件开发前先读对应技能:`.trae/skills/dns-provider-dev/SKILL.md``.trae/skills/task-plugin-dev/SKILL.md``.trae/skills/access-plugin-dev/SKILL.md``.trae/skills/plugin-converter/SKILL.md` - 插件开发前先读对应技能:`.trae/skills/dns-provider-dev/SKILL.md``.trae/skills/task-plugin-dev/SKILL.md``.trae/skills/access-plugin-dev/SKILL.md``.trae/skills/plugin-converter/SKILL.md`
@@ -198,13 +210,22 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
- 后端业务数据、接口、实体、权限、迁移:改 `packages/ui/certd-server/src/modules``src/controller` - 后端业务数据、接口、实体、权限、迁移:改 `packages/ui/certd-server/src/modules``src/controller`
- 表单、列表、插件配置 UI:改 `packages/ui/certd-client/src/views/certd` 及对应 `src/api` - 表单、列表、插件配置 UI:改 `packages/ui/certd-client/src/views/certd` 及对应 `src/api`
## 测试与验证 ## 注意事项
- 实现新功能或修复行为缺陷前,优先补单元测试并先确认红灯,再实现并跑聚焦验证。 ### 旧版数据兼容
- 确实不适合先写测试时,在回复中说明原因和替代验证方式。
- 后补单元测试时,按正确行为写预期;若红灯需要修改既有实现,先向用户确认这是 bug 还是既有需求,避免未经确认改变行为 - 新增插件参数时,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default``custom`,需要在使用时判空,走旧版逻辑
- 后端纯单测放在 `src/**/*.test.ts`,尽量与被测文件相邻;`test:unit` 只跑这些文件,构建/打包应排除 `*.test.ts`
- 单测需要 mock ESM 静态 import 时,优先使用 `esmock`,不要为了测试改业务代码结构。 ## 前端路由与国际化
- 各包 `test:unit` 脚本应显式设置 `NODE_ENV=unittest`
- 单包单测优先用 `corepack pnpm --dir <包目录> test:unit`,例如 `corepack pnpm --dir packages\ui\certd-server test:unit` - 路由 `meta.title`**i18n 国际化 key**,必须在 `src/locales/langs/zh-CN/``src/locales/langs/en-US/` 对应的模块文件中添加翻译
- 优先对改动包运行聚焦测试或格式化/ESLint;只有跨包影响明显时再考虑更大范围构建 - 示例:路由 `title: "certd.auditLog"` 需要在中英 locales 文件中有对应 key`"certd.auditLog": "操作日志"` / `"certd.auditLog": "Audit Log"`
- 菜单通过路由自动生成,需设置 `meta.isMenu: true` 才会出现在左侧菜单。
- Plus 版功能菜单需设置 `meta.show: () => { const settingStore = useSettingStore(); return settingStore.isPlus; }`
## 审计日志
- 审计日志是 Plus 版功能,非 Plus 版不会写入。
- Controller 继承 `BaseController`,通过 `this.auditLog({ content: "xxx" })` 记录日志。
- `getAuditType()` 返回类型常量,中间件自动从 ctx.path 判定 scope`/api/sys/` → system,其他 → user)。
- 操作日志有系统级(scope=system)和用户级(scope=user)区分。
+56
View File
@@ -3,6 +3,62 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
### Bug Fixes
* **volcengine-alb:** 修复火山引擎ALB 默认证书部署类型会部署到扩展证书的问题 ([0a068a2](https://github.com/certd/certd/commit/0a068a274673e9768954e9f7367c267d44f3b530))
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
* 修复jdk证书格式的问题 ([260f5ae](https://github.com/certd/certd/commit/260f5ae777b83493b0c578fe30fd00ec0c873226))
* 修复telegram - 符号转义问题 ([d5882f1](https://github.com/certd/certd/commit/d5882f16bedb09baf09ace92049b02872620f5dc))
* **aliyun:** 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug ([1ae185d](https://github.com/certd/certd/commit/1ae185d0bc356f4678bc38ca0582ce3396f82ebe))
### Features
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
### Performance Improvements
* 阿里云ESA证书部署支持SaaS模式 ([82276b5](https://github.com/certd/certd/commit/82276b53a8474a18a3d0237050907c994fc748f0))
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
* 火山引擎点播插件支持部署到自定义源站域名 ([095791c](https://github.com/certd/certd/commit/095791cdc2b7c1f4b913b634643afec5e30fe9b0))
* 基础镜像改成node:22-trixie-slim,对网络兼容性更好 ([c66a2bd](https://github.com/certd/certd/commit/c66a2bd77ab6dbb3e3fe2c00562b66287a9429ea))
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
* 优化阿里云API网关增加翻页查询 ([ed58ae3](https://github.com/certd/certd/commit/ed58ae3c5339e4a0238a92acfe7ea6d2f566ea28))
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
* 优化ACME账号字段的选择提示 ([bfd3cac](https://github.com/certd/certd/commit/bfd3cacc687fc5cbc3cb2ca3cadbc140de300dc2))
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
* **cert-plugin:** 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 ([56e5524](https://github.com/certd/certd/commit/56e5524a0f4af3645d70bc3b3ec750b45ba8de10))
* dns默认ipv4first ([194463b](https://github.com/certd/certd/commit/194463bea9e797315aa7a724f4b2930701570419))
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
* **plugin:** 在线插件编辑支持配置第三方依赖和插件依赖 ([635f069](https://github.com/certd/certd/commit/635f069012d4193cfb7cb051c96e28eec1247ca2))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+18 -11
View File
@@ -105,17 +105,23 @@ https://certd.handfree.work/
#### Docker镜像说明: #### Docker镜像说明:
- 国内镜像地址: **镜像版本:**
- `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
- `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7``[version]-armv7`
- DockerHub地址:
- `https://hub.docker.com/r/greper/certd`
- `greper/certd:latest`
- `greper/certd:armv7``greper/certd:[version]-armv7`
- GitHub Packages地址:
- `ghcr.io/certd/certd:latest` | 版本标签 | 基础系统 | 说明 |
- `ghcr.io/certd/certd:armv7``ghcr.io/certd/certd:[version]-armv7` | --- | --- | --- | --- |
| `latest` / `[version]` | Alpine Linux | 默认版本,镜像体积小 |
| `slim` / `[version]-slim` | Debian slim | 基于glibcdns解析兼容性好(可能需要配置security_opt -seccomp=unconfined |
| `armv7` / `[version]-armv7` | Alpine Linux | ARMv7 架构专用版本 |
**镜像地址:**
| 镜像仓库 | latest | slim | armv7 |
| --- | --- | --- | --- |
| 阿里云 | `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest` | `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:slim` | `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7` |
| Docker Hub | `greper/certd:latest` | `greper/certd:slim` | `greper/certd:armv7` |
| GitHub Packages | `ghcr.io/certd/certd:latest` | `ghcr.io/certd/certd:slim` | `ghcr.io/certd/certd:armv7` |
> 带版本号的标签请将 `latest` / `slim` / `armv7` 替换为 `[version]` / `[version]-slim` / `[version]-armv7`
- 镜像构建通过`Actions`自动执行,过程公开透明,请放心使用 - 镜像构建通过`Actions`自动执行,过程公开透明,请放心使用
- [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) - [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml)
@@ -180,7 +186,8 @@ https://certd.handfree.work/
3. 获得专业版功能 3. 获得专业版功能
> [50元专业版优惠券限时领取](https://app.handfree.work/subject/#/app/certd/product) https://app.handfree.work/subject/#/app/certd/product > [50元专业版优惠券限时领取](https://app.handfree.work/subject/#/app/certd/product)
> https://app.handfree.work/subject/#/app/certd/product
> app.handfree.work是Certd官方激活码购买平台 > app.handfree.work是Certd官方激活码购买平台
+2
View File
@@ -5,6 +5,8 @@ services:
image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
# image: ghcr.io/certd/certd:latest # --------- 如果 报镜像not found,可以尝试其他镜像源 # image: ghcr.io/certd/certd:latest # --------- 如果 报镜像not found,可以尝试其他镜像源
# image: greper/certd:latest # image: greper/certd:latest
# security_opt: # --------- 如果slim镜像下启动报错,尝试去掉这两行注释
# - seccomp=unconfined # 解决slim镜像下WorkerThreadsTaskRunner::DelayedTaskScheduler::Start() 报错问题
container_name: certd # 容器名 container_name: certd # 容器名
restart: unless-stopped # 自动重启 restart: unless-stopped # 自动重启
volumes: volumes:
+56
View File
@@ -3,6 +3,62 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
### Bug Fixes
* **volcengine-alb:** 修复火山引擎ALB 默认证书部署类型会部署到扩展证书的问题 ([0a068a2](https://github.com/certd/certd/commit/0a068a274673e9768954e9f7367c267d44f3b530))
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
* 修复jdk证书格式的问题 ([260f5ae](https://github.com/certd/certd/commit/260f5ae777b83493b0c578fe30fd00ec0c873226))
* 修复telegram - 符号转义问题 ([d5882f1](https://github.com/certd/certd/commit/d5882f16bedb09baf09ace92049b02872620f5dc))
* **aliyun:** 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug ([1ae185d](https://github.com/certd/certd/commit/1ae185d0bc356f4678bc38ca0582ce3396f82ebe))
### Features
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
### Performance Improvements
* 阿里云ESA证书部署支持SaaS模式 ([82276b5](https://github.com/certd/certd/commit/82276b53a8474a18a3d0237050907c994fc748f0))
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
* 火山引擎点播插件支持部署到自定义源站域名 ([095791c](https://github.com/certd/certd/commit/095791cdc2b7c1f4b913b634643afec5e30fe9b0))
* 基础镜像改成node:22-trixie-slim,对网络兼容性更好 ([c66a2bd](https://github.com/certd/certd/commit/c66a2bd77ab6dbb3e3fe2c00562b66287a9429ea))
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
* 优化阿里云API网关增加翻页查询 ([ed58ae3](https://github.com/certd/certd/commit/ed58ae3c5339e4a0238a92acfe7ea6d2f566ea28))
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
* 优化ACME账号字段的选择提示 ([bfd3cac](https://github.com/certd/certd/commit/bfd3cacc687fc5cbc3cb2ca3cadbc140de300dc2))
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
* **cert-plugin:** 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 ([56e5524](https://github.com/certd/certd/commit/56e5524a0f4af3645d70bc3b3ec750b45ba8de10))
* dns默认ipv4first ([194463b](https://github.com/certd/certd/commit/194463bea9e797315aa7a724f4b2930701570419))
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
* **plugin:** 在线插件编辑支持配置第三方依赖和插件依赖 ([635f069](https://github.com/certd/certd/commit/635f069012d4193cfb7cb051c96e28eec1247ca2))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+15 -3
View File
@@ -1,20 +1,32 @@
# 镜像说明 # 镜像说明
## 镜像版本说明
| 版本标签 | 基础系统 | OpenJDK | 说明 |
| --- | --- | --- | --- |
| `latest` / `[version]` | Alpine Linux | 有 | **推荐**,默认版本,镜像体积更小,功能完整,支持所有插件 |
| `slim` / `[version]-slim` | Debian slim | 有 | glibc 兼容性更好,适用于依赖 glibc 的特殊场景 |
| `armv7` / `[version]-armv7` | Alpine Linux | 有 | ARMv7 架构专用版本 |
## 国内镜像地址: ## 国内镜像地址:
* `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest` * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
* `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:slim``[version]-slim`
* `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7``[version]-armv7` * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7``[version]-armv7`
## DockerHub地址: ## DockerHub地址:
* `https://hub.docker.com/r/greper/certd` * `https://hub.docker.com/r/greper/certd`
* `greper/certd:latest` * `greper/certd:latest`
* `greper/certd:slim``greper/certd:[version]-slim`
* `greper/certd:armv7``greper/certd:[version]-armv7` * `greper/certd:armv7``greper/certd:[version]-armv7`
## GitHub Packages地址: ## GitHub Packages地址:
* `ghcr.io/certd/certd:latest` * `ghcr.io/certd/certd:latest`
* `ghcr.io/certd/certd:slim``ghcr.io/certd/certd:[version]-slim`
* `ghcr.io/certd/certd:armv7``ghcr.io/certd/certd:[version]-armv7` * `ghcr.io/certd/certd:armv7``ghcr.io/certd/certd:[version]-armv7`
*
## 镜像构建公开 ## 镜像构建公开
镜像构建通过`Actions`自动执行,过程公开透明,请放心使用 镜像构建通过`Actions`自动执行,过程公开透明,请放心使用
* [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml)
![](../images/action/action-build.jpg) ![](../images/action/action-build.jpg)
+12
View File
@@ -2,6 +2,18 @@
## 一、安装 ## 一、安装
### 镜像版本选择
Certd 提供多种 Docker 镜像版本,您可以根据需要选择:
| 版本标签 | 基础系统 | 说明 |
| --- | --- | --- | --- |
| `latest` / `[version]` | Alpine Linux | 默认版本,镜像体积小 |
| `slim` / `[version]-slim` | Debian slim | glibc版本,dns解析兼容性更好(可能需要配置security_opt -seccomp=unconfined|
| `armv7` / `[version]-armv7` | Alpine Linux | ARMv7 架构专用版本 |
> 如果您不确定使用哪个版本,请使用默认的 `latest` 版本。
### 一键脚本安装(推荐) ### 一键脚本安装(推荐)
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。 如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
+64 -63
View File
@@ -18,69 +18,70 @@
| 14.| **SFTP授权** | | | 14.| **SFTP授权** | |
| 15.| **阿里云OSS授权** | 包含地域和Bucket | | 15.| **阿里云OSS授权** | 包含地域和Bucket |
| 16.| **APISIX授权** | | | 16.| **APISIX授权** | |
| 17.| **亚马逊云aws授权** | | | 17.| **橙域网络(asia-isp)授权** | 橙域网络CDN API授权,用于部署证书到橙域CDN |
| 18.| **亚马逊云科技(国区)授权** | | | 18.| **亚马逊云aws授权** | |
| 19.| **微软云Azure授权** | | | 19.| **亚马逊云科技(国区)授权** | |
| 20.| **BIND9 DNS 授权** | 通过 SSH 连接到 BIND9 服务器,使用 nsupdate 命令管理 DNS 记录 | | 20.| **微软云Azure授权** | |
| 21.| **CacheFly** | CacheFly | | 21.| **BIND9 DNS 授权** | 通过 SSH 连接到 BIND9 服务器,使用 nsupdate 命令管理 DNS 记录 |
| 22.| **ACME账号** | 用于复用ACME账号私钥和账号地址,证书申请时不再临时创建账号 | | 22.| **CacheFly** | CacheFly |
| 23.| **EAB授权** | ZeroSSL证书申请需要EAB授权 | | 23.| **ACME账号** | 用于复用ACME账号私钥和账号地址,证书申请时不再临时创建账号 |
| 24.| **google cloud** | 谷歌云授权 | | 24.| **EAB授权** | ZeroSSL证书申请需要EAB授权 |
| 25.| **cloudflare授权** | | | 25.| **google cloud** | 谷歌云授权 |
| 26.| **中国移动CND授权** | | | 26.| **cloudflare授权** | |
| 27.| **授权插件示例** | 这是一个示例授权插件,用于演示如何实现一个授权插件 | | 27.| **中国移动CND授权** | |
| 28.| **dns.la授权** | | | 28.| **授权插件示例** | 这是一个示例授权插件,用于演示如何实现一个授权插件 |
| 29.| **彩虹DNS** | 彩虹DNS管理系统授权 | | 29.| **dns.la授权** | |
| 30.| **多吉云** | | | 30.| **彩虹DNS** | 彩虹DNS管理系统授权 |
| 31.| **Dokploy授权** | | | 31.| **多吉云** | |
| 32.| **Dynadot授权** | | | 32.| **Dokploy授权** | |
| 33.| **farcdn授权** | | | 33.| **Dynadot授权** | |
| 34.| **FlexCDN授权** | | | 34.| **farcdn授权** | |
| 35.| **Gcore** | Gcore | | 35.| **FlexCDN授权** | |
| 36.| **Github授权** | | | 36.| **Gcore** | Gcore |
| 37.| **godaddy授权** | | | 37.| **Github授权** | |
| 38.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 | | 38.| **godaddy授权** | |
| 39.| **金山云授权** | | | 39.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
| 40.| **FTP授权** | | | 40.| **金山云授权** | |
| 41.| **七牛OSS授权** | | | 41.| **FTP授权** | |
| 42.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 | | 42.| **七牛OSS授权** | |
| 43.| **s3/minio授权** | S3/minio oss授权 | | 43.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
| 44.| **namesilo授权** | | | 44.| **s3/minio授权** | S3/minio oss授权 |
| 45.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 | | 45.| **namesilo授权** | |
| 46.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 | | 46.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
| 47.| **1panel授权** | 账号和密码 | | 47.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
| 48.| **支付宝** | | | 48.| **1panel授权** | 账号和密码 |
| 49.| **白山云授权** | | | 49.| **支付宝** | |
| 50.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 | | 50.| **白山云授权** | |
| 51.| **cdnfly授权** | | | 51.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
| 52.| **k8s授权** | | | 52.| **cdnfly授权** | |
| 53.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | | 53.| **k8s授权** | |
| 54.| **LeCDN授权** | | | 54.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 55.| **lucky** | | | 55.| **LeCDN授权** | |
| 56.| **猫云授权** | | | 56.| **lucky** | |
| 57.| **plesk授权** | | | 57.| **猫云授权** | |
| 58.| **长亭雷池授权** | | | 58.| **plesk授权** | |
| 59.| **群晖登录授权** | | | 59.| **长亭雷池授权** | |
| 60.| **uniCloud** | unicloud授权 | | 60.| **群晖登录授权** | |
| 61.| **微信支付** | | | 61.| **uniCloud** | unicloud授权 |
| 62.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | | 62.| **微信支付** | |
| 63.| **易发云短信** | sms.yfyidc.cn/ | | 63.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 64.| **易盾DCDN授权** | https://user.yiduncdn.com | | 64.| **易发云短信** | sms.yfyidc.cn/ |
| 65.| **易支付** | | | 65.| **易盾DCDN授权** | https://user.yiduncdn.com |
| 66.| **proxmox** | | | 66.| **易支付** | |
| 67.| **Spaceship.com 授权** | Spaceship.com API 授权插件 | | 67.| **proxmox** | |
| 68.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 | | 68.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
| 69.| **UCloud授权** | 优刻得授权 | | 69.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
| 70.| **又拍云** | | | 70.| **UCloud授权** | 优刻得授权 |
| 71.| **网宿授权** | | | 71.| **又拍云** | |
| 72.| **西部数码授权** | | | 72.| **网宿授权** | |
| 73.| **我爱云授权** | 我爱云CDN | | 73.| **西部数码授权** | |
| 74.| **新网授权(代理方式)** | | | 74.| **我爱云授权** | 我爱云CDN |
| 75.| **新网授权** | | | 75.| **新网授权(代理方式)** | |
| 76.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 | | 76.| **新网授权** | |
| 77.| **Zenlayer授权** | Zenlayer授权 | | 77.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
| 78.| **GoEdge授权** | | | 78.| **Zenlayer授权** | Zenlayer授权 |
| 79.| **雨云授权** | https://app.rainyun.com/ | | 79.| **GoEdge授权** | |
| 80.| **雨云授权** | https://app.rainyun.com/ |
<style module> <style module>
table th:first-of-type { table th:first-of-type {
+44 -42
View File
@@ -1,5 +1,5 @@
# 任务插件 # 任务插件
`132` 款任务插件 `134` 款任务插件
## 1. 证书申请 ## 1. 证书申请
| 序号 | 名称 | 说明 | | 序号 | 名称 | 说明 |
@@ -25,30 +25,31 @@
| 序号 | 名称 | 说明 | | 序号 | 名称 | 说明 |
|-----|-----|-----| |-----|-----|-----|
| 1.| **APISIX-更新证书** | 自动更新APISIX证书 | | 1.| **APISIX-更新证书** | 自动更新APISIX证书 |
| 2.| **CacheFly-部署证书到CacheFly** | 部署证书到 CacheFly | | 2.| **橙域网络-部署证书到CDN** | 部署证书到橙域网络(asia-isp) CDN加速域名 |
| 3.| **中国移动-部署证书到CDN** | 中国移动自动部署证书到CDN | | 3.| **CacheFly-部署证书到CacheFly** | 部署证书到 CacheFly |
| 4.| **多吉云-部署到多吉云CDN** | | | 4.| **中国移动-部署证书到CDN** | 中国移动自动部署证书到CDN |
| 5.| **farcdn-更新证书** | www.farcdn.net | | 5.| **多吉云-部署到多吉云CDN** | |
| 6.| **FlexCDN-更新证书** | | | 6.| **farcdn-更新证书** | www.farcdn.net |
| 7.| **Gcore-刷新Gcore证书** | 刷新现有的证书 | | 7.| **FlexCDN-更新证书** | |
| 8.| **Gcore-部署证书到Gcore** | 仅上传 并不会部署到cdn | | 8.| **Gcore-刷新Gcore证书** | 刷新现有的证书 |
| 9.| **GoEdge-更新证书** | GoEdge | | 9.| **Gcore-部署证书到Gcore** | 仅上传 并不会部署到cdn |
| 10.| **金山云-更新CDN证书** | 金山云自动更新CDN证书 | | 10.| **GoEdge-更新证书** | GoEdge |
| 11.| **山云-更新证书** | | | 11.| **山云-更新CDN证书** | 金山云自动更新CDN证书 |
| 12.| **cdnfly-部署证书到cdnfly** | cdnfly | | 12.| **白山云-更新证书** | |
| 13.| **天翼云-部署证书到CDN** | 部署证书到天翼云CDN和全站加速 | | 13.| **cdnfly-部署证书到cdnfly** | cdnfly |
| 14.| **括彩云-部署到括彩云CDN** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | | 14.| **天翼云-部署证书到CDN** | 部署证书到天翼云CDN和全站加速 |
| 15.| **LeCDN-更新证书V2** | 支持新版本LeCDN | | 15.| **括彩云-部署到括彩云CDN** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 16.| **LeCDN-更新证书** | | | 16.| **LeCDN-更新证书V2** | 支持新版本LeCDN |
| 17.| **Maoyun-更新猫云CDN证书** | | | 17.| **LeCDN-更新证书** | |
| 18.| **易盾-部署到易盾DCDN** | 主要是防御,http://user.yiduncdn.com/ | | 18.| **Maoyun-更新猫云CDN证书** | |
| 19.| **易盾-部署到易盾RCDN** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | | 19.| **易盾-部署到易盾DCDN** | 主要是防御,http://user.yiduncdn.com/ |
| 20.| **雨云-更新证书** | app.rainyun.com | | 20.| **易盾-部署到易盾RCDN** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 21.| **又拍云-部署证书到CDN/USS** | 支持又拍云CDN,又拍云云存储USS | | 21.| **雨云-更新证书** | app.rainyun.com |
| 22.| **网宿-更新证书** | 网宿证书自动更新 | | 22.| **又拍云-部署证书到CDN/USS** | 支持又拍云CDN,又拍云云存储USS |
| 23.| **西数-部署到虚拟主机** | 西部数码部署证书到虚拟主机 | | 23.| **网宿-更新证书** | 网宿证书自动更新 |
| 24.| **我爱云-部署证书到我爱云CDN** | 部署证书到我爱云CDN | | 24.| **西数-部署到虚拟主机** | 西部数码部署证书到虚拟主机 |
| 25.| **Zenlayer-刷新证书** | 刷新Zenlayer CDN证书 | | 25.| **我爱云-部署证书到我爱云CDN** | 部署证书到我爱云CDN |
| 26.| **Zenlayer-刷新证书** | 刷新Zenlayer CDN证书 |
## 4. 面板 ## 4. 面板
| 序号 | 名称 | 说明 | | 序号 | 名称 | 说明 |
@@ -62,22 +63,23 @@
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 | | 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 | | 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 | | 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF | | 10.| **宝塔-全自动部署** | 根据证书域名自动匹配宝塔站点,全自动部署SSL证书。新增加速域名自动感知,自动新增部署 |
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 | | 11.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 | | 12.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 | | 13.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s | | 14.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress | | 15.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret | | 16.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
| 17.| **lucky-更新Lucky证书** | | | 17.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
| 18.| **Plesk-部署Plesk网站证书** | | | 18.| **lucky-更新Lucky证书** | |
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 | | 19.| **Plesk-部署Plesk网站证书** | |
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书 | | 20.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 | | 21.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 | | 22.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 | | 23.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
| 24.| **Proxmox-上传证书到Proxmox** | | | 24.| **uniCloud-部署到服务空间** | 部署到服务空间 |
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap | | 25.| **Proxmox-上传证书到Proxmox** | |
| 26.| **威联通-部署证书到威联通** | 部署证书到qnap |
## 5. 阿里云 ## 5. 阿里云
| 序号 | 名称 | 说明 | | 序号 | 名称 | 说明 |
@@ -90,7 +92,7 @@
| 6.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关(APIGateway | | 6.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关(APIGateway |
| 7.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | | 7.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN |
| 8.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务,自动部署域名证书至阿里云DCDN | | 8.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务,自动部署域名证书至阿里云DCDN |
| 9.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速),自动删除过期证书 | | 9.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速),支持边缘证书和SaaS证书两种模式 |
| 10.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算(FC3.0) | | 10.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算(FC3.0) |
| 11.| **阿里云-部署至GA** | 部署证书到阿里云GA(全球加速),支持更新默认证书和扩展证书 | | 11.| **阿里云-部署至GA** | 部署证书到阿里云GA(全球加速),支持更新默认证书和扩展证书 |
| 12.| **阿里云-部署至直播(Live** | 部署证书到阿里云视频直播(Live)域名 | | 12.| **阿里云-部署至直播(Live** | 部署证书到阿里云视频直播(Live)域名 |
Binary file not shown.

After

Width:  |  Height:  |  Size: 379 KiB

+16 -26
View File
@@ -1,15 +1,23 @@
# google证书申请教程 # google证书申请教程
## 1、启用API ## 1、 添加流水线
点击“创建证书流水线”按钮
## 2、 生成google ACME账号
![](./images/google-acme.png)
## 3、 获取Google EAB
### 3.1、启用API
打开如下链接,启用 API 打开如下链接,启用 API
https://console.cloud.google.com/apis/library/publicca.googleapis.com https://console.cloud.google.com/apis/library/publicca.googleapis.com
打开该链接后点击“启用”,随后等待右侧出现“API已启用”则可以关闭该页。 打开该链接后点击“启用”,随后等待右侧出现“API已启用”则可以关闭该页。
## 2、 获取授权 ## 3.2、 创建EAB
以下两种方式任选其一
### 2.1 直接获取EAB 【推荐】
1. 打开“Google Cloud Shell”(在右上角点击激活CloudShell图标)。 1. 打开“Google Cloud Shell”(在右上角点击激活CloudShell图标)。
@@ -28,31 +36,13 @@ keyId: xxxxxxxxxxxxx]
``` ```
![](./images/google-eab.png) ![](./images/google-eab.png)
3. 到Certd中,创建一条EAB授权记录,填写keyId(=kid) 和 b64MacKey 信息 3. 到Certd中,创建一条EAB授权记录,填写keyId(=kid) 和 b64MacKey 信息
注意:keyId没有`]`结尾,不要把`]`也复制了 注意:keyId没有`]`结尾,不要把`]`也复制了
## 4、 生成Google ACME账号
注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱,所以邮箱切记不要修改 注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱,所以邮箱切记不要修改
否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation` 否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation`
4. 创建证书流水线,选择证书提供商为google,选择EAB授权,运行流水线申请证书 ## 5、创建证书流水线,运行流水线申请证书
### 2.2 通过google服务账号接口获取授权
此方式可以自动获取EAB,需要服务端配置代理
1. 创建服务账号
https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts/create?walkthrough_id=iam--create-service-account&hl=zh-cn#step_index=1
2. 选择一个项目,进入创建服务账号页面
3. 给服务账号起一个名字,点击`创建并继续`
4. 向此服务账号授予对项目的访问权限: `选择角色`->`基本`->`Owner`
5. 点击完成
6. 点击服务账号,进入服务账号详情页面
7. 点击`添加密钥`->`创建新密钥`->`JSON`,下载密钥文件
8. 将json文件内容粘贴到 certd中 Google服务授权输入框中
9. 创建证书流水线,选择证书提供商为google, 选择服务账号授权,运行流水线申请证书
+1 -1
View File
@@ -9,5 +9,5 @@
} }
}, },
"npmClient": "pnpm", "npmClient": "pnpm",
"version": "1.41.4" "version": "1.42.3"
} }
+18
View File
@@ -3,6 +3,24 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/publishlab/node-acme-client/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/acme-client
## [1.42.2](https://github.com/publishlab/node-acme-client/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/acme-client
## [1.42.1](https://github.com/publishlab/node-acme-client/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/acme-client
# [1.42.0](https://github.com/publishlab/node-acme-client/compare/v1.41.4...v1.42.0) (2026-07-05)
### Performance Improvements
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/publishlab/node-acme-client/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
## [1.41.4](https://github.com/publishlab/node-acme-client/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/publishlab/node-acme-client/compare/v1.41.3...v1.41.4) (2026-06-14)
**Note:** Version bump only for package @certd/acme-client **Note:** Version bump only for package @certd/acme-client
-518
View File
@@ -1,518 +0,0 @@
## Classes
<dl>
<dt><a href="#AcmeClient">AcmeClient</a></dt>
<dd><p>AcmeClient</p>
</dd>
</dl>
## Objects
<dl>
<dt><a href="#Client">Client</a> : <code>object</code></dt>
<dd><p>ACME client</p>
</dd>
</dl>
<a name="AcmeClient"></a>
## AcmeClient
AcmeClient
**Kind**: global class
* [AcmeClient](#AcmeClient)
* [new AcmeClient(opts)](#new_AcmeClient_new)
* [.getTermsOfServiceUrl()](#AcmeClient+getTermsOfServiceUrl) ⇒ <code>Promise.&lt;(string\|null)&gt;</code>
* [.getAccountUrl()](#AcmeClient+getAccountUrl) ⇒ <code>string</code>
* [.createAccount([data])](#AcmeClient+createAccount) ⇒ <code>Promise.&lt;object&gt;</code>
* [.updateAccount([data])](#AcmeClient+updateAccount) ⇒ <code>Promise.&lt;object&gt;</code>
* [.updateAccountKey(newAccountKey, [data])](#AcmeClient+updateAccountKey) ⇒ <code>Promise.&lt;object&gt;</code>
* [.createOrder(data)](#AcmeClient+createOrder) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getOrder(order)](#AcmeClient+getOrder) ⇒ <code>Promise.&lt;object&gt;</code>
* [.finalizeOrder(order, csr)](#AcmeClient+finalizeOrder) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getAuthorizations(order)](#AcmeClient+getAuthorizations) ⇒ <code>Promise.&lt;Array.&lt;object&gt;&gt;</code>
* [.deactivateAuthorization(authz)](#AcmeClient+deactivateAuthorization) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getChallengeKeyAuthorization(challenge)](#AcmeClient+getChallengeKeyAuthorization) ⇒ <code>Promise.&lt;string&gt;</code>
* [.verifyChallenge(authz, challenge)](#AcmeClient+verifyChallenge) ⇒ <code>Promise</code>
* [.completeChallenge(challenge)](#AcmeClient+completeChallenge) ⇒ <code>Promise.&lt;object&gt;</code>
* [.waitForValidStatus(item)](#AcmeClient+waitForValidStatus) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getCertificate(order, [preferredChain])](#AcmeClient+getCertificate) ⇒ <code>Promise.&lt;string&gt;</code>
* [.revokeCertificate(cert, [data])](#AcmeClient+revokeCertificate) ⇒ <code>Promise</code>
* [.auto(opts)](#AcmeClient+auto) ⇒ <code>Promise.&lt;string&gt;</code>
<a name="new_AcmeClient_new"></a>
### new AcmeClient(opts)
| Param | Type | Description |
| --- | --- | --- |
| opts | <code>object</code> | |
| opts.directoryUrl | <code>string</code> | ACME directory URL |
| opts.accountKey | <code>buffer</code> \| <code>string</code> | PEM encoded account private key |
| [opts.accountUrl] | <code>string</code> | Account URL, default: `null` |
| [opts.externalAccountBinding] | <code>object</code> | |
| [opts.externalAccountBinding.kid] | <code>string</code> | External account binding KID |
| [opts.externalAccountBinding.hmacKey] | <code>string</code> | External account binding HMAC key |
| [opts.backoffAttempts] | <code>number</code> | Maximum number of backoff attempts, default: `10` |
| [opts.backoffMin] | <code>number</code> | Minimum backoff attempt delay in milliseconds, default: `5000` |
| [opts.backoffMax] | <code>number</code> | Maximum backoff attempt delay in milliseconds, default: `30000` |
**Example**
Create ACME client instance
```js
const client = new acme.Client({
directoryUrl: acme.directory.letsencrypt.staging,
accountKey: 'Private key goes here',
});
```
**Example**
Create ACME client instance
```js
const client = new acme.Client({
directoryUrl: acme.directory.letsencrypt.staging,
accountKey: 'Private key goes here',
accountUrl: 'Optional account URL goes here',
backoffAttempts: 10,
backoffMin: 5000,
backoffMax: 30000,
});
```
**Example**
Create ACME client with external account binding
```js
const client = new acme.Client({
directoryUrl: 'https://acme-provider.example.com/directory-url',
accountKey: 'Private key goes here',
externalAccountBinding: {
kid: 'YOUR-EAB-KID',
hmacKey: 'YOUR-EAB-HMAC-KEY',
},
});
```
<a name="AcmeClient+getTermsOfServiceUrl"></a>
### acmeClient.getTermsOfServiceUrl() ⇒ <code>Promise.&lt;(string\|null)&gt;</code>
Get Terms of Service URL if available
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;(string\|null)&gt;</code> - ToS URL
**Example**
Get Terms of Service URL
```js
const termsOfService = client.getTermsOfServiceUrl();
if (!termsOfService) {
// CA did not provide Terms of Service
}
```
<a name="AcmeClient+getAccountUrl"></a>
### acmeClient.getAccountUrl() ⇒ <code>string</code>
Get current account URL
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>string</code> - Account URL
**Throws**:
- <code>Error</code> No account URL found
**Example**
Get current account URL
```js
try {
const accountUrl = client.getAccountUrl();
}
catch (e) {
// No account URL exists, need to create account first
}
```
<a name="AcmeClient+createAccount"></a>
### acmeClient.createAccount([data]) ⇒ <code>Promise.&lt;object&gt;</code>
Create a new account
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Account
| Param | Type | Description |
| --- | --- | --- |
| [data] | <code>object</code> | Request data |
**Example**
Create a new account
```js
const account = await client.createAccount({
termsOfServiceAgreed: true,
});
```
**Example**
Create a new account with contact info
```js
const account = await client.createAccount({
termsOfServiceAgreed: true,
contact: ['mailto:test@example.com'],
});
```
<a name="AcmeClient+updateAccount"></a>
### acmeClient.updateAccount([data]) ⇒ <code>Promise.&lt;object&gt;</code>
Update existing account
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Account
| Param | Type | Description |
| --- | --- | --- |
| [data] | <code>object</code> | Request data |
**Example**
Update existing account
```js
const account = await client.updateAccount({
contact: ['mailto:foo@example.com'],
});
```
<a name="AcmeClient+updateAccountKey"></a>
### acmeClient.updateAccountKey(newAccountKey, [data]) ⇒ <code>Promise.&lt;object&gt;</code>
Update account private key
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Account
| Param | Type | Description |
| --- | --- | --- |
| newAccountKey | <code>buffer</code> \| <code>string</code> | New PEM encoded private key |
| [data] | <code>object</code> | Additional request data |
**Example**
Update account private key
```js
const newAccountKey = 'New private key goes here';
const result = await client.updateAccountKey(newAccountKey);
```
<a name="AcmeClient+createOrder"></a>
### acmeClient.createOrder(data) ⇒ <code>Promise.&lt;object&gt;</code>
Create a new order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Order
| Param | Type | Description |
| --- | --- | --- |
| data | <code>object</code> | Request data |
**Example**
Create a new order
```js
const order = await client.createOrder({
identifiers: [
{ type: 'dns', value: 'example.com' },
{ type: 'dns', value: 'test.example.com' },
],
});
```
<a name="AcmeClient+getOrder"></a>
### acmeClient.getOrder(order) ⇒ <code>Promise.&lt;object&gt;</code>
Refresh order object from CA
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Order
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order object |
**Example**
```js
const order = { ... }; // Previously created order object
const result = await client.getOrder(order);
```
<a name="AcmeClient+finalizeOrder"></a>
### acmeClient.finalizeOrder(order, csr) ⇒ <code>Promise.&lt;object&gt;</code>
Finalize order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Order
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order object |
| csr | <code>buffer</code> \| <code>string</code> | PEM encoded Certificate Signing Request |
**Example**
Finalize order
```js
const order = { ... }; // Previously created order object
const csr = { ... }; // Previously created Certificate Signing Request
const result = await client.finalizeOrder(order, csr);
```
<a name="AcmeClient+getAuthorizations"></a>
### acmeClient.getAuthorizations(order) ⇒ <code>Promise.&lt;Array.&lt;object&gt;&gt;</code>
Get identifier authorizations from order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;Array.&lt;object&gt;&gt;</code> - Authorizations
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order |
**Example**
Get identifier authorizations
```js
const order = { ... }; // Previously created order object
const authorizations = await client.getAuthorizations(order);
authorizations.forEach((authz) => {
const { challenges } = authz;
});
```
<a name="AcmeClient+deactivateAuthorization"></a>
### acmeClient.deactivateAuthorization(authz) ⇒ <code>Promise.&lt;object&gt;</code>
Deactivate identifier authorization
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Authorization
| Param | Type | Description |
| --- | --- | --- |
| authz | <code>object</code> | Identifier authorization |
**Example**
Deactivate identifier authorization
```js
const authz = { ... }; // Identifier authorization resolved from previously created order
const result = await client.deactivateAuthorization(authz);
```
<a name="AcmeClient+getChallengeKeyAuthorization"></a>
### acmeClient.getChallengeKeyAuthorization(challenge) ⇒ <code>Promise.&lt;string&gt;</code>
Get key authorization for ACME challenge
https://datatracker.ietf.org/doc/html/rfc8555#section-8.1
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;string&gt;</code> - Key authorization
| Param | Type | Description |
| --- | --- | --- |
| challenge | <code>object</code> | Challenge object returned by API |
**Example**
Get challenge key authorization
```js
const challenge = { ... }; // Challenge from previously resolved identifier authorization
const key = await client.getChallengeKeyAuthorization(challenge);
// Write key somewhere to satisfy challenge
```
<a name="AcmeClient+verifyChallenge"></a>
### acmeClient.verifyChallenge(authz, challenge) ⇒ <code>Promise</code>
Verify that ACME challenge is satisfied
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
| Param | Type | Description |
| --- | --- | --- |
| authz | <code>object</code> | Identifier authorization |
| challenge | <code>object</code> | Authorization challenge |
**Example**
Verify satisfied ACME challenge
```js
const authz = { ... }; // Identifier authorization
const challenge = { ... }; // Satisfied challenge
await client.verifyChallenge(authz, challenge);
```
<a name="AcmeClient+completeChallenge"></a>
### acmeClient.completeChallenge(challenge) ⇒ <code>Promise.&lt;object&gt;</code>
Notify CA that challenge has been completed
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Challenge
| Param | Type | Description |
| --- | --- | --- |
| challenge | <code>object</code> | Challenge object returned by API |
**Example**
Notify CA that challenge has been completed
```js
const challenge = { ... }; // Satisfied challenge
const result = await client.completeChallenge(challenge);
```
<a name="AcmeClient+waitForValidStatus"></a>
### acmeClient.waitForValidStatus(item) ⇒ <code>Promise.&lt;object&gt;</code>
Wait for ACME provider to verify status on a order, authorization or challenge
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Valid order, authorization or challenge
| Param | Type | Description |
| --- | --- | --- |
| item | <code>object</code> | An order, authorization or challenge object |
**Example**
Wait for valid challenge status
```js
const challenge = { ... };
await client.waitForValidStatus(challenge);
```
**Example**
Wait for valid authorization status
```js
const authz = { ... };
await client.waitForValidStatus(authz);
```
**Example**
Wait for valid order status
```js
const order = { ... };
await client.waitForValidStatus(order);
```
<a name="AcmeClient+getCertificate"></a>
### acmeClient.getCertificate(order, [preferredChain]) ⇒ <code>Promise.&lt;string&gt;</code>
Get certificate from ACME order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.2
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;string&gt;</code> - Certificate
| Param | Type | Default | Description |
| --- | --- | --- | --- |
| order | <code>object</code> | | Order object |
| [preferredChain] | <code>string</code> | <code>null</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
**Example**
Get certificate
```js
const order = { ... }; // Previously created order
const certificate = await client.getCertificate(order);
```
**Example**
Get certificate with preferred chain
```js
const order = { ... }; // Previously created order
const certificate = await client.getCertificate(order, 'DST Root CA X3');
```
<a name="AcmeClient+revokeCertificate"></a>
### acmeClient.revokeCertificate(cert, [data]) ⇒ <code>Promise</code>
Revoke certificate
https://datatracker.ietf.org/doc/html/rfc8555#section-7.6
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
| Param | Type | Description |
| --- | --- | --- |
| cert | <code>buffer</code> \| <code>string</code> | PEM encoded certificate |
| [data] | <code>object</code> | Additional request data |
**Example**
Revoke certificate
```js
const certificate = { ... }; // Previously created certificate
const result = await client.revokeCertificate(certificate);
```
**Example**
Revoke certificate with reason
```js
const certificate = { ... }; // Previously created certificate
const result = await client.revokeCertificate(certificate, {
reason: 4,
});
```
<a name="AcmeClient+auto"></a>
### acmeClient.auto(opts) ⇒ <code>Promise.&lt;string&gt;</code>
Auto mode
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;string&gt;</code> - Certificate
| Param | Type | Description |
| --- | --- | --- |
| opts | <code>object</code> | |
| opts.csr | <code>buffer</code> \| <code>string</code> | Certificate Signing Request |
| opts.challengeCreateFn | <code>function</code> | Function returning Promise triggered before completing ACME challenge |
| opts.challengeRemoveFn | <code>function</code> | Function returning Promise triggered after completing ACME challenge |
| [opts.email] | <code>string</code> | Account email address |
| [opts.termsOfServiceAgreed] | <code>boolean</code> | Agree to Terms of Service, default: `false` |
| [opts.skipChallengeVerification] | <code>boolean</code> | Skip internal challenge verification before notifying ACME provider, default: `false` |
| [opts.challengePriority] | <code>Array.&lt;string&gt;</code> | Array defining challenge type priority, default: `['http-01', 'dns-01']` |
| [opts.preferredChain] | <code>string</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
**Example**
Order a certificate using auto mode
```js
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
altNames: ['test.example.com'],
});
const certificate = await client.auto({
csr: certificateRequest,
email: 'test@example.com',
termsOfServiceAgreed: true,
challengeCreateFn: async (authz, challenge, keyAuthorization) => {
// Satisfy challenge here
},
challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
// Clean up challenge here
},
});
```
**Example**
Order a certificate using auto mode with preferred chain
```js
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
altNames: ['test.example.com'],
});
const certificate = await client.auto({
csr: certificateRequest,
email: 'test@example.com',
termsOfServiceAgreed: true,
preferredChain: 'DST Root CA X3',
challengeCreateFn: async () => {},
challengeRemoveFn: async () => {},
});
```
<a name="Client"></a>
## Client : <code>object</code>
ACME client
**Kind**: global namespace
+4 -5
View File
@@ -3,7 +3,7 @@
"description": "Simple and unopinionated ACME client", "description": "Simple and unopinionated ACME client",
"private": false, "private": false,
"author": "nmorsman", "author": "nmorsman",
"version": "1.41.4", "version": "1.42.3",
"type": "module", "type": "module",
"module": "./dist/index.js", "module": "./dist/index.js",
"main": "./dist/index.js", "main": "./dist/index.js",
@@ -18,7 +18,7 @@
"types" "types"
], ],
"dependencies": { "dependencies": {
"@certd/basic": "^1.41.4", "@certd/basic": "^1.42.3",
"@peculiar/x509": "^1.11.0", "@peculiar/x509": "^1.11.0",
"asn1js": "^3.0.5", "asn1js": "^3.0.5",
"axios": "^1.9.0", "axios": "^1.9.0",
@@ -50,10 +50,9 @@
"scripts": { "scripts": {
"before-build": "node -e \"const fs=require('fs');fs.rmSync('dist',{recursive:true,force:true});fs.rmSync('tsconfig.tsbuildinfo',{force:true});\"", "before-build": "node -e \"const fs=require('fs');fs.rmSync('dist',{recursive:true,force:true});fs.rmSync('tsconfig.tsbuildinfo',{force:true});\"",
"build": "npm run before-build && tsc -p tsconfig.build.json --skipLibCheck", "build": "npm run before-build && tsc -p tsconfig.build.json --skipLibCheck",
"build-docs": "jsdoc2md dist/client.js > docs/client.md && jsdoc2md dist/crypto/index.js > docs/crypto.md && jsdoc2md dist/crypto/forge.js > docs/forge.md",
"lint": "eslint \"src/**/*.ts\" \"types/**/*.ts\"", "lint": "eslint \"src/**/*.ts\" \"types/**/*.ts\"",
"lint-types": "tsd --files \"types/index.test-d.ts\"", "lint-types": "tsd --files \"types/index.test-d.ts\"",
"prepublishOnly": "npm run build && npm run build-docs", "prepublishOnly": "npm run build",
"test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\"", "test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\"",
"before-test:unit": "node -e \"const fs=require('fs');fs.rmSync('dist-test',{recursive:true,force:true});fs.rmSync('tsconfig.test.tsbuildinfo',{force:true});\"", "before-test:unit": "node -e \"const fs=require('fs');fs.rmSync('dist-test',{recursive:true,force:true});fs.rmSync('tsconfig.test.tsbuildinfo',{force:true});\"",
"test:unit": "cross-env NODE_ENV=unittest npm run before-test:unit && cross-env NODE_ENV=unittest tsc -p tsconfig.test.json --skipLibCheck && cross-env NODE_ENV=unittest mocha -t 60000 \"dist-test/**/*.test.js\"", "test:unit": "cross-env NODE_ENV=unittest npm run before-test:unit && cross-env NODE_ENV=unittest tsc -p tsconfig.test.json --skipLibCheck && cross-env NODE_ENV=unittest mocha -t 60000 \"dist-test/**/*.test.js\"",
@@ -76,5 +75,5 @@
"bugs": { "bugs": {
"url": "https://github.com/publishlab/node-acme-client/issues" "url": "https://github.com/publishlab/node-acme-client/issues"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+16
View File
@@ -3,6 +3,22 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/basic
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/basic
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/basic
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/basic
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+1 -1
View File
@@ -1 +1 @@
21:25 23:45
+2 -2
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/basic", "name": "@certd/basic",
"private": false, "private": false,
"version": "1.41.4", "version": "1.42.3",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -54,5 +54,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+18
View File
@@ -3,6 +3,24 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/pipeline
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/pipeline
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/pipeline
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Features
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
**Note:** Version bump only for package @certd/pipeline **Note:** Version bump only for package @certd/pipeline
+4 -4
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/pipeline", "name": "@certd/pipeline",
"private": false, "private": false,
"version": "1.41.4", "version": "1.42.3",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -21,8 +21,8 @@
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/basic": "^1.41.4", "@certd/basic": "^1.42.3",
"@certd/plus-core": "^1.41.4", "@certd/plus-core": "^1.42.3",
"dayjs": "^1.11.7", "dayjs": "^1.11.7",
"lodash-es": "^4.17.21", "lodash-es": "^4.17.21",
"reflect-metadata": "^0.2.2" "reflect-metadata": "^0.2.2"
@@ -51,5 +51,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+16
View File
@@ -3,6 +3,22 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/lib-huawei
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-huawei
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-huawei
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/lib-huawei
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+2 -2
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/lib-huawei", "name": "@certd/lib-huawei",
"private": false, "private": false,
"version": "1.41.4", "version": "1.42.3",
"main": "./dist/bundle.js", "main": "./dist/bundle.js",
"module": "./dist/bundle.js", "module": "./dist/bundle.js",
"types": "./dist/d/index.d.ts", "types": "./dist/d/index.d.ts",
@@ -30,5 +30,5 @@
"prettier": "3.3.3", "prettier": "3.3.3",
"tslib": "^2.8.1" "tslib": "^2.8.1"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+16
View File
@@ -3,6 +3,22 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/lib-iframe
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-iframe
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-iframe
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/lib-iframe
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+2 -2
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/lib-iframe", "name": "@certd/lib-iframe",
"private": false, "private": false,
"version": "1.41.4", "version": "1.42.3",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -37,5 +37,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+16
View File
@@ -3,6 +3,22 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/jdcloud
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/jdcloud
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/jdcloud
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/jdcloud
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+2 -2
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/jdcloud", "name": "@certd/jdcloud",
"version": "1.41.4", "version": "1.42.3",
"description": "jdcloud openApi sdk", "description": "jdcloud openApi sdk",
"main": "./dist/bundle.js", "main": "./dist/bundle.js",
"module": "./dist/bundle.js", "module": "./dist/bundle.js",
@@ -62,5 +62,5 @@
"fetch" "fetch"
] ]
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+16
View File
@@ -3,6 +3,22 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/lib-k8s
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-k8s
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-k8s
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/lib-k8s
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
**Note:** Version bump only for package @certd/lib-k8s **Note:** Version bump only for package @certd/lib-k8s
+3 -3
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/lib-k8s", "name": "@certd/lib-k8s",
"private": false, "private": false,
"version": "1.41.4", "version": "1.42.3",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -21,7 +21,7 @@
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/basic": "^1.41.4", "@certd/basic": "^1.42.3",
"@kubernetes/client-node": "0.21.0" "@kubernetes/client-node": "0.21.0"
}, },
"devDependencies": { "devDependencies": {
@@ -38,5 +38,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+25
View File
@@ -3,6 +3,31 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/lib-server
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-server
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-server
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Features
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
### Performance Improvements
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
* dns默认ipv4first ([194463b](https://github.com/certd/certd/commit/194463bea9e797315aa7a724f4b2930701570419))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
**Note:** Version bump only for package @certd/lib-server **Note:** Version bump only for package @certd/lib-server
+9 -9
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/lib-server", "name": "@certd/lib-server",
"version": "1.41.4", "version": "1.42.3",
"description": "midway with flyway, sql upgrade way ", "description": "midway with flyway, sql upgrade way ",
"private": false, "private": false,
"type": "module", "type": "module",
@@ -29,11 +29,11 @@
], ],
"license": "AGPL", "license": "AGPL",
"dependencies": { "dependencies": {
"@certd/acme-client": "^1.41.4", "@certd/acme-client": "^1.42.3",
"@certd/basic": "^1.41.4", "@certd/basic": "^1.42.3",
"@certd/pipeline": "^1.41.4", "@certd/pipeline": "^1.42.3",
"@certd/plugin-lib": "^1.41.4", "@certd/plugin-lib": "^1.42.3",
"@certd/plus-core": "^1.41.4", "@certd/plus-core": "^1.42.3",
"@midwayjs/cache": "3.14.0", "@midwayjs/cache": "3.14.0",
"@midwayjs/core": "3.20.11", "@midwayjs/core": "3.20.11",
"@midwayjs/i18n": "3.20.13", "@midwayjs/i18n": "3.20.13",
@@ -49,8 +49,6 @@
"typeorm": "^0.3.20" "typeorm": "^0.3.20"
}, },
"devDependencies": { "devDependencies": {
"mwts": "^1.3.0",
"mwtsc": "^1.4.0",
"@types/chai": "^4.3.12", "@types/chai": "^4.3.12",
"@types/mocha": "^10.0.6", "@types/mocha": "^10.0.6",
"@types/node": "^18", "@types/node": "^18",
@@ -62,6 +60,8 @@
"eslint-plugin-prettier": "^5.1.3", "eslint-plugin-prettier": "^5.1.3",
"esmock": "^2.7.5", "esmock": "^2.7.5",
"mocha": "^10.6.0", "mocha": "^10.6.0",
"mwts": "^1.3.0",
"mwtsc": "^1.4.0",
"prettier": "3.3.3", "prettier": "3.3.3",
"rimraf": "^5.0.5", "rimraf": "^5.0.5",
"ts-node": "^10.9.2", "ts-node": "^10.9.2",
@@ -69,5 +69,5 @@
"typeorm": "^0.3.20", "typeorm": "^0.3.20",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
@@ -0,0 +1,35 @@
/// <reference types="mocha" />
import assert from "node:assert/strict";
import { AuditLogContext } from "./audit.js";
// AuditLog decorator and getAuditLogOptions are removed since auditLog()
// now signals audit intent directly via ctx.auditLog.enabled
describe("AuditLogContext type", () => {
it("supports enabled flag", () => {
const ctx: AuditLogContext = {
type: "pipeline",
action: "删除流水线",
append: ["ID:5"],
content: "删除了流水线(ID:5)",
projectId: 3,
projectName: "默认项目",
enabled: true,
};
assert.equal(ctx.enabled, true);
assert.equal(ctx.type, "pipeline");
assert.equal(ctx.content, "删除了流水线(ID:5)");
assert.equal(ctx.projectId, 3);
});
it("works with minimal fields", () => {
const ctx: AuditLogContext = {
enabled: true,
append: ["提交2条"],
};
assert.equal(ctx.enabled, true);
});
});
@@ -0,0 +1,21 @@
export type AuditLogOptions = {
type?: string;
action?: string;
content?: string;
template?: string;
disabled?: boolean;
};
export type AuditLogContext = {
type?: string;
action?: string;
append?: string | string[];
content?: string;
projectId?: number;
projectName?: string;
enabled?: boolean;
allowAnonymous?: boolean;
scope?: string;
userId?: number;
username?: string;
};
@@ -1,9 +1,9 @@
import { ApplicationContext, Inject } from '@midwayjs/core'; import { ApplicationContext, Inject } from "@midwayjs/core";
import type {IMidwayContainer} from '@midwayjs/core'; import type { IMidwayContainer } from "@midwayjs/core";
import * as koa from '@midwayjs/koa'; import * as koa from "@midwayjs/koa";
import { Constants } from './constants.js'; import { Constants } from "./constants.js";
import { isEnterprise } from './mode.js'; import { isEnterprise } from "./mode.js";
import type { AuditLogContext } from "./audit.js";
export abstract class BaseController { export abstract class BaseController {
@Inject() @Inject()
@@ -41,7 +41,7 @@ export abstract class BaseController {
getUserId() { getUserId() {
const userId = this.ctx.user?.id; const userId = this.ctx.user?.id;
if (userId == null) { if (userId == null) {
throw new Error('Token已过期'); throw new Error("Token已过期");
} }
return userId; return userId;
} }
@@ -49,7 +49,7 @@ export abstract class BaseController {
getLoginUser() { getLoginUser() {
const user = this.ctx.user; const user = this.ctx.user;
if (user == null) { if (user == null) {
throw new Error('Token已过期'); throw new Error("Token已过期");
} }
return user; return user;
} }
@@ -61,73 +61,110 @@ export abstract class BaseController {
} }
} }
async getProjectId(permission:string) { async getProjectId(permission: string) {
if (!isEnterprise()) { if (!isEnterprise()) {
return undefined return undefined;
} }
let projectIdStr = this.ctx.headers["project-id"] as string; let projectIdStr = this.ctx.headers["project-id"] as string;
if (!projectIdStr){ if (!projectIdStr) {
projectIdStr = this.ctx.request.query["projectId"] as string; projectIdStr = this.ctx.request.query["projectId"] as string;
} }
if (!projectIdStr) { if (!projectIdStr) {
//这里必须抛异常,否则可能会有权限问题 //这里必须抛异常,否则可能会有权限问题
throw new Error("projectId 不能为空") throw new Error("projectId 不能为空");
} }
const userId = this.getUserId() const userId = this.getUserId();
const projectId = parseInt(projectIdStr) const projectId = parseInt(projectIdStr);
await this.checkProjectPermission(userId, projectId,permission) await this.checkProjectPermission(userId, projectId, permission);
return projectId; return projectId;
} }
async getProjectUserId(permission:string){ async getProjectUserId(permission: string) {
let userId = this.getUserId() let userId = this.getUserId();
const projectId = await this.getProjectId(permission) const projectId = await this.getProjectId(permission);
if(projectId){ if (projectId) {
userId = -1 // 企业管理模式下,用户id固定-1 userId = -1; // 企业管理模式下,用户id固定-1
} }
return { return {
projectId,userId projectId,
} userId,
};
} }
async getProjectUserIdRead(){ async getProjectUserIdRead() {
return await this.getProjectUserId("read") return await this.getProjectUserId("read");
} }
async getProjectUserIdWrite(){ async getProjectUserIdWrite() {
return await this.getProjectUserId("write") return await this.getProjectUserId("write");
} }
async getProjectUserIdAdmin(){ async getProjectUserIdAdmin() {
return await this.getProjectUserId("admin") return await this.getProjectUserId("admin");
} }
async checkProjectPermission(userId: number, projectId: number,permission:string) { async checkProjectPermission(userId: number, projectId: number, permission: string) {
const projectService:any = await this.applicationContext.getAsync("projectService"); const projectService: any = await this.applicationContext.getAsync("projectService");
await projectService.checkPermission({userId,projectId,permission}) await projectService.checkPermission({ userId, projectId, permission });
} }
/** /**
* *
* @param service * @param service
* @param id * @param id
*/ */
async checkOwner(service:any,id:number,permission:string,allowAdmin:boolean = false){ async checkOwner(service: any, id: number, permission: string, allowAdmin: boolean = false) {
let { projectId,userId } = await this.getProjectUserId(permission) const { projectId, userId } = await this.getProjectUserId(permission);
const authService:any = await this.applicationContext.getAsync("authService"); const authService: any = await this.applicationContext.getAsync("authService");
if (projectId) { if (projectId) {
await authService.checkProjectId(service, id, projectId); await authService.checkProjectId(service, id, projectId);
}else{ } else {
if (userId === Constants.systemUserId) {
if(userId === Constants.systemUserId){
//系统级别,不检查权限 //系统级别,不检查权限
}else{ } else {
if(allowAdmin){ if (allowAdmin) {
await authService.checkUserIdButAllowAdmin(this.ctx, service, id); await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
}else{ } else {
await authService.checkUserId( service, id, userId); await authService.checkUserId(service, id, userId);
} }
} }
} }
return {projectId,userId} return { projectId, userId };
} }
getAuditType(): string {
return "unknown";
}
auditLog(bean: { type?: string; action?: string; content?: string; append?: string | string[]; projectId?: number; userId?: number; username?: string } = {}) {
const auditLog = this.ensureAuditLogContext();
auditLog.enabled = true;
if (bean.userId != null) {
auditLog.userId = bean.userId;
}
if (bean.username != null) {
auditLog.username = bean.username;
}
if (bean.type != null) {
auditLog.type = bean.type;
}
if (bean.action != null) {
auditLog.action = bean.action;
}
if (bean.projectId != null) {
auditLog.projectId = bean.projectId;
}
if (bean.content) {
auditLog.content = bean.content;
}
if (bean.append) {
const items = Array.isArray(bean.append) ? bean.append : [bean.append];
const old = Array.isArray(auditLog.append) ? auditLog.append : auditLog.append ? [auditLog.append] : [];
auditLog.append = [...old, ...items].filter(item => item && String(item).trim());
}
}
private ensureAuditLogContext(): AuditLogContext {
if (!this.ctx.auditLog) {
this.ctx.auditLog = {};
}
return this.ctx.auditLog;
}
} }
@@ -1,10 +1,10 @@
import { PermissionException, ValidateException } from './exception/index.js'; import { PermissionException, ValidateException } from "./exception/index.js";
import { EntityTarget, FindOneOptions, In, Repository, SelectQueryBuilder } from 'typeorm'; import { EntityTarget, FindOneOptions, In, Repository, SelectQueryBuilder } from "typeorm";
import { Inject } from '@midwayjs/core'; import { Inject } from "@midwayjs/core";
import { TypeORMDataSourceManager } from '@midwayjs/typeorm'; import { TypeORMDataSourceManager } from "@midwayjs/typeorm";
import { EntityManager } from 'typeorm/entity-manager/EntityManager.js'; import { EntityManager } from "typeorm/entity-manager/EntityManager.js";
import { FindManyOptions } from 'typeorm'; import { FindManyOptions } from "typeorm";
import { Constants } from './constants.js'; import { Constants } from "./constants.js";
export type PageReq<T = any> = { export type PageReq<T = any> = {
page?: { offset: number; limit: number }; page?: { offset: number; limit: number };
@@ -34,7 +34,7 @@ export abstract class BaseService<T> {
abstract getRepository(): Repository<T>; abstract getRepository(): Repository<T>;
async transaction(callback: (entityManager: EntityManager) => Promise<any>) { async transaction(callback: (entityManager: EntityManager) => Promise<any>) {
const dataSource = this.dataSourceManager.getDataSource('default'); const dataSource = this.dataSourceManager.getDataSource("default");
return await dataSource.transaction(callback as any); return await dataSource.transaction(callback as any);
} }
@@ -52,11 +52,11 @@ export abstract class BaseService<T> {
if (ctx.manager) { if (ctx.manager) {
return ctx.manager.getRepository(entity); return ctx.manager.getRepository(entity);
} }
const dataSource = this.dataSourceManager.getDataSource('default'); const dataSource = this.dataSourceManager.getDataSource("default");
return dataSource.getRepository(entity); return dataSource.getRepository(entity);
} }
protected buildUserProjectQuery(userId: number, projectId?: number) { public buildUserProjectQuery(userId: number, projectId?: number) {
const query: { userId: number; projectId?: number; [key: string]: any } = { const query: { userId: number; projectId?: number; [key: string]: any } = {
userId, userId,
}; };
@@ -73,7 +73,7 @@ export abstract class BaseService<T> {
*/ */
async info(id, infoIgnoreProperty?): Promise<T | null> { async info(id, infoIgnoreProperty?): Promise<T | null> {
if (!id) { if (!id) {
throw new ValidateException('id不能为空'); throw new ValidateException("id不能为空");
} }
const info = await this.getRepository().findOneBy({ id } as any); const info = await this.getRepository().findOneBy({ id } as any);
if (info && infoIgnoreProperty) { if (info && infoIgnoreProperty) {
@@ -119,18 +119,18 @@ export abstract class BaseService<T> {
...where, ...where,
}); });
await this.modifyAfter(idArr); await this.modifyAfter(idArr);
return ids return ids;
} }
resolveIdArr(ids: string | any[]) { resolveIdArr(ids: string | any[]) {
if (!ids) { if (!ids) {
throw new ValidateException('ids不能为空'); throw new ValidateException("ids不能为空");
} }
if (typeof ids === 'string') { if (typeof ids === "string") {
return ids.split(','); return ids.split(",");
} else if(!Array.isArray(ids)){ } else if (!Array.isArray(ids)) {
return [ids]; return [ids];
}else { } else {
return ids; return ids;
} }
} }
@@ -147,7 +147,7 @@ export abstract class BaseService<T> {
* *
* @param param * @param param
*/ */
async add(param: any) { async add(param: any): Promise<{ id: number; [key: string]: any }> {
const now = new Date(); const now = new Date();
param.createTime = now; param.createTime = now;
param.updateTime = now; param.updateTime = now;
@@ -163,7 +163,7 @@ export abstract class BaseService<T> {
* @param param * @param param
*/ */
async update(param: any) { async update(param: any) {
if (!param.id) throw new ValidateException('id 不能为空'); if (!param.id) throw new ValidateException("id 不能为空");
param.updateTime = new Date(); param.updateTime = new Date();
await this.addOrUpdate(param); await this.addOrUpdate(param);
await this.modifyAfter(param); await this.modifyAfter(param);
@@ -201,10 +201,10 @@ export abstract class BaseService<T> {
} }
private buildListQuery(listReq: ListReq<T>) { private buildListQuery(listReq: ListReq<T>) {
const { query, sort, buildQuery,select } = listReq; const { query, sort, buildQuery, select } = listReq;
const qb = this.getRepository().createQueryBuilder('main'); const qb = this.getRepository().createQueryBuilder("main");
if (select) { if (select) {
qb.setFindOptions({select}); qb.setFindOptions({ select });
} }
if (query) { if (query) {
const keys = Object.keys(query); const keys = Object.keys(query);
@@ -223,10 +223,10 @@ export abstract class BaseService<T> {
} }
}); });
if (found) { if (found) {
qb.addOrderBy('main.' + sort.prop, sort.asc ? 'ASC' : 'DESC'); qb.addOrderBy("main." + sort.prop, sort.asc ? "ASC" : "DESC");
} }
} }
qb.addOrderBy('id', 'DESC'); qb.addOrderBy("id", "DESC");
//自定义query //自定义query
if (buildQuery) { if (buildQuery) {
buildQuery(qb); buildQuery(qb);
@@ -243,12 +243,12 @@ export abstract class BaseService<T> {
return await qb.getMany(); return await qb.getMany();
} }
async checkUserId(ids: number | number[] = 0, userId: number, userKey = 'userId') { async checkUserId(ids: number | number[] = 0, userId: number, userKey = "userId") {
if (ids == null) { if (ids == null) {
throw new ValidateException('id不能为空'); throw new ValidateException("id不能为空");
} }
if (userId == null) { if (userId == null) {
throw new ValidateException('userId不能为空'); throw new ValidateException("userId不能为空");
} }
if (!Array.isArray(ids)) { if (!Array.isArray(ids)) {
ids = [ids]; ids = [ids];
@@ -268,20 +268,20 @@ export abstract class BaseService<T> {
if (!res || res.length === ids.length) { if (!res || res.length === ids.length) {
return; return;
} }
throw new PermissionException('权限不足'); throw new PermissionException("权限不足");
} }
filterIds(ids: any[]) { filterIds(ids: any[]) {
if (!ids) { if (!ids) {
throw new ValidateException('ids不能为空'); throw new ValidateException("ids不能为空");
} }
return ids.filter((item) => { return ids.filter(item => {
return item!=null && item != "" return item != null && item != "";
}); });
} }
async batchDelete(ids: number[], userId: number,projectId?:number) { async batchDelete(ids: number[], userId: number, projectId?: number): Promise<number> {
ids = this.filterIds(ids); ids = this.filterIds(ids);
if(userId!=null){ if (userId != null) {
const userProjectQuery = this.buildUserProjectQuery(userId, projectId); const userProjectQuery = this.buildUserProjectQuery(userId, projectId);
const list = await this.getRepository().find({ const list = await this.getRepository().find({
where: { where: {
@@ -289,30 +289,30 @@ export abstract class BaseService<T> {
id: In(ids), id: In(ids),
...userProjectQuery, ...userProjectQuery,
}, },
}) });
// @ts-ignore // @ts-ignore
ids = list.map(item => item.id) ids = list.map(item => item.id);
} }
await this.delete(ids); await this.delete(ids);
return ids.length;
} }
async findOne(options: FindOneOptions<T>) { async findOne(options: FindOneOptions<T>) {
return await this.getRepository().findOne(options); return await this.getRepository().findOne(options);
} }
} }
export function checkUserProjectParam(userId: number, projectId: number) { export function checkUserProjectParam(userId: number, projectId: number) {
if (projectId != null ){ if (projectId != null) {
if( userId !== Constants.enterpriseUserId) { if (userId !== Constants.enterpriseUserId) {
throw new ValidateException('userId projectId 错误'); throw new ValidateException("userId projectId 错误");
} }
return true return true;
}else{ } else {
if( userId != null) { if (userId != null) {
return true return true;
} }
throw new ValidateException('userId不能为空'); throw new ValidateException("userId不能为空");
} }
} }
+35 -35
View File
@@ -1,21 +1,21 @@
export const Constants = { export const Constants = {
dataDir: './data', dataDir: "./data",
role: { role: {
defaultUser: 3, defaultUser: 3,
}, },
per: { per: {
//无需登录 //无需登录
guest: '_guest_', guest: "_guest_",
//无需登录 //无需登录
anonymous: '_guest_', anonymous: "_guest_",
//无需登录,有 token 时解析当前用户 //无需登录,有 token 时解析当前用户
guestOptionalAuth: '_guestOptionalAuth_', guestOptionalAuth: "_guestOptionalAuth_",
//仅需要登录 //仅需要登录
authOnly: '_authOnly_', authOnly: "_authOnly_",
//仅需要登录 //仅需要登录
loginOnly: '_authOnly_', loginOnly: "_authOnly_",
open: '_open_', open: "_open_",
}, },
res: { res: {
serverError(message: string) { serverError(message: string) {
@@ -26,102 +26,102 @@ export const Constants = {
}, },
error: { error: {
code: 1, code: 1,
message: 'Internal server error', message: "Internal server error",
}, },
success: { success: {
code: 0, code: 0,
message: 'success', message: "success",
}, },
validation: { validation: {
code: 10, code: 10,
message: '参数错误', message: "参数错误",
}, },
needvip: { needvip: {
code: 88, code: 88,
message: '需要VIP', message: "需要VIP",
}, },
needsuite: { needsuite: {
code: 89, code: 89,
message: '需要购买或升级套餐', message: "需要购买或升级套餐",
}, },
loginError: { loginError: {
code: 2, code: 2,
message: '登录失败', message: "登录失败",
}, },
codeError: { codeError: {
code: 3, code: 3,
message: '验证码错误', message: "验证码错误",
}, },
auth: { auth: {
code: 401, code: 401,
message: '您还未登录或token已过期', message: "您还未登录或token已过期",
}, },
permission: { permission: {
code: 402, code: 402,
message: '您没有权限', message: "您没有权限",
}, },
param: { param: {
code: 400, code: 400,
message: '参数错误', message: "参数错误",
}, },
notFound: { notFound: {
code: 404, code: 404,
message: '页面/文件/资源不存在', message: "页面/文件/资源不存在",
}, },
preview: { preview: {
code: 10001, code: 10001,
message: '对不起,预览环境不允许修改此数据', message: "对不起,预览环境不允许修改此数据",
}, },
siteOff:{ siteOff: {
code: 10010, code: 10010,
message: '站点已关闭', message: "站点已关闭",
}, },
need2fa:{ need2fa: {
code: 10020, code: 10020,
message: '需要2FA认证', message: "需要2FA认证",
}, },
openKeyError: { openKeyError: {
code: 20000, code: 20000,
message: 'ApiToken错误', message: "ApiToken错误",
}, },
openKeySignError: { openKeySignError: {
code: 20001, code: 20001,
message: 'ApiToken签名错误', message: "ApiToken签名错误",
}, },
openKeyExpiresError: { openKeyExpiresError: {
code: 20002, code: 20002,
message: 'ApiToken时间戳错误', message: "ApiToken时间戳错误",
}, },
openKeySignTypeError: { openKeySignTypeError: {
code: 20003, code: 20003,
message: 'ApiToken签名类型不支持', message: "ApiToken签名类型不支持",
}, },
openParamError: { openParamError: {
code: 20010, code: 20010,
message: '请求参数错误', message: "请求参数错误",
}, },
openCertNotFound: { openCertNotFound: {
code: 20011, code: 20011,
message: '证书不存在', message: "证书不存在",
}, },
openCertNotReady: { openCertNotReady: {
code: 20012, code: 20012,
message: '证书还未生成', message: "证书还未生成",
}, },
openCertApplying: { openCertApplying: {
code: 20013, code: 20013,
message: '证书正在申请中,请稍后重新获取', message: "证书正在申请中,请稍后重新获取",
}, },
openDomainNoVerifier:{ openDomainNoVerifier: {
code: 20014, code: 20014,
message: '域名校验方式未配置', message: "域名校验方式未配置",
}, },
openEmailNotFound: { openEmailNotFound: {
code: 20021, code: 20021,
message: '用户邮箱还未配置', message: "用户邮箱还未配置",
}, },
}, },
systemUserId: 0, // 系统级别userid固定为0 systemUserId: 0, // 系统级别userid固定为0
enterpriseUserId: -1 // 企业模式用户id固定为-1 enterpriseUserId: -1, // 企业模式用户id固定为-1
}; };
@@ -1,11 +1,11 @@
import { ALL, Body, Post, Query } from '@midwayjs/core'; import { ALL, Body, Post, Query } from "@midwayjs/core";
import { BaseController } from './base-controller.js'; import { BaseController } from "./base-controller.js";
export abstract class CrudController<T> extends BaseController { export abstract class CrudController<T> extends BaseController {
// eslint-disable-next-line @typescript-eslint/no-unused-vars // eslint-disable-next-line @typescript-eslint/no-unused-vars
abstract getService<T>(); abstract getService<T>();
@Post('/page') @Post("/page")
async page(@Body(ALL) body: any) { async page(@Body(ALL) body: any) {
const pageRet = await this.getService().page({ const pageRet = await this.getService().page({
query: body.query ?? {}, query: body.query ?? {},
@@ -16,7 +16,7 @@ export abstract class CrudController<T> extends BaseController {
return this.ok(pageRet); return this.ok(pageRet);
} }
@Post('/list') @Post("/list")
async list(@Body(ALL) body: any) { async list(@Body(ALL) body: any) {
const listRet = await this.getService().list({ const listRet = await this.getService().list({
query: body.query ?? {}, query: body.query ?? {},
@@ -25,33 +25,33 @@ export abstract class CrudController<T> extends BaseController {
return this.ok(listRet); return this.ok(listRet);
} }
@Post('/add') @Post("/add")
async add(@Body(ALL) bean: any) { async add(@Body(ALL) bean: any) {
delete bean.id; delete bean.id;
const id = await this.getService().add(bean); const id = await this.getService().add(bean);
return this.ok(id); return this.ok(id);
} }
@Post('/info') @Post("/info")
async info(@Query('id') id: number) { async info(@Query("id") id: number) {
const bean = await this.getService().info(id); const bean = await this.getService().info(id);
return this.ok(bean); return this.ok(bean);
} }
@Post('/update') @Post("/update")
async update(@Body(ALL) bean: any) { async update(@Body(ALL) bean: any) {
await this.getService().update(bean); await this.getService().update(bean);
return this.ok(null); return this.ok(null);
} }
@Post('/delete') @Post("/delete")
async delete(@Query('id') id: number) { async delete(@Query("id") id: number) {
await this.getService().delete([id]); await this.getService().delete([id]);
return this.ok(null); return this.ok(null);
} }
@Post('/deleteByIds') @Post("/deleteByIds")
async deleteByIds(@Body('ids') ids: number[]) { async deleteByIds(@Body("ids") ids: number[]) {
await this.getService().delete(ids); await this.getService().delete(ids);
return this.ok(null); return this.ok(null);
} }
@@ -1,12 +1,14 @@
import { Constants } from '../constants.js'; import { Constants } from "../constants.js";
import { BaseException } from './base-exception.js'; import { BaseException } from "./base-exception.js";
/** /**
* *
*/ */
export class LoginErrorException extends BaseException { export class LoginErrorException extends BaseException {
leftCount: number; leftCount: number;
constructor(message, leftCount: number) { userId?: number;
super('LoginErrorException', Constants.res.loginError.code, message ? message : Constants.res.loginError.message); constructor(message, leftCount: number, userId?: number) {
super("LoginErrorException", Constants.res.loginError.code, message ? message : Constants.res.loginError.message);
this.leftCount = leftCount; this.leftCount = leftCount;
this.userId = userId;
} }
} }
+9 -8
View File
@@ -1,8 +1,9 @@
export * from './base-controller.js'; export * from "./base-controller.js";
export * from './constants.js'; export * from "./constants.js";
export * from './crud-controller.js'; export * from "./crud-controller.js";
export * from './enum-item.js'; export * from "./enum-item.js";
export * from './exception/index.js'; export * from "./exception/index.js";
export * from './result.js'; export * from "./result.js";
export * from './base-service.js'; export * from "./base-service.js";
export * from "./mode.js" export * from "./audit.js";
export * from "./mode.js";
+8 -8
View File
@@ -1,12 +1,12 @@
let adminMode = "saas" let adminMode = "saas";
export function setAdminMode(mode:string = "saas"){ export function setAdminMode(mode: string = "saas") {
adminMode = mode adminMode = mode;
} }
export function getAdminMode(){ export function getAdminMode() {
return adminMode return adminMode;
} }
export function isEnterprise(){ export function isEnterprise() {
return adminMode === "enterprise" return adminMode === "enterprise";
} }
@@ -1,9 +1,9 @@
import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core'; import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
import { AppKey, PlusRequestService } from '@certd/plus-core'; import { AppKey, PlusRequestService } from "@certd/plus-core";
import { cache, http, HttpRequestConfig, logger } from '@certd/basic'; import { cache, http, HttpRequestConfig, logger } from "@certd/basic";
import { SysInstallInfo, SysLicenseInfo, SysSettingsService } from '../../settings/index.js'; import { SysInstallInfo, SysLicenseInfo, SysSettingsService } from "../../settings/index.js";
import { merge } from 'lodash-es'; import { merge } from "lodash-es";
import fs from 'fs'; import fs from "fs";
@Provide("plusService") @Provide("plusService")
@Scope(ScopeEnum.Request, { allowDowngrade: true }) @Scope(ScopeEnum.Request, { allowDowngrade: true })
export class PlusService { export class PlusService {
@@ -54,9 +54,9 @@ export class PlusService {
await plusRequestService.verify({ license: licenseInfo.license }); await plusRequestService.verify({ license: licenseInfo.license });
} }
async bindUrl(url: string, url2?:string) { async bindUrl(url: string, url2?: string) {
const plusRequestService = await this.getPlusRequestService(); const plusRequestService = await this.getPlusRequestService();
const res = await plusRequestService.bindUrl(url,url2); const res = await plusRequestService.bindUrl(url, url2);
this.plusRequestService = null; this.plusRequestService = null;
return res; return res;
} }
@@ -66,7 +66,7 @@ export class PlusService {
const licenseInfo: SysLicenseInfo = await this.sysSettingsService.getSetting(SysLicenseInfo); const licenseInfo: SysLicenseInfo = await this.sysSettingsService.getSetting(SysLicenseInfo);
if (!licenseInfo.license) { if (!licenseInfo.license) {
await plusRequestService.register(); await plusRequestService.register();
logger.info('站点注册成功'); logger.info("站点注册成功");
this.plusRequestService = null; this.plusRequestService = null;
} }
} }
@@ -74,8 +74,8 @@ export class PlusService {
async userPreBind(userId: number) { async userPreBind(userId: number) {
const plusRequestService = await this.getPlusRequestService(); const plusRequestService = await this.getPlusRequestService();
await plusRequestService.requestWithoutSign({ await plusRequestService.requestWithoutSign({
url: '/activation/subject/preBind', url: "/activation/subject/preBind",
method: 'POST', method: "POST",
data: { data: {
userId, userId,
appKey: AppKey, appKey: AppKey,
@@ -91,9 +91,9 @@ export class PlusService {
if (attachments.length > 0) { if (attachments.length > 0) {
const newAttachments: any[] = []; const newAttachments: any[] = [];
attachments.forEach((item: any) => { attachments.forEach((item: any) => {
const name = item.filename || item.path.split('/').pop(); const name = item.filename || item.path.split("/").pop();
const body = item.content || fs.readFileSync(item.path); const body = item.content || fs.readFileSync(item.path);
const bodyBase64 = Buffer.from(body).toString('base64'); const bodyBase64 = Buffer.from(body).toString("base64");
item = { item = {
name, name,
body: bodyBase64, body: bodyBase64,
@@ -104,7 +104,7 @@ export class PlusService {
} }
await plusRequestService.request({ await plusRequestService.request({
url: '/activation/emailSend', url: "/activation/emailSend",
data: { data: {
subject: email.subject, subject: email.subject,
to: email.receivers, to: email.receivers,
@@ -116,7 +116,7 @@ export class PlusService {
} }
async getAccessToken() { async getAccessToken() {
const cacheKey = 'certd:subject:access_token'; const cacheKey = "certd:subject:access_token";
const token = cache.get(cacheKey); const token = cache.get(cacheKey);
if (token) { if (token) {
return token; return token;
@@ -131,15 +131,15 @@ export class PlusService {
return res.accessToken; return res.accessToken;
} }
async getVipTrial(vipType= "plus") { async getVipTrial(vipType = "plus") {
await this.register(); await this.register();
const plusRequestService = await this.getPlusRequestService(); const plusRequestService = await this.getPlusRequestService();
const res = await plusRequestService.request({ const res = await plusRequestService.request({
url: '/activation/subject/vip/trialGet', url: "/activation/subject/vip/trialGet",
method: 'POST', method: "POST",
data:{ data: {
vipType vipType,
} },
}); });
if (res.license) { if (res.license) {
await this.updateLicense(res.license); await this.updateLicense(res.license);
@@ -147,14 +147,14 @@ export class PlusService {
duration: res.duration, duration: res.duration,
}; };
} else { } else {
throw new Error('您已经领取过VIP试用了'); throw new Error("您已经领取过VIP试用了");
} }
} }
async getTodayOrderCount () { async getTodayOrderCount() {
await this.register(); await this.register();
const plusRequestService = await this.getPlusRequestService(); const plusRequestService = await this.getPlusRequestService();
return await plusRequestService.getOrderCount() return await plusRequestService.getOrderCount();
} }
async requestWithToken(config: HttpRequestConfig) { async requestWithToken(config: HttpRequestConfig) {
@@ -162,7 +162,7 @@ export class PlusService {
const token = await this.getAccessToken(); const token = await this.getAccessToken();
merge(config, { merge(config, {
baseURL: plusRequestService.getBaseURL(), baseURL: plusRequestService.getBaseURL(),
method: 'post', method: "post",
headers: { headers: {
Authorization: `Berear ${token}`, Authorization: `Berear ${token}`,
}, },
@@ -1,33 +1,33 @@
import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm'; import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
/** /**
*/ */
@Entity('sys_settings') @Entity("sys_settings")
export class SysSettingsEntity { export class SysSettingsEntity {
@PrimaryGeneratedColumn() @PrimaryGeneratedColumn()
id: number; id: number;
@Column({ comment: 'key', length: 100 }) @Column({ comment: "key", length: 100 })
key: string; key: string;
@Column({ comment: '名称', length: 100 }) @Column({ comment: "名称", length: 100 })
title: string; title: string;
@Column({ name: 'setting', comment: '设置', length: 1024, nullable: true }) @Column({ name: "setting", comment: "设置", length: 1024, nullable: true })
setting: string; setting: string;
// public 公开读,私有写, private 私有读,私有写 // public 公开读,私有写, private 私有读,私有写
@Column({ name: 'access', comment: '访问权限' }) @Column({ name: "access", comment: "访问权限" })
access: string; access: string;
@Column({ @Column({
name: 'create_time', name: "create_time",
comment: '创建时间', comment: "创建时间",
default: () => 'CURRENT_TIMESTAMP', default: () => "CURRENT_TIMESTAMP",
}) })
createTime: Date; createTime: Date;
@Column({ @Column({
name: 'update_time', name: "update_time",
comment: '修改时间', comment: "修改时间",
default: () => 'CURRENT_TIMESTAMP', default: () => "CURRENT_TIMESTAMP",
}) })
updateTime: Date; updateTime: Date;
} }
@@ -1,19 +1,19 @@
import { cloneDeep } from 'lodash-es'; import { cloneDeep } from "lodash-es";
export class BaseSettings { export class BaseSettings {
static __key__: string; static __key__: string;
static __title__: string; static __title__: string;
static __access__ = 'private'; static __access__ = "private";
static getCacheKey() { static getCacheKey() {
return 'settings.' + this.__key__; return "settings." + this.__key__;
} }
} }
export class SysPublicSettings extends BaseSettings { export class SysPublicSettings extends BaseSettings {
static __key__ = 'sys.public'; static __key__ = "sys.public";
static __title__ = '系统公共设置'; static __title__ = "系统公共设置";
static __access__ = 'public'; static __access__ = "public";
registerEnabled = false; registerEnabled = false;
userValidTimeEnabled?: boolean = false; userValidTimeEnabled?: boolean = false;
@@ -34,19 +34,15 @@ export class SysPublicSettings extends BaseSettings {
aiChatEnabled = true; aiChatEnabled = true;
homePageEnabled = true; homePageEnabled = true;
//验证码是否开启 //验证码是否开启
captchaEnabled = false; captchaEnabled = false;
//验证码类型 //验证码类型
captchaType?: string; captchaType?: string;
captchaAddonId?: number; captchaAddonId?: number;
//流水线是否启用有效期 //流水线是否启用有效期
pipelineValidTimeEnabled?: boolean = false; pipelineValidTimeEnabled?: boolean = false;
//证书域名添加到监控 //证书域名添加到监控
certDomainAddToMonitorEnabled?: boolean = false; certDomainAddToMonitorEnabled?: boolean = false;
@@ -60,12 +56,15 @@ export class SysPublicSettings extends BaseSettings {
// 第三方OAuth配置 // 第三方OAuth配置
oauthEnabled?: boolean = false; oauthEnabled?: boolean = false;
oauthProviders: Record<string, { oauthProviders: Record<
type: string; string,
title: string; {
addonId: number; type: string;
icon?: string; title: string;
}> = {}; addonId: number;
icon?: string;
}
> = {};
notice?: string; notice?: string;
@@ -73,40 +72,37 @@ export class SysPublicSettings extends BaseSettings {
} }
export class SysPrivateSettings extends BaseSettings { export class SysPrivateSettings extends BaseSettings {
static __title__ = '系统私有设置'; static __title__ = "系统私有设置";
static __access__ = 'private'; static __access__ = "private";
static __key__ = 'sys.private'; static __key__ = "sys.private";
jwtKey?: string; jwtKey?: string;
encryptSecret?: string; encryptSecret?: string;
httpsProxy? = ''; httpsProxy? = "";
httpProxy? = ''; httpProxy? = "";
noProxy? = ''; noProxy? = "";
commonHeaders?: string = ''; commonHeaders?: string = "";
reverseProxies?: Record<string, string> = {}; reverseProxies?: Record<string, string> = {};
dnsResultOrder? = ''; dnsResultOrder? = "";
commonCnameEnabled?: boolean = true; commonCnameEnabled?: boolean = true;
httpRequestTimeout?: number = 30; httpRequestTimeout?: number = 30;
pipelineMaxRunningCount?: number; pipelineMaxRunningCount?: number;
environmentVars?: string = "";
environmentVars?: string = '';
acmeWalkFromAuthoritative?: boolean = true; acmeWalkFromAuthoritative?: boolean = true;
sms?: { sms?: {
type?: string; type?: string;
config?: any; config?: any;
} = { } = {
type: 'aliyun', type: "aliyun",
config: {}, config: {},
}; };
removeSecret() { removeSecret() {
const clone = cloneDeep(this); const clone = cloneDeep(this);
@@ -117,9 +113,9 @@ export class SysPrivateSettings extends BaseSettings {
} }
export class SysInstallInfo extends BaseSettings { export class SysInstallInfo extends BaseSettings {
static __title__ = '系统安装信息'; static __title__ = "系统安装信息";
static __key__ = 'sys.install'; static __key__ = "sys.install";
static __access__ = 'private'; static __access__ = "private";
installTime?: number; installTime?: number;
siteId?: string; siteId?: string;
bindUserId?: number; bindUserId?: number;
@@ -130,21 +126,20 @@ export class SysInstallInfo extends BaseSettings {
} }
export class SysLicenseInfo extends BaseSettings { export class SysLicenseInfo extends BaseSettings {
static __title__ = '授权许可信息'; static __title__ = "授权许可信息";
static __key__ = 'sys.license'; static __key__ = "sys.license";
static __access__ = 'private'; static __access__ = "private";
license?: string; license?: string;
} }
export type EmailTemplate = { export type EmailTemplate = {
addonId?: number; addonId?: number;
} };
export class SysEmailConf extends BaseSettings { export class SysEmailConf extends BaseSettings {
static __title__ = '邮箱配置'; static __title__ = "邮箱配置";
static __key__ = 'sys.email'; static __key__ = "sys.email";
static __access__ = 'private'; static __access__ = "private";
host: string; host: string;
port: number; port: number;
@@ -160,18 +155,18 @@ export class SysEmailConf extends BaseSettings {
sender: string; sender: string;
usePlus?: boolean; usePlus?: boolean;
templates:{ templates: {
registerCode?: EmailTemplate, registerCode?: EmailTemplate;
forgotPassword?: EmailTemplate, forgotPassword?: EmailTemplate;
pipelineResult?: EmailTemplate, pipelineResult?: EmailTemplate;
common?: EmailTemplate, common?: EmailTemplate;
} };
} }
export class SysSiteInfo extends BaseSettings { export class SysSiteInfo extends BaseSettings {
static __title__ = '站点信息'; static __title__ = "站点信息";
static __key__ = 'sys.site'; static __key__ = "sys.site";
static __access__ = 'public'; static __access__ = "public";
title?: string; title?: string;
slogan?: string; slogan?: string;
logo?: string; logo?: string;
@@ -179,9 +174,9 @@ export class SysSiteInfo extends BaseSettings {
} }
export class SysSecretBackup extends BaseSettings { export class SysSecretBackup extends BaseSettings {
static __title__ = '密钥信息备份'; static __title__ = "密钥信息备份";
static __key__ = 'sys.secret.backup'; static __key__ = "sys.secret.backup";
static __access__ = 'private'; static __access__ = "private";
siteId?: string; siteId?: string;
encryptSecret?: string; encryptSecret?: string;
} }
@@ -190,9 +185,9 @@ export class SysSecretBackup extends BaseSettings {
* *
*/ */
export class SysSecret extends BaseSettings { export class SysSecret extends BaseSettings {
static __title__ = '密钥信息'; static __title__ = "密钥信息";
static __key__ = 'sys.secret'; static __key__ = "sys.secret";
static __access__ = 'private'; static __access__ = "private";
siteId?: string; siteId?: string;
encryptSecret?: string; encryptSecret?: string;
} }
@@ -215,9 +210,9 @@ export type MenuItem = {
children?: MenuItem[]; children?: MenuItem[];
}; };
export class SysHeaderMenus extends BaseSettings { export class SysHeaderMenus extends BaseSettings {
static __title__ = '顶部菜单'; static __title__ = "顶部菜单";
static __key__ = 'sys.header.menus'; static __key__ = "sys.header.menus";
static __access__ = 'public'; static __access__ = "public";
menus: MenuItem[]; menus: MenuItem[];
} }
@@ -228,9 +223,9 @@ export type PaymentItem = {
}; };
export class SysPaymentSetting extends BaseSettings { export class SysPaymentSetting extends BaseSettings {
static __title__ = '支付设置'; static __title__ = "支付设置";
static __key__ = 'sys.payment'; static __key__ = "sys.payment";
static __access__ = 'private'; static __access__ = "private";
yizhifu?: PaymentItem = { enabled: false }; yizhifu?: PaymentItem = { enabled: false };
@@ -240,9 +235,9 @@ export class SysPaymentSetting extends BaseSettings {
} }
export class SysSuiteSetting extends BaseSettings { export class SysSuiteSetting extends BaseSettings {
static __title__ = '套餐设置'; static __title__ = "套餐设置";
static __key__ = 'sys.suite'; static __key__ = "sys.suite";
static __access__ = 'private'; static __access__ = "private";
enabled: boolean = false; enabled: boolean = false;
@@ -257,26 +252,25 @@ export class SysSuiteSetting extends BaseSettings {
} }
export class SysAutoFixSetting extends BaseSettings { export class SysAutoFixSetting extends BaseSettings {
static __title__ = '自动修复记录'; static __title__ = "自动修复记录";
static __key__ = 'sys.auto.fix'; static __key__ = "sys.auto.fix";
static __access__ = 'private'; static __access__ = "private";
fixed: Record<string, boolean> = {}; fixed: Record<string, boolean> = {};
} }
export type SiteHidden = { export type SiteHidden = {
enabled: boolean; enabled: boolean;
openPath?: string; openPath?: string;
//md5 hash 两次后保存 //md5 hash 两次后保存
openPassword?: string; openPassword?: string;
autoHiddenTimes?: number; autoHiddenTimes?: number;
hiddenOpenApi?: boolean hiddenOpenApi?: boolean;
}; };
export class SysSafeSetting extends BaseSettings { export class SysSafeSetting extends BaseSettings {
static __title__ = '站点安全设置'; static __title__ = "站点安全设置";
static __key__ = 'sys.safe'; static __key__ = "sys.safe";
static __access__ = 'private'; static __access__ = "private";
// 站点隐藏 // 站点隐藏
hidden: SiteHidden = { hidden: SiteHidden = {
@@ -35,7 +35,7 @@ export class AccessService extends BaseService<AccessEntity> {
return res; return res;
} }
async add(param) { async add(param: any): Promise<{ id: number; [key: string]: any }> {
let oldEntity = null; let oldEntity = null;
if (param._copyFrom) { if (param._copyFrom) {
oldEntity = await this.info(param._copyFrom); oldEntity = await this.info(param._copyFrom);
@@ -3,6 +3,22 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/midway-flyway-js
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+2 -2
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/midway-flyway-js", "name": "@certd/midway-flyway-js",
"version": "1.41.4", "version": "1.42.3",
"description": "midway with flyway, sql upgrade way ", "description": "midway with flyway, sql upgrade way ",
"private": false, "private": false,
"type": "module", "type": "module",
@@ -52,5 +52,5 @@
"typeorm": "^0.3.20", "typeorm": "^0.3.20",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+16
View File
@@ -3,6 +3,22 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/plugin-cert
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/plugin-cert
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/plugin-cert
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/plugin-cert
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
**Note:** Version bump only for package @certd/plugin-cert **Note:** Version bump only for package @certd/plugin-cert
+3 -3
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/plugin-cert", "name": "@certd/plugin-cert",
"private": false, "private": false,
"version": "1.41.4", "version": "1.42.3",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"types": "./dist/index.d.ts", "types": "./dist/index.d.ts",
@@ -20,7 +20,7 @@
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/plugin-lib": "^1.41.4" "@certd/plugin-lib": "^1.42.3"
}, },
"devDependencies": { "devDependencies": {
"@types/chai": "^4.3.12", "@types/chai": "^4.3.12",
@@ -38,5 +38,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
+1 -1
View File
@@ -1,5 +1,5 @@
{ {
"extension": ["ts"], "extension": ["ts"],
"spec": "test/**/*.test.ts", "spec": "test/**/*.test.ts",
"require": "ts-node/register" "node-option": ["loader=ts-node/esm", "no-warnings"]
} }
+29
View File
@@ -3,6 +3,35 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/plugin-lib
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/plugin-lib
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
* 修复jdk证书格式的问题 ([260f5ae](https://github.com/certd/certd/commit/260f5ae777b83493b0c578fe30fd00ec0c873226))
### Features
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
### Performance Improvements
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
**Note:** Version bump only for package @certd/plugin-lib **Note:** Version bump only for package @certd/plugin-lib
+9 -10
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/plugin-lib", "name": "@certd/plugin-lib",
"private": false, "private": false,
"version": "1.41.4", "version": "1.42.3",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"types": "./dist/index.d.ts", "types": "./dist/index.d.ts",
@@ -10,26 +10,23 @@
"before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache", "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
"build": "npm run before-build && tsc -p tsconfig.build.json --skipLibCheck", "build": "npm run before-build && tsc -p tsconfig.build.json --skipLibCheck",
"dev-build": "npm run build", "dev-build": "npm run build",
"build3": "rollup -c", "test:unit": "cross-env NODE_ENV=unittest mocha",
"build2": "vue-tsc --noEmit && vite build",
"preview": "vite preview",
"test:unit": "cross-env NODE_ENV=unittest mocha --no-config --node-option no-warnings --node-option loader=ts-node/esm \"src/**/*.test.ts\"",
"pub": "npm publish", "pub": "npm publish",
"compile": "tsc --skipLibCheck --watch", "compile": "tsc --skipLibCheck --watch",
"format": "prettier --write src", "format": "prettier --write src",
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/acme-client": "^1.41.4", "@certd/acme-client": "^1.42.3",
"@certd/basic": "^1.41.4", "@certd/basic": "^1.42.3",
"@certd/pipeline": "^1.41.4", "@certd/pipeline": "^1.42.3",
"dayjs": "^1.11.7", "dayjs": "^1.11.7",
"jszip": "^3.10.1",
"lodash-es": "^4.17.21", "lodash-es": "^4.17.21",
"psl": "^1.15.0", "psl": "^1.15.0",
"punycode.js": "^2.3.1" "punycode.js": "^2.3.1"
}, },
"devDependencies": { "devDependencies": {
"rimraf": "^5.0.5",
"@types/chai": "^4.3.12", "@types/chai": "^4.3.12",
"@types/mocha": "^10.0.6", "@types/mocha": "^10.0.6",
"@typescript-eslint/eslint-plugin": "^8.26.1", "@typescript-eslint/eslint-plugin": "^8.26.1",
@@ -41,10 +38,12 @@
"eslint-plugin-prettier": "^5.1.3", "eslint-plugin-prettier": "^5.1.3",
"esmock": "^2.7.5", "esmock": "^2.7.5",
"mocha": "^10.6.0", "mocha": "^10.6.0",
"node-forge": "^1.3.1",
"prettier": "3.3.3", "prettier": "3.3.3",
"rimraf": "^5.0.5",
"ts-node": "^10.9.2", "ts-node": "^10.9.2",
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a" "gitHead": "a6ef6996c3a68ce0c2a4577a0934ed74a53f0515"
} }
@@ -6,6 +6,7 @@ import cryptoLib from "crypto";
import { ILogger } from "@certd/basic"; import { ILogger } from "@certd/basic";
import dayjs from "dayjs"; import dayjs from "dayjs";
import { uniq } from "lodash-es"; import { uniq } from "lodash-es";
import JSZip from "jszip";
export interface ICertInfoGetter { export interface ICertInfoGetter {
getByPipelineId: (pipelineId: number) => Promise<CertInfo>; getByPipelineId: (pipelineId: number) => Promise<CertInfo>;
@@ -301,4 +302,70 @@ export class CertReader {
static buildCertName(cert: CertInfo, useHash: boolean = false) { static buildCertName(cert: CertInfo, useHash: boolean = false) {
return new CertReader(cert).buildCertName("", useHash); return new CertReader(cert).buildCertName("", useHash);
} }
async buildZip(): Promise<Buffer> {
const cert = this.cert;
const zip = new JSZip();
if (cert.crt) {
zip.file("证书.pem", cert.crt);
}
if (cert.key) {
zip.file("私钥.pem", cert.key);
}
if (cert.ic) {
zip.file("中间证书.pem", cert.ic);
}
if (cert.crt) {
zip.file("cert.crt", cert.crt);
}
if (cert.key) {
zip.file("cert.key", cert.key);
}
if (cert.ic) {
zip.file("intermediate.crt", cert.ic);
}
if (cert.oc) {
zip.file("origin.crt", cert.oc);
}
if (cert.one) {
zip.file("one.pem", cert.one);
}
if (cert.p7b) {
zip.file("cert.p7b", cert.p7b);
}
if (cert.pfx) {
zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
}
if (cert.der) {
zip.file("cert.der", Buffer.from(cert.der, "base64"));
}
if (cert.jks) {
zip.file("cert.jks", Buffer.from(cert.jks, "base64"));
}
zip.file(
"说明.txt",
`证书文件说明
cert.crtpem格式
cert.keypem格式
intermediate.crtpem格式
origin.crtpem格式
one.pem pem格式crt正文+key正文
cert.pfxpfx格式证书文件iis服务器使用
cert.derder格式证书文件
cert.jksjks格式证书文件java服务器使用
`
);
return zip.generateAsync({ type: "nodebuffer" });
}
buildZipFilename(prefix = "cert"): string {
let domain = this.getMainDomain();
domain = domain.replaceAll(".", "_").replaceAll("*", "_");
const timeStr = dayjs().format("YYYYMMDDHHmmss");
return `${prefix}_${domain}_${timeStr}.zip`;
}
} }
+88 -13
View File
@@ -1,4 +1,4 @@
import { ILogger, sp } from "@certd/basic"; import { ILogger, sp, http } from "@certd/basic";
import type { CertInfo } from "./cert-reader.js"; import type { CertInfo } from "./cert-reader.js";
import { CertReader, CertReaderHandleContext } from "./cert-reader.js"; import { CertReader, CertReaderHandleContext } from "./cert-reader.js";
import path from "path"; import path from "path";
@@ -52,6 +52,81 @@ export class CertConverter {
}); });
} }
async getJksGoPath(): Promise<string> {
const osType = process.platform === "win32" ? "windows" : "linux";
const jksGoDir = path.resolve("./tools/jks-go");
const JKS_GO_VERSION = process.env.JKS_GO_VERSION || "1.0.0";
const versionFile = path.join(jksGoDir, "version");
const finalPath = path.join(jksGoDir, osType === "windows" ? "jks-go.exe" : "jks-go");
let needDownload = false;
if (!fs.existsSync(finalPath)) {
needDownload = true;
} else if (!fs.existsSync(versionFile)) {
needDownload = true;
} else {
const currentVersion = fs.readFileSync(versionFile, "utf-8").trim();
if (currentVersion !== JKS_GO_VERSION) {
this.logger.info(`jks-go版本不匹配,当前版本:${currentVersion},期望版本:${JKS_GO_VERSION},准备重新下载`);
needDownload = true;
}
}
if (!needDownload) {
return finalPath;
}
if (!fs.existsSync(jksGoDir)) {
fs.mkdirSync(jksGoDir, { recursive: true });
}
const arch = process.arch;
let platformArch = "amd64";
if (arch === "arm64") {
platformArch = "arm64";
} else if (arch === "arm") {
platformArch = "arm_armv7";
}
let jksGoFileName = `jks-go_${osType}_${platformArch}`;
if (osType === "windows") {
jksGoFileName += ".exe";
}
const jksGoFilePath = path.join(jksGoDir, jksGoFileName);
this.logger.info(`jks-go文件不存在或版本不匹配,准备下载:${jksGoFileName}`);
const downloadUrl = `https://atomgit.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/${jksGoFileName}`;
// https://atomgit.com/certd/jks-go/releases/download/v1.0.2/jks-go_linux_amd64
const response = await http.request({
url: downloadUrl,
method: "GET",
responseType: "arraybuffer",
logRes: false,
logParams: false,
logData: false,
});
const buffer = Buffer.from(response);
fs.writeFileSync(jksGoFilePath, buffer);
this.logger.info("下载jks-go成功");
if (fs.existsSync(finalPath)) {
fs.unlinkSync(finalPath);
}
fs.copyFileSync(jksGoFilePath, finalPath);
if (osType === "linux") {
await sp.spawn({
cmd: `chmod +x ${finalPath}`,
});
}
fs.writeFileSync(versionFile, JKS_GO_VERSION, "utf-8");
this.logger.info(`jks-go版本已更新为:${JKS_GO_VERSION}`);
return finalPath;
}
private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string, pfxArgs: string) { private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string, pfxArgs: string) {
const { tmpCrtPath, tmpKeyPath } = opts; const { tmpCrtPath, tmpKeyPath } = opts;
@@ -118,22 +193,22 @@ export class CertConverter {
const jksPassword = pfxPassword || "123456"; const jksPassword = pfxPassword || "123456";
try { try {
const randomStr = Math.floor(Math.random() * 1000000) + ""; const randomStr = Math.floor(Math.random() * 1000000) + "";
const { tmpOnePath } = opts;
const p12Path = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.p12`); const bundlePath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_bundle.pem`);
const { tmpCrtPath, tmpKeyPath } = opts; const dir = path.dirname(bundlePath);
let passwordArg = "-passout pass:";
if (jksPassword) {
passwordArg = `-password pass:${jksPassword}`;
}
await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
const dir = path.dirname(jksPath);
if (!fs.existsSync(dir)) { if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true }); fs.mkdirSync(dir, { recursive: true });
} }
await this.exec(`keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype JKS -deststorepass "${jksPassword}" `);
fs.unlinkSync(p12Path); const crtContent = fs.readFileSync(tmpOnePath);
fs.writeFileSync(bundlePath, crtContent);
const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
const jksGoPath = await this.getJksGoPath();
await this.exec(`${jksGoPath} -importkeystore -srckeystore ${bundlePath} -srcstoretype PEM -destkeystore ${jksPath} -deststorepass "${jksPassword}"`);
fs.unlinkSync(bundlePath);
const fileBuffer = fs.readFileSync(jksPath); const fileBuffer = fs.readFileSync(jksPath);
const certBase64 = fileBuffer.toString("base64"); const certBase64 = fileBuffer.toString("base64");
@@ -0,0 +1,109 @@
/// <reference types="mocha" />
/// <reference types="node" />
import assert from "node:assert/strict";
import { CertReader } from "../src/cert/cert-reader.js";
import type { CertInfo } from "../src/cert/cert-reader.js";
// @ts-ignore
import forge from "node-forge";
/**
* Generate a minimal self-signed X.509 cert + key in PEM format for testing.
*/
function createSelfSignedCert(commonName: string): { crt: string; key: string } {
const keypair = forge.pki.rsa.generateKeyPair(2048);
const cert = forge.pki.createCertificate();
cert.publicKey = keypair.publicKey;
cert.serialNumber = "01";
cert.validFrom = new Date("2025-01-01").toISOString();
cert.validTo = new Date("2026-01-01").toISOString();
const attrs = [{ name: "commonName", value: commonName }];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.sign(keypair.privateKey, forge.md.sha256.create());
return {
crt: forge.pki.certificateToPem(cert),
key: forge.pki.privateKeyToPem(keypair.privateKey),
};
}
const testCert = createSelfSignedCert("example.com");
const testCertIc = createSelfSignedCert("intermediate.ca");
const mockCertInfo: CertInfo = {
crt: testCert.crt + "\n" + testCertIc.crt,
key: testCert.key,
oc: testCert.crt,
ic: testCertIc.crt,
one: testCert.crt + "\n" + testCert.key,
p7b: "PKCS7 test content",
pfx: Buffer.from("fake-pfx-data").toString("base64"),
der: Buffer.from("fake-der-data").toString("base64"),
jks: Buffer.from("fake-jks-data").toString("base64"),
};
describe("CertReader.buildZip", () => {
it("returns a non-empty Buffer", async () => {
const reader = new CertReader(mockCertInfo);
const buf = await reader.buildZip();
assert.ok(Buffer.isBuffer(buf));
assert.ok(buf.length > 0);
});
it("produces a valid zip containing expected files", async () => {
const reader = new CertReader(mockCertInfo);
const buf = await reader.buildZip();
const { default: JSZip } = await import("jszip");
const zip = await JSZip.loadAsync(buf);
assert.ok(zip.file("证书.pem"), "should contain 证书.pem");
assert.ok(zip.file("私钥.pem"), "should contain 私钥.pem");
assert.ok(zip.file("中间证书.pem"), "should contain 中间证书.pem");
assert.ok(zip.file("cert.crt"), "should contain cert.crt");
assert.ok(zip.file("cert.key"), "should contain cert.key");
assert.ok(zip.file("intermediate.crt"), "should contain intermediate.crt");
assert.ok(zip.file("origin.crt"), "should contain origin.crt");
assert.ok(zip.file("one.pem"), "should contain one.pem");
assert.ok(zip.file("cert.p7b"), "should contain cert.p7b");
assert.ok(zip.file("cert.pfx"), "should contain cert.pfx");
assert.ok(zip.file("cert.der"), "should contain cert.der");
assert.ok(zip.file("cert.jks"), "should contain cert.jks");
assert.ok(zip.file("说明.txt"), "should contain 说明.txt");
const pemContent = await zip.file("证书.pem").async("string");
assert.ok(pemContent.includes("-----BEGIN CERTIFICATE-----"));
const pfx = await zip.file("cert.pfx").async("nodebuffer");
assert.equal(pfx.toString(), "fake-pfx-data");
});
});
describe("CertReader.buildZipFilename", () => {
it("includes the main domain and timestamp", () => {
const reader = new CertReader(mockCertInfo);
const name = reader.buildZipFilename("cert");
assert.ok(name.startsWith("cert_example_com_"));
assert.ok(name.endsWith(".zip"));
const tsPart = name.replace("cert_example_com_", "").replace(".zip", "");
assert.match(tsPart, /^\d{14}$/);
});
it("uses the default prefix when not provided", () => {
const reader = new CertReader(mockCertInfo);
const name = reader.buildZipFilename();
assert.ok(name.startsWith("cert_example_com_"));
});
it("wildcard domain replaces asterisk", () => {
const wildcardCert = createSelfSignedCert("*.example.com");
const wcInfo: CertInfo = { crt: wildcardCert.crt, key: wildcardCert.key };
const reader = new CertReader(wcInfo);
const name = reader.buildZipFilename("cert");
assert.ok(name.startsWith("cert___example_com_"), "asterisk should be replaced, got: " + name);
assert.ok(!name.includes("*"));
});
});
+45 -15
View File
@@ -1,9 +1,15 @@
# 根据目标平台选择基础镜像:amd64/arm64 用 trixie-slimarm/v7 没有 trixie-slim 发布,回退到 alpine ARG base_type=alpine
FROM --platform=linux/amd64 node:22-trixie-slim AS base-amd64
FROM --platform=linux/arm64 node:22-trixie-slim AS base-arm64
FROM --platform=linux/arm/v7 node:22-alpine AS base-arm-v7
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT} AS builder # 根据 base_type 参数选择基础镜像系列
FROM --platform=linux/amd64 node:22-alpine AS base-amd64-alpine
FROM --platform=linux/arm64 node:22-alpine AS base-arm64-alpine
FROM --platform=linux/arm/v7 node:22-alpine AS base-arm-v7-alpine
FROM --platform=linux/amd64 node:22-trixie-slim AS base-amd64-slim
FROM --platform=linux/arm64 node:22-trixie-slim AS base-arm64-slim
FROM --platform=linux/arm/v7 node:22-alpine AS base-arm-v7-slim
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT}-${base_type} AS builder
WORKDIR /workspace/ WORKDIR /workspace/
COPY . /workspace/ COPY . /workspace/
@@ -12,36 +18,36 @@ COPY . /workspace/
RUN npm install -g pnpm@10.33.4 RUN npm install -g pnpm@10.33.4
RUN cp /workspace/certd-client/dist/* /workspace/certd-server/public/ -rf RUN cp /workspace/certd-client/dist/* /workspace/certd-server/public/ -rf
RUN cd /workspace/certd-server && pnpm install --production && npm run build-on-docker RUN cd /workspace/certd-server && pnpm install && npm run build-on-docker
RUN rm -rf /workspace/certd-server/node_modules
ARG base_type=alpine
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT} # ------------------------------------------------------------------
# 构建生产环境镜像
# ------------------------------------------------------------------
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT}-${base_type}
EXPOSE 7001 EXPOSE 7001
EXPOSE 7002 EXPOSE 7002
ARG base_type=alpine
# 根据基础镜像发行版选择包管理器 # 根据基础镜像发行版选择包管理器
# trixie-slim -> apt-get, alpine -> apk # trixie-slim -> apt-get, alpine -> apk
RUN if [ -f /etc/debian_version ]; then \ RUN if [ -f /etc/debian_version ]; then \
apt-get update \ apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
ca-certificates \ ca-certificates \
gnupg \
wget \ wget \
openssl \ openssl \
netcat-openbsd \ netcat-openbsd \
iputils-ping \ iputils-ping \
dnsutils \ dnsutils \
iproute2 \ iproute2 \
&& wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /usr/share/keyrings/adoptium.gpg > /dev/null \
&& echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main" | tee /etc/apt/sources.list.d/adoptium.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends temurin-8-jre \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/*; \ && rm -rf /var/lib/apt/lists/*; \
elif [ -f /etc/alpine-release ]; then \ elif [ -f /etc/alpine-release ]; then \
apk add --no-cache \ apk add --no-cache openssl wget ca-certificates; \
openssl \
openjdk8-jre; \
else \ else \
echo "Unsupported base image"; exit 1; \ echo "Unsupported base image"; exit 1; \
fi fi
@@ -52,6 +58,9 @@ ENV TERM=xterm
ENV LEGO_VERSION=4.30.1 ENV LEGO_VERSION=4.30.1
ENV LEGO_DOWNLOAD_DIR=/app/tools/lego ENV LEGO_DOWNLOAD_DIR=/app/tools/lego
ENV JKS_GO_VERSION=1.0.3
ENV JKS_GO_DOWNLOAD_DIR=/app/tools/jks-go
ENV ALIYUN_CLIENT_CONNECT_TIMEOUT=10000 ENV ALIYUN_CLIENT_CONNECT_TIMEOUT=10000
ENV ALIYUN_CLIENT_READ_TIMEOUT=20000 ENV ALIYUN_CLIENT_READ_TIMEOUT=20000
@@ -68,6 +77,26 @@ RUN ARCH=$(uname -m) && \
echo "Unsupported architecture: $ARCH"; \ echo "Unsupported architecture: $ARCH"; \
fi fi
RUN mkdir -p $JKS_GO_DOWNLOAD_DIR
# 根据架构下载jks-go
RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then \
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_amd64 && \
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 && \
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 /usr/local/bin/jks-go; \
elif [ "$ARCH" = "aarch64" ]; then \
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_arm64 && \
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 && \
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 /usr/local/bin/jks-go; \
elif [ "$ARCH" = "armv7l" ]; then \
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_arm_armv7 && \
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 && \
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 /usr/local/bin/jks-go; \
else \
echo "Unsupported architecture: $ARCH"; \
fi
ENV TZ=Asia/Shanghai ENV TZ=Asia/Shanghai
ENV NODE_ENV=production ENV NODE_ENV=production
ENV MIDWAY_SERVER_ENV=production ENV MIDWAY_SERVER_ENV=production
@@ -76,5 +105,6 @@ RUN npm install -g pnpm@10.33.4
COPY --from=builder /workspace/certd-server/ /app/ COPY --from=builder /workspace/certd-server/ /app/
RUN pnpm install --production
COPY ./patch/ssh2/*.js /app/node_modules/.pnpm/node_modules/ssh2/lib/protocol/ COPY ./patch/ssh2/*.js /app/node_modules/.pnpm/node_modules/ssh2/lib/protocol/
CMD ["node", "--optimize-for-size", "./bootstrap.js"] CMD ["node", "--optimize-for-size", "./bootstrap.js"]
+29
View File
@@ -3,6 +3,35 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
**Note:** Version bump only for package @certd/ui-client
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
### Performance Improvements
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Performance Improvements
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
* **plugin:** 在线插件编辑支持配置第三方依赖和插件依赖 ([635f069](https://github.com/certd/certd/commit/635f069012d4193cfb7cb051c96e28eec1247ca2))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
+3 -3
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/ui-client", "name": "@certd/ui-client",
"version": "1.41.4", "version": "1.42.3",
"private": true, "private": true,
"scripts": { "scripts": {
"dev": "vite --open", "dev": "vite --open",
@@ -105,8 +105,8 @@
"zod-defaults": "^0.1.3" "zod-defaults": "^0.1.3"
}, },
"devDependencies": { "devDependencies": {
"@certd/lib-iframe": "^1.41.4", "@certd/lib-iframe": "^1.42.3",
"@certd/pipeline": "^1.41.4", "@certd/pipeline": "^1.42.3",
"@rollup/plugin-commonjs": "^25.0.7", "@rollup/plugin-commonjs": "^25.0.7",
"@rollup/plugin-node-resolve": "^15.2.3", "@rollup/plugin-node-resolve": "^15.2.3",
"@types/chai": "^4.3.12", "@types/chai": "^4.3.12",
@@ -18,6 +18,7 @@ export default {
openKey: "Open API Key", openKey: "Open API Key",
notification: "Notification Settings", notification: "Notification Settings",
siteMonitorSetting: "Site Monitor Settings", siteMonitorSetting: "Site Monitor Settings",
auditLog: "Audit Log",
userSecurity: "Security Settings", userSecurity: "Security Settings",
userProfile: "Account Info", userProfile: "Account Info",
userGrant: "Grant Delegation", userGrant: "Grant Delegation",
@@ -67,6 +68,7 @@ export default {
projectJoin: "Join Project", projectJoin: "Join Project",
currentProject: "Current Project", currentProject: "Current Project",
projectMemberManager: "Project Member", projectMemberManager: "Project Member",
auditLog: "Audit Log",
domainMonitorSetting: "Domain Monitor Settings", domainMonitorSetting: "Domain Monitor Settings",
}, },
}; };
@@ -26,9 +26,10 @@ export default {
store: "Store", store: "Store",
version: "Version", version: "Version",
pluginDependencies: "Plugin Dependencies", pluginDependencies: "Plugin Dependencies",
pluginDependenciesHelper: "Format: [author/]pluginName[:version]. Required plugins must be installed first", pluginDependenciesHelper:
"Format: pluginType:pluginName, use * for version\nSupported: plugin:name, access:name, notification:name, dnsProvider:name, addon:subtype:name\nExample: access:AliyunAccess, plugin:DeployToAliyunCDN",
thirdPartyDependencies: "Third-party Dependencies", thirdPartyDependencies: "Third-party Dependencies",
thirdPartyDependenciesHelper: "Format: npmPackageName: version. Auto-installed at runtime", thirdPartyDependenciesHelper: "Format: npmPackageName: version. Auto-installed at runtime\nExample: aliyun-sdk: ^1.0.0",
editableRunStrategy: "Editable Run Strategy", editableRunStrategy: "Editable Run Strategy",
editable: "Editable", editable: "Editable",
notEditable: "Not Editable", notEditable: "Not Editable",
@@ -70,7 +70,7 @@ export default {
confirmToggleStatus: "确定要{action}吗?", confirmToggleStatus: "确定要{action}吗?",
batchDelete: "批量删除", batchDelete: "批量删除",
sourcee: "来源", sourcee: "来源",
clickToToggle: "点击切换启用/禁用", clickToToggle: "点击启用/禁用",
nickName: "昵称", nickName: "昵称",
avatar: "头像", avatar: "头像",
expires: "过期", expires: "过期",
@@ -18,6 +18,7 @@ export default {
openKey: "开放接口密钥", openKey: "开放接口密钥",
notification: "通知设置", notification: "通知设置",
siteMonitorSetting: "站点监控设置", siteMonitorSetting: "站点监控设置",
auditLog: "操作日志",
userSecurity: "认证安全设置", userSecurity: "认证安全设置",
userProfile: "账号信息", userProfile: "账号信息",
userGrant: "授权委托", userGrant: "授权委托",
@@ -67,6 +68,7 @@ export default {
projectJoin: "加入项目", projectJoin: "加入项目",
currentProject: "当前项目", currentProject: "当前项目",
projectMemberManager: "项目成员管理", projectMemberManager: "项目成员管理",
auditLog: "审计日志",
domainMonitorSetting: "域名监控设置", domainMonitorSetting: "域名监控设置",
jobHistory: "监控执行记录", jobHistory: "监控执行记录",
}, },
@@ -26,9 +26,9 @@ export default {
store: "市场", store: "市场",
version: "版本", version: "版本",
pluginDependencies: "插件依赖", pluginDependencies: "插件依赖",
pluginDependenciesHelper: "格式: [作者/]插件名[:版本],需先安装依赖插件", pluginDependenciesHelper: "格式: 插件类型:插件名,版本号填 *\n支持: plugin:name、access:name、notification:name、dnsProvider:name、addon:subtype:name\n示例: access:AliyunAccess, plugin:DeployToAliyunCDN",
thirdPartyDependencies: "第三方依赖", thirdPartyDependencies: "第三方依赖",
thirdPartyDependenciesHelper: "格式: npm包名: 版本号,运行时自动安装", thirdPartyDependenciesHelper: "格式: npm包名: 版本号,运行时自动安装\n示例: aliyun-sdk: ^1.0.0",
editableRunStrategy: "可编辑运行策略", editableRunStrategy: "可编辑运行策略",
editable: "可编辑", editable: "可编辑",
notEditable: "不可编辑", notEditable: "不可编辑",
@@ -287,6 +287,22 @@ export const certdResources = [
isMenu: true, isMenu: true,
}, },
}, },
{
title: "certd.auditLog",
name: "AuditLog",
path: "/certd/audit",
component: "/certd/audit/index.vue",
meta: {
icon: "ion:document-text-outline",
auth: true,
keepAlive: true,
isMenu: true,
show: () => {
const settingStore = useSettingStore();
return settingStore.isPlus;
},
},
},
{ {
title: "certd.userSecurity", title: "certd.userSecurity",
name: "UserSecurity", name: "UserSecurity",
@@ -410,6 +410,22 @@ export const sysResources = [
}, },
], ],
}, },
{
title: "certd.sysResources.auditLog",
name: "SysAuditLog",
path: "/sys/audit",
component: "/sys/audit/index.vue",
meta: {
icon: "ion:document-text-outline",
keepAlive: true,
auth: true,
isMenu: true,
show: () => {
const settingStore = useSettingStore();
return settingStore.isPlus;
},
},
},
{ {
title: "certd.sysResources.netTest", title: "certd.sysResources.netTest",
name: "NetTest", name: "NetTest",
@@ -31,6 +31,13 @@ export function useFormDialog() {
crudOptions: { crudOptions: {
columns: req.columns, columns: req.columns,
form: { form: {
labelCol: {
// @ts-ignore
span: null,
style: {
width: "100px",
},
},
initialForm: req.initialForm, initialForm: req.initialForm,
wrapper: warpper, wrapper: warpper,
async afterSubmit() {}, async afterSubmit() {},
@@ -44,7 +51,7 @@ export function useFormDialog() {
}; };
} }
const { crudOptions } = createCrudOptions(); const { crudOptions } = createCrudOptions();
await openCrudFormDialog({ crudOptions }); return await openCrudFormDialog({ crudOptions });
} }
return { return {
openFormDialog, openFormDialog,
@@ -73,6 +73,14 @@ async function handleSubmit() {
} }
} }
function handleKeydownEnter(e: KeyboardEvent) {
if (e.isComposing) {
return;
}
e.preventDefault();
handleSubmit();
}
function handleGo(path: string) { function handleGo(path: string) {
router.push(path); router.push(path);
} }
@@ -89,7 +97,7 @@ defineExpose({
</script> </script>
<template> <template>
<div @keydown.enter.prevent="handleSubmit"> <div @keydown.enter="handleKeydownEnter">
<slot name="title"> <slot name="title">
<Title> <Title>
<slot name="title"> <slot name="title">
@@ -16,8 +16,8 @@
</div> </div>
</template> </template>
<script> <script lang="ts">
import { defineComponent, reactive, ref, watch, inject } from "vue"; import { defineComponent, reactive, ref, watch, inject, onMounted } from "vue";
import CertAccessModal from "./access/index.vue"; import CertAccessModal from "./access/index.vue";
import { createAccessApi } from "../api"; import { createAccessApi } from "../api";
import { message } from "ant-design-vue"; import { message } from "ant-design-vue";
@@ -55,6 +55,10 @@ export default defineComponent({
type: Boolean, type: Boolean,
default: false, default: false,
}, },
defaultSelect: {
type: Boolean,
default: false,
},
}, },
emits: ["update:modelValue", "change", "selectedChange"], emits: ["update:modelValue", "change", "selectedChange"],
setup(props, ctx) { setup(props, ctx) {
@@ -158,12 +162,43 @@ export default defineComponent({
}, },
}); });
async function selectFirst(clearCurrent = false) {
if (!clearCurrent && props.modelValue) {
return;
}
const searchForm = projectStore.getSearchForm();
const query: any = {
query: {
type: props.type,
...searchForm,
},
page: { page: 1, pageSize: 1 },
sort: { prop: "id", order: "ascending" },
};
if (props.subtype) {
query.query.subtype = props.subtype;
}
const res = await api.GetList(query);
const records = res?.records || [];
if (records.length > 0) {
await emitValue(records[0].id);
}
}
onMounted(async () => {
if (!props.defaultSelect) {
return;
}
await selectFirst();
});
return { return {
clear, clear,
target, target,
selectedId, selectedId,
providerDefine, providerDefine,
chooseForm, chooseForm,
selectFirst,
}; };
}, },
}); });
@@ -0,0 +1,28 @@
import { request } from "/src/api/service";
const apiPrefix = "/pi/audit";
export function createAuditApi() {
return {
async GetList(query: any) {
return await request({
url: apiPrefix + "/page",
method: "post",
data: query,
});
},
async DelObj(id: number) {
return await request({
url: apiPrefix + "/delete",
method: "post",
params: { id },
});
},
async GetDict() {
return await request({
url: apiPrefix + "/dict",
method: "post",
});
},
};
}
@@ -0,0 +1,113 @@
import { CreateCrudOptionsProps, CreateCrudOptionsRet, DelReq, UserPageQuery, UserPageRes, dict } from "@fast-crud/fast-crud";
import { useI18n } from "/src/locales";
import { useDicts } from "../dicts";
const typeDict = dict({
url: "/pi/audit/dict",
getData: async () => {
const { createAuditApi } = await import("./api");
const api = createAuditApi();
const res = await api.GetDict();
return res.types || [];
},
});
const actionDict = dict({
url: "/pi/audit/dict",
getData: async () => {
const { createAuditApi } = await import("./api");
const api = createAuditApi();
const res = await api.GetDict();
return res.actions || [];
},
});
export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
const { t } = useI18n();
const { myProjectDict } = useDicts();
const api = context.api;
const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
return await api.GetList(query);
};
const delRequest = async (req: DelReq) => {
return await api.DelObj(req.row.id);
};
return {
crudOptions: {
request: { pageRequest, delRequest },
actionbar: {
buttons: {
add: { show: false },
},
},
rowHandle: {
width: 120,
fixed: "right",
buttons: {
view: { show: false },
edit: { show: false },
remove: { show: true },
copy: { show: false },
},
},
columns: {
id: {
title: "ID",
type: "number",
column: { width: 80 },
form: { show: false },
},
createTime: {
title: "操作时间",
type: "datetime",
search: {
show: true,
component: {
name: "a-range-picker",
},
},
column: { width: 170, sorter: true },
form: { show: false },
},
type: {
title: "操作类型",
type: "dict-select",
dict: typeDict,
search: { show: true },
column: { width: 120 },
form: { show: false },
},
action: {
title: "操作动作",
type: "text",
search: { show: true },
column: { width: 200, tooltip: true },
form: { show: false },
},
content: {
title: "备注",
type: "text",
search: { show: true },
column: { width: 700, tooltip: true },
form: { show: false },
},
ipAddress: {
title: "IP地址",
type: "text",
column: { width: 140 },
form: { show: false },
},
projectId: {
title: t("certd.fields.projectName"),
type: "dict-select",
dict: myProjectDict,
form: {
show: false,
},
},
},
},
};
}
@@ -0,0 +1,24 @@
<template>
<fs-page>
<template #header>
<div class="title">
操作日志
<span class="sub">查看您的操作记录</span>
</div>
</template>
<fs-crud ref="crudRef" v-bind="crudBinding" />
</fs-page>
</template>
<script lang="ts" setup>
import { useFs } from "@fast-crud/fast-crud";
import createCrudOptions from "./crud";
import { createAuditApi } from "./api";
import { useMounted } from "/@/use/use-mounted";
defineOptions({ name: "AuditLog" });
const api = createAuditApi();
const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { api } });
useMounted(() => crudExpose.doRefresh());
</script>
@@ -18,6 +18,10 @@ defineProps<{
showButton: boolean; showButton: boolean;
}>(); }>();
const emit = defineEmits<{
(e: "close"): void;
}>();
let passwordFormRef = ref(); let passwordFormRef = ref();
type OpenOptions = { type OpenOptions = {
@@ -68,8 +72,8 @@ const passwordFormOptions: CrudOptions = {
}, },
async afterSubmit() { async afterSubmit() {
const formData = passwordFormRef.value?.getFormData?.(); const formData = passwordFormRef.value?.getFormData?.();
const message = formData?.init ? t("authentication.initPasswordSuccessMessage") : t("authentication.successMessage"); const msg = formData?.init ? t("authentication.initPasswordSuccessMessage") : t("authentication.successMessage");
notification.success({ message }); notification.success({ message: msg });
}, },
}, },
columns: { columns: {
@@ -84,6 +88,7 @@ const passwordFormOptions: CrudOptions = {
title: t("authentication.oldPassword"), title: t("authentication.oldPassword"),
type: "password", type: "password",
form: { form: {
//@ts-ignore
show: compute(({ form }) => form.init !== true), show: compute(({ form }) => form.init !== true),
rules: [{ required: true, message: t("authentication.oldPasswordRequired") }], rules: [{ required: true, message: t("authentication.oldPasswordRequired") }],
}, },
@@ -118,16 +123,18 @@ const passwordFormOptions: CrudOptions = {
async function open(opts: OpenOptions = {}) { async function open(opts: OpenOptions = {}) {
const formOptions = buildFormOptions(passwordFormOptions); const formOptions = buildFormOptions(passwordFormOptions);
formOptions.newInstance = true; // formOptions.newInstance = true;
if (opts.init) { if (opts.init) {
formOptions.wrapper.title = t("authentication.initPasswordTitle"); formOptions.wrapper.title = t("authentication.initPasswordTitle");
} }
formOptions.wrapper.onClosed = () => {
emit("close");
};
passwordFormRef.value = await openDialog(formOptions); passwordFormRef.value = await openDialog(formOptions);
passwordFormRef.value.setFormData({ passwordFormRef.value.setFormData({
init: opts.init === true, init: opts.init === true,
password: opts.password || "", password: opts.password || "",
}); });
console.log(passwordFormRef.value);
} }
const scope = ref({ const scope = ref({
@@ -107,6 +107,10 @@
<div class="passkey-info"> <div class="passkey-info">
<div class="passkey-name">{{ passkey.deviceName }}</div> <div class="passkey-name">{{ passkey.deviceName }}</div>
<div class="passkey-meta flex items-center"> <div class="passkey-meta flex items-center">
<span class="meta-item flex items-center">
<fs-icon icon="ion:globe-outline" class="meta-icon" />
{{ passkey.rpId || "-" }}
</span>
<span class="meta-item flex items-center"> <span class="meta-item flex items-center">
<fs-icon icon="ion:calendar-outline" class="meta-icon" /> <fs-icon icon="ion:calendar-outline" class="meta-icon" />
{{ formatDate(passkey.registeredAt) }} {{ formatDate(passkey.registeredAt) }}
@@ -454,6 +458,8 @@ onMounted(async () => {
} }
.card-header { .card-header {
background: linear-gradient(145deg, #1e1e1e, #252525);
.header-bg-gradient { .header-bg-gradient {
background: rgba(255, 255, 255, 0.04); background: rgba(255, 255, 255, 0.04);
opacity: 1; opacity: 1;
@@ -472,6 +478,7 @@ onMounted(async () => {
.detail-tag { .detail-tag {
background: #3b3b3b; background: #3b3b3b;
border-color: rgba(255, 255, 255, 0.12);
color: #e5e5e5; color: #e5e5e5;
.tag-icon { .tag-icon {
@@ -480,6 +487,23 @@ onMounted(async () => {
} }
} }
.card-title {
border-bottom-color: rgba(255, 255, 255, 0.1);
}
.binding-icon {
background: linear-gradient(135deg, rgba(102, 126, 234, 0.22) 0%, rgba(160, 120, 234, 0.22) 100%);
}
.passkey-icon {
background: linear-gradient(135deg, rgba(17, 153, 142, 0.22) 0%, rgba(56, 239, 125, 0.22) 100%);
}
.binding-icon .icon,
.passkey-icon .icon {
color: rgba(255, 255, 255, 0.7);
}
.bindings-list { .bindings-list {
.binding-item { .binding-item {
background: #2d2d2d; background: #2d2d2d;
@@ -138,10 +138,6 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
type: "link", type: "link",
icon: "ant-design:download-outlined", icon: "ant-design:download-outlined",
async click({ row }) { async click({ row }) {
if (!row.certFile) {
notification.error({ message: t("certd.certificateNotGenerated") });
return;
}
let url = "/api/monitor/cert/download?id=" + row.id; let url = "/api/monitor/cert/download?id=" + row.id;
if (projectStore.isEnterprise) { if (projectStore.isEnterprise) {
url += `&projectId=${projectStore.currentProject?.id}`; url += `&projectId=${projectStore.currentProject?.id}`;
@@ -207,7 +207,7 @@ export function useCertUpload() {
const { id } = await api.Save({ const { id } = await api.Save({
title: pipeline.title, title: pipeline.title,
content: JSON.stringify(pipeline), content: JSON.stringify(pipeline),
keepHistoryCount: 30, keepHistoryCount: 100,
type: "cert_upload", type: "cert_upload",
groupId: form.groupId, groupId: form.groupId,
}); });
@@ -605,7 +605,7 @@ export function useCertPipelineCreator({ formWrapperRef }: { formWrapperRef: Ref
const { id } = await api.Save({ const { id } = await api.Save({
title: pipeline.title, title: pipeline.title,
content: JSON.stringify(pipeline), content: JSON.stringify(pipeline),
keepHistoryCount: 30, keepHistoryCount: 100,
type: "cert", type: "cert",
groupId, groupId,
addToMonitorEnabled: form.addToMonitorEnabled, addToMonitorEnabled: form.addToMonitorEnabled,
@@ -160,7 +160,7 @@ export async function createPipelineByTemplate(opts: { templateId: number; title
return await templateApi.CreatePipelineByTemplate({ return await templateApi.CreatePipelineByTemplate({
title, title,
content: JSON.stringify(pipeline), content: JSON.stringify(pipeline),
keepHistoryCount: keepHistoryCount ?? 30, keepHistoryCount: keepHistoryCount ?? 100,
groupId, groupId,
templateId, templateId,
}); });
@@ -1,10 +1,10 @@
import * as api from "/@/views/certd/pipeline/api";
import { notification } from "ant-design-vue"; import { notification } from "ant-design-vue";
import CertView from "/@/views/certd/pipeline/cert-view.vue"; import CertView from "/@/views/certd/pipeline/cert-view.vue";
import { env } from "/@/utils/util.env"; import { env } from "/@/utils/util.env";
import { useModal } from "/@/use/use-modal"; import { useModal } from "/@/use/use-modal";
import { useProjectStore } from "/@/store/project"; import { useProjectStore } from "/@/store/project";
import { useUserStore } from "/@/store/user"; import { useUserStore } from "/@/store/user";
import * as api from "/@/views/certd/pipeline/api";
export function useCertViewer() { export function useCertViewer() {
const projectStore = useProjectStore(); const projectStore = useProjectStore();
@@ -29,42 +29,12 @@ export function useCertViewer() {
}; };
const downloadCert = async (id: any) => { const downloadCert = async (id: any) => {
const files = await api.GetFiles(id); let downloadUrl = `${env.API}/pi/cert/downloadZip?id=${id}`;
model.success({ if (projectStore.isEnterprise) {
title: "点击链接下载", downloadUrl += `&projectId=${projectStore.currentProject?.id}`;
maskClosable: true, }
okText: "关闭", downloadUrl += `&token=${userStore.getToken}`;
content: () => { window.open(downloadUrl);
const children = [];
for (const file of files) {
let downloadUrl = `${env.API}/pi/history/download?pipelineId=${id}&fileId=${file.id}`;
if (projectStore.isEnterprise) {
downloadUrl += `&projectId=${projectStore.currentProject?.id}`;
}
downloadUrl += `&token=${userStore.getToken}`;
children.push(
<div>
<div class={"flex-o m-5"}>
<fs-icon icon={"ant-design:cloud-download-outlined"} class={"mr-5 fs-16"}></fs-icon>
<a href={downloadUrl} target={"_blank"}>
{file.filename}
</a>
</div>
</div>
);
}
if (children.length === 0) {
return <div></div>;
}
return (
<div class={"mt-3"}>
<div> {children}</div>
</div>
);
},
});
}; };
return { return {
viewCert, viewCert,
@@ -2,22 +2,116 @@
<fs-page class="home—index bg-neutral-100 dark:bg-black"> <fs-page class="home—index bg-neutral-100 dark:bg-black">
<!-- <page-content />--> <!-- <page-content />-->
<dashboard-user /> <dashboard-user />
<change-password-button ref="changePasswordButtonRef" :show-button="false"></change-password-button> <change-password-button ref="changePasswordButtonRef" :show-button="false" @close="checkAndSetupAccount"></change-password-button>
</fs-page> </fs-page>
</template> </template>
<script lang="ts" setup> <script lang="tsx" setup>
import DashboardUser from "./dashboard/index.vue"; import DashboardUser from "./dashboard/index.vue";
import { useUserStore } from "/@/store/user"; import { useUserStore } from "/@/store/user";
import ChangePasswordButton from "/@/views/certd/mine/change-password-button.vue"; import ChangePasswordButton from "/@/views/certd/mine/change-password-button.vue";
import { onMounted, ref } from "vue"; import { onMounted, ref } from "vue";
import { Modal } from "ant-design-vue"; import { Modal, notification } from "ant-design-vue";
import { useI18n } from "/src/locales"; import { useI18n } from "/src/locales";
import { request } from "/@/api/service";
import { useFormDialog } from "/@/use/use-dialog";
import { useSettingStore } from "/@/store/settings/index.jsx";
const { t } = useI18n(); const { t } = useI18n();
const { openFormDialog } = useFormDialog();
const userStore = useUserStore(); const userStore = useUserStore();
const settingStore = useSettingStore();
const changePasswordButtonRef = ref(); const changePasswordButtonRef = ref();
const emailFormWrapperRef = ref<any>();
const validateEmailConfirm = async (_rule: any, value: string) => {
if (!value) {
return;
}
const formData = emailFormWrapperRef.value?.getFormData?.();
if (formData && value !== formData.email) {
throw new Error("两次输入的邮箱地址不一致");
}
};
async function checkAndSetupAccount() {
if (settingStore.isEnterprise) {
return;
}
try {
const userInfo = userStore.getUserInfo as any;
if (!userInfo.needInitAccount) {
return;
}
if (userInfo.email) {
await request({
url: "/mine/accountInit",
method: "post",
});
return;
}
emailFormWrapperRef.value = await openFormDialog({
title: "绑定邮箱",
wrapper: {
width: 560,
},
initialForm: { email: "", emailConfirm: "" },
async onSubmit(form: any) {
await request({
url: "/mine/accountInit",
method: "post",
data: { email: form.email },
});
notification.success({
message: "邮箱绑定成功",
});
},
body: () => {
return <a-alert class="mb-4" message="为保证用户体验,请先绑定邮箱,初始化您的账号" type="success" show-icon></a-alert>;
},
columns: {
email: {
title: "邮箱",
type: "text",
form: {
col: { span: 24 },
component: {
placeholder: "请输入邮箱地址",
},
helper: "请输入您的邮箱",
rules: [
{ required: true, message: "请输入邮箱地址" },
{ type: "email", message: "请输入有效的邮箱地址" },
],
},
},
emailConfirm: {
title: "确认邮箱",
type: "text",
form: {
col: { span: 24 },
component: {
placeholder: "请再次输入邮箱地址",
},
helper: "请再次输入邮箱,以确认邮箱地址无误",
rules: [
{ required: true, message: "请再次输入邮箱地址" },
{ type: "email", message: "请输入有效的邮箱地址" },
{ validator: validateEmailConfirm, trigger: "blur" },
],
},
},
},
});
} catch (e) {
console.error("AcmeAccount setup failed:", e);
}
}
onMounted(() => { onMounted(() => {
if (userStore.getUserInfo.isWeak === true) { if (userStore.getUserInfo.isWeak === true) {
Modal.info({ Modal.info({
@@ -30,6 +124,9 @@ onMounted(() => {
}, },
okText: t("authentication.changeNow"), okText: t("authentication.changeNow"),
}); });
} else {
//
checkAndSetupAccount();
} }
}); });
</script> </script>
@@ -0,0 +1,35 @@
import { request } from "/src/api/service";
const apiPrefix = "/sys/audit";
export function createSysAuditApi() {
return {
async GetList(query: any) {
return await request({
url: apiPrefix + "/page",
method: "post",
data: query,
});
},
async DelObj(id: number) {
return await request({
url: apiPrefix + "/delete",
method: "post",
params: { id },
});
},
async Clean(retentionDays: number) {
return await request({
url: apiPrefix + "/clean",
method: "post",
data: { retentionDays },
});
},
async GetDict() {
return await request({
url: apiPrefix + "/dict",
method: "post",
});
},
};
}
@@ -0,0 +1,167 @@
import { CreateCrudOptionsProps, CreateCrudOptionsRet, DelReq, UserPageQuery, UserPageRes, dict } from "@fast-crud/fast-crud";
import { Modal } from "ant-design-vue";
import { useI18n } from "/src/locales";
import { useDicts } from "/@/views/certd/dicts";
const typeDict = dict({
url: "/sys/audit/dict",
getData: async () => {
const { createSysAuditApi } = await import("./api");
const api = createSysAuditApi();
const res = await api.GetDict();
return res.types || [];
},
});
const actionDict = dict({
url: "/sys/audit/dict",
getData: async () => {
const { createSysAuditApi } = await import("./api");
const api = createSysAuditApi();
const res = await api.GetDict();
return res.actions || [];
},
});
export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
const { t } = useI18n();
const { myProjectDict } = useDicts();
const api = context.api;
const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
return await api.GetList(query);
};
const delRequest = async (req: DelReq) => {
return await api.DelObj(req.row.id);
};
const cleanExpired = async () => {
Modal.confirm({
title: "确认清理",
content: "确定要清理90天前的审计日志吗?此操作不可撤销。",
okText: "确认清理",
okType: "danger",
cancelText: "取消",
async onOk() {
await api.Clean(90);
crudExpose.doRefresh();
},
});
};
return {
crudOptions: {
request: { pageRequest, delRequest },
tabs: {
name: "scope",
show: true,
dict: {
data: [
{ value: "system", label: "系统级", color: "red" },
{ value: "user", label: "用户级", color: "blue" },
],
},
},
actionbar: {
buttons: {
add: { show: false },
clean: {
text: "清理过期日志(90天)",
type: "primary",
danger: true,
click: cleanExpired,
},
},
},
rowHandle: {
width: 120,
fixed: "right",
buttons: {
view: { show: false },
edit: { show: false },
remove: { show: true },
copy: { show: false },
},
},
search: {
initialForm: { scope: "system" },
},
columns: {
id: {
title: "ID",
type: "number",
column: { width: 80 },
form: { show: false },
},
createTime: {
title: "操作时间",
type: "datetime",
search: {
show: true,
component: {
name: "a-range-picker",
},
},
column: { width: 170, sorter: true },
form: { show: false },
},
username: {
title: "操作人",
type: "text",
search: { show: true },
column: { width: 120 },
form: { show: false },
},
type: {
title: "类型",
type: "dict-select",
dict: typeDict,
search: { show: true },
column: { width: 120 },
form: { show: false },
},
action: {
title: "操作",
type: "text",
search: { show: true },
column: { width: 200, tooltip: true },
form: { show: false },
},
content: {
title: "备注",
type: "text",
search: { show: true },
column: { width: 500, tooltip: true },
form: { show: false },
},
ipAddress: {
title: "IP地址",
type: "text",
column: { width: 140 },
form: { show: false },
},
projectId: {
title: t("certd.fields.projectName"),
type: "dict-select",
dict: myProjectDict,
form: {
show: false,
},
},
scope: {
title: "范围",
type: "dict-select",
dict: dict({
data: [
{ value: "system", label: "系统级", color: "blue" },
{ value: "user", label: "用户级", color: "green" },
],
}),
search: { show: true },
column: { width: 100 },
form: { show: false },
},
},
},
};
}
@@ -0,0 +1,24 @@
<template>
<fs-page>
<template #header>
<div class="title">
操作日志
<span class="sub">查看所有用户的操作记录</span>
</div>
</template>
<fs-crud ref="crudRef" v-bind="crudBinding" />
</fs-page>
</template>
<script lang="ts" setup>
import { useFs } from "@fast-crud/fast-crud";
import createCrudOptions from "./crud";
import { createSysAuditApi } from "./api";
import { useMounted } from "/@/use/use-mounted";
defineOptions({ name: "SysAuditLog" });
const api = createSysAuditApi();
const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { api } });
useMounted(() => crudExpose.doRefresh());
</script>
@@ -450,7 +450,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
}, },
}, },
disabled: { disabled: {
title: t("certd.enableDisable"), title: t("certd.clickToToggle"),
type: "dict-switch", type: "dict-switch",
dict: dict({ dict: dict({
data: [ data: [
+1
View File
@@ -1,2 +1,3 @@
LEGO_VERSION=4.30.1 LEGO_VERSION=4.30.1
JKS_GO_VERSION=1.0.3
certd_plugin_loadmode=dev certd_plugin_loadmode=dev
+3 -1
View File
@@ -19,6 +19,8 @@
"@typescript-eslint/no-explicit-any": "off", "@typescript-eslint/no-explicit-any": "off",
"@typescript-eslint/no-empty-function": "off", "@typescript-eslint/no-empty-function": "off",
"@typescript-eslint/no-unused-vars": "off", "@typescript-eslint/no-unused-vars": "off",
"@typescript-eslint/no-this-alias": "off" "@typescript-eslint/no-this-alias": "off",
// 允许any
"@typescript-eslint/no-unsafe-anyassignment": "off"
} }
} }
+1
View File
@@ -20,6 +20,7 @@ run/
.env.pgpl.yaml .env.pgpl.yaml
tools/lego/* tools/lego/*
tools/jks-go
!tools/lego/readme.md !tools/lego/readme.md
test.mjs test.mjs
isolate-*.log isolate-*.log
+51
View File
@@ -3,6 +3,57 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
### Bug Fixes
* **volcengine-alb:** 修复火山引擎ALB 默认证书部署类型会部署到扩展证书的问题 ([0a068a2](https://github.com/certd/certd/commit/0a068a274673e9768954e9f7367c267d44f3b530))
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
* 修复telegram - 符号转义问题 ([d5882f1](https://github.com/certd/certd/commit/d5882f16bedb09baf09ace92049b02872620f5dc))
* **aliyun:** 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug ([1ae185d](https://github.com/certd/certd/commit/1ae185d0bc356f4678bc38ca0582ce3396f82ebe))
### Features
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
### Performance Improvements
* 阿里云ESA证书部署支持SaaS模式 ([82276b5](https://github.com/certd/certd/commit/82276b53a8474a18a3d0237050907c994fc748f0))
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
* 火山引擎点播插件支持部署到自定义源站域名 ([095791c](https://github.com/certd/certd/commit/095791cdc2b7c1f4b913b634643afec5e30fe9b0))
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
* 优化阿里云API网关增加翻页查询 ([ed58ae3](https://github.com/certd/certd/commit/ed58ae3c5339e4a0238a92acfe7ea6d2f566ea28))
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
* 优化ACME账号字段的选择提示 ([bfd3cac](https://github.com/certd/certd/commit/bfd3cacc687fc5cbc3cb2ca3cadbc140de300dc2))
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
* **cert-plugin:** 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 ([56e5524](https://github.com/certd/certd/commit/56e5524a0f4af3645d70bc3b3ec750b45ba8de10))
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14) ## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes ### Bug Fixes
@@ -0,0 +1,6 @@
ALTER TABLE `sys_passkey` ADD COLUMN `rp_id` varchar(256) NULL;
DROP INDEX `index_passkey_passkey_id` ON `sys_passkey`;
ALTER TABLE `sys_passkey` ADD UNIQUE INDEX `index_passkey_passkey_id` (`passkey_id`);
@@ -0,0 +1,2 @@
ALTER TABLE `cd_audit_log` ADD COLUMN `scope` varchar(32) NOT NULL DEFAULT 'user';
CREATE INDEX `index_audit_log_scope` ON `cd_audit_log` (`scope`);
@@ -0,0 +1,6 @@
ALTER TABLE "sys_passkey" ADD COLUMN "rp_id" varchar(256) NULL;
DROP INDEX "index_passkey_passkey_id";
CREATE UNIQUE INDEX "index_passkey_passkey_id" ON "sys_passkey" ("passkey_id");
@@ -0,0 +1,2 @@
ALTER TABLE "cd_audit_log" ADD COLUMN "scope" varchar(32) NOT NULL DEFAULT ('user');
CREATE INDEX "index_audit_log_scope" ON "cd_audit_log" ("scope");
@@ -0,0 +1,6 @@
ALTER TABLE "sys_passkey" ADD COLUMN "rp_id" varchar(256) NULL;
DROP INDEX "index_passkey_passkey_id";
CREATE UNIQUE INDEX "index_passkey_passkey_id" ON "sys_passkey" ("passkey_id");
@@ -0,0 +1,2 @@
ALTER TABLE "cd_audit_log" ADD COLUMN "scope" varchar(32) NOT NULL DEFAULT ('user');
CREATE INDEX "index_audit_log_scope" ON "cd_audit_log" ("scope");
@@ -74,7 +74,7 @@ input:
credentials链接,然后点击编辑按钮,查看Secret key和HMAC key credentials链接,然后点击编辑按钮,查看Secret key和HMAC key
litessl:[litesslEAB页面](https://freessl.cn/automation/eab-manager),然后点击新增EAB litessl:[litesslEAB页面](https://freessl.cn/automation/eab-manager),然后点击新增EAB
required: false required: true
encrypt: true encrypt: true
mergeScript: |2- mergeScript: |2-
@@ -92,7 +92,7 @@ input:
title: EAB HMAC Key title: EAB HMAC Key
component: component:
placeholder: 需要EAB的颁发机构生成账号时填写 placeholder: 需要EAB的颁发机构生成账号时填写
required: false required: true
encrypt: true encrypt: true
mergeScript: |2- mergeScript: |2-
@@ -107,7 +107,7 @@ input:
} }
account: account:
title: ACME账号信息 title: 生成ACME账号
component: component:
name: refresh-input name: refresh-input
action: GenerateAccount action: GenerateAccount
@@ -118,7 +118,7 @@ input:
col: col:
span: 24 span: 24
required: true required: true
helper: 请生成ACME账号,账号一旦生成不允许修改 helper: 点击右边按钮生成ACME账号,账号一旦生成不允许修改
encrypt: true encrypt: true
mergeScript: |2- mergeScript: |2-
@@ -0,0 +1,25 @@
name: asiaisp
title: 橙域网络(asia-isp)授权
desc: 橙域网络CDN API授权,用于部署证书到橙域CDN
icon: clarity:plugin-line
input:
accessKeyId:
title: AccessKeyId
component:
placeholder: 请输入 AccessKeyId
required: true
accessKeySecret:
title: AccessKeySecret
component:
placeholder: 请输入 AccessKeySecret
required: true
encrypt: true
testRequest:
title: 测试连接
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-asiaisp/access.js
@@ -2,6 +2,8 @@ name: tencent
title: 腾讯云 title: 腾讯云
icon: svg:icon-tencentcloud icon: svg:icon-tencentcloud
order: 0 order: 0
dependPackages:
tencentcloud-sdk-nodejs: ^4.1.112
input: input:
secretId: secretId:
title: secretId title: secretId
@@ -3,6 +3,8 @@ name: tencent
title: 腾讯云验证码 title: 腾讯云验证码
desc: '' desc: ''
showTest: false showTest: false
dependPackages:
tencentcloud-sdk-nodejs: ^4.1.112
input: input:
accessId: accessId:
title: 腾讯云授权 title: 腾讯云授权

Some files were not shown because too many files have changed in this diff Show More