v1.38.8

CHANGELOG.md

@@ -3,6 +3,39 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
+* 优化申请证书最大超时时长 ([00f67d8](https://github.com/certd/certd/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+### Bug Fixes
+
+* 修复有域名记录时，域名输入框无法关闭的bug ([54c8217](https://github.com/certd/certd/commit/54c8217808453b121abf646b004596f28932509f))
+
+### Performance Improvements
+
+*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
+* 第三方登录支持Microsoft ([beb7a4c](https://github.com/certd/certd/commit/beb7a4c99277262bb9681c5594cfcd3e36c52074))
+* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/certd/certd/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+### Bug Fixes
+
+* 修复新网找错域名的bug ([bd511f9](https://github.com/certd/certd/commit/bd511f97cb7fbdcaeff7ac899f0460a5c7b41826))
+
+### Performance Improvements
+
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([9166a57](https://github.com/certd/certd/commit/9166a579301a60750f0b72b6a42b0c8d730695fd))
+* count tip ([e19743f](https://github.com/certd/certd/commit/e19743f70553700f1f91bff76f87370f749dd247))
+* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 ### Bug Fixes

docs/guide/changelogs/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+### Bug Fixes
+
+* 修复有域名记录时，域名输入框无法关闭的bug ([54c8217](https://github.com/certd/certd/commit/54c8217808453b121abf646b004596f28932509f))
+
+### Performance Improvements
+
+*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
+* 第三方登录支持Microsoft ([beb7a4c](https://github.com/certd/certd/commit/beb7a4c99277262bb9681c5594cfcd3e36c52074))
+* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/certd/certd/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+### Bug Fixes
+
+* 修复新网找错域名的bug ([bd511f9](https://github.com/certd/certd/commit/bd511f97cb7fbdcaeff7ac899f0460a5c7b41826))
+
+### Performance Improvements
+
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([9166a57](https://github.com/certd/certd/commit/9166a579301a60750f0b72b6a42b0c8d730695fd))
+* count tip ([e19743f](https://github.com/certd/certd/commit/e19743f70553700f1f91bff76f87370f749dd247))
+* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 ### Bug Fixes

docs/guide/plugins/deploy.md

@@ -5,7 +5,7 @@
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **证书申请（JS版）** | 免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
-| 2.| **商用证书托管** | 手动上传自定义证书后，自动部署（每次证书有更新，都需要手动上传一次） | 
+| 2.| **已有证书托管** | 手动上传自定义证书后，自动部署（每次证书有更新，都需要手动上传一次） | 
 | 3.| **获取阿里云订阅证书** | 从阿里云拉取订阅模式的商用证书 | 
 | 4.| **证书申请（Lego）** | 支持海量DNS解析提供商，推荐使用，一样的免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
 ## 2. 主机

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.38.5"
+  "version": "1.38.8"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,23 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/publishlab/node-acme-client/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 优化申请证书最大超时时长 ([00f67d8](https://github.com/publishlab/node-acme-client/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/publishlab/node-acme-client/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+
+## [1.38.7](https://github.com/publishlab/node-acme-client/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+### Performance Improvements
+
+* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/publishlab/node-acme-client/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
+
+## [1.38.6](https://github.com/publishlab/node-acme-client/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.38.5](https://github.com/publishlab/node-acme-client/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 ### Bug Fixes

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.38.5",
+    "version": "1.38.8",
     "type": "module",
     "module": "scr/index.js",
     "main": "src/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.38.5",
+        "@certd/basic": "^1.38.8",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.9.0",
@@ -70,5 +70,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+    "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/core/acme-client/src/client.js

@@ -600,8 +600,11 @@ class AcmeClient {
             throw new Error(`[${d}] Unexpected item status: ${resp.data.status}`);
         };
 
-        this.log(`[${d}] Waiting for valid status （等待valid状态）: ${item.url}`, this.backoffOpts);
-        return util.retry(verifyFn, this.backoffOpts);
+        this.log(`[${d}] Waiting for valid status （等待valid状态）: ${item.url}`, JSON.stringify(this.backoffOpts));
+        const log = (...args)=>{
+            this.logger.info(...args)
+        }
+        return util.retry(verifyFn, this.backoffOpts,log);
     }
 
     /**

packages/core/acme-client/src/index.js

@@ -57,6 +57,32 @@ export function getDirectoryUrl(opts) {
   return list.production
 }
 
+
+export function getAllSslProviderDomains() {
+  const list = Object.values(directory).map((item) => {
+    let url =  item.production.replace('https://', '')
+    url = url.substring(0, url.indexOf('/'))
+    return url
+  })
+  return list
+}
+
+let sslProviderReverseProxies = {}
+
+function initSslProviderReverseProxies() {
+  for (const sslProvider of getAllSslProviderDomains()) {
+    sslProviderReverseProxies[sslProvider] = ""
+  }
+}
+initSslProviderReverseProxies()
+
+export function getSslProviderReverseProxies() {
+  return sslProviderReverseProxies
+}
+export function setSslProviderReverseProxies(reverseProxies) {
+  Object.assign(sslProviderReverseProxies, reverseProxies)
+}
+
 /**
  * Crypto
  */

packages/core/acme-client/src/util.js

@@ -52,11 +52,17 @@ async function retryPromise(fn, attempts, backoff, logger = log) {
     let aborted = false;
 
     try {
-        const data = await fn(() => { aborted = true; });
+        const setAbort = () => { aborted = true; }
+        const data = await fn(setAbort);
         return data;
     }
     catch (e) {
-        if (aborted || ((backoff.attempts + 1) >= attempts)) {
+        if (aborted){
+            logger(`用户取消重试`);
+            throw e;
+        }
+        if ( ((backoff.attempts + 1) >= attempts)) {
+            logger(`重试次数超过${attempts}次`);
             throw e;
         }
 

packages/core/acme-client/types/index.d.ts

@@ -118,6 +118,9 @@ export const directory: {
 };
 
 export function getDirectoryUrl(opts:{sslProvider:string, pkType: string}): string;
+export function getAllSslProviderDomains(): string[];
+export function getSslProviderReverseProxies(): Record<string, string>;
+export function setSslProviderReverseProxies(reverseProxies: Record<string, string>): void;
 
 /**
  * Crypto

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-23:59
+02:23

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.38.5",
+  "version": "1.38.8",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -47,5 +47,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/core/basic/src/utils/util.log.ts

@@ -18,7 +18,7 @@ export function resetLogConfigure() {
   });
 }
 resetLogConfigure();
-export const logger = log4js.getLogger("default");
+export const logger: ILogger = log4js.getLogger("default") as any;
 
 export function resetLogFilePath(filePath: string) {
   logFilePath = filePath;
@@ -77,6 +77,8 @@ export type ILogger = {
   fatal(message: any, ...args: any[]): void;
 
   mark(message: any, ...args: any[]): void;
+
+  addSecret(secret: string): void;
 };
 
 const locale = Intl.DateTimeFormat().resolvedOptions().locale;
@@ -106,10 +108,14 @@ export class PipelineLogger implements ILogger {
 
   constructor(name: string, write: (text: string) => void) {
     this.customWriter = write;
+    //@ts-ignore
     this.logger = log4js.getLogger(name);
   }
 
   addSecret(secret: string) {
+    if (!secret) {
+      return;
+    }
     this._secrets.push(secret);
   }
 

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.38.5",
+  "version": "1.38.8",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,8 +18,8 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.38.5",
-    "@certd/plus-core": "^1.38.5",
+    "@certd/basic": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.38.5",
+  "version": "1.38.8",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.38.5",
+  "version": "1.38.8",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -31,5 +31,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.38.5",
+  "version": "1.38.8",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
       "fetch"
     ]
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.38.5",
+  "version": "1.38.8",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,7 +17,7 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/basic": "^1.38.5",
+    "@certd/basic": "^1.38.8",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
@@ -32,5 +32,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,20 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 ### Performance Improvements

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.38.5",
+  "version": "1.38.8",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -28,11 +28,11 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.38.5",
-    "@certd/basic": "^1.38.5",
-    "@certd/pipeline": "^1.38.5",
-    "@certd/plugin-lib": "^1.38.5",
-    "@certd/plus-core": "^1.38.5",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plugin-lib": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
     "@midwayjs/cache": "3.14.0",
     "@midwayjs/core": "3.20.11",
     "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/libs/lib-server/src/system/settings/service/models.ts

@@ -76,6 +76,9 @@ export class SysPrivateSettings extends BaseSettings {
 
   httpsProxy? = '';
   httpProxy? = '';
+
+  reverseProxies?: Record<string, string> = {};
+
   dnsResultOrder? = '';
   commonCnameEnabled?: boolean = true;
 

packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts

@@ -4,10 +4,10 @@ import { Repository } from 'typeorm';
 import { SysSettingsEntity } from '../entity/sys-settings.js';
 import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecret, SysSecretBackup } from './models.js';
 
-import { BaseService } from '../../../basic/index.js';
-import { cache, logger, setGlobalProxy } from '@certd/basic';
+import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
+import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
 import * as dns from 'node:dns';
-import {mergeUtils} from "@certd/basic";
+import { BaseService } from '../../../basic/index.js';
 import { executorQueue } from '../../basic/service/executor-queue.js';
 const {merge} = mergeUtils;
 /**
@@ -120,7 +120,14 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
   }
 
   async getPrivateSettings(): Promise<SysPrivateSettings> {
-    return await this.getSetting(SysPrivateSettings);
+    const res = await this.getSetting<SysPrivateSettings>(SysPrivateSettings);
+    const sslProviderDomains = getAllSslProviderDomains();
+    for (const domain of sslProviderDomains) {
+      if (!res.reverseProxies[domain]) {
+        res.reverseProxies[domain] = "";
+      }
+    }
+    return res
   }
 
   async savePrivateSettings(bean: SysPrivateSettings) {
@@ -145,6 +152,8 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
     if (bean.pipelineMaxRunningCount){
       executorQueue.setMaxRunningCount(bean.pipelineMaxRunningCount);
     }
+
+    setSslProviderReverseProxies(bean.reverseProxies);
   }
 
   async updateByKey(key: string, setting: any) {

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.38.5",
+  "version": "1.38.8",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -46,5 +46,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,20 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+### Performance Improvements
+
+*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/plugin-cert

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.38.5",
+  "version": "1.38.8",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.38.5",
-    "@certd/basic": "^1.38.5",
-    "@certd/pipeline": "^1.38.5",
-    "@certd/plugin-lib": "^1.38.5",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plugin-lib": "^1.38.8",
     "psl": "^1.9.0",
     "punycode.js": "^2.3.1"
   },
@@ -38,5 +38,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/plugins/plugin-cert/src/index.ts

@@ -1 +1 @@
-export * from "@certd/plugin-lib";
+export * from "@certd/plugin-lib";

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 **Note:** Version bump only for package @certd/plugin-lib

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.38.5",
+  "version": "1.38.8",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.11",
     "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.5",
-    "@certd/basic": "^1.38.5",
-    "@certd/pipeline": "^1.38.5",
-    "@certd/plus-core": "^1.38.5",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",
@@ -57,5 +57,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
+  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
 }

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,32 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+### Bug Fixes
+
+* 修复有域名记录时，域名输入框无法关闭的bug ([54c8217](https://github.com/certd/certd/commit/54c8217808453b121abf646b004596f28932509f))
+
+### Performance Improvements
+
+*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+### Performance Improvements
+
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([9166a57](https://github.com/certd/certd/commit/9166a579301a60750f0b72b6a42b0c8d730695fd))
+* count tip ([e19743f](https://github.com/certd/certd/commit/e19743f70553700f1f91bff76f87370f749dd247))
+* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 ### Bug Fixes

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.38.5",
+  "version": "1.38.8",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.38.5",
-    "@certd/pipeline": "^1.38.5",
+    "@certd/lib-iframe": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/components/plugins/common/domain-selector.vue

@@ -3,13 +3,13 @@
     <div class="flex flex-row">
       <a-select
         class="domain-select-input"
+        :popup-class-name="popupClassName"
         :dropdown-style="dropdownStyle"
         show-search
         :filter-option="filterOption"
         :options="optionsRef"
         :value="value"
         v-bind="attrs"
-        :open="openProp"
         @click="onClick"
         @update:value="emit('update:value', $event)"
       >
@@ -56,7 +56,7 @@
   </div>
 </template>
 <script setup lang="ts">
-import { computed, defineComponent, ref, Ref, useAttrs } from "vue";
+import { computed, defineComponent, onMounted, ref, Ref, useAttrs } from "vue";
 import { useRouter } from "vue-router";
 import { Dicts } from "../lib/dicts";
 import { request } from "/@/api/service";
@@ -83,7 +83,6 @@ const props = defineProps<{
   search?: boolean;
   pager?: boolean;
   value?: any[];
-  open?: boolean;
 }>();
 
 const emit = defineEmits<{
@@ -94,11 +93,11 @@ const attrs = useAttrs();
 
 const hasOptions: Ref = ref(null);
 
-const openProp = computed(() => {
-  if (hasOptions.value == null) {
-    return false;
+const popupClassName = computed(() => {
+  if (!hasOptions.value) {
+    return "hidden-important";
   }
-  return hasOptions.value;
+  return "";
 });
 
 const searchKeyRef = ref("");
@@ -155,6 +154,7 @@ const getOptions = async () => {
 
     optionsRef.value = options;
     if (hasOptions.value == null) {
+      //初始设置一次
       if (options.length > 0) {
         hasOptions.value = true;
       } else {
@@ -223,6 +223,10 @@ function openDomainImportDialog() {
 const dropdownStyle = ref({
   zIndex: 2000,
 });
+
+onMounted(() => {
+  refreshOptions();
+});
 </script>
 
 <style lang="less"></style>

packages/ui/certd-client/src/components/plugins/common/params-show.vue

@@ -1,8 +1,8 @@
 <template>
   <div class="params-show">
-    <a-tag type="primary" color="green" v-for="item of params" :key="item.value" class="item">
+    <a-tag v-for="item of params" :key="item.value" type="primary" color="green" class="item">
       <span class="label">{{ item.label }}=</span>
-      <fs-copyable :modelValue="`\$\{${item.value}\}`" :button="{show:false}" :inline="true"></fs-copyable>
+      <fs-copyable :model-value="`\$\{${item.value}\}`" :button="{ show: false }" :inline="true"></fs-copyable>
     </a-tag>
   </div>
 </template>

packages/ui/certd-client/src/components/vip-button/index.vue

@@ -161,27 +161,30 @@ function openStarModal(vipType: string) {
     return;
   }
   Modal.destroyAll();
-  const goGithub = () => {
-    window.open("https://github.com/certd/certd/");
-  };
 
-  modal.confirm({
-    title: t("vip.get_7_day_pro_trial"),
-    okText: t("vip.star_now"),
-    onOk() {
-      goGithub();
-      openTrialModal(vipType);
-    },
-    width: 600,
-    content: () => {
-      return (
-        <div class="flex mt-10 mb-10">
-          <div>{t("vip.please_help_star")}</div>
-          <img class="ml-5" src="https://img.shields.io/github/stars/certd/certd?logo=github" />
-        </div>
-      );
-    },
-  });
+  openTrialModal(vipType);
+
+  // const goGithub = () => {
+  //   window.open("https://github.com/certd/certd/");
+  // };
+
+  // modal.confirm({
+  //   title: t("vip.get_7_day_pro_trial"),
+  //   okText: t("vip.star_now"),
+  //   onOk() {
+  //     goGithub();
+  //     openTrialModal(vipType);
+  //   },
+  //   width: 600,
+  //   content: () => {
+  //     return (
+  //       <div class="flex mt-10 mb-10">
+  //         <div>{t("vip.please_help_star")}</div>
+  //         <img class="ml-5" src="https://img.shields.io/github/stars/certd/certd?logo=github" />
+  //       </div>
+  //     );
+  //   },
+  // });
 }
 
 function openUpgrade() {

packages/ui/certd-client/src/layout/layout-basic.vue

@@ -35,7 +35,13 @@ const menus = computed(() => [
 
 const avatar = computed(() => {
   const avt = userStore.getUserInfo?.avatar;
-  return avt ? `/api/basic/file/download?key=${avt}` : "";
+  if (!avt) {
+    return "";
+  }
+  if (avt.startsWith("http")) {
+    return avt;
+  }
+  return `/api/basic/file/download?key=${avt}`;
 });
 
 async function handleLogout() {

packages/ui/certd-client/src/locales/langs/en-US/certd.ts

@@ -511,6 +511,7 @@ export default {
   selectRecordFirst: "Please select records first",
   subdomainHosted: "Hosted Subdomain",
   subdomainHelpText: "If you don't understand what subdomain hosting is,Do not set it randomly, as it may result in the inability to apply for the certificate. please refer to the documentation ",
+  subdomainHelpSupportStart: "Supports * wildcard, indicating that all subdomains of the domain are hosted (free subdomains)",
   subdomainManagement: "Subdomain Management",
   isDisabled: "Is Disabled",
   enabled: "Enabled",
@@ -784,6 +785,7 @@ export default {
       captchaSetting: "Captcha Setting",
       pipelineSetting: "Pipeline Settings",
       oauthSetting: "OAuth2 Settings",
+      networkSetting: "Network Settings",
 
       showRunStrategy: "Show RunStrategy",
       showRunStrategyHelper: "Allow modify the run strategy of the task",
@@ -835,6 +837,11 @@ export default {
       notice: "System Notice",
       noticeHelper: "System notice, will be displayed on the login page",
       noticePlaceholder: "System notice",
+
+      reverseProxy: "Reverse Proxy List",
+      reverseProxyHelper: "Reverse proxy for ACME address, used when applying for certificate",
+      reverseProxyPlaceholder: "http://le.px.handfree.work",
+      reverseProxyEmpty: "No reverse proxy list configured",
     },
   },
   modal: {

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -521,6 +521,7 @@ export default {
   selectRecordFirst: "请先勾选记录",
   subdomainHosted: "托管的子域名",
   subdomainHelpText: "如果您不理解什么是子域托管，请不要随意设置（可能导致证书无法申请，以前设置过的cname记录也需要重新配置），可以参考文档",
+  subdomainHelpSupportStart: "支持*号通配符,表示该域名下的子域名都是托管的（免费子域名）",
   subdomainManagement: "子域管理",
   isDisabled: "是否禁用",
   enabled: "启用",
@@ -791,6 +792,7 @@ export default {
       captchaSetting: "验证码设置",
       pipelineSetting: "流水线设置",
       oauthSetting: "第三方登录",
+      networkSetting: "网络设置",
 
       showRunStrategy: "显示运行策略选择",
       showRunStrategyHelper: "任务设置中是否允许选择运行策略",
@@ -850,6 +852,11 @@ export default {
       notice: "系统公告",
       noticeHelper: "系统公告，将在首页显示",
       noticePlaceholder: "系统公告",
+
+      reverseProxy: "反向代理列表",
+      reverseProxyHelper: "证书颁发机构ACME地址的反向代理，在申请证书时自动使用",
+      reverseProxyPlaceholder: "http://le.px.handfree.work",
+      reverseProxyEmpty: "未配置反向代理",
     },
   },
   modal: {

packages/ui/certd-client/src/store/settings/api.basic.ts

@@ -93,6 +93,7 @@ export type SuiteSetting = {
 export type SysPrivateSetting = {
   httpProxy?: string;
   httpsProxy?: string;
+  reverseProxies?: any;
   dnsResultOrder?: string;
   commonCnameEnabled?: boolean;
   // 同一个用户同时最大运行流水线数量

packages/ui/certd-client/src/style/common.less

@@ -372,6 +372,13 @@ h6 {
   border-spacing: 0;
   overflow: auto;
 
+  &.cd-table-none-border {
+    border: 0 !important;
+    td, th {
+      border: 0 !important;
+    }
+  }
+
   .fs-loading {
     position: absolute;
     left: 0;
@@ -476,4 +483,10 @@ h6 {
   .fs-icon{
     margin-right: 5px;
   }
+}
+
+
+.hidden-important {
+  display: none !important;
+  visibility: hidden !important;
 }

packages/ui/certd-client/src/views/certd/mine/security/api.ts

@@ -28,7 +28,7 @@ export async function TwoFactorAuthenticatorGet() {
     url: apiPrefix + "/twoFactor/authenticator/qrcode",
     method: "post",
   });
-  return res as string; //base64
+  return res as { qrcode: string; link: string; secret: string }; //base64
 }
 
 export async function TwoFactorAuthenticatorSave(req: AuthenticatorSaveReq) {

packages/ui/certd-client/src/views/certd/mine/security/index.vue

@@ -57,6 +57,17 @@
             <div class="ml-20">
               <img class="full-w" :src="authenticatorForm.qrcodeSrc" />
             </div>
+            <div class="ml-20 mt-5">
+              <div>您也可以手动添加：</div>
+              <div class="flex mt-5">
+                <a-tag type="primary" color="green" class="mr-2">Secret：</a-tag>
+                <fs-copyable :model-value="authenticatorForm.secret" />
+              </div>
+              <div class="flex mt-5">
+                <a-tag type="primary" color="green" class="mr-2">Link：</a-tag>
+                <fs-copyable :model-value="authenticatorForm.link" />
+              </div>
+            </div>
           </div>
           <h3 class="font-bold m-10">{{ t("certd.step3") }}</h3>
           <div class="ml-20">
@@ -97,6 +108,8 @@ const formState = reactive<Partial<UserTwoFactorSetting>>({
 const authenticatorForm = reactive({
   qrcodeSrc: "",
   verifyCode: "",
+  link: "",
+  secret: "",
   open: false,
 });
 
@@ -110,9 +123,14 @@ watch(
   async open => {
     if (open) {
       //base64 转图片
-      authenticatorForm.qrcodeSrc = await api.TwoFactorAuthenticatorGet();
+      const { qrcode, link, secret } = await api.TwoFactorAuthenticatorGet();
+      authenticatorForm.qrcodeSrc = qrcode;
+      authenticatorForm.link = link;
+      authenticatorForm.secret = secret;
     } else {
       authenticatorForm.qrcodeSrc = "";
+      authenticatorForm.link = "";
+      authenticatorForm.secret = "";
       authenticatorForm.verifyCode = "";
     }
   }

packages/ui/certd-client/src/views/certd/mine/user-profile.vue

@@ -8,7 +8,7 @@
         <a-descriptions-item :label="t('authentication.username')">{{ userInfo.username }}</a-descriptions-item>
         <a-descriptions-item :label="t('authentication.nickName')">{{ userInfo.nickName }}</a-descriptions-item>
         <a-descriptions-item :label="t('authentication.avatar')">
-          <a-avatar v-if="userInfo.avatar" size="large" :src="'api/basic/file/download?&key=' + userInfo.avatar" style="background-color: #eee"> </a-avatar>
+          <a-avatar v-if="userInfo.avatar" size="large" :src="userAvatar" style="background-color: #eee"> </a-avatar>
           <a-avatar v-else size="large" style="background-color: #00b4f5">
             {{ userInfo.username }}
           </a-avatar>
@@ -108,6 +108,17 @@ async function bind(type: string) {
   window.location.href = loginUrl;
 }
 
+const userAvatar = computed(() => {
+  if (isEmpty(userInfo.value.avatar)) {
+    return "";
+  }
+  if (userInfo.value.avatar.startsWith("http")) {
+    return userInfo.value.avatar;
+  }
+
+  return "api/basic/file/download?&key=" + userInfo.value.avatar;
+});
+
 onMounted(async () => {
   await getUserInfo();
   await loadOauthBounds();

packages/ui/certd-client/src/views/certd/pipeline/pipeline/index.vue

@@ -1065,7 +1065,7 @@ export default defineComponent({
     }
 
     .layout-right {
-      width: 364px;
+      width: 368px;
       height: 100%;
       max-width: 90vw;
     }
@@ -1292,7 +1292,7 @@ export default defineComponent({
   .layout-right {
     position: relative;
     &.collapsed {
-      margin-right: max(-364px, -90vw);
+      margin-right: max(-368px, -90vw);
     }
 
     .collapse-toggle {

packages/ui/certd-client/src/views/certd/pipeline/sub-domain/crud.tsx

@@ -80,10 +80,13 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
               render() {
                 return (
                   <div>
-                    {t("certd.subdomainHelpText")}
-                    <a href={"https://help.aliyun.com/zh/dns/subdomain-management"} target={"_blank"}>
-                      {t("certd.subdomainManagement")}
-                    </a>
+                    <div>
+                      1. {t("certd.subdomainHelpText")}
+                      <a href={"https://help.aliyun.com/zh/dns/subdomain-management"} target={"_blank"}>
+                        {t("certd.subdomainManagement")}
+                      </a>
+                    </div>
+                    <div>2. {t("certd.subdomainHelpSupportStart")}</div>
                   </div>
                 );
               },

packages/ui/certd-client/src/views/sys/settings/index.vue

@@ -26,6 +26,9 @@
         <a-tab-pane key="pipeline" :tab="t('certd.sys.setting.pipelineSetting')">
           <SettingPipeline v-if="activeKey === 'pipeline'" />
         </a-tab-pane>
+        <a-tab-pane key="network" :tab="t('certd.sys.setting.networkSetting')">
+          <SettingNetwork v-if="activeKey === 'network'" />
+        </a-tab-pane>
       </a-tabs>
     </div>
   </fs-page>
@@ -39,6 +42,7 @@ import SettingSafe from "/@/views/sys/settings/tabs/safe.vue";
 import SettingCaptcha from "/@/views/sys/settings/tabs/captcha.vue";
 import SettingPipeline from "/@/views/sys/settings/tabs/pipeline.vue";
 import SettingOauth from "/@/views/sys/settings/tabs/oauth.vue";
+import SettingNetwork from "/@/views/sys/settings/tabs/network.vue";
 import { useRoute, useRouter } from "vue-router";
 import { ref } from "vue";
 import { useSettingStore } from "/@/store/settings";

packages/ui/certd-client/src/views/sys/settings/tabs/base.vue

@@ -15,33 +15,6 @@
         <a-switch v-model:checked="formState.public.robots" />
       </a-form-item>
 
-      <a-form-item :label="t('certd.httpProxy')" :name="['private', 'httpProxy']" :rules="urlRules">
-        <a-input v-model:value="formState.private.httpProxy" :placeholder="t('certd.httpProxyPlaceholder')" />
-        <div class="helper">{{ t("certd.httpProxyHelper") }}</div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.httpsProxy')" :name="['private', 'httpsProxy']" :rules="urlRules">
-        <div class="flex">
-          <a-input v-model:value="formState.private.httpsProxy" :placeholder="t('certd.httpsProxyPlaceholder')" />
-          <a-button class="ml-5" type="primary" :loading="testProxyLoading" :title="t('certd.saveThenTestTitle')" @click="testProxy">{{ t("certd.testButton") }}</a-button>
-        </div>
-        <div class="helper">{{ t("certd.httpsProxyHelper") }}</div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.dualStackNetwork')" :name="['private', 'dnsResultOrder']">
-        <a-select v-model:value="formState.private.dnsResultOrder">
-          <a-select-option value="verbatim">{{ t("certd.default") }}</a-select-option>
-          <a-select-option value="ipv4first">{{ t("certd.ipv4Priority") }}</a-select-option>
-          <a-select-option value="ipv6first">{{ t("certd.ipv6Priority") }}</a-select-option>
-        </a-select>
-        <div class="helper">{{ t("certd.dualStackNetworkHelper") }}, <a href="https://certd.docmirror.cn/guide/use/setting/ipv6.html" target="_blank">{{ t("certd.helpDocLink") }}</a></div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.sys.setting.showRunStrategy')" :name="['public', 'showRunStrategy']">
-        <a-switch v-model:checked="formState.public.showRunStrategy" />
-        <div class="helper">{{ t("certd.sys.setting.showRunStrategyHelper") }}</div>
-      </a-form-item>
-
       <a-form-item :label="t('certd.enableCommonCnameService')" :name="['private', 'commonCnameEnabled']">
         <a-switch v-model:checked="formState.private.commonCnameEnabled" />
         <div class="helper" v-html="t('certd.commonCnameHelper')"></div>
@@ -60,16 +33,14 @@
 </template>
 
 <script setup lang="tsx">
-import { reactive, ref } from "vue";
-import { SysSettings } from "/@/views/sys/settings/api";
-import * as api from "/@/views/sys/settings/api";
-import { merge } from "lodash-es";
-import { useSettingStore } from "/@/store/settings";
 import { notification } from "ant-design-vue";
-import { util } from "/@/utils";
+import { merge } from "lodash-es";
+import { reactive, ref } from "vue";
+import { useSettingStore } from "/@/store/settings";
+import * as api from "/@/views/sys/settings/api";
+import { SysSettings } from "/@/views/sys/settings/api";
+
 import { useI18n } from "/src/locales";
-import AddonSelector from "../../../certd/addon/addon-selector/index.vue";
-import CaptchaInput from "/@/components/captcha/captcha-input.vue";
 const { t } = useI18n();
 
 defineOptions({
@@ -84,11 +55,6 @@ const formState = reactive<Partial<SysSettings>>({
   private: {},
 });
 
-const urlRules = ref({
-  type: "url",
-  message: "请输入正确的URL",
-});
-
 async function loadSysSettings() {
   const data: any = await api.SysSettingsGet();
   merge(formState, data);
@@ -110,43 +76,6 @@ const onFinish = async (form: any) => {
     saveLoading.value = false;
   }
 };
-
-const testProxyLoading = ref(false);
-async function testProxy() {
-  testProxyLoading.value = true;
-  try {
-    const res = await api.TestProxy();
-    let success = true;
-    if (res.google !== true || res.baidu !== true) {
-      success = false;
-    }
-    const content = () => {
-      return (
-        <div>
-          <div>
-            {t("certd.google")}: {res.google === true ? t("certd.success") : util.maxLength(res.google)}
-          </div>
-          <div>
-            {t("certd.baidu")}: {res.baidu === true ? t("certd.success") : util.maxLength(res.baidu)}
-          </div>
-        </div>
-      );
-    };
-    if (!success) {
-      notification.error({
-        message: t("certd.testFailed"),
-        description: content,
-      });
-      return;
-    }
-    notification.success({
-      message: t("certd.testCompleted"),
-      description: content,
-    });
-  } finally {
-    testProxyLoading.value = false;
-  }
-}
 </script>
 <style lang="less">
 .sys-settings-base {

packages/ui/certd-client/src/views/sys/settings/tabs/network.vue

@@ -0,0 +1,127 @@
+<template>
+  <div class="sys-settings-form sys-settings-network">
+    <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
+      <a-form-item :label="t('certd.httpProxy')" :name="['private', 'httpProxy']" :rules="urlRules">
+        <a-input v-model:value="formState.private.httpProxy" :placeholder="t('certd.httpProxyPlaceholder')" />
+        <div class="helper">{{ t("certd.httpProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.httpsProxy')" :name="['private', 'httpsProxy']" :rules="urlRules">
+        <div class="flex">
+          <a-input v-model:value="formState.private.httpsProxy" :placeholder="t('certd.httpsProxyPlaceholder')" />
+          <a-button class="ml-5" type="primary" :loading="testProxyLoading" :title="t('certd.saveThenTestTitle')" @click="testProxy">{{ t("certd.testButton") }}</a-button>
+        </div>
+        <div class="helper">{{ t("certd.httpsProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.dualStackNetwork')" :name="['private', 'dnsResultOrder']">
+        <a-select v-model:value="formState.private.dnsResultOrder">
+          <a-select-option value="verbatim">{{ t("certd.default") }}</a-select-option>
+          <a-select-option value="ipv4first">{{ t("certd.ipv4Priority") }}</a-select-option>
+          <a-select-option value="ipv6first">{{ t("certd.ipv6Priority") }}</a-select-option>
+        </a-select>
+        <div class="helper">
+          {{ t("certd.dualStackNetworkHelper") }}, <a href="https://certd.docmirror.cn/guide/use/setting/ipv6.html" target="_blank">{{ t("certd.helpDocLink") }}</a>
+        </div>
+      </a-form-item>
+      <a-form-item :label="t('certd.sys.setting.reverseProxy')" :name="['private', 'reverseProxy']">
+        <div class="mt-5">
+          <div v-for="(value, key) in formState.private.reverseProxies" :key="key" class="flex items-center p-2 border-b border-gray-300">
+            <span class="flex-1">{{ key }}</span>
+            <span class="flex-1 ml-5"><a-input v-model:value="formState.private.reverseProxies[key]" placeholder="proxy.xxxx.com" allow-clear /></span>
+          </div>
+        </div>
+        <div class="helper">{{ t("certd.sys.setting.reverseProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
+        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
+      </a-form-item>
+    </a-form>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { proxyRefs, reactive, ref } from "vue";
+import { SysSettings } from "/@/views/sys/settings/api";
+import * as api from "/@/views/sys/settings/api";
+import { merge } from "lodash-es";
+import { useSettingStore } from "/@/store/settings";
+import { message, notification } from "ant-design-vue";
+import { useI18n } from "/src/locales";
+const { t } = useI18n();
+import { util } from "/@/utils";
+defineOptions({
+  name: "SettingNetwork",
+});
+
+const formState = reactive<Partial<SysSettings>>({
+  public: {},
+  private: {},
+});
+
+const urlRules = ref({
+  type: "url",
+  message: "请输入正确的URL",
+});
+
+async function loadSysSettings() {
+  const data: any = await api.SysSettingsGet();
+  merge(formState, data);
+}
+
+const saveLoading = ref(false);
+loadSysSettings();
+const settingsStore = useSettingStore();
+const onFinish = async (form: any) => {
+  try {
+    saveLoading.value = true;
+    form.private.reverseProxies = formState.private.reverseProxies;
+    await api.SysSettingsSave(form);
+    await settingsStore.loadSysSettings();
+    notification.success({
+      message: t("certd.saveSuccess"),
+    });
+  } finally {
+    saveLoading.value = false;
+  }
+};
+
+const testProxyLoading = ref(false);
+async function testProxy() {
+  testProxyLoading.value = true;
+  try {
+    const res = await api.TestProxy();
+    let success = true;
+    if (res.google !== true || res.baidu !== true) {
+      success = false;
+    }
+    const content = () => {
+      return (
+        <div>
+          <div>
+            {t("certd.google")}: {res.google === true ? t("certd.success") : util.maxLength(res.google)}
+          </div>
+          <div>
+            {t("certd.baidu")}: {res.baidu === true ? t("certd.success") : util.maxLength(res.baidu)}
+          </div>
+        </div>
+      );
+    };
+    if (!success) {
+      notification.error({
+        message: t("certd.testFailed"),
+        description: content,
+      });
+      return;
+    }
+    notification.success({
+      message: t("certd.testCompleted"),
+      description: content,
+    });
+  } finally {
+    testProxyLoading.value = false;
+  }
+}
+</script>
+<style lang="less"></style>

packages/ui/certd-client/src/views/sys/settings/tabs/pipeline.vue

@@ -8,6 +8,10 @@
         <a-input-number v-model:value="formState.public.limitUserPipelineCount" />
         <div class="helper">{{ t("certd.limitUserPipelineCountHelper") }}</div>
       </a-form-item>
+      <a-form-item :label="t('certd.sys.setting.showRunStrategy')" :name="['public', 'showRunStrategy']">
+        <a-switch v-model:checked="formState.public.showRunStrategy" />
+        <div class="helper">{{ t("certd.sys.setting.showRunStrategyHelper") }}</div>
+      </a-form-item>
       <a-form-item :label="t('certd.sys.setting.pipelineValidTimeEnabled')" :name="['public', 'pipelineValidTimeEnabled']">
         <div class="flex items-center">
           <a-switch v-model:checked="formState.public.pipelineValidTimeEnabled" :disabled="!settingsStore.isPlus" />

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,33 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
+* 优化申请证书最大超时时长 ([00f67d8](https://github.com/certd/certd/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
+
+## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
+
+### Performance Improvements
+
+*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
+* 第三方登录支持Microsoft ([beb7a4c](https://github.com/certd/certd/commit/beb7a4c99277262bb9681c5594cfcd3e36c52074))
+* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/certd/certd/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
+
+## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
+
+### Bug Fixes
+
+* 修复新网找错域名的bug ([bd511f9](https://github.com/certd/certd/commit/bd511f97cb7fbdcaeff7ac899f0460a5c7b41826))
+
+### Performance Improvements
+
+* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
+
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)
 
 ### Bug Fixes

packages/ui/certd-server/metadata/access_xinnet.yaml

@@ -22,7 +22,9 @@ input:
     component:
       name: api-test
       action: TestRequest
-    helper: 点击测试接口是否正常
+    helper: |-
+      测试前请务必先在新网后台关闭异地登录保护、关闭动态口令验证
+      如果提示需要短信验证码，请等几个小时后再试
 pluginType: access
 type: builtIn
 scriptFilePath: /plugins/plugin-xinnet/access.js

packages/ui/certd-server/metadata/addon_oauth_github.yaml

@@ -0,0 +1,19 @@
+addonType: oauth
+name: github
+title: GitHub认证
+desc: GitHub OAuth2登录
+icon: simple-icons:github
+showTest: false
+input:
+  clientId:
+    title: ClientId
+    helper: '[GitHub Developer Settings](https://github.com/settings/developers)创建应用后获取'
+    required: true
+  clientSecretKey:
+    title: ClientSecretKey
+    component:
+      placeholder: ClientSecretKey / appSecretKey
+    required: true
+pluginType: addon
+type: builtIn
+scriptFilePath: /plugins/plugin-oauth/oauth2/plugin-github.js

packages/ui/certd-server/metadata/addon_oauth_google.yaml

@@ -0,0 +1,21 @@
+addonType: oauth
+name: google
+title: Google认证
+desc: Google OAuth2登录
+icon: simple-icons:google
+showTest: false
+input:
+  clientId:
+    title: ClientId
+    helper: >-
+      [Google Cloud
+      Console](https://console.cloud.google.com/apis/credentials)创建应用后获取
+    required: true
+  clientSecretKey:
+    title: ClientSecretKey
+    component:
+      placeholder: ClientSecretKey / appSecretKey
+    required: true
+pluginType: addon
+type: builtIn
+scriptFilePath: /plugins/plugin-oauth/oauth2/plugin-google.js

packages/ui/certd-server/metadata/addon_oauth_microsoft.yaml

@@ -0,0 +1,26 @@
+addonType: oauth
+name: microsoft
+title: Microsoft认证
+desc: Microsoft OAuth2登录
+icon: simple-icons:microsoft
+showTest: false
+input:
+  clientId:
+    title: ClientId
+    helper: '[Azure Portal](https://portal.azure.com/)创建应用后获取'
+    required: true
+  clientSecretKey:
+    title: ClientSecretKey
+    component:
+      placeholder: ClientSecretKey / appSecretKey
+    required: true
+  tenantId:
+    title: TenantId
+    helper: 租户ID，留空使用/common端点（需要应用配置为多租户）
+    component:
+      placeholder: common 或 租户ID
+    value: common
+    required: false
+pluginType: addon
+type: builtIn
+scriptFilePath: /plugins/plugin-oauth/oauth2/plugin-microsoft.js

packages/ui/certd-server/metadata/deploy_CertApply.yaml

@@ -215,7 +215,7 @@ input:
     component:
       name: access-selector
       type: eab
-    maybeNeed: true
+    maybeNeed: false
     required: false
     helper: >-
       需要提供EAB授权
@@ -246,7 +246,7 @@ input:
     component:
       name: access-selector
       type: google
-    maybeNeed: true
+    maybeNeed: false
     required: false
     helper: >-
       google服务账号授权与EAB授权选填其中一个，[服务账号授权获取方法](https://certd.docmirror.cn/guide/use/google/)

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.38.5",
+  "version": "1.38.8",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -48,20 +48,20 @@
     "@aws-sdk/client-iam": "^3.964.0",
     "@aws-sdk/client-route-53": "^3.964.0",
     "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.5",
-    "@certd/basic": "^1.38.5",
-    "@certd/commercial-core": "^1.38.5",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/commercial-core": "^1.38.8",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.5",
-    "@certd/lib-huawei": "^1.38.5",
-    "@certd/lib-k8s": "^1.38.5",
-    "@certd/lib-server": "^1.38.5",
-    "@certd/midway-flyway-js": "^1.38.5",
-    "@certd/pipeline": "^1.38.5",
-    "@certd/plugin-cert": "^1.38.5",
-    "@certd/plugin-lib": "^1.38.5",
-    "@certd/plugin-plus": "^1.38.5",
-    "@certd/plus-core": "^1.38.5",
+    "@certd/jdcloud": "^1.38.8",
+    "@certd/lib-huawei": "^1.38.8",
+    "@certd/lib-k8s": "^1.38.8",
+    "@certd/lib-server": "^1.38.8",
+    "@certd/midway-flyway-js": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plugin-cert": "^1.38.8",
+    "@certd/plugin-lib": "^1.38.8",
+    "@certd/plugin-plus": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
     "@google-cloud/publicca": "^1.3.0",
     "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
     "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",

packages/ui/certd-server/src/controller/user/mine/setting-two-factor-controller.ts

@@ -48,8 +48,8 @@ export class UserTwoFactorSettingController extends BaseController {
   @Post("/authenticator/qrcode", { summary: Constants.per.authOnly })
   async authenticatorQrcode() {
     const userId = this.getUserId();
-    const qrcode = await this.twoFactorService.getAuthenticatorQrCode(userId);
-    return this.ok(qrcode);
+    const {qrcode,link,secret} = await this.twoFactorService.getAuthenticatorQrCode(userId);
+    return this.ok({qrcode,link,secret}); 
   }
 
   @Post("/authenticator/save", { summary: Constants.per.authOnly })

packages/ui/certd-server/src/modules/mine/service/two-factor-service.ts

@@ -33,7 +33,8 @@ export class TwoFactorService {
 
     //生成qrcode base64
     const qrcode = await import("qrcode");
-    return await qrcode.toDataURL(qrcodeContent);
+    const qrcodeBase64 = await qrcode.toDataURL(qrcodeContent);
+    return {qrcode:qrcodeBase64,link:qrcodeContent,secret}
 
   }
 

packages/ui/certd-server/src/modules/pipeline/service/getter/sub-domain-getter.ts

@@ -1,5 +1,5 @@
-import {ISubDomainsGetter} from "@certd/plugin-cert";
-import {SubDomainService} from "../sub-domain-service.js";
+import { ISubDomainsGetter } from "@certd/plugin-cert";
+import { SubDomainService } from "../sub-domain-service.js";
 import { DomainService } from "../../../cert/service/domain-service.js";
 
 export class SubDomainsGetter implements ISubDomainsGetter {
@@ -18,18 +18,39 @@ export class SubDomainsGetter implements ISubDomainsGetter {
   }
 
   async hasSubDomain(fullDomain: string) {
+    let arr = fullDomain.split(".")
     const subDomains = await this.getSubDomains()
-     if (subDomains && subDomains.length > 0) {
+    if (subDomains && subDomains.length > 0) {
       const fullDomainDot = "." + fullDomain;
       for (const subDomain of subDomains) {
         if (fullDomainDot.endsWith("." + subDomain)) {
           //找到子域名托管
           return subDomain;
         }
+
+        if (subDomain.startsWith("*.")) {
+          //如果子域名配置的是泛域名，说明这一层及以下的子域名都是托管的
+          //以fullDomain在这一层的子域名作为返回值
+          const nonStarDomain = subDomain.slice(1)
+          if (fullDomainDot.endsWith(nonStarDomain)) {
+            //提取fullDomain在这一层的子域名
+            const fullArr = arr.reverse()
+            const subArr = subDomain.split(".").reverse()
+            let strBuilder = ""
+            for (let i =0 ;i<subArr.length;i++) {
+              if (strBuilder) {
+                strBuilder = fullArr[i] + "." + strBuilder
+              } else {
+                strBuilder = fullArr[i]
+              }
+            }
+            return strBuilder
+          }
+        }
+
       }
     }
-    let arr = fullDomain.split(".")
-    while(arr.length>0){
+    while (arr.length > 0) {
       const subDomain = arr.join(".")
       const domain = await this.domainService.findOne({
         where: {
@@ -38,10 +59,10 @@ export class SubDomainsGetter implements ISubDomainsGetter {
           challengeType: "dns",
         }
       })
-      if(domain){
+      if (domain) {
         return subDomain
       }
-       arr = arr.slice(1)
+      arr = arr.slice(1)
     }
     return null
   }

packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts

@@ -113,6 +113,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
 
   async add(bean: PipelineEntity) {
     bean.status = ResultType.none;
+    if (bean.order == null) {
+      bean.order = 0;
+    }
     await this.save(bean);
     return bean;
   }
@@ -243,6 +246,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
     if (!bean.status) {
       bean.status = ResultType.none;
     }
+    if (bean.order == null) {
+      bean.order = 0;
+    }
     if (!isUpdate) {
       //如果是添加，先保存一下，获取到id，更新pipeline.id
       await this.addOrUpdate(bean);

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-cdn/index.ts

@@ -151,6 +151,7 @@ export class DeployCertToAliyunCDN extends AbstractTaskPlugin {
   }
 
   async SetCdnDomainSSLCertificate(client: any, params: { CertId: number; DomainName: string,CertName:string,CertRegion:string }) {
+    this.logger.info('设置CDN: ',JSON.stringify(params));
     const requestOption = {
       method: 'POST',
       formatParams: false,

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/acme.ts

@@ -1,13 +1,12 @@
 // @ts-ignore
 import * as acme from "@certd/acme-client";
 import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
-import * as _ from "lodash-es";
 import { Challenge } from "@certd/acme-client/types/rfc8555.js";
-import { IContext } from "@certd/pipeline";
 import { ILogger, utils } from "@certd/basic";
+import { IContext } from "@certd/pipeline";
+import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
 import punycode from "punycode.js";
 import { IOssClient } from "../../../plugin-lib/index.js";
-import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
 export type CnameVerifyPlan = {
   type?: string;
   domain: string;
@@ -112,11 +111,26 @@ export class AcmeService {
   }
 
   async getAcmeClient(email: string): Promise<acme.Client> {
-    const mappings = {};
-    if (this.sslProvider === "letsencrypt") {
-      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
-    } else if (this.sslProvider === "google") {
-      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
+
+    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
+    let targetUrl = directoryUrl.replace("https://", "");
+    targetUrl = targetUrl.substring(0, targetUrl.indexOf("/"));
+    
+    const mappings = {
+      "acme-v02.api.letsencrypt.org": "le.px.certd.handfree.work",
+      "dv.acme-v02.api.pki.goog": "gg.px.certd.handfree.work",
+    };
+    const reverseProxies = acme.getSslProviderReverseProxies();
+    if (reverseProxies) {
+      for (const key in reverseProxies) {
+        const value = reverseProxies[key];
+        if (value) {
+          mappings[key] = value;
+        }
+      }
+    }
+    if (this.options.reverseProxy && targetUrl) {
+      mappings[targetUrl] = this.options.reverseProxy;
     }
     const urlMapping: UrlMapping = {
       enabled: false,
@@ -128,7 +142,7 @@ export class AcmeService {
       await this.saveAccountConfig(email, conf);
       this.logger.info(`创建新的Accountkey:${email}`);
     }
-    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
+
     if (this.options.useMappingProxy) {
       urlMapping.enabled = true;
     } else {
@@ -147,7 +161,7 @@ export class AcmeService {
       externalAccountBinding: this.eab,
       backoffAttempts: this.options.maxCheckRetryCount || 20,
       backoffMin: 5000,
-      backoffMax: 10000,
+      backoffMax: 30 * 1000,
       urlMapping,
       signal: this.options.signal,
       logger: this.logger,
@@ -434,11 +448,7 @@ export class AcmeService {
     if (domains.length === 0) {
       throw new Error("domain can not be empty");
     }
-    // const commonName = domains[0];
-    // let altNames: undefined | string[] = undefined;
-    // if (domains.length > 1) {
-    //   altNames = _.slice(domains, 1);
-    // }
+
     return {
       // commonName,
       altNames: domains,

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/apply.ts

@@ -264,7 +264,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       name: "access-selector",
       type: "eab",
     },
-    maybeNeed: true,
+    maybeNeed: false,
     required: false,
     helper:
       "需要提供EAB授权" +
@@ -291,7 +291,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       name: "access-selector",
       type: "google",
     },
-    maybeNeed: true,
+    maybeNeed: false,
     required: false,
     helper: "google服务账号授权与EAB授权选填其中一个，[服务账号授权获取方法](https://certd.docmirror.cn/guide/use/google/)\n服务账号授权需要配置代理或者服务器本身在海外",
     mergeScript: `
@@ -458,6 +458,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     this.eab = eab;
     const subDomainsGetter = await this.ctx.serviceGetter.get<ISubDomainsGetter>("subDomainsGetter");
     const domainParser = new DomainParser(subDomainsGetter, this.logger);
+
     this.acme = new AcmeService({
       userId: this.ctx.user.id,
       userContext: this.userContext,
@@ -673,6 +674,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       },
     };
   }
+
+  async onGetReverseProxyList() {
+    const sysSettingsService:any = await this.ctx.serviceGetter.get("sysSettingsService");
+    const sysSettings = await sysSettingsService.getPrivateSettings();
+    return sysSettings.reverseProxyList || []
+  }
 }
 
 new CertApplyPlugin();

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/base.ts

@@ -60,6 +60,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
   abstract doCertApply(): Promise<CertReader>;
 
   async execute(): Promise<string | void> {
+    this.logger.addSecret(this.pfxPassword);
     const oldCert = await this.condition();
     if (oldCert != null) {
       await this.output(oldCert, false);

packages/ui/certd-server/src/plugins/plugin-oauth/index.ts

@@ -2,4 +2,7 @@ export * from './api.js'
 export * from './oidc/plugin-oidc.js'
 export * from './wx/plugin-wx.js'
 export * from './oauth2/plugin-gitee.js'
-export * from './oauth2/plugin-clogin.js'
+export * from './oauth2/plugin-clogin.js'
+export * from './oauth2/plugin-github.js'
+export * from './oauth2/plugin-google.js'
+export * from './oauth2/plugin-microsoft.js'

packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-github.ts

@@ -0,0 +1,103 @@
+import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
+import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
+
+@IsAddon({
+  addonType: "oauth",
+  name: 'github',
+  title: 'GitHub认证',
+  desc: 'GitHub OAuth2登录',
+  icon:"simple-icons:github",
+  showTest: false,
+})
+export class GithubOauthProvider extends BaseAddon implements IOauthProvider {
+
+  @AddonInput({
+    title: "ClientId",
+    helper: "[GitHub Developer Settings](https://github.com/settings/developers)创建应用后获取",
+    required: true,
+  })
+  clientId = "";
+
+  @AddonInput({
+    title: "ClientSecretKey",
+    component: {
+      placeholder: "ClientSecretKey / appSecretKey",
+    },
+    required: true,
+  })
+  clientSecretKey = "";
+
+  async buildLoginUrl(params: BuildLoginUrlReq) {
+
+    let scope = "user:email" // Scope of the access request
+    let state:any = {
+      forType: params.forType || 'login',
+    }
+    state = this.ctx.utils.hash.base64(JSON.stringify(state))
+
+    const authorizeEndpoint = "https://github.com/login/oauth/authorize"
+    const redirectUrl = encodeURIComponent(params.redirectUri)
+    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
+    return {
+      loginUrl,
+      ticketValue: {
+        state,
+      },
+    };
+  }
+
+  async onCallback(req: OnCallbackReq) {
+    
+    const code = req.code || ""
+
+    const tokenEndpoint = "https://github.com/login/oauth/access_token"
+
+    const uri = new URL(req.currentURL)
+    const redirectUri = `${uri.origin}${uri.pathname}`
+    const res = await this.ctx.utils.http.request( {
+        url: tokenEndpoint,
+        method: "post",
+        headers: {
+          "Accept": "application/json"
+        },
+        data:{
+          client_id: this.clientId,
+          client_secret: this.clientSecretKey,
+          code,
+          redirect_uri: redirectUri
+        }
+    })
+    
+    const tokens = res
+
+    const userInfoEndpoint = "https://api.github.com/user"
+
+    // 获取用户信息
+     const userInfoRes = await this.ctx.utils.http.request( {
+        url: userInfoEndpoint,
+        method: "get",
+        headers: {
+          "Authorization": `Bearer ${tokens.access_token}`,
+          "Accept": "application/json"
+        }
+    })
+    const userInfo = userInfoRes
+
+    return {
+      token:{
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresIn: tokens.expires_in,
+      },
+      userInfo: {
+        openId: userInfo.id,
+        nickName: userInfo.login || userInfo.name || "",
+        avatar: userInfo.avatar_url,
+      },
+    }
+  };
+
+  async buildLogoutUrl(params: BuildLogoutUrlReq) {
+    return {};
+  }
+}

packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-google.ts

@@ -0,0 +1,103 @@
+import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
+import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
+
+@IsAddon({
+  addonType: "oauth",
+  name: 'google',
+  title: 'Google认证',
+  desc: 'Google OAuth2登录',
+  icon:"simple-icons:google",
+  showTest: false,
+})
+export class GoogleOauthProvider extends BaseAddon implements IOauthProvider {
+
+  @AddonInput({
+    title: "ClientId",
+    helper: "[Google Cloud Console](https://console.cloud.google.com/apis/credentials)创建应用后获取",
+    required: true,
+  })
+  clientId = "";
+
+  @AddonInput({
+    title: "ClientSecretKey",
+    component: {
+      placeholder: "ClientSecretKey / appSecretKey",
+    },
+    required: true,
+  })
+  clientSecretKey = "";
+
+  async buildLoginUrl(params: BuildLoginUrlReq) {
+
+    let scope = "email profile" // Scope of the access request
+    let state:any = {
+      forType: params.forType || 'login',
+    }
+    state = this.ctx.utils.hash.base64(JSON.stringify(state))
+
+    const authorizeEndpoint = "https://accounts.google.com/o/oauth2/auth"
+    const redirectUrl = encodeURIComponent(params.redirectUri)
+    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
+    return {
+      loginUrl,
+      ticketValue: {
+        state,
+      },
+    };
+  }
+
+  async onCallback(req: OnCallbackReq) {
+    
+    const code = req.code || ""
+
+    const tokenEndpoint = "https://oauth2.googleapis.com/token"
+
+    const uri = new URL(req.currentURL)
+    const redirectUri = `${uri.origin}${uri.pathname}`
+    const res = await this.ctx.utils.http.request( {
+        url: tokenEndpoint,
+        method: "post",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        data:{
+          client_id: this.clientId,
+          client_secret: this.clientSecretKey,
+          code,
+          redirect_uri: redirectUri,
+          grant_type: "authorization_code"
+        }
+    })
+    
+    const tokens = res
+
+    const userInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo"
+
+    // 获取用户信息
+     const userInfoRes = await this.ctx.utils.http.request( {
+        url: userInfoEndpoint,
+        method: "get",
+        headers: {
+          "Authorization": `Bearer ${tokens.access_token}`
+        }
+    })
+    const userInfo = userInfoRes
+
+    return {
+      token:{
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresIn: tokens.expires_in,
+      },
+      userInfo: {
+        openId: userInfo.sub,
+        nickName: userInfo.name || userInfo.email || "",
+        avatar: userInfo.picture,
+      },
+    }
+  };
+
+  async buildLogoutUrl(params: BuildLogoutUrlReq) {
+    return {};
+  }
+}

packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-microsoft.ts

@@ -0,0 +1,122 @@
+import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
+import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
+
+@IsAddon({
+  addonType: "oauth",
+  name: 'microsoft',
+  title: 'Microsoft认证',
+  desc: 'Microsoft OAuth2登录',
+  icon:"simple-icons:microsoft",
+  showTest: false,
+})
+export class MicrosoftOauthProvider extends BaseAddon implements IOauthProvider {
+
+  @AddonInput({
+    title: "ClientId",
+    helper: "[Azure Portal](https://portal.azure.com/)创建应用后获取",
+    required: true,
+  })
+  clientId = "";
+
+  @AddonInput({
+    title: "ClientSecretKey",
+    component: {
+      placeholder: "ClientSecretKey / appSecretKey",
+    },
+    required: true,
+  })
+  clientSecretKey = "";
+
+  @AddonInput({
+    title: "TenantId",
+    helper: "租户ID，留空使用/common端点（需要应用配置为多租户）",
+    component: {
+      placeholder: "common 或 租户ID",
+    },
+    value: "common",
+    required: false,
+  })
+  tenantId = "common";
+
+  async buildLoginUrl(params: BuildLoginUrlReq) {
+
+    let scope = "openid profile email User.Read" // Scope of the access request
+    let state:any = {
+      forType: params.forType || 'login',
+    }
+    state = this.ctx.utils.hash.base64(JSON.stringify(state))
+
+    const authorizeEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/authorize`
+    const redirectUrl = encodeURIComponent(params.redirectUri)
+    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
+    return {
+      loginUrl,
+      ticketValue: {
+        state,
+      },
+    };
+  }
+
+  async onCallback(req: OnCallbackReq) {
+    
+    const code = req.code || ""
+    if (!code) {
+      throw new Error("Missing code parameter");
+    }
+
+    const tokenEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/token`
+
+    const uri = new URL(req.currentURL)
+    const redirectUri = `${uri.origin}${uri.pathname}`
+    
+    // 构建 form-urlencoded 格式的数据
+    const formData = new URLSearchParams();
+    formData.append('client_id', this.clientId);
+    formData.append('client_secret', this.clientSecretKey);
+    formData.append('code', code);
+    formData.append('redirect_uri', redirectUri);
+    formData.append('grant_type', 'authorization_code');
+
+    const res = await this.ctx.utils.http.request( {
+        url: tokenEndpoint,
+        method: "post",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          "Accept": "application/json"
+        },
+        data: formData.toString()
+    })
+    
+    const tokens = res
+
+    const userInfoEndpoint = "https://graph.microsoft.com/v1.0/me"
+
+    // 获取用户信息
+     const userInfoRes = await this.ctx.utils.http.request( {
+        url: userInfoEndpoint,
+        method: "get",
+        headers: {
+          "Authorization": `Bearer ${tokens.access_token}`,
+          "Accept": "application/json"
+        }
+    })
+    const userInfo = userInfoRes
+
+    return {
+      token:{
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresIn: tokens.expires_in,
+      },
+      userInfo: {
+        openId: userInfo.id,
+        nickName: userInfo.displayName || userInfo.userPrincipalName || "",
+        avatar: userInfo.avatar || "",
+      },
+    }
+  };
+
+  async buildLogoutUrl(params: BuildLogoutUrlReq) {
+    return {};
+  }
+}

trigger/build.trigger

@@ -1 +1 @@
-00:04
+16:31

trigger/publish.trigger

@@ -1 +1 @@
-11
+16

trigger/release.trigger

@@ -1 +1 @@
-00:18
+17:12