v1.37.12

build: prepare to build
2026-04-28 07:57:25 +08:00 · 2025-11-30 02:30:29 +08:00 · 2025-11-30 02:28:22 +08:00 · 2025-11-30 02:18:12 +08:00 · 2025-11-30 02:16:04 +08:00 · 2025-11-30 01:30:47 +08:00
75 changed files with 1082 additions and 327 deletions
@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 ### Bug Fixes
 * 修复waf tls版本号小写 ([0adcc6a](https://github.com/certd/certd/commit/0adcc6a8d194469be0c26940ed4837fb34929b68))
 ### Performance Improvements
 * 支持微信扫码登录 ([73325aa](https://github.com/certd/certd/commit/73325aaefb0e750a22aaac40929e7bf3f5864996))
 * 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/certd/certd/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Bug Fixes
 * 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题 ([2fabee6](https://github.com/certd/certd/commit/2fabee647acf64afe689f5bea3603028cd0ba4a2))
 * 修复备注撑开表格行高的bug ([c7b298c](https://github.com/certd/certd/commit/c7b298c46f0d52b43bd2bb17b374e7970a446446))
 * 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
 * openapi 成功后失败都返回msg ([6e735bb](https://github.com/certd/certd/commit/6e735bbd1e29712e939f775a4db974db70e3b4b0))
 ### Performance Improvements
 *  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
 * 优化宝塔网站证书在并发部署时导致nginx配置文件错乱的问题 ([51cc084](https://github.com/certd/certd/commit/51cc08411fd2dbab66d769b495dc1b0bf2f2578c))
 * 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
 * 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
 * ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 ### Performance Improvements
@@ -3,6 +3,23 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Bug Fixes
 * 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题 ([2fabee6](https://github.com/certd/certd/commit/2fabee647acf64afe689f5bea3603028cd0ba4a2))
 * 修复备注撑开表格行高的bug ([c7b298c](https://github.com/certd/certd/commit/c7b298c46f0d52b43bd2bb17b374e7970a446446))
 * 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
 * openapi 成功后失败都返回msg ([6e735bb](https://github.com/certd/certd/commit/6e735bbd1e29712e939f775a4db974db70e3b4b0))
 ### Performance Improvements
 *  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
 * 优化宝塔网站证书在并发部署时导致nginx配置文件错乱的问题 ([51cc084](https://github.com/certd/certd/commit/51cc08411fd2dbab66d769b495dc1b0bf2f2578c))
 * 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
 * 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
 * ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 ### Performance Improvements
@@ -72,7 +72,7 @@
 | 3.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | 
 | 4.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN | 
 | 5.| **阿里云-部署证书至OSS** | 部署域名证书至阿里云OSS自定义域名，不是上传到阿里云oss | 
-| 6.| **阿里云-上传证书到阿里云CAS** | 上传证书到阿里云数字证书管理服务（CAS），注意：不会部署到任何应用上；如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
+| 6.| **阿里云-上传证书到CAS** | 上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
 | 7.| **阿里云-部署至阿里云WAF** | 部署证书到阿里云WAF | 
 | 8.| **阿里云-部署至ALB（应用负载均衡）** | ALB,更新监听器的默认证书 | 
 | 9.| **阿里云-部署至NLB（网络负载均衡）** | NLB,网络负载均衡,更新监听器的默认证书 | 
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.37.10"
+  "version": "1.37.12"
 }
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/publishlab/node-acme-client/compare/v1.37.11...v1.37.12) (2025-11-29)
 ### Performance Improvements
 * 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/publishlab/node-acme-client/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
 ## [1.37.11](https://github.com/publishlab/node-acme-client/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Performance Improvements
 * ssl.com支持ecc ([b5ec047](https://github.com/publishlab/node-acme-client/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
 ## [1.37.10](https://github.com/publishlab/node-acme-client/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/acme-client
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.37.10",
+    "version": "1.37.12",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.37.10",
+        "@certd/basic": "^1.37.12",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.7.2",
@@ -70,5 +70,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+    "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -32,7 +32,11 @@ export const directory = {
      staging: 'https://acme.ssl.com/sslcom-dv-rsa',
      production: 'https://acme.ssl.com/sslcom-dv-rsa',
      ec: 'https://acme.ssl.com/sslcom-dv-ecc',
-    }
+    },
    litessl: {
        staging: 'https://acme.litessl.com/acme/v2/directory',
        production: 'https://acme.litessl.com/acme/v2/directory',
    },
 };
 export function getDirectoryUrl(opts) {
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/basic
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Performance Improvements
 * 优化宝塔网站证书在并发部署时导致nginx配置文件错乱的问题 ([51cc084](https://github.com/certd/certd/commit/51cc08411fd2dbab66d769b495dc1b0bf2f2578c))
 * 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
 * ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/basic
@@ -1 +1 @@
-23:49
+02:28
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.37.10",
+  "version": "1.37.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -47,5 +47,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -9,7 +9,7 @@ export class Locker {
  }
  async execute(lockStr: string, callback: any, options?: { timeout?: number }) {
-    const timeout = options?.timeout ?? 20000;
+    const timeout = options?.timeout ?? 120000;
    return this.asyncLocker.acquire(lockStr, callback, { timeout });
  }
 }
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/pipeline
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 **Note:** Version bump only for package @certd/pipeline
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/pipeline
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.37.10",
+  "version": "1.37.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.37.10",
+    "@certd/basic": "^1.37.12",
-    "@certd/plus-core": "^1.37.10",
+    "@certd/plus-core": "^1.37.12",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/lib-huawei
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 **Note:** Version bump only for package @certd/lib-huawei
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.37.10",
+  "version": "1.37.12",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
    "prettier": "^2.8.8",
    "tslib": "^2.8.1"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/lib-iframe
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 **Note:** Version bump only for package @certd/lib-iframe
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.37.10",
+  "version": "1.37.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -31,5 +31,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/jdcloud
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Performance Improvements
 *  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.37.10",
+  "version": "1.37.12",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
      "fetch"
    ]
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/lib-k8s
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 **Note:** Version bump only for package @certd/lib-k8s
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.37.10",
+  "version": "1.37.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.37.10",
+    "@certd/basic": "^1.37.12",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -32,5 +32,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/lib-server
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Performance Improvements
 * 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/lib-server
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.37.10",
+  "version": "1.37.12",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.37.10",
+    "@certd/acme-client": "^1.37.12",
-    "@certd/basic": "^1.37.10",
+    "@certd/basic": "^1.37.12",
-    "@certd/pipeline": "^1.37.10",
+    "@certd/pipeline": "^1.37.12",
-    "@certd/plugin-lib": "^1.37.10",
+    "@certd/plugin-lib": "^1.37.12",
-    "@certd/plus-core": "^1.37.10",
+    "@certd/plus-core": "^1.37.12",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -1,5 +1,5 @@
 import { PermissionException, ValidateException } from './exception/index.js';
-import { In, Repository, SelectQueryBuilder } from 'typeorm';
+import { FindOneOptions, In, Repository, SelectQueryBuilder } from 'typeorm';
 import { Inject } from '@midwayjs/core';
 import { TypeORMDataSourceManager } from '@midwayjs/typeorm';
 import { EntityManager } from 'typeorm/entity-manager/EntityManager.js';
@@ -238,4 +238,8 @@ export abstract class BaseService<T> {
    await this.delete(ids);
  }
  async findOne(options: FindOneOptions<T>) {
    return await this.getRepository().findOne(options);
  }
 }
@@ -31,6 +31,7 @@ export type AddonDefine = Registrable & {
    [key: string]: AddonInputDefine;
  };
  showTest?: boolean;
  icon?: string;
 };
 export type AddonInstanceConfig = {
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/midway-flyway-js
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 **Note:** Version bump only for package @certd/midway-flyway-js
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.37.10",
+  "version": "1.37.12",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -46,5 +46,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 ### Performance Improvements
 * 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/certd/certd/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Performance Improvements
 * ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 ### Performance Improvements
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.37.10",
+  "version": "1.37.12",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.37.10",
+    "@certd/acme-client": "^1.37.12",
-    "@certd/basic": "^1.37.10",
+    "@certd/basic": "^1.37.12",
-    "@certd/pipeline": "^1.37.10",
+    "@certd/pipeline": "^1.37.12",
-    "@certd/plugin-lib": "^1.37.10",
+    "@certd/plugin-lib": "^1.37.12",
    "@google-cloud/publicca": "^1.3.0",
    "dayjs": "^1.11.7",
    "jszip": "^3.10.1",
@@ -43,5 +43,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -136,6 +136,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
        { value: "letsencrypt", label: "Let's Encrypt（免费，新手推荐）", icon: "simple-icons:letsencrypt" },
        { value: "google", label: "Google（免费）", icon: "flat-color-icons:google" },
        { value: "zerossl", label: "ZeroSSL（免费）", icon: "emojione:digit-zero" },
        { value: "litessl", label: "litessl（免费）", icon: "roentgen:free" },
        { value: "sslcom", label: "SSL.com（仅主域名和www免费）", icon: "la:expeditedssl" },
        { value: "letsencrypt_staging", label: "Let's Encrypt测试环境（IP证书）", icon: "simple-icons:letsencrypt" },
      ],
@@ -250,6 +251,13 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
  })
  sslcomCommonEabAccessId!: number;
  @TaskInput({
    title: "litessl公共EAB授权",
    isSys: true,
    show: false,
  })
  litesslCommonEabAccessId!: number;
  @TaskInput({
    title: "EAB授权",
    component: {
@@ -262,13 +270,15 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
      "需要提供EAB授权" +
      "\nZeroSSL：请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'" +
      "\nGoogle:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/)，用过一次后会绑定邮箱，后续复用EAB要用同一个邮箱" +
-      "\nSSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api credentials链接，然后点击编辑按钮，查看Secret key和HMAC key",
+      "\nSSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api credentials链接，然后点击编辑按钮，查看Secret key和HMAC key" +
      "\nlitessl:[litesslEAB页面](https://freessl.cn/automation/eab-manager),然后点击新增EAB",
    mergeScript: `
    return {
        show: ctx.compute(({form})=>{
            return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
            || (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
            || (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
            || (form.sslProvider === 'litessl' && !form.litesslCommonEabAccessId)
        })
    }
    `,
@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 **Note:** Version bump only for package @certd/plugin-lib
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Performance Improvements
 *  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
 * 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 **Note:** Version bump only for package @certd/plugin-lib
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.37.10",
+  "version": "1.37.12",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,8 +22,8 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.10",
    "@aws-sdk/client-s3": "^3.787.0",
-    "@certd/basic": "^1.37.10",
+    "@certd/basic": "^1.37.12",
-    "@certd/pipeline": "^1.37.10",
+    "@certd/pipeline": "^1.37.12",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -53,5 +53,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "9acac86ed58616fef31ec4d63021bb221429a425"
 }
@@ -36,7 +36,7 @@ export class TencentSslClient {
  checkRet(ret: any) {
    if (!ret || ret.Error) {
-      throw new Error("请求失败：" + ret.Error.Code + "," + ret.Error.Message);
+      throw new Error("请求失败：" + ret.Error.Code + "," + ret.Error.Message + ",requestId" + ret.RequestId);
    }
  }
@@ -70,43 +70,33 @@ export class TencentSslClient {
  }
  async deployCertificateInstance(params: any) {
-    const client = await this.getSslClient();
+    return await this.doRequest("DeployCertificateInstance", params);
    const res = await client.DeployCertificateInstance(params);
    this.checkRet(res);
    return res;
  }
  async DescribeHostUploadUpdateRecordDetail(params: any) {
-    const client = await this.getSslClient();
+    return await this.doRequest("DescribeHostUploadUpdateRecordDetail", params);
    const res = await client.request("DescribeHostUploadUpdateRecordDetail", params);
    this.checkRet(res);
    return res;
  }
  async UploadUpdateCertificateInstance(params: any) {
-    const client = await this.getSslClient();
+    return await this.doRequest("UploadUpdateCertificateInstance", params);
    const res = await client.request("UploadUpdateCertificateInstance", params);
    this.checkRet(res);
    return res;
  }
  async DescribeCertificates(params: { Limit?: number; Offset?: number; SearchKey?: string }) {
-    const client = await this.getSslClient();
+    return await this.doRequest("DescribeCertificates", {
    const res = await client.DescribeCertificates({
      ExpirationSort: "ASC",
      ...params,
    });
    this.checkRet(res);
    return res;
  }
  async doRequest(action: string, params: any) {
    const client = await this.getSslClient();
-    if (!client[action]) {
+    try {
-      throw new Error(`action ${action} not found`);
+      const res = await client.request(action, params);
      this.checkRet(res);
      return res;
    } catch (e) {
      this.logger.error(`action ${action} error: ${e.message},requestId=${e.RequestId}`);
      throw e;
    }
    const res = await client[action](params);
    this.checkRet(res);
    return res;
  }
 }
@@ -3,6 +3,25 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 ### Performance Improvements
 * 支持微信扫码登录 ([73325aa](https://github.com/certd/certd/commit/73325aaefb0e750a22aaac40929e7bf3f5864996))
 * 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/certd/certd/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Bug Fixes
 * 修复备注撑开表格行高的bug ([c7b298c](https://github.com/certd/certd/commit/c7b298c46f0d52b43bd2bb17b374e7970a446446))
 * 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
 ### Performance Improvements
 * 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
 * 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 ### Performance Improvements
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.37.10",
+  "version": "1.37.12",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.37.10",
+    "@certd/lib-iframe": "^1.37.12",
-    "@certd/pipeline": "^1.37.10",
+    "@certd/pipeline": "^1.37.12",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -1,8 +1,8 @@
 <template>
  <div id="userLayout" :class="['user-layout-wrapper']">
-    <div class="login-container flex-center">
+    <div class="login-container flex justify-start">
-      <div class="user-layout-content flex-center flex-col">
+      <div class="user-layout-content flex-col justify-start">
-        <div class="top flex flex-col items-center justify-center">
+        <div class="top flex flex-col items-center justify-start">
          <div class="header flex flex-row items-center">
            <img :src="siteInfo.loginLogo" class="logo" alt="logo" />
            <span class="title"></span>
@@ -10,8 +10,9 @@
          <div class="desc">{{ siteInfo.slogan }}</div>
        </div>
-        <router-view />
+        <div class="flex-1 flex flex-col justify-start items-center">
-
+          <router-view />
        </div>
        <div class="footer">
          <div class="copyright">
            <span v-if="!settingStore.isComm">
@@ -57,6 +57,7 @@ export default {
  passwordPlaceholder: "Please enter your password",
  mobilePlaceholder: "Please enter your mobile number",
  loginButton: "Log In",
  bindButton: "Bind Account",
  forgotPassword: "Forgot password?",
  forgotAdminPassword: "Forgot admin password?",
  registerLink: "Register",
@@ -760,6 +760,16 @@ export default {
      fixedCertExpireDays: "Fixed Cert Expire Days",
      fixedCertExpireDaysHelper: "Fixed cert expiration days, helpful for table list progress bar display",
      fixedCertExpireDaysRecommend: "Recommend 90",
      enableOauth: "Enable OAuth2 Login",
      oauthEnabledHelper: "Whether to enable OAuth2 login",
      oauthProviders: "OAuth2 Login Providers",
      oauthType: "OAuth2 Login Type",
      oauthConfig: "OAuth2 Login Config",
      oauthProviderSelectorPlaceholder: "Not Configured",
      oauthCallback: "Callback URL",
      oauthCallbackHelper: "Copy this URL to the callback address of the OAuth2 login provider",
      oauthCallbackCopy: "Copy Callback URL",
    },
  },
  modal: {
@@ -57,6 +57,7 @@ export default {
  passwordPlaceholder: "请输入密码",
  mobilePlaceholder: "请输入手机号",
  loginButton: "登录",
  bindButton: "绑定账号",
  forgotPassword: "忘记密码？",
  forgotAdminPassword: "忘记管理员密码？",
  registerLink: "注册",
@@ -604,7 +604,7 @@ export default {
  limitUserPipelineCountHelper: "0为不限制",
  enableSelfRegistration: "开启自助注册",
  enableUserValidityPeriod: "开启用户有效期",
-  userValidityPeriodHelper: "有效期内用户可正常使用，失效后流水线将被停用",
+  userValidityPeriodHelper: "有效期内用户可正常使用，失效后用户的流水线将被停用",
  enableUsernameRegistration: "开启用户名注册",
  enableEmailRegistration: "开启邮箱注册",
  proFeature: "专业版功能",
@@ -761,6 +761,16 @@ export default {
      fixedCertExpireDays: "固定证书有效期天数",
      fixedCertExpireDaysHelper: "固定证书有效期天数，有助于列表进度条整齐显示",
      fixedCertExpireDaysRecommend: "推荐90",
      enableOauth: "启用第三方登录",
      oauthEnabledHelper: "是否启用第三方登录",
      oauthProviders: "第三方登录提供商",
      oauthType: "第三方登录类型",
      oauthConfig: "第三方登录配置",
      oauthProviderSelectorPlaceholder: "未配置",
      oauthCallback: "回调地址",
      oauthCallbackHelper: "复制回调地址，配置到对应提供商的回调地址中",
      oauthCallbackCopy: "复制回调地址",
    },
  },
  modal: {
@@ -1,6 +1,6 @@
 <template>
  <div class="addon-selector">
-    <div class="flex-o w-100">
+    <div class="flex-o w-100 inner">
      <!--      <fs-dict-select class="flex-1" :value="modelValue" :dict="optionsDictRef" :disabled="disabled" :render-label="renderLabel" :slots="selectSlots" :allow-clear="true" v-bind="select" @update:value="onChange" />-->
      <span v-if="modelValue" class="mr-5 cd-flex-inline">
        <a-tag class="mr-5" color="green">{{ target?.name || modelValue }}</a-tag>
@@ -175,5 +175,9 @@ async function doRefresh() {
 <style lang="less">
 .addon-selector {
  width: 100%;
  .inner {
    display: flex;
    align-items: center;
  }
 }
 </style>
@@ -121,7 +121,14 @@ export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any, a
      },
      editForm: {
        component: {
-          disabled: false,
+          disabled: true,
        },
      },
      addForm: {
        component: {
          disabled: compute(({ form }) => {
            return form.type ? true : false;
          }),
        },
      },
      form: {
@@ -40,6 +40,12 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
        editRequest,
        delRequest,
      },
      search: {
        initialForm: {
          addonType: addonType,
          type: type,
        },
      },
      form: {
        labelCol: {
          //固定label宽度
@@ -22,3 +22,36 @@ export async function UpdateProfile(form: any) {
    data: form,
  });
 }
 export async function GetOauthBounds() {
  return await request({
    url: "/oauth/bounds",
    method: "POST",
  });
 }
 export async function GetOauthProviders() {
  return await request({
    url: "/oauth/providers",
    method: "POST",
  });
 }
 export async function UnbindOauth(type: string) {
  return await request({
    url: "/oauth/unbind",
    method: "POST",
    data: { type },
  });
 }
 export async function OauthBoundUrl(type: string) {
  return await request({
    url: "/oauth/login",
    method: "POST",
    data: {
      type,
      forType: "bind",
    },
  });
 }
@@ -15,7 +15,14 @@
        </a-descriptions-item>
        <a-descriptions-item :label="t('authentication.email')">{{ userInfo.email }}</a-descriptions-item>
        <a-descriptions-item :label="t('authentication.phoneNumber')">{{ userInfo.phoneCode }}{{ userInfo.mobile }}</a-descriptions-item>
-        <a-descriptions-item></a-descriptions-item>
+        <a-descriptions-item v-if="settingStore.sysPublic.oauthEnabled && settingStore.isPlus" label="第三方账号绑定">
          <div v-for="item in computedOauthBounds" :key="item.name" class="flex items-center gap-2">
            <fs-icon :icon="item.icon" class="mr-2 text-blue-500" />
            <span class="mr-2 w-36">{{ item.title }}</span>
            <a-button v-if="item.bound" type="link" danger @click="unbind(item.name)">解绑</a-button>
            <a-button v-else type="primary" @click="bind(item.name)">绑定</a-button>
          </div>
        </a-descriptions-item>
        <a-descriptions-item :label="t('common.handle')">
          <a-button type="primary" @click="doUpdate">{{ t("authentication.updateProfile") }}</a-button>
          <change-password-button class="ml-10" :show-button="true"> </change-password-button>
@@ -27,10 +34,12 @@
 <script lang="ts" setup>
 import * as api from "./api";
-import { Ref, ref } from "vue";
+import { computed, onMounted, Ref, ref } from "vue";
 import ChangePasswordButton from "/@/views/certd/mine/change-password-button.vue";
 import { useI18n } from "/src/locales";
 import { useUserProfile } from "./use";
 import { Modal } from "ant-design-vue";
 import { useSettingStore } from "/@/store/settings";
 const { t } = useI18n();
@@ -38,13 +47,13 @@ defineOptions({
  name: "UserProfile",
 });
 const settingStore = useSettingStore();
 const userInfo: Ref = ref({});
 const getUserInfo = async () => {
  userInfo.value = await api.getMineInfo();
 };
 getUserInfo();
 const { openEditProfileDialog } = useUserProfile();
 function doUpdate() {
@@ -54,4 +63,51 @@ function doUpdate() {
    },
  });
 }
 const oauthBounds = ref([]);
 const oauthProviders = ref([]);
 async function loadOauthBounds() {
  const res = await api.GetOauthBounds();
  oauthBounds.value = res;
 }
 async function loadOauthProviders() {
  const res = await api.GetOauthProviders();
  oauthProviders.value = res;
 }
 const computedOauthBounds = computed(() => {
  const list = oauthProviders.value.map(item => {
    const bound = oauthBounds.value.find(bound => bound.type === item.name);
    return {
      ...item,
      bound,
    };
  });
  return list;
 });
 async function unbind(type: string) {
  Modal.confirm({
    title: "确认解绑吗？",
    okText: "确认",
    okType: "danger",
    onOk: async () => {
      await api.UnbindOauth(type);
      await loadOauthBounds();
    },
  });
 }
 async function bind(type: string) {
  //获取第三方登录URL
  const res = await api.OauthBoundUrl(type);
  const loginUrl = res.loginUrl;
  window.location.href = loginUrl;
 }
 onMounted(async () => {
  await getUserInfo();
  await loadOauthBounds();
  await loadOauthProviders();
 });
 </script>
@@ -15,8 +15,9 @@ import GroupSelector from "/@/views/certd/pipeline/group/group-selector.vue";
 import { useCertViewer } from "/@/views/certd/pipeline/use";
 import { useI18n } from "/src/locales";
 import { GetDetail, GetObj } from "./api";
 import { groupDictRef } from "./group/dicts";
-export default function ({ crudExpose, context: { groupDictRef, selectedRowKeys } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
+export default function ({ crudExpose, context: { selectedRowKeys } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
  const lastResRef = ref();
@@ -495,6 +496,11 @@ export default function ({ crudExpose, context: { groupDictRef, selectedRowKeys
            component: {
              name: GroupSelector,
              vModel: "modelValue",
              on: {
                refresh: async () => {
                  await groupDictRef.reloadDict();
                },
              },
            },
          },
          column: {
@@ -0,0 +1,7 @@
 import { dict } from "@fast-crud/fast-crud";
 export const groupDictRef = dict({
  url: "/pi/pipeline/group/all",
  value: "id",
  label: "name",
 });
@@ -35,6 +35,7 @@
 <script setup lang="ts">
 import createCrudOptions from "./crud";
 import { dict, FsDictSelect } from "@fast-crud/fast-crud";
 import { groupDictRef } from "./dicts";
 const props = defineProps<{
  modelValue?: number;
@@ -43,11 +44,7 @@ const props = defineProps<{
 defineOptions({
  name: "GroupSelector",
 });
-const groupDictRef = dict({
+
  url: "/pi/pipeline/group/all",
  value: "id",
  label: "name",
 });
 const emit = defineEmits(["refresh", "update:modelValue"]);
 function doRefresh() {
  emit("refresh");
@@ -35,19 +35,14 @@ import { useI18n } from "/src/locales";
 const { t } = useI18n();
 import ChangeNotification from "/@/views/certd/pipeline/components/change-notification.vue";
 import { useSettingStore } from "/@/store/settings";
 import { groupDictRef } from "./group/dicts";
 defineOptions({
  name: "PipelineManager",
 });
 const groupDictRef = dict({
  url: "/pi/pipeline/group/all",
  value: "id",
  label: "name",
 });
 const selectedRowKeys = ref([]);
 const context: any = {
  groupDictRef,
  selectedRowKeys,
 };
 const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });
@@ -48,28 +48,26 @@
      </a-tabs>
      <a-form-item>
        <a-button type="primary" size="large" html-type="button" :loading="loading" class="login-button" @click="handleFinish">
-          {{ t("authentication.loginButton") }}
+          {{ queryBindCode ? t("authentication.bindButton") : t("authentication.loginButton") }}
        </a-button>
-        <div v-if="!!settingStore.sysPublic.selfServicePasswordRetrievalEnabled && !queryBindCode" class="mt-2">
+        <div class="mt-2 flex justify-between items-center">
-          <router-link :to="{ name: 'forgotPassword' }">
+          <div class="flex items-center gap-2">
-            {{ t("authentication.forgotPassword") }}
+            <language-toggle class="text-blue-500"></language-toggle>
-          </router-link>
+            <router-link v-if="!!settingStore.sysPublic.selfServicePasswordRetrievalEnabled && !queryBindCode" :to="{ name: 'forgotPassword' }">
-        </div>
+              {{ t("authentication.forgotPassword") }}
-      </a-form-item>
+            </router-link>
          </div>
      <a-form-item class="user-login-other">
        <div class="flex flex-between justify-between items-center">
          <language-toggle class="color-blue"></language-toggle>
          <router-link v-if="hasRegisterTypeEnabled() && !queryBindCode" class="register" :to="{ name: 'register' }">
            {{ t("authentication.registerLink") }}
          </router-link>
        </div>
        <div class="flex flex-between justify-between items-center mt-5">
          <oauth-footer></oauth-footer>
        </div>
      </a-form-item>
      <div v-if="!queryBindCode && settingStore.sysPublic.oauthEnabled && settingStore.isPlus" class="w-full">
        <oauth-footer></oauth-footer>
      </div>
    </a-form>
    <a-form v-else ref="twoFactorFormRef" class="user-layout-login" :model="twoFactor" v-bind="layout">
      <div class="mb-10 flex flex-center">请打开您的Authenticator APP，获取动态验证码。</div>
@@ -84,7 +82,7 @@
        <loading-button type="primary" size="large" html-type="button" class="login-button" :click="handleTwoFactorSubmit">OTP验证登录</loading-button>
      </a-form-item>
-      <a-form-item class="user-login-other">
+      <a-form-item class="mt-10">
        <a class="register" @click="twoFactor.loginId = null"> 返回 </a>
      </a-form-item>
    </a-form>
@@ -2,23 +2,25 @@ import { request } from "/src/api/service";
 const apiPrefix = "/oauth";
-export async function OauthLogin(type: string) {
+export async function OauthLogin(type: string, forType?: string, from?: string) {
  return await request({
    url: apiPrefix + `/login`,
    method: "post",
    data: {
      type,
      forType: forType || "login",
      from: from || "web",
    },
  });
 }
-export async function OauthCallback(type: string, query: Record<string, string>) {
+export async function OauthToken(type: string, validationCode: string) {
  return await request({
-    url: apiPrefix + `/callback`,
+    url: apiPrefix + `/token`,
    method: "post",
    data: {
      type,
-      ...query,
+      validationCode,
    },
  });
 }
@@ -43,3 +45,10 @@ export async function BindUser(code: string) {
    },
  });
 }
 export async function GetOauthProviders() {
  return await request({
    url: apiPrefix + "/providers",
    method: "post",
  });
 }
@@ -2,18 +2,19 @@
  <div class="oauth-callback-page">
    <div class="oauth-callback-content">
      <div v-if="!bindRequired" class="oauth-callback-title">
-        <span>登录中...</span>
+        <span v-if="!error">登录中...</span>
        <span v-else>{{ error }}</span>
      </div>
-      <div v-else class="oauth-callback-title">
+      <div v-else class="oauth-callback-title mt-10">
-        <div>第三方登录成功，还未绑定账号，请选择</div>
+        <div>第三方（{{ oauthType }}）登录成功，您还未绑定账号，请选择</div>
-        <div>
+        <div class="mt-10">
-          <a-button class="w-full mt-5" type="primary" @click="goBindUser">绑定已有账号</a-button>
+          <a-button class="w-full mt-10" type="primary" @click="goBindUser">绑定已有账号</a-button>
-          <a-button class="w-full mt-5" type="primary" @click="autoRegister">创建新账号</a-button>
+          <a-button v-if="settingStore.sysPublic.registerEnabled" class="w-full mt-10" type="primary" @click="autoRegister">创建新账号</a-button>
        </div>
-        <div class="w-full mt-5">
+        <div class="w-full mt-10">
-          <router-link to="/login" class="w-full mt-5" type="primary">返回登录页</router-link>
+          <router-link to="/login" class="w-full mt-10" type="primary">返回登录页</router-link>
        </div>
      </div>
    </div>
@@ -25,21 +26,24 @@ import { ref, onMounted } from "vue";
 import * as api from "./api";
 import { useRoute, useRouter } from "vue-router";
 import { useUserStore } from "/@/store/user";
 import { notification } from "ant-design-vue";
 import { useSettingStore } from "/@/store/settings";
 const route = useRoute();
 const router = useRouter();
 const settingStore = useSettingStore();
 const oauthType = route.params.type as string;
-
+const validationCode = route.query.validationCode as string;
-const query = route.query as Record<string, string>;
+const forType = route.query.forType as string;
-
+const error = ref(route.query.error as string);
 const userStore = useUserStore();
 const bindRequired = ref(false);
 const bindCode = ref("");
-async function handleOauthCallback() {
+async function handleOauthToken() {
  //处理第三方登录回调
-  const res = await api.OauthCallback(oauthType, query);
+  const res = await api.OauthToken(oauthType, validationCode);
  if (res.token) {
    //登录成功
    userStore.onLoginSuccess(res);
@@ -55,7 +59,22 @@ async function handleOauthCallback() {
 }
 onMounted(async () => {
-  await handleOauthCallback();
+  if (error.value) {
    return;
  }
  if (forType === "bind") {
    //绑定第三方账号
    await api.BindUser(validationCode);
    notification.success({
      message: "绑定成功",
    });
    //跳转到首页
    router.replace("/certd/mine/user-profile");
    return;
  }
  await handleOauthToken();
 });
 async function goBindUser() {
@@ -83,7 +102,7 @@ async function autoRegister() {
  justify-content: center;
  align-items: center;
  gap: 16px;
-
+  width: 100%;
  .oauth-callback-content {
    display: flex;
    justify-content: center;
@@ -93,11 +112,14 @@ async function autoRegister() {
    border-radius: 16px;
    box-shadow: 0 0 16px rgba(0, 0, 0, 0.1);
    width: 500px;
    max-width: 90%;
    margin: 0 auto;
    margin-top: 50px;
    margin-bottom: 100px;
    min-height: 200px;
    .oauth-callback-title {
-      font-size: 24px;
+      font-size: 16px;
      font-weight: 500;
    }
  }
@@ -1,45 +1,88 @@
 <template>
-  <div class="oauth-footer">
+  <div class="oauth-footer relative">
-    <div v-for="item in oauthList" :key="item.type">
+    <div class="oauth-title">
-      <div class="oauth-icon-button pointer" @click="goOauthLogin(item.type)">
+      <div class="oauth-title-text">其他方式登录</div>
-        <el-icon :icon="item.icon" />
+    </div>
-        <span>{{ item.name }}</span>
+    <div class="flex justify-center items-center gap-4">
-      </div>
+      <template v-for="item in oauthProviderList" :key="item.type">
        <div v-if="item.addonId" class="oauth-icon-button pointer" @click="goOauthLogin(item.name)">
          <div><fs-icon :icon="item.icon" class="text-blue-600 text-40" /></div>
          <div>{{ item.addonTitle || item.title }}</div>
        </div>
      </template>
    </div>
  </div>
 </template>
 <script setup lang="ts">
-import { ref } from "vue";
+import { onMounted, ref } from "vue";
 import * as api from "./api";
-const oauthList = ref([
+const oauthProviderList = ref([]);
-  {
+
-    name: "OIDC",
+onMounted(async () => {
-    type: "oidc",
+  oauthProviderList.value = await api.GetOauthProviders();
-    icon: "ion:oidc",
+});
  },
 ]);
 async function goOauthLogin(type: string) {
  //获取第三方登录URL
-  const res = await api.OauthLogin(type);
+  const from = "web";
  const res = await api.OauthLogin(type, from);
  const loginUrl = res.loginUrl;
  window.location.href = loginUrl;
 }
 </script>
 <style lang="less">
 .oauth-footer {
  width: 100%;
  display: flex;
  flex-direction: column;
  justify-content: center;
  align-items: center;
  gap: 16px;
  .oauth-title {
    width: 100%;
    font-size: 14px;
    font-weight: 500;
    color: #8c8c8c;
    position: relative;
    .oauth-title-text {
      position: relative;
      z-index: 1;
      text-align: center;
      &::after {
        content: "";
        position: absolute;
        top: 50%;
        left: 0;
        width: 36%;
        height: 0.5px;
        background-color: #8c8c8c;
      }
      &::before {
        content: "";
        position: absolute;
        top: 50%;
        right: 0;
        width: 36%;
        height: 0.5px;
        background-color: #8c8c8c;
      }
    }
  }
  .oauth-icon-button {
    display: flex;
    flex-direction: column;
    justify-content: center;
    align-items: center;
    gap: 8px;
-    padding: 8px 16px;
+    padding: 8px 8px;
    border-radius: 100px;
    .fs-icon {
      font-size: 36px;
      color: #006be6 !important;
    }
  }
 }
 </style>
@@ -93,6 +93,7 @@ export type PluginConfigBean = {
 export type CertApplyPluginSysInput = {
  googleCommonEabAccessId?: number;
  zerosslCommonEabAccessId?: number;
  litesslCommonEabAccessId?: number;
 };
 export type PluginSysSetting<T> = {
  sysSetting: {
@@ -26,6 +26,16 @@
          </div>
        </a-form-item>
        <a-form-item label="公共litessl EAB授权" :name="['CertApply', 'sysSetting', 'input', 'litesslCommonEabAccessId']">
          <access-selector v-model:model-value="formState.CertApply.sysSetting.input.litesslCommonEabAccessId" type="eab" from="sys"></access-selector>
          <div class="helper">
            <div>设置公共litessl EAB授权给用户使用，避免用户自己获取litessl EAB授权</div>
            <div>
              <a href="https://freessl.cn/automation/eab-manager">litessl EAB授权管理 </a>
            </div>
          </div>
        </a-form-item>
        <a-form-item :wrapper-col="{ offset: 8, span: 16 }">
          <a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
        </a-form-item>
@@ -114,7 +114,7 @@ export async function GetSmsTypeDefine(type: string) {
 export async function GetOauthProviders() {
  return await request({
-    url: apiPrefix + "/oauth/providers",
+    url: "/oauth/providers",
    method: "post",
  });
 }
@@ -66,7 +66,7 @@ function onChange(value: string) {
 <style lang="less">
 .page-sys-settings {
  .sys-settings-form {
-    width: 800px;
+    width: 900px;
    max-width: 100%;
    padding: 20px;
  }
@@ -54,34 +54,45 @@
            <div class="helper">{{ t("certd.saveThenTest") }}</div>
          </a-form-item>
        </template>
-        <a-form-item :label="t('certd.enableOauth')" :name="['public', 'oauthEnabled']">
+      </template>
-          <div class="flex-o">
+
-            <a-switch v-model:checked="formState.public.oauthEnabled" :disabled="!settingsStore.isPlus" :title="t('certd.plusFeature')" />
+      <a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
-            <vip-button class="ml-5" mode="plus"></vip-button>
+        <div class="flex-o">
-          </div>
+          <a-switch v-model:checked="formState.public.oauthEnabled" :disabled="!settingsStore.isPlus" :title="t('certd.plusFeature')" />
-        </a-form-item>
+          <vip-button class="ml-5" mode="button"></vip-button>
-        <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.oauthProviders')" :name="['public', 'oauthProviders']">
+        </div>
-          <div class="flex flex-wrap">
+      </a-form-item>
-            <table>
+      <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.sys.setting.oauthProviders')" :name="['public', 'oauthProviders']">
        <div class="flex flex-wrap">
          <table class="w-full table-auto border-collapse border border-gray-400">
            <thead>
              <tr>
-                <th>{{ t("certd.oauthType") }}</th>
+                <th class="border border-gray-300 px-4 py-2 w-1/3">{{ t("certd.sys.setting.oauthType") }}</th>
-                <th>{{ t("certd.oauthConfig") }}</th>
+                <th class="border border-gray-300 px-4 py-2 w-1/3">{{ t("certd.sys.setting.oauthCallback") }}</th>
                <th class="border border-gray-300 px-4 py-2 w-1/3">{{ t("certd.sys.setting.oauthConfig") }}</th>
              </tr>
            </thead>
            <tbody>
              <tr v-for="(item, key) of oauthProviders" :key="key">
-                <td>
+                <td class="border border-gray-300 px-4 py-2">
-                  <div class="flex items-center">
+                  <div class="flex items-center" :title="item.desc">
-                    <fs-icon :icon="item.icon" />
+                    <fs-icon :icon="item.icon" class="mr-2 text-blue-600" />
                    {{ item.title }}
                  </div>
                </td>
-                <td>
+                <td class="border border-gray-300 px-4 py-2 overflow-ellipsis" :title="t('certd.sys.setting.oauthCallbackHelper')">
-                  <AddonSelector v-model:model-value="item.addonId" addon-type="oauth" from="sys" :type="item.name" :placeholder="t('certd.clientIdPlaceholder')" />
+                  <fs-copyable :model-value="buildCallbackUrl(item.name)">
                    {{ t("certd.sys.setting.oauthCallbackCopy") }}
                  </fs-copyable>
                </td>
                <td class="border border-gray-300 px-4 py-2">
                  <AddonSelector v-model:model-value="item.addonId" addon-type="oauth" from="sys" :type="item.name" :placeholder="t('certd.sys.setting.oauthProviderSelectorPlaceholder')" />
                </td>
              </tr>
-            </table>
+            </tbody>
-          </div>
+          </table>
-        </a-form-item>
+        </div>
-      </template>
+      </a-form-item>
      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 16 }">
        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
@@ -91,14 +102,14 @@
 </template>
 <script setup lang="tsx">
 import { computed, reactive, ref, Ref } from "vue";
 import { GetSmsTypeDefine, SysSettings } from "/@/views/sys/settings/api";
 import * as api from "/@/views/sys/settings/api";
 import { merge } from "lodash-es";
 import { useSettingStore } from "/@/store/settings";
 import { notification } from "ant-design-vue";
-import { useI18n } from "/src/locales";
+import { merge } from "lodash-es";
 import { reactive, ref, Ref } from "vue";
 import AddonSelector from "../../../certd/addon/addon-selector/index.vue";
 import { useSettingStore } from "/@/store/settings";
 import * as api from "/@/views/sys/settings/api";
 import { SysSettings } from "/@/views/sys/settings/api";
 import { useI18n } from "/src/locales";
 const { t } = useI18n();
 defineOptions({
@@ -187,16 +198,7 @@ async function loadTypeDefine(type: string) {
 const oauthProviders = ref([]);
 async function loadOauthProviders() {
-  let list: any = await api.GetOauthProviders();
+  oauthProviders.value = await api.GetOauthProviders();
  oauthProviders.value = list;
  for (const item of list) {
    debugger;
    const type = item.name;
    const provider = formState.public.oauthProviders?.[type];
    if (provider) {
      item.addonId = provider.addonId;
    }
  }
 }
 function fillOauthProviders(form: any) {
@@ -247,8 +249,19 @@ const onFinish = async (form: any) => {
    saveLoading.value = false;
  }
 };
 function buildCallbackUrl(type: string) {
  return `${window.location.origin}/api/oauth/callback/${type}`;
 }
 </script>
 <style lang="less">
-.sys-settings-site {
+.sys-settings-register {
  width: 1000px !important;
  .addon-selector {
    .inner {
      justify-content: space-between;
    }
  }
 }
 </style>
@@ -3,6 +3,28 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 ## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
 ### Bug Fixes
 * 修复waf tls版本号小写 ([0adcc6a](https://github.com/certd/certd/commit/0adcc6a8d194469be0c26940ed4837fb34929b68))
 ### Performance Improvements
 * 支持微信扫码登录 ([73325aa](https://github.com/certd/certd/commit/73325aaefb0e750a22aaac40929e7bf3f5864996))
 ## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
 ### Bug Fixes
 * 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题 ([2fabee6](https://github.com/certd/certd/commit/2fabee647acf64afe689f5bea3603028cd0ba4a2))
 * 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
 ### Performance Improvements
 * 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
 * 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 ### Performance Improvements
@@ -0,0 +1,14 @@
 CREATE TABLE `cd_oauth_bound`
 (
  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
  `user_id`     bigint      NOT NULL,
  `type`        varchar(512) NOT NULL,
  `open_id`     varchar(512) NOT NULL,
  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
 );
 CREATE INDEX `index_oauth_bound_user_id` ON `cd_oauth_bound` (`user_id`);
 CREATE INDEX `index_oauth_bound_open_id` ON `cd_oauth_bound` (`open_id`);
@@ -0,0 +1,14 @@
 CREATE TABLE "cd_oauth_bound"
 (
  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
  "user_id"     bigint      NOT NULL,
  "type"        varchar(512) NOT NULL,
  "open_id"     varchar(512) NOT NULL,
  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
 );
 CREATE INDEX "index_oauth_bound_user_id" ON "cd_oauth_bound" ("user_id");
 CREATE INDEX "index_oauth_bound_open_id" ON "cd_oauth_bound" ("open_id");
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.37.10",
+  "version": "1.37.12",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -45,20 +45,20 @@
    "@aws-sdk/client-cloudfront": "^3.699.0",
    "@aws-sdk/client-iam": "^3.699.0",
    "@aws-sdk/client-s3": "^3.705.0",
-    "@certd/acme-client": "^1.37.10",
+    "@certd/acme-client": "^1.37.12",
-    "@certd/basic": "^1.37.10",
+    "@certd/basic": "^1.37.12",
-    "@certd/commercial-core": "^1.37.10",
+    "@certd/commercial-core": "^1.37.12",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.37.10",
+    "@certd/jdcloud": "^1.37.12",
-    "@certd/lib-huawei": "^1.37.10",
+    "@certd/lib-huawei": "^1.37.12",
-    "@certd/lib-k8s": "^1.37.10",
+    "@certd/lib-k8s": "^1.37.12",
-    "@certd/lib-server": "^1.37.10",
+    "@certd/lib-server": "^1.37.12",
-    "@certd/midway-flyway-js": "^1.37.10",
+    "@certd/midway-flyway-js": "^1.37.12",
-    "@certd/pipeline": "^1.37.10",
+    "@certd/pipeline": "^1.37.12",
-    "@certd/plugin-cert": "^1.37.10",
+    "@certd/plugin-cert": "^1.37.12",
-    "@certd/plugin-lib": "^1.37.10",
+    "@certd/plugin-lib": "^1.37.12",
-    "@certd/plugin-plus": "^1.37.10",
+    "@certd/plugin-plus": "^1.37.12",
-    "@certd/plus-core": "^1.37.10",
+    "@certd/plus-core": "^1.37.12",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.120",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.120",
    "@koa/cors": "^5.0.0",
@@ -1,14 +1,15 @@
-import { addonRegistry, BaseController, Constants, SysInstallInfo, SysSettingsService } from "@certd/lib-server";
+import { addonRegistry, AddonService, BaseController, Constants, SysInstallInfo, SysSettingsService } from "@certd/lib-server";
-import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
+import { ALL, Body, Controller, Get, Inject, Param, Post, Provide, Query } from "@midwayjs/core";
 import { AddonGetterService } from "../../../modules/pipeline/service/addon-getter-service.js";
 import { IOauthProvider } from "../../../plugins/plugin-oauth/api.js";
 import { LoginService } from "../../../modules/login/service/login-service.js";
 import { CodeService } from "../../../modules/basic/service/code-service.js";
 import { UserService } from "../../../modules/sys/authority/service/user-service.js";
 import { UserEntity } from "../../../modules/sys/authority/entity/user.js";
-import { simpleNanoId } from "@certd/basic";
+import { logger, simpleNanoId, utils } from "@certd/basic";
 import { OauthBoundService } from "../../../modules/login/service/oauth-bound-service.js";
 import { OauthBoundEntity } from "../../../modules/login/entity/oauth-bound.js";
 import { checkPlus } from "@certd/plus-core";
 /**
 */
@@ -30,6 +31,9 @@ export class ConnectController extends BaseController {
  @Inject()
  oauthBoundService: OauthBoundService;
  @Inject()
  addonService: AddonService;
  private async getOauthProvider(type: string) {
@@ -50,39 +54,95 @@ export class ConnectController extends BaseController {
  }
  @Post('/login', { summary: Constants.per.guest })
-  public async login(@Body(ALL) body: { type: string }) {
+  public async login(@Body(ALL) body: { type: string, forType?:string ,from?:string }) {
    const addon = await this.getOauthProvider(body.type);
    const installInfo = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo);
    const bindUrl = installInfo?.bindUrl || "";
    //构造登录url
-    const redirectUrl = `${bindUrl}#/oauth/callback/${body.type}`;
+    const redirectUrl = `${bindUrl}api/oauth/callback/${body.type}`;
-    const loginUrl = await addon.buildLoginUrl({ redirectUri: redirectUrl });
+    const { loginUrl, ticketValue } = await addon.buildLoginUrl({ redirectUri: redirectUrl, forType: body.forType ,from: body.from || "web" });
-    return this.ok({loginUrl});
+    const ticket = this.codeService.setValidationValue(ticketValue)
    this.ctx.cookies.set("oauth_ticket", ticket, {
      httpOnly: true,
      // secure: true,
      // sameSite: "strict",
    })
    return this.ok({ loginUrl, ticket });
  }
-  @Post('/callback', { summary: Constants.per.guest })
+  @Get('/callback/:type', { summary: Constants.per.guest })
-  public async callback(@Body(ALL) body: any) {
+  public async callback(@Param('type') type: string, @Query() query: Record<string, string>) {
    checkPlus()
    //处理登录回调
-    const addon = await this.getOauthProvider(body.type);
+    const addon = await this.getOauthProvider(type);
-    const tokenRes = await addon.onCallback({
+    const request = this.ctx.request;
-      code: body.code,
+    // const ticketValue = this.codeService.getValidationValue(ticket);
-      state: body.state,
+    // if (!ticketValue) {
-    });
+    //   throw new Error("登录ticket已过期");
    // }
-    const userInfo = tokenRes.userInfo;
+    const ticket = this.ctx.cookies.get("oauth_ticket");
    if (!ticket) {
      throw new Error("ticket已过期");
    }
    const ticketValue = this.codeService.getValidationValue(ticket);
    if (!ticketValue) {
      throw new Error("ticketValue已过期");
    }
-    const openId = userInfo.openId;
+    const installInfo = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo);
    const bindUrl = installInfo?.bindUrl || "";
    const currentUrl = `${bindUrl}api/oauth/callback/${type}?${request.querystring}`
    try {
      const tokenRes = await addon.onCallback({
        code: query.code,
        state: query.state,
        ticketValue,
        currentURL: new URL(currentUrl)
      });
      const userInfo = tokenRes.userInfo;
    const loginRes = await this.loginService.loginByOpenId({ openId, type: body.type });
    if (loginRes == null) {
      // 用户还未绑定，让用户选择绑定已有账号还是自动注册新账号
      const validationCode = await this.codeService.setValidationValue({
-        type: body.type,
+        type,
        userInfo,
      });
      const state = JSON.parse(utils.hash.base64Decode(query.state));
      const redirectUrl = `${bindUrl}#/oauth/callback/${type}?validationCode=${validationCode}&forType=${state.forType}`;
      this.ctx.redirect(redirectUrl);
    } catch (err) {
      logger.error(err);
      this.ctx.redirect(`${bindUrl}#/oauth/callback/${type}?error=${err.error_description || err.message}`);
    }
  }
  @Post('/token', { summary: Constants.per.guest })
  public async token(@Body(ALL) body: { validationCode: string, type: string }) {
    checkPlus()
    const validationValue = await this.codeService.getValidationValue(body.validationCode);
    if (!validationValue) {
      throw new Error("校验码错误");
    }
    const type = validationValue.type;
    if (type !== body.type) {
      throw new Error("校验码错误");
    }
    const userInfo = validationValue.userInfo;
    const openId = userInfo.openId;
    const loginRes = await this.loginService.loginByOpenId({ openId, type });
    if (loginRes == null) {
      return this.ok({
        bindRequired: true,
-        validationCode,
+        validationCode: body.validationCode,
      });
    }
@@ -90,22 +150,6 @@ export class ConnectController extends BaseController {
    return this.ok(loginRes);
  }
  @Post('/bind', { summary: Constants.per.loginOnly })
  public async bind(@Body(ALL) body: any) {
    //需要已登录
    const userId = this.getUserId();
    const validationValue = this.codeService.getValidationValue(body.validationCode);
    if (!validationValue) {
      throw new Error("校验码错误");
    }
    await this.oauthBoundService.bind({
      userId,
      type: body.type,
      openId: validationValue.openId,
    });
    return this.ok(1);
  }
  @Post('/autoRegister', { summary: Constants.per.guest })
  public async autoRegister(@Body(ALL) body: { validationCode: string, type: string }) {
@@ -117,12 +161,12 @@ export class ConnectController extends BaseController {
    const userInfo = validationValue.userInfo;
    const oauthType = validationValue.type;
    let newUser = new UserEntity()
-    newUser.username = `${oauthType}:_${userInfo.nickName}_${simpleNanoId(6)}`;
+    newUser.username = `${oauthType}_${userInfo.nickName}_${simpleNanoId(6)}`;
    newUser.avatar = userInfo.avatar;
-    newUser.nickName = userInfo.nickName;
+    newUser.nickName = userInfo.nickName || simpleNanoId(6);
    newUser = await this.userService.register("username", newUser, async (txManager) => {
-      const oauthBound : OauthBoundEntity = new OauthBoundEntity()
+      const oauthBound: OauthBoundEntity = new OauthBoundEntity()
      oauthBound.userId = newUser.id;
      oauthBound.type = oauthType;
      oauthBound.openId = userInfo.openId;
@@ -133,6 +177,26 @@ export class ConnectController extends BaseController {
    return this.ok(loginRes);
  }
  @Post('/bind', { summary: Constants.per.loginOnly })
  public async bind(@Body(ALL) body: any) {
    //需要已登录
    const userId = this.getUserId();
    const validationValue = this.codeService.getValidationValue(body.validationCode);
    if (!validationValue) {
      throw new Error("校验码错误");
    }
    const type = validationValue.type;
    const userInfo = validationValue.userInfo;
    const openId = userInfo.openId;
    await this.oauthBoundService.bind({
      userId,
      type,
      openId,
    });
    return this.ok(1);
  }
  @Post('/unbind', { summary: Constants.per.loginOnly })
  public async unbind(@Body(ALL) body: any) {
    //需要已登录
@@ -144,10 +208,44 @@ export class ConnectController extends BaseController {
    return this.ok(1);
  }
-  @Post('/providers', { summary: Constants.per.guest })
+   @Post('/bounds', { summary: Constants.per.loginOnly })
-  public async providers() {
+  public async bounds(@Body(ALL) body: any) {
-    const list = addonRegistry.getDefineList("oauth");
+    //需要已登录
-    return this.ok(list);
+    const userId = this.getUserId();
    const bounds = await this.oauthBoundService.find({
      where :{
        userId,
      }
    });
    return this.ok(bounds);
  }
   @Post('/providers', { summary: Constants.per.guest })
  public async providers() {
    const defineList = addonRegistry.getDefineList("oauth");
    const publicSetting = await this.sysSettingsService.getPublicSettings();
    const oauthProviders = publicSetting.oauthProviders || {};
    const list = [];
    for (const item of defineList) {
      const type = item.name 
      const conf = oauthProviders[type];
      const provider:any = {
        ...item,
      }
      delete provider.input
      if (conf && conf.addonId) {
        const addonEntity = await this.addonService.info(conf.addonId);
        if (addonEntity) {
          provider.addonId = conf.addonId;
          provider.addonTitle = addonEntity.name;
        }
      }
      list.push(provider);
    }
    return this.ok(list);
  }
 }
@@ -44,8 +44,11 @@ export class OauthBoundService extends BaseService<OauthBoundEntity> {
        type,
      },
    });
-    if (exist) {
+    if (exist ) {
-      throw new Error('该第三方账号已绑定用户');
+      if(exist.userId === userId){
        return;
      }
      throw new Error('该第三方账号已绑定其他用户');
    }
    const exist2 = await this.repository.findOne({
@@ -225,6 +225,7 @@ export class UserService extends BaseService<UserEntity> {
    await this.transaction(async txManager => {
      newUser = await txManager.save(newUser);
      user.id = newUser.id;
      const userRole: UserRoleEntity = UserRoleEntity.of(newUser.id, Constants.role.defaultUser);
      await txManager.save(userRole);
@@ -99,27 +99,39 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
  @TaskInput({
-      title: "部署证书类型",
+    title: "部署证书类型",
-      value: "default",
+    value: "default",
-      component: {
+    component: {
-        name: "a-select",
+      name: "a-select",
-        vModel: "value",
+      vModel: "value",
-        options: [
+      options: [
-          {
+        {
-            label: "默认证书",
+          label: "默认证书",
-            value: "default"
+          value: "default"
-          },
+        },
-          {
+        {
-            label: "扩展证书",
+          label: "扩展证书",
-            value: "extension"
+          value: "extension"
-          }
+        }
-        ]
+      ]
-      },
+    },
-      required: true
+    required: true
-    }
+  }
  )
  deployType: string = "default";
  @TaskInput({
    title: "是否清理过期证书",
    value: true,
    component: {
      name: "a-switch",
      vModel: "checked",
    },
    required: true
  }
  )
  clearExpiredCert: boolean;
  async onInstance() {
  }
@@ -155,17 +167,18 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
      const client = await this.getLBClient(access, this.regionId);
      await this.deployDefaultCert(certId, client);
    }
-    this.logger.info(`准备开始清理过期证书`);
+    if (this.clearExpiredCert!==false) {
-    await this.ctx.utils.sleep(30000)
+      this.logger.info(`准备开始清理过期证书`);
-    for (const listener of this.listeners) {
+      await this.ctx.utils.sleep(30000)
-      try{
+      for (const listener of this.listeners) {
-        await this.clearInvalidCert(albClientV2, listener);
+        try {
-      }catch(e){
+          await this.clearInvalidCert(albClientV2, listener);
-        this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+        } catch (e) {
          this.logger.error(`清理监听器${listener}的过期证书失败`, e);
        }
      }
    }
    this.logger.info("执行完成");
  }
@@ -247,7 +260,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
      if (item.IsDefault) {
        continue;
      }
-      certIds.push( parseInt(item.CertificateId));
+      certIds.push(parseInt(item.CertificateId));
    }
    this.logger.info(`监听器${listener}绑定的证书${certIds}`);
    //检查是否过期，过期则删除
@@ -90,6 +90,35 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
  )
  cnameDomains!: string[];
  @TaskInput({
    title: 'TLS版本',
    value: 'tlsv1.2',
    component: {
      name: 'a-select',
      options: [
        { value: 'tlsv1', label: 'TLSv1' },
        { value: 'tlsv1.1', label: 'TLSv1.1' },
        { value: 'tlsv1.2', label: 'TLSv1.2' },
      ],
    },
    required: true,
  })
  tlsVersion!: string;
    @TaskInput({
    title: '启用TLSv3',
    value: true,
    component: {
      name: 'a-switch',
      vModel: 'checked',
    },
    required: true,
  })
  enableTLSv3!: boolean;
  async onInstance() {}
  async getWafClient(access: AliyunAccess) {
@@ -163,6 +192,8 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
        Redirect: JSON.stringify(redirect),
        Listen: JSON.stringify(listen),
        Domain: siteDomain,
        TLSVersion: this.tlsVersion || 'tlsv1.2',
        EnableTLSv3: this.enableTLSv3 ?? true,
      };
      const res = await client.request('ModifyDomain', updateParams);
      this.logger.info('部署成功', JSON.stringify(res));
@@ -24,10 +24,10 @@ const regionDict = [
@IsTaskPlugin({
  name: 'uploadCertToAliyun',
-  title: '阿里云-上传证书到阿里云CAS',
+  title: '阿里云-上传证书到CAS',
  icon: 'svg:icon-aliyun',
  group: pluginGroups.aliyun.key,
-  desc: '上传证书到阿里云数字证书管理服务（CAS），注意：不会部署到任何应用上；如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
+  desc: '上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
  default: {
    strategy: {
      runStrategy: RunStrategy.SkipWhenSucceed,
@@ -1,6 +1,8 @@
 export type OnCallbackReq = {
    code: string;
    state: string;
    currentURL: URL;
    ticketValue: any;
 }
 export type OauthToken = {
@@ -30,8 +32,18 @@ export type OnBindReply = {
    message: string;
 }
 export type LoginUrlReply = {
    loginUrl: string;
    ticketValue: any;
 }
 export type BuildLoginUrlReq = {
    redirectUri: string;
    forType?: string;
    from?:string;
 }
 export interface IOauthProvider {
-    buildLoginUrl: (params: { redirectUri: string }) => Promise<string>;
+    buildLoginUrl: (params: BuildLoginUrlReq) => Promise<LoginUrlReply>;
    onCallback: (params: OnCallbackReq) => Promise<OauthToken>;
    onBind: (params: OnBindReq) => Promise<OnBindReply>;
 }
@@ -1,2 +1,3 @@
 export * from './api.js'
 export * from './oidc/plugin-oidc.js'
 export * from './wx/plugin-wx.js'
@@ -1,11 +1,12 @@
 import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
-import { IOauthProvider, OnBindReq, OnCallbackReq } from "../api.js";
+import { BuildLoginUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
@IsAddon({
  addonType: "oauth",
  name: 'oidc',
-  title: 'OpenId connect 认证',
+  title: 'OIDC认证',
-  desc: '',
+  desc: 'OpenID Connect 认证，统一认证服务',
  icon:"simple-icons:fusionauth",
  showTest: false,
 })
 export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
@@ -28,7 +29,7 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
  @AddonInput({
    title: "服务地址",
-    helper: "Issuer地址",
+    helper: "Issuer地址，去掉/.well-known/openid-configuration的服务发现地址",
    component: {
      placeholder: "https://oidc.example.com/oidc",
    },
@@ -54,42 +55,8 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
      client
    }
  }
-
+  
-  async onCallback(req: OnCallbackReq) {
+  async buildLoginUrl(params: BuildLoginUrlReq) {
    const { config, client } = await this.getClient()
    const currentUrl = new URL("")
    let tokens: any = await client.authorizationCodeGrant(
      config,
      currentUrl,
      {
        pkceCodeVerifier: req.code,
        expectedState: req.state,
      },
    )
    console.log('Token Endpoint Response', tokens)
    const claims = tokens.claims()
    return {
      token:{
        accessToken: tokens.access_token,
        refreshToken: tokens.refresh_token,
        expiresIn: tokens.expires_in,
      },
      userInfo: {
        openId: claims.sub,
        nickName: claims.nickname,
        avatar: claims.picture,
      },
    }
  };
  async onBind(req: OnBindReq) {
    return {
      success: false,
      message: '绑定失败',
    }
  }
  async buildLoginUrl(params: { redirectUri: string }) {
    const { config, client } = await this.getClient()
    let redirect_uri = new URL(params.redirectUri)
@@ -102,7 +69,10 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
     */
    let code_verifier = client.randomPKCECodeVerifier()
    let code_challenge = await client.calculatePKCECodeChallenge(code_verifier)
-    let state = client.randomState()
+    let state:any = {
      forType: params.forType || 'login',
    }
    state = this.ctx.utils.hash.base64(JSON.stringify(state))
    let parameters: any = {
      redirect_uri,
@@ -123,9 +93,40 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
    // }
    let redirectTo = client.buildAuthorizationUrl(config, parameters)
-
+    return {
-    // now redirect the user to redirectTo.href
+      loginUrl: redirectTo.href,
-    console.log('redirecting to', redirectTo.href)
+      ticketValue: {
-    return redirectTo.href;
+        codeVerifier: code_verifier,
        state,
      },
    };
  }
  async onCallback(req: OnCallbackReq) {
    const { config, client } = await this.getClient()
    let tokens: any = await client.authorizationCodeGrant(
      config,
      req.currentURL,
      {
        expectedState: client.skipStateCheck ,
        pkceCodeVerifier: req.ticketValue.codeVerifier,
      }
    )
    const claims = tokens.claims()
    return {
      token:{
        accessToken: tokens.access_token,
        refreshToken: tokens.refresh_token,
        expiresIn: tokens.expires_in,
      },
      userInfo: {
        openId: claims.sub,
        nickName: claims.nickname || claims.preferred_username || "",
        avatar: claims.picture,
      },
    }
  };
 }
@@ -0,0 +1,128 @@
 import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
 import { BuildLoginUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
@IsAddon({
  addonType: "oauth",
  name: 'wx',
  title: '微信登录',
  desc: '微信网站应用登录',
  icon: "mdi:wechat",
  showTest: false,
 })
 export class WxOauthProvider extends BaseAddon implements IOauthProvider {
  @AddonInput({
    title: "AppId",
    required: true,
    helper: "在[微信开放平台](https://open.weixin.qq.com/cgi-bin/index)注册网站应用后获取",
  })
  appId = "";
  @AddonInput({
    title: "AppSecretKey",
    component: {
      placeholder: "AppSecretKey",
    },
    required: true,
  })
  appSecretKey = "";
  wxAccessToken?: { access_token: string, expires_at: number }
  async buildLoginUrl(params: BuildLoginUrlReq) {
    const from = params.from || "web";
    const appId = this.appId;
    const redirect_uri = encodeURIComponent(params.redirectUri);
    let state: any = {
      forType: params.forType,
      from
    }
    state = this.ctx.utils.hash.base64(JSON.stringify(state))
    let scope = "snsapi_userinfo";
    let loginUrl = `https://open.weixin.qq.com/connect/oauth2/authorize?appid=${appId}&redirect_uri=${redirect_uri}&response_type=code&scope=${scope}&state=${state}#wechat_redirect`
    if (from === "web") {
      scope = "snsapi_login";
      loginUrl = `https://open.weixin.qq.com/connect/qrconnect?appid=${appId}&redirect_uri=${redirect_uri}&response_type=code&scope=${scope}&state=${state}#wechat_redirect`
    }
    return {
      loginUrl,
      ticketValue: {
        state,
      },
    };
  }
  // async getWxAccessToken() {
  //   if (this.wxAccessToken && this.wxAccessToken.expires_at > Date.now()) {
  //     return this.wxAccessToken
  //   }
  //   const res = await this.http.request({
  //     url: "https://api.weixin.qq.com/cgi-bin/token",
  //     method: "GET",
  //     params: {
  //       appid: this.appId,
  //       secret: this.appSecretKey,
  //       grant_type: "client_credential",
  //     },
  //   })
  //   this.checkRet(res)
  //   this.wxAccessToken = {
  //     access_token: res.access_token,
  //     expires_at: Date.now() + res.expires_in * 1000,
  //   }
  //   return this.wxAccessToken
  // }
  checkRet(res: any) {
    if (res.errcode) {
      throw new Error(res.errmsg)
    }
  }
  async onCallback(req: OnCallbackReq) {
    // GET https://api.weixin.qq.com/sns/oauth2/access_token?appid=wx520c15f417810387&secret=SECRET&code=CODE&grant_type=authorization_code
    const res = await this.http.request({
      url: "https://api.weixin.qq.com/sns/oauth2/access_token",
      method: "GET",
      params: {
        appid: this.appId,
        secret: this.appSecretKey,
        code: req.code,
        grant_type: "authorization_code",
      },
    })
    this.checkRet(res)
    const accessToken = res.access_token
    // GET https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN
    const userInfoRes = await this.http.request({
      url: "https://api.weixin.qq.com/sns/userinfo",
      method: "GET",
      params: {
        access_token:accessToken,
        openid: res.openid,
        lang: "zh_CN",
      },
    })
    this.checkRet(userInfoRes)
    return {
      token: {
        accessToken: res.access_token,
        refreshToken: res.refresh_token,
        expiresIn: res.expires_in,
      },
      userInfo: {
        openId: res.unionid || res.openid,
        nickName: userInfoRes.nickname || "",
        avatar: userInfoRes.headimgurl,
      },
    }
  };
 }
@@ -124,6 +124,9 @@ export class TencentRefreshCert extends AbstractTaskPlugin {
    let resourceTypes = []
    const resourceTypesRegions = []
    if(!this.resourceTypesRegions){
      this.resourceTypesRegions = []
    }
    for (const item of this.resourceTypesRegions) {
      const [type,region] = item.split("_")
      if (!resourceTypes.includes( type)){
@@ -156,13 +159,17 @@ export class TencentRefreshCert extends AbstractTaskPlugin {
          break;
        }
        retryCount++
-        deployRes = await sslClient.UploadUpdateCertificateInstance({
+        const params = {
-          OldCertificateId: certId,
+          "OldCertificateId": certId,
          "ResourceTypes": resourceTypes,
-          "CertificatePublicKey": this.cert.crt,
+          "CertificatePublicKey": "xxx",
-          "CertificatePrivateKey": this.cert.key,
+          "CertificatePrivateKey": "xxx",
          "ResourceTypesRegions":resourceTypesRegions
-        });
+        }
        this.logger.info(`请求参数：${JSON.stringify(params)}`);
        params.CertificatePublicKey = this.cert.crt
        params.CertificatePrivateKey = this.cert.key
        deployRes = await sslClient.UploadUpdateCertificateInstance(params);
        if (deployRes && deployRes.DeployRecordId>0){
          this.logger.info(`任务创建成功，开始检查结果：${JSON.stringify(deployRes)}`);
          break;
@@ -325,7 +332,7 @@ export class TencentRefreshCert extends AbstractTaskPlugin {
     */
    const options = list.map((item: any) => {
      return {
-        label: `${item.Alias}<${item.Domain}_${item.CertificateId}>`,
+        label: `${item.CertificateId}<${item.Domain}_${item.Alias}_${item.BoundResource.length}>`,
        value: item.CertificateId,
        domain: item.SubjectAltName,
      };
@@ -1 +1 @@
-23:54
+04:17
@@ -1 +1 @@
-23:57
+04:30
Author	SHA1	Message	Date
xiaojunnuo	7a1c6d2918	v1.37.12	2025-11-30 02:30:29 +08:00
xiaojunnuo	9fcc0dc8e7	build: prepare to build	2025-11-30 02:28:22 +08:00
xiaojunnuo	286f244caf	build: prepare to build	2025-11-30 02:18:12 +08:00
xiaojunnuo	52ebeab90b	chore: group dict刷新	2025-11-30 02:16:04 +08:00
xiaojunnuo	6be7591332	perf: 支持证书颁发机构 LiteSSL https://github.com/certd/certd/issues/590	2025-11-30 01:30:47 +08:00
xiaojunnuo	73325aaefb	perf: 支持微信扫码登录	2025-11-30 01:13:55 +08:00
xiaojunnuo	0adcc6a8d1	fix: 修复waf tls版本号小写	2025-11-29 12:15:58 +08:00
xiaojunnuo	93fb6acd1d	build: release	2025-11-29 04:30:52 +08:00
xiaojunnuo	77d52b323d	build: publish	2025-11-29 04:17:51 +08:00
xiaojunnuo	ca8e8bf6ef	build: trigger build image	2025-11-29 04:17:34 +08:00
xiaojunnuo	9acac86ed5	v1.37.11	2025-11-29 04:15:57 +08:00
xiaojunnuo	ba5007219d	build: prepare to build	2025-11-29 04:13:44 +08:00
xiaojunnuo	ec046fd599	build: prepare to build	2025-11-29 04:10:55 +08:00
xiaojunnuo	5452ff1153	build: prepare to build	2025-11-29 04:08:56 +08:00
xiaojunnuo	d03b1e0608	chore: 数据库脚本同步	2025-11-29 04:06:51 +08:00
xiaojunnuo	53c88ad5af	perf: 优化天翼云cdn 等待5秒部署完成	2025-11-29 03:25:21 +08:00
xiaojunnuo	21585ca565	chore: 优化oidc登录	2025-11-28 01:42:42 +08:00
xiaojunnuo	2fabee647a	fix: 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题	2025-11-27 22:36:33 +08:00