v1.37.15

https://github.com/certd/certd/issues/590

.github/workflows/deploy-demo.yml

@@ -44,7 +44,8 @@ jobs:
       - name: deploy-certd-demo
         uses: tyrrrz/action-http-request@master
         with:
-          url: http://flow-openapi.aliyun.com/pipeline/webhook/lzCzlGrLCOHQaTMMt0mG
+          # 通过webhook 触发 certd-demo来部署
+          url: ${{ secrets.WEBHOOK_CERTD_DEMO }}
           method: POST
           headers: |
             Content-Type: application/json

.github/workflows/release-image.yml

@@ -121,10 +121,12 @@ jobs:
       - name: deploy-certd-doc
         uses: tyrrrz/action-http-request@master
         with:
-          url: http://flow-openapi.aliyun.com/pipeline/webhook/IiSxLDp9aOhgDUxJPytv
+          url: ${{ secrets.WEBHOOK_CERTD_DOC }}
           method: POST
           body: |
-            {}
+            {
+              "CERTD_VERSION": "1.0.0"
+            }
           headers: |
             Content-Type: application/json
           retry-count: 3

CHANGELOG.md

@@ -3,6 +3,65 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Bug Fixes
+
+* oidc 支持nonce ([a5ca411](https://github.com/certd/certd/commit/a5ca41131b308b36b17ca359d9709ea8e9b7cee1))
+
+### Performance Improvements
+
+* 第三方登录支持gitee ([5cee7d4](https://github.com/certd/certd/commit/5cee7d44f17bd36972f477bc1f270999da558d05))
+* 邮件模版安全优化 ([adca151](https://github.com/certd/certd/commit/adca151e4f07a4c6a2a753bfa48ee0d4d6469fd2))
+* 支持部署到中国移动CDN ([4351304](https://github.com/certd/certd/commit/43513049beff407558d2a234415521464165cebc))
+* 支持k8s apply ([d55954a](https://github.com/certd/certd/commit/d55954a36391ebe6a9397ff7dcfb710193ac5e34))
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+### Bug Fixes
+
+* 修复注销登录时，第三方登录注销请求失败的报错 ([677e110](https://github.com/certd/certd/commit/677e1101e6cf4451abd8a876cc1d0ddd26a10b88))
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+### Bug Fixes
+
+* 修复西部数据返回信息乱码问题 ([78b1650](https://github.com/certd/certd/commit/78b1650bdb071c858b3f90d53a700d11ee6de328))
+* 修复西部数码使用域名级别的key申请证书失败的问题 ([5edc72d](https://github.com/certd/certd/commit/5edc72d47550b8e3364dabda70a41cce75d87956))
+
+### Performance Improvements
+
+* 第三方登录允许选择logo ([bb3085e](https://github.com/certd/certd/commit/bb3085ef84201ccd2dc632ba8c5097cb00258be4))
+* 支持OIDC单点登录 ([fbf12f1](https://github.com/certd/certd/commit/fbf12f16b5eaa7676fd41923587bf6bd2595adba))
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+### Bug Fixes
+
+* 修复waf tls版本号小写 ([0adcc6a](https://github.com/certd/certd/commit/0adcc6a8d194469be0c26940ed4837fb34929b68))
+
+### Performance Improvements
+
+* 支持微信扫码登录 ([73325aa](https://github.com/certd/certd/commit/73325aaefb0e750a22aaac40929e7bf3f5864996))
+* 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/certd/certd/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Bug Fixes
+
+* 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题 ([2fabee6](https://github.com/certd/certd/commit/2fabee647acf64afe689f5bea3603028cd0ba4a2))
+* 修复备注撑开表格行高的bug ([c7b298c](https://github.com/certd/certd/commit/c7b298c46f0d52b43bd2bb17b374e7970a446446))
+* 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
+* openapi 成功后失败都返回msg ([6e735bb](https://github.com/certd/certd/commit/6e735bbd1e29712e939f775a4db974db70e3b4b0))
+
+### Performance Improvements
+
+*  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
+* 优化宝塔网站证书在并发部署时导致nginx配置文件错乱的问题 ([51cc084](https://github.com/certd/certd/commit/51cc08411fd2dbab66d769b495dc1b0bf2f2578c))
+* 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
+* 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
+* ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 ### Performance Improvements

docs/.vitepress/config.ts

@@ -121,6 +121,7 @@ export default defineConfig({
                         {text: "ESXi", link: "/guide/use/ESXi/index.md"},
                         {text: "宝塔动态IP白名单", link: "/guide/use/baota/white_list.md"},
                         {text: "子域名托管", link: "/guide/use/cert/subdomain.md"},
+                        {text: "流水线有效期", link: "/guide/use/pipeline/valid.md"},
                     ]
                 },
                 {

docs/guide/changelogs/CHANGELOG.md

@@ -3,6 +3,52 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+### Bug Fixes
+
+* 修复注销登录时，第三方登录注销请求失败的报错 ([677e110](https://github.com/certd/certd/commit/677e1101e6cf4451abd8a876cc1d0ddd26a10b88))
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+### Bug Fixes
+
+* 修复西部数据返回信息乱码问题 ([78b1650](https://github.com/certd/certd/commit/78b1650bdb071c858b3f90d53a700d11ee6de328))
+* 修复西部数码使用域名级别的key申请证书失败的问题 ([5edc72d](https://github.com/certd/certd/commit/5edc72d47550b8e3364dabda70a41cce75d87956))
+
+### Performance Improvements
+
+* 第三方登录允许选择logo ([bb3085e](https://github.com/certd/certd/commit/bb3085ef84201ccd2dc632ba8c5097cb00258be4))
+* 支持OIDC单点登录 ([fbf12f1](https://github.com/certd/certd/commit/fbf12f16b5eaa7676fd41923587bf6bd2595adba))
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+### Bug Fixes
+
+* 修复waf tls版本号小写 ([0adcc6a](https://github.com/certd/certd/commit/0adcc6a8d194469be0c26940ed4837fb34929b68))
+
+### Performance Improvements
+
+* 支持微信扫码登录 ([73325aa](https://github.com/certd/certd/commit/73325aaefb0e750a22aaac40929e7bf3f5864996))
+* 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/certd/certd/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Bug Fixes
+
+* 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题 ([2fabee6](https://github.com/certd/certd/commit/2fabee647acf64afe689f5bea3603028cd0ba4a2))
+* 修复备注撑开表格行高的bug ([c7b298c](https://github.com/certd/certd/commit/c7b298c46f0d52b43bd2bb17b374e7970a446446))
+* 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
+* openapi 成功后失败都返回msg ([6e735bb](https://github.com/certd/certd/commit/6e735bbd1e29712e939f775a4db974db70e3b4b0))
+
+### Performance Improvements
+
+*  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
+* 优化宝塔网站证书在并发部署时导致nginx配置文件错乱的问题 ([51cc084](https://github.com/certd/certd/commit/51cc08411fd2dbab66d769b495dc1b0bf2f2578c))
+* 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
+* 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
+* ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 ### Performance Improvements

docs/guide/plugins/deploy.md

@@ -72,7 +72,7 @@
 | 3.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | 
 | 4.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN | 
 | 5.| **阿里云-部署证书至OSS** | 部署域名证书至阿里云OSS自定义域名，不是上传到阿里云oss | 
-| 6.| **阿里云-上传证书到阿里云CAS** | 上传证书到阿里云数字证书管理服务（CAS），注意：不会部署到任何应用上；如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
+| 6.| **阿里云-上传证书到CAS** | 上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
 | 7.| **阿里云-部署至阿里云WAF** | 部署证书到阿里云WAF | 
 | 8.| **阿里云-部署至ALB（应用负载均衡）** | ALB,更新监听器的默认证书 | 
 | 9.| **阿里云-部署至NLB（网络负载均衡）** | NLB,网络负载均衡,更新监听器的默认证书 | 

docs/guide/use/aliyun/index.md

@@ -5,8 +5,10 @@
 
 配置环境变量
 ```shell
-ALIYUN_CLIENT_CONNECT_TIMEOUT=10000 # 连接超时，单位毫秒
-ALIYUN_CLIENT_READ_TIMEOUT=10000 #读取数据超时，单位毫秒
+# docker-compose.yaml
+environment:
+  - ALIYUN_CLIENT_CONNECT_TIMEOUT=16000 # 连接超时，单位毫秒
+  - ALIYUN_CLIENT_READ_TIMEOUT=16000 #读取数据超时，单位毫秒
 
 ```
 

docs/guide/use/pipeline/valid.md

@@ -0,0 +1,17 @@
+# 流水线有效期功能
+
+可以为流水线设置有效期，超过有效期后，流水线将停止运行
+
+## 1. 打开有效期开关
+
+![setting.png](images/setting.png)
+
+## 2. 设置有效期
+
+![valid.png](images/edit.png)
+
+![valid.png](images/edit2.png)
+
+## 3. 设置完成
+该流水线将在有效期结束后停止运行
+![valid.png](images/show.png)

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.37.10"
+  "version": "1.37.15"
 }

package.json

@@ -17,8 +17,8 @@
     "start:server": "cd ./packages/ui/certd-server && npm start",
     "devb": "lerna run dev-build",
     "i-all": "lerna link && lerna exec npm install  ",
-    "publish": "npm run prepublishOnly2  && lerna publish --force-publish=pro/plus-core --conventional-commits --create-release github && npm run afterpublishOnly && npm run commitAll",
-    "afterpublishOnly": "npm run plugin-doc-gen && npm run copylogs && time /t >trigger/build.trigger && git add ./trigger/build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
+    "publish": "npm run prepublishOnly2  && lerna publish --force-publish=pro/plus-core --conventional-commits --create-release github && npm run afterpublishOnly ",
+    "afterpublishOnly": "npm run plugin-doc-gen && npm run copylogs && time /t >trigger/build.trigger && git add ./trigger/build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && npm run commitAll",
     "transform-sql": "cd ./packages/ui/certd-server/db/ && node --experimental-json-modules transform.js",
     "plugin-doc-gen": "cd ./packages/ui/certd-server/ && npm run export-md",
     "commitAll": "git add . && git commit -m \"build: publish\" && git push && npm run commitPro",

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/publishlab/node-acme-client/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.37.14](https://github.com/publishlab/node-acme-client/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.37.13](https://github.com/publishlab/node-acme-client/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.37.12](https://github.com/publishlab/node-acme-client/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+### Performance Improvements
+
+* 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/publishlab/node-acme-client/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
+
+## [1.37.11](https://github.com/publishlab/node-acme-client/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Performance Improvements
+
+* ssl.com支持ecc ([b5ec047](https://github.com/publishlab/node-acme-client/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
+
 ## [1.37.10](https://github.com/publishlab/node-acme-client/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.37.10",
+    "version": "1.37.15",
     "type": "module",
     "module": "scr/index.js",
     "main": "src/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.37.10",
+        "@certd/basic": "^1.37.15",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.7.2",
@@ -70,5 +70,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+    "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/core/acme-client/src/index.js

@@ -32,7 +32,11 @@ export const directory = {
       staging: 'https://acme.ssl.com/sslcom-dv-rsa',
       production: 'https://acme.ssl.com/sslcom-dv-rsa',
       ec: 'https://acme.ssl.com/sslcom-dv-ecc',
-    }
+    },
+    litessl: {
+        staging: 'https://acme.litessl.com/acme/v2/directory',
+        production: 'https://acme.litessl.com/acme/v2/directory',
+    },
 };
 
 export function getDirectoryUrl(opts) {

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Performance Improvements
+
+* 优化宝塔网站证书在并发部署时导致nginx配置文件错乱的问题 ([51cc084](https://github.com/certd/certd/commit/51cc08411fd2dbab66d769b495dc1b0bf2f2578c))
+* 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
+* ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-23:49
+00:56

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.37.10",
+  "version": "1.37.15",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -47,5 +47,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/core/basic/src/utils/util.lock.ts

@@ -9,7 +9,7 @@ export class Locker {
   }
 
   async execute(lockStr: string, callback: any, options?: { timeout?: number }) {
-    const timeout = options?.timeout ?? 20000;
+    const timeout = options?.timeout ?? 120000;
     return this.asyncLocker.acquire(lockStr, callback, { timeout });
   }
 }

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.37.10",
+  "version": "1.37.15",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,8 +18,8 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.37.10",
-    "@certd/plus-core": "^1.37.10",
+    "@certd/basic": "^1.37.15",
+    "@certd/plus-core": "^1.37.15",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.37.10",
+  "version": "1.37.15",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.37.10",
+  "version": "1.37.15",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -31,5 +31,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,28 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Performance Improvements
+
+*  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.37.10",
+  "version": "1.37.15",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
       "fetch"
     ]
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,29 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Performance Improvements
+
+* 邮件模版安全优化 ([adca151](https://github.com/certd/certd/commit/adca151e4f07a4c6a2a753bfa48ee0d4d6469fd2))
+* 支持k8s apply ([d55954a](https://github.com/certd/certd/commit/d55954a36391ebe6a9397ff7dcfb710193ac5e34))
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.37.10",
+  "version": "1.37.15",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,7 +17,7 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/basic": "^1.37.10",
+    "@certd/basic": "^1.37.15",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
@@ -32,5 +32,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/libs/lib-k8s/src/lib/k8s.client.ts

@@ -1,4 +1,4 @@
-import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from "@kubernetes/client-node";
+import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret, KubernetesObjectApi, loadYaml, KubernetesObject } from "@kubernetes/client-node";
 import dns from "dns";
 import { ILogger } from "@certd/basic";
 import { merge } from "lodash-es";
@@ -27,6 +27,11 @@ export class K8sClient {
   }
 
   init() {
+    const kubeconfig = this.getKubeConfig();
+    this.client = kubeconfig.makeApiClient(CoreV1Api);
+  }
+
+  getKubeConfig() {
     const kubeconfig = new KubeConfig();
     kubeconfig.loadFromString(this.kubeConfigStr);
     this.kubeconfig = kubeconfig;
@@ -41,16 +46,35 @@ export class K8sClient {
     } catch (e) {
       this.logger.warn("skipTLSVerify error", e);
     }
+    return kubeconfig;
+  }
 
-    this.client = kubeconfig.makeApiClient(CoreV1Api);
+  getKubeClient() {
+    const kc = this.getKubeConfig();
+    const client = KubernetesObjectApi.makeApiClient(kc);
+    return client;
+  }
 
-    // const reqOpts = { kubeconfig, request: {} } as any;
-    // if (this.lookup) {
-    //   reqOpts.request.lookup = this.lookup;
-    // }
-    //
-    // const backend = new Request(reqOpts);
-    // this.client = new Client({ backend, version: '1.13' });
+  async apply(manifest: string) {
+    const yml = loadYaml<KubernetesObject>(manifest);
+    const client = this.getKubeClient();
+    try {
+      await client.create(yml);
+    } catch (e) {
+      this.logger.error("apply error", e.response?.body);
+      if (e.response?.body?.reason === "AlreadyExists") {
+        //patch
+        this.logger.info("patch existing resource: ", yml.metadata?.name);
+        const existing = await client.read(yml as any);
+        if (!yml.metadata) {
+          yml.metadata = {};
+        }
+        yml.metadata.resourceVersion = existing.body.metadata.resourceVersion;
+        await client.patch(yml);
+        return;
+      }
+      throw e;
+    }
   }
 
   /**
@@ -168,6 +192,7 @@ export class K8sClient {
     const oldIngress = await client.readNamespacedIngress(ingressName, namespace);
     const newIngress = merge(oldIngress.body, opts.body);
     const res = await client.replaceNamespacedIngress(ingressName, namespace, newIngress);
+
     this.logger.info("ingress patched", opts.body);
     return res;
   }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+### Performance Improvements
+
+* 第三方登录允许选择logo ([bb3085e](https://github.com/certd/certd/commit/bb3085ef84201ccd2dc632ba8c5097cb00258be4))
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Performance Improvements
+
+* 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/lib-server

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.37.10",
+  "version": "1.37.15",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -28,11 +28,11 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.37.10",
-    "@certd/basic": "^1.37.10",
-    "@certd/pipeline": "^1.37.10",
-    "@certd/plugin-lib": "^1.37.10",
-    "@certd/plus-core": "^1.37.10",
+    "@certd/acme-client": "^1.37.15",
+    "@certd/basic": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
+    "@certd/plugin-lib": "^1.37.15",
+    "@certd/plus-core": "^1.37.15",
     "@midwayjs/cache": "3.14.0",
     "@midwayjs/core": "3.20.11",
     "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/libs/lib-server/src/basic/base-service.ts

@@ -1,5 +1,5 @@
 import { PermissionException, ValidateException } from './exception/index.js';
-import { In, Repository, SelectQueryBuilder } from 'typeorm';
+import { FindOneOptions, In, Repository, SelectQueryBuilder } from 'typeorm';
 import { Inject } from '@midwayjs/core';
 import { TypeORMDataSourceManager } from '@midwayjs/typeorm';
 import { EntityManager } from 'typeorm/entity-manager/EntityManager.js';
@@ -238,4 +238,8 @@ export abstract class BaseService<T> {
 
     await this.delete(ids);
   }
+
+  async findOne(options: FindOneOptions<T>) {
+    return await this.getRepository().findOne(options);
+  }
 }

packages/libs/lib-server/src/user/addon/api/api.ts

@@ -31,6 +31,7 @@ export type AddonDefine = Registrable & {
     [key: string]: AddonInputDefine;
   };
   showTest?: boolean;
+  icon?: string;
 };
 
 export type AddonInstanceConfig = {
@@ -64,6 +65,7 @@ export abstract class BaseAddon implements IAddon {
   http!: HttpClient;
   logger!: ILogger;
 
+  title!: string;
 
 
 

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.37.10",
+  "version": "1.37.15",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -46,5 +46,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+### Performance Improvements
+
+* 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/certd/certd/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Performance Improvements
+
+* ssl.com支持ecc ([b5ec047](https://github.com/certd/certd/commit/b5ec04723db48422f71041f4043002e7f5b450b1))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 ### Performance Improvements

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.37.10",
+  "version": "1.37.15",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.37.10",
-    "@certd/basic": "^1.37.10",
-    "@certd/pipeline": "^1.37.10",
-    "@certd/plugin-lib": "^1.37.10",
+    "@certd/acme-client": "^1.37.15",
+    "@certd/basic": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
+    "@certd/plugin-lib": "^1.37.15",
     "@google-cloud/publicca": "^1.3.0",
     "dayjs": "^1.11.7",
     "jszip": "^3.10.1",
@@ -43,5 +43,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -136,6 +136,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         { value: "letsencrypt", label: "Let's Encrypt（免费，新手推荐）", icon: "simple-icons:letsencrypt" },
         { value: "google", label: "Google（免费）", icon: "flat-color-icons:google" },
         { value: "zerossl", label: "ZeroSSL（免费）", icon: "emojione:digit-zero" },
+        { value: "litessl", label: "litessl（免费）", icon: "roentgen:free" },
         { value: "sslcom", label: "SSL.com（仅主域名和www免费）", icon: "la:expeditedssl" },
         { value: "letsencrypt_staging", label: "Let's Encrypt测试环境（IP证书）", icon: "simple-icons:letsencrypt" },
       ],
@@ -250,6 +251,13 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
   })
   sslcomCommonEabAccessId!: number;
 
+  @TaskInput({
+    title: "litessl公共EAB授权",
+    isSys: true,
+    show: false,
+  })
+  litesslCommonEabAccessId!: number;
+
   @TaskInput({
     title: "EAB授权",
     component: {
@@ -262,13 +270,15 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       "需要提供EAB授权" +
       "\nZeroSSL：请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'" +
       "\nGoogle:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/)，用过一次后会绑定邮箱，后续复用EAB要用同一个邮箱" +
-      "\nSSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api credentials链接，然后点击编辑按钮，查看Secret key和HMAC key",
+      "\nSSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api credentials链接，然后点击编辑按钮，查看Secret key和HMAC key" +
+      "\nlitessl:[litesslEAB页面](https://freessl.cn/automation/eab-manager),然后点击新增EAB",
     mergeScript: `
     return {
         show: ctx.compute(({form})=>{
             return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
             || (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
             || (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
+            || (form.sslProvider === 'litessl' && !form.litesslCommonEabAccessId)
         })
     }
     `,

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,29 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Performance Improvements
+
+*  ssh支持ppk格式私钥 ([575ae16](https://github.com/certd/certd/commit/575ae164c863d0b1f9fa0890549a2ee7472fb469))
+* 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 **Note:** Version bump only for package @certd/plugin-lib

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.37.10",
+  "version": "1.37.15",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -22,8 +22,8 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.10",
     "@aws-sdk/client-s3": "^3.787.0",
-    "@certd/basic": "^1.37.10",
-    "@certd/pipeline": "^1.37.10",
+    "@certd/basic": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",
@@ -53,5 +53,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
+  "gitHead": "ddb18e6c219d0f7a7acb4a3355be5db3fd9e096e"
 }

packages/plugins/plugin-lib/src/tencent/lib/ssl-client.ts

@@ -36,7 +36,7 @@ export class TencentSslClient {
 
   checkRet(ret: any) {
     if (!ret || ret.Error) {
-      throw new Error("请求失败：" + ret.Error.Code + "," + ret.Error.Message);
+      throw new Error("请求失败：" + ret.Error.Code + "," + ret.Error.Message + ",requestId" + ret.RequestId);
     }
   }
 
@@ -70,43 +70,33 @@ export class TencentSslClient {
   }
 
   async deployCertificateInstance(params: any) {
-    const client = await this.getSslClient();
-    const res = await client.DeployCertificateInstance(params);
-    this.checkRet(res);
-    return res;
+    return await this.doRequest("DeployCertificateInstance", params);
   }
 
   async DescribeHostUploadUpdateRecordDetail(params: any) {
-    const client = await this.getSslClient();
-    const res = await client.request("DescribeHostUploadUpdateRecordDetail", params);
-    this.checkRet(res);
-    return res;
+    return await this.doRequest("DescribeHostUploadUpdateRecordDetail", params);
   }
 
   async UploadUpdateCertificateInstance(params: any) {
-    const client = await this.getSslClient();
-    const res = await client.request("UploadUpdateCertificateInstance", params);
-    this.checkRet(res);
-    return res;
+    return await this.doRequest("UploadUpdateCertificateInstance", params);
   }
 
   async DescribeCertificates(params: { Limit?: number; Offset?: number; SearchKey?: string }) {
-    const client = await this.getSslClient();
-    const res = await client.DescribeCertificates({
+    return await this.doRequest("DescribeCertificates", {
       ExpirationSort: "ASC",
       ...params,
     });
-    this.checkRet(res);
-    return res;
   }
 
   async doRequest(action: string, params: any) {
     const client = await this.getSslClient();
-    if (!client[action]) {
-      throw new Error(`action ${action} not found`);
+    try {
+      const res = await client.request(action, params);
+      this.checkRet(res);
+      return res;
+    } catch (e) {
+      this.logger.error(`action ${action} error: ${e.message},requestId=${e.RequestId}`);
+      throw e;
     }
-    const res = await client[action](params);
-    this.checkRet(res);
-    return res;
   }
 }

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,44 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Performance Improvements
+
+* 第三方登录支持gitee ([5cee7d4](https://github.com/certd/certd/commit/5cee7d44f17bd36972f477bc1f270999da558d05))
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+### Bug Fixes
+
+* 修复注销登录时，第三方登录注销请求失败的报错 ([677e110](https://github.com/certd/certd/commit/677e1101e6cf4451abd8a876cc1d0ddd26a10b88))
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+### Performance Improvements
+
+* 第三方登录允许选择logo ([bb3085e](https://github.com/certd/certd/commit/bb3085ef84201ccd2dc632ba8c5097cb00258be4))
+* 支持OIDC单点登录 ([fbf12f1](https://github.com/certd/certd/commit/fbf12f16b5eaa7676fd41923587bf6bd2595adba))
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+### Performance Improvements
+
+* 支持微信扫码登录 ([73325aa](https://github.com/certd/certd/commit/73325aaefb0e750a22aaac40929e7bf3f5864996))
+* 支持证书颁发机构 LiteSSL ([6be7591](https://github.com/certd/certd/commit/6be75913324e2828d9016eb307ff2d0abbbb2191))
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Bug Fixes
+
+* 修复备注撑开表格行高的bug ([c7b298c](https://github.com/certd/certd/commit/c7b298c46f0d52b43bd2bb17b374e7970a446446))
+* 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
+
+### Performance Improvements
+
+* 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
+* 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 ### Performance Improvements

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.37.10",
+  "version": "1.37.15",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -33,11 +33,11 @@
     "@aws-sdk/s3-request-presigner": "^3.535.0",
     "@certd/vue-js-cron-light": "^4.0.14",
     "@ctrl/tinycolor": "^4.1.0",
-    "@fast-crud/editor-code": "^1.27.4",
-    "@fast-crud/fast-crud": "^1.27.4",
-    "@fast-crud/fast-extends": "^1.27.4",
-    "@fast-crud/ui-antdv4": "^1.27.4",
-    "@fast-crud/ui-interface": "^1.27.4",
+    "@fast-crud/editor-code": "^1.27.7",
+    "@fast-crud/fast-crud": "^1.27.7",
+    "@fast-crud/fast-extends": "^1.27.7",
+    "@fast-crud/ui-antdv4": "^1.27.7",
+    "@fast-crud/ui-interface": "^1.27.7",
     "@iconify/tailwind": "^1.2.0",
     "@iconify/vue": "^4.1.1",
     "@manypkg/get-packages": "^2.2.2",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.37.10",
-    "@certd/pipeline": "^1.37.10",
+    "@certd/lib-iframe": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/api/service.ts

@@ -47,11 +47,12 @@ function createService() {
         //如果不需要解包
         return dataAxios;
       }
-
+      //@ts-ignore
+      const showErrorNotify = response?.config?.showErrorNotify;
       // 这个状态码是和后端约定的
       if (dataAxios?.code === undefined) {
         // 如果没有 code 代表这不是项目后端开发的接口
-        errorCreate(`非标准返回：${dataAxios}， ${response.config.url}`);
+        errorCreate(`非标准返回：${dataAxios}， ${response.config.url}`, showErrorNotify);
         return dataAxios;
       }
       const { code } = dataAxios;
@@ -70,8 +71,6 @@ function createService() {
             // @ts-ignore
             response.config.onError(err);
           }
-          //@ts-ignore
-          const showErrorNotify = response?.config?.showErrorNotify;
           errorCreate(`${errorMessage}: ${response.config.url}`, showErrorNotify, dataAxios);
       }
     },

packages/ui/certd-client/src/api/tools.ts

@@ -69,7 +69,7 @@ export function errorLog(error: any, notify = true) {
  * @description 创建一个错误
  */
 export function errorCreate(msg: string, notify = true, data?: any) {
-  const err = new CodeError(msg, data.code, data.data);
+  const err = new CodeError(msg, data?.code || 1, data?.data);
   console.error("errorCreate", err);
   if (notify) {
     uiContext.get().notification.error({ message: err.message });

packages/ui/certd-client/src/components/tutorial/tutorial-steps.vue

@@ -164,7 +164,7 @@ const steps = ref<Step[]>([
       {
         image: "/static/doc/images/15-1-email.png",
         title: t("guide.scheduleAndEmailTask.setEmailNotification"),
-        descriptions: [t("guide.scheduleAndEmailTask.suggestErrorAndRecoveryEmails"), t("guide.scheduleAndEmailTask.basicVersionNeedsMailServer")],
+        descriptions: [t("guide.scheduleAndEmailTask.suggestErrorAndRecoveryEmails")],
       },
       {
         title: t("guide.scheduleAndEmailTask.tutorialEndTitle"),

packages/ui/certd-client/src/layout/layout-basic.vue

@@ -82,7 +82,7 @@ provide("fn:ai.open", openChat);
       <LockScreen :avatar @to-login="handleLogout" />
     </template>
     <template #header-right-0>
-      <div v-if="!settingStore.isComm" class="hover:bg-accent ml-1 mr-2 cursor-pointer rounded-full hidden md:block">
+      <div class="hover:bg-accent ml-1 mr-2 cursor-pointer rounded-full hidden md:block">
         <tutorial-button class="flex-center header-btn" />
       </div>
       <div class="hover:bg-accent ml-1 mr-2 cursor-pointer rounded-full">

packages/ui/certd-client/src/layout/layout-framework.vue

@@ -75,7 +75,7 @@
         <div>
           <span v-if="!settingStore.isComm">
             <span>Powered by</span>
-            <a> handsfree.work </a>
+            <a> handfree.work </a>
           </span>
 
           <template v-if="siteInfo.licenseTo">

packages/ui/certd-client/src/layout/layout-outside.vue

@@ -1,8 +1,8 @@
 <template>
   <div id="userLayout" :class="['user-layout-wrapper']">
-    <div class="login-container flex-center">
-      <div class="user-layout-content flex-center flex-col">
-        <div class="top flex flex-col items-center justify-center">
+    <div class="login-container flex justify-start">
+      <div class="user-layout-content flex-col justify-start">
+        <div class="top flex flex-col items-center justify-start">
           <div class="header flex flex-row items-center">
             <img :src="siteInfo.loginLogo" class="logo" alt="logo" />
             <span class="title"></span>
@@ -10,8 +10,9 @@
           <div class="desc">{{ siteInfo.slogan }}</div>
         </div>
 
-        <router-view />
-
+        <div class="flex-1 flex flex-col justify-start items-center">
+          <router-view />
+        </div>
         <div class="footer">
           <div class="copyright">
             <span v-if="!settingStore.isComm">
@@ -73,6 +74,7 @@ const sysPublic: Ref<SysPublicSetting> = computed(() => {
   .login-container {
     width: 100%;
     height: 100%;
+    overflow: auto;
     background: #f0f2f5 url(/static/background.svg) no-repeat 50%;
     background-size: 100%;
     //padding: 50px 0 84px;

packages/ui/certd-client/src/locales/langs/en-US/authentication.ts

@@ -57,6 +57,7 @@ export default {
   passwordPlaceholder: "Please enter your password",
   mobilePlaceholder: "Please enter your mobile number",
   loginButton: "Log In",
+  bindButton: "Bind Account",
   forgotPassword: "Forgot password?",
   forgotAdminPassword: "Forgot admin password?",
   registerLink: "Register",
@@ -83,4 +84,6 @@ export default {
   phoneNumber: "Phone Number",
   changePassword: "Change Password",
   updateProfile: "Update Profile",
+  oauthLoginTitle: "Other ways of login",
+  oauthOnlyLoginTitle: "Login",
 };

packages/ui/certd-client/src/locales/langs/en-US/certd.ts

@@ -743,6 +743,8 @@ export default {
       paymentSetting: "Payment Settings",
       captchaSetting: "Captcha Setting",
       pipelineSetting: "Pipeline Settings",
+      oauthSetting: "OAuth2 Settings",
+
       showRunStrategy: "Show RunStrategy",
       showRunStrategyHelper: "Allow modify the run strategy of the task",
 
@@ -760,6 +762,24 @@ export default {
       fixedCertExpireDays: "Fixed Cert Expire Days",
       fixedCertExpireDaysHelper: "Fixed cert expiration days, helpful for table list progress bar display",
       fixedCertExpireDaysRecommend: "Recommend 90",
+
+      enableOauth: "Enable OAuth2 Login",
+      oauthEnabledHelper: "Whether to enable OAuth2 login",
+      oauthProviders: "OAuth2 Login Providers",
+      oauthType: "OAuth2 Login Type",
+      oauthConfig: "OAuth2 Login Config",
+      oauthProviderSelectorPlaceholder: "Not Configured",
+      oauthCallback: "Callback URL",
+      oauthCallbackHelper: "Copy this URL to the callback address of the OAuth2 login provider",
+      oauthCallbackCopy: "Copy Callback URL",
+      oauthAutoRegister: "Auto Register User",
+      oauthAutoRegisterCheckedText: "Auto Register",
+      oauthAutoRegisterUnCheckedText: "User Select",
+      oauthAutoRegisterHelper: "Whether to auto register user when login",
+      oauthAutoRedirect: "Auto Redirect to OAuth2 Login",
+      oauthAutoRedirectHelper: "Whether to auto redirect to OAuth2 login when login (using the first enabled OAuth2 login type)",
+      oauthOnly: "OAuth2 Login Only",
+      oauthOnlyHelper: "Whether to only allow OAuth2 login, disable password login",
     },
   },
   modal: {

packages/ui/certd-client/src/locales/langs/en-US/guide.ts

@@ -64,7 +64,6 @@ export default {
     recommendDailyRun: "Recommend configuring to run once daily; new certs requested 35 days before expiry and auto-skipped otherwise",
     setEmailNotification: "Set Email Notifications",
     suggestErrorAndRecoveryEmails: "Suggest listening for 'On Error' and 'Error to Success' to quickly troubleshoot failures (basic version requires mail server setup)",
-    basicVersionNeedsMailServer: "(basic version requires configuring mail server)",
     tutorialEndTitle: "Tutorial End",
     thanksForWatching: "Thank you for watching, hope it helps you",
   },

packages/ui/certd-client/src/locales/langs/zh-CN/authentication.ts

@@ -57,6 +57,7 @@ export default {
   passwordPlaceholder: "请输入密码",
   mobilePlaceholder: "请输入手机号",
   loginButton: "登录",
+  bindButton: "绑定账号",
   forgotPassword: "忘记密码？",
   forgotAdminPassword: "忘记管理员密码？",
   registerLink: "注册",
@@ -84,4 +85,7 @@ export default {
   phoneNumber: "手机号",
   changePassword: "修改密码",
   updateProfile: "修改个人信息",
+
+  oauthLoginTitle: "其他登录方式",
+  oauthOnlyLoginTitle: "登录",
 };

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -604,7 +604,7 @@ export default {
   limitUserPipelineCountHelper: "0为不限制",
   enableSelfRegistration: "开启自助注册",
   enableUserValidityPeriod: "开启用户有效期",
-  userValidityPeriodHelper: "有效期内用户可正常使用，失效后流水线将被停用",
+  userValidityPeriodHelper: "有效期内用户可正常使用，失效后用户的流水线将被停用",
   enableUsernameRegistration: "开启用户名注册",
   enableEmailRegistration: "开启邮箱注册",
   proFeature: "专业版功能",
@@ -743,6 +743,7 @@ export default {
       paymentSetting: "支付设置",
       captchaSetting: "验证码设置",
       pipelineSetting: "流水线设置",
+      oauthSetting: "第三方登录",
 
       showRunStrategy: "显示运行策略选择",
       showRunStrategyHelper: "任务设置中是否允许选择运行策略",
@@ -761,6 +762,24 @@ export default {
       fixedCertExpireDays: "固定证书有效期天数",
       fixedCertExpireDaysHelper: "固定证书有效期天数，有助于列表进度条整齐显示",
       fixedCertExpireDaysRecommend: "推荐90",
+
+      enableOauth: "启用第三方登录",
+      oauthEnabledHelper: "是否启用第三方登录",
+      oauthProviders: "第三方登录提供商",
+      oauthType: "第三方登录类型",
+      oauthConfig: "第三方登录配置",
+      oauthProviderSelectorPlaceholder: "未配置",
+      oauthCallback: "回调地址",
+      oauthCallbackHelper: "复制回调地址，配置到对应提供商的回调地址中",
+      oauthCallbackCopy: "复制回调地址",
+      oauthAutoRegister: "自动注册用户",
+      oauthAutoRegisterHelper: "当第三方账户未绑定本站账号时，是否自动注册用户，默认由用户选择",
+      oauthAutoRegisterCheckedText: "自动注册",
+      oauthAutoRegisterUnCheckedText: "用户选择",
+      oauthAutoRedirect: "自动跳转第三方登录",
+      oauthAutoRedirectHelper: "是否自动跳转第三方登录（使用第一个已启用的第三方登录类型）",
+      oauthOnly: "仅使用第三方登录",
+      oauthOnlyHelper: "是否仅使用第三方登录，关闭密码登录（注意：请务必在测试第三方登录功能正常后再开启）",
     },
   },
   modal: {

packages/ui/certd-client/src/locales/langs/zh-CN/guide.ts

@@ -61,10 +61,9 @@ export default {
     description: "自动运行",
     setSchedule: "设置定时执行",
     pipelineSuccessThenSchedule: "流水线测试成功，接下来配置定时触发，以后每天定时执行就不用管了",
-    recommendDailyRun: "推荐配置每天运行一次，在到期前35天才会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
+    recommendDailyRun: "推荐配置每天运行一次，默认到期前35天会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
     setEmailNotification: "设置邮件通知",
-    suggestErrorAndRecoveryEmails: "建议选择监听'错误时'和'错误转成功'两种即可，在意外失败时可以尽快去排查问题，（基础版需要配置邮件服务器）",
-    basicVersionNeedsMailServer: "（基础版需要配置邮件服务器）",
+    suggestErrorAndRecoveryEmails: "建议选择监听'错误时'和'错误转成功'两种即可，在意外失败时可以尽快去排查问题",
     tutorialEndTitle: "教程结束",
     thanksForWatching: "感谢观看，希望对你有所帮助",
   },

packages/ui/certd-client/src/store/settings/api.basic.ts

@@ -62,6 +62,13 @@ export type SysPublicSetting = {
 
   // 第三方OAuth配置
   oauthEnabled?: boolean;
+  // 是否自动注册用户
+  oauthAutoRegister?: boolean;
+  // 是否自动跳转第三方登录
+  oauthAutoRedirect?: boolean;
+  // 是否仅允许使用第三方登录
+  oauthOnly?: boolean;
+  // 第三方OAuth登录提供者配置
   oauthProviders?: Record<
     string,
     {

packages/ui/certd-client/src/store/user/api.user.ts

@@ -100,3 +100,10 @@ export async function loginByTwoFactor(data: any) {
     data,
   });
 }
+
+export async function OauthProviders() {
+  return await request({
+    url: "/oauth/providers",
+    method: "post",
+  });
+}

packages/ui/certd-client/src/store/user/index.ts

@@ -14,6 +14,7 @@ import { mitter } from "/src/utils/util.mitt";
 import { resetAllStores, useAccessStore } from "/@/vben/stores";
 
 import { useUserStore as vbenUserStore } from "/@/vben/stores/modules/user";
+import { request } from "/@/api/service";
 
 interface UserState {
   userInfo: Nullable<UserInfoRes>;
@@ -116,15 +117,39 @@ export const useUserStore = defineStore({
      * @description: logout
      */
     async logout(goLogin = true, from401 = false) {
+      if (!from401 && this.getToken) {
+        try {
+          await UserApi.logout(); //主要是清空cookie
+        } catch (e) {
+          console.error("注销登录请求失败：", e);
+        }
+      }
+
       this.resetState();
       resetAllStores();
-      if (!from401) {
-        await UserApi.logout(); //主要是清空cookie
-      }
+      // 第三方登录注销
+      await this.oauthLogout();
       goLogin && router.push("/login");
       mitter.emit("app.logout");
     },
 
+    async oauthLogout() {
+      const providers = await UserApi.OauthProviders();
+      for (const provider of providers) {
+        if (provider.logoutUrl) {
+          try {
+            await request({
+              url: provider.logoutUrl,
+              method: "get",
+              withCredentials: true,
+              showErrorNotify: false,
+            });
+          } catch (e) {
+            console.error("注销第三方登录失败：", e);
+          }
+        }
+      }
+    },
     /**
      * @description: Confirm before logging out
      */

packages/ui/certd-client/src/views/certd/addon/addon-selector/index.vue

@@ -1,6 +1,6 @@
 <template>
   <div class="addon-selector">
-    <div class="flex-o w-100">
+    <div class="flex-o w-100 inner">
       <!--      <fs-dict-select class="flex-1" :value="modelValue" :dict="optionsDictRef" :disabled="disabled" :render-label="renderLabel" :slots="selectSlots" :allow-clear="true" v-bind="select" @update:value="onChange" />-->
       <span v-if="modelValue" class="mr-5 cd-flex-inline">
         <a-tag class="mr-5" color="green">{{ target?.name || modelValue }}</a-tag>
@@ -175,5 +175,9 @@ async function doRefresh() {
 <style lang="less">
 .addon-selector {
   width: 100%;
+  .inner {
+    display: flex;
+    align-items: center;
+  }
 }
 </style>

packages/ui/certd-client/src/views/certd/addon/common.tsx

@@ -121,7 +121,14 @@ export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any, a
       },
       editForm: {
         component: {
-          disabled: false,
+          disabled: true,
+        },
+      },
+      addForm: {
+        component: {
+          disabled: compute(({ form }) => {
+            return form.type ? true : false;
+          }),
         },
       },
       form: {

packages/ui/certd-client/src/views/certd/addon/crud.tsx

@@ -40,6 +40,12 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
         editRequest,
         delRequest,
       },
+      search: {
+        initialForm: {
+          addonType: addonType,
+          type: type,
+        },
+      },
       form: {
         labelCol: {
           //固定label宽度

packages/ui/certd-client/src/views/certd/mine/api.ts

@@ -22,3 +22,36 @@ export async function UpdateProfile(form: any) {
     data: form,
   });
 }
+
+export async function GetOauthBounds() {
+  return await request({
+    url: "/oauth/bounds",
+    method: "POST",
+  });
+}
+
+export async function GetOauthProviders() {
+  return await request({
+    url: "/oauth/providers",
+    method: "POST",
+  });
+}
+
+export async function UnbindOauth(type: string) {
+  return await request({
+    url: "/oauth/unbind",
+    method: "POST",
+    data: { type },
+  });
+}
+
+export async function OauthBoundUrl(type: string) {
+  return await request({
+    url: "/oauth/login",
+    method: "POST",
+    data: {
+      type,
+      forType: "bind",
+    },
+  });
+}

packages/ui/certd-client/src/views/certd/mine/user-profile.vue

@@ -15,7 +15,16 @@
         </a-descriptions-item>
         <a-descriptions-item :label="t('authentication.email')">{{ userInfo.email }}</a-descriptions-item>
         <a-descriptions-item :label="t('authentication.phoneNumber')">{{ userInfo.phoneCode }}{{ userInfo.mobile }}</a-descriptions-item>
-        <a-descriptions-item></a-descriptions-item>
+        <a-descriptions-item v-if="settingStore.sysPublic.oauthEnabled && settingStore.isPlus" label="第三方账号绑定">
+          <template v-for="item in computedOauthBounds" :key="item.name">
+            <div v-if="item.addonId" class="flex items-center gap-2 mb-2">
+              <fs-icon :icon="item.icon" class="mr-2 text-blue-500 w-5 flex justify-center items-center" />
+              <span class="mr-2 w-36">{{ item.title }}</span>
+              <a-button v-if="item.bound" type="primary" danger @click="unbind(item.name)">解绑</a-button>
+              <a-button v-else type="primary" @click="bind(item.name)">绑定</a-button>
+            </div>
+          </template>
+        </a-descriptions-item>
         <a-descriptions-item :label="t('common.handle')">
           <a-button type="primary" @click="doUpdate">{{ t("authentication.updateProfile") }}</a-button>
           <change-password-button class="ml-10" :show-button="true"> </change-password-button>
@@ -27,10 +36,13 @@
 
 <script lang="ts" setup>
 import * as api from "./api";
-import { Ref, ref } from "vue";
+import { computed, onMounted, Ref, ref } from "vue";
 import ChangePasswordButton from "/@/views/certd/mine/change-password-button.vue";
 import { useI18n } from "/src/locales";
 import { useUserProfile } from "./use";
+import { Modal } from "ant-design-vue";
+import { useSettingStore } from "/@/store/settings";
+import { isEmpty } from "lodash-es";
 
 const { t } = useI18n();
 
@@ -38,13 +50,13 @@ defineOptions({
   name: "UserProfile",
 });
 
+const settingStore = useSettingStore();
+
 const userInfo: Ref = ref({});
 
 const getUserInfo = async () => {
   userInfo.value = await api.getMineInfo();
 };
-getUserInfo();
-
 const { openEditProfileDialog } = useUserProfile();
 
 function doUpdate() {
@@ -54,4 +66,51 @@ function doUpdate() {
     },
   });
 }
+
+const oauthBounds = ref([]);
+const oauthProviders = ref([]);
+async function loadOauthBounds() {
+  const res = await api.GetOauthBounds();
+  oauthBounds.value = res;
+}
+async function loadOauthProviders() {
+  const res = await api.GetOauthProviders();
+  oauthProviders.value = res;
+}
+
+const computedOauthBounds = computed(() => {
+  const list = oauthProviders.value.map(item => {
+    const bound = oauthBounds.value.find(bound => bound.type === item.name);
+    return {
+      ...item,
+      bound,
+    };
+  });
+  return list;
+});
+
+async function unbind(type: string) {
+  Modal.confirm({
+    title: "确认解绑吗？",
+    okText: "确认",
+    okType: "danger",
+    onOk: async () => {
+      await api.UnbindOauth(type);
+      await loadOauthBounds();
+    },
+  });
+}
+
+async function bind(type: string) {
+  //获取第三方登录URL
+  const res = await api.OauthBoundUrl(type);
+  const loginUrl = res.loginUrl;
+  window.location.href = loginUrl;
+}
+
+onMounted(async () => {
+  await getUserInfo();
+  await loadOauthBounds();
+  await loadOauthProviders();
+});
 </script>

packages/ui/certd-client/src/views/certd/pipeline/crud.tsx

@@ -15,8 +15,9 @@ import GroupSelector from "/@/views/certd/pipeline/group/group-selector.vue";
 import { useCertViewer } from "/@/views/certd/pipeline/use";
 import { useI18n } from "/src/locales";
 import { GetDetail, GetObj } from "./api";
+import { groupDictRef } from "./group/dicts";
 
-export default function ({ crudExpose, context: { groupDictRef, selectedRowKeys } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
+export default function ({ crudExpose, context: { selectedRowKeys } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
   const router = useRouter();
   const lastResRef = ref();
 
@@ -495,6 +496,11 @@ export default function ({ crudExpose, context: { groupDictRef, selectedRowKeys
             component: {
               name: GroupSelector,
               vModel: "modelValue",
+              on: {
+                refresh: async () => {
+                  await groupDictRef.reloadDict();
+                },
+              },
             },
           },
           column: {

packages/ui/certd-client/src/views/certd/pipeline/group/dicts.ts

@@ -0,0 +1,7 @@
+import { dict } from "@fast-crud/fast-crud";
+
+export const groupDictRef = dict({
+  url: "/pi/pipeline/group/all",
+  value: "id",
+  label: "name",
+});

packages/ui/certd-client/src/views/certd/pipeline/group/group-selector.vue

@@ -35,6 +35,7 @@
 <script setup lang="ts">
 import createCrudOptions from "./crud";
 import { dict, FsDictSelect } from "@fast-crud/fast-crud";
+import { groupDictRef } from "./dicts";
 
 const props = defineProps<{
   modelValue?: number;
@@ -43,11 +44,7 @@ const props = defineProps<{
 defineOptions({
   name: "GroupSelector",
 });
-const groupDictRef = dict({
-  url: "/pi/pipeline/group/all",
-  value: "id",
-  label: "name",
-});
+
 const emit = defineEmits(["refresh", "update:modelValue"]);
 function doRefresh() {
   emit("refresh");

packages/ui/certd-client/src/views/certd/pipeline/index.vue

@@ -35,19 +35,14 @@ import { useI18n } from "/src/locales";
 const { t } = useI18n();
 import ChangeNotification from "/@/views/certd/pipeline/components/change-notification.vue";
 import { useSettingStore } from "/@/store/settings";
+import { groupDictRef } from "./group/dicts";
 
 defineOptions({
   name: "PipelineManager",
 });
 
-const groupDictRef = dict({
-  url: "/pi/pipeline/group/all",
-  value: "id",
-  label: "name",
-});
 const selectedRowKeys = ref([]);
 const context: any = {
-  groupDictRef,
   selectedRowKeys,
 };
 const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });

packages/ui/certd-client/src/views/framework/login/index.vue

@@ -2,74 +2,75 @@
   <div class="main login-page">
     <a-form v-if="!twoFactor.loginId" ref="formRef" class="user-layout-login" name="custom-validation" :model="formState" v-bind="layout" @finish="handleFinish" @finish-failed="handleFinishFailed">
       <!--      <div class="login-title">登录</div>-->
-      <a-tabs v-model:active-key="formState.loginType" :tab-bar-style="{ textAlign: 'center', borderBottom: 'unset' }">
-        <a-tab-pane key="password" :tab="t('authentication.passwordTab')" :disabled="sysPublicSettings.passwordLoginEnabled !== true">
-          <template v-if="formState.loginType === 'password'">
-            <!--      <div class="login-title">登录</div>-->
-            <a-form-item required has-feedback name="username" :rules="rules.username">
-              <a-input v-model:value="formState.username" :placeholder="t('authentication.usernamePlaceholder')" autocomplete="off" @keydown.enter="handleFinish">
-                <template #prefix>
-                  <fs-icon icon="ion:phone-portrait-outline"></fs-icon>
-                </template>
-              </a-input>
-            </a-form-item>
-            <a-form-item has-feedback name="password" :rules="rules.password">
-              <a-input-password v-model:value="formState.password" :placeholder="t('authentication.passwordPlaceholder')" autocomplete="off" @keyup.enter="handleFinish">
-                <template #prefix>
-                  <fs-icon icon="ion:lock-closed-outline"></fs-icon>
-                </template>
-              </a-input-password>
-            </a-form-item>
+      <template v-if="!isOauthOnly">
+        <a-tabs v-model:active-key="formState.loginType" :tab-bar-style="{ textAlign: 'center', borderBottom: 'unset' }">
+          <a-tab-pane key="password" :tab="t('authentication.passwordTab')" :disabled="sysPublicSettings.passwordLoginEnabled !== true">
+            <template v-if="formState.loginType === 'password'">
+              <!--      <div class="login-title">登录</div>-->
+              <a-form-item required has-feedback name="username" :rules="rules.username">
+                <a-input v-model:value="formState.username" :placeholder="t('authentication.usernamePlaceholder')" autocomplete="off" @keydown.enter="handleFinish">
+                  <template #prefix>
+                    <fs-icon icon="ion:phone-portrait-outline"></fs-icon>
+                  </template>
+                </a-input>
+              </a-form-item>
+              <a-form-item has-feedback name="password" :rules="rules.password">
+                <a-input-password v-model:value="formState.password" :placeholder="t('authentication.passwordPlaceholder')" autocomplete="off" @keyup.enter="handleFinish">
+                  <template #prefix>
+                    <fs-icon icon="ion:lock-closed-outline"></fs-icon>
+                  </template>
+                </a-input-password>
+              </a-form-item>
 
-            <a-form-item v-if="settingStore.sysPublic.captchaEnabled" has-feedback required name="captcha" :rules="rules.captcha">
-              <CaptchaInput v-model:model-value="formState.captcha" @keydown.enter="handleFinish"></CaptchaInput>
-            </a-form-item>
-          </template>
-        </a-tab-pane>
-        <a-tab-pane v-if="sysPublicSettings.smsLoginEnabled === true" key="sms" :tab="t('authentication.smsTab')">
-          <template v-if="formState.loginType === 'sms'">
-            <a-form-item has-feedback name="mobile" :rules="rules.mobile">
-              <a-input v-model:value="formState.mobile" :placeholder="t('authentication.mobilePlaceholder')" autocomplete="off">
-                <template #prefix>
-                  <fs-icon icon="ion:phone-portrait-outline"></fs-icon>
-                </template>
-              </a-input>
-            </a-form-item>
+              <a-form-item v-if="settingStore.sysPublic.captchaEnabled" has-feedback required name="captcha" :rules="rules.captcha">
+                <CaptchaInput v-model:model-value="formState.captcha" @keydown.enter="handleFinish"></CaptchaInput>
+              </a-form-item>
+            </template>
+          </a-tab-pane>
+          <a-tab-pane v-if="sysPublicSettings.smsLoginEnabled === true" key="sms" :tab="t('authentication.smsTab')">
+            <template v-if="formState.loginType === 'sms'">
+              <a-form-item has-feedback name="mobile" :rules="rules.mobile">
+                <a-input v-model:value="formState.mobile" :placeholder="t('authentication.mobilePlaceholder')" autocomplete="off">
+                  <template #prefix>
+                    <fs-icon icon="ion:phone-portrait-outline"></fs-icon>
+                  </template>
+                </a-input>
+              </a-form-item>
 
-            <a-form-item has-feedback name="smsCaptcha">
-              <CaptchaInput v-model:model-value="formState.smsCaptcha" @keydown.enter="handleFinish"></CaptchaInput>
-            </a-form-item>
+              <a-form-item has-feedback name="smsCaptcha">
+                <CaptchaInput v-model:model-value="formState.smsCaptcha" @keydown.enter="handleFinish"></CaptchaInput>
+              </a-form-item>
 
-            <a-form-item name="smsCode" :rules="rules.smsCode">
-              <sms-code v-model:value="formState.smsCode" :captcha="formState.smsCaptcha" :mobile="formState.mobile" :phone-code="formState.phoneCode" @error="formState.smsCaptcha = null" />
-            </a-form-item>
-          </template>
-        </a-tab-pane>
-      </a-tabs>
-      <a-form-item>
-        <a-button type="primary" size="large" html-type="button" :loading="loading" class="login-button" @click="handleFinish">
-          {{ t("authentication.loginButton") }}
-        </a-button>
+              <a-form-item name="smsCode" :rules="rules.smsCode">
+                <sms-code v-model:value="formState.smsCode" :captcha="formState.smsCaptcha" :mobile="formState.mobile" :phone-code="formState.phoneCode" @error="formState.smsCaptcha = null" />
+              </a-form-item>
+            </template>
+          </a-tab-pane>
+        </a-tabs>
+        <a-form-item>
+          <a-button type="primary" size="large" html-type="button" :loading="loading" class="login-button" @click="handleFinish">
+            {{ queryBindCode ? t("authentication.bindButton") : t("authentication.loginButton") }}
+          </a-button>
+        </a-form-item>
+        <a-form-item>
+          <div class="mt-2 flex justify-between items-center">
+            <div class="flex items-center gap-2">
+              <language-toggle class="text-blue-500"></language-toggle>
+              <router-link v-if="!!settingStore.sysPublic.selfServicePasswordRetrievalEnabled && !queryBindCode" :to="{ name: 'forgotPassword' }">
+                {{ t("authentication.forgotPassword") }}
+              </router-link>
+            </div>
 
-        <div v-if="!!settingStore.sysPublic.selfServicePasswordRetrievalEnabled && !queryBindCode" class="mt-2">
-          <router-link :to="{ name: 'forgotPassword' }">
-            {{ t("authentication.forgotPassword") }}
-          </router-link>
-        </div>
-      </a-form-item>
+            <router-link v-if="hasRegisterTypeEnabled() && !queryBindCode" class="register" :to="{ name: 'register' }">
+              {{ t("authentication.registerLink") }}
+            </router-link>
+          </div>
+        </a-form-item>
+      </template>
 
-      <a-form-item class="user-login-other">
-        <div class="flex flex-between justify-between items-center">
-          <language-toggle class="color-blue"></language-toggle>
-          <router-link v-if="hasRegisterTypeEnabled() && !queryBindCode" class="register" :to="{ name: 'register' }">
-            {{ t("authentication.registerLink") }}
-          </router-link>
-        </div>
-
-        <div class="flex flex-between justify-between items-center mt-5">
-          <oauth-footer></oauth-footer>
-        </div>
-      </a-form-item>
+      <div v-if="!queryBindCode && settingStore.sysPublic.oauthEnabled && settingStore.isPlus" class="w-full">
+        <oauth-footer :oauth-only="isOauthOnly"></oauth-footer>
+      </div>
     </a-form>
     <a-form v-else ref="twoFactorFormRef" class="user-layout-login" :model="twoFactor" v-bind="layout">
       <div class="mb-10 flex flex-center">请打开您的Authenticator APP，获取动态验证码。</div>
@@ -84,14 +85,14 @@
         <loading-button type="primary" size="large" html-type="button" class="login-button" :click="handleTwoFactorSubmit">OTP验证登录</loading-button>
       </a-form-item>
 
-      <a-form-item class="user-login-other">
+      <a-form-item class="mt-10">
         <a class="register" @click="twoFactor.loginId = null"> 返回 </a>
       </a-form-item>
     </a-form>
   </div>
 </template>
 <script lang="ts">
-import { defineComponent, nextTick, reactive, ref, toRaw } from "vue";
+import { computed, defineComponent, nextTick, reactive, ref, toRaw } from "vue";
 import { useUserStore } from "/src/store/user";
 import { useSettingStore } from "/@/store/settings";
 import { utils } from "@fast-crud/fast-crud";
@@ -112,6 +113,7 @@ export default defineComponent({
 
     const queryBindCode = ref(route.query.bindCode as string | undefined);
 
+    const queryOauthOnly = route.query.oauthOnly as string;
     const urlLoginType = route.query.loginType as string | undefined;
     const verifyCodeInputRef = ref();
     const loading = ref(false);
@@ -233,6 +235,12 @@ export default defineComponent({
     const captchaInputRef = ref();
     const captchaInputForSmsCode = ref();
 
+    const isOauthOnly = computed(() => {
+      if (queryOauthOnly === "false" || queryOauthOnly === "0") {
+        return false;
+      }
+      return sysPublicSettings.oauthOnly && settingStore.isPlus && sysPublicSettings.oauthEnabled;
+    });
     return {
       t,
       loading,
@@ -240,6 +248,7 @@ export default defineComponent({
       formRef,
       rules,
       layout,
+      isOauthOnly,
       handleFinishFailed,
       handleFinish,
       resetForm,
@@ -268,6 +277,11 @@ export default defineComponent({
     //  font-size: 14px;
     //}
 
+    .fs-icon {
+      // color: rgba(0, 0, 0, 0.45);
+      margin-right: 4px;
+    }
+
     .login-title {
       font-size: 18px;
       text-align: center;
@@ -321,11 +335,6 @@ export default defineComponent({
       }
     }
 
-    .fs-icon {
-      color: rgba(0, 0, 0, 0.45);
-      margin-right: 4px;
-    }
-
     .ant-input-affix-wrapper {
       line-height: 1.8 !important;
       font-size: 14px !important;

packages/ui/certd-client/src/views/framework/oauth/api.ts

@@ -2,23 +2,25 @@ import { request } from "/src/api/service";
 
 const apiPrefix = "/oauth";
 
-export async function OauthLogin(type: string) {
+export async function OauthLogin(type: string, forType?: string, from?: string) {
   return await request({
     url: apiPrefix + `/login`,
     method: "post",
     data: {
       type,
+      forType: forType || "login",
+      from: from || "web",
     },
   });
 }
 
-export async function OauthCallback(type: string, query: Record<string, string>) {
+export async function OauthToken(type: string, validationCode: string) {
   return await request({
-    url: apiPrefix + `/callback`,
+    url: apiPrefix + `/token`,
     method: "post",
     data: {
       type,
-      ...query,
+      validationCode,
     },
   });
 }
@@ -43,3 +45,10 @@ export async function BindUser(code: string) {
     },
   });
 }
+
+export async function GetOauthProviders() {
+  return await request({
+    url: apiPrefix + "/providers",
+    method: "post",
+  });
+}

packages/ui/certd-client/src/views/framework/oauth/oauth-callback.vue

@@ -2,18 +2,19 @@
   <div class="oauth-callback-page">
     <div class="oauth-callback-content">
       <div v-if="!bindRequired" class="oauth-callback-title">
-        <span>登录中...</span>
+        <span v-if="!error">登录中...</span>
+        <span v-else>{{ error }}</span>
       </div>
-      <div v-else class="oauth-callback-title">
-        <div>第三方登录成功，还未绑定账号，请选择</div>
+      <div v-else class="oauth-callback-title mt-10">
+        <div>第三方（{{ oauthType }}）登录成功，您还未绑定账号，请选择</div>
 
-        <div>
-          <a-button class="w-full mt-5" type="primary" @click="goBindUser">绑定已有账号</a-button>
-          <a-button class="w-full mt-5" type="primary" @click="autoRegister">创建新账号</a-button>
+        <div class="mt-10">
+          <a-button class="w-full mt-10" type="primary" @click="goBindUser">绑定已有账号</a-button>
+          <a-button v-if="settingStore.sysPublic.registerEnabled" class="w-full mt-10" type="primary" @click="autoRegister">创建新账号</a-button>
         </div>
 
-        <div class="w-full mt-5">
-          <router-link to="/login" class="w-full mt-5" type="primary">返回登录页</router-link>
+        <div class="w-full mt-10">
+          <router-link to="/login" class="w-full mt-10" type="primary">返回登录页</router-link>
         </div>
       </div>
     </div>
@@ -25,21 +26,24 @@ import { ref, onMounted } from "vue";
 import * as api from "./api";
 import { useRoute, useRouter } from "vue-router";
 import { useUserStore } from "/@/store/user";
+import { notification } from "ant-design-vue";
+import { useSettingStore } from "/@/store/settings";
 
 const route = useRoute();
 const router = useRouter();
+const settingStore = useSettingStore();
 const oauthType = route.params.type as string;
-
-const query = route.query as Record<string, string>;
-
+const validationCode = route.query.validationCode as string;
+const forType = route.query.forType as string;
+const error = ref(route.query.error as string);
 const userStore = useUserStore();
 
 const bindRequired = ref(false);
 const bindCode = ref("");
 
-async function handleOauthCallback() {
+async function handleOauthToken() {
   //处理第三方登录回调
-  const res = await api.OauthCallback(oauthType, query);
+  const res = await api.OauthToken(oauthType, validationCode);
   if (res.token) {
     //登录成功
     userStore.onLoginSuccess(res);
@@ -49,13 +53,33 @@ async function handleOauthCallback() {
   }
   if (res.bindRequired) {
     //需要绑定
-    bindRequired.value = true;
     bindCode.value = res.validationCode;
+    //如果开启了自动注册，默认自动注册账号
+    if (settingStore.sysPublic.registerEnabled) {
+      autoRegister();
+    } else {
+      bindRequired.value = true;
+    }
   }
 }
 
 onMounted(async () => {
-  await handleOauthCallback();
+  if (error.value) {
+    return;
+  }
+
+  if (forType === "bind") {
+    //从用户中心页面，进行第三方账号的绑定
+    await api.BindUser(validationCode);
+    notification.success({
+      message: "绑定成功",
+    });
+    //跳转到首页
+    router.replace("/certd/mine/user-profile");
+    return;
+  }
+
+  await handleOauthToken();
 });
 
 async function goBindUser() {
@@ -83,7 +107,7 @@ async function autoRegister() {
   justify-content: center;
   align-items: center;
   gap: 16px;
-
+  width: 100%;
   .oauth-callback-content {
     display: flex;
     justify-content: center;
@@ -93,11 +117,14 @@ async function autoRegister() {
     border-radius: 16px;
     box-shadow: 0 0 16px rgba(0, 0, 0, 0.1);
     width: 500px;
+    max-width: 90%;
     margin: 0 auto;
     margin-top: 50px;
+    margin-bottom: 100px;
+    min-height: 200px;
 
     .oauth-callback-title {
-      font-size: 24px;
+      font-size: 16px;
       font-weight: 500;
     }
   }

packages/ui/certd-client/src/views/framework/oauth/oauth-footer.vue

@@ -1,45 +1,117 @@
 <template>
-  <div class="oauth-footer">
-    <div v-for="item in oauthList" :key="item.type">
-      <div class="oauth-icon-button pointer" @click="goOauthLogin(item.type)">
-        <el-icon :icon="item.icon" />
-        <span>{{ item.name }}</span>
-      </div>
+  <div class="oauth-footer relative">
+    <div class="oauth-title">
+      <div class="oauth-title-text">{{ computedTitle }}</div>
+    </div>
+    <div class="flex justify-center items-center gap-4">
+      <template v-for="item in oauthProviderList" :key="item.type">
+        <div v-if="item.addonId" class="oauth-icon-button pointer" @click="goOauthLogin(item.name)">
+          <div><fs-icon :icon="item.icon" class="text-blue-600 text-40" /></div>
+          <div class="ellipsis title" :title="item.addonTitle || item.title">{{ item.addonTitle || item.title }}</div>
+        </div>
+      </template>
     </div>
   </div>
 </template>
 <script setup lang="ts">
-import { ref } from "vue";
+import { computed, onMounted, ref } from "vue";
 import * as api from "./api";
+import { useI18n } from "vue-i18n";
+import { useSettingStore } from "/@/store/settings";
+import { useRoute } from "vue-router";
 
-const oauthList = ref([
-  {
-    name: "OIDC",
-    type: "oidc",
-    icon: "ion:oidc",
-  },
-]);
+const oauthProviderList = ref([]);
+const props = defineProps<{
+  oauthOnly?: boolean;
+}>();
+
+const { t } = useI18n();
+const computedTitle = computed(() => {
+  return props.oauthOnly ? t("authentication.oauthOnlyLoginTitle") : t("authentication.oauthLoginTitle");
+});
+
+const settingStore = useSettingStore();
+
+const route = useRoute();
+const queryOauthOnly = route.query.oauthOnly as string;
+onMounted(async () => {
+  oauthProviderList.value = await api.GetOauthProviders();
+  //如果开启了自动跳转登录
+  if (settingStore.sysPublic.oauthAutoRedirect && queryOauthOnly !== "false") {
+    const firstOauth = oauthProviderList.value.find(item => item.addonId > 0);
+    if (firstOauth) {
+      goOauthLogin(firstOauth.name);
+    }
+  }
+});
 
 async function goOauthLogin(type: string) {
   //获取第三方登录URL
-  const res = await api.OauthLogin(type);
+  const from = "web";
+  const res = await api.OauthLogin(type, from);
   const loginUrl = res.loginUrl;
   window.location.href = loginUrl;
 }
 </script>
 <style lang="less">
 .oauth-footer {
+  width: 100%;
   display: flex;
+  flex-direction: column;
   justify-content: center;
   align-items: center;
   gap: 16px;
+
+  .oauth-title {
+    width: 100%;
+    font-size: 14px;
+    font-weight: 500;
+    color: #8c8c8c;
+    position: relative;
+    .oauth-title-text {
+      position: relative;
+      z-index: 1;
+      text-align: center;
+      &::after {
+        content: "";
+        position: absolute;
+        top: 50%;
+        left: 0;
+        width: 36%;
+        height: 0.5px;
+        background-color: #8c8c8c;
+      }
+      &::before {
+        content: "";
+        position: absolute;
+        top: 50%;
+        right: 0;
+        width: 36%;
+        height: 0.5px;
+        background-color: #8c8c8c;
+      }
+    }
+  }
+
   .oauth-icon-button {
     display: flex;
+    flex-direction: column;
     justify-content: center;
     align-items: center;
     gap: 8px;
-    padding: 8px 16px;
+    padding: 8px 8px;
     border-radius: 100px;
+    width: 100px;
+
+    .title {
+      width: 100%;
+      text-align: center;
+    }
+    .fs-icon {
+      font-size: 36px;
+      color: #006be6;
+      margin: 0px !important;
+    }
   }
 }
 </style>

packages/ui/certd-client/src/views/sys/plugin/api.ts

@@ -93,6 +93,7 @@ export type PluginConfigBean = {
 export type CertApplyPluginSysInput = {
   googleCommonEabAccessId?: number;
   zerosslCommonEabAccessId?: number;
+  litesslCommonEabAccessId?: number;
 };
 export type PluginSysSetting<T> = {
   sysSetting: {

packages/ui/certd-client/src/views/sys/plugin/config-common.vue

@@ -26,6 +26,16 @@
           </div>
         </a-form-item>
 
+        <a-form-item label="公共litessl EAB授权" :name="['CertApply', 'sysSetting', 'input', 'litesslCommonEabAccessId']">
+          <access-selector v-model:model-value="formState.CertApply.sysSetting.input.litesslCommonEabAccessId" type="eab" from="sys"></access-selector>
+          <div class="helper">
+            <div>设置公共litessl EAB授权给用户使用，避免用户自己获取litessl EAB授权</div>
+            <div>
+              <a href="https://freessl.cn/automation/eab-manager">litessl EAB授权管理 </a>
+            </div>
+          </div>
+        </a-form-item>
+
         <a-form-item :wrapper-col="{ offset: 8, span: 16 }">
           <a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
         </a-form-item>

packages/ui/certd-client/src/views/sys/settings/api.ts

@@ -114,7 +114,7 @@ export async function GetSmsTypeDefine(type: string) {
 
 export async function GetOauthProviders() {
   return await request({
-    url: apiPrefix + "/oauth/providers",
+    url: "/oauth/providers",
     method: "post",
   });
 }

packages/ui/certd-client/src/views/sys/settings/index.vue

@@ -11,6 +11,9 @@
         <a-tab-pane key="register" :tab="t('certd.sys.setting.registerSetting')">
           <SettingRegister v-if="activeKey === 'register'" />
         </a-tab-pane>
+        <a-tab-pane key="oauth" :tab="t('certd.sys.setting.oauthSetting')">
+          <SettingOauth v-if="activeKey === 'oauth'" />
+        </a-tab-pane>
         <a-tab-pane v-if="settingsStore.isComm" key="payment" :tab="t('certd.sys.setting.paymentSetting')">
           <SettingPayment v-if="activeKey === 'payment'" />
         </a-tab-pane>
@@ -35,6 +38,7 @@ import SettingPayment from "/@/views/sys/settings/tabs/payment.vue";
 import SettingSafe from "/@/views/sys/settings/tabs/safe.vue";
 import SettingCaptcha from "/@/views/sys/settings/tabs/captcha.vue";
 import SettingPipeline from "/@/views/sys/settings/tabs/pipeline.vue";
+import SettingOauth from "/@/views/sys/settings/tabs/oauth.vue";
 import { useRoute, useRouter } from "vue-router";
 import { ref } from "vue";
 import { useSettingStore } from "/@/store/settings";
@@ -47,9 +51,7 @@ const settingsStore = useSettingStore();
 const activeKey = ref("base");
 const route = useRoute();
 const router = useRouter();
-if (route.query.tab) {
-  activeKey.value = (route.query.tab as string) || "base";
-}
+activeKey.value = (route.query.tab as string) || "base";
 
 function onChange(value: string) {
   // activeKey.value = value;
@@ -66,7 +68,7 @@ function onChange(value: string) {
 <style lang="less">
 .page-sys-settings {
   .sys-settings-form {
-    width: 800px;
+    width: 900px;
     max-width: 100%;
     padding: 20px;
   }

packages/ui/certd-client/src/views/sys/settings/tabs/oauth.vue

@@ -0,0 +1,151 @@
+<template>
+  <div class="sys-settings-form sys-settings-oauth">
+    <a-form :model="formState" name="register" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
+      <a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
+        <div class="flex-o">
+          <a-switch v-model:checked="formState.public.oauthEnabled" :disabled="!settingsStore.isPlus" :title="t('certd.plusFeature')" />
+          <vip-button class="ml-5" mode="button"></vip-button>
+        </div>
+      </a-form-item>
+      <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.sys.setting.oauthProviders')" :name="['public', 'oauthProviders']">
+        <div class="flex flex-wrap">
+          <table class="w-full table-auto border-collapse border border-gray-400">
+            <thead>
+              <tr>
+                <th class="border border-gray-300 px-4 py-2 w-1/3">{{ t("certd.sys.setting.oauthType") }}</th>
+                <th class="border border-gray-300 px-4 py-2 w-1/3">{{ t("certd.sys.setting.oauthCallback") }}</th>
+                <th class="border border-gray-300 px-4 py-2 w-1/3">{{ t("certd.sys.setting.oauthConfig") }}</th>
+              </tr>
+            </thead>
+            <tbody>
+              <tr v-for="(item, key) of oauthProviders" :key="key">
+                <td class="border border-gray-300 px-4 py-2">
+                  <div class="flex items-center" :title="item.desc">
+                    <fs-icon :icon="item.icon" class="mr-2 text-blue-600" />
+                    {{ item.title }}
+                  </div>
+                </td>
+                <td class="border border-gray-300 px-4 py-2 overflow-ellipsis" :title="t('certd.sys.setting.oauthCallbackHelper')">
+                  <fs-copyable :model-value="buildCallbackUrl(item.name)">
+                    {{ t("certd.sys.setting.oauthCallbackCopy") }}
+                  </fs-copyable>
+                </td>
+                <td class="border border-gray-300 px-4 py-2">
+                  <AddonSelector v-model:model-value="item.addonId" addon-type="oauth" from="sys" :type="item.name" :placeholder="t('certd.sys.setting.oauthProviderSelectorPlaceholder')" />
+                </td>
+              </tr>
+            </tbody>
+          </table>
+        </div>
+      </a-form-item>
+      <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.sys.setting.oauthOnly')" :name="['public', 'oauthOnly']">
+        <div class="flex-o">
+          <a-switch v-model:checked="formState.public.oauthOnly" :disabled="!settingsStore.isPlus" :title="t('certd.plusFeature')" />
+        </div>
+        <div class="helper">{{ t("certd.sys.setting.oauthOnlyHelper") }}</div>
+      </a-form-item>
+      <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.sys.setting.oauthAutoRedirect')" :name="['public', 'oauthAutoRedirect']">
+        <div class="flex-o">
+          <a-switch v-model:checked="formState.public.oauthAutoRedirect" :disabled="!settingsStore.isPlus" :title="t('certd.plusFeature')" />
+        </div>
+        <div class="helper">{{ t("certd.sys.setting.oauthAutoRedirectHelper") }}</div>
+      </a-form-item>
+      <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.sys.setting.oauthAutoRegister')" :name="['public', 'oauthAutoRegister']">
+        <div class="flex-o">
+          <a-switch
+            v-model:checked="formState.public.oauthAutoRegister"
+            :checked-children="t('certd.sys.setting.oauthAutoRegisterCheckedText')"
+            :un-checked-children="t('certd.sys.setting.oauthAutoRegisterUnCheckedText')"
+            :disabled="!settingsStore.isPlus"
+            :title="t('certd.plusFeature')"
+          />
+        </div>
+        <div class="helper">{{ t("certd.sys.setting.oauthAutoRegisterHelper") }}</div>
+      </a-form-item>
+      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 16 }">
+        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
+      </a-form-item>
+    </a-form>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { notification } from "ant-design-vue";
+import { merge } from "lodash-es";
+import { reactive, ref, Ref } from "vue";
+import AddonSelector from "../../../certd/addon/addon-selector/index.vue";
+import { useSettingStore } from "/@/store/settings";
+import * as api from "/@/views/sys/settings/api";
+import { SysSettings } from "/@/views/sys/settings/api";
+import { useI18n } from "/src/locales";
+const { t } = useI18n();
+
+defineOptions({
+  name: "SettingOauth",
+});
+
+const formState = reactive<Partial<SysSettings>>({
+  public: {},
+  private: {},
+});
+
+const oauthProviders = ref([]);
+async function loadOauthProviders() {
+  oauthProviders.value = await api.GetOauthProviders();
+}
+
+function fillOauthProviders(form: any) {
+  const providers: any = {};
+  for (const item of oauthProviders.value) {
+    const type = item.name;
+    providers[type] = {
+      type: type,
+      title: item.title,
+      icon: item.icon,
+      addonId: item.addonId || null,
+    };
+  }
+  form.public.oauthProviders = providers;
+  return providers;
+}
+
+async function loadSysSettings() {
+  const data: any = await api.SysSettingsGet();
+  merge(formState, data);
+
+  await loadOauthProviders();
+}
+
+const saveLoading = ref(false);
+loadSysSettings();
+const settingsStore = useSettingStore();
+const onFinish = async (form: any) => {
+  try {
+    saveLoading.value = true;
+    fillOauthProviders(form);
+    await api.SysSettingsSave(form);
+    await settingsStore.loadSysSettings();
+    notification.success({
+      message: t("certd.saveSuccess"),
+    });
+    await loadOauthProviders();
+  } finally {
+    saveLoading.value = false;
+  }
+};
+
+function buildCallbackUrl(type: string) {
+  return `${window.location.origin}/api/oauth/callback/${type}`;
+}
+</script>
+<style lang="less">
+.sys-settings-oauth {
+  width: 1000px !important;
+
+  .addon-selector {
+    .inner {
+      justify-content: space-between;
+    }
+  }
+}
+</style>

packages/ui/certd-client/src/views/sys/settings/tabs/register.vue

@@ -54,35 +54,7 @@
             <div class="helper">{{ t("certd.saveThenTest") }}</div>
           </a-form-item>
         </template>
-        <a-form-item :label="t('certd.enableOauth')" :name="['public', 'oauthEnabled']">
-          <div class="flex-o">
-            <a-switch v-model:checked="formState.public.oauthEnabled" :disabled="!settingsStore.isPlus" :title="t('certd.plusFeature')" />
-            <vip-button class="ml-5" mode="plus"></vip-button>
-          </div>
-        </a-form-item>
-        <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.oauthProviders')" :name="['public', 'oauthProviders']">
-          <div class="flex flex-wrap">
-            <table>
-              <tr>
-                <th>{{ t("certd.oauthType") }}</th>
-                <th>{{ t("certd.oauthConfig") }}</th>
-              </tr>
-              <tr v-for="(item, key) of oauthProviders" :key="key">
-                <td>
-                  <div class="flex items-center">
-                    <fs-icon :icon="item.icon" />
-                    {{ item.title }}
-                  </div>
-                </td>
-                <td>
-                  <AddonSelector v-model:model-value="item.addonId" addon-type="oauth" from="sys" :type="item.name" :placeholder="t('certd.clientIdPlaceholder')" />
-                </td>
-              </tr>
-            </table>
-          </div>
-        </a-form-item>
       </template>
-
       <a-form-item label=" " :colon="false" :wrapper-col="{ span: 16 }">
         <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
       </a-form-item>
@@ -91,14 +63,13 @@
 </template>
 
 <script setup lang="tsx">
-import { computed, reactive, ref, Ref } from "vue";
-import { GetSmsTypeDefine, SysSettings } from "/@/views/sys/settings/api";
-import * as api from "/@/views/sys/settings/api";
-import { merge } from "lodash-es";
-import { useSettingStore } from "/@/store/settings";
 import { notification } from "ant-design-vue";
+import { merge } from "lodash-es";
+import { reactive, ref, Ref } from "vue";
+import { useSettingStore } from "/@/store/settings";
+import * as api from "/@/views/sys/settings/api";
+import { SysSettings } from "/@/views/sys/settings/api";
 import { useI18n } from "/src/locales";
-import AddonSelector from "../../../certd/addon/addon-selector/index.vue";
 const { t } = useI18n();
 
 defineOptions({
@@ -185,35 +156,6 @@ async function loadTypeDefine(type: string) {
   smsTypeDefineInputs.value = inputs;
 }
 
-const oauthProviders = ref([]);
-async function loadOauthProviders() {
-  let list: any = await api.GetOauthProviders();
-  oauthProviders.value = list;
-  for (const item of list) {
-    debugger;
-    const type = item.name;
-    const provider = formState.public.oauthProviders?.[type];
-    if (provider) {
-      item.addonId = provider.addonId;
-    }
-  }
-}
-
-function fillOauthProviders(form: any) {
-  const providers: any = {};
-  for (const item of oauthProviders.value) {
-    const type = item.name;
-    providers[type] = {
-      type: type,
-      title: item.title,
-      icon: item.icon,
-      addonId: item.addonId || null,
-    };
-  }
-  form.public.oauthProviders = providers;
-  return providers;
-}
-
 async function loadSysSettings() {
   const data: any = await api.SysSettingsGet();
   merge(formState, data);
@@ -228,7 +170,6 @@ async function loadSysSettings() {
   if (!settingsStore.isComm) {
     formState.public.smsLoginEnabled = false;
   }
-  await loadOauthProviders();
 }
 
 const saveLoading = ref(false);
@@ -237,7 +178,6 @@ const settingsStore = useSettingStore();
 const onFinish = async (form: any) => {
   try {
     saveLoading.value = true;
-    fillOauthProviders(form);
     await api.SysSettingsSave(form);
     await settingsStore.loadSysSettings();
     notification.success({
@@ -249,6 +189,13 @@ const onFinish = async (form: any) => {
 };
 </script>
 <style lang="less">
-.sys-settings-site {
+.sys-settings-register {
+  width: 1000px !important;
+
+  .addon-selector {
+    .inner {
+      justify-content: space-between;
+    }
+  }
 }
 </style>

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,57 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Bug Fixes
+
+* oidc 支持nonce ([a5ca411](https://github.com/certd/certd/commit/a5ca41131b308b36b17ca359d9709ea8e9b7cee1))
+
+### Performance Improvements
+
+* 第三方登录支持gitee ([5cee7d4](https://github.com/certd/certd/commit/5cee7d44f17bd36972f477bc1f270999da558d05))
+* 邮件模版安全优化 ([adca151](https://github.com/certd/certd/commit/adca151e4f07a4c6a2a753bfa48ee0d4d6469fd2))
+* 支持部署到中国移动CDN ([4351304](https://github.com/certd/certd/commit/43513049beff407558d2a234415521464165cebc))
+* 支持k8s apply ([d55954a](https://github.com/certd/certd/commit/d55954a36391ebe6a9397ff7dcfb710193ac5e34))
+
+## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)
+
+**Note:** Version bump only for package @certd/ui-server
+
+## [1.37.13](https://github.com/certd/certd/compare/v1.37.12...v1.37.13) (2025-12-02)
+
+### Bug Fixes
+
+* 修复西部数据返回信息乱码问题 ([78b1650](https://github.com/certd/certd/commit/78b1650bdb071c858b3f90d53a700d11ee6de328))
+* 修复西部数码使用域名级别的key申请证书失败的问题 ([5edc72d](https://github.com/certd/certd/commit/5edc72d47550b8e3364dabda70a41cce75d87956))
+
+### Performance Improvements
+
+* 第三方登录允许选择logo ([bb3085e](https://github.com/certd/certd/commit/bb3085ef84201ccd2dc632ba8c5097cb00258be4))
+* 支持OIDC单点登录 ([fbf12f1](https://github.com/certd/certd/commit/fbf12f16b5eaa7676fd41923587bf6bd2595adba))
+
+## [1.37.12](https://github.com/certd/certd/compare/v1.37.11...v1.37.12) (2025-11-29)
+
+### Bug Fixes
+
+* 修复waf tls版本号小写 ([0adcc6a](https://github.com/certd/certd/commit/0adcc6a8d194469be0c26940ed4837fb34929b68))
+
+### Performance Improvements
+
+* 支持微信扫码登录 ([73325aa](https://github.com/certd/certd/commit/73325aaefb0e750a22aaac40929e7bf3f5864996))
+
+## [1.37.11](https://github.com/certd/certd/compare/v1.37.10...v1.37.11) (2025-11-28)
+
+### Bug Fixes
+
+* 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题 ([2fabee6](https://github.com/certd/certd/commit/2fabee647acf64afe689f5bea3603028cd0ba4a2))
+* 修复域名管理无法创建tencent-eo dns授权的bug ([3406bb5](https://github.com/certd/certd/commit/3406bb5a4a56bb310cddc1a1f410c70909fd129b))
+
+### Performance Improvements
+
+* 优化天翼云cdn 等待5秒部署完成 ([53c88ad](https://github.com/certd/certd/commit/53c88ad5afe66a3f7c38b9b759747918913a4edc))
+* 支持oidc单点登录 ([ec75afb](https://github.com/certd/certd/commit/ec75afbc44139dbe9da534d8a8c08a5b91f86d3c))
+
 ## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
 
 ### Performance Improvements

packages/ui/certd-server/db/migration-mysql/v10034__oauth_bound.sql

@@ -0,0 +1,14 @@
+
+CREATE TABLE `cd_oauth_bound`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `type`        varchar(512) NOT NULL,
+  `open_id`     varchar(512) NOT NULL,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_oauth_bound_user_id` ON `cd_oauth_bound` (`user_id`);
+CREATE INDEX `index_oauth_bound_open_id` ON `cd_oauth_bound` (`open_id`);

packages/ui/certd-server/db/migration-pg/v10034__oauth_bound.sql

@@ -0,0 +1,14 @@
+
+CREATE TABLE "cd_oauth_bound"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "type"        varchar(512) NOT NULL,
+  "open_id"     varchar(512) NOT NULL,
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_oauth_bound_user_id" ON "cd_oauth_bound" ("user_id");
+CREATE INDEX "index_oauth_bound_open_id" ON "cd_oauth_bound" ("open_id");

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.37.10",
+  "version": "1.37.15",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -45,20 +45,20 @@
     "@aws-sdk/client-cloudfront": "^3.699.0",
     "@aws-sdk/client-iam": "^3.699.0",
     "@aws-sdk/client-s3": "^3.705.0",
-    "@certd/acme-client": "^1.37.10",
-    "@certd/basic": "^1.37.10",
-    "@certd/commercial-core": "^1.37.10",
+    "@certd/acme-client": "^1.37.15",
+    "@certd/basic": "^1.37.15",
+    "@certd/commercial-core": "^1.37.15",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.37.10",
-    "@certd/lib-huawei": "^1.37.10",
-    "@certd/lib-k8s": "^1.37.10",
-    "@certd/lib-server": "^1.37.10",
-    "@certd/midway-flyway-js": "^1.37.10",
-    "@certd/pipeline": "^1.37.10",
-    "@certd/plugin-cert": "^1.37.10",
-    "@certd/plugin-lib": "^1.37.10",
-    "@certd/plugin-plus": "^1.37.10",
-    "@certd/plus-core": "^1.37.10",
+    "@certd/jdcloud": "^1.37.15",
+    "@certd/lib-huawei": "^1.37.15",
+    "@certd/lib-k8s": "^1.37.15",
+    "@certd/lib-server": "^1.37.15",
+    "@certd/midway-flyway-js": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
+    "@certd/plugin-cert": "^1.37.15",
+    "@certd/plugin-lib": "^1.37.15",
+    "@certd/plugin-plus": "^1.37.15",
+    "@certd/plus-core": "^1.37.15",
     "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.120",
     "@huaweicloud/huaweicloud-sdk-core": "^3.1.120",
     "@koa/cors": "^5.0.0",

packages/ui/certd-server/src/controller/basic/login/oauth-controller.ts

@@ -1,14 +1,15 @@
-import { addonRegistry, BaseController, Constants, SysInstallInfo, SysSettingsService } from "@certd/lib-server";
-import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
-import { AddonGetterService } from "../../../modules/pipeline/service/addon-getter-service.js";
-import { IOauthProvider } from "../../../plugins/plugin-oauth/api.js";
-import { LoginService } from "../../../modules/login/service/login-service.js";
+import { logger, simpleNanoId, utils } from "@certd/basic";
+import { addonRegistry, AddonService, BaseController, Constants, SysInstallInfo, SysSettingsService } from "@certd/lib-server";
+import { checkPlus } from "@certd/plus-core";
+import { ALL, Body, Controller, Get, Inject, Param, Post, Provide, Query } from "@midwayjs/core";
 import { CodeService } from "../../../modules/basic/service/code-service.js";
-import { UserService } from "../../../modules/sys/authority/service/user-service.js";
-import { UserEntity } from "../../../modules/sys/authority/entity/user.js";
-import { simpleNanoId } from "@certd/basic";
-import { OauthBoundService } from "../../../modules/login/service/oauth-bound-service.js";
 import { OauthBoundEntity } from "../../../modules/login/entity/oauth-bound.js";
+import { LoginService } from "../../../modules/login/service/login-service.js";
+import { OauthBoundService } from "../../../modules/login/service/oauth-bound-service.js";
+import { AddonGetterService } from "../../../modules/pipeline/service/addon-getter-service.js";
+import { UserEntity } from "../../../modules/sys/authority/entity/user.js";
+import { UserService } from "../../../modules/sys/authority/service/user-service.js";
+import { IOauthProvider } from "../../../plugins/plugin-oauth/api.js";
 
 /**
  */
@@ -30,6 +31,9 @@ export class ConnectController extends BaseController {
   @Inject()
   oauthBoundService: OauthBoundService;
 
+  @Inject()
+  addonService: AddonService;
+
 
 
   private async getOauthProvider(type: string) {
@@ -50,39 +54,103 @@ export class ConnectController extends BaseController {
   }
 
   @Post('/login', { summary: Constants.per.guest })
-  public async login(@Body(ALL) body: { type: string }) {
+  public async login(@Body(ALL) body: { type: string, forType?:string ,from?:string }) {
 
     const addon = await this.getOauthProvider(body.type);
     const installInfo = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo);
     const bindUrl = installInfo?.bindUrl || "";
     //构造登录url
-    const redirectUrl = `${bindUrl}#/oauth/callback/${body.type}`;
-    const loginUrl = await addon.buildLoginUrl({ redirectUri: redirectUrl });
-    return this.ok({loginUrl});
+    const redirectUrl = `${bindUrl}api/oauth/callback/${body.type}`;
+    const { loginUrl, ticketValue } = await addon.buildLoginUrl({ redirectUri: redirectUrl, forType: body.forType ,from: body.from || "web" });
+    const ticket = this.codeService.setValidationValue(ticketValue)
+    this.ctx.cookies.set("oauth_ticket", ticket, {
+      httpOnly: true,
+      // secure: true,
+      // sameSite: "strict",
+    })
+    return this.ok({ loginUrl, ticket });
   }
-  @Post('/callback', { summary: Constants.per.guest })
-  public async callback(@Body(ALL) body: any) {
+  @Get('/callback/:type', { summary: Constants.per.guest })
+  public async callback(@Param('type') type: string, @Query() query: Record<string, string>) {
+
+    checkPlus()
+
     //处理登录回调
-    const addon = await this.getOauthProvider(body.type);
-    const tokenRes = await addon.onCallback({
-      code: body.code,
-      state: body.state,
-    });
+    const addon = await this.getOauthProvider(type);
+    const request = this.ctx.request;
+    // const ticketValue = this.codeService.getValidationValue(ticket);
+    // if (!ticketValue) {
+    //   throw new Error("登录ticket已过期");
+    // }
 
-    const userInfo = tokenRes.userInfo;
+    const ticket = this.ctx.cookies.get("oauth_ticket");
+    if (!ticket) {
+      throw new Error("ticket已过期");
+    }
+    const ticketValue = this.codeService.getValidationValue(ticket);
+    if (!ticketValue) {
+      throw new Error("ticketValue已过期");
+    }
 
-    const openId = userInfo.openId;
+    const installInfo = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo);
+    const bindUrl = installInfo?.bindUrl || "";
+    const currentUrl = `${bindUrl}api/oauth/callback/${type}?${request.querystring}`
+    try {
+      const tokenRes = await addon.onCallback({
+        code: query.code,
+        state: query.state,
+        ticketValue,
+        currentURL: new URL(currentUrl)
+      });
+
+      const userInfo = tokenRes.userInfo;
 
-    const loginRes = await this.loginService.loginByOpenId({ openId, type: body.type });
-    if (loginRes == null) {
-      // 用户还未绑定，让用户选择绑定已有账号还是自动注册新账号
       const validationCode = await this.codeService.setValidationValue({
-        type: body.type,
+        type,
         userInfo,
       });
+
+      const state = JSON.parse(utils.hash.base64Decode(query.state));
+
+      const redirectUrl = `${bindUrl}#/oauth/callback/${type}?validationCode=${validationCode}&forType=${state.forType}`;
+      this.ctx.redirect(redirectUrl);
+    } catch (err) {
+      logger.error(err);
+      this.ctx.redirect(`${bindUrl}#/oauth/callback/${type}?error=${err.error_description || err.message}`);
+    }
+
+  }
+
+  @Post('/getLogoutUrl', { summary: Constants.per.guest })
+  public async logout(@Body(ALL) body: any) {
+    checkPlus()
+    const addon = await this.getOauthProvider(body.type);
+    const { logoutUrl } = await addon.buildLogoutUrl(body);
+    return this.ok({ logoutUrl });
+  }
+
+
+  @Post('/token', { summary: Constants.per.guest })
+  public async token(@Body(ALL) body: { validationCode: string, type: string }) {
+    checkPlus()
+    const validationValue = await this.codeService.getValidationValue(body.validationCode);
+    if (!validationValue) {
+      throw new Error("校验码错误");
+    }
+
+    const type = validationValue.type;
+    if (type !== body.type) {
+      throw new Error("校验码错误");
+    }
+    const userInfo = validationValue.userInfo;
+    const openId = userInfo.openId;
+
+    const loginRes = await this.loginService.loginByOpenId({ openId, type });
+    if (loginRes == null) {
+
       return this.ok({
         bindRequired: true,
-        validationCode,
+        validationCode: body.validationCode,
       });
     }
 
@@ -90,22 +158,6 @@ export class ConnectController extends BaseController {
     return this.ok(loginRes);
   }
 
-  @Post('/bind', { summary: Constants.per.loginOnly })
-  public async bind(@Body(ALL) body: any) {
-    //需要已登录
-    const userId = this.getUserId();
-    const validationValue = this.codeService.getValidationValue(body.validationCode);
-    if (!validationValue) {
-      throw new Error("校验码错误");
-    }
-
-    await this.oauthBoundService.bind({
-      userId,
-      type: body.type,
-      openId: validationValue.openId,
-    });
-    return this.ok(1);
-  }
 
   @Post('/autoRegister', { summary: Constants.per.guest })
   public async autoRegister(@Body(ALL) body: { validationCode: string, type: string }) {
@@ -117,12 +169,12 @@ export class ConnectController extends BaseController {
     const userInfo = validationValue.userInfo;
     const oauthType = validationValue.type;
     let newUser = new UserEntity()
-    newUser.username = `${oauthType}:_${userInfo.nickName}_${simpleNanoId(6)}`;
+    newUser.username = `${oauthType}_${userInfo.nickName}_${simpleNanoId(6)}`;
     newUser.avatar = userInfo.avatar;
-    newUser.nickName = userInfo.nickName;
+    newUser.nickName = userInfo.nickName || simpleNanoId(6);
 
     newUser = await this.userService.register("username", newUser, async (txManager) => {
-      const oauthBound : OauthBoundEntity = new OauthBoundEntity()
+      const oauthBound: OauthBoundEntity = new OauthBoundEntity()
       oauthBound.userId = newUser.id;
       oauthBound.type = oauthType;
       oauthBound.openId = userInfo.openId;
@@ -133,6 +185,26 @@ export class ConnectController extends BaseController {
     return this.ok(loginRes);
   }
 
+
+  @Post('/bind', { summary: Constants.per.loginOnly })
+  public async bind(@Body(ALL) body: any) {
+    //需要已登录
+    const userId = this.getUserId();
+    const validationValue = this.codeService.getValidationValue(body.validationCode);
+    if (!validationValue) {
+      throw new Error("校验码错误");
+    }
+    const type = validationValue.type;
+    const userInfo = validationValue.userInfo;
+    const openId = userInfo.openId;
+    await this.oauthBoundService.bind({
+      userId,
+      type,
+      openId,
+    });
+    return this.ok(1);
+  }
+
   @Post('/unbind', { summary: Constants.per.loginOnly })
   public async unbind(@Body(ALL) body: any) {
     //需要已登录
@@ -144,10 +216,53 @@ export class ConnectController extends BaseController {
     return this.ok(1);
   }
 
-  @Post('/providers', { summary: Constants.per.guest })
-  public async providers() {
-    const list = addonRegistry.getDefineList("oauth");
-    return this.ok(list);
+   @Post('/bounds', { summary: Constants.per.loginOnly })
+  public async bounds(@Body(ALL) body: any) {
+    //需要已登录
+    const userId = this.getUserId();
+    const bounds = await this.oauthBoundService.find({
+      where :{
+        userId,
+      }
+    });
+    return this.ok(bounds);
   }
 
+
+   @Post('/providers', { summary: Constants.per.guest })
+  public async providers() {
+    const defineList = addonRegistry.getDefineList("oauth");
+
+    const publicSetting = await this.sysSettingsService.getPublicSettings();
+    const oauthProviders = publicSetting.oauthProviders || {};
+    const list = [];
+
+    for (const item of defineList) {
+      const type = item.name 
+      const conf = oauthProviders[type];
+      const provider:any = {
+        ...item,
+      }
+      delete provider.input
+      if (conf && conf.addonId) {
+        const addonEntity = await this.addonService.info(conf.addonId);
+        if (addonEntity) {
+          provider.addonId = conf.addonId;
+          provider.addonTitle = addonEntity.name;
+
+          const addon = await this.addonGetterService.getAddonById(conf.addonId,true,0);
+          const {logoutUrl} = await addon.buildLogoutUrl();
+          if (logoutUrl){
+            provider.logoutUrl = logoutUrl;
+          }
+          if(addon.icon){
+            provider.icon = addon.icon;
+          }
+        }
+      }
+      list.push(provider);
+    }
+
+    return this.ok(list);
+  }
 }

packages/ui/certd-server/src/modules/login/service/oauth-bound-service.ts

@@ -44,8 +44,11 @@ export class OauthBoundService extends BaseService<OauthBoundEntity> {
         type,
       },
     });
-    if (exist) {
-      throw new Error('该第三方账号已绑定用户');
+    if (exist ) {
+      if(exist.userId === userId){
+        return;
+      }
+      throw new Error('该第三方账号已绑定其他用户');
     }
 
     const exist2 = await this.repository.findOne({

packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts

@@ -225,6 +225,7 @@ export class UserService extends BaseService<UserEntity> {
 
     await this.transaction(async txManager => {
       newUser = await txManager.save(newUser);
+      user.id = newUser.id;
       const userRole: UserRoleEntity = UserRoleEntity.of(newUser.id, Constants.role.defaultUser);
       await txManager.save(userRole);
 

packages/ui/certd-server/src/plugins/index.ts

@@ -39,3 +39,4 @@ export * from './plugin-captcha/index.js'
 export * from './plugin-xinnet/index.js'
 export * from './plugin-xinnetconnet/index.js'
 export * from './plugin-oauth/index.js'
+export * from './plugin-cmcc/index.js'

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts

@@ -99,27 +99,39 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
 
 
   @TaskInput({
-      title: "部署证书类型",
-      value: "default",
-      component: {
-        name: "a-select",
-        vModel: "value",
-        options: [
-          {
-            label: "默认证书",
-            value: "default"
-          },
-          {
-            label: "扩展证书",
-            value: "extension"
-          }
-        ]
-      },
-      required: true
-    }
+    title: "部署证书类型",
+    value: "default",
+    component: {
+      name: "a-select",
+      vModel: "value",
+      options: [
+        {
+          label: "默认证书",
+          value: "default"
+        },
+        {
+          label: "扩展证书",
+          value: "extension"
+        }
+      ]
+    },
+    required: true
+  }
   )
   deployType: string = "default";
 
+  @TaskInput({
+    title: "是否清理过期证书",
+    value: true,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+    required: true
+  }
+  )
+  clearExpiredCert: boolean;
+
 
   async onInstance() {
   }
@@ -155,17 +167,18 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
       const client = await this.getLBClient(access, this.regionId);
       await this.deployDefaultCert(certId, client);
     }
-    this.logger.info(`准备开始清理过期证书`);
-    await this.ctx.utils.sleep(30000)
-    for (const listener of this.listeners) {
-      try{
-        await this.clearInvalidCert(albClientV2, listener);
-      }catch(e){
-        this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+    if (this.clearExpiredCert!==false) {
+      this.logger.info(`准备开始清理过期证书`);
+      await this.ctx.utils.sleep(30000)
+      for (const listener of this.listeners) {
+        try {
+          await this.clearInvalidCert(albClientV2, listener);
+        } catch (e) {
+          this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+        }
       }
     }
 
-
     this.logger.info("执行完成");
   }
 
@@ -247,7 +260,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
       if (item.IsDefault) {
         continue;
       }
-      certIds.push( parseInt(item.CertificateId));
+      certIds.push(parseInt(item.CertificateId));
     }
     this.logger.info(`监听器${listener}绑定的证书${certIds}`);
     //检查是否过期，过期则删除

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-waf/index.ts

@@ -90,6 +90,35 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
   )
   cnameDomains!: string[];
 
+
+  @TaskInput({
+    title: 'TLS版本',
+    value: 'tlsv1.2',
+    component: {
+      name: 'a-select',
+      options: [
+        { value: 'tlsv1', label: 'TLSv1' },
+        { value: 'tlsv1.1', label: 'TLSv1.1' },
+        { value: 'tlsv1.2', label: 'TLSv1.2' },
+      ],
+    },
+    required: true,
+  })
+  tlsVersion!: string;
+
+    @TaskInput({
+    title: '启用TLSv3',
+    value: true,
+    component: {
+      name: 'a-switch',
+      vModel: 'checked',
+    },
+    required: true,
+  })
+  enableTLSv3!: boolean;
+
+
+
   async onInstance() {}
 
   async getWafClient(access: AliyunAccess) {
@@ -163,6 +192,8 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
         Redirect: JSON.stringify(redirect),
         Listen: JSON.stringify(listen),
         Domain: siteDomain,
+        TLSVersion: this.tlsVersion || 'tlsv1.2',
+        EnableTLSv3: this.enableTLSv3 ?? true,
       };
       const res = await client.request('ModifyDomain', updateParams);
       this.logger.info('部署成功', JSON.stringify(res));

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts

@@ -24,10 +24,10 @@ const regionDict = [
 
 @IsTaskPlugin({
   name: 'uploadCertToAliyun',
-  title: '阿里云-上传证书到阿里云CAS',
+  title: '阿里云-上传证书到CAS',
   icon: 'svg:icon-aliyun',
   group: pluginGroups.aliyun.key,
-  desc: '上传证书到阿里云数字证书管理服务（CAS），注意：不会部署到任何应用上；如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
+  desc: '上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
   default: {
     strategy: {
       runStrategy: RunStrategy.SkipWhenSucceed,

packages/ui/certd-server/src/plugins/plugin-cmcc/access.ts

@@ -0,0 +1,66 @@
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+import { CmccClient } from "./cmcc-client.js";
+
+/**
+ * 
+ *  tenantId: string;
+  tenantKey: string;
+  endpoint?: string;
+ */
+@IsAccess({
+  name: "cmcc",
+  title: "中国移动CND授权",
+  desc: "",
+  icon: "clarity:plugin-line"
+})
+export class CmccAccess extends BaseAccess {
+
+  @AccessInput({
+    title: 'TenantID',
+    component: {
+      placeholder: 'TenantID',
+    },
+    required: true,
+  })
+  tenantId = '';
+
+
+  @AccessInput({
+    title: 'TenantKey',
+    component: {
+      placeholder: 'TenantKey',
+    },
+    required: true,
+    encrypt: true,
+  })
+  tenantKey = '';
+
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "点击测试接口是否正常"
+  })
+  testRequest = true;
+
+  async onTestRequest() {
+    const client = await this.getCmccClient()
+    await client.getDomainList({})
+    return "ok"
+  }
+
+  async getCmccClient() {
+    return new CmccClient({
+      tenantId: this.tenantId,
+      tenantKey: this.tenantKey,
+      http: this.ctx.http,
+      logger: this.ctx.logger,
+    })
+  }
+}
+
+
+new CmccAccess();

packages/ui/certd-server/src/plugins/plugin-cmcc/cmcc-client.ts

@@ -0,0 +1,405 @@
+import { HttpClient, ILogger } from '@certd/basic';
+import { CertInfo, CertReader } from '@certd/plugin-cert';
+import * as crypto from 'crypto';
+export interface CmcdnConfig {
+  tenantId: string;
+  tenantKey: string;
+  endpoint?: string;
+
+  http: HttpClient;
+  logger: ILogger;
+}
+/**
+ * 移动CDN平台SDK
+ */
+export class CmccClient {
+  private config: Required<CmcdnConfig>;
+  private token: string | null = null;
+  private tokenExpiresAt: number | null = null;
+  private http: HttpClient;
+  private logger: ILogger;
+
+  /**
+   * 构造函数
+   * @param config 配置信息
+   */
+  constructor(config: CmcdnConfig) {
+    this.config = {
+      endpoint: 'https://p.cdn.10086.cn/',
+      ...config,
+    };
+    this.http = config.http
+    this.logger = config.logger;
+
+    if (!this.config.tenantId) {
+      throw new Error('tenantId is required');
+    }
+
+    if (!this.config.tenantKey) {
+      throw new Error('tenantKey is required');
+    }
+  }
+
+  /**
+   * 生成SHA256哈希
+   * @param data 输入数据
+   * @returns SHA256哈希值
+   */
+  private sha256Hex(data: string): string {
+    return crypto.createHash('sha256').update(data).digest('hex');
+  }
+
+  /**
+   * 获取当前ISO8601格式时间
+   * @returns ISO8601时间字符串
+   */
+  private getCurrentIsoTime(): string {
+    return new Date().toISOString();
+  }
+
+  /**
+   * 生成认证请求签名
+   * @param datetime 请求时间
+   * @returns 签名
+   */
+  private generateAuthSign(datetime: string): string {
+    const signData = `${this.config.tenantId}${datetime}${this.config.tenantKey}`;
+    return this.sha256Hex(signData);
+  }
+
+  /**
+   * 生成API请求签名
+   * @param body 请求体
+   * @param token 认证token
+   * @returns 签名
+   */
+  private generateApiSign(body: any, token: string): string {
+    const bodyStr = body ? JSON.stringify(body) : '';
+    return this.sha256Hex(bodyStr + token);
+  }
+
+  /**
+   * 检查token是否有效
+   * @returns token是否有效
+   */
+  private isTokenValid(): boolean {
+    if (!this.token || !this.tokenExpiresAt) {
+      return false;
+    }
+    return Date.now() < this.tokenExpiresAt;
+  }
+
+
+
+  /**
+   * 获取认证token
+   * @returns 认证token
+   */
+  async getToken(): Promise<string> {
+    // 检查是否有有效的token
+    if (this.isTokenValid()) {
+      return this.token!;
+    }
+
+    const datetime = this.getCurrentIsoTime();
+    const sign = this.generateAuthSign(datetime);
+
+    const authRequest = {
+      datetime,
+      authorization: {
+        tenant_id: this.config.tenantId,
+        sign,
+      },
+    };
+
+    const response = await this.http.request({
+      baseURL: this.config.endpoint,
+      url: '/api/authentication',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Accept': 'application/json',
+      },
+      data: authRequest,
+      skipSslVerify: true,
+      logParams: false,
+      logRes: false,
+      logData: false
+    });
+
+    this.token = response.token;
+    // Token有效期为12小时
+    this.tokenExpiresAt = Date.now() + 12 * 60 * 60 * 1000;
+    return this.token;
+  }
+
+  /**
+   * 调用API
+   * @param req 请求选项
+   * @returns API响应
+   */
+  async doRequest(req: any): Promise<any> {
+    // 获取有效的token
+    const token = await this.getToken();
+
+    // 设置默认headers
+    const defaultHeaders: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'Accept': 'application/vnd.cmcdn+json',
+      'CMCDN-Auth-Token': token,
+    };
+
+    // 生成签名
+    if (req.method === 'POST' || req.method === 'PUT') {
+      const signature = this.generateApiSign(req.data, token);
+      defaultHeaders['HTTP-X-CMCDN-Signature'] = signature;
+    } else {
+      const signature = this.sha256Hex(token);
+      defaultHeaders['HTTP-X-CMCDN-Signature'] = signature;
+    }
+
+    // 合并自定义headers
+    const headers = { ...defaultHeaders, ...req.headers };
+
+    // 发送请求
+    try {
+      const response = await this.http.request({
+        baseURL: this.config.endpoint,
+        url: req.url,
+        method: req.method,
+        headers: headers,
+        data: req.data,
+        skipSslVerify: true,
+        logParams: false,
+        logRes: false,
+        logData: false
+      });
+      if (response.error_code != 0) {
+        this.logger.error(`接口请求失败,${JSON.stringify(response)}`);
+        throw new Error(response.error_msg || "接口请求失败");
+      }
+
+      return response.data;
+    } catch (error) {
+      this.logger.error(`接口请求失败,${error.response?.data?.error_msg || error.message}`);
+      throw new Error(error.response?.data?.error_msg || error.message);
+    }
+  }
+  /**
+   * 清除token
+   */
+  clearToken(): void {
+    this.token = null;
+    this.tokenExpiresAt = null;
+  }
+
+  /**
+   * 获取当前token
+   * @returns 当前token
+   */
+  getCurrentToken(): string | null {
+    return this.token;
+  }
+
+  /**
+   * 
+  域名列表查询
+  本接口由 CDN 运营平台提供 ，所有外部 EC 客户使用。该接口为客户提供该客户各状态域名列表查询。本接口仅支持 JSON 结构。
+  
+  7.1  目录信息
+  
+  
+  /api/domain_list?domainName =${domainName}&domainStatus =${domainStatus}
+  
+  
+  
+  7.2  请求方法
+  
+  GET
+  
+  
+  
+  7.3  响应状态码
+  
+  请求接收成功 ：201 ， body 内容详见下一节；
+  授权错误 ：403；
+  请求错误 ：400；
+  其他 ：见 1.2.5 状态码。
+  
+  
+  7.4  JSON 结构规范
+  7.4.1 请求 URI 参数
+  
+  序号	父元素	元素名称	约束	类型	长度	描述
+  1		domainName	?	String		域名模糊匹配过滤
+  
+  
+  
+  2		domainStatus	?	String		域名状态过滤online：启用
+  offline：停用
+  configuring：配置中
+  configure_failed ：配置失败
+  
+  
+  7.4.2 请求 URI 示例
+  GET： http://xxx.com/api/domain_list?domainName=www.test.com&domainStatus=online
+  
+  
+  
+  7.4.3  响应数据体
+  
+  
+  
+  序号	父元	元素名称	约束	类型	长度	描述
+  1		data	1	array		查询结果
+  2	data	domainName	1	String		加速域名名称
+  3	data	createTime	1	datetime		加速域名创建时间(2017-07-25  17:45:52)
+  4	data	cname	*	String		加速域名对应的 CNAME 域名
+  5	data	type	*	String		域名产品类型：
+  demand:点播产品(视音频/网页、下载);
+  live:直播产品
+  6	data	status	*	String		域名状态：启用
+  停用
+  配置中
+  配置失败待分发
+  已生效启用中
+  删除中
+  
+  
+  7.4.4  响应报文示例
+  
+  
+  {
+  "data": [{
+  "createTime": "2017-07-25 17:45:52",
+  "domainName": "www.ponshine.com",
+  "cname": "www.ponshine.com.cmcdn.cdn.10086.cn", "type ": "demand"
+  },
+  {
+  "createTime": "2018-11-07 22:09:41",
+  "domainName": "www.testcustom.com",
+  "cname": "www.testcustom.com.cmcdn.cdn.10086.cn", "type ": "live"
+  }
+  ]
+  }
+   */
+  async getDomainList(req: { domainName?: string, domainStatus?: string }) {
+
+    const res = await this.doRequest({
+      url: "/api/domain_list",
+      method: "GET",
+      params: {
+        domainName: req.domainName,
+        domainStatus: req.domainStatus,
+      }
+    })
+
+    this.logger.info("getDomainList", res);
+
+    return res.data;
+  }
+
+  /**
+   * /api/config/action?commandType =saveCrt&version =1
+  12.1.2 请求方法
+  新增 POST
+  修改 PUT
+  12.1.3 响应状态码
+  请求接收成功： 200/201 ， body内容详见下一节；
+  授权错误 ：403；
+  请求错误 ：400；
+  其他 ：见1.2.5状态码。
+  12.1.4 JSON 结构规范
+  12.1.4.1请求数据体
+  
+  参数	说明	类型	约束
+  
+  
+  
+  certificate	证书 ，仅支持 PEM 格式，
+  证书内的换行符使用字符串“\n”代替
+  内容如需加密传输可使用
+  PBEWith MD5And DES 加密 ，秘钥将私下
+  提供	
+  
+  
+  string	
+  
+  
+  必选
+  
+  
+  
+  private_key	私钥 ，仅支持 PEM 格式，
+  私钥内的换行符使用字符串“\n”代替
+  内容如需加密传输可使用
+  PBEWith MD5And DES 加密 ，秘钥将私下
+  提供	
+  
+  
+  string	
+  
+  
+  必选
+  
+  crt_name	证书名称 ，不支持修改 ，有传 unique_id
+  时不需要
+  (仅支持英文字母、数字、下划线 ，最大长	
+  string	
+  必选
+  
+  
+  
+    度为 32 个字符)		
+  
+  unique_id	证书唯一 id ，修改证书时该项必选；
+  修改证书时 ，如历史证书已绑定域名，
+  修改后证书也需支持对应域名	
+  string	
+  修改必选
+  contact_name	证书联系人	string	可选
+  contact_mobile	证书联系人手机号	string	可选
+  contact_email	证书联系人邮箱	string	可选
+  
+  12.1.4.2请求报文示例
+   */
+  async uploadCert(req: { cert: CertInfo }) {
+
+    const certReader = new CertReader(req.cert);
+    const res = await this.doRequest({
+      url: "/api/config/action?commandType=saveCrt&version=1",
+      method: "POST",
+      data: {
+        certificate: req.cert.crt,
+        private_key: req.cert.key,
+        crt_name: certReader.buildCertName(),
+      }
+    })
+
+    this.logger.info("uploadCert", res);
+
+    return res;
+  }
+
+  /**
+   * 
+   * @param req 
+   */
+  async deployCertToCdn(req: { domainNames: string[], certId: string }) {
+    // /api/config/action?commandType = manageDomainBaseConfig&version = 1
+    const res = await this.doRequest({
+      url: "/api/config/action?commandType=manageDomainBaseConfig&version=1",
+      method: "PUT",
+      data: {
+        modify_type: 0,
+        domains: req.domainNames,
+        https_enable: true,
+        unique_id: req.certId,
+      }
+    })
+    this.logger.info("deployCertToCdn", res);
+
+    return res.data;
+  }
+
+}

packages/ui/certd-server/src/plugins/plugin-cmcc/index.ts

@@ -0,0 +1,2 @@
+export * from './access.js'
+export * from './plugin-deploy-to-cdn.js'

packages/ui/certd-server/src/plugins/plugin-cmcc/plugin-deploy-to-cdn.ts

@@ -0,0 +1,126 @@
+import {
+  IsTaskPlugin,
+  PageSearch,
+  pluginGroups,
+  RunStrategy,
+  TaskInput
+} from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import { AbstractPlusTaskPlugin } from "@certd/plugin-plus";
+import { CmccAccess } from "./access.js";
+
+@IsTaskPlugin({
+  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
+  name: "CmccDeployCertToCdn",
+  title: "中国移动-部署证书到CDN",
+  desc: "中国移动自动部署证书到CDN",
+  icon: "svg:icon-lucky",
+  //插件分组
+  group: pluginGroups.cdn.key,
+  needPlus: true,
+  default: {
+    //默认值配置照抄即可
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+//类名规范，跟上面插件名称（name）一致
+export class CmccDeployCertToCdn extends AbstractPlusTaskPlugin {
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    }
+    // required: true, // 必填
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  //授权选择框
+  @TaskInput({
+    title: "中国移动-授权",
+    component: {
+      name: "access-selector",
+      type: "cmcc" //固定授权类型
+    },
+    required: true //必填
+  })
+  accessId!: string;
+  //
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "加速域名",
+      helper: "要更新的中国移动CDN域名",
+      action: CmccDeployCertToCdn.prototype.onGetDomainList.name,
+      pager: false,
+      search: false
+    })
+  )
+  domainList!: string[];
+
+  //插件实例化时执行的方法
+  async onInstance() {
+  }
+
+  //插件执行方法
+  async execute(): Promise<void> {
+    const access = await this.getAccess<CmccAccess>(this.accessId);
+
+    const client = await access.getCmccClient();
+    this.logger.info(`----------- 开始更新证书：${this.domainList}`);
+
+
+    const newCert = await client.uploadCert({
+      cert: this.cert
+    })
+
+    const certId = newCert.unique_id
+    this.logger.info(`----------- 上传证书成功,证书ID:${certId}`);
+
+    await client.deployCertToCdn({
+      certId: certId,
+      domainNames: this.domainList
+    });
+    this.logger.info(`----------- 更新证书${this.domainList}成功,等待10s`);
+    await this.ctx.utils.sleep(10000);
+    this.logger.info("部署完成");
+  }
+
+  async onGetDomainList(data: PageSearch = {}) {
+    const access = await this.getAccess<CmccAccess>(this.accessId);
+    const client= await access.getCmccClient();
+    const res = await client.getDomainList({})
+    const list = res || []
+    if (!list || list.length === 0) {
+      throw new Error("没有找到加速域名");
+    }
+
+
+    /**
+     * certificate-id
+     * name
+     * dns-names
+     */
+    const options = list.map((item: any) => {
+      return {
+        label: `${item.domainName}`,
+        value: item.domainName,
+        domain: item.domainName
+      };
+    });
+    return {
+      list: this.ctx.utils.options.buildGroupOptions(options, this.certDomains),
+    };
+  }
+}
+
+//实例化一下，注册插件
+new CmccDeployCertToCdn();

packages/ui/certd-server/src/plugins/plugin-oauth/api.ts

@@ -1,6 +1,8 @@
 export type OnCallbackReq = {
     code: string;
     state: string;
+    currentURL: URL;
+    ticketValue: any;
 }
 
 export type OauthToken = {
@@ -30,8 +32,26 @@ export type OnBindReply = {
     message: string;
 }
 
+export type LoginUrlReply = {
+    loginUrl: string;
+    ticketValue: any;
+}
+
+export type BuildLoginUrlReq = {
+    redirectUri: string;
+    forType?: string;
+    from?:string;
+}
+
+export type BuildLogoutUrlReq = {
+}
+
+export type LogoutUrlReply = {
+    logoutUrl?: string;
+}
+
 export interface IOauthProvider {
-    buildLoginUrl: (params: { redirectUri: string }) => Promise<string>;
+    buildLoginUrl: (params: BuildLoginUrlReq) => Promise<LoginUrlReply>;
     onCallback: (params: OnCallbackReq) => Promise<OauthToken>;
-    onBind: (params: OnBindReq) => Promise<OnBindReply>;
+    buildLogoutUrl: (params: BuildLogoutUrlReq) => Promise<LogoutUrlReply>;
 }

packages/ui/certd-server/src/plugins/plugin-oauth/index.ts

@@ -1,2 +1,4 @@
 export * from './api.js'
 export * from './oidc/plugin-oidc.js'
+export * from './wx/plugin-wx.js'
+export * from './oauth2/plugin-gitee.js'

packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-gitee.ts

@@ -0,0 +1,155 @@
+import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
+import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
+
+@IsAddon({
+  addonType: "oauth",
+  name: 'gitee',
+  title: 'Gitee认证',
+  desc: 'Gitee OAuth2登录',
+  icon:"simple-icons:gitee:red",
+  showTest: false,
+})
+export class GiteeOauthProvider extends BaseAddon implements IOauthProvider {
+
+  @AddonInput({
+    title: "ClientId",
+    helper: "[gitee 第三方应用管理](https://gitee.com/oauth/applications)创建应用后获取",
+    required: true,
+  })
+  clientId = "";
+
+  @AddonInput({
+    title: "ClientSecretKey",
+    component: {
+      placeholder: "ClientSecretKey / appSecretKey",
+    },
+    required: true,
+  })
+  clientSecretKey = "";
+
+  // @AddonInput({
+  //   title: "授权地址",
+  //   helper: "授权请求url",
+  //   component: {
+  //     placeholder: "https://xxxxx.com/oauth/authorize",
+  //   },
+  //   required: true,
+  // })
+  // authorizeEndpoint = "";
+
+  /**
+   * gitee.authorizeURL = https://gitee.com/oauth/authorize
+gitee.accessToken = https://gitee.com/oauth/token
+gitee.userInfo = https://gitee.com/api/v5/user
+   */
+
+  // @AddonInput({
+  //   title: "Token获取地址",
+  //   helper: "Token获取url",
+  //   component: {
+  //     placeholder: "https://xxxxx.com/oauth/token",
+  //   },
+  //   required: true,
+  // })
+  // tokenEndpoint = "";
+
+  //  @AddonInput({
+  //   title: "用户信息获取地址",
+  //   helper: "用户信息url",
+  //   component: {
+  //     placeholder: "https://xxxxx.com/api/user_info",
+  //   },
+  //   required: true,
+  // })
+  // userInfoEndpoint = "";
+
+  // @AddonInput({
+  //   title: "Scope",
+  //   helper: "授权Scope",
+  //   value:"user_info",
+  //   component: {
+  //     placeholder: "profile",
+  //   },
+  //   required: true,
+  // })
+  // scope: string;
+
+
+  
+  async buildLoginUrl(params: BuildLoginUrlReq) {
+
+    let scope = "user_info" // Scope of the access request
+    let state:any = {
+      forType: params.forType || 'login',
+    }
+    state = this.ctx.utils.hash.base64(JSON.stringify(state))
+
+    const authorizeEndpoint = "https://gitee.com/oauth/authorize"
+    const redirectUrl = encodeURIComponent(params.redirectUri)
+    // https://gitee.com/oauth/authorize?client_id=5bb5f4158af41c50c7a17b5d9068244e97d3ee572def6a57ed32fd8c9d760ad1&redirect_uri=http%3A%2F%2Fcasdoor.docmirror.cn%3A8000%2Fcallback&response_type=code
+    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
+    return {
+      loginUrl,
+      ticketValue: {
+        state,
+      },
+    };
+  }
+
+  async onCallback(req: OnCallbackReq) {
+    
+    //校验state
+
+    const code = req.code || ""
+
+    const tokenEndpoint = "https://gitee.com/oauth/token"
+
+    const uri = new URL(req.currentURL)
+    const redirectUri = `${uri.origin}${uri.pathname}`
+    const res = await this.ctx.utils.http.request( {
+        url: tokenEndpoint,
+        method: "post",
+        data:{
+        // https://gitee.com/oauth/token?
+        // grant_type=authorization_code&code={code}&client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret}
+          grant_type: "authorization_code",
+          code,
+          client_id: this.clientId,
+          redirect_uri: redirectUri,
+          client_secret: this.clientSecretKey,
+        }
+    })
+    
+    const tokens = res
+
+
+    const userInfoEndpoint = "https://gitee.com/api/v5/user"
+
+    // 获取用户信息
+     const userInfoRes = await this.ctx.utils.http.request( {
+        url: userInfoEndpoint,
+        method: "get",
+        params:{
+          access_token: tokens.access_token,
+        }
+    })
+    const userInfo = userInfoRes
+
+    return {
+      token:{
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresIn: tokens.expires_in,
+      },
+      userInfo: {
+        openId: userInfo.id,
+        nickName: userInfo.name || userInfo.nick_name || "",
+        avatar: userInfo.avatar_url,
+      },
+    }
+  };
+
+  async buildLogoutUrl(params: BuildLogoutUrlReq) {
+    return {};
+  }
+}