v1.22.6

修复可选链问题导致的响应错误输出报错

.github/workflows/build-image.yml

@@ -0,0 +1,69 @@
+name: build-image
+on:
+  push:
+    branches: ['v2']
+    paths:
+      - "build.trigger"
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  build-certd-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const pnpmWorkspace = "./pnpm-workspace.yaml";
+            fs.unlinkSync(pnpmWorkspace)
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+#      - name: Use Node.js
+#        uses: actions/setup-node@v4
+#        with:
+#          node-version: 18
+#          cache: 'npm'
+#        working-directory: ./packages/ui/certd-client
+      - run: |
+          npm install -g pnpm
+          pnpm install
+          npm run build
+        working-directory: ./packages/ui/certd-client
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to aliyun container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.cn-shenzhen.aliyuncs.com
+          username: ${{ secrets.aliyun_cs_username }}
+          password: ${{ secrets.aliyun_cs_password }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6.5.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          context: ./packages/ui/
+          tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}

.github/workflows/deploy-demo.yml

@@ -0,0 +1,55 @@
+name: deploy-demo
+on:
+  push:
+    branches: ['v2']
+    paths:
+      - "deploy.trigger"
+  workflow_run:
+    workflows: [ "build-image" ]
+    types:
+      - completed
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  deploy-certd-demo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+      - uses: GuillaumeFalourd/wait-sleep-action@v1
+        with:
+          time: '10' # for 60 seconds
+      - name: Send HTTP request
+        id: request
+        uses: tyrrrz/action-http-request@master
+        with:
+          url: http://flow-openapi.aliyun.com/pipeline/webhook/lzCzlGrLCOHQaTMMt0mG
+          method: POST
+          headers: |
+            Content-Type: application/json
+          body: |
+            {
+              "CERTD_VERSION": "${{steps.get_certd_version.outputs.result}}"
+            }
+          retry-count: 3
+          retry-delay: 5000
+
+

.github/workflows/sync-to-gitee.yml

@@ -2,8 +2,6 @@ name: sync-to-gitee
 on:
   push:
     branches: ['v2']
-  pull_request:
-    branches: ['v2']
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'

.gitignore

@@ -34,3 +34,8 @@ gen
 
 docker/image/workspace
 /packages/core/lego
+
+tsconfig.tsbuildinfo
+test/**/*.js
+/packages/ui/certd-server/data/db.sqlite
+/packages/ui/certd-server/data/keys.yaml

.npmrc

@@ -0,0 +1,2 @@
+link-workspace-packages=true
+prefer-workspace-packages=true

.prettierrc

@@ -0,0 +1,7 @@
+{
+  "printWidth": 160,
+  "bracketSpacing": true,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "arrowParens": "avoid"
+}

CHANGELOG.md

@@ -3,6 +3,163 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+### Bug Fixes
+
+* 修复在相同的cron时偶尔无法触发定时任务的bug ([680941a](https://github.com/certd/certd/commit/680941af119619006b592e3ab6fb112cb5556a8b))
+* 修复pg下pipeline title 类型问题 ([a9717b9](https://github.com/certd/certd/commit/a9717b9a0df7b5a64d4fe03314fecad4f59774cc))
+
+### Performance Improvements
+
+* 流水线支持名称模糊查询 ([59897c4](https://github.com/certd/certd/commit/59897c4ceae992ebe2972ca9e8f9196616ffdfd7))
+* 腾讯云clb支持更多大区选择 ([e4f4570](https://github.com/certd/certd/commit/e4f4570b29f26c60f1ee9660a4c507cbeaba3d7e))
+* 优化前置任务输出为空的提示 ([6ed1e18](https://github.com/certd/certd/commit/6ed1e18c7d9c46d964ecc6abc90f3908297b7632))
+
+## [1.22.5](https://github.com/certd/certd/compare/v1.22.4...v1.22.5) (2024-07-26)
+
+### Bug Fixes
+
+* 修复用户管理无法添加用户的bug ([e7e89b8](https://github.com/certd/certd/commit/e7e89b8de7386e84c0d6b8e217e2034909657d68))
+
+## [1.22.4](https://github.com/certd/certd/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/certd/certd/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+* 支持arm64 ([fa14f87](https://github.com/certd/certd/commit/fa14f87a8093ef3addc5e5f3315ce1bfc9982782))
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+### Bug Fixes
+
+* lege 无执行权限问题 ([338eb3b](https://github.com/certd/certd/commit/338eb3bdfeb461e9b3bc7eee97b97a59f5642ffe))
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+### Bug Fixes
+
+* 修复创建流水线时，无法根据dns类型默认正确的dns授权的bug ([a2c43b5](https://github.com/certd/certd/commit/a2c43b50a6069ed48958fd142844a8568c2af452))
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+### Performance Improvements
+
+* 创建证书任务可以选择lege插件 ([affef13](https://github.com/certd/certd/commit/affef130378030c517250c58a4e787b0fc85d7d1))
+* 创建证书任务增加定时任务和邮件通知输入 ([427620d](https://github.com/certd/certd/commit/427620d34f3b8ad6933005faf1878908441a2453))
+* 支持配置启动后自动触发一次任务 ([a5a0c1f](https://github.com/certd/certd/commit/a5a0c1f6e7a3f05e581005e491d5b102ee854412))
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持lego，海量DNS提供商 ([0bc6d0a](https://github.com/certd/certd/commit/0bc6d0a211920fb0084d705e1db67ee1e7262c44))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))
+
+### Performance Improvements
+
+* 优化一些小细节 ([b168852](https://github.com/certd/certd/commit/b1688525dbbbfd67e0ab1cf5b4ddfbe9d394f370))
+* 增加备案号设置 ([bd3d959](https://github.com/certd/certd/commit/bd3d959944db63a5690b55ee150e1007133868b9))
+* 自动生成jwtkey，无需手动配置 ([390e485](https://github.com/certd/certd/commit/390e4853a570390a97df6a3b3882579f9547eeb4))
+
+## [1.21.2](https://github.com/certd/certd/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+### Performance Improvements
+
+* 申请证书时可以选择跳过本地dns校验 ([fe91d94](https://github.com/certd/certd/commit/fe91d94090d22ed0a3ea753ba74dfaa1bf057c17))
+
+## [1.21.1](https://github.com/certd/certd/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+### Performance Improvements
+
+* 上传到主机，支持设置不mkdirs ([5ba9831](https://github.com/certd/certd/commit/5ba9831ed1aa6ec6057df246f1035b36b9c41d2e))
+* 说明优化，默认值优化 ([970c7fd](https://github.com/certd/certd/commit/970c7fd8a0f557770e973d8462ee5684ef742810))
+
+# [1.21.0](https://github.com/certd/certd/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+### Features
+
+* 支持zero ssl ([eade2c2](https://github.com/certd/certd/commit/eade2c2b681569f03e9cd466e7d5bcd6703ed492))
+
+## [1.20.17](https://github.com/certd/certd/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+### Performance Improvements
+
+* 创建dns解析后，强制等待60s ([f47b35f](https://github.com/certd/certd/commit/f47b35f6d5bd7d675005c3e286b7e9a029201f8b))
+* 文件上传提示由cert.crt改为cert.pem ([a09b0e4](https://github.com/certd/certd/commit/a09b0e48c176f3ed763791bd50322c29729f7c1c))
+* 优化cname verify ([eba333d](https://github.com/certd/certd/commit/eba333de7a5b5ef4b0b7eaa904f578720102fa61))
+
+## [1.20.16](https://github.com/certd/certd/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+### Bug Fixes
+
+* 修复配置了cdn cname后申请失败的bug ([4a5fa76](https://github.com/certd/certd/commit/4a5fa767edc347d03d29a467e86c9a4d70b0220c))
+
+## [1.20.15](https://github.com/certd/certd/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+### Bug Fixes
+
+* 修复无法强制取消任务的bug ([9cc01db](https://github.com/certd/certd/commit/9cc01db1d569a5c45bb3e731f35d85df324a8e62))
+
+### Performance Improvements
+
+* 腾讯云dns provider 支持腾讯云的accessId ([e0eb3a4](https://github.com/certd/certd/commit/e0eb3a441384d474fe2923c69b25318264bdc9df))
+* 支持windows文件上传 ([7f61cab](https://github.com/certd/certd/commit/7f61cab101fa13b4e88234e9ad47434e6130fed2))
+
+## [1.20.14](https://github.com/certd/certd/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+### Bug Fixes
+
+* 修复修改密码功能异常问题 ([f740ff5](https://github.com/certd/certd/commit/f740ff517f521dce361284c2c54bccc68aee0ea2))
+
+## [1.20.13](https://github.com/certd/certd/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+### Bug Fixes
+
+* 日志高度越界 ([c4c9adb](https://github.com/certd/certd/commit/c4c9adb8bfd513f57252e523794e3799a9b220f8))
+* 修复邮箱设置页面SMTP拼写错误的问题 ([b98f1c0](https://github.com/certd/certd/commit/b98f1c0dd0bc6c6b4f814c578692afdf6d90b88d))
+* 修复logo问题 ([7e483e6](https://github.com/certd/certd/commit/7e483e60913d509b113148c735fe13ba1d72dddf))
+
+### Performance Improvements
+
+* 增加警告，修复一些样式错乱问题 ([fd54c2f](https://github.com/certd/certd/commit/fd54c2ffac492222e85ff2f5f49a9ee5cfc73588))
+* ssh登录支持openssh格式私钥、支持私钥密码 ([5c2c508](https://github.com/certd/certd/commit/5c2c50839a9076004f9034d754ac6deb531acdfb))
+
+## [1.20.12](https://github.com/certd/certd/compare/v1.20.10...v1.20.12) (2024-06-17)
+
+### Bug Fixes
+
+* 修复aliyun域名超过100个找不到域名的bug ([5b1494b](https://github.com/certd/certd/commit/5b1494b3ce93d1026dc56ee741342fbb8bf7be24))
+
+### Performance Improvements
+
+* 增加系统设置，可以关闭自助注册功能 ([20feace](https://github.com/certd/certd/commit/20feacea12d43386540db6a600f391d786be4014))
+* 增加cloudflare access token说明 ([934e6e2](https://github.com/certd/certd/commit/934e6e2bd05387cd50ffab95f230933543954098))
+* 支持重置管理员密码，忘记密码的补救方案 ([732cbc5](https://github.com/certd/certd/commit/732cbc5e927b526850724594830392b2f10c6705))
+* 支持cloudflare域名 ([fbb9a47](https://github.com/certd/certd/commit/fbb9a47e8f7bb805289b9ee64bd46ffee0f01c06))
+
+## [1.20.10](https://github.com/certd/certd/compare/v1.20.9...v1.20.10) (2024-05-30)
+
+### Bug Fixes
+
+* 增加权限相关helper说明 ([83e4083](https://github.com/certd/certd/commit/83e40836ebff10bec60efe8933183e1ba1c22bf9))
+* 增加权限相关helper说明 ([4304c94](https://github.com/certd/certd/commit/4304c9443ad9248f63dd6d8c512d8d6f32f90d37))
+
+### Performance Improvements
+
+* 上传到主机插件支持复制到本机路径 ([92446c3](https://github.com/certd/certd/commit/92446c339936f98f08f654b8971a7393d8435224))
+* 优化文件下载包名 ([d9eb927](https://github.com/certd/certd/commit/d9eb927b0a1445feab08b1958aa9ea80637a5ae6))
+* 增加任务复制功能 ([39ad759](https://github.com/certd/certd/commit/39ad7597fa0e19cc1f7631bbd6fea0a9e05a62c9))
+
+## [1.20.9](https://github.com/certd/certd/compare/v1.20.8...v1.20.9) (2024-03-22)
+
+**Note:** Version bump only for package root
+
+## [1.20.8](https://github.com/certd/certd/compare/v1.20.7...v1.20.8) (2024-03-22)
+
+**Note:** Version bump only for package root
+
 ## [1.20.7](https://github.com/certd/certd/compare/v1.20.6...v1.20.7) (2024-03-22)
 
 **Note:** Version bump only for package root

README.md

@@ -1,21 +1,21 @@
 # CertD
 
-CertD 是一个免费全自动申请和部署SSL证书的工具。       
+CertD 是一个免费全自动申请和自动部署更新SSL证书的工具。       
 后缀D取自linux守护进程的命名风格，意为证书守护进程。    
 
+关键字：证书自动申请、证书自动更新、证书自动续期、证书自动续签
+
 ## 一、特性
-本项目不仅支持证书申请过程自动化，还可以自动化部署证书，让你的证书永不过期。     
+本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     
 
-* 全自动申请证书（支持阿里云、腾讯云、华为云注册的域名）
-* 全自动部署证书（目前支持服务器上传部署、部署到阿里云、腾讯云等）
-* 支持通配符域名
-* 支持多个域名打到一个证书上
+* 全自动申请证书（支持阿里云、腾讯云、华为云、Cloudflare等各种途径注册的域名）
+* 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等）
+* 支持通配符域名/泛域名，支持多个域名打到一个证书上
 * 邮件通知
-* 证书自动更新
+* 私有化部署，保障安全
 * 免费、免费、免费（[阿里云单个通配符域名证书最便宜也要1800/年](https://yundun.console.aliyun.com/?p=cas#/certExtend/buy/cn-hangzhou)）
 
 
-
 ## 二、在线体验
 
 官方Demo地址，自助注册后体验    
@@ -38,68 +38,125 @@ https://certd.handsfree.work/
 -------> [点我查看详细使用步骤演示](./step.md)   <--------      
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     
 
-## 四、本地docker部署
+## 四、私有化部署
+
+由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全
 
 ### 1. 安装docker、docker-compose
 
-1.1 安装docker    
-https://docs.docker.com/engine/install/
+1.1 准备一台云服务器
+* 【阿里云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://www.aliyun.com/benefit?scm=20140722.M_10244282._.V_1&source=5176.11533457&userCode=qya11txb )】
+* 【腾讯云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://cloud.tencent.com/act/cps/redirect?redirect=6094&cps_key=b3ef73330335d7a6efa4a4bbeeb6b2c9&from=console)】
+  
 
-1.2 安装docker-compose     
-https://docs.docker.com/compose/install/linux/
+1.2 安装docker      
+
+https://docs.docker.com/engine/install/   
+选择对应的操作系统，按照官方文档执行命令即可   
+
+### 2. 运行certd
+
+[docker-compose.yaml 下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
+
+当前版本号： ![](https://img.shields.io/npm/v/%40certd%2Fpipeline)
 
-### 2. 下载docker-compose.yaml文件
 ```bash
+# 随便创建一个目录
 mkdir certd
+# 进入目录
 cd certd
-wget https://raw.githubusercontent.com/certd/certd/v2/docker/run/docker-compose.yaml
-# 或者使用gitee地址
+# 下载docker-compose.yaml文件，或者手动下载放到certd目录下
 wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
 
-# 根据需要修改里面的配置
-# 1.修改镜像版本号
-# 2.配置数据保存路径
-# 3.配置certd_auth_jwt_secret
-vi docker-compose.yaml
+# 可以根据需要修改里面的配置
+# 1.修改镜像版本号【可选】
+# 2.配置数据保存路径【可选】
+# 3.修改端口号【可选】
+vi docker-compose.yaml # 【可选】
 
-
-```
-> 镜像版本号与release版本号同步：    
-https://github.com/certd/certd/releases
-
-
-### 3. 运行
-```bash
-# 如果docker compose是插件化安装
-export CERTD_VERSION=1.2.0
+# 启动certd
 docker compose up -d
 
-#如果docker compose是独立安装
-export CERTD_VERSION=1.2.0
-docker-compose up -d
-
 ```
-### 4. 访问
+> 如果提示 没有compose命令,请安装docker-compose   
+> https://docs.docker.com/compose/install/linux/
 
-http://your_server_ip:7001 
-默认账号密码：admin/123456 
-记得修改密码
+#### 镜像说明：
+* certd镜像地址:
+  * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
+
+* 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
+  * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
+
+![](./doc/images/action-build.jpg)
 
 
-## 五、一些说明
+### 3. 访问
 
+http://your_server_ip:7001    
+默认账号密码：admin/123456    
+记得修改密码   
+
+
+## 五、 升级
+如果使用固定版本号
+1. 修改`docker-compose.yaml`中的镜像版本号
+2. 运行 `docker compose up -d` 即可
+
+如果使用`latest`版本
+1. 重新拉取镜像 `docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest` 
+2. 重新启动容器 `docker compose restart`
+
+> 数据默认存在`/data/certd`目录下，不用担心数据丢失   
+
+
+更新日志： [CHANGELOG](./CHANGELOG.md)
+
+
+## 六、一些说明
 * 本项目ssl证书提供商为letencrypt
 * 申请过程遵循acme协议
 * 需要验证域名所有权，一般有两种方式（目前本项目仅支持dns-01）
   * http-01： 在网站根目录下放置一份txt文件
   * dns-01： 需要给域名添加txt解析记录，通配符域名只能用这种方式
 * 证书续期：
-  * 实际上acme并没有续期概念。
-  * 我们所说的续期，其实就是按照全套流程重新申请一份新证书。
+  * 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
+  * 我们所说的续期，其实就是按照全套流程重新申请一份新证书，然后重新部署上去。
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前20天，会自动重新申请证书并部署
 
-## 六、联系作者
+
+## 七、不同平台的设置说明
+
+* [Cloudflare](./doc/cf/cf.md)
+* [腾讯云](./doc/tencent/tencent.md)
+* [windows主机](./doc/host/host.md)
+
+
+## 八、问题处理
+### 7.1 忘记管理员密码   
+解决方法如下：
+1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPassword`改为`true`
+```yaml
+services:
+  certd:
+    environment: # 环境变量
+      - certd_system_resetAdminPassword=false
+```
+2. 重启容器
+```shell
+docker compose up -d
+docker logs -f --tail 500 certd
+# 观察日志，当日志中输出“重置1号管理员用户的密码完成”，即可操作下一步
+```
+3. 修改docker-compose.yaml，将`certd_system_resetAdminPassword`改回`false`
+4. 再次重启容器
+```shell
+docker compose up -d
+```
+5. 使用`admin/123456`登录系统，请及时修改管理员密码
+
+## 九、联系作者
 如有疑问，欢迎加入群聊（请备注certd）
 * QQ群：141236433
 * 微信群：   
@@ -111,7 +168,7 @@ http://your_server_ip:7001
 <img height="230" src="./doc/images/me.png">
 </p>
 
-## 捐赠
+## 十、捐赠
 媳妇儿说：“一天到晚搞开源，也不管管老婆孩子！😡😡😡”        
 拜托各位捐赠支持一下，让媳妇儿开心开心，我也能有更多时间进行开源项目，感谢🙏🙏🙏
 <p align="center">
@@ -119,12 +176,20 @@ http://your_server_ip:7001
 </p>
 
 
-## 七、贡献代码
+## 十一、贡献代码
 
-[贡献插件教程](./packages/plugins/plugin-center/README.md)
+[贡献插件教程](./plugin.md)
 
 
-## 八、我的其他项目
+## 十二、我的其他项目（求Star）
 * [袖手GPT](https://ai.handsfree.work/) ChatGPT，国内可用，无需FQ，每日免费额度
 * [fast-crud](https://gitee.com/fast-crud/fast-crud/) 基于vue3的crud快速开发框架
 * [dev-sidecar](https://github.com/docmirror/dev-sidecar/) 直连访问github工具，无需FQ，解决github无法访问的问题
+
+
+
+## 十三、更新日志
+
+更新日志：[CHANGELOG](./CHANGELOG.md)
+
+

build.trigger

@@ -0,0 +1 @@
+23:16

deploy.js

@@ -1,8 +1,7 @@
 import http from 'axios'
 import fs from 'fs'
-
 //读取 packages/core/pipline/package.json的版本号
-import {default as packageJson} from './packages/core/pipeline/package.json';
+import {default as packageJson} from './packages/core/pipeline/package.json' assert { type: "json" };
 
 const certdVersion = packageJson.version
 console.log("certdVersion", certdVersion)
@@ -33,8 +32,9 @@ async function getPackages(directoryPath) {
 async function getAllPackages() {
     const base = await getPackages("./packages/core")
     const plugins = await getPackages("./packages/plugins")
+    const libs = await getPackages("./packages/libs")
 
-    return base.concat(plugins)
+    return base.concat(plugins).concat(libs)
 }
 
 async function sync() {
@@ -49,7 +49,7 @@ async function sync() {
             data: {}
         })
         console.log(`sync success:${pkg}`)
-        await sleep(100*1000)
+        await sleep(30*1000)
     }
 }
 
@@ -79,7 +79,7 @@ async function triggerBuild() {
             }
         })
         console.log(`webhook success:${webhook}`)
-        await sleep(10*60*1000)
+        await sleep(30*60*1000)
     }
 
 }
@@ -87,9 +87,9 @@ async function triggerBuild() {
 async function start() {
     // await build()
     console.log("等待60秒")
-    await sleep(200 * 1000)
+    await sleep(100* 1000)
     await sync()
-    await sleep(60 * 1000)
+    await sleep(100 * 1000)
     await triggerBuild()
 }
 

deploy.trigger

@@ -0,0 +1 @@
+5

doc/cf/cf.md

@@ -0,0 +1,15 @@
+# Cloudflare 
+
+
+## CF Token申请
+
+### 申请地址：
+https://dash.cloudflare.com/profile/api-tokens
+
+### 权限设置：
+需要设置权限和资源范围  
+权限包括：Zone.Zone.edit, Zone.DNS.edit  
+资源范围：要包含对应域名，推荐直接设置为All Zones  
+最终效果如下，可以切换语言为英文对比如下图检查
+
+![](./cf_token.png)

doc/host/host.md

@@ -0,0 +1,24 @@
+# 远程主机
+
+远程主机基于ssh协议，通过ssh连接远程主机，执行命令。
+
+## windows开启OpenSSH Server
+1. 安装OpenSSH Server
+请前往Microsoft官方文档查看如何开启openSSH
+https://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui#install-openssh-for-windows
+
+2. 启动OpenSSH Server服务
+```
+win+R  弹出运行对话框，输入 services.msc 打开服务管理器
+找到 OpenSSH SSH Server 
+启动ssh server服务，并且设置为自动启动
+```
+
+3. 测试ssh登录
+使用你常用的ssh客户端，连接你的windows主机，进行测试 
+
+```cmd
+# 如何确定你用户名
+C:\Users\xiaoj>
+          ↑↑↑↑---------这个就是windows ssh的登录用户名
+```

doc/tencent/tencent.md

@@ -0,0 +1,16 @@
+# 腾讯云
+
+
+## DNSPOD 授权设置
+目前腾讯云管理的域名的dns暂时只支持从DNSPOD进行设置    
+打开 https://console.dnspod.cn/account/token/apikey    
+然后按如下方式获取DNSPOD的授权
+![](./dnspod-token.png)
+
+
+## 腾讯云API密钥设置
+
+腾讯云其他部署需要API密钥，需要在腾讯云控制台进行设置   
+打开 https://console.cloud.tencent.com/cam/capi   
+然后按如下方式获取腾讯云的API密钥    
+![](./tencent-access.png)

docker/image/Dockerfile

@@ -1,18 +0,0 @@
-FROM registry.cn-shenzhen.aliyuncs.com/handsfree/node:16-alpine
-EXPOSE 7001
-ENV NODE_ENV production
-ENV MIDWAY_SERVER_ENV production
-WORKDIR /app/
-#RUN npm install cross-env -g  --registry=https://registry.npmmirror.com
-#RUN npm install pm2 -g  --registry=https://registry.npmmirror.com
-#RUN pm2 install pm2-logrotate
-ADD ./workspace/certd-server/ /app/
-RUN yarn install --production  --registry=https://registry.npmmirror.com
-#RUN yarn install --production
-RUN npm run build
-#CMD ["pm2-runtime", "start", "./bootstrap.js","--name", "certd","-i","1"]
-CMD ["npm", "run","start"]
-
-
-
-

docker/image/build.sh

@@ -1,37 +0,0 @@
-#!/bin/bash
-set -e
-echo "请先输入一个版本号："
-read version
-
-echo "您输入的版本号是： $version"
-echo "登录aliyun镜像仓库"
-sudo docker login --username=252959493@qq.com registry.cn-shenzhen.aliyuncs.com
-
-build=$(pwd)
-cd ../../
-root=$(pwd)
-echo "安装依赖"
-#pnpm install --registry=https://registry.npmmirror.com
-pnpm install
-
-echo "client build"
-cd $root/packages/ui/certd-client
-pnpm run build
-echo "client build success"
-
-echo "server build"
-cd $root/packages/ui/certd-server
-pnpm run build
-echo "server build success"
-
-echo "rm node_modules"
-rm ./node_modules -rf
-
-echo "copy to workspace"
-mkdir -p $build/workspace/certd-server
-\cp ./* $build/workspace/certd-server -rf
-\cp ../certd-client/dist/* $build/workspace/certd-server/public/ -rf
-
-#export TAG=$version
-#sudo -E docker compose build
-#sudo -E docker compose push

docker/run/Dockerfile

@@ -1,9 +0,0 @@
-FROM registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
-EXPOSE 7001
-RUN npm run build
-#RUN npm install pm2 -g  --registry=https://registry.npmmirror.com
-#CMD ["pm2-runtime", "start", "./bootstrap.js","--name", "certd","-i","1","--", "-p", "7001"]
-CMD ["npm","run", "start"]
-
-
-

docker/run/build.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-# 判断$CERTD_VERSION 是否存在
-if [ -n "$CERTD_VERSION" ]; then
-    echo "CERTD_VERSION is set = $CERTD_VERSION"
-else
-    echo "CERTD_VERSION is not set"
-    echo "请先输入一个版本号(如 1.0.6)："
-    read CERTD_VERSION
-fi
-
-echo "您输入的版本号是： $CERTD_VERSION"
-sudo -E docker compose up -d

docker/run/docker-compose.yaml

@@ -1,23 +1,33 @@
 version: '3.3'
 services:
   certd:
-    # 镜像                                                  #  ↓↓↓↓↓ --- 1、 修改镜像版本号，或者干脆写成latest
-    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${CERTD_VERSION}
+    # 镜像                                                  #  ↓↓↓↓↓ --- 1、 镜像版本号，建议改成固定版本号【可选】
+    image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
     container_name: certd # 容器名
-    restart: unless-stopped # 重启
+    restart: unless-stopped # 自动重启
     volumes:
-      #   ↓↓↓↓↓ ------------------------------------------------------- 2、 修改数据库以及证书存储路径
+      #   ↓↓↓↓↓ ------------------------------------------------------- 2、 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下【可选】
       - /data/certd:/app/data
     ports: # 端口映射
+      #  ↓↓↓↓ ----------------------------------------------------------3、如果端口有冲突，可以修改第一个7001为其他不冲突的端口号【可选】
       - "7001:7001"
+    dns:
+      # 如果出现getaddrinfo ENOTFOUND等错误，可以尝试修改或注释dns配置
+      - 223.5.5.5
+      - 223.6.6.6
+      - 8.8.8.8
+      - 8.8.4.4
     environment: # 环境变量
       - TZ=Asia/Shanghai
-      - certd_auth_jwt_secret=changeme
-                            #  ↑↑↑↑↑ ---------------------------------- 3、 修改成你的自定义密钥
+      - certd_system_resetAdminPassword=false
+                                     #  ↑↑↑↑↑---------------------------4、如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false【可选】
+      - certd_cron_immediateTriggerOnce=false
+                                     #  ↑↑↑↑↑---------------------------5、如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次【可选】
+      - VITE_APP_ICP_NO=
+                      #  ↑↑↑↑↑ -----------------------------------------6、这里可以设置备案号【可选】
       # 设置环境变量即可自定义certd配置
       # 服务端配置项见： packages/ui/certd-server/src/config/config.default.ts
       # 服务端配置规则： certd_ + 配置项, 点号用_代替
-      # 如jwt密钥配置为： auth.jwt.secret，则设置环境变量 certd_auth_jwt_secret=changeme
 
       # 客户端配置项见： packages/ui/certd-client/.env
       # 按实际名称配置环境变量即可，如： VITE_APP_API=http://localhost:7001

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.20.7"
+  "version": "1.22.6"
 }

package.json

@@ -12,16 +12,17 @@
   "scripts": {
     "start": "lerna bootstrap --hoist",
     "i-all": "lerna link && lerna exec npm install  ",
-    "publish": "npm run proxy && npm run prepublishOnly1  && lerna publish --conventional-commits && npm run afterpublishOnly && npm run deploy1",
-    "afterpublishOnly": "",
-    "proxy": "npm config set proxy=http://127.0.0.1:10811",
-    "prepublishOnly1": "npm run before-build && lerna run build ",
-    "before-build": "cd ./packages/core/acme-client && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
-    "deploy1": "node --experimental-json-modules deploy.js "
+    "publish": "npm run prepublishOnly1  && lerna publish --conventional-commits --create-release github && npm run afterpublishOnly",
+    "afterpublishOnly": "time /t >build.trigger && git add ./build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
+    "prepublishOnly1": "npm run check && npm run before-build && lerna run build ",
+    "before-build": "cd ./packages/core/pipeline && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
+    "deploy1": "node --experimental-json-modules deploy.js ",
+    "check": "node --experimental-json-modules publish-check.js",
+    "init": "lerna run build"
   },
   "license": "AGPL-3.0",
   "dependencies": {
-    "axios": "^1.4.0",
+    "axios": "^1.7.2",
     "lodash": "^4.17.21"
   },
   "workspaces": [

packages/core/acme-client/.eslintrc.yml

@@ -9,15 +9,8 @@ env:
 rules:
   indent: [2, 4, { SwitchCase: 1, VariableDeclarator: 1 }]
   brace-style: [2, 'stroustrup', { allowSingleLine: true }]
-  space-before-function-paren: [2, { anonymous: 'never', named: 'never' }]
   func-names: 0
-  prefer-destructuring: 0
-  object-curly-newline: 0
   class-methods-use-this: 0
-  wrap-iife: [2, 'inside']
   no-param-reassign: 0
-  comma-dangle: [2, 'never']
   max-len: [1, 200, 2, { ignoreUrls: true, ignoreComments: false }]
-  no-multiple-empty-lines: [2, { max: 2, maxBOF: 0, maxEOF: 0 }]
-  prefer-object-spread: 0
   import/no-useless-path-segments: 0

packages/core/acme-client/.github/scripts/tests-install-cts.sh

@@ -5,8 +5,10 @@
 set -euo pipefail
 
 # Download and install
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv_linux-amd64" -O /usr/local/bin/pebble-challtestsrv
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv-linux-amd64.tar.gz" -O /tmp/pebble-challtestsrv.tar.gz
+tar zxvf /tmp/pebble-challtestsrv.tar.gz -C /tmp
 
+mv /tmp/pebble-challtestsrv-linux-amd64/linux/amd64/pebble-challtestsrv /usr/local/bin/pebble-challtestsrv
 chown root:root /usr/local/bin/pebble-challtestsrv
 chmod 0755 /usr/local/bin/pebble-challtestsrv
 

packages/core/acme-client/.github/scripts/tests-install-pebble.sh

@@ -22,12 +22,14 @@ wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION
 wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/config/${CONFIG_NAME}" -O /etc/pebble/pebble.json
 
 # Download and install Pebble
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble_linux-amd64" -O /usr/local/bin/pebble
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble-linux-amd64.tar.gz" -O /tmp/pebble.tar.gz
+tar zxvf /tmp/pebble.tar.gz -C /tmp
 
+mv /tmp/pebble-linux-amd64/linux/amd64/pebble /usr/local/bin/pebble
 chown root:root /usr/local/bin/pebble
 chmod 0755 /usr/local/bin/pebble
 
 # Config
-sed -i 's/test\/certs\/localhost/\/etc\/pebble/' /etc/pebble/pebble.json
+sed -i 's#test/certs/localhost#/etc/pebble#' /etc/pebble/pebble.json
 
 exit 0

packages/core/acme-client/.github/workflows/tests.yml

@@ -1,4 +1,3 @@
----
 name: test
 on: [push, pull_request]
 
@@ -12,7 +11,6 @@ jobs:
         node: [16, 18, 20]
         eab: [0, 1]
 
-
     #
     # Environment
     #
@@ -21,9 +19,9 @@ jobs:
       FORCE_COLOR: 1
       NPM_CONFIG_COLOR: always
 
-      PEBBLE_VERSION: 2.3.1
+      PEBBLE_VERSION: 2.6.0
       PEBBLE_ALTERNATE_ROOTS: 2
-      PEBBLECTS_VERSION: 2.3.1
+      PEBBLECTS_VERSION: 2.6.0
       PEBBLECTS_DNS_PORT: 8053
       COREDNS_VERSION: 1.11.1
 
@@ -41,7 +39,6 @@ jobs:
       ACME_HTTP_PORT: 5002
       ACME_HTTPS_PORT: 5003
 
-
     #
     # Pipeline
     #

packages/core/acme-client/.gitignore

@@ -1,3 +1,4 @@
+.actrc
 .vscode/
 node_modules/
 npm-debug.log

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,97 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.22.6](https://github.com/publishlab/node-acme-client/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.4](https://github.com/publishlab/node-acme-client/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/publishlab/node-acme-client/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+
+## [1.22.3](https://github.com/publishlab/node-acme-client/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.2](https://github.com/publishlab/node-acme-client/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.22.1](https://github.com/publishlab/node-acme-client/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.22.0](https://github.com/publishlab/node-acme-client/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/publishlab/node-acme-client/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+
+## [1.21.2](https://github.com/publishlab/node-acme-client/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.21.1](https://github.com/publishlab/node-acme-client/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.21.0](https://github.com/publishlab/node-acme-client/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+### Features
+
+* 支持zero ssl ([eade2c2](https://github.com/publishlab/node-acme-client/commit/eade2c2b681569f03e9cd466e7d5bcd6703ed492))
+
+## [1.20.17](https://github.com/publishlab/node-acme-client/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+### Performance Improvements
+
+* 创建dns解析后，强制等待60s ([f47b35f](https://github.com/publishlab/node-acme-client/commit/f47b35f6d5bd7d675005c3e286b7e9a029201f8b))
+* 优化cname verify ([eba333d](https://github.com/publishlab/node-acme-client/commit/eba333de7a5b5ef4b0b7eaa904f578720102fa61))
+
+## [1.20.16](https://github.com/publishlab/node-acme-client/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+### Bug Fixes
+
+* 修复配置了cdn cname后申请失败的bug ([4a5fa76](https://github.com/publishlab/node-acme-client/commit/4a5fa767edc347d03d29a467e86c9a4d70b0220c))
+
+## [1.20.15](https://github.com/publishlab/node-acme-client/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+### Performance Improvements
+
+* 腾讯云dns provider 支持腾讯云的accessId ([e0eb3a4](https://github.com/publishlab/node-acme-client/commit/e0eb3a441384d474fe2923c69b25318264bdc9df))
+
+## [1.20.14](https://github.com/publishlab/node-acme-client/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.13](https://github.com/publishlab/node-acme-client/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.12](https://github.com/publishlab/node-acme-client/compare/v1.20.10...v1.20.12) (2024-06-17)
+
+### Bug Fixes
+
+* 修复aliyun域名超过100个找不到域名的bug ([5b1494b](https://github.com/publishlab/node-acme-client/commit/5b1494b3ce93d1026dc56ee741342fbb8bf7be24))
+
+### Performance Improvements
+
+* 支持cloudflare域名 ([fbb9a47](https://github.com/publishlab/node-acme-client/commit/fbb9a47e8f7bb805289b9ee64bd46ffee0f01c06))
+
+## [1.20.10](https://github.com/publishlab/node-acme-client/compare/v1.20.9...v1.20.10) (2024-05-30)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.9](https://github.com/publishlab/node-acme-client/compare/v1.20.8...v1.20.9) (2024-03-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.20.8](https://github.com/publishlab/node-acme-client/compare/v1.20.7...v1.20.8) (2024-03-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.20.7](https://github.com/publishlab/node-acme-client/compare/v1.20.6...v1.20.7) (2024-03-22)
 
 **Note:** Version bump only for package @certd/acme-client
@@ -19,6 +110,16 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline
 
 # Changelog
 
+## v5.4.0
+
+* `added` Directory URLs for [Google](https://cloud.google.com/certificate-manager/docs/overview) ACME provider
+* `fixed` Invalidate ACME directory cache after 24 hours
+
+## v5.3.1 (2024-05-22)
+
+* `fixed` Allow `client.auto()` being called with an empty CSR common name
+* `fixed` Bug when calling `updateAccountKey()` with external account binding
+
 ## v5.3.0 (2024-02-05)
 
 * `added` Support and tests for satisfying `tls-alpn-01` challenges
@@ -51,7 +152,7 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline
 * `fixed` Upgrade `axios@0.26.1`
 * `fixed` Upgrade `node-forge@1.3.0` - [CVE-2022-24771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771), [CVE-2022-24772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772), [CVE-2022-24773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773)
 
-## 4.2.4 (2022-03-19)
+## v4.2.4 (2022-03-19)
 
 * `fixed` Use SHA-256 when signing CSRs
 

packages/core/acme-client/README.md

@@ -9,13 +9,13 @@ This module is written to handle communication with a Boulder/Let's Encrypt-styl
 
 ## Compatibility
 
-| acme-client   | Node.js   |                                           |
-| ------------- | --------- | ----------------------------------------- |
-| v5.x          | >= v16    | [Upgrade guide](docs/upgrade-v5.md)       |
-| v4.x          | >= v10    | [Changelog](CHANGELOG.md#v400-2020-05-29) |
-| v3.x          | >= v8     | [Changelog](CHANGELOG.md#v300-2019-07-13) |
-| v2.x          | >= v4     | [Changelog](CHANGELOG.md#v200-2018-04-02) |
-| v1.x          | >= v4     | [Changelog](CHANGELOG.md#v100-2017-10-20) |
+| acme-client | Node.js |                                           |
+| ----------- | ------- | ----------------------------------------- |
+| v5.x        | >= v16  | [Upgrade guide](docs/upgrade-v5.md)       |
+| v4.x        | >= v10  | [Changelog](CHANGELOG.md#v400-2020-05-29) |
+| v3.x        | >= v8   | [Changelog](CHANGELOG.md#v300-2019-07-13) |
+| v2.x        | >= v4   | [Changelog](CHANGELOG.md#v200-2018-04-02) |
+| v1.x        | >= v4   | [Changelog](CHANGELOG.md#v100-2017-10-20) |
 
 ## Table of contents
 
@@ -49,7 +49,7 @@ const accountPrivateKey = '<PEM encoded private key>';
 
 const client = new acme.Client({
     directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: accountPrivateKey
+    accountKey: accountPrivateKey,
 });
 ```
 
@@ -59,6 +59,9 @@ const client = new acme.Client({
 acme.directory.buypass.staging;
 acme.directory.buypass.production;
 
+acme.directory.google.staging;
+acme.directory.google.production;
+
 acme.directory.letsencrypt.staging;
 acme.directory.letsencrypt.production;
 
@@ -75,8 +78,8 @@ const client = new acme.Client({
     accountKey: accountPrivateKey,
     externalAccountBinding: {
         kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
-    }
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
+    },
 });
 ```
 
@@ -90,7 +93,7 @@ In some cases, for example with some EAB providers, this account creation step m
 const client = new acme.Client({
     directoryUrl: acme.directory.letsencrypt.staging,
     accountKey: accountPrivateKey,
-    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678'
+    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678',
 });
 ```
 
@@ -113,8 +116,7 @@ const privateRsaKey = await acme.crypto.createPrivateRsaKey();
 const privateEcdsaKey = await acme.crypto.createPrivateEcdsaKey();
 
 const [certificateKey, certificateCsr] = await acme.crypto.createCsr({
-    commonName: '*.example.com',
-    altNames: ['example.com']
+    altNames: ['example.com', '*.example.com'],
 });
 ```
 
@@ -139,7 +141,7 @@ const autoOpts = {
     email: 'test@example.com',
     termsOfServiceAgreed: true,
     challengeCreateFn: async (authz, challenge, keyAuthorization) => {},
-    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {}
+    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {},
 };
 
 const certificate = await client.auto(autoOpts);
@@ -156,7 +158,7 @@ To modify challenge priority, provide a list of challenge types in `challengePri
 ```js
 await client.auto({
     ...,
-    challengePriority: ['http-01', 'dns-01']
+    challengePriority: ['http-01', 'dns-01'],
 });
 ```
 
@@ -171,7 +173,7 @@ To completely disable `acme-client`s internal challenge verification, enable `sk
 ```js
 await client.auto({
     ...,
-    skipChallengeVerification: true
+    skipChallengeVerification: true,
 });
 ```
 
@@ -185,14 +187,14 @@ For more fine-grained control you can interact with the ACME API using the metho
 ```js
 const account = await client.createAccount({
     termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });
 
 const order = await client.createOrder({
     identifiers: [
         { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: '*.example.com' }
-    ]
+        { type: 'dns', value: '*.example.com' },
+    ],
 });
 ```
 
@@ -207,7 +209,7 @@ const acme = require('acme-client');
 
 acme.axios.defaults.proxy = {
     host: '127.0.0.1',
-    port: 9000
+    port: 9000,
 };
 ```
 

packages/core/acme-client/build.md

@@ -1 +1 @@
-10:30
+20:55

packages/core/acme-client/docs/client.md

@@ -63,7 +63,7 @@ Create ACME client instance
 ```js
 const client = new acme.Client({
     directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: 'Private key goes here'
+    accountKey: 'Private key goes here',
 });
 ```
 **Example**  
@@ -75,7 +75,7 @@ const client = new acme.Client({
     accountUrl: 'Optional account URL goes here',
     backoffAttempts: 10,
     backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 });
 ```
 **Example**  
@@ -86,8 +86,8 @@ const client = new acme.Client({
     accountKey: 'Private key goes here',
     externalAccountBinding: {
         kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
-    }
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
+    },
 });
 ```
 <a name="AcmeClient+getTermsOfServiceUrl"></a>
@@ -145,7 +145,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
 Create a new account
 ```js
 const account = await client.createAccount({
-    termsOfServiceAgreed: true
+    termsOfServiceAgreed: true,
 });
 ```
 **Example**  
@@ -153,7 +153,7 @@ Create a new account with contact info
 ```js
 const account = await client.createAccount({
     termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccount"></a>
@@ -174,7 +174,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
 Update existing account
 ```js
 const account = await client.updateAccount({
-    contact: ['mailto:foo@example.com']
+    contact: ['mailto:foo@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccountKey"></a>
@@ -218,8 +218,8 @@ Create a new order
 const order = await client.createOrder({
     identifiers: [
         { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: 'test.example.com' }
-    ]
+        { type: 'dns', value: 'test.example.com' },
+    ],
 });
 ```
 <a name="AcmeClient+getOrder"></a>
@@ -452,7 +452,7 @@ Revoke certificate with reason
 ```js
 const certificate = { ... }; // Previously created certificate
 const result = await client.revokeCertificate(certificate, {
-    reason: 4
+    reason: 4,
 });
 ```
 <a name="AcmeClient+auto"></a>
@@ -479,7 +479,7 @@ Auto mode
 Order a certificate using auto mode
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 
 const certificate = await client.auto({
@@ -491,14 +491,14 @@ const certificate = await client.auto({
     },
     challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
         // Clean up challenge here
-    }
+    },
 });
 ```
 **Example**  
 Order a certificate using auto mode with preferred chain
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 
 const certificate = await client.auto({
@@ -507,7 +507,7 @@ const certificate = await client.auto({
     termsOfServiceAgreed: true,
     preferredChain: 'DST Root CA X3',
     challengeCreateFn: async () => {},
-    challengeRemoveFn: async () => {}
+    challengeRemoveFn: async () => {},
 });
 ```
 <a name="Client"></a>

packages/core/acme-client/docs/crypto.md

@@ -239,29 +239,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
+> *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
     keySize: 4096,
     commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
     country: 'US',
     state: 'California',
     locality: 'Los Angeles',
     organization: 'The Company Inc.',
     organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -270,8 +271,9 @@ Certificate Signing Request with ECDSA private key
 const certificateKey = await acme.crypto.createPrivateEcdsaKey();
 
 const [, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);
+```
 <a name="createAlpnCertificate"></a>
 
 ## createAlpnCertificate(authz, keyAuthorization, [keyPem]) ⇒ <code>Promise.&lt;Array.&lt;buffer&gt;&gt;</code>
@@ -298,6 +300,7 @@ Create a ALPN certificate with ECDSA private key
 ```js
 const alpnKey = await acme.crypto.createPrivateEcdsaKey();
 const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
+```
 <a name="isAlpnCertificateAuthorizationValid"></a>
 
 ## isAlpnCertificateAuthorizationValid(certPem, keyAuthorization) ⇒ <code>boolean</code>

packages/core/acme-client/docs/forge.md

@@ -222,29 +222,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
+> *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
     keySize: 4096,
     commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
     country: 'US',
     state: 'California',
     locality: 'Los Angeles',
     organization: 'The Company Inc.',
     organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -253,5 +254,5 @@ Certificate Signing Request with predefined private key
 const certificateKey = await acme.forge.createPrivateKey();
 
 const [, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);

packages/core/acme-client/examples/api.js

@@ -8,7 +8,6 @@ function log(m) {
     process.stdout.write(`${m}\n`);
 }
 
-
 /**
  * Function used to satisfy an ACME challenge
  *
@@ -25,7 +24,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
     log(keyAuthorization);
 }
 
-
 /**
  * Function used to remove an ACME challenge response
  *
@@ -41,30 +39,29 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {
     log(keyAuthorization);
 }
 
-
 /**
  * Main
  */
 
-module.exports = async function() {
+module.exports = async () => {
     /* Init client */
     const client = new acme.Client({
         directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
     });
 
     /* Register account */
     await client.createAccount({
         termsOfServiceAgreed: true,
-        contact: ['mailto:test@example.com']
+        contact: ['mailto:test@example.com'],
     });
 
     /* Place new order */
     const order = await client.createOrder({
         identifiers: [
             { type: 'dns', value: 'example.com' },
-            { type: 'dns', value: '*.example.com' }
-        ]
+            { type: 'dns', value: '*.example.com' },
+        ],
     });
 
     /**
@@ -138,8 +135,7 @@ module.exports = async function() {
 
     /* Finalize order */
     const [key, csr] = await acme.crypto.createCsr({
-        commonName: '*.example.com',
-        altNames: ['example.com']
+        altNames: ['example.com', '*.example.com'],
     });
 
     const finalized = await client.finalizeOrder(order, csr);

packages/core/acme-client/examples/auto.js

@@ -9,7 +9,6 @@ function log(m) {
     process.stdout.write(`${m}\n`);
 }
 
-
 /**
  * Function used to satisfy an ACME challenge
  *
@@ -47,7 +46,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
     }
 }
 
-
 /**
  * Function used to remove an ACME challenge response
  *
@@ -80,25 +78,24 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {
 
         /* Replace this */
         log(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
-        // await dnsProvider.removeRecord(dnsRecord, 'TXT');
+        // await dnsProvider.removeRecord(dnsRecord, 'TXT', recordValue);
     }
 }
 
-
 /**
  * Main
  */
 
-module.exports = async function() {
+module.exports = async () => {
     /* Init client */
     const client = new acme.Client({
         directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
     });
 
     /* Create CSR */
     const [key, csr] = await acme.crypto.createCsr({
-        commonName: 'example.com'
+        altNames: ['example.com'],
     });
 
     /* Certificate */
@@ -107,7 +104,7 @@ module.exports = async function() {
         email: 'test@example.com',
         termsOfServiceAgreed: true,
         challengeCreateFn,
-        challengeRemoveFn
+        challengeRemoveFn,
     });
 
     /* Done */

packages/core/acme-client/examples/dns-01/dns-01.js

@@ -19,7 +19,6 @@ function log(m) {
     process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }
 
-
 /**
  * Main
  */
@@ -33,18 +32,16 @@ function log(m) {
         log('Initializing ACME client');
         const client = new acme.Client({
             directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
         });
 
-
         /**
          * Order wildcard certificate
          */
 
         log(`Creating CSR for ${WILDCARD_DOMAIN}`);
         const [key, csr] = await acme.crypto.createCsr({
-            commonName: WILDCARD_DOMAIN,
-            altNames: [`*.${WILDCARD_DOMAIN}`]
+            altNames: [WILDCARD_DOMAIN, `*.${WILDCARD_DOMAIN}`],
         });
 
         log(`Ordering certificate for ${WILDCARD_DOMAIN}`);
@@ -60,12 +57,11 @@ function log(m) {
             challengeRemoveFn: (authz, challenge, keyAuthorization) => {
                 /* TODO: Implement this */
                 log(`[TODO] Remove TXT record key=_acme-challenge.${authz.identifier.value} value=${keyAuthorization}`);
-            }
+            },
         });
 
         log(`Certificate for ${WILDCARD_DOMAIN} created successfully`);
 
-
         /**
          * HTTPS server
          */
@@ -78,7 +74,7 @@ function log(m) {
 
         const httpsServer = https.createServer({
             key,
-            cert
+            cert,
         }, requestListener);
 
         httpsServer.listen(HTTPS_SERVER_PORT, () => {

packages/core/acme-client/examples/http-01/http-01.js

@@ -23,7 +23,6 @@ function log(m) {
     process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }
 
-
 /**
  * On-demand certificate generation using http-01
  */
@@ -52,7 +51,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
     /* Create CSR */
     log(`Creating CSR for ${servername}`);
     const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
     });
 
     /* Order certificate */
@@ -67,7 +66,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
         },
         challengeRemoveFn: (authz, challenge) => {
             delete challengeResponses[challenge.token];
-        }
+        },
     });
 
     /* Done, store certificate */
@@ -77,7 +76,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
     return certificateStore[servername];
 }
 
-
 /**
  * Main
  */
@@ -91,10 +89,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
         log('Initializing ACME client');
         const client = new acme.Client({
             directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
         });
 
-
         /**
          * HTTP server
          */
@@ -129,7 +126,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
             log(`HTTP server listening on port ${HTTP_SERVER_PORT}`);
         });
 
-
         /**
          * HTTPS server
          */
@@ -158,7 +154,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                     log(`[ERROR] ${e.message}`);
                     cb(e.message);
                 }
-            }
+            },
         }, requestListener);
 
         httpsServer.listen(HTTPS_SERVER_PORT, () => {

packages/core/acme-client/examples/tls-alpn-01/tls-alpn-01.js

@@ -22,7 +22,6 @@ function log(m) {
     process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }
 
-
 /**
  * On-demand certificate generation using tls-alpn-01
  */
@@ -51,7 +50,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
     /* Create CSR */
     log(`Creating CSR for ${servername}`);
     const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
     });
 
     /* Order certificate */
@@ -66,7 +65,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
         },
         challengeRemoveFn: (authz) => {
             delete alpnResponses[authz.identifier.value];
-        }
+        },
     });
 
     /* Done, store certificate */
@@ -76,7 +75,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
     return certificateStore[servername];
 }
 
-
 /**
  * Main
  */
@@ -90,10 +88,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
         log('Initializing ACME client');
         const client = new acme.Client({
             directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
         });
 
-
         /**
          * ALPN responder
          */
@@ -118,14 +115,14 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                     log(`Found ALPN certificate for ${servername}, serving secure context`);
                     cb(null, tls.createSecureContext({
                         key: alpnResponses[servername][0],
-                        cert: alpnResponses[servername][1]
+                        cert: alpnResponses[servername][1],
                     }));
                 }
                 catch (e) {
                     log(`[ERROR] ${e.message}`);
                     cb(e.message);
                 }
-            }
+            },
         });
 
         /* Terminate once TLS handshake has been established */
@@ -137,7 +134,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
             log(`ALPN responder listening on port ${ALPN_RESPONDER_PORT}`);
         });
 
-
         /**
          * HTTPS server
          */
@@ -166,7 +162,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                     log(`[ERROR] ${e.message}`);
                     cb(e.message);
                 }
-            }
+            },
         }, requestListener);
 
         httpsServer.listen(HTTPS_SERVER_PORT, () => {

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.20.7",
+    "version": "1.22.6",
     "main": "src/index.js",
     "types": "types/index.d.ts",
     "license": "MIT",
@@ -16,24 +16,24 @@
         "types"
     ],
     "dependencies": {
-        "@peculiar/x509": "^1.9.7",
+        "@peculiar/x509": "^1.10.0",
         "asn1js": "^3.0.5",
-        "axios": "^1.6.5",
+        "axios": "^1.7.2",
         "debug": "^4.1.1",
         "https-proxy-agent": "^7.0.4",
         "node-forge": "^1.3.1"
     },
     "devDependencies": {
-        "@types/node": "^20.11.5",
+        "@types/node": "^20.12.12",
         "chai": "^4.4.1",
-        "chai-as-promised": "^7.1.1",
-        "eslint": "^8.56.0",
+        "chai-as-promised": "^7.1.2",
+        "eslint": "^8.57.0",
         "eslint-config-airbnb-base": "^15.0.0",
         "eslint-plugin-import": "^2.29.1",
-        "jsdoc-to-markdown": "^8.0.0",
-        "mocha": "^10.2.0",
-        "nock": "^13.5.0",
-        "tsd": "^0.30.4",
+        "jsdoc-to-markdown": "^8.0.1",
+        "mocha": "^10.4.0",
+        "nock": "^13.5.4",
+        "tsd": "^0.31.0",
         "typescript": "^4.8.4",
         "uuid": "^8.3.2"
     },
@@ -59,5 +59,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "b258e926209fef4cc4d633b0383eb54e26c516f9"
+    "gitHead": "e5da46cfc31b2e30a4903bcb2251b1851265ef41"
 }

packages/core/acme-client/src/api.js

@@ -4,7 +4,6 @@
 
 const util = require('./util');
 
-
 /**
  * AcmeApi
  *
@@ -18,7 +17,6 @@ class AcmeApi {
         this.accountUrl = accountUrl;
     }
 
-
     /**
      * Get account URL
      *
@@ -34,7 +32,6 @@ class AcmeApi {
         return this.accountUrl;
     }
 
-
     /**
      * ACME API request
      *
@@ -59,7 +56,6 @@ class AcmeApi {
         return resp;
     }
 
-
     /**
      * ACME API request by resource name helper
      *
@@ -78,7 +74,6 @@ class AcmeApi {
         return this.apiRequest(resourceUrl, payload, validStatusCodes, { includeJwsKid, includeExternalAccountBinding });
     }
 
-
     /**
      * Get Terms of Service URL if available
      *
@@ -91,7 +86,6 @@ class AcmeApi {
         return this.http.getMetaField('termsOfService');
     }
 
-
     /**
      * Create new account
      *
@@ -104,7 +98,7 @@ class AcmeApi {
     async createAccount(data) {
         const resp = await this.apiResourceRequest('newAccount', data, [200, 201], {
             includeJwsKid: false,
-            includeExternalAccountBinding: (data.onlyReturnExisting !== true)
+            includeExternalAccountBinding: (data.onlyReturnExisting !== true),
         });
 
         /* Set account URL */
@@ -115,7 +109,6 @@ class AcmeApi {
         return resp;
     }
 
-
     /**
      * Update account
      *
@@ -129,7 +122,6 @@ class AcmeApi {
         return this.apiRequest(this.getAccountUrl(), data, [200, 202]);
     }
 
-
     /**
      * Update account key
      *
@@ -143,7 +135,6 @@ class AcmeApi {
         return this.apiResourceRequest('keyChange', data, [200]);
     }
 
-
     /**
      * Create new order
      *
@@ -157,7 +148,6 @@ class AcmeApi {
         return this.apiResourceRequest('newOrder', data, [201]);
     }
 
-
     /**
      * Get order
      *
@@ -171,7 +161,6 @@ class AcmeApi {
         return this.apiRequest(url, null, [200]);
     }
 
-
     /**
      * Finalize order
      *
@@ -186,7 +175,6 @@ class AcmeApi {
         return this.apiRequest(url, data, [200]);
     }
 
-
     /**
      * Get identifier authorization
      *
@@ -200,7 +188,6 @@ class AcmeApi {
         return this.apiRequest(url, null, [200]);
     }
 
-
     /**
      * Update identifier authorization
      *
@@ -215,7 +202,6 @@ class AcmeApi {
         return this.apiRequest(url, data, [200]);
     }
 
-
     /**
      * Complete challenge
      *
@@ -230,7 +216,6 @@ class AcmeApi {
         return this.apiRequest(url, data, [200]);
     }
 
-
     /**
      * Revoke certificate
      *
@@ -245,6 +230,5 @@ class AcmeApi {
     }
 }
 
-
 /* Export API */
 module.exports = AcmeApi;

packages/core/acme-client/src/auto.js

@@ -4,6 +4,7 @@
 
 const { readCsrDomains } = require('./crypto');
 const { log } = require('./logger');
+const { wait } = require('./wait');
 
 const defaultOpts = {
     csr: null,
@@ -13,10 +14,9 @@ const defaultOpts = {
     skipChallengeVerification: false,
     challengePriority: ['http-01', 'dns-01'],
     challengeCreateFn: async () => { throw new Error('Missing challengeCreateFn()'); },
-    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); }
+    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); },
 };
 
-
 /**
  * ACME client auto mode
  *
@@ -25,8 +25,8 @@ const defaultOpts = {
  * @returns {Promise<buffer>} Certificate
  */
 
-module.exports = async function(client, userOpts) {
-    const opts = Object.assign({}, defaultOpts, userOpts);
+module.exports = async (client, userOpts) => {
+    const opts = { ...defaultOpts, ...userOpts };
     const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed };
 
     if (!Buffer.isBuffer(opts.csr)) {
@@ -36,7 +36,9 @@ module.exports = async function(client, userOpts) {
     if (opts.email) {
         accountPayload.contact = [`mailto:${opts.email}`];
     }
-
+    if (opts.externalAccountBinding) {
+        accountPayload.externalAccountBinding = opts.externalAccountBinding;
+    }
 
     /**
      * Register account
@@ -53,19 +55,16 @@ module.exports = async function(client, userOpts) {
         await client.createAccount(accountPayload);
     }
 
-
     /**
      * Parse domains from CSR
      */
 
     log('[auto] Parsing domains from Certificate Signing Request');
-    const csrDomains = readCsrDomains(opts.csr);
-    const domains = [csrDomains.commonName].concat(csrDomains.altNames);
-    const uniqueDomains = Array.from(new Set(domains));
+    const { commonName, altNames } = readCsrDomains(opts.csr);
+    const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));
 
     log(`[auto] Resolved ${uniqueDomains.length} unique domains from parsing the Certificate Signing Request`);
 
-
     /**
      * Place order
      */
@@ -77,7 +76,6 @@ module.exports = async function(client, userOpts) {
 
     log(`[auto] Placed certificate order successfully, received ${authorizations.length} identity authorizations`);
 
-
     /**
      * Resolve and satisfy challenges
      */
@@ -119,10 +117,23 @@ module.exports = async function(client, userOpts) {
             let recordItem = null;
             try {
                 recordItem = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
-
+                log(`[auto] [${d}] challengeCreateFn success`);
+                log(`[auto] [${d}] add challengeRemoveFn()`);
+                clearTasks.push(async () => {
+                    /* Trigger challengeRemoveFn(), suppress errors */
+                    log(`[auto] [${d}] Trigger challengeRemoveFn()`);
+                    try {
+                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem);
+                    }
+                    catch (e) {
+                        log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
+                    }
+                });
+                // throw new Error('测试异常');
                 /* Challenge verification */
                 if (opts.skipChallengeVerification === true) {
-                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true`);
+                    log(`[auto] [${d}] Skipping challenge verification since skipChallengeVerification=true，wait 60s`);
+                    await wait(60 * 1000);
                 }
                 else {
                     log(`[auto] [${d}] Running challenge verification`);
@@ -140,19 +151,6 @@ module.exports = async function(client, userOpts) {
                 log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
                 throw e;
             }
-            finally {
-                log(`[auto] [${d}] add challengeRemoveFn()`);
-                clearTasks.push(async () => {
-                    /* Trigger challengeRemoveFn(), suppress errors */
-                    log(`[auto] [${d}] Trigger challengeRemoveFn()`);
-                    try {
-                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem);
-                    }
-                    catch (e) {
-                        log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
-                    }
-                });
-            }
         }
         catch (e) {
             /* Deactivate pending authz when unable to complete challenge */
@@ -177,21 +175,56 @@ module.exports = async function(client, userOpts) {
         await challengeFunc(authz);
     });
 
-    log('开始challenge');
-    let promise = Promise.resolve();
-    function runPromisesSerially(tasks) {
+    function runAllPromise(tasks) {
+        let promise = Promise.resolve();
         tasks.forEach((task) => {
             promise = promise.then(task);
         });
         return promise;
     }
 
+    async function runPromisePa(tasks) {
+        const results = [];
+        // eslint-disable-next-line no-await-in-loop,no-restricted-syntax
+        for (const task of tasks) {
+            results.push(task());
+            // eslint-disable-next-line no-await-in-loop
+            await wait(10000);
+        }
+        return Promise.all(results);
+    }
 
     try {
-        await runPromisesSerially(challengePromises);
+        log('开始challenge');
+        await runPromisePa(challengePromises);
+
+        log('challenge结束');
+
+        // log('[auto] Waiting for challenge valid status');
+        // await Promise.all(challengePromises);
+
+        /**
+         * Finalize order and download certificate
+         */
+
+        log('[auto] Finalizing order and downloading certificate');
+        const finalized = await client.finalizeOrder(order, opts.csr);
+        return await client.getCertificate(finalized, opts.preferredChain);
+    }
+    catch (e) {
+        log('证书申请失败');
+        log(e);
+        throw new Error(`证书申请失败:${e.message}`);
     }
     finally {
-        await runPromisesSerially(clearTasks);
+        log(`清理challenge痕迹，length:${clearTasks.length}`);
+        try {
+            await runAllPromise(clearTasks);
+        }
+        catch (e) {
+            log('清理challenge失败');
+            log(e);
+        }
     }
 
     // try {
@@ -201,19 +234,4 @@ module.exports = async function(client, userOpts) {
     //     log('清理challenge');
     //     await Promise.allSettled(clearTasks);
     // }
-
-
-    log('challenge结束');
-
-    // log('[auto] Waiting for challenge valid status');
-    // await Promise.all(challengePromises);
-
-
-    /**
-     * Finalize order and download certificate
-     */
-
-    log('[auto] Finalizing order and downloading certificate');
-    const finalized = await client.finalizeOrder(order, opts.csr);
-    return client.getCertificate(finalized, opts.preferredChain);
 };

packages/core/acme-client/src/axios.js

@@ -5,7 +5,6 @@
 const axios = require('axios');
 const pkg = require('./../package.json');
 
-
 /**
  * Instance
  */
@@ -19,9 +18,8 @@ instance.defaults.headers.common['User-Agent'] = `node-${pkg.name}/${pkg.version
 instance.defaults.acmeSettings = {
     httpChallengePort: 80,
     httpsChallengePort: 443,
-    tlsAlpnChallengePort: 443
+    tlsAlpnChallengePort: 443,
 };
-
 // instance.defaults.proxy = {
 //     host: '192.168.34.139',
 //     port: 10811
@@ -35,7 +33,6 @@ instance.defaults.acmeSettings = {
 
 instance.defaults.adapter = 'http';
 
-
 /**
  * Export instance
  */

packages/core/acme-client/src/client.js

@@ -13,7 +13,6 @@ const verify = require('./verify');
 const util = require('./util');
 const auto = require('./auto');
 
-
 /**
  * ACME states
  *
@@ -24,7 +23,6 @@ const validStates = ['ready', 'valid'];
 const pendingStates = ['pending', 'processing'];
 const invalidStates = ['invalid'];
 
-
 /**
  * Default options
  *
@@ -38,10 +36,9 @@ const defaultOpts = {
     externalAccountBinding: {},
     backoffAttempts: 10,
     backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 };
 
-
 /**
  * AcmeClient
  *
@@ -61,7 +58,7 @@ const defaultOpts = {
  * ```js
  * const client = new acme.Client({
  *     directoryUrl: acme.directory.letsencrypt.staging,
- *     accountKey: 'Private key goes here'
+ *     accountKey: 'Private key goes here',
  * });
  * ```
  *
@@ -73,7 +70,7 @@ const defaultOpts = {
  *     accountUrl: 'Optional account URL goes here',
  *     backoffAttempts: 10,
  *     backoffMin: 5000,
- *     backoffMax: 30000
+ *     backoffMax: 30000,
  * });
  * ```
  *
@@ -84,8 +81,8 @@ const defaultOpts = {
  *     accountKey: 'Private key goes here',
  *     externalAccountBinding: {
  *         kid: 'YOUR-EAB-KID',
- *         hmacKey: 'YOUR-EAB-HMAC-KEY'
- *     }
+ *         hmacKey: 'YOUR-EAB-HMAC-KEY',
+ *     },
  * });
  * ```
  */
@@ -96,19 +93,17 @@ class AcmeClient {
             opts.accountKey = Buffer.from(opts.accountKey);
         }
 
-        this.opts = Object.assign({}, defaultOpts, opts);
-
+        this.opts = { ...defaultOpts, ...opts };
         this.backoffOpts = {
             attempts: this.opts.backoffAttempts,
             min: this.opts.backoffMin,
-            max: this.opts.backoffMax
+            max: this.opts.backoffMax,
         };
 
-        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding);
+        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding, this.opts.urlMapping);
         this.api = new AcmeApi(this.http, this.opts.accountUrl);
     }
 
-
     /**
      * Get Terms of Service URL if available
      *
@@ -128,7 +123,6 @@ class AcmeClient {
         return this.api.getTermsOfServiceUrl();
     }
 
-
     /**
      * Get current account URL
      *
@@ -150,7 +144,6 @@ class AcmeClient {
         return this.api.getAccountUrl();
     }
 
-
     /**
      * Create a new account
      *
@@ -162,7 +155,7 @@ class AcmeClient {
      * @example Create a new account
      * ```js
      * const account = await client.createAccount({
-     *     termsOfServiceAgreed: true
+     *     termsOfServiceAgreed: true,
      * });
      * ```
      *
@@ -170,7 +163,7 @@ class AcmeClient {
      * ```js
      * const account = await client.createAccount({
      *     termsOfServiceAgreed: true,
-     *     contact: ['mailto:test@example.com']
+     *     contact: ['mailto:test@example.com'],
      * });
      * ```
      */
@@ -196,7 +189,6 @@ class AcmeClient {
         }
     }
 
-
     /**
      * Update existing account
      *
@@ -208,7 +200,7 @@ class AcmeClient {
      * @example Update existing account
      * ```js
      * const account = await client.updateAccount({
-     *     contact: ['mailto:foo@example.com']
+     *     contact: ['mailto:foo@example.com'],
      * });
      * ```
      */
@@ -236,7 +228,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Update account private key
      *
@@ -261,7 +252,7 @@ class AcmeClient {
         const accountUrl = this.api.getAccountUrl();
 
         /* Create new HTTP and API clients using new key */
-        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey);
+        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey, this.opts.externalAccountBinding);
         const newApiClient = new AcmeApi(newHttpClient, accountUrl);
 
         /* Get old JWK */
@@ -282,7 +273,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Create a new order
      *
@@ -296,8 +286,8 @@ class AcmeClient {
      * const order = await client.createOrder({
      *     identifiers: [
      *         { type: 'dns', value: 'example.com' },
-     *         { type: 'dns', value: 'test.example.com' }
-     *     ]
+     *         { type: 'dns', value: 'test.example.com' },
+     *     ],
      * });
      * ```
      */
@@ -314,7 +304,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Refresh order object from CA
      *
@@ -376,7 +365,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Get identifier authorizations from order
      *
@@ -406,7 +394,6 @@ class AcmeClient {
         }));
     }
 
-
     /**
      * Deactivate identifier authorization
      *
@@ -427,10 +414,7 @@ class AcmeClient {
             throw new Error('Unable to deactivate identifier authorization, URL not found');
         }
 
-        const data = {
-            status: 'deactivated'
-        };
-
+        const data = { status: 'deactivated' };
         const resp = await this.api.updateAuthorization(authz.url, data);
 
         /* Add URL to response */
@@ -438,7 +422,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Get key authorization for ACME challenge
      *
@@ -480,7 +463,6 @@ class AcmeClient {
         throw new Error(`Unable to produce key authorization, unknown challenge type: ${challenge.type}`);
     }
 
-
     /**
      * Verify that ACME challenge is satisfied
      *
@@ -515,7 +497,6 @@ class AcmeClient {
         return util.retry(verifyFn, this.backoffOpts);
     }
 
-
     /**
      * Notify CA that challenge has been completed
      *
@@ -536,7 +517,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Wait for ACME provider to verify status on a order, authorization or challenge
      *
@@ -593,7 +573,6 @@ class AcmeClient {
         return util.retry(verifyFn, this.backoffOpts);
     }
 
-
     /**
      * Get certificate from ACME order
      *
@@ -640,7 +619,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Revoke certificate
      *
@@ -660,7 +638,7 @@ class AcmeClient {
      * ```js
      * const certificate = { ... }; // Previously created certificate
      * const result = await client.revokeCertificate(certificate, {
-     *     reason: 4
+     *     reason: 4,
      * });
      * ```
      */
@@ -671,7 +649,6 @@ class AcmeClient {
         return resp.data;
     }
 
-
     /**
      * Auto mode
      *
@@ -689,7 +666,7 @@ class AcmeClient {
      * @example Order a certificate using auto mode
      * ```js
      * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
      * });
      *
      * const certificate = await client.auto({
@@ -701,14 +678,14 @@ class AcmeClient {
      *     },
      *     challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
      *         // Clean up challenge here
-     *     }
+     *     },
      * });
      * ```
      *
      * @example Order a certificate using auto mode with preferred chain
      * ```js
      * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
      * });
      *
      * const certificate = await client.auto({
@@ -717,7 +694,7 @@ class AcmeClient {
      *     termsOfServiceAgreed: true,
      *     preferredChain: 'DST Root CA X3',
      *     challengeCreateFn: async () => {},
-     *     challengeRemoveFn: async () => {}
+     *     challengeRemoveFn: async () => {},
      * });
      * ```
      */
@@ -727,6 +704,5 @@ class AcmeClient {
     }
 }
 
-
 /* Export client */
 module.exports = AcmeClient;

packages/core/acme-client/src/crypto/forge.js

@@ -13,7 +13,6 @@ const forge = require('node-forge');
 
 const generateKeyPair = promisify(forge.pki.rsa.generateKeyPair);
 
-
 /**
  * Attempt to parse forge object from PEM encoded string
  *
@@ -54,7 +53,6 @@ function forgeObjectFromPem(input) {
     return result;
 }
 
-
 /**
  * Parse domain names from a certificate or CSR
  *
@@ -93,11 +91,10 @@ function parseDomains(obj) {
 
     return {
         commonName,
-        altNames
+        altNames,
     };
 }
 
-
 /**
  * Generate a private RSA key
  *
@@ -123,7 +120,6 @@ async function createPrivateKey(size = 2048) {
 
 exports.createPrivateKey = createPrivateKey;
 
-
 /**
  * Create public key from a private RSA key
  *
@@ -136,14 +132,13 @@ exports.createPrivateKey = createPrivateKey;
  * ```
  */
 
-exports.createPublicKey = async function(key) {
+exports.createPublicKey = async (key) => {
     const privateKey = forge.pki.privateKeyFromPem(key);
     const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e);
     const pemKey = forge.pki.publicKeyToPem(publicKey);
     return Buffer.from(pemKey);
 };
 
-
 /**
  * Parse body of PEM encoded object from buffer or string
  * If multiple objects are chained, the first body will be returned
@@ -157,7 +152,6 @@ exports.getPemBody = (str) => {
     return forge.util.encode64(msg.body);
 };
 
-
 /**
  * Split chain of PEM encoded objects from buffer or string into array
  *
@@ -167,7 +161,6 @@ exports.getPemBody = (str) => {
 
 exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
 
-
 /**
  * Get modulus
  *
@@ -182,7 +175,7 @@ exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
  * ```
  */
 
-exports.getModulus = async function(input) {
+exports.getModulus = async (input) => {
     if (!Buffer.isBuffer(input)) {
         input = Buffer.from(input);
     }
@@ -191,7 +184,6 @@ exports.getModulus = async function(input) {
     return Buffer.from(forge.util.hexToBytes(obj.n.toString(16)), 'binary');
 };
 
-
 /**
  * Get public exponent
  *
@@ -206,7 +198,7 @@ exports.getModulus = async function(input) {
  * ```
  */
 
-exports.getPublicExponent = async function(input) {
+exports.getPublicExponent = async (input) => {
     if (!Buffer.isBuffer(input)) {
         input = Buffer.from(input);
     }
@@ -215,7 +207,6 @@ exports.getPublicExponent = async function(input) {
     return Buffer.from(forge.util.hexToBytes(obj.e.toString(16)), 'binary');
 };
 
-
 /**
  * Read domains from a Certificate Signing Request
  *
@@ -231,7 +222,7 @@ exports.getPublicExponent = async function(input) {
  * ```
  */
 
-exports.readCsrDomains = async function(csr) {
+exports.readCsrDomains = async (csr) => {
     if (!Buffer.isBuffer(csr)) {
         csr = Buffer.from(csr);
     }
@@ -240,7 +231,6 @@ exports.readCsrDomains = async function(csr) {
     return parseDomains(obj);
 };
 
-
 /**
  * Read information from a certificate
  *
@@ -260,7 +250,7 @@ exports.readCsrDomains = async function(csr) {
  * ```
  */
 
-exports.readCertificateInfo = async function(cert) {
+exports.readCertificateInfo = async (cert) => {
     if (!Buffer.isBuffer(cert)) {
         cert = Buffer.from(cert);
     }
@@ -270,15 +260,14 @@ exports.readCertificateInfo = async function(cert) {
 
     return {
         issuer: {
-            commonName: issuerCn ? issuerCn.value : null
+            commonName: issuerCn ? issuerCn.value : null,
         },
         domains: parseDomains(obj),
         notAfter: obj.validity.notAfter,
-        notBefore: obj.validity.notBefore
+        notBefore: obj.validity.notBefore,
     };
 };
 
-
 /**
  * Determine ASN.1 type for CSR subject short name
  * Note: https://datatracker.ietf.org/doc/html/rfc5280
@@ -299,7 +288,6 @@ function getCsrValueTagClass(shortName) {
     }
 }
 
-
 /**
  * Create array of short names and values for Certificate Signing Request subjects
  *
@@ -319,7 +307,6 @@ function createCsrSubject(subjectObj) {
     }, []);
 }
 
-
 /**
  * Create array of alt names for Certificate Signing Requests
  * Note: https://github.com/digitalbazaar/forge/blob/dfdde475677a8a25c851e33e8f81dca60d90cfb9/lib/x509.js#L1444-L1454
@@ -336,7 +323,6 @@ function formatCsrAltNames(altNames) {
     });
 }
 
-
 /**
  * Create a Certificate Signing Request
  *
@@ -356,29 +342,30 @@ function formatCsrAltNames(altNames) {
  * @example Create a Certificate Signing Request
  * ```js
  * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
  * ```js
  * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
  *     keySize: 4096,
  *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with additional information
  * ```js
  * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
  *     country: 'US',
  *     state: 'California',
  *     locality: 'Los Angeles',
  *     organization: 'The Company Inc.',
  *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
  * });
  * ```
  *
@@ -387,11 +374,11 @@ function formatCsrAltNames(altNames) {
  * const certificateKey = await acme.forge.createPrivateKey();
  *
  * const [, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * }, certificateKey);
  */
 
-exports.createCsr = async function(data, key = null) {
+exports.createCsr = async (data, key = null) => {
     if (!key) {
         key = await createPrivateKey(data.keySize);
     }
@@ -423,7 +410,7 @@ exports.createCsr = async function(data, key = null) {
         L: data.locality,
         O: data.organization,
         OU: data.organizationUnit,
-        E: data.emailAddress
+        E: data.emailAddress,
     });
 
     csr.setSubject(subject);
@@ -434,8 +421,8 @@ exports.createCsr = async function(data, key = null) {
             name: 'extensionRequest',
             extensions: [{
                 name: 'subjectAltName',
-                altNames: formatCsrAltNames(data.altNames)
-            }]
+                altNames: formatCsrAltNames(data.altNames),
+            }],
         }]);
     }
 

packages/core/acme-client/src/crypto/index.js

@@ -22,7 +22,6 @@ const subjectAltNameOID = '2.5.29.17';
 /* id-pe-acmeIdentifier - https://datatracker.ietf.org/doc/html/rfc8737#section-6.1 */
 const alpnAcmeIdentifierOID = '1.3.6.1.5.5.7.1.31';
 
-
 /**
  * Determine key type and info by attempting to derive public key
  *
@@ -35,7 +34,7 @@ function getKeyInfo(keyPem) {
     const result = {
         isRSA: false,
         isECDSA: false,
-        publicKey: crypto.createPublicKey(keyPem)
+        publicKey: crypto.createPublicKey(keyPem),
     };
 
     if (result.publicKey.asymmetricKeyType === 'rsa') {
@@ -51,7 +50,6 @@ function getKeyInfo(keyPem) {
     return result;
 }
 
-
 /**
  * Generate a private RSA key
  *
@@ -74,8 +72,8 @@ async function createPrivateRsaKey(modulusLength = 2048) {
         modulusLength,
         privateKeyEncoding: {
             type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
     });
 
     return Buffer.from(pair.privateKey);
@@ -83,7 +81,6 @@ async function createPrivateRsaKey(modulusLength = 2048) {
 
 exports.createPrivateRsaKey = createPrivateRsaKey;
 
-
 /**
  * Alias of `createPrivateRsaKey()`
  *
@@ -92,7 +89,6 @@ exports.createPrivateRsaKey = createPrivateRsaKey;
 
 exports.createPrivateKey = createPrivateRsaKey;
 
-
 /**
  * Generate a private ECDSA key
  *
@@ -115,14 +111,13 @@ exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
         namedCurve,
         privateKeyEncoding: {
             type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
     });
 
     return Buffer.from(pair.privateKey);
 };
 
-
 /**
  * Get a public key derived from a RSA or ECDSA key
  *
@@ -140,13 +135,12 @@ exports.getPublicKey = (keyPem) => {
 
     const publicKey = info.publicKey.export({
         type: info.isECDSA ? 'spki' : 'pkcs1',
-        format: 'pem'
+        format: 'pem',
     });
 
     return Buffer.from(publicKey);
 };
 
-
 /**
  * Get a JSON Web Key derived from a RSA or ECDSA key
  *
@@ -163,7 +157,7 @@ exports.getPublicKey = (keyPem) => {
 
 function getJwk(keyPem) {
     const jwk = crypto.createPublicKey(keyPem).export({
-        format: 'jwk'
+        format: 'jwk',
     });
 
     /* Sort keys */
@@ -175,7 +169,6 @@ function getJwk(keyPem) {
 
 exports.getJwk = getJwk;
 
-
 /**
  * Produce CryptoKeyPair and signing algorithm from a PEM encoded private key
  *
@@ -191,7 +184,7 @@ async function getWebCryptoKeyPair(keyPem) {
     /* Signing algorithm */
     const sigalg = {
         name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
+        hash: { name: 'SHA-256' },
     };
 
     if (info.isECDSA) {
@@ -215,7 +208,6 @@ async function getWebCryptoKeyPair(keyPem) {
     return [{ privateKey, publicKey }, sigalg];
 }
 
-
 /**
  * Split chain of PEM encoded objects from string into array
  *
@@ -235,7 +227,6 @@ function splitPemChain(chainPem) {
 
 exports.splitPemChain = splitPemChain;
 
-
 /**
  * Parse body of PEM encoded object and return a Base64URL string
  * If multiple objects are chained, the first body will be returned
@@ -256,7 +247,6 @@ exports.getPemBodyAsB64u = (pem) => {
     return Buffer.from(dec).toString('base64url');
 };
 
-
 /**
  * Parse domains from a certificate or CSR
  *
@@ -277,11 +267,10 @@ function parseDomains(input) {
 
     return {
         commonName,
-        altNames
+        altNames,
     };
 }
 
-
 /**
  * Read domains from a Certificate Signing Request
  *
@@ -307,7 +296,6 @@ exports.readCsrDomains = (csrPem) => {
     return parseDomains(csr);
 };
 
-
 /**
  * Read information from a certificate
  * If multiple certificates are chained, the first will be read
@@ -338,15 +326,14 @@ exports.readCertificateInfo = (certPem) => {
 
     return {
         issuer: {
-            commonName: cert.issuerName.getField('CN').pop() || null
+            commonName: cert.issuerName.getField('CN').pop() || null,
         },
         domains: parseDomains(cert),
         notBefore: cert.notBefore,
-        notAfter: cert.notAfter
+        notAfter: cert.notAfter,
     };
 };
 
-
 /**
  * Determine ASN.1 character string type for CSR subject field name
  *
@@ -369,7 +356,6 @@ function getCsrAsn1CharStringType(field) {
     }
 }
 
-
 /**
  * Create array of subject fields for a Certificate Signing Request
  *
@@ -391,7 +377,6 @@ function createCsrSubject(input) {
     }, []);
 }
 
-
 /**
  * Create x509 subject alternate name extension
  *
@@ -409,7 +394,6 @@ function createSubjectAltNameExtension(altNames) {
     }));
 }
 
-
 /**
  * Create a Certificate Signing Request
  *
@@ -429,29 +413,30 @@ function createSubjectAltNameExtension(altNames) {
  * @example Create a Certificate Signing Request
  * ```js
  * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
  * ```js
  * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
  *     keySize: 4096,
  *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with additional information
  * ```js
  * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
  *     country: 'US',
  *     state: 'California',
  *     locality: 'Los Angeles',
  *     organization: 'The Company Inc.',
  *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
  * });
  * ```
  *
@@ -460,8 +445,9 @@ function createSubjectAltNameExtension(altNames) {
  * const certificateKey = await acme.crypto.createPrivateEcdsaKey();
  *
  * const [, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * }, certificateKey);
+ * ```
  */
 
 exports.createCsr = async (data, keyPem = null) => {
@@ -489,7 +475,7 @@ exports.createCsr = async (data, keyPem = null) => {
         new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment), // eslint-disable-line no-bitwise
 
         /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension(data.altNames)
+        createSubjectAltNameExtension(data.altNames),
     ];
 
     /* Create CSR */
@@ -504,8 +490,8 @@ exports.createCsr = async (data, keyPem = null) => {
             L: data.locality,
             O: data.organization,
             OU: data.organizationUnit,
-            E: data.emailAddress
-        })
+            E: data.emailAddress,
+        }),
     });
 
     /* Done */
@@ -513,7 +499,6 @@ exports.createCsr = async (data, keyPem = null) => {
     return [keyPem, Buffer.from(pem)];
 };
 
-
 /**
  * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
  *
@@ -533,6 +518,7 @@ exports.createCsr = async (data, keyPem = null) => {
  * ```js
  * const alpnKey = await acme.crypto.createPrivateEcdsaKey();
  * const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
+ * ```
  */
 
 exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) => {
@@ -564,7 +550,7 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
         await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),
 
         /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension([commonName])
+        createSubjectAltNameExtension([commonName]),
     ];
 
     /* ALPN extension */
@@ -581,8 +567,8 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
         notBefore: now,
         notAfter: now,
         name: createCsrSubject({
-            CN: commonName
-        })
+            CN: commonName,
+        }),
     });
 
     /* Done */
@@ -590,7 +576,6 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
     return [keyPem, Buffer.from(pem)];
 };
 
-
 /**
  * Validate that a ALPN certificate contains the expected key authorization
  *

packages/core/acme-client/src/http.js

@@ -12,10 +12,11 @@ const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
 let httpsAgent = null;
 if (httpsProxy) {
     httpsAgent = new HttpsProxyAgent(httpsProxy);
+    log(`use https_proxy:${httpsProxy}`);
 }
 const axios = axios1.create({
     proxy: false,
-    httpsAgent
+    httpsAgent,
 });
 
 /**
@@ -30,16 +31,19 @@ const axios = axios1.create({
  */
 
 class HttpClient {
-    constructor(directoryUrl, accountKey, externalAccountBinding = {}) {
+    constructor(directoryUrl, accountKey, externalAccountBinding = {}, urlMapping = {}) {
         this.directoryUrl = directoryUrl;
         this.accountKey = accountKey;
         this.externalAccountBinding = externalAccountBinding;
 
         this.maxBadNonceRetries = 5;
-        this.directory = null;
         this.jwk = null;
-    }
 
+        this.directoryCache = null;
+        this.directoryMaxAge = 86400;
+        this.directoryTimestamp = 0;
+        this.urlMapping = urlMapping;
+    }
 
     /**
      * HTTP request
@@ -51,6 +55,16 @@ class HttpClient {
      */
 
     async request(url, method, opts = {}) {
+        if (this.urlMapping && this.urlMapping.enabled === true && this.urlMapping.mappings) {
+            // eslint-disable-next-line no-restricted-syntax
+            for (const key in this.urlMapping.mappings) {
+                if (url.includes(key)) {
+                    const newUrl = url.replace(key, this.urlMapping.mappings[key]);
+                    log(`use reverse proxy: ${newUrl}`);
+                    url = newUrl;
+                }
+            }
+        }
         opts.url = url;
         opts.method = method;
         opts.validateStatus = null;
@@ -70,17 +84,18 @@ class HttpClient {
         return resp;
     }
 
-
     /**
-     * Ensure provider directory exists
+     * Get ACME provider directory
      *
      * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1
      *
-     * @returns {Promise}
+     * @returns {Promise<object>} ACME directory contents
      */
 
     async getDirectory() {
-        if (!this.directory) {
+        const age = (Math.floor(Date.now() / 1000) - this.directoryTimestamp);
+
+        if (!this.directoryCache || (age > this.directoryMaxAge)) {
             const resp = await this.request(this.directoryUrl, 'get');
 
             if (resp.status >= 400) {
@@ -91,10 +106,11 @@ class HttpClient {
                 throw new Error('Attempting to read ACME directory returned no data');
             }
 
-            this.directory = resp.data;
+            this.directoryCache = resp.data;
         }
-    }
 
+        return this.directoryCache;
+    }
 
     /**
      * Get JSON Web Key
@@ -110,7 +126,6 @@ class HttpClient {
         return this.jwk;
     }
 
-
     /**
      * Get nonce from directory API endpoint
      *
@@ -130,7 +145,6 @@ class HttpClient {
         return resp.headers['replay-nonce'];
     }
 
-
     /**
      * Get URL for a directory resource
      *
@@ -139,16 +153,15 @@ class HttpClient {
      */
 
     async getResourceUrl(resource) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();
 
-        if (!this.directory[resource]) {
+        if (!dir[resource]) {
             throw new Error(`Unable to locate API resource URL in ACME directory: "${resource}"`);
         }
 
-        return this.directory[resource];
+        return dir[resource];
     }
 
-
     /**
      * Get directory meta field
      *
@@ -157,16 +170,15 @@ class HttpClient {
      */
 
     async getMetaField(field) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();
 
-        if (('meta' in this.directory) && (field in this.directory.meta)) {
-            return this.directory.meta[field];
+        if (('meta' in dir) && (field in dir.meta)) {
+            return dir.meta[field];
         }
 
         return null;
     }
 
-
     /**
      * Prepare HTTP request body for signature
      *
@@ -199,11 +211,10 @@ class HttpClient {
         /* Body */
         return {
             payload: payload ? Buffer.from(JSON.stringify(payload)).toString('base64url') : '',
-            protected: Buffer.from(JSON.stringify(header)).toString('base64url')
+            protected: Buffer.from(JSON.stringify(header)).toString('base64url'),
         };
     }
 
-
     /**
      * Create JWS HTTP request body using HMAC
      *
@@ -226,7 +237,6 @@ class HttpClient {
         return result;
     }
 
-
     /**
      * Create JWS HTTP request body using RSA or ECC
      *
@@ -267,13 +277,12 @@ class HttpClient {
         result.signature = signer.sign({
             key: this.accountKey,
             padding: RSA_PKCS1_PADDING,
-            dsaEncoding: 'ieee-p1363'
+            dsaEncoding: 'ieee-p1363',
         }, 'base64url');
 
         return result;
     }
 
-
     /**
      * Signed HTTP request
      *
@@ -309,7 +318,7 @@ class HttpClient {
         const data = this.createSignedBody(url, payload, { nonce, kid });
         const resp = await this.request(url, 'post', { data });
 
-        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-10#section-6.4 */
+        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/rfc8555#section-6.5 */
         if (resp.data && resp.data.type && (resp.status === 400) && (resp.data.type === 'urn:ietf:params:acme:error:badNonce') && (attempts < this.maxBadNonceRetries)) {
             nonce = resp.headers['replay-nonce'] || null;
             attempts += 1;
@@ -323,6 +332,5 @@ class HttpClient {
     }
 }
 
-
 /* Export client */
 module.exports = HttpClient;

packages/core/acme-client/src/index.js

@@ -4,7 +4,6 @@
 
 exports.Client = require('./client');
 
-
 /**
  * Directory URLs
  */
@@ -12,18 +11,22 @@ exports.Client = require('./client');
 exports.directory = {
     buypass: {
         staging: 'https://api.test4.buypass.no/acme/directory',
-        production: 'https://api.buypass.com/acme/directory'
+        production: 'https://api.buypass.com/acme/directory',
+    },
+    google: {
+        staging: 'https://dv.acme-v02.test-api.pki.goog/directory',
+        production: 'https://dv.acme-v02.api.pki.goog/directory',
     },
     letsencrypt: {
         staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
-        production: 'https://acme-v02.api.letsencrypt.org/directory'
+        production: 'https://acme-v02.api.letsencrypt.org/directory',
     },
     zerossl: {
-        production: 'https://acme.zerossl.com/v2/DV90'
-    }
+        staging: 'https://acme.zerossl.com/v2/DV90',
+        production: 'https://acme.zerossl.com/v2/DV90',
+    },
 };
 
-
 /**
  * Crypto
  */
@@ -31,14 +34,12 @@ exports.directory = {
 exports.crypto = require('./crypto');
 exports.forge = require('./crypto/forge');
 
-
 /**
  * Axios
  */
 
 exports.axios = require('./axios');
 
-
 /**
  * Logger
  */

packages/core/acme-client/src/logger.js

@@ -6,7 +6,6 @@ const debug = require('debug')('acme-client');
 
 let logger = () => {};
 
-
 /**
  * Set logger function
  *
@@ -17,11 +16,10 @@ exports.setLogger = (fn) => {
     logger = fn;
 };
 
-
 /**
  * Log message
  *
- * @param {string} Message
+ * @param {string} msg Message
  */
 
 exports.log = (msg) => {

packages/core/acme-client/src/util.js

@@ -7,7 +7,6 @@ const dns = require('dns').promises;
 const { readCertificateInfo, splitPemChain } = require('./crypto');
 const { log } = require('./logger');
 
-
 /**
  * Exponential backoff
  *
@@ -26,7 +25,6 @@ class Backoff {
         this.attempts = 0;
     }
 
-
     /**
      * Get backoff duration
      *
@@ -40,7 +38,6 @@ class Backoff {
     }
 }
 
-
 /**
  * Retry promise
  *
@@ -70,7 +67,6 @@ async function retryPromise(fn, attempts, backoff) {
     }
 }
 
-
 /**
  * Retry promise
  *
@@ -87,7 +83,6 @@ function retry(fn, { attempts = 5, min = 5000, max = 30000 } = {}) {
     return retryPromise(fn, attempts, backoff);
 }
 
-
 /**
  * Parse URLs from link header
  *
@@ -107,7 +102,6 @@ function parseLinkHeader(header, rel = 'alternate') {
     return results.filter((r) => r);
 }
 
-
 /**
  * Find certificate chain with preferred issuer common name
  *  - If issuer is found in multiple chains, the closest to root wins
@@ -157,7 +151,6 @@ function findCertificateChainForIssuer(chains, issuer) {
     return chains[0];
 }
 
-
 /**
  * Find and format error in response object
  *
@@ -178,7 +171,6 @@ function formatResponseError(resp) {
     return result.replace(/\n/g, '');
 }
 
-
 /**
  * Resolve root domain name by looking for SOA record
  *
@@ -204,7 +196,6 @@ async function resolveDomainBySoaRecord(recordName) {
     }
 }
 
-
 /**
  * Get DNS resolver using domains authoritative NS records
  *
@@ -245,7 +236,6 @@ async function getAuthoritativeDnsResolver(recordName) {
     return resolver;
 }
 
-
 /**
  * Attempt to retrieve TLS ALPN certificate from peer
  *
@@ -267,7 +257,7 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
             port,
             servername: host,
             rejectUnauthorized: false,
-            ALPNProtocols: ['acme-tls/1']
+            ALPNProtocols: ['acme-tls/1'],
         });
 
         socket.setTimeout(timeout);
@@ -299,7 +289,6 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
     });
 }
 
-
 /**
  * Export utils
  */
@@ -310,5 +299,5 @@ module.exports = {
     findCertificateChainForIssuer,
     formatResponseError,
     getAuthoritativeDnsResolver,
-    retrieveTlsAlpnCertificate
+    retrieveTlsAlpnCertificate,
 };

packages/core/acme-client/src/verify.js

@@ -9,7 +9,6 @@ const axios = require('./axios');
 const util = require('./util');
 const { isAlpnCertificateAuthorizationValid } = require('./crypto');
 
-
 /**
  * Verify ACME HTTP challenge
  *
@@ -43,25 +42,24 @@ async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix =
     return true;
 }
 
-
 /**
  * Walk DNS until TXT records are found
  */
 
 async function walkDnsChallengeRecord(recordName, resolver = dns) {
     /* Resolve CNAME record first */
-    try {
-        log(`Checking name for CNAME records: ${recordName}`);
-        const cnameRecords = await resolver.resolveCname(recordName);
-
-        if (cnameRecords.length) {
-            log(`CNAME record found at ${recordName}, new challenge record name: ${cnameRecords[0]}`);
-            return walkDnsChallengeRecord(cnameRecords[0]);
-        }
-    }
-    catch (e) {
-        log(`No CNAME records found for name: ${recordName}`);
-    }
+    // try {
+    //     log(`Checking name for CNAME records: ${recordName}`);
+    //     const cnameRecords = await resolver.resolveCname(recordName);
+    //
+    //     if (cnameRecords.length) {
+    //         log(`CNAME record found at ${recordName}, new challenge record name: ${cnameRecords[0]}`);
+    //         return walkDnsChallengeRecord(cnameRecords[0]);
+    //     }
+    // }
+    // catch (e) {
+    //     log(`No CNAME records found for name: ${recordName}`);
+    // }
 
     /* Resolve TXT records */
     try {
@@ -81,7 +79,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
     throw new Error(`No TXT records found for name: ${recordName}`);
 }
 
-
 /**
  * Verify ACME DNS challenge
  *
@@ -121,7 +118,6 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '
     return true;
 }
 
-
 /**
  * Verify ACME TLS ALPN challenge
  *
@@ -149,7 +145,6 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
     return true;
 }
 
-
 /**
  * Export API
  */
@@ -157,5 +152,5 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
 module.exports = {
     'http-01': verifyHttpChallenge,
     'dns-01': verifyDnsChallenge,
-    'tls-alpn-01': verifyTlsAlpnChallenge
+    'tls-alpn-01': verifyTlsAlpnChallenge,
 };

packages/core/acme-client/src/wait.js

@@ -0,0 +1,9 @@
+async function wait(ms) {
+    return new Promise((resolve) => {
+        setTimeout(resolve, ms);
+    });
+}
+
+module.exports = {
+    wait
+};

packages/core/acme-client/test/00-pebble.spec.js

@@ -16,7 +16,6 @@ const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
 const tlsAlpnPort = axios.defaults.acmeSettings.tlsAlpnChallengePort || 443;
 
-
 describe('pebble', () => {
     const httpsAgent = new https.Agent({ rejectUnauthorized: false });
 
@@ -39,18 +38,16 @@ describe('pebble', () => {
     const testTlsAlpn01ChallengeHost = `${uuid()}.${domainName}`;
     const testTlsAlpn01ChallengeValue = uuid();
 
-
     /**
      * Pebble CTS required
      */
 
-    before(function() {
+    before(function () {
         if (!cts.isEnabled()) {
             this.skip();
         }
     });
 
-
     /**
      * DNS mocking
      */
@@ -92,7 +89,6 @@ describe('pebble', () => {
         });
     });
 
-
     /**
      * HTTP-01 challenge response
      */
@@ -118,7 +114,6 @@ describe('pebble', () => {
         });
     });
 
-
     /**
      * HTTPS-01 challenge response
      */
@@ -143,7 +138,7 @@ describe('pebble', () => {
             /* Assert HTTP 302 */
             const resp = await axios.get(`http://${testHttps01ChallengeHost}:${httpPort}/.well-known/acme-challenge/${testHttps01ChallengeToken}`, {
                 maxRedirects: 0,
-                validateStatus: null
+                validateStatus: null,
             });
 
             assert.strictEqual(resp.status, 302);
@@ -165,7 +160,6 @@ describe('pebble', () => {
         });
     });
 
-
     /**
      * DNS-01 challenge response
      */
@@ -188,7 +182,6 @@ describe('pebble', () => {
         });
     });
 
-
     /**
      * TLS-ALPN-01 challenge response
      */

packages/core/acme-client/test/10-http.spec.js

@@ -9,7 +9,6 @@ const axios = require('./../src/axios');
 const HttpClient = require('./../src/http');
 const pkg = require('./../package.json');
 
-
 describe('http', () => {
     let testClient;
 
@@ -20,7 +19,6 @@ describe('http', () => {
     const defaultUaEndpoint = `http://${uuid()}.example.com`;
     const customUaEndpoint = `http://${uuid()}.example.com`;
 
-
     /**
      * HTTP mocking
      */
@@ -43,7 +41,6 @@ describe('http', () => {
         axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
     });
 
-
     /**
      * Initialize
      */
@@ -52,7 +49,6 @@ describe('http', () => {
         testClient = new HttpClient();
     });
 
-
     /**
      * HTTP verbs
      */
@@ -65,7 +61,6 @@ describe('http', () => {
         assert.strictEqual(resp.data, 'ok');
     });
 
-
     /**
      * User-Agent
      */

packages/core/acme-client/test/10-logger.spec.js

@@ -5,7 +5,6 @@
 const { assert } = require('chai');
 const logger = require('./../src/logger');
 
-
 describe('logger', () => {
     let lastLogMessage = null;
 
@@ -13,7 +12,6 @@ describe('logger', () => {
         lastLogMessage = msg;
     }
 
-
     /**
      * Logger
      */
@@ -23,7 +21,6 @@ describe('logger', () => {
         assert.isNull(lastLogMessage);
     });
 
-
     it('should log with custom logger', () => {
         logger.setLogger(customLoggerFn);
 

packages/core/acme-client/test/10-verify.spec.js

@@ -9,7 +9,6 @@ const verify = require('./../src/verify');
 
 const domainName = process.env.ACME_DOMAIN_NAME || 'example.com';
 
-
 describe('verify', () => {
     const challengeTypes = ['http-01', 'dns-01'];
 
@@ -30,18 +29,16 @@ describe('verify', () => {
     const testTlsAlpn01Challenge = { type: 'dns-01', status: 'pending', token: uuid() };
     const testTlsAlpn01Key = uuid();
 
-
     /**
      * Pebble CTS required
      */
 
-    before(function() {
+    before(function () {
         if (!cts.isEnabled()) {
             this.skip();
         }
     });
 
-
     /**
      * API
      */
@@ -50,7 +47,6 @@ describe('verify', () => {
         assert.containsAllKeys(verify, challengeTypes);
     });
 
-
     /**
      * http-01
      */
@@ -81,7 +77,6 @@ describe('verify', () => {
         });
     });
 
-
     /**
      * https-01
      */
@@ -102,7 +97,6 @@ describe('verify', () => {
         });
     });
 
-
     /**
      * dns-01
      */
@@ -133,7 +127,6 @@ describe('verify', () => {
         });
     });
 
-
     /**
      * tls-alpn-01
      */

packages/core/acme-client/test/20-crypto-legacy.spec.js

@@ -9,10 +9,9 @@ const spec = require('./spec');
 const forge = require('./../src/crypto/forge');
 
 const cryptoEngines = {
-    forge
+    forge,
 };
 
-
 describe('crypto-legacy', () => {
     let testPemKey;
     let testCert;
@@ -28,7 +27,6 @@ describe('crypto-legacy', () => {
     const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
     const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');
 
-
     /**
      * Fixtures
      */
@@ -50,7 +48,6 @@ describe('crypto-legacy', () => {
         });
     });
 
-
     /**
      * Engines
      */
@@ -62,7 +59,6 @@ describe('crypto-legacy', () => {
             let testNonCnCsr;
             let testNonAsciiCsr;
 
-
             /**
              * Key generation
              */
@@ -83,14 +79,13 @@ describe('crypto-legacy', () => {
                 publicKeyStore.push(key.toString().replace(/[\r\n]/gm, ''));
             });
 
-
             /**
              * Certificate Signing Request
              */
 
             it('should generate a csr', async () => {
                 const [key, csr] = await engine.createCsr({
-                    commonName: testCsrDomain
+                    commonName: testCsrDomain,
                 });
 
                 assert.isTrue(Buffer.isBuffer(key));
@@ -102,7 +97,7 @@ describe('crypto-legacy', () => {
             it('should generate a san csr', async () => {
                 const [key, csr] = await engine.createCsr({
                     commonName: testSanCsrDomains[0],
-                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                 });
 
                 assert.isTrue(Buffer.isBuffer(key));
@@ -113,7 +108,7 @@ describe('crypto-legacy', () => {
 
             it('should generate a csr without common name', async () => {
                 const [key, csr] = await engine.createCsr({
-                    altNames: testSanCsrDomains
+                    altNames: testSanCsrDomains,
                 });
 
                 assert.isTrue(Buffer.isBuffer(key));
@@ -126,7 +121,7 @@ describe('crypto-legacy', () => {
                 const [key, csr] = await engine.createCsr({
                     commonName: testCsrDomain,
                     organization: '大安區',
-                    organizationUnit: '中文部門'
+                    organizationUnit: '中文部門',
                 });
 
                 assert.isTrue(Buffer.isBuffer(key));
@@ -167,7 +162,6 @@ describe('crypto-legacy', () => {
                 assert.deepStrictEqual(result.altNames, [testCsrDomain]);
             });
 
-
             /**
              * Certificate
              */
@@ -188,7 +182,6 @@ describe('crypto-legacy', () => {
                 assert.deepEqual(info.domains.altNames, testSanCsrDomains.slice(1, testSanCsrDomains.length));
             });
 
-
             /**
              * PEM utils
              */
@@ -214,7 +207,6 @@ describe('crypto-legacy', () => {
                 });
             });
 
-
             /**
              * Modulus and exponent
              */
@@ -246,7 +238,6 @@ describe('crypto-legacy', () => {
         });
     });
 
-
     /**
      * Verify identical results
      */

packages/core/acme-client/test/20-crypto.spec.js

@@ -50,7 +50,6 @@ dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0
 -----END TEST-----
 `;
 
-
 describe('crypto', () => {
     const testCsrDomain = 'example.com';
     const testSanCsrDomains = ['example.com', 'test.example.com', 'abc.example.com'];
@@ -58,7 +57,6 @@ describe('crypto', () => {
     const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
     const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');
 
-
     /**
      * Key types
      */
@@ -68,24 +66,23 @@ describe('crypto', () => {
             createKeyFns: {
                 s1024: () => crypto.createPrivateRsaKey(1024),
                 s2048: () => crypto.createPrivateRsaKey(),
-                s4096: () => crypto.createPrivateRsaKey(4096)
+                s4096: () => crypto.createPrivateRsaKey(4096),
             },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
         },
         ecdsa: {
             createKeyFns: {
                 p256: () => crypto.createPrivateEcdsaKey(),
                 p384: () => crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => crypto.createPrivateEcdsaKey('P-521')
+                p521: () => crypto.createPrivateEcdsaKey('P-521'),
             },
-            jwkSpecFn: spec.jwk.ecdsa
-        }
+            jwkSpecFn: spec.jwk.ecdsa,
+        },
     }).forEach(([name, { createKeyFns, jwkSpecFn }]) => {
         describe(name, () => {
             const testPrivateKeys = {};
             const testPublicKeys = {};
 
-
             /**
              * Iterate through all generator variations
              */
@@ -97,7 +94,6 @@ describe('crypto', () => {
                 let testNonAsciiCsr;
                 let testAlpnCertificate;
 
-
                 /**
                  * Keys and JWK
                  */
@@ -132,14 +128,13 @@ describe('crypto', () => {
                     jwkSpecFn(jwk);
                 });
 
-
                 /**
                  * Certificate Signing Request
                  */
 
                 it(`${n}/should generate a csr`, async () => {
                     const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                     }, testPrivateKeys[n]);
 
                     assert.isTrue(Buffer.isBuffer(key));
@@ -151,7 +146,7 @@ describe('crypto', () => {
                 it(`${n}/should generate a san csr`, async () => {
                     const [key, csr] = await crypto.createCsr({
                         commonName: testSanCsrDomains[0],
-                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                     }, testPrivateKeys[n]);
 
                     assert.isTrue(Buffer.isBuffer(key));
@@ -162,7 +157,7 @@ describe('crypto', () => {
 
                 it(`${n}/should generate a csr without common name`, async () => {
                     const [key, csr] = await crypto.createCsr({
-                        altNames: testSanCsrDomains
+                        altNames: testSanCsrDomains,
                     }, testPrivateKeys[n]);
 
                     assert.isTrue(Buffer.isBuffer(key));
@@ -175,7 +170,7 @@ describe('crypto', () => {
                     const [key, csr] = await crypto.createCsr({
                         commonName: testCsrDomain,
                         organization: '大安區',
-                        organizationUnit: '中文部門'
+                        organizationUnit: '中文部門',
                     }, testPrivateKeys[n]);
 
                     assert.isTrue(Buffer.isBuffer(key));
@@ -186,7 +181,7 @@ describe('crypto', () => {
 
                 it(`${n}/should generate a csr with key as string`, async () => {
                     const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                     }, testPrivateKeys[n].toString());
 
                     assert.isTrue(Buffer.isBuffer(key));
@@ -195,11 +190,10 @@ describe('crypto', () => {
 
                 it(`${n}/should throw with invalid key`, async () => {
                     await assert.isRejected(crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                     }, testPublicKeys[n]));
                 });
 
-
                 /**
                  * Domain and info resolver
                  */
@@ -243,7 +237,6 @@ describe('crypto', () => {
                     });
                 });
 
-
                 /**
                  * ALPN
                  */
@@ -284,7 +277,6 @@ describe('crypto', () => {
         });
     });
 
-
     /**
      * Common functionality
      */
@@ -294,7 +286,6 @@ describe('crypto', () => {
         let testCert;
         let testSanCert;
 
-
         it('should read private key fixture', async () => {
             testPemKey = await fs.readFile(testKeyPath);
             assert.isTrue(Buffer.isBuffer(testPemKey));
@@ -310,21 +301,19 @@ describe('crypto', () => {
             assert.isTrue(Buffer.isBuffer(testSanCert));
         });
 
-
         /**
          * CSR with auto-generated key
          */
 
         it('should generate a csr with default key', async () => {
             const [key, csr] = await crypto.createCsr({
-                commonName: testCsrDomain
+                commonName: testCsrDomain,
             });
 
             assert.isTrue(Buffer.isBuffer(key));
             assert.isTrue(Buffer.isBuffer(csr));
         });
 
-
         /**
          * Certificate
          */
@@ -352,7 +341,6 @@ describe('crypto', () => {
             });
         });
 
-
         /**
          * ALPN
          */
@@ -365,7 +353,6 @@ describe('crypto', () => {
             assert.isTrue(Buffer.isBuffer(cert));
         });
 
-
         /**
          * PEM utils
          */

packages/core/acme-client/test/50-client.spec.js

@@ -20,35 +20,32 @@ const clientOpts = {
     directoryUrl,
     backoffAttempts: 5,
     backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };
 
 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
     clientOpts.externalAccountBinding = {
         kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
     };
 }
 
-
 describe('client', () => {
     const testDomain = `${uuid()}.${domainName}`;
     const testDomainAlpn = `${uuid()}.${domainName}`;
     const testDomainWildcard = `*.${testDomain}`;
     const testContact = `mailto:test-${uuid()}@nope.com`;
 
-
     /**
      * Pebble CTS required
      */
 
-    before(function() {
+    before(function () {
         if (!cts.isEnabled()) {
             this.skip();
         }
     });
 
-
     /**
      * Key types
      */
@@ -58,18 +55,18 @@ describe('client', () => {
             createKeyFn: () => acme.crypto.createPrivateRsaKey(),
             createKeyAltFns: {
                 s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
             },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
         },
         ecdsa: {
             createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
             createKeyAltFns: {
                 p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
             },
-            jwkSpecFn: spec.jwk.ecdsa
-        }
+            jwkSpecFn: spec.jwk.ecdsa,
+        },
     }).forEach(([name, { createKeyFn, createKeyAltFns, jwkSpecFn }]) => {
         describe(name, () => {
             let testIssuers;
@@ -97,7 +94,6 @@ describe('client', () => {
             let testCertificateAlpn;
             let testCertificateWildcard;
 
-
             /**
              * Fixtures
              */
@@ -114,11 +110,11 @@ describe('client', () => {
 
             it('should generate certificate signing request', async () => {
                 [, testCsr] = await acme.crypto.createCsr({ commonName: testDomain }, await createKeyFn());
-                [, testCsrAlpn] = await acme.crypto.createCsr({ commonName: testDomainAlpn }, await createKeyFn());
-                [, testCsrWildcard] = await acme.crypto.createCsr({ commonName: testDomainWildcard }, await createKeyFn());
+                [, testCsrAlpn] = await acme.crypto.createCsr({ altNames: [testDomainAlpn] }, await createKeyFn());
+                [, testCsrWildcard] = await acme.crypto.createCsr({ altNames: [testDomainWildcard] }, await createKeyFn());
             });
 
-            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                 if (!capAlternateCertRoots) {
                     this.skip();
                 }
@@ -134,7 +130,6 @@ describe('client', () => {
                 });
             });
 
-
             /**
              * Initialize clients
              */
@@ -142,7 +137,7 @@ describe('client', () => {
             it('should initialize client', () => {
                 testClient = new acme.Client({
                     ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                 });
             });
 
@@ -151,12 +146,11 @@ describe('client', () => {
                 jwkSpecFn(jwk);
             });
 
-
             /**
              * Terms of Service
              */
 
-            it('should produce tos url [ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should produce tos url [ACME_CAP_META_TOS_FIELD]', async function () {
                 if (!capMetaTosField) {
                     this.skip();
                 }
@@ -165,7 +159,7 @@ describe('client', () => {
                 assert.isString(tos);
             });
 
-            it('should not produce tos url [!ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should not produce tos url [!ACME_CAP_META_TOS_FIELD]', async function () {
                 if (capMetaTosField) {
                     this.skip();
                 }
@@ -174,12 +168,11 @@ describe('client', () => {
                 assert.isNull(tos);
             });
 
-
             /**
              * Create account
              */
 
-            it('should refuse account creation without tos [ACME_CAP_META_TOS_FIELD]', async function() {
+            it('should refuse account creation without tos [ACME_CAP_META_TOS_FIELD]', async function () {
                 if (!capMetaTosField) {
                     this.skip();
                 }
@@ -187,7 +180,7 @@ describe('client', () => {
                 await assert.isRejected(testClient.createAccount());
             });
 
-            it('should refuse account creation without eab [ACME_CAP_EAB_ENABLED]', async function() {
+            it('should refuse account creation without eab [ACME_CAP_EAB_ENABLED]', async function () {
                 if (!capEabEnabled) {
                     this.skip();
                 }
@@ -195,17 +188,17 @@ describe('client', () => {
                 const client = new acme.Client({
                     ...clientOpts,
                     accountKey: testAccountKey,
-                    externalAccountBinding: null
+                    externalAccountBinding: null,
                 });
 
                 await assert.isRejected(client.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                 }));
             });
 
             it('should create an account', async () => {
                 testAccount = await testClient.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                 });
 
                 spec.rfc8555.account(testAccount);
@@ -217,7 +210,6 @@ describe('client', () => {
                 assert.isString(testAccountUrl);
             });
 
-
             /**
              * Create account with alternate key sizes
              */
@@ -226,11 +218,11 @@ describe('client', () => {
                 it(`should create account with key=${k}`, async () => {
                     const client = new acme.Client({
                         ...clientOpts,
-                        accountKey: await altKeyFn()
+                        accountKey: await altKeyFn(),
                     });
 
                     const account = await client.createAccount({
-                        termsOfServiceAgreed: true
+                        termsOfServiceAgreed: true,
                     });
 
                     spec.rfc8555.account(account);
@@ -238,7 +230,6 @@ describe('client', () => {
                 });
             });
 
-
             /**
              * Find existing account using secondary client
              */
@@ -246,22 +237,22 @@ describe('client', () => {
             it('should throw when trying to find account using invalid account key', async () => {
                 const client = new acme.Client({
                     ...clientOpts,
-                    accountKey: testAccountSecondaryKey
+                    accountKey: testAccountSecondaryKey,
                 });
 
                 await assert.isRejected(client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                 }));
             });
 
             it('should find existing account using account key', async () => {
                 const client = new acme.Client({
                     ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                 });
 
                 const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                 });
 
                 spec.rfc8555.account(account);
@@ -269,7 +260,6 @@ describe('client', () => {
                 assert.deepStrictEqual(account.key, testAccount.key);
             });
 
-
             /**
              * Account URL
              */
@@ -278,7 +268,7 @@ describe('client', () => {
                 const client = new acme.Client({
                     ...clientOpts,
                     accountKey: testAccountKey,
-                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1'
+                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1',
                 });
 
                 await assert.isRejected(client.updateAccount());
@@ -288,11 +278,11 @@ describe('client', () => {
                 const client = new acme.Client({
                     ...clientOpts,
                     accountKey: testAccountKey,
-                    accountUrl: testAccountUrl
+                    accountUrl: testAccountUrl,
                 });
 
                 const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                 });
 
                 spec.rfc8555.account(account);
@@ -300,7 +290,6 @@ describe('client', () => {
                 assert.deepStrictEqual(account.key, testAccount.key);
             });
 
-
             /**
              * Update account contact info
              */
@@ -316,12 +305,11 @@ describe('client', () => {
                 assert.include(account.contact, testContact);
             });
 
-
             /**
              * Change account private key
              */
 
-            it('should change account private key [ACME_CAP_UPDATE_ACCOUNT_KEY]', async function() {
+            it('should change account private key [ACME_CAP_UPDATE_ACCOUNT_KEY]', async function () {
                 if (!capUpdateAccountKey) {
                     this.skip();
                 }
@@ -329,7 +317,7 @@ describe('client', () => {
                 await testClient.updateAccountKey(testAccountSecondaryKey);
 
                 const account = await testClient.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                 });
 
                 spec.rfc8555.account(account);
@@ -337,7 +325,6 @@ describe('client', () => {
                 assert.notDeepEqual(account.key, testAccount.key);
             });
 
-
             /**
              * Create new certificate order
              */
@@ -357,7 +344,6 @@ describe('client', () => {
                 });
             });
 
-
             /**
              * Get status of existing certificate order
              */
@@ -371,7 +357,6 @@ describe('client', () => {
                 }));
             });
 
-
             /**
              * Get identifier authorization
              */
@@ -401,7 +386,6 @@ describe('client', () => {
                 });
             });
 
-
             /**
              * Generate challenge key authorization
              */
@@ -418,7 +402,6 @@ describe('client', () => {
                 [testKeyAuthorization, testKeyAuthorizationAlpn, testKeyAuthorizationWildcard].forEach((k) => assert.isString(k));
             });
 
-
             /**
              * Deactivate identifier authorization
              */
@@ -427,8 +410,8 @@ describe('client', () => {
                 const order = await testClient.createOrder({
                     identifiers: [
                         { type: 'dns', value: `${uuid()}.${domainName}` },
-                        { type: 'dns', value: `${uuid()}.${domainName}` }
-                    ]
+                        { type: 'dns', value: `${uuid()}.${domainName}` },
+                    ],
                 });
 
                 const authzCollection = await testClient.getAuthorizations(order);
@@ -445,7 +428,6 @@ describe('client', () => {
                 });
             });
 
-
             /**
              * Verify satisfied challenge
              */
@@ -460,7 +442,6 @@ describe('client', () => {
                 await testClient.verifyChallenge(testAuthzWildcard, testChallengeWildcard);
             });
 
-
             /**
              * Complete challenge
              */
@@ -474,7 +455,6 @@ describe('client', () => {
                 }));
             });
 
-
             /**
              * Wait for valid challenge
              */
@@ -483,7 +463,6 @@ describe('client', () => {
                 await Promise.all([testChallenge, testChallengeAlpn, testChallengeWildcard].map(async (c) => testClient.waitForValidStatus(c)));
             });
 
-
             /**
              * Finalize order
              */
@@ -500,7 +479,6 @@ describe('client', () => {
                 assert.strictEqual(testOrderWildcard.url, finalizeWildcard.url);
             });
 
-
             /**
              * Wait for valid order
              */
@@ -509,7 +487,6 @@ describe('client', () => {
                 await Promise.all([testOrder, testOrderAlpn, testOrderWildcard].map(async (o) => testClient.waitForValidStatus(o)));
             });
 
-
             /**
              * Get certificate
              */
@@ -525,7 +502,7 @@ describe('client', () => {
                 });
             });
 
-            it('should get alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                 if (!capAlternateCertRoots) {
                     this.skip();
                 }
@@ -539,7 +516,7 @@ describe('client', () => {
                 }));
             });
 
-            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                 if (!capAlternateCertRoots) {
                     this.skip();
                 }
@@ -551,7 +528,6 @@ describe('client', () => {
                 assert.strictEqual(testIssuers[0], info.issuer.commonName);
             });
 
-
             /**
              * Revoke certificate
              */
@@ -568,7 +544,6 @@ describe('client', () => {
                 await assert.isRejected(testClient.getCertificate(testOrderWildcard));
             });
 
-
             /**
              * Deactivate account
              */
@@ -581,7 +556,6 @@ describe('client', () => {
                 assert.strictEqual(account.status, 'deactivated');
             });
 
-
             /**
              * Verify that no new orders can be made
              */

packages/core/acme-client/test/70-auto.spec.js

@@ -18,17 +18,16 @@ const clientOpts = {
     directoryUrl,
     backoffAttempts: 5,
     backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };
 
 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
     clientOpts.externalAccountBinding = {
         kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
     };
 }
 
-
 describe('client.auto', () => {
     const testDomain = `${uuid()}.${domainName}`;
     const testHttpDomain = `${uuid()}.${domainName}`;
@@ -40,21 +39,19 @@ describe('client.auto', () => {
     const testSanDomains = [
         `${uuid()}.${domainName}`,
         `${uuid()}.${domainName}`,
-        `${uuid()}.${domainName}`
+        `${uuid()}.${domainName}`,
     ];
 
-
     /**
      * Pebble CTS required
      */
 
-    before(function() {
+    before(function () {
         if (!cts.isEnabled()) {
             this.skip();
         }
     });
 
-
     /**
      * Key types
      */
@@ -64,16 +61,16 @@ describe('client.auto', () => {
             createKeyFn: () => acme.crypto.createPrivateRsaKey(),
             createKeyAltFns: {
                 s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
-            }
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
+            },
         },
         ecdsa: {
             createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
             createKeyAltFns: {
                 p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
-            }
-        }
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
+            },
+        },
     }).forEach(([name, { createKeyFn, createKeyAltFns }]) => {
         describe(name, () => {
             let testIssuers;
@@ -82,12 +79,11 @@ describe('client.auto', () => {
             let testSanCertificate;
             let testWildcardCertificate;
 
-
             /**
              * Fixtures
              */
 
-            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                 if (!capAlternateCertRoots) {
                     this.skip();
                 }
@@ -103,7 +99,6 @@ describe('client.auto', () => {
                 });
             });
 
-
             /**
              * Initialize client
              */
@@ -111,31 +106,30 @@ describe('client.auto', () => {
             it('should initialize client', async () => {
                 testClient = new acme.Client({
                     ...clientOpts,
-                    accountKey: await createKeyFn()
+                    accountKey: await createKeyFn(),
                 });
             });
 
-
             /**
              * Invalid challenge response
              */
 
             it('should throw on invalid challenge response', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                 }, await createKeyFn());
 
                 await assert.isRejected(testClient.auto({
                     csr,
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                 }), /^authorization not found/i);
             });
 
             it('should throw on invalid challenge response with opts.skipChallengeVerification=true', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                 }, await createKeyFn());
 
                 await assert.isRejected(testClient.auto({
@@ -143,38 +137,37 @@ describe('client.auto', () => {
                     termsOfServiceAgreed: true,
                     skipChallengeVerification: true,
                     challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                 }));
             });
 
-
             /**
              * Challenge function exceptions
              */
 
             it('should throw on challengeCreate exception', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                 }, await createKeyFn());
 
                 await assert.isRejected(testClient.auto({
                     csr,
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.challengeThrowFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                 }), /^oops$/);
             });
 
             it('should not throw on challengeRemove exception', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
                     csr,
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeThrowFn
+                    challengeRemoveFn: cts.challengeThrowFn,
                 });
 
                 assert.isString(cert);
@@ -188,8 +181,8 @@ describe('client.auto', () => {
                         `${uuid()}.${domainName}`,
                         `${uuid()}.${domainName}`,
                         `${uuid()}.${domainName}`,
-                        `${uuid()}.${domainName}`
-                    ]
+                        `${uuid()}.${domainName}`,
+                    ],
                 }, await createKeyFn());
 
                 await assert.isRejected(testClient.auto({
@@ -205,28 +198,27 @@ describe('client.auto', () => {
                         results.push(true);
                         return cts.challengeCreateFn(...args);
                     },
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                 }));
 
                 assert.strictEqual(results.length, 5);
                 assert.deepStrictEqual(results, [false, false, false, true, true]);
             });
 
-
             /**
              * Order certificates
              */
 
             it('should order certificate', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDomain
+                    commonName: testDomain,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
                     csr,
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                 });
 
                 assert.isString(cert);
@@ -235,7 +227,7 @@ describe('client.auto', () => {
 
             it('should order certificate using http-01', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpDomain
+                    commonName: testHttpDomain,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
@@ -243,7 +235,7 @@ describe('client.auto', () => {
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.assertHttpChallengeCreateFn,
                     challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                 });
 
                 assert.isString(cert);
@@ -251,7 +243,7 @@ describe('client.auto', () => {
 
             it('should order certificate using https-01', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpsDomain
+                    commonName: testHttpsDomain,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
@@ -259,7 +251,7 @@ describe('client.auto', () => {
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.assertHttpsChallengeCreateFn,
                     challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                 });
 
                 assert.isString(cert);
@@ -267,7 +259,7 @@ describe('client.auto', () => {
 
             it('should order certificate using dns-01', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDnsDomain
+                    commonName: testDnsDomain,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
@@ -275,7 +267,7 @@ describe('client.auto', () => {
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.assertDnsChallengeCreateFn,
                     challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['dns-01']
+                    challengePriority: ['dns-01'],
                 });
 
                 assert.isString(cert);
@@ -283,7 +275,7 @@ describe('client.auto', () => {
 
             it('should order certificate using tls-alpn-01', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testAlpnDomain
+                    commonName: testAlpnDomain,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
@@ -291,7 +283,7 @@ describe('client.auto', () => {
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.assertTlsAlpnChallengeCreateFn,
                     challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['tls-alpn-01']
+                    challengePriority: ['tls-alpn-01'],
                 });
 
                 assert.isString(cert);
@@ -299,15 +291,14 @@ describe('client.auto', () => {
 
             it('should order san certificate', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testSanDomains[0],
-                    altNames: testSanDomains
+                    altNames: testSanDomains,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
                     csr,
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                 });
 
                 assert.isString(cert);
@@ -316,15 +307,14 @@ describe('client.auto', () => {
 
             it('should order wildcard certificate', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testWildcardDomain,
-                    altNames: [`*.${testWildcardDomain}`]
+                    altNames: [testWildcardDomain, `*.${testWildcardDomain}`],
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
                     csr,
                     termsOfServiceAgreed: true,
                     challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                 });
 
                 assert.isString(cert);
@@ -333,7 +323,7 @@ describe('client.auto', () => {
 
             it('should order certificate with opts.skipChallengeVerification=true', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
@@ -341,20 +331,20 @@ describe('client.auto', () => {
                     termsOfServiceAgreed: true,
                     skipChallengeVerification: true,
                     challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                 });
 
                 assert.isString(cert);
             });
 
-            it('should order alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should order alternate certificate chain [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                 if (!capAlternateCertRoots) {
                     this.skip();
                 }
 
                 await Promise.all(testIssuers.map(async (issuer) => {
                     const [, csr] = await acme.crypto.createCsr({
-                        commonName: `${uuid()}.${domainName}`
+                        commonName: `${uuid()}.${domainName}`,
                     }, await createKeyFn());
 
                     const cert = await testClient.auto({
@@ -362,7 +352,7 @@ describe('client.auto', () => {
                         termsOfServiceAgreed: true,
                         preferredChain: issuer,
                         challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                     });
 
                     const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -372,13 +362,13 @@ describe('client.auto', () => {
                 }));
             });
 
-            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function() {
+            it('should get default chain with invalid preference [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
                 if (!capAlternateCertRoots) {
                     this.skip();
                 }
 
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                 }, await createKeyFn());
 
                 const cert = await testClient.auto({
@@ -386,7 +376,7 @@ describe('client.auto', () => {
                     termsOfServiceAgreed: true,
                     preferredChain: uuid(),
                     challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                 });
 
                 const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -395,7 +385,6 @@ describe('client.auto', () => {
                 assert.strictEqual(testIssuers[0], info.issuer.commonName);
             });
 
-
             /**
              * Order certificate with alternate key sizes
              */
@@ -403,21 +392,20 @@ describe('client.auto', () => {
             Object.entries(createKeyAltFns).forEach(([k, altKeyFn]) => {
                 it(`should order certificate with key=${k}`, async () => {
                     const [, csr] = await acme.crypto.createCsr({
-                        commonName: testDomain
+                        commonName: testDomain,
                     }, await altKeyFn());
 
                     const cert = await testClient.auto({
                         csr,
                         termsOfServiceAgreed: true,
                         challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                     });
 
                     assert.isString(cert);
                 });
             });
 
-
             /**
              * Read certificates
              */
@@ -426,7 +414,7 @@ describe('client.auto', () => {
                 const info = acme.crypto.readCertificateInfo(testCertificate);
 
                 spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testDomain);
+                assert.isNull(info.domains.commonName);
                 assert.deepStrictEqual(info.domains.altNames, [testDomain]);
             });
 
@@ -434,7 +422,7 @@ describe('client.auto', () => {
                 const info = acme.crypto.readCertificateInfo(testSanCertificate);
 
                 spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testSanDomains[0]);
+                assert.isNull(info.domains.commonName);
                 assert.deepStrictEqual(info.domains.altNames, testSanDomains);
             });
 
@@ -442,7 +430,7 @@ describe('client.auto', () => {
                 const info = acme.crypto.readCertificateInfo(testWildcardCertificate);
 
                 spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testWildcardDomain);
+                assert.isNull(info.domains.commonName);
                 assert.deepStrictEqual(info.domains.altNames, [testWildcardDomain, `*.${testWildcardDomain}`]);
             });
         });

packages/core/acme-client/test/challtestsrv.js

@@ -8,7 +8,6 @@ const axios = require('./../src/axios');
 const apiBaseUrl = process.env.ACME_CHALLTESTSRV_URL || null;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
 
-
 /**
  * Send request
  */
@@ -21,20 +20,18 @@ async function request(apiPath, data = {}) {
     await axios.request({
         url: `${apiBaseUrl}/${apiPath}`,
         method: 'post',
-        data
+        data,
     });
 
     return true;
 }
 
-
 /**
  * State
  */
 
 exports.isEnabled = () => !!apiBaseUrl;
 
-
 /**
  * DNS
  */
@@ -42,7 +39,6 @@ exports.isEnabled = () => !!apiBaseUrl;
 exports.addDnsARecord = async (host, addresses) => request('add-a', { host, addresses });
 exports.setDnsCnameRecord = async (host, target) => request('set-cname', { host, target });
 
-
 /**
  * Challenge response
  */
@@ -55,7 +51,7 @@ async function addHttps01ChallengeResponse(token, content, targetHostname) {
     await addHttp01ChallengeResponse(token, content);
     return request('add-redirect', {
         path: `/.well-known/acme-challenge/${token}`,
-        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`
+        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`,
     });
 }
 
@@ -72,7 +68,6 @@ exports.addHttps01ChallengeResponse = addHttps01ChallengeResponse;
 exports.addDns01ChallengeResponse = addDns01ChallengeResponse;
 exports.addTlsAlpn01ChallengeResponse = addTlsAlpn01ChallengeResponse;
 
-
 /**
  * Challenge response mock functions
  */

packages/core/acme-client/test/get-cert-issuers.js

@@ -7,7 +7,6 @@ const util = require('./../src/util');
 
 const pebbleManagementUrl = process.env.ACME_PEBBLE_MANAGEMENT_URL || null;
 
-
 /**
  * Pebble
  */
@@ -26,7 +25,6 @@ async function getPebbleCertIssuers() {
     return info.map((i) => i.issuer.commonName);
 }
 
-
 /**
  * Get certificate issuers
  */

packages/core/acme-client/test/setup.js

@@ -7,14 +7,12 @@ const chai = require('chai');
 const chaiAsPromised = require('chai-as-promised');
 const axios = require('./../src/axios');
 
-
 /**
  * Add promise support to Chai
  */
 
 chai.use(chaiAsPromised);
 
-
 /**
  * Challenge test server ports
  */
@@ -31,7 +29,6 @@ if (process.env.ACME_TLSALPN_PORT) {
     axios.defaults.acmeSettings.tlsAlpnChallengePort = process.env.ACME_TLSALPN_PORT;
 }
 
-
 /**
  * External account binding
  */

packages/core/acme-client/test/spec.js

@@ -7,7 +7,6 @@ const { assert } = require('chai');
 const spec = {};
 module.exports = spec;
 
-
 /**
  * ACME
  */
@@ -120,7 +119,6 @@ spec.rfc8555.challenge = (obj) => {
     }
 };
 
-
 /**
  * Crypto
  */
@@ -150,7 +148,6 @@ spec.crypto.certificateInfo = (obj) => {
     assert.strictEqual(Object.prototype.toString.call(obj.notAfter), '[object Date]');
 };
 
-
 /**
  * JWK
  */

packages/core/acme-client/tsconfig.json

@@ -1,11 +1,13 @@
 {
+    "compileOnSave": false,
     "compilerOptions": {
         "module": "commonjs",
         "lib": ["es6"],
         "strict": true,
-        "noEmit": true,
+        "noEmit": false,
         "esModuleInterop": true,
         "baseUrl": ".",
+        "composite": true,
         "paths": { "acme-client": ["."] }
     }
 }

packages/core/acme-client/types/index.d.ts

@@ -15,7 +15,6 @@ export type PublicKeyString = string;
 export type CertificateString = string;
 export type CsrString = string;
 
-
 /**
  * Augmented ACME interfaces
  */
@@ -28,6 +27,10 @@ export interface Authorization extends rfc8555.Authorization {
     url: string;
 }
 
+export type UrlMapping={
+    enabled: boolean
+    mappings: Record<string, string>
+}
 
 /**
  * Client
@@ -41,6 +44,7 @@ export interface ClientOptions {
     backoffAttempts?: number;
     backoffMin?: number;
     backoffMax?: number;
+    urlMapping?: UrlMapping;
 }
 
 export interface ClientExternalAccountBindingOptions {
@@ -80,7 +84,6 @@ export class Client {
     auto(opts: ClientAutoOptions): Promise<string>;
 }
 
-
 /**
  * Directory URLs
  */
@@ -90,16 +93,20 @@ export const directory: {
         staging: string,
         production: string
     },
+    google: {
+        staging: string,
+        production: string
+    },
     letsencrypt: {
         staging: string,
         production: string
     },
     zerossl: {
+        staging: string,
         production: string
     }
 };
 
-
 /**
  * Crypto
  */
@@ -177,14 +184,12 @@ export interface CryptoLegacyInterface {
 
 export const forge: CryptoLegacyInterface;
 
-
 /**
  * Axios
  */
 
 export const axios: AxiosInstance;
 
-
 /**
  * Logger
  */

packages/core/acme-client/types/index.test-d.ts

@@ -4,7 +4,6 @@
 
 import * as acme from 'acme-client';
 
-
 (async () => {
     /* Client */
     const accountKey = await acme.crypto.createPrivateKey();

packages/core/acme-client/types/rfc8555.d.ts

@@ -27,7 +27,6 @@ export interface AccountUpdateRequest {
     termsOfServiceAgreed?: boolean;
 }
 
-
 /**
  * Order
  *
@@ -53,7 +52,6 @@ export interface OrderCreateRequest {
     notAfter?: string;
 }
 
-
 /**
  * Authorization
  *
@@ -73,7 +71,6 @@ export interface Identifier {
     value: string;
 }
 
-
 /**
  * Challenge
  *
@@ -102,7 +99,6 @@ export interface DnsChallenge extends ChallengeAbstract {
 
 export type Challenge = HttpChallenge | DnsChallenge;
 
-
 /**
  * Certificate
  *

packages/core/pipeline/.gitignore

@@ -23,4 +23,6 @@ dist-ssr
 *.sln
 *.sw?
 
-test/user.secret.ts
+test/user.secret.*
+test/**/*.js
+src/**/*.spec.ts

packages/core/pipeline/.mocharc.json

@@ -1,5 +1,4 @@
 {
   "extension": ["ts"],
-  "spec": "test/**/*.test.ts",
-  "require": "ts-node/register"
-}
+  "spec": "src/**/*.spec.ts"
+}

packages/core/pipeline/.npmignore

@@ -1,2 +1,3 @@
 node_modules
-src
+src
+dist/**/*.spec.*

packages/core/pipeline/.npmrc

@@ -0,0 +1,2 @@
+link-workspace-packages=true
+prefer-workspace-packages=true

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,95 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+### Bug Fixes
+
+* 修复在相同的cron时偶尔无法触发定时任务的bug ([680941a](https://github.com/certd/certd/commit/680941af119619006b592e3ab6fb112cb5556a8b))
+
+### Performance Improvements
+
+* 流水线支持名称模糊查询 ([59897c4](https://github.com/certd/certd/commit/59897c4ceae992ebe2972ca9e8f9196616ffdfd7))
+* 优化前置任务输出为空的提示 ([6ed1e18](https://github.com/certd/certd/commit/6ed1e18c7d9c46d964ecc6abc90f3908297b7632))
+
+## [1.22.5](https://github.com/certd/certd/compare/v1.22.4...v1.22.5) (2024-07-26)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+### Performance Improvements
+
+* 创建证书任务可以选择lege插件 ([affef13](https://github.com/certd/certd/commit/affef130378030c517250c58a4e787b0fc85d7d1))
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持lego，海量DNS提供商 ([0bc6d0a](https://github.com/certd/certd/commit/0bc6d0a211920fb0084d705e1db67ee1e7262c44))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))
+
+## [1.21.2](https://github.com/certd/certd/compare/v1.21.1...v1.21.2) (2024-07-08)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.21.1](https://github.com/certd/certd/compare/v1.21.0...v1.21.1) (2024-07-08)
+
+**Note:** Version bump only for package @certd/pipeline
+
+# [1.21.0](https://github.com/certd/certd/compare/v1.20.17...v1.21.0) (2024-07-03)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.17](https://github.com/certd/certd/compare/v1.20.16...v1.20.17) (2024-07-03)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.16](https://github.com/certd/certd/compare/v1.20.15...v1.20.16) (2024-07-01)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.15](https://github.com/certd/certd/compare/v1.20.14...v1.20.15) (2024-06-28)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.14](https://github.com/certd/certd/compare/v1.20.13...v1.20.14) (2024-06-23)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.13](https://github.com/certd/certd/compare/v1.20.12...v1.20.13) (2024-06-18)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.12](https://github.com/certd/certd/compare/v1.20.10...v1.20.12) (2024-06-17)
+
+### Performance Improvements
+
+* 支持cloudflare域名 ([fbb9a47](https://github.com/certd/certd/commit/fbb9a47e8f7bb805289b9ee64bd46ffee0f01c06))
+
+## [1.20.10](https://github.com/certd/certd/compare/v1.20.9...v1.20.10) (2024-05-30)
+
+### Performance Improvements
+
+* 优化文件下载包名 ([d9eb927](https://github.com/certd/certd/commit/d9eb927b0a1445feab08b1958aa9ea80637a5ae6))
+
+## [1.20.9](https://github.com/certd/certd/compare/v1.20.8...v1.20.9) (2024-03-22)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.20.8](https://github.com/certd/certd/compare/v1.20.7...v1.20.8) (2024-03-22)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.20.7](https://github.com/certd/certd/compare/v1.20.6...v1.20.7) (2024-03-22)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/build.md

@@ -0,0 +1 @@
+02:51

packages/core/pipeline/fix-esm-import-paths.js

@@ -0,0 +1,96 @@
+import * as fs from "fs";
+import * as path from "path";
+
+// https://gist.github.com/lovasoa/8691344
+async function* walk(dir) {
+  for await (const d of await fs.promises.opendir(dir)) {
+    const entry = path.join(dir, d.name);
+    if (d.isDirectory()) {
+      yield* walk(entry);
+    } else if (d.isFile()) {
+      yield entry;
+    }
+  }
+}
+
+function resolveImportPath(sourceFile, importPath, options) {
+  const sourceFileAbs = path.resolve(process.cwd(), sourceFile);
+  const root = path.dirname(sourceFileAbs);
+  const { moduleFilter = defaultModuleFilter } = options;
+
+  if (moduleFilter(importPath)) {
+    const importPathAbs = path.resolve(root, importPath);
+    let possiblePath = [path.resolve(importPathAbs, "./index.ts"), path.resolve(importPathAbs, "./index.js"), importPathAbs + ".ts", importPathAbs + ".js"];
+
+    if (possiblePath.length) {
+      for (let i = 0; i < possiblePath.length; i++) {
+        let entry = possiblePath[i];
+        if (fs.existsSync(entry)) {
+          const resolved = path.relative(root, entry.replace(/\.ts$/, ".js"));
+
+          if (!resolved.startsWith(".")) {
+            return "./" + resolved;
+          }
+
+          return resolved;
+        }
+      }
+    }
+  }
+
+  return null;
+}
+
+function replace(filePath, outFilePath, options) {
+  const code = fs.readFileSync(filePath).toString();
+  const newCode = code.replace(/(import|export) (.+?) from ('[^\n']+'|"[^\n"]+");/gs, function (found, action, imported, from) {
+    const importPath = from.slice(1, -1);
+    let resolvedPath = resolveImportPath(filePath, importPath, options);
+
+    if (resolvedPath) {
+      resolvedPath = resolvedPath.replaceAll("\\", "/");
+      console.log("\t", importPath, resolvedPath);
+      return `${action} ${imported} from "${resolvedPath}";`;
+    }
+
+    return found;
+  });
+
+  if (code !== newCode) {
+    fs.writeFileSync(outFilePath, newCode);
+  }
+}
+
+// Then, use it with a simple async for loop
+async function run(srcDir, options = defaultOptions) {
+  const { sourceFileFilter = defaultSourceFileFilter } = options;
+
+  for await (const entry of walk(srcDir)) {
+    if (sourceFileFilter(entry)) {
+      console.log(entry);
+      replace(entry, entry, options);
+    }
+  }
+}
+
+const defaultSourceFileFilter = function (sourceFilePath) {
+  return /\.(js|ts)$/.test(sourceFilePath) && !/node_modules/.test(sourceFilePath);
+};
+
+const defaultModuleFilter = function (importedModule) {
+  return !path.isAbsolute(importedModule) && !importedModule.startsWith("@") && !importedModule.endsWith(".js");
+};
+
+const defaultOptions = {
+  sourceFileFilter: defaultSourceFileFilter,
+  moduleFilter: defaultModuleFilter,
+};
+
+// Switch this to test on one file or directly run on a directory.
+const DEBUG = false;
+
+if (DEBUG) {
+  replace("./src/index.ts", "./out.ts", defaultOptions);
+} else {
+  await run("./src/", defaultOptions);
+}

packages/core/pipeline/package.json

@@ -1,49 +1,47 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.20.7",
-  "main": "./src/index.ts",
-  "module": "./src/index.ts",
-  "types": "./src/index.ts",
-  "publishConfig": {
-    "main": "./dist/bundle.js",
-    "module": "./dist/bundle.mjs",
-    "types": "./dist/d/index.d.ts"
-  },
+  "version": "1.22.6",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "scripts": {
     "dev": "vite",
-    "build": "rollup -c",
+    "build": "tsc --skipLibCheck",
+    "build3": "rollup -c",
     "build2": "vue-tsc --noEmit && vite build",
-    "preview": "vite preview"
+    "preview": "vite preview",
+    "test": "mocha   --loader=ts-node/esm"
   },
   "dependencies": {
-    "axios": "^1.4.0",
+    "axios": "^1.7.2",
+    "fix-path": "^4.0.0",
+    "lodash-es": "^4.17.21",
     "node-forge": "^1.3.1",
     "nodemailer": "^6.9.3",
     "qs": "^6.11.2"
   },
   "devDependencies": {
-    "@certd/acme-client": "^1.20.7",
     "@rollup/plugin-commonjs": "^23.0.4",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-node-resolve": "^15.0.1",
     "@rollup/plugin-terser": "^0.4.3",
     "@rollup/plugin-typescript": "^11.0.0",
-    "@types/chai": "^4.3.5",
-    "@types/lodash": "^4.14.194",
+    "@types/chai": "^4.3.10",
+    "@types/lodash-es": "^4.17.12",
     "@types/mocha": "^10.0.1",
     "@types/node-forge": "^1.3.2",
     "@types/uuid": "^9.0.2",
     "@typescript-eslint/eslint-plugin": "^5.59.7",
     "@typescript-eslint/parser": "^5.59.7",
-    "chai": "^4.3.7",
+    "chai": "4.3.10",
     "dayjs": "^1.11.7",
     "eslint": "^8.41.0",
     "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-import": "^2.27.5",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-prettier": "^4.2.1",
-    "lodash": "^4.17.21",
+    "iconv-lite": "^0.6.3",
     "log4js": "^6.9.1",
     "mocha": "^10.2.0",
     "prettier": "^2.8.8",
@@ -52,10 +50,11 @@
     "rollup-plugin-typescript2": "^0.34.1",
     "rollup-plugin-visualizer": "^5.8.2",
     "ts-node": "^10.9.1",
+    "tsc-esm-fix": "^3.0.0",
     "tslib": "^2.5.2",
     "typescript": "^5.0.4",
     "vite": "^4.3.8",
     "vue-tsc": "^1.6.5"
   },
-  "gitHead": "b258e926209fef4cc4d633b0383eb54e26c516f9"
+  "gitHead": "e5da46cfc31b2e30a4903bcb2251b1851265ef41"
 }

packages/core/pipeline/rollup.config.js

@@ -1,43 +0,0 @@
-const resolve = require("@rollup/plugin-node-resolve");
-const commonjs = require("@rollup/plugin-commonjs");
-//const Typescript = require("rollup-plugin-typescript2");
-const Typescript = require("@rollup/plugin-typescript");
-const json = require("@rollup/plugin-json");
-const terser = require("@rollup/plugin-terser");
-module.exports = {
-  input: "src/index.ts",
-  output: {
-    file: "dist/bundle.js",
-    format: "cjs",
-  },
-  plugins: [
-    // 解析第三方依赖
-    resolve(),
-    // 识别 commonjs 模式第三方依赖
-    commonjs(),
-    Typescript({
-      target: "esnext",
-      rootDir: "src",
-      declaration: true,
-      declarationDir: "dist/d",
-      exclude: ["./node_modules/**", "./src/**/*.vue"],
-      allowSyntheticDefaultImports: true,
-    }),
-    json(),
-    terser(),
-  ],
-  external: [
-    "vue",
-    "lodash",
-    "dayjs",
-    "@certd/acme-client",
-    "@certd/pipeline",
-    "@certd/plugin-cert",
-    "@certd/plugin-aliyun",
-    "@certd/plugin-tencent",
-    "@certd/plugin-huawei",
-    "@certd/plugin-host",
-    "@certd/plugin-tencent",
-    "@certd/plugin-util",
-  ],
-};

packages/core/pipeline/src/access/api.ts

@@ -1,5 +1,5 @@
-import { Registrable } from "../registry";
-import { FormItemProps } from "../d.ts";
+import { Registrable } from "../registry/index.js";
+import { FormItemProps } from "../dt/index.js";
 
 export type AccessInputDefine = FormItemProps & {
   title: string;

packages/core/pipeline/src/access/decorator.ts

@@ -1,8 +1,8 @@
 // src/decorator/memoryCache.decorator.ts
-import { AccessDefine, AccessInputDefine } from "./api";
-import { Decorator } from "../decorator";
-import _ from "lodash";
-import { accessRegistry } from "./registry";
+import { AccessDefine, AccessInputDefine } from "./api.js";
+import { Decorator } from "../decorator/index.js";
+import _ from "lodash-es";
+import { accessRegistry } from "./registry.js";
 
 // 提供一个唯一 key
 export const ACCESS_CLASS_KEY = "pipeline:access";

packages/core/pipeline/src/access/index.ts

@@ -1,3 +1,3 @@
-export * from "./api";
-export * from "./registry";
-export * from "./decorator";
+export * from "./api.js";
+export * from "./registry.js";
+export * from "./decorator.js";

packages/core/pipeline/src/access/registry.ts

@@ -1,4 +1,4 @@
-import { Registry } from "../registry";
+import { Registry } from "../registry/index.js";
 
 // @ts-ignore
-export const accessRegistry = new Registry();
+export const accessRegistry = new Registry("access");

packages/core/pipeline/src/context/index.ts

@@ -1,5 +1,5 @@
 import { AxiosInstance } from "axios";
-import { IContext } from "../core";
+import { IContext } from "../core/index.js";
 
 export type HttpClient = AxiosInstance;
 export type UserContext = IContext;

packages/core/pipeline/src/core/context.ts

@@ -1,4 +1,5 @@
-import { IStorage, MemoryStorage } from "./storage";
+import { IStorage, MemoryStorage } from "./storage.js";
+
 const CONTEXT_VERSION_KEY = "contextVersion";
 export interface IContext {
   getInt(key: string): Promise<number>;
@@ -20,13 +21,11 @@ export class ContextFactory {
   }
 
   getContext(scope: string, namespace: string): IContext {
-    const context = new StorageContext(scope, namespace, this.storage);
-    return context;
+    return new StorageContext(scope, namespace, this.storage);
   }
 
   getMemoryContext(scope: string, namespace: string): IContext {
-    const context = new StorageContext(scope, namespace, this.memoryStorage);
-    return context;
+    return new StorageContext(scope, namespace, this.memoryStorage);
   }
 }
 

packages/core/pipeline/src/core/executor.ts

@@ -1,18 +1,18 @@
-import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../d.ts";
-import _ from "lodash";
-import { RunHistory, RunnableCollection } from "./run-history";
-import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext } from "../plugin";
-import { ContextFactory, IContext } from "./context";
-import { IStorage } from "./storage";
-import { logger } from "../utils/util.log";
+import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../dt/index.js";
+import _ from "lodash-es";
+import { RunHistory, RunnableCollection } from "./run-history.js";
+import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext } from "../plugin/index.js";
+import { ContextFactory, IContext } from "./context.js";
+import { IStorage } from "./storage.js";
+import { logger } from "../utils/util.log.js";
 import { Logger } from "log4js";
-import { request } from "../utils/util.request";
-import { IAccessService } from "../access";
-import { RegistryItem } from "../registry";
-import { Decorator } from "../decorator";
-import { IEmailService } from "../service";
-import { FileStore } from "./file-store";
-import { TimeoutPromise } from "../utils/util.promise";
+import { createAxiosService } from "../utils/util.request.js";
+import { IAccessService } from "../access/index.js";
+import { RegistryItem } from "../registry/index.js";
+import { Decorator } from "../decorator/index.js";
+import { IEmailService } from "../service/index.js";
+import { FileStore } from "./file-store.js";
+// import { TimeoutPromise } from "../utils/util.promise.js";
 
 export type ExecutorOptions = {
   userId: any;
@@ -33,7 +33,7 @@ export class Executor {
   lastRuntime!: RunHistory;
   options: ExecutorOptions;
   canceled = false;
-  onChanged: (history: RunHistory) => void;
+  onChanged: (history: RunHistory) => Promise<void>;
   constructor(options: ExecutorOptions) {
     this.options = options;
     this.pipeline = _.cloneDeep(options.pipeline);
@@ -110,12 +110,13 @@ export class Executor {
     const intervalFlushLogId = setInterval(async () => {
       await this.onChanged(this.runtime);
     }, 5000);
-    const timeout = runnable.timeout ?? 20 * 60 * 1000;
+
+    // const timeout = runnable.timeout ?? 20 * 60 * 1000;
     try {
       if (this.canceled) {
-        throw new Error("task canceled");
+        return ResultType.canceled;
       }
-      await TimeoutPromise(run, timeout);
+      await run();
       this.runtime.success(runnable);
       return ResultType.success;
     } catch (e: any) {
@@ -142,19 +143,25 @@ export class Executor {
   async runStage(stage: Stage) {
     const runnerList = [];
     for (const task of stage.tasks) {
-      const runner = this.runWithHistory(task, "task", async () => {
-        await this.runTask(task);
-      });
+      const runner = async () => {
+        return this.runWithHistory(task, "task", async () => {
+          await this.runTask(task);
+        });
+      };
       runnerList.push(runner);
     }
 
     let resList: ResultType[] = [];
     if (stage.concurrency === ConcurrencyStrategy.Parallel) {
-      resList = await Promise.all(runnerList);
+      const pList = [];
+      for (const item of runnerList) {
+        pList.push(item());
+      }
+      resList = await Promise.all(pList);
     } else {
       for (let i = 0; i < runnerList.length; i++) {
         const runner = runnerList[i];
-        resList[i] = await runner;
+        resList[i] = await runner();
       }
     }
     return this.compositionResultType(resList);
@@ -206,18 +213,24 @@ export class Executor {
         if (contextKey != null) {
           const value = this.runtime.context[contextKey];
           if (value == null) {
-            currentLogger.warn(`[step init] input ${define.title} is null`);
+            currentLogger.warn(`[step init] input ${define.title} is null，前置任务步骤输出值为空，请按如下步骤排查：`);
+            currentLogger.log(`1、检查前置任务（证书申请任务）是否是配置了成功后跳过，如果是，请改为正常执行`);
+            currentLogger.log(
+              `2、是否曾经删除过前置任务（证书申请任务），然后又重新添加了，如果是，请重新编辑当前任务，重新选择一下前置任务输出的参数（域名证书那一栏）`
+            );
+            currentLogger.log(`3、以上都不是，联系作者吧`);
           }
           step.input[key] = value;
         }
       }
     });
 
+    const http = createAxiosService({ logger: currentLogger });
     const taskCtx: TaskInstanceContext = {
       pipeline: this.pipeline,
       step,
       lastStatus,
-      http: request,
+      http,
       logger: currentLogger,
       accessService: this.options.accessService,
       emailService: this.options.emailService,
@@ -233,18 +246,26 @@ export class Executor {
 
     await instance.onInstance();
     await instance.execute();
-
+    //执行结果处理
     if (instance._result.clearLastStatus) {
+      //是否需要清除所有状态
       this.lastStatusMap.clear();
     }
-    //输出到output context
-    _.forEach(define.output, (item, key) => {
+    //输出上下文变量到output context
+    _.forEach(define.output, (item: any, key: any) => {
       step.status!.output[key] = instance[key];
       const stepOutputKey = `step.${step.id}.${key}`;
       this.runtime.context[stepOutputKey] = instance[key];
     });
-
     step.status!.files = instance.getFiles();
+
+    //更新pipeline vars
+    if (Object.keys(instance._result.pipelineVars).length > 0) {
+      // 判断 pipelineVars 有值时更新
+      const vars = this.pipelineContext.getObj("vars");
+      _.merge(vars, instance._result.pipelineVars);
+      await this.pipelineContext.setObj("vars", vars);
+    }
   }
 
   async notification(when: NotificationWhen, error?: any) {
@@ -274,12 +295,16 @@ export class Executor {
         continue;
       }
       if (notification.type === "email") {
-        this.options.emailService?.send({
-          userId: this.pipeline.userId,
-          subject,
-          content,
-          receivers: notification.options.receivers,
-        });
+        try {
+          await this.options.emailService?.send({
+            userId: this.pipeline.userId,
+            subject,
+            content,
+            receivers: notification.options.receivers,
+          });
+        } catch (e) {
+          logger.error("send email error", e);
+        }
       }
     }
   }

packages/core/pipeline/src/core/file-store.ts

@@ -1,7 +1,8 @@
-import { fileUtils } from "../utils/util.file";
+import { fileUtils } from "../utils/index.js";
 import dayjs from "dayjs";
 import path from "path";
 import fs from "fs";
+import { logger } from "../utils/index.js";
 
 export type FileStoreOptions = {
   rootDir?: string;
@@ -9,6 +10,12 @@ export type FileStoreOptions = {
   parent: string;
 };
 
+export interface IFileStore {
+  readFile(filePath: string): Buffer | null;
+  writeFile(filename: string, file: Buffer): string;
+  deleteByParent(scope: string, parent: string): void;
+}
+
 export class FileStore {
   rootDir: string;
   scope: string;
@@ -30,10 +37,11 @@ export class FileStore {
     const localPath = this.buildFilePath(filename);
 
     fs.writeFileSync(localPath, file);
+    logger.info(`写入文件：${localPath}`);
     return localPath;
   }
 
-  private buildFilePath(filename: string) {
+  protected buildFilePath(filename: string) {
     const parentDir = path.join(this.rootDir, this.scope + "", this.parent + "", dayjs().format("YYYY-MM-DD"));
     if (!fs.existsSync(parentDir)) {
       fs.mkdirSync(parentDir, { recursive: true });

packages/core/pipeline/src/core/index.ts

@@ -1,5 +1,6 @@
-export * from "./executor";
-export * from "./run-history";
-export * from "./context";
-export * from "./storage";
-export * from "./file-store";
+export * from "./executor.js";
+export * from "./run-history.js";
+export * from "./context.js";
+export * from "./storage.js";
+export * from "./file-store.js";
+export * from "./license.js";

packages/core/pipeline/src/core/license.spec.ts

@@ -0,0 +1,15 @@
+import { isPlus, verify } from "./license.js";
+import { equal } from "assert";
+describe("license", function () {
+  it("#license", async function () {
+    const req = {
+      appKey: "z4nXOeTeSnnpUpnmsV",
+      subjectId: "999",
+      license: "",
+    };
+    const plus = isPlus();
+    equal(plus, false);
+    const res = await verify(req);
+    equal(res, true);
+  });
+});

packages/core/pipeline/src/core/license.ts

@@ -0,0 +1,85 @@
+import { createVerify } from "node:crypto";
+import { logger } from "../utils/index.js";
+
+const SecreteKey =
+  "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQXY3TGtMaUp1dGM0NzhTU3RaTExjajVGZXh1YjJwR2NLMGxwa0hwVnlZWjhMY29rRFhuUlAKUGQ5UlJSTVRTaGJsbFl2Mzd4QUhOV1ZIQ0ZsWHkrQklVU001bUlBU1NDQTV0azlJNmpZZ2F4bEFDQm1BY0lGMwozKzBjeGZIYVkrVW9YdVluMkZ6YUt2Ym5GdFZIZ0lkMDg4a3d4clZTZzlCT3BDRVZIR1pxR2I5TWN5MXVHVXhUClFTVENCbmpoTWZlZ0p6cXVPYWVOY0ZPSE5tbmtWRWpLTythbTBPeEhNS1lyS3ZnQnVEbzdoVnFENlBFMUd6V3AKZHdwZUV4QXZDSVJxL2pWTkdRK3FtMkRWOVNJZ3U5bmF4MktmSUtFeU50dUFFS1VpekdqL0VmRFhDM1cxMExhegpKaGNYNGw1SUFZU1o3L3JWVmpGbExWSVl0WDU1T054L1Z3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K";
+const appKey = "z4nXOeTeSnnpUpnmsV";
+export type LicenseVerifyReq = {
+  subjectId: string;
+  license: string;
+};
+
+type License = {
+  appKey: string;
+  code: string;
+  subjectId: string;
+  expireTime: number;
+  activeTime: number;
+  duration: number;
+  version: number;
+  secret: string;
+  signature: string;
+};
+
+class LicenseHolder {
+  isPlus = false;
+}
+const holder = new LicenseHolder();
+holder.isPlus = false;
+
+class LicenseVerifier {
+  checked = false;
+  licenseReq?: LicenseVerifyReq = undefined;
+  async reVerify(req: LicenseVerifyReq) {
+    this.checked = false;
+    return await this.verify(req);
+  }
+
+  setPlus(value: boolean) {
+    holder.isPlus = value;
+    return value;
+  }
+  async verify(req: LicenseVerifyReq) {
+    this.licenseReq = req;
+    if (this.checked) {
+      return this.setPlus(false);
+    }
+    const license = req?.license;
+    if (!license) {
+      this.checked = true;
+      return this.setPlus(false);
+    }
+
+    const licenseJson = Buffer.from(Buffer.from(license, "hex").toString(), "base64").toString();
+    const json: License = JSON.parse(licenseJson);
+    if (json.expireTime < Date.now()) {
+      logger.warn("授权已过期");
+      return this.setPlus(false);
+    }
+    const content = `${appKey},${this.licenseReq.subjectId},${json.code},${json.secret},${json.activeTime},${json.duration},${json.expireTime},${json.version}`;
+    const publicKey = Buffer.from(SecreteKey, "base64").toString();
+    const res = this.verifySignature(content, json.signature, publicKey);
+    this.checked = true;
+    if (!res) {
+      logger.warn("授权校验失败");
+      return this.setPlus(false);
+    }
+    return this.setPlus(true);
+  }
+
+  verifySignature(content: string, signature: any, publicKey: string) {
+    const verify = createVerify("RSA-SHA256");
+    verify.update(content);
+    return verify.verify(publicKey, signature, "base64");
+  }
+}
+
+const verifier = new LicenseVerifier();
+
+export function isPlus() {
+  return holder.isPlus;
+}
+
+export async function verify(req: LicenseVerifyReq) {
+  return await verifier.reVerify(req);
+}

packages/core/pipeline/src/core/run-history.ts

@@ -1,6 +1,6 @@
-import { Context, HistoryResult, Pipeline, ResultType, Runnable, RunnableMap, Stage, Step, Task } from "../d.ts";
-import _ from "lodash";
-import { buildLogger } from "../utils/util.log";
+import { Context, HistoryResult, Pipeline, ResultType, Runnable, RunnableMap, Stage, Step, Task } from "../dt/index.js";
+import _ from "lodash-es";
+import { buildLogger } from "../utils/util.log.js";
 import { Logger } from "log4js";
 
 export type HistoryStatus = {

packages/core/pipeline/src/core/storage.ts

@@ -1,6 +1,6 @@
 import fs from "fs";
 import path from "path";
-import { fileUtils } from "../utils/util.file";
+import { fileUtils } from "../utils/util.file.js";
 
 export interface IStorage {
   get(scope: string, namespace: string, version: string, key: string): Promise<string | null>;

packages/core/pipeline/src/d.ts/pipeline.ts

@@ -70,6 +70,7 @@ export type Runnable = {
   default?: {
     [key: string]: any;
   };
+  context?: Context;
 };
 
 export type EmailOptions = {

packages/core/pipeline/src/decorator/common.ts

@@ -1,4 +1,4 @@
-import { Decorator } from "./index";
+import { Decorator } from "./index.js";
 
 export type AutowireProp = {
   name?: string;

packages/core/pipeline/src/decorator/index.ts

@@ -1,2 +1,2 @@
-export * from "./utils";
-export * from "./common";
+export * from "./utils.js";
+export * from "./common.js";

packages/core/pipeline/src/decorator/utils.ts

@@ -1,4 +1,4 @@
-import _ from "lodash";
+import _ from "lodash-es";
 
 const propertyMap: any = {};
 function attachProperty(target: any, propertyKey: string | symbol) {
@@ -11,7 +11,11 @@ function attachProperty(target: any, propertyKey: string | symbol) {
 }
 
 function getClassProperties(target: any) {
-  return propertyMap[target] || {};
+  //获取父类
+  const parent = Object.getPrototypeOf(target);
+  const parentMap = propertyMap[parent] || {};
+  const current = propertyMap[target] || {};
+  return _.merge({}, parentMap, current);
 }
 
 function target(target: any, propertyKey?: string | symbol) {
@@ -25,7 +29,7 @@ function target(target: any, propertyKey?: string | symbol) {
 }
 
 function inject(define: any, instance: any, context: any, preHandler?: (item: any, key: string, instance: any, context: any) => void) {
-  _.forEach(define, (item, key) => {
+  _.forEach(define, (item: any, key: any) => {
     if (preHandler) {
       preHandler(item, key, instance, context);
     }

packages/core/pipeline/src/dt/fast-crud.ts

@@ -0,0 +1,115 @@
+/**
+ * [x]-col的配置
+ */
+export type ColProps = {
+  span?: number;
+  [props: string]: any;
+};
+
+export type FormItemProps = {
+  /**
+   * 字段label
+   */
+  title?: string;
+  /**
+   * 表单字段组件配置
+   */
+  component?: ComponentProps;
+  /**
+   * 表单字段 [a|el|n]-col的配置
+   * 一般用来配置跨列：{span:24} 占满一行
+   */
+  col?: ColProps;
+  /**
+   * 默认值
+   */
+  value?: any;
+  /**
+   * 帮助提示配置
+   */
+  helper?: string | FormItemHelperProps;
+  /**
+   * 排序号
+   */
+  order?: number;
+  /**
+   * 是否显示此字段
+   */
+  show?: boolean;
+  /**
+   * 是否是空白占位栏
+   */
+  blank?: boolean;
+
+  [key: string]: any;
+};
+
+/**
+ * 表单字段帮助说明配置
+ */
+export type FormItemHelperProps = {
+  /**
+   * 自定义渲染帮助说明
+   * @param scope
+   */
+  render?: (scope: any) => any;
+  /**
+   * 帮助文本
+   */
+  text?: string;
+  /**
+   * 帮助说明所在的位置，[ undefined | label]
+   */
+  position?: string;
+  /**
+   * [a|el|n]-tooltip配置
+   */
+  tooltip?: object;
+
+  [key: string]: any;
+};
+
+/**
+ * 组件配置
+ */
+export type ComponentProps = {
+  /**
+   * 组件的名称
+   */
+  name?: string | object;
+  /**
+   * vmodel绑定的目标属性名
+   */
+  vModel?: string;
+
+  /**
+   * 当原始组件名的参数被以上属性名占用时，可以配置在这里
+   * 例如:原始组件有一个叫name的属性，你想要配置它，则可以按如下配置
+   * ```
+   * component:{
+   *   name:"组件的名称"
+   *   props:{
+   *     name:"组件的name属性"  <-----------
+   *   }
+   * }
+   * ```
+   */
+  props?: {
+    [key: string]: any;
+  };
+
+  /**
+   * 组件事件监听
+   */
+  on?: {
+    [key: string]: (context?: any) => void;
+  };
+
+  /**
+   * 组件其他参数
+   * 事件：onXxx:(event)=>void 组件原始事件监听
+   *      on.onXxx:(context)=>void 组件事件监听(对原始事件包装)
+   * 样式：style、class等
+   */
+  [key: string]: any;
+};

packages/core/pipeline/src/dt/index.ts

@@ -0,0 +1,2 @@
+export * from "./pipeline.js";
+export * from "./fast-crud.js";

packages/core/pipeline/src/dt/pipeline.ts

@@ -0,0 +1,139 @@
+export enum RunStrategy {
+  AlwaysRun,
+  SkipWhenSucceed,
+}
+
+export enum ConcurrencyStrategy {
+  Serial,
+  Parallel,
+}
+
+export enum NextStrategy {
+  AllSuccess,
+  OneSuccess,
+}
+
+export enum HandlerType {
+  //清空后续任务的状态
+  ClearFollowStatus,
+  SendEmail,
+}
+
+export type EventHandler = {
+  type: HandlerType;
+  params: {
+    [key: string]: any;
+  };
+};
+
+export type RunnableStrategy = {
+  runStrategy?: RunStrategy;
+  onSuccess?: EventHandler[];
+  onError?: EventHandler[];
+};
+
+export type Step = Runnable & {
+  type: string; //插件类型
+  input: {
+    [key: string]: any;
+  };
+};
+export type Task = Runnable & {
+  steps: Step[];
+};
+
+export type Stage = Runnable & {
+  tasks: Task[];
+  concurrency: ConcurrencyStrategy;
+  next: NextStrategy;
+};
+
+export type Trigger = {
+  id: string;
+  title: string;
+  cron: string;
+  type: string;
+};
+
+export type FileItem = {
+  id: string;
+  filename: string;
+  path: string;
+};
+export type Runnable = {
+  id: string;
+  title: string;
+  strategy?: RunnableStrategy;
+  runnableType?: string; // pipeline, stage, task , step
+  status?: HistoryResult;
+  timeout?: number;
+  default?: {
+    [key: string]: any;
+  };
+};
+
+export type EmailOptions = {
+  receivers: string[];
+};
+export type NotificationWhen = "error" | "success" | "turnToSuccess" | "start";
+export type NotificationType = "email" | "url";
+export type Notification = {
+  type: NotificationType;
+  when: NotificationWhen[];
+  options: EmailOptions;
+};
+
+export type Pipeline = Runnable & {
+  version?: number;
+  userId: any;
+  stages: Stage[];
+  triggers: Trigger[];
+  notifications?: Notification[];
+};
+
+export type Context = {
+  [key: string]: any;
+};
+
+export type Log = {
+  title: string;
+  time: number;
+  level: string;
+  text: string;
+};
+
+export enum ResultType {
+  start = "start",
+  success = "success",
+  error = "error",
+  canceled = "canceled",
+  skip = "skip",
+  none = "none",
+}
+
+export type HistoryResultGroup = {
+  [key: string]: {
+    runnable: Runnable;
+    res: HistoryResult;
+  };
+};
+export type HistoryResult = {
+  input: any;
+  output: any;
+  files?: FileItem[];
+  /**
+   * 任务状态
+   */
+  status: ResultType;
+  startTime: number;
+  endTime?: number;
+  /**
+   * 处理结果
+   */
+  result?: ResultType; //success, error,skip
+  message?: string;
+};
+
+export type RunnableMap = {
+  [id: string]: Runnable;
+};