v1.25.2

# Conflicts:
#	packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/notification-form/index.vue

.github/workflows/build-image.yml

@@ -40,7 +40,7 @@ jobs:
 #          cache: 'npm'
 #        working-directory: ./packages/ui/certd-client
       - run: |
-          npm install -g pnpm
+          npm install -g pnpm@8.15.7
           pnpm install
           npm run build
         working-directory: ./packages/ui/certd-client
@@ -64,10 +64,10 @@ jobs:
           username: ${{ secrets.dockerhub_username }}
           password: ${{ secrets.dockerhub_password }}
 
-      - name: Build and push
+      - name: Build default platforms
         uses: docker/build-push-action@v6
         with:
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64
           push: true
           context: ./packages/ui/
           tags: |
@@ -75,3 +75,15 @@ jobs:
             registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}
             greper/certd:latest
             greper/certd:${{steps.get_certd_version.outputs.result}}
+
+      - name: Build armv7
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/arm/v7
+          push: true
+          context: ./packages/ui/
+          tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}-armv7
+            greper/certd:armv7
+            greper/certd:${{steps.get_certd_version.outputs.result}}-armv7

CHANGELOG.md

@@ -3,6 +3,60 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package root
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package root
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+### Bug Fixes
+
+* 修复首次创建任务运行时不自动设置当前运行情况的bug ([ecd83ee](https://github.com/certd/certd/commit/ecd83ee136abdd3df9ed2f21ec2ff0f24c0ed9d9))
+
+### Features
+
+* 账号绑定 ([e046640](https://github.com/certd/certd/commit/e0466409d0c021bb415abd94df448c8a0d4799e9))
+* 支持中间证书 ([e86756e](https://github.com/certd/certd/commit/e86756e4c65a53dd23106d7ecbfe2fa987cc13f3))
+* 支持vip转移 ([361e8fe](https://github.com/certd/certd/commit/361e8fe7ae5877e23fd5de31bc919bedd09c57f5))
+
+### Performance Improvements
+
+* 群晖支持OTP双重验证登录 ([8b8039f](https://github.com/certd/certd/commit/8b8039f42bbce10a4d0e737cdeeeef9bb17bee5a))
+* 任务支持禁用 ([8ed16b3](https://github.com/certd/certd/commit/8ed16b3ea2dfe847357863a0bfa614e4fa5fc041))
+* 优化收件邮箱输入 ([22ef28f](https://github.com/certd/certd/commit/22ef28f6338a78465bd52ccbad13e66e80263b2f))
+* 优化主机登录失败提示 ([9de77b3](https://github.com/certd/certd/commit/9de77b327d39cff5ed6660ec53b58ba0eea18e5a))
+* 增加重启certd插件 ([48238d9](https://github.com/certd/certd/commit/48238d929e6c4afa1d428e4d35b9159d37a47ae0))
+* 证书支持旧版RSA，pkcs1 ([3d9c3ec](https://github.com/certd/certd/commit/3d9c3ecb3eb604b2458154f608bde0f01915d116))
+* 支持阿里云ACK证书部署 ([d331fea](https://github.com/certd/certd/commit/d331fea47789122650e057ec7c9e85ee8e66f09b))
+* 支持七牛云 ([8ecc2f9](https://github.com/certd/certd/commit/8ecc2f9446a9ebd11b9bfbffbb6cf7812a043495))
+* 支持k8s ingress secret ([e5a5d0a](https://github.com/certd/certd/commit/e5a5d0a607bb6b4e1a1f7a1a419bada5f2dee59f))
+* http请求增加默认超时时间 ([664bd86](https://github.com/certd/certd/commit/664bd863e5b4895aabe2384277c0c65f5902fdb2))
+* plugins增加图标 ([a8da658](https://github.com/certd/certd/commit/a8da658a9723342b4f43a579f7805bfef0648efb))
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+### Bug Fixes
+
+* 修复腾讯云cdn证书部署后会自动关闭hsts，http2.0等配置的bug ([7908ab7](https://github.com/certd/certd/commit/7908ab79da624c94fa05849925b15e480e3317c4))
+* 修复腾讯云tke证书部署报错的bug ([653f409](https://github.com/certd/certd/commit/653f409d91a441850d6381f89a8dd390831f0d5e))
+
+### Performance Improvements
+
+* 插件选择支持搜索 ([d1498a7](https://github.com/certd/certd/commit/d1498a71601b74d38343b1d070eadd03705dd9d5))
+* 前置任务步骤增加错误提示 ([ae3daa9](https://github.com/certd/certd/commit/ae3daa9bcf4fc363825aad9b77f5d3879aeeff70))
+* 群晖部署教程 ([0f0af2f](https://github.com/certd/certd/commit/0f0af2f309390f388e7a272cea3a1dd30c01977d))
+* 支持群晖 ([5c270b6](https://github.com/certd/certd/commit/5c270b6b9d45a2152f9fdb3c07bd98b7c803cb8e))
+
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+### Performance Improvements
+
+* 支持多吉云cdn证书部署 ([65ef685](https://github.com/certd/certd/commit/65ef6857296784ca765926e09eafcb6fc8b6ecde))
+
 ## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
 
 ### Bug Fixes

README.md

@@ -13,7 +13,7 @@ https://afdian.com/a/greper
 1. 可加入发电专属群，可以获得作者一对一技术支持
 2. 您的需求我们将优先实现，并且将作为专业版功能提供
 3. 一年期专业版激活码
-4. 赠送国外免费服务器部署方案（0成本使用Certd，不过该服务器需要翻墙）
+4. 赠送国外免费服务器部署方案（0成本使用Certd，可能需要翻墙，不过现在性能越来越差了）
 
 专业版特权
 1. 证书流水线条数无限制（免费版限制10条）
@@ -55,11 +55,23 @@ https://certd.handsfree.work/
 -------> [点我查看详细使用步骤演示](./step.md)   <--------      
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     
 
+当前支持的部署插件列表
+![演示](./doc/images/plugins.png)
+
 ## 四、私有化部署
 
 由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全
 
-### 1. 安装docker、docker-compose
+### 4.1 宝塔面板一键部署【推荐】
+
+1. 安装宝塔面板，前往 [宝塔面板](https://www.bt.cn/u/CL3JHS) 官网，选择正式版的脚本下载安装
+
+2. 安装后登录宝塔面板，在菜单栏中点击 Docker，首次进入会提示安装Docker服务，点击立即安装，按提示完成安装
+
+3. 安装完成后在应用商店中找到`certd`，点击安装，配置域名等基本信息即可完成安装
+
+### 4.2 Docker部署
+#### 1. 安装docker、docker-compose
 
 1.1 准备一台云服务器
 * 【阿里云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://www.aliyun.com/benefit?scm=20140722.M_10244282._.V_1&source=5176.11533457&userCode=qya11txb )】
@@ -71,7 +83,7 @@ https://certd.handsfree.work/
 https://docs.docker.com/engine/install/   
 选择对应的操作系统，按照官方文档执行命令即可   
 
-### 2. 运行certd
+#### 2. 运行certd
 
 [docker-compose.yaml 下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
 
@@ -101,23 +113,26 @@ docker compose up -d
 #### 镜像说明：
 * 国内镜像地址:
   * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
+  * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7`、`[version]-armv7`
 * DockerHub地址：
   * `https://hub.docker.com/r/greper/certd`
-  * `docker pull greper/certd:latest`
+  * `greper/certd:latest`
+  * `greper/certd:armv7`、`greper/certd:[version]-armv7`
 
 * 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
   * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
 
 ![](./doc/images/action-build.jpg)
 
-
-### 3. 访问
+#### 3. 访问
 
 http://your_server_ip:7001    
 默认账号密码：admin/123456    
 记得修改密码   
 
 
+
+
 ## 五、 升级
 如果使用固定版本号
 1. 修改`docker-compose.yaml`中的镜像版本号
@@ -157,17 +172,18 @@ docker compose up -d
 * [腾讯云](./doc/tencent/tencent.md)
 * [windows主机](./doc/host/host.md)
 * [google证书](./doc/google/google.md)
+* [群晖部署certd及证书更新教程](./doc/synology/index.md)
 
 
 ## 八、问题处理
 ### 7.1 忘记管理员密码   
 解决方法如下：
-1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPassword`改为`true`
+1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPasswd`改为`true`
 ```yaml
 services:
   certd:
     environment: # 环境变量
-      - certd_system_resetAdminPassword=false
+      - certd_system_resetAdminPasswd=false
 ```
 2. 重启容器
 ```shell
@@ -175,7 +191,7 @@ docker compose up -d
 docker logs -f --tail 500 certd
 # 观察日志，当日志中输出“重置1号管理员用户的密码完成”，即可操作下一步
 ```
-3. 修改docker-compose.yaml，将`certd_system_resetAdminPassword`改回`false`
+3. 修改docker-compose.yaml，将`certd_system_resetAdminPasswd`改回`false`
 4. 再次重启容器
 ```shell
 docker compose up -d

build.trigger

@@ -1 +1 @@
-23:58
+02:43

doc/google/google.md

@@ -21,17 +21,17 @@ gcloud beta publicca external-account-keys create
 
 ```shell
 Created an external account key
-[b64MacKey: xxxxxxxxxxxxx
-keyId: xxxxxxxxx]
+[b64MacKey: xxxxxxxxxxxxxxxx
+keyId: xxxxxxxxxxxxx]
 ```
-记录以上信息备用
+记录以上信息备用（注意keyId是不带中括号的）
 
 
 ## 3、 创建证书流水线
 选择证书提供商为google， 开启使用代理
 
 ## 4、 将key信息作为EAB授权信息
-google证书需要EAB授权， 使用第二步中的 keyId 和 b64MacKey 信息创建一条EAB授权记录      
-
+google证书需要EAB授权， 使用第二步中的 keyId 和 b64MacKey 信息创建一条EAB授权记录         
+注意：keyId没有`]`结尾，不要把`]`也复制了
 ## 5、 其他就跟正常申请证书一样了
 

doc/synology/index.md

@@ -0,0 +1,41 @@
+# 群晖部署和证书更新
+
+
+## 一、群晖系统上部署Certd教程
+
+### 1. 打开Container Manager
+
+![](./images/1.png)
+
+### 2. 新增项目
+
+![](./images/2.png)
+
+### 3. 配置Certd项目
+
+![](./images/3.png)
+
+### 4. 外网访问设置
+
+![](./images/4.png)
+
+### 5. 确认项目信息
+
+![](./images/5.png)
+
+点击完成安装，等待certd启动完成即可
+
+### 6. 门户配置向导【可选】
+
+![](./images/6.png)
+
+
+
+## 二、更新群晖证书
+
+## 1. 前提条件
+* 已经部署了certd
+* 群晖上已经设置好了证书(证书建议设置好描述，插件需要根据描述查找证书)
+
+## 2. 在certd上配置自动更新群晖证书插件
+![](./images/deploy.png)

docker/run/docker-compose.yaml

@@ -1,38 +1,40 @@
-version: '3.3'
+#version: '3.3'
 services:
   certd:
-    # 镜像                                                  #  ↓↓↓↓↓ --- 镜像版本号，建议改成固定版本号【可选】
+    # 镜像                                                  #  ↓↓↓↓↓ --- 镜像版本号，建议改成固定版本号
     image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
     container_name: certd # 容器名
     restart: unless-stopped # 自动重启
     volumes:
-      #   ↓↓↓↓↓ -------------------------------------------------------- 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下【可选】
+      #   ↓↓↓↓↓ -------------------------------------------------------- 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下，【您需要定时备份此目录，以保障数据容灾】
       - /data/certd:/app/data
     ports: # 端口映射
-      #  ↓↓↓↓ ---------------------------------------------------------- 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号【可选】
+      #  ↓↓↓↓ ---------------------------------------------------------- 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号
       - "7001:7001"
     dns:
-      # 如果出现getaddrinfo ENOTFOUND等错误，可以尝试修改或注释dns配置
+      #  ↓↓↓↓ ---------------------------------------------------------- 如果出现getaddrinfo ENOTFOUND等错误，可以尝试修改或注释dns配置
       - 223.5.5.5
       - 223.6.6.6
-      #  ↓↓↓↓ ---------------------------------------------------------- 如果你服务器部署在国外，可以用8.8.8.8替换上面的dns【可选】
+      #  ↓↓↓↓ ---------------------------------------------------------- 如果你服务器部署在国外，可以用8.8.8.8替换上面的dns
 #      - 8.8.8.8
 #      - 8.8.4.4
+#    extra_hosts:
+      #  ↓↓↓↓ ---------------------------------------------------------- 这里可以配置自定义hosts，外网域名可以指向本地局域网ip地址
+#      - "localdomain.comm:192.168.1.3"
     environment: # 环境变量
       - TZ=Asia/Shanghai
       #- HTTPS_PROXY=http://xxxxxx:xx
       #- HTTP_PROXY=http://xxxxxx:xx
-                          #  ↑↑↑↑↑ ------------------------------------- 这里可以设置http代理【可选】
+                          #  ↑↑↑↑↑ ------------------------------------- 这里可以设置http代理
       - certd_system_resetAdminPasswd=false
-                                     #  ↑↑↑↑↑--------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false【可选】
+                                     #  ↑↑↑↑↑--------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
       - certd_cron_immediateTriggerOnce=false
-                                     #  ↑↑↑↑↑--------------------------- 如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次【可选】
+                                     #  ↑↑↑↑↑--------------------------- 如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次
       - VITE_APP_ICP_NO=
-                      #  ↑↑↑↑↑ ----------------------------------------- 这里可以设置备案号【可选】
+                      #  ↑↑↑↑↑ ----------------------------------------- 这里可以设置备案号
       #- certd_koa_key=./data/ssl/cert.key
       #- certd_koa_cert=./data/ssl/cert.crt
-                      #  ↑↑↑↑↑ ----------------------------------------- 配置证书和key，则表示https方式启动，访问网址要使用 https://your.domain:7001【可选】
-
+                      #  ↑↑↑↑↑ ----------------------------------------- 配置证书和key，则表示https方式启动，使用https协议访问，https://your.domain:7001
       # 设置环境变量即可自定义certd配置
       # 服务端配置项见： packages/ui/certd-server/src/config/config.default.ts
       # 服务端配置规则： certd_ + 配置项, 点号用_代替

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.24.2"
+  "version": "1.25.2"
 }

package.json

@@ -16,7 +16,7 @@
     "afterpublishOnly": "time /t >build.trigger && git add ./build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
     "prepublishOnly1": "npm run check && lerna run build ",
     "prepublishOnly2": "npm run check && npm run before-build && lerna run build ",
-    "before-build": "cd ./packages/core/pipeline && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
+    "before-build": "cd ./packages/pro/plus && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
     "deploy1": "node --experimental-json-modules deploy.js ",
     "check": "node --experimental-json-modules publish-check.js",
     "init": "lerna run build"
@@ -29,4 +29,4 @@
   "workspaces": [
     "packages/**"
   ]
-}
+}

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,29 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.25.2](https://github.com/publishlab/node-acme-client/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.25.1](https://github.com/publishlab/node-acme-client/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.25.0](https://github.com/publishlab/node-acme-client/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+### Performance Improvements
+
+* 证书支持旧版RSA，pkcs1 ([3d9c3ec](https://github.com/publishlab/node-acme-client/commit/3d9c3ecb3eb604b2458154f608bde0f01915d116))
+* 支持七牛云 ([8ecc2f9](https://github.com/publishlab/node-acme-client/commit/8ecc2f9446a9ebd11b9bfbffbb6cf7812a043495))
+
+## [1.24.4](https://github.com/publishlab/node-acme-client/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.24.3](https://github.com/publishlab/node-acme-client/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.24.2](https://github.com/publishlab/node-acme-client/compare/v1.24.1...v1.24.2) (2024-09-06)
 
 ### Performance Improvements

packages/core/acme-client/package.json

@@ -3,13 +3,13 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.24.2",
+    "version": "1.25.2",
     "main": "src/index.js",
     "types": "types/index.d.ts",
     "license": "MIT",
     "homepage": "https://github.com/publishlab/node-acme-client",
     "engines": {
-        "node": ">= 16"
+        "node": ">= 18"
     },
     "files": [
         "src",
@@ -59,5 +59,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "bef6b981e26a010a797734e508de6822de8564f5"
+    "gitHead": "c7f7910fa98e96edeff905326b0a714f1e49b8d5"
 }

packages/core/acme-client/src/crypto/index.js

@@ -67,11 +67,11 @@ function getKeyInfo(keyPem) {
  * ```
  */
 
-async function createPrivateRsaKey(modulusLength = 2048) {
+async function createPrivateRsaKey(modulusLength = 2048, encodingType = 'pkcs8') {
     const pair = await generateKeyPair('rsa', {
         modulusLength,
         privateKeyEncoding: {
-            type: 'pkcs8',
+            type: encodingType,
             format: 'pem',
         },
     });
@@ -106,11 +106,11 @@ exports.createPrivateKey = createPrivateRsaKey;
  * ```
  */
 
-exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
+exports.createPrivateEcdsaKey = async (namedCurve = 'P-256', encodingType = 'pkcs8') => {
     const pair = await generateKeyPair('ec', {
         namedCurve,
         privateKeyEncoding: {
-            type: 'pkcs8',
+            type: encodingType,
             format: 'pem',
         },
     });

packages/core/acme-client/src/index.js

@@ -32,7 +32,7 @@ exports.directory = {
  */
 
 exports.crypto = require('./crypto');
-// exports.forge = require('./crypto/forge');
+exports.forge = require('./crypto/forge');
 
 /**
  * Axios

packages/core/acme-client/types/index.d.ts

@@ -155,16 +155,16 @@ export interface EcdsaPublicJwk {
 }
 
 export interface CryptoInterface {
-    createPrivateKey(keySize?: number): Promise<PrivateKeyBuffer>;
-    createPrivateRsaKey(keySize?: number): Promise<PrivateKeyBuffer>;
-    createPrivateEcdsaKey(namedCurve?: 'P-256' | 'P-384' | 'P-521'): Promise<PrivateKeyBuffer>;
+    createPrivateKey(keySize?: number,encodingType?:string): Promise<PrivateKeyBuffer>;
+    createPrivateRsaKey(keySize?: number,encodingType?:string): Promise<PrivateKeyBuffer>;
+    createPrivateEcdsaKey(namedCurve?: 'P-256' | 'P-384' | 'P-521',encodingType?:string): Promise<PrivateKeyBuffer>;
     getPublicKey(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): PublicKeyBuffer;
     getJwk(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): RsaPublicJwk | EcdsaPublicJwk;
     splitPemChain(chainPem: CertificateBuffer | CertificateString): string[];
     getPemBodyAsB64u(pem: CertificateBuffer | CertificateString): string;
     readCsrDomains(csrPem: CsrBuffer | CsrString): CertificateDomains;
     readCertificateInfo(certPem: CertificateBuffer | CertificateString): CertificateInfo;
-    createCsr(data: CsrOptions, keyPem?: PrivateKeyBuffer | PrivateKeyString): Promise<[PrivateKeyBuffer, CsrBuffer]>;
+    createCsr(data: CsrOptions, keyPem?: PrivateKeyBuffer | PrivateKeyString,encodingType?:string): Promise<[PrivateKeyBuffer, CsrBuffer]>;
     createAlpnCertificate(authz: Authorization, keyAuthorization: string, keyPem?: PrivateKeyBuffer | PrivateKeyString): Promise<[PrivateKeyBuffer, CertificateBuffer]>;
     isAlpnCertificateAuthorizationValid(certPem: CertificateBuffer | CertificateString, keyAuthorization: string): boolean;
 }

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,44 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/pipeline
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+### Bug Fixes
+
+* 修复首次创建任务运行时不自动设置当前运行情况的bug ([ecd83ee](https://github.com/certd/certd/commit/ecd83ee136abdd3df9ed2f21ec2ff0f24c0ed9d9))
+
+### Performance Improvements
+
+* 群晖支持OTP双重验证登录 ([8b8039f](https://github.com/certd/certd/commit/8b8039f42bbce10a4d0e737cdeeeef9bb17bee5a))
+* 任务支持禁用 ([8ed16b3](https://github.com/certd/certd/commit/8ed16b3ea2dfe847357863a0bfa614e4fa5fc041))
+* 支持阿里云ACK证书部署 ([d331fea](https://github.com/certd/certd/commit/d331fea47789122650e057ec7c9e85ee8e66f09b))
+* 支持七牛云 ([8ecc2f9](https://github.com/certd/certd/commit/8ecc2f9446a9ebd11b9bfbffbb6cf7812a043495))
+* 支持k8s ingress secret ([e5a5d0a](https://github.com/certd/certd/commit/e5a5d0a607bb6b4e1a1f7a1a419bada5f2dee59f))
+* http请求增加默认超时时间 ([664bd86](https://github.com/certd/certd/commit/664bd863e5b4895aabe2384277c0c65f5902fdb2))
+* plugins增加图标 ([a8da658](https://github.com/certd/certd/commit/a8da658a9723342b4f43a579f7805bfef0648efb))
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+### Performance Improvements
+
+* 前置任务步骤增加错误提示 ([ae3daa9](https://github.com/certd/certd/commit/ae3daa9bcf4fc363825aad9b77f5d3879aeeff70))
+* 群晖部署教程 ([0f0af2f](https://github.com/certd/certd/commit/0f0af2f309390f388e7a272cea3a1dd30c01977d))
+* 支持群晖 ([5c270b6](https://github.com/certd/certd/commit/5c270b6b9d45a2152f9fdb3c07bd98b7c803cb8e))
+
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+### Performance Improvements
+
+* 支持多吉云cdn证书部署 ([65ef685](https://github.com/certd/certd/commit/65ef6857296784ca765926e09eafcb6fc8b6ecde))
+
 ## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
 
 ### Performance Improvements

packages/core/pipeline/build.md

@@ -1 +1 @@
-22:33
+02:40

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.24.2",
+  "version": "1.25.2",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -14,12 +14,15 @@
     "test": "mocha   --loader=ts-node/esm"
   },
   "dependencies": {
-    "@certd/plus": "1.22.1",
+    "@certd/plus": "1.25.1",
     "axios": "^1.7.2",
     "fix-path": "^4.0.0",
+    "http-proxy-agent": "^7.0.2",
+    "https-proxy-agent": "^7.0.5",
     "lodash-es": "^4.17.21",
     "node-forge": "^1.3.1",
     "nodemailer": "^6.9.3",
+    "proxy-agent": "^6.4.0",
     "qs": "^6.11.2"
   },
   "devDependencies": {
@@ -57,5 +60,5 @@
     "vite": "^4.3.8",
     "vue-tsc": "^1.6.5"
   },
-  "gitHead": "bef6b981e26a010a797734e508de6822de8564f5"
+  "gitHead": "c7f7910fa98e96edeff905326b0a714f1e49b8d5"
 }

packages/core/pipeline/src/access/api.ts

@@ -12,7 +12,7 @@ export type AccessDefine = Registrable & {
   };
 };
 export interface IAccessService {
-  getById(id: any): Promise<any>;
+  getById<T = any>(id: any): Promise<T>;
 }
 
 // eslint-disable-next-line @typescript-eslint/no-empty-interface

packages/core/pipeline/src/context/index.ts

@@ -1,6 +1,4 @@
-import { AxiosInstance } from "axios";
 import { IContext } from "../core/index.js";
 
-export type HttpClient = AxiosInstance;
 export type UserContext = IContext;
 export type PipelineContext = IContext;

packages/core/pipeline/src/core/executor.ts

@@ -12,7 +12,7 @@ import { RegistryItem } from "../registry/index.js";
 import { Decorator } from "../decorator/index.js";
 import { IEmailService } from "../service/index.js";
 import { FileStore } from "./file-store.js";
-import { hashUtils } from "../utils/index.js";
+import { hashUtils, utils } from "../utils/index.js";
 // import { TimeoutPromise } from "../utils/util.promise.js";
 
 export type ExecutorOptions = {
@@ -93,7 +93,7 @@ export class Executor {
       await this.notification("success");
     } catch (e: any) {
       await this.notification("error", e);
-      this.logger.error("pipeline 执行失败", e.stack);
+      this.logger.error("pipeline 执行失败", e);
     } finally {
       clearInterval(intervalFlushLogId);
       await this.onChanged(this.runtime);
@@ -104,11 +104,18 @@ export class Executor {
 
   async runWithHistory(runnable: Runnable, runnableType: string, run: () => Promise<ResultType | void>) {
     runnable.runnableType = runnableType;
+
     this.runtime.start(runnable);
-    // const timeout = runnable.timeout ?? 20 * 60 * 1000;
-    await this.onChanged(this.runtime);
 
     try {
+      if (runnable.disabled) {
+        //该任务被禁用
+        this.runtime.disabled(runnable);
+        return ResultType.disabled;
+      }
+
+      await this.onChanged(this.runtime);
+
       if (this.abort.signal.aborted) {
         this.runtime.cancel(runnable);
         return ResultType.canceled;
@@ -217,11 +224,17 @@ export class Executor {
       if (item.component?.name === "pi-output-selector") {
         const contextKey = input[key];
         if (contextKey != null) {
+          if (typeof contextKey !== "string") {
+            throw new Error(`步骤${step.title}的${item.title}属性必须为String类型，请重新配置该属性`);
+          }
           // "cert": "step.-BNFVPMKPu2O-i9NiOQxP.cert",
           const arr = contextKey.split(".");
           const id = arr[1];
           const outputKey = arr[2];
           input[key] = this.currentStatusMap.get(id)?.status?.output[outputKey] ?? this.lastStatusMap.get(id)?.status?.output[outputKey];
+          if (input[key] == null) {
+            this.logger.warn(`${item.title}的配置未找到对应的输出值，请确认对应的前置任务是否存在或者是否执行正确`);
+          }
         }
       }
     });
@@ -231,14 +244,13 @@ export class Executor {
     //判断是否需要跳过
     const lastNode = this.lastStatusMap.get(step.id);
     const lastResult = lastNode?.status?.status;
+    let inputChanged = true;
+    const lastInputHash = lastNode?.status?.inputHash;
+    if (lastInputHash && newInputHash && lastInputHash === newInputHash) {
+      //参数有变化
+      inputChanged = false;
+    }
     if (step.strategy?.runStrategy === RunStrategy.SkipWhenSucceed) {
-      //如果是成功后跳过策略
-      let inputChanged = true;
-      const lastInputHash = lastNode?.status?.inputHash;
-      if (lastInputHash && newInputHash && lastInputHash === newInputHash) {
-        //参数有变化
-        inputChanged = false;
-      }
       if (lastResult != null && lastResult === ResultType.success && !inputChanged) {
         step.status!.output = lastNode?.status?.output;
         step.status!.files = lastNode?.status?.files;
@@ -253,6 +265,7 @@ export class Executor {
       lastStatus,
       http,
       logger: currentLogger,
+      inputChanged,
       accessService: this.options.accessService,
       emailService: this.options.emailService,
       pipelineContext: this.pipelineContext,
@@ -263,6 +276,7 @@ export class Executor {
         rootDir: this.options.fileRootDir,
       }),
       signal: this.abort.signal,
+      utils,
     };
     instance.setCtx(taskCtx);
 

packages/core/pipeline/src/core/handler.ts

@@ -0,0 +1,33 @@
+import _ from "lodash-es";
+import { HttpClient, ILogger } from "../utils";
+
+export type PluginRequest = {
+  type: "plugin" | "access";
+  typeName: string;
+  action: string;
+  input: any;
+  data: any;
+};
+
+export type RequestHandleContext = {
+  http: HttpClient;
+  logger: ILogger;
+};
+
+export class RequestHandler {
+  async onRequest(req: PluginRequest, ctx: RequestHandleContext) {
+    if (!req.action) {
+      throw new Error("action is required");
+    }
+
+    const methodName = `on${_.upperFirst(req.action)}`;
+
+    // @ts-ignore
+    const method = this[methodName];
+    if (method) {
+      // @ts-ignore
+      return await this[methodName](req.data, ctx);
+    }
+    throw new Error(`action ${req.action} not found`);
+  }
+}

packages/core/pipeline/src/core/index.ts

@@ -4,3 +4,4 @@ export * from "./context.js";
 export * from "./storage.js";
 export * from "./file-store.js";
 export * from "./license.js";
+export * from "./handler.js";

packages/core/pipeline/src/core/run-history.ts

@@ -74,6 +74,17 @@ export class RunHistory {
     this.log(runnable, `跳过`);
   }
 
+  disabled(runnable: Runnable) {
+    const now = new Date().getTime();
+    const status = runnable.status;
+    _.merge(status, {
+      status: "canceled",
+      endTime: now,
+      result: "disabled",
+    });
+    this.log(runnable, `禁用`);
+  }
+
   error(runnable: Runnable, e: Error) {
     const now = new Date().getTime();
     const status = runnable.status;
@@ -107,8 +118,8 @@ export class RunHistory {
 
   logError(runnable: Runnable, e: Error) {
     // @ts-ignore
-    const errorInfo = runnable.runnableType == "step" ? e.stack : e.message;
-    this._loggers[runnable.id].error(`[${runnable.runnableType}] [${runnable.title}]<id:${runnable.id}> ：${errorInfo}`);
+    const errorInfo = runnable.runnableType === "step" ? e : e.message;
+    this._loggers[runnable.id].error(`[${runnable.runnableType}] [${runnable.title}]<id:${runnable.id}> ：`, errorInfo);
   }
 
   finally(runnable: Runnable) {

packages/core/pipeline/src/dt/pipeline.ts

@@ -46,6 +46,7 @@ export type Stage = Runnable & {
   tasks: Task[];
   concurrency: ConcurrencyStrategy;
   next: NextStrategy;
+  maxTaskCount?: number;
 };
 
 export type Trigger = {
@@ -70,6 +71,7 @@ export type Runnable = {
   default?: {
     [key: string]: any;
   };
+  disabled?: boolean;
 };
 
 export type EmailOptions = {
@@ -108,6 +110,7 @@ export enum ResultType {
   error = "error",
   canceled = "canceled",
   skip = "skip",
+  disabled = "disabled",
   none = "none",
 }
 

packages/core/pipeline/src/plugin/api.ts

@@ -5,9 +5,10 @@ import { Logger } from "log4js";
 import { IAccessService } from "../access/index.js";
 import { IEmailService } from "../service/index.js";
 import { IContext } from "../core/index.js";
-import { AxiosInstance } from "axios";
 import { ILogger, logger } from "../utils/index.js";
-
+import { HttpClient } from "../utils/util.request";
+import { utils } from "../utils/index.js";
+import dayjs from "dayjs";
 export enum ContextScope {
   global,
   pipeline,
@@ -25,6 +26,7 @@ export type TaskInputDefine = FormItemProps;
 export type PluginDefine = Registrable & {
   default?: any;
   group?: string;
+  icon?: string;
   input?: {
     [key: string]: TaskInputDefine;
   };
@@ -57,17 +59,32 @@ export type TaskResult = {
   pipelineVars: Record<string, any>;
 };
 export type TaskInstanceContext = {
+  //流水线定义
   pipeline: Pipeline;
+  //步骤定义
   step: Step;
+  //日志
   logger: Logger;
+  //当前步骤输入参数跟上一次执行比较是否有变化
+  inputChanged: boolean;
+  //授权获取服务
   accessService: IAccessService;
+  //邮件服务
   emailService: IEmailService;
+  //流水线上下文
   pipelineContext: IContext;
+  //用户上下文
   userContext: IContext;
-  http: AxiosInstance;
+  //http请求客户端
+  http: HttpClient;
+  //文件存储
   fileStore: FileStore;
+  //上一次执行结果状态
   lastStatus?: Runnable;
+  //用户取消信号
   signal: AbortSignal;
+  //工具类
+  utils: typeof utils;
 };
 
 export abstract class AbstractTaskPlugin implements ITaskPlugin {
@@ -123,6 +140,13 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
   }
 
   abstract execute(): Promise<void>;
+
+  appendTimeSuffix(name?: string) {
+    if (name == null) {
+      name = "certd";
+    }
+    return name + "_" + dayjs().format("YYYYMMDDHHmmss");
+  }
 }
 
 export type OutputVO = {

packages/core/pipeline/src/plugin/group.ts

@@ -21,5 +21,6 @@ export const pluginGroups = {
   huawei: new PluginGroup("huawei", "华为云", 3),
   tencent: new PluginGroup("tencent", "腾讯云", 4),
   host: new PluginGroup("host", "主机", 5),
+  cdn: new PluginGroup("cdn", "CDN", 6),
   other: new PluginGroup("other", "其他", 7),
 };

packages/core/pipeline/src/utils/index.ts

@@ -1,11 +1,22 @@
 import sleep from "./util.sleep.js";
-import { request } from "./util.request.js";
+import { http } from "./util.request.js";
+export * from "./util.request.js";
 export * from "./util.log.js";
 export * from "./util.file.js";
 export * from "./util.sp.js";
-export * as promises from "./util.promise.js";
+export * from "./util.promise.js";
 export * from "./util.hash.js";
+import { sp } from "./util.sp.js";
+import { hashUtils } from "./util.hash.js";
+import { promises } from "./util.promise.js";
+import { fileUtils } from "./util.file.js";
+import _ from "lodash-es";
 export const utils = {
   sleep,
-  http: request,
+  http,
+  sp,
+  hash: hashUtils,
+  promises,
+  file: fileUtils,
+  _,
 };

packages/core/pipeline/src/utils/util.promise.ts

@@ -24,3 +24,8 @@ export function safePromise<T>(callback: (resolve: (ret: T) => void, reject: (re
     }
   });
 }
+
+export const promises = {
+  TimeoutPromise,
+  safePromise,
+};

packages/core/pipeline/src/utils/util.request.ts

@@ -1,41 +1,69 @@
-import axios from "axios";
+import axios, { AxiosRequestConfig } from "axios";
 import { logger } from "./util.log.js";
 import { Logger } from "log4js";
-
+import { HttpProxyAgent } from "http-proxy-agent";
+import { HttpsProxyAgent } from "https-proxy-agent";
+import nodeHttp from "http";
 export class HttpError extends Error {
-  request?: { url: string; method: string; data?: any };
-  response?: { data: any };
   status?: number;
   statusText?: string;
+  code?: string;
+  request?: { url: string; method: string; params?: any; data?: any };
+  response?: { data: any };
+  cause?: any;
   constructor(error: any) {
     if (!error) {
       return;
     }
     super(error.message);
     this.name = error.name;
-    this.stack = error.stack;
-    this.status = error?.response?.status;
-    this.statusText = error?.response?.statusText;
+    this.code = error.code;
+    this.cause = error.cause;
+
+    this.status = error.response?.status;
+    this.statusText = error.response?.statusText;
     this.request = {
-      url: error?.response?.config?.url,
-      method: error?.response?.config?.method,
-      data: error?.response?.config?.data,
+      url: error.config?.url,
+      method: error.config?.method,
+      params: error.config?.params,
+      data: error.config?.data,
     };
     this.response = {
-      data: error?.response?.data,
+      data: error.response?.data,
     };
+
+    delete error.response;
+    delete error.config;
+    delete error.request;
+    // logger.error(error);
   }
 }
+
+export const HttpCommonError = HttpError;
 /**
  * @description 创建请求实例
  */
 export function createAxiosService({ logger }: { logger: Logger }) {
   // 创建一个 axios 实例
   const service = axios.create();
+
+  const defaultAgents = createAgent();
   // 请求拦截
   service.interceptors.request.use(
     (config: any) => {
-      logger.info(`http request:${config.url}，method:${config.method}`);
+      logger.info(`http request:${config.url}，method:${config.method}，params:${JSON.stringify(config.params)}`);
+      if (config.timeout == null) {
+        config.timeout = 15000;
+      }
+      let agents = defaultAgents;
+      if (config.skipSslVerify) {
+        logger.info("跳过SSL验证");
+        agents = createAgent({ rejectUnauthorized: false } as any);
+      }
+      delete config.skipSslVerify;
+      config.httpsAgent = agents.httpsAgent;
+      config.httpAgent = agents.httpAgent;
+
       return config;
     },
     (error: Error) => {
@@ -51,25 +79,54 @@ export function createAxiosService({ logger }: { logger: Logger }) {
       return response.data;
     },
     (error: any) => {
-      // const status = _.get(error, 'response.status')
-      // switch (status) {
-      //   case 400: error.message = '请求错误'; break
-      //   case 401: error.message = '未授权，请登录'; break
-      //   case 403: error.message = '拒绝访问'; break
-      //   case 404: error.message = `请求地址出错: ${error.response.config.url}`; break
-      //   case 408: error.message = '请求超时'; break
-      //   case 500: error.message = '服务器内部错误'; break
-      //   case 501: error.message = '服务未实现'; break
-      //   case 502: error.message = '网关错误'; break
-      //   case 503: error.message = '服务不可用'; break
-      //   case 504: error.message = '网关超时'; break
-      //   case 505: error.message = 'HTTP版本不受支持'; break
-      //   default: break
-      // }
+      const status = error.response?.status;
+      switch (status) {
+        case 400:
+          error.message = "请求错误";
+          break;
+        case 401:
+          error.message = "未授权，请登录";
+          break;
+        case 403:
+          error.message = "拒绝访问";
+          break;
+        case 404:
+          error.message = `请求地址出错: ${error.response.config.url}`;
+          break;
+        case 408:
+          error.message = "请求超时";
+          break;
+        case 500:
+          error.message = "服务器内部错误";
+          break;
+        case 501:
+          error.message = "服务未实现";
+          break;
+        case 502:
+          error.message = "网关错误";
+          break;
+        case 503:
+          error.message = "服务不可用";
+          break;
+        case 504:
+          error.message = "网关超时";
+          break;
+        case 505:
+          error.message = "HTTP版本不受支持";
+          break;
+        default:
+          break;
+      }
       logger.error(
-        `请求出错：status:${error?.response?.status},statusText:${error?.response?.statusText},url:${error?.config?.url},method:${error?.config?.method}。`
+        `请求出错：status:${error.response?.status},statusText:${error.response?.statusText},url:${error.config?.url},method:${error.config?.method}。`
       );
-      logger.error("返回数据:", JSON.stringify(error?.response?.data));
+      logger.error("返回数据:", JSON.stringify(error.response?.data));
+      if (error.response?.data) {
+        error.message = error.response.data.message || error.response.data.msg || error.response.data.error || error.response.data;
+      }
+      if (error instanceof AggregateError) {
+        logger.error("AggregateError", error);
+      }
       const err = new HttpError(error);
       return Promise.reject(err);
     }
@@ -77,4 +134,28 @@ export function createAxiosService({ logger }: { logger: Logger }) {
   return service;
 }
 
-export const request = createAxiosService({ logger });
+export const http = createAxiosService({ logger }) as HttpClient;
+export type HttpClientResponse<R> = any;
+export type HttpRequestConfig<D> = {
+  skipSslVerify?: boolean;
+} & AxiosRequestConfig<D>;
+export type HttpClient = {
+  request<D = any, R = any>(config: HttpRequestConfig<D>): Promise<HttpClientResponse<R>>;
+};
+
+export function createAgent(opts: nodeHttp.AgentOptions = {}) {
+  let httpAgent, httpsAgent;
+  const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
+  if (httpProxy) {
+    httpAgent = new HttpProxyAgent(httpProxy, opts as any);
+  }
+  const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
+  if (httpsProxy) {
+    httpsAgent = new HttpsProxyAgent(httpsProxy, opts as any);
+  }
+
+  return {
+    httpAgent,
+    httpsAgent,
+  };
+}

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.24.2",
+  "version": "1.24.3",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -16,5 +16,5 @@
     "axios": "^1.7.2",
     "rollup": "^3.7.4"
   },
-  "gitHead": "bef6b981e26a010a797734e508de6822de8564f5"
+  "gitHead": "c49ccbde93dbad7062ac39d4f18eca7d561f573f"
 }

packages/libs/lib-iframe/.eslintrc

@@ -0,0 +1,23 @@
+{
+  "parser": "@typescript-eslint/parser",
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "extends": [
+    "plugin:@typescript-eslint/recommended",
+    "plugin:prettier/recommended",
+    "prettier"
+  ],
+  "env": {
+    "mocha": true
+  },
+  "rules": {
+    "@typescript-eslint/no-var-requires": "off",
+    "@typescript-eslint/ban-ts-comment": "off",
+    "@typescript-eslint/ban-ts-ignore": "off",
+    "@typescript-eslint/no-explicit-any": "off",
+    "@typescript-eslint/no-empty-function": "off",
+//    "no-unused-expressions": "off",
+    "max-len": [0, 160, 2, { "ignoreUrls": true }]
+  }
+}

packages/libs/lib-iframe/.gitignore

@@ -0,0 +1,28 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+src/test/user.secret.ts
+
+src/**/*.js

packages/libs/lib-iframe/.npmignore

@@ -0,0 +1,2 @@
+node_modules
+src

packages/libs/lib-iframe/.prettierrc

@@ -0,0 +1,7 @@
+{
+  "printWidth": 160,
+  "bracketSpacing": true,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "arrowParens": "avoid"
+}

packages/libs/lib-iframe/CHANGELOG.md

@@ -0,0 +1,79 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+### Features
+
+* 支持vip转移 ([361e8fe](https://github.com/certd/certd/commit/361e8fe7ae5877e23fd5de31bc919bedd09c57f5))
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.24.1](https://github.com/certd/certd/compare/v1.24.0...v1.24.1) (2024-09-02)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+# [1.24.0](https://github.com/certd/certd/compare/v1.23.1...v1.24.0) (2024-08-25)
+
+### Performance Improvements
+
+* 更新k8s底层api库 ([746bb9d](https://github.com/certd/certd/commit/746bb9d385e2f397daef4976eca1d4782a2f5ebd))
+
+## [1.23.1](https://github.com/certd/certd/compare/v1.23.0...v1.23.1) (2024-08-06)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.22.8](https://github.com/certd/certd/compare/v1.22.7...v1.22.8) (2024-08-05)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.22.7](https://github.com/certd/certd/compare/v1.22.6...v1.22.7) (2024-08-04)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.22.5](https://github.com/certd/certd/compare/v1.22.4...v1.22.5) (2024-07-26)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))

packages/libs/lib-iframe/README.md

@@ -0,0 +1,16 @@
+# Vue 3 + TypeScript + Vite
+
+This template should help get you started developing with Vue 3 and TypeScript in Vite. The template uses Vue 3 `<script setup>` SFCs, check out the [script setup docs](https://v3.vuejs.org/api/sfc-script-setup.html#sfc-script-setup) to learn more.
+
+## Recommended IDE Setup
+
+- [VS Code](https://code.visualstudio.com/) + [Volar](https://marketplace.visualstudio.com/items?itemName=Vue.volar)
+
+## Type Support For `.vue` Imports in TS
+
+Since TypeScript cannot handle type information for `.vue` imports, they are shimmed to be a generic Vue component type by default. In most cases this is fine if you don't really care about component prop types outside of templates. However, if you wish to get actual prop types in `.vue` imports (for example to get props validation when using manual `h(...)` calls), you can enable Volar's Take Over mode by following these steps:
+
+1. Run `Extensions: Show Built-in Extensions` from VS Code's command palette, look for `TypeScript and JavaScript Language Features`, then right click and select `Disable (Workspace)`. By default, Take Over mode will enable itself if the default TypeScript extension is disabled.
+2. Reload the VS Code window by running `Developer: Reload Window` from the command palette.
+
+You can learn more about Take Over mode [here](https://github.com/johnsoncodehk/volar/discussions/471).

packages/libs/lib-iframe/fix-esm-import-paths.js

@@ -0,0 +1,96 @@
+import * as fs from "fs";
+import * as path from "path";
+
+// https://gist.github.com/lovasoa/8691344
+async function* walk(dir) {
+  for await (const d of await fs.promises.opendir(dir)) {
+    const entry = path.join(dir, d.name);
+    if (d.isDirectory()) {
+      yield* walk(entry);
+    } else if (d.isFile()) {
+      yield entry;
+    }
+  }
+}
+
+function resolveImportPath(sourceFile, importPath, options) {
+  const sourceFileAbs = path.resolve(process.cwd(), sourceFile);
+  const root = path.dirname(sourceFileAbs);
+  const { moduleFilter = defaultModuleFilter } = options;
+
+  if (moduleFilter(importPath)) {
+    const importPathAbs = path.resolve(root, importPath);
+    let possiblePath = [path.resolve(importPathAbs, "./index.ts"), path.resolve(importPathAbs, "./index.js"), importPathAbs + ".ts", importPathAbs + ".js"];
+
+    if (possiblePath.length) {
+      for (let i = 0; i < possiblePath.length; i++) {
+        let entry = possiblePath[i];
+        if (fs.existsSync(entry)) {
+          const resolved = path.relative(root, entry.replace(/\.ts$/, ".js"));
+
+          if (!resolved.startsWith(".")) {
+            return "./" + resolved;
+          }
+
+          return resolved;
+        }
+      }
+    }
+  }
+
+  return null;
+}
+
+function replace(filePath, outFilePath, options) {
+  const code = fs.readFileSync(filePath).toString();
+  const newCode = code.replace(/(import|export) (.+?) from ('[^\n']+'|"[^\n"]+");/gs, function (found, action, imported, from) {
+    const importPath = from.slice(1, -1);
+    let resolvedPath = resolveImportPath(filePath, importPath, options);
+
+    if (resolvedPath) {
+      resolvedPath = resolvedPath.replaceAll("\\", "/");
+      console.log("\t", importPath, resolvedPath);
+      return `${action} ${imported} from "${resolvedPath}";`;
+    }
+
+    return found;
+  });
+
+  if (code !== newCode) {
+    fs.writeFileSync(outFilePath, newCode);
+  }
+}
+
+// Then, use it with a simple async for loop
+async function run(srcDir, options = defaultOptions) {
+  const { sourceFileFilter = defaultSourceFileFilter } = options;
+
+  for await (const entry of walk(srcDir)) {
+    if (sourceFileFilter(entry)) {
+      console.log(entry);
+      replace(entry, entry, options);
+    }
+  }
+}
+
+const defaultSourceFileFilter = function (sourceFilePath) {
+  return /\.(js|ts)$/.test(sourceFilePath) && !/node_modules/.test(sourceFilePath);
+};
+
+const defaultModuleFilter = function (importedModule) {
+  return !path.isAbsolute(importedModule) && !importedModule.startsWith("@") && !importedModule.endsWith(".js");
+};
+
+const defaultOptions = {
+  sourceFileFilter: defaultSourceFileFilter,
+  moduleFilter: defaultModuleFilter,
+};
+
+// Switch this to test on one file or directly run on a directory.
+const DEBUG = false;
+
+if (DEBUG) {
+  replace("./src/index.ts", "./out.ts", defaultOptions);
+} else {
+  await run("./src/", defaultOptions);
+}

packages/libs/lib-iframe/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@certd/lib-iframe",
+  "private": false,
+  "version": "1.25.2",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc --skipLibCheck",
+    "build3": "rollup -c",
+    "build2": "vue-tsc --noEmit && vite build",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "nanoid": "^4.0.0"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^23.0.4",
+    "@rollup/plugin-json": "^6.0.0",
+    "@rollup/plugin-node-resolve": "^15.0.1",
+    "@rollup/plugin-terser": "^0.4.3",
+    "@rollup/plugin-typescript": "^11.0.0",
+    "@types/chai": "^4.3.3",
+    "@typescript-eslint/eslint-plugin": "^5.38.1",
+    "@typescript-eslint/parser": "^5.38.1",
+    "eslint": "^8.24.0",
+    "eslint-config-prettier": "^8.5.0",
+    "eslint-plugin-import": "^2.26.0",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "prettier": "^2.8.8",
+    "rollup": "^3.7.4",
+    "rollup-plugin-visualizer": "^5.8.2",
+    "ts-node": "^10.9.1",
+    "tslib": "^2.5.2",
+    "typescript": "^4.8.4"
+  },
+  "gitHead": "c7f7910fa98e96edeff905326b0a714f1e49b8d5"
+}

packages/libs/lib-iframe/src/index.ts

@@ -0,0 +1 @@
+export * from './lib/iframe.client.js';

packages/libs/lib-iframe/src/lib/iframe.client.ts

@@ -0,0 +1,122 @@
+import { nanoid } from 'nanoid';
+
+export type IframeMessageData<T> = {
+  action: string;
+  id: string;
+  data?: T;
+  replyId?: string;
+  errorCode?: number; //0为成功
+  message?: string;
+};
+
+export type IframeMessageReq<T = any, R = any> = {
+  req: IframeMessageData<T>;
+  onReply: (data: IframeMessageData<R>) => void;
+};
+
+export class IframeException extends Error {
+  code?: number = 0;
+  constructor(data: IframeMessageData<any>) {
+    super(data.message);
+    this.code = data.errorCode;
+  }
+}
+
+export class IframeClient {
+  requestQueue: Record<string, IframeMessageReq> = {};
+  //当前客户端是否是父级页面
+  iframe?: HTMLIFrameElement;
+  onError?: any;
+
+  handlers: Record<string, (data: IframeMessageData<any>) => Promise<void>> = {};
+  constructor(iframe?: HTMLIFrameElement, onError?: (e: any) => void) {
+    this.iframe = iframe;
+    this.onError = onError;
+    window.addEventListener('message', async (event: MessageEvent<IframeMessageData<any>>) => {
+      const data = event.data;
+      if (data.action) {
+        console.log(`收到消息[isSub:${this.isInFrame()}]`, data);
+        try {
+          const handler = this.handlers[data.action];
+          if (handler) {
+            const res = await handler(data);
+            if (data.id && data.action !== 'reply') {
+              await this.send('reply', res, data.id);
+            }
+          } else {
+            throw new Error(`action:${data.action} 未注册处理器，可能版本过低`);
+          }
+        } catch (e: any) {
+          console.error(e);
+          await this.send('reply', {}, data.id, 500, e.message);
+        }
+      }
+    });
+
+    this.register('reply', async data => {
+      const req = this.requestQueue[data.replyId!];
+      if (req) {
+        req.onReply(data);
+        delete this.requestQueue[data.replyId!];
+      }
+    });
+  }
+  isInFrame() {
+    return window.self !== window.top;
+  }
+
+  register<T = any>(action: string, handler: (data: IframeMessageData<T>) => Promise<void>) {
+    this.handlers[action] = handler;
+  }
+
+  async send<R = any, T = any>(action: string, data?: T, replyId?: string, errorCode?: number, message?: string): Promise<IframeMessageData<R>> {
+    try {
+      return await this.doSend<R, T>(action, data, replyId, errorCode, message);
+    } catch (e) {
+      if (this.onError) {
+        this.onError(e);
+      }
+      throw e;
+    }
+  }
+
+  async doSend<R = any, T = any>(action: string, data?: T, replyId?: string, errorCode?: number, message?: string): Promise<IframeMessageData<R>> {
+    const reqMessageData: IframeMessageData<T> = {
+      id: nanoid(),
+      action,
+      data,
+      replyId,
+      errorCode,
+      message,
+    };
+
+    return new Promise((resolve, reject) => {
+      const onReply = (reply: IframeMessageData<R>) => {
+        if (reply.errorCode && reply.errorCode > 0) {
+          reject(new IframeException(reply));
+          return;
+        }
+        resolve(reply);
+      };
+      this.requestQueue[reqMessageData.id] = {
+        req: reqMessageData,
+        onReply,
+      };
+      try {
+        console.log(`send message[isSub:${this.isInFrame()}]:`, reqMessageData);
+        if (!this.iframe) {
+          if (!window.parent) {
+            reject('当前页面不在 iframe 中');
+          }
+          window.parent.postMessage(reqMessageData, '*');
+        } else {
+          //子页面
+          this.iframe.contentWindow?.postMessage(reqMessageData, '*');
+        }
+      } catch (e) {
+        console.error(e);
+        reject(e);
+      }
+    });
+  }
+}

packages/libs/lib-iframe/tsconfig.json

@@ -0,0 +1,41 @@
+{
+  "compileOnSave": true,
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "node",
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    "inlineSourceMap":true,
+    "noImplicitThis": true,
+    "noUnusedLocals": true,
+    "stripInternal": true,
+    "skipLibCheck": true,
+    "pretty": true,
+    "declaration": true,
+    "forceConsistentCasingInFileNames": true,
+    "typeRoots": [ "./typings", "./node_modules/@types"],
+    "outDir": "dist",
+    "rootDir": "src",
+    "composite": true,
+    "useDefineForClassFields": true,
+    "strict": false,
+//    "sourceMap": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "lib": ["ESNext", "DOM"],
+  },
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.d.ts",
+    "src/**/*.json"
+  ],
+  "exclude": [
+    "*.js",
+    "*.ts",
+    "dist",
+    "node_modules",
+    "src/test"
+  ],
+}

packages/libs/lib-jdcloud/.eslintrc

@@ -0,0 +1,23 @@
+{
+  "parser": "@typescript-eslint/parser",
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "extends": [
+    "plugin:@typescript-eslint/recommended",
+    "plugin:prettier/recommended",
+    "prettier"
+  ],
+  "env": {
+    "mocha": true
+  },
+  "rules": {
+    "@typescript-eslint/no-var-requires": "off",
+    "@typescript-eslint/ban-ts-comment": "off",
+    "@typescript-eslint/ban-ts-ignore": "off",
+    "@typescript-eslint/no-explicit-any": "off",
+    "@typescript-eslint/no-empty-function": "off",
+//    "no-unused-expressions": "off",
+    "max-len": [0, 160, 2, { "ignoreUrls": true }]
+  }
+}

packages/libs/lib-jdcloud/.gitignore

@@ -0,0 +1,28 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+test/user.secret.ts
+
+.rollup.cache

packages/libs/lib-jdcloud/.npmignore

@@ -0,0 +1,3 @@
+node_modules
+src
+.rollup.cache

packages/libs/lib-jdcloud/.prettierrc

@@ -0,0 +1,3 @@
+{
+  "printWidth": 160
+}

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -0,0 +1,39 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.24.1](https://github.com/certd/certd/compare/v1.24.0...v1.24.1) (2024-09-02)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))

packages/libs/lib-jdcloud/README.md

@@ -0,0 +1,16 @@
+# Vue 3 + TypeScript + Vite
+
+This template should help get you started developing with Vue 3 and TypeScript in Vite. The template uses Vue 3 `<script setup>` SFCs, check out the [script setup docs](https://v3.vuejs.org/api/sfc-script-setup.html#sfc-script-setup) to learn more.
+
+## Recommended IDE Setup
+
+- [VS Code](https://code.visualstudio.com/) + [Volar](https://marketplace.visualstudio.com/items?itemName=Vue.volar)
+
+## Type Support For `.vue` Imports in TS
+
+Since TypeScript cannot handle type information for `.vue` imports, they are shimmed to be a generic Vue component type by default. In most cases this is fine if you don't really care about component prop types outside of templates. However, if you wish to get actual prop types in `.vue` imports (for example to get props validation when using manual `h(...)` calls), you can enable Volar's Take Over mode by following these steps:
+
+1. Run `Extensions: Show Built-in Extensions` from VS Code's command palette, look for `TypeScript and JavaScript Language Features`, then right click and select `Disable (Workspace)`. By default, Take Over mode will enable itself if the default TypeScript extension is disabled.
+2. Reload the VS Code window by running `Developer: Reload Window` from the command palette.
+
+You can learn more about Take Over mode [here](https://github.com/johnsoncodehk/volar/discussions/471).

packages/libs/lib-jdcloud/fix-esm-import-paths.js

@@ -0,0 +1,96 @@
+import * as fs from "fs";
+import * as path from "path";
+
+// https://gist.github.com/lovasoa/8691344
+async function* walk(dir) {
+  for await (const d of await fs.promises.opendir(dir)) {
+    const entry = path.join(dir, d.name);
+    if (d.isDirectory()) {
+      yield* walk(entry);
+    } else if (d.isFile()) {
+      yield entry;
+    }
+  }
+}
+
+function resolveImportPath(sourceFile, importPath, options) {
+  const sourceFileAbs = path.resolve(process.cwd(), sourceFile);
+  const root = path.dirname(sourceFileAbs);
+  const { moduleFilter = defaultModuleFilter } = options;
+
+  if (moduleFilter(importPath)) {
+    const importPathAbs = path.resolve(root, importPath);
+    let possiblePath = [path.resolve(importPathAbs, "./index.ts"), path.resolve(importPathAbs, "./index.js"), importPathAbs + ".ts", importPathAbs + ".js"];
+
+    if (possiblePath.length) {
+      for (let i = 0; i < possiblePath.length; i++) {
+        let entry = possiblePath[i];
+        if (fs.existsSync(entry)) {
+          const resolved = path.relative(root, entry.replace(/\.ts$/, ".js"));
+
+          if (!resolved.startsWith(".")) {
+            return "./" + resolved;
+          }
+
+          return resolved;
+        }
+      }
+    }
+  }
+
+  return null;
+}
+
+function replace(filePath, outFilePath, options) {
+  const code = fs.readFileSync(filePath).toString();
+  const newCode = code.replace(/(import|export) (.+?) from ('[^\n']+'|"[^\n"]+");/gs, function (found, action, imported, from) {
+    const importPath = from.slice(1, -1);
+    let resolvedPath = resolveImportPath(filePath, importPath, options);
+
+    if (resolvedPath) {
+      resolvedPath = resolvedPath.replaceAll("\\", "/");
+      console.log("\t", importPath, resolvedPath);
+      return `${action} ${imported} from "${resolvedPath}";`;
+    }
+
+    return found;
+  });
+
+  if (code !== newCode) {
+    fs.writeFileSync(outFilePath, newCode);
+  }
+}
+
+// Then, use it with a simple async for loop
+async function run(srcDir, options = defaultOptions) {
+  const { sourceFileFilter = defaultSourceFileFilter } = options;
+
+  for await (const entry of walk(srcDir)) {
+    if (sourceFileFilter(entry)) {
+      console.log(entry);
+      replace(entry, entry, options);
+    }
+  }
+}
+
+const defaultSourceFileFilter = function (sourceFilePath) {
+  return /\.(js|ts)$/.test(sourceFilePath) && !/node_modules/.test(sourceFilePath);
+};
+
+const defaultModuleFilter = function (importedModule) {
+  return !path.isAbsolute(importedModule) && !importedModule.startsWith("@") && !importedModule.endsWith(".js");
+};
+
+const defaultOptions = {
+  sourceFileFilter: defaultSourceFileFilter,
+  moduleFilter: defaultModuleFilter,
+};
+
+// Switch this to test on one file or directly run on a directory.
+const DEBUG = false;
+
+if (DEBUG) {
+  replace("./src/index.ts", "./out.ts", defaultOptions);
+} else {
+  await run("./src/", defaultOptions);
+}

packages/libs/lib-jdcloud/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "@certd/lib-jdcloud",
+  "private": false,
+  "version": "1.25.2",
+  "main": "./dist/bundle.mjs",
+  "module": "./dist/bundle.mjs",
+  "types": "./dist/d/index.d.ts",
+  "scripts": {
+    "dev": "vite",
+    "build": "rollup -c ",
+    "build2": "vue-tsc --noEmit && vite build",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "@certd/pipeline": "1.21.0",
+    "axios": "^1.7.2",
+    "babel-register": "^6.26.0",
+    "buffer": "^5.0.8",
+    "create-hash": "^1.1.3",
+    "create-hmac": "^1.1.6",
+    "debug": "^3.1.0",
+    "node-fetch": "^2.1.2",
+    "rollup": "^3.7.4",
+    "url": "^0.11.0",
+    "uuid": "^3.1.0"
+  },
+  "gitHead": "c7f7910fa98e96edeff905326b0a714f1e49b8d5"
+}

packages/libs/lib-jdcloud/rollup.config.js

@@ -0,0 +1,40 @@
+const resolve = require("@rollup/plugin-node-resolve");
+const commonjs = require("@rollup/plugin-commonjs");
+//const Typescript = require("rollup-plugin-typescript2");
+const Typescript = require("@rollup/plugin-typescript");
+const json = require("@rollup/plugin-json");
+const terser = require("@rollup/plugin-terser");
+module.exports = {
+  input: "src/index.js",
+  output: {
+    file: "dist/bundle.mjs",
+    format: "es",
+  },
+  plugins: [
+    // 解析第三方依赖
+    resolve({
+      jsnext: true,
+      main: true,
+      browser: true,
+    }),
+    // 识别 commonjs 模式第三方依赖
+    commonjs({
+      // dynamicRequireRoot: "../../../../",
+      // dynamicRequireTargets: [
+      //   // include using a glob pattern (either a string or an array of strings)
+      //   "../../../../**/shelljs/src/*",
+      // ],
+    }),
+    // Typescript({
+    //   target: "esnext",
+    //   rootDir: "src",
+    //   declaration: true,
+    //   declarationDir: "dist/d",
+    //   exclude: ["./node_modules/**", "./src/**/*.vue", "./src/**/*.spec.ts"],
+    //   allowSyntheticDefaultImports: true,
+    // }),
+    json(),
+    terser(),
+  ],
+  external: ["vue", "lodash-es", "dayjs", "log4js", "@midwayjs/core", "@certd/pipeline", "axios", "querystring"],
+};

packages/libs/lib-jdcloud/src/global.js

@@ -0,0 +1,2 @@
+require('./lib/node_loader')
+module.exports = require('./lib/core')

packages/libs/lib-jdcloud/src/index.js

@@ -0,0 +1 @@
+module.exports.DomainService = require("./repo/domainservice/v2/domainservice.js");

packages/libs/lib-jdcloud/src/jdcloud.js

@@ -0,0 +1 @@
+module.exports = require('./lib/jc')

packages/libs/lib-jdcloud/src/lib/browser.js

@@ -0,0 +1,4 @@
+require("babel-polyfill");
+require("./browser_loader");
+var JC = require("./core");
+module.exports = JC;

packages/libs/lib-jdcloud/src/lib/browser_loader.js

@@ -0,0 +1,13 @@
+var util = require('./util')
+util.crypto.lib = {
+  createHash: require('create-hash'),
+  createHmac: require('create-hmac')
+}
+util.Buffer = require('buffer/').Buffer
+util.url = require('url/')
+util.querystring = require('querystring/')
+util.environment = 'js'
+
+var JC = require('./core')
+
+module.exports = JC

packages/libs/lib-jdcloud/src/lib/common.js

@@ -0,0 +1,6 @@
+require('./core')
+
+require('./config')
+require('./request')
+require('./service')
+require('./credentials')

packages/libs/lib-jdcloud/src/lib/config.js

@@ -0,0 +1,78 @@
+var JDCloud = require('./core')
+
+let defaultValues = {
+  credentials: null,
+  regionId: null,
+  apiVersions: null,
+  endpoint: {},
+  version: {},
+  logger: function (string, level = 'INFO') {
+    // level: INFO / DEBUG / ERROR / WARN
+    console.log(string)
+  }
+}
+JDCloud.Config = class Config {
+  constructor (options = {}) {
+    options = this.extractCredentials(options)
+
+    JDCloud.util.each.call(this, defaultValues, function (key, value) {
+      if (options[key] === undefined) {
+        this[key] = value
+      } else {
+        this[key] = options[key]
+      }
+    })
+    JDCloud.util.each.call(this, JDCloud.Service._services, function (
+      key,
+      value
+    ) {
+      if (options[key] !== undefined) {
+        this[key] = options[key]
+      }
+    })
+  }
+
+  extractCredentials (options) {
+    if (options.accessKeyId && options.secretAccessKey) {
+      options = Object.assign({}, options)
+      options.credentials = new JDCloud.Credentials(options)
+    }
+    return options
+  }
+
+  getCredentials () {
+    var p = new Promise((resolve, reject) => {
+      if (this.credentials) {
+        if (typeof this.credentials.get === 'function') {
+        } else if (
+          this.credentials.accessKeyId &&
+          this.credentials.secretAccessKey
+        ) {
+          resolve()
+        } else {
+          reject(new Error('missing credentials'))
+        }
+      } else if (this.credentialProvider) {
+      } else {
+        reject(new Error('get credentials failed'))
+      }
+    })
+
+    return p
+  }
+
+  update (options, allowUnknownKeys = false) {
+    options = this.extractCredentials(options)
+    JDCloud.util.each.call(this, options, function (key, value) {
+      if (
+        allowUnknownKeys ||
+        defaultValues.hasOwnProperty(key) ||
+        JDCloud.Service.hasService(key)
+      ) {
+        this[key] = options[key]
+      }
+    })
+  }
+}
+
+JDCloud.config = new JDCloud.Config()

packages/libs/lib-jdcloud/src/lib/core.js

@@ -0,0 +1,12 @@
+var JDCloud = {
+  util: require("./util"),
+  // todo swaggerVar
+  VERSION: "",
+  fetch: require("node-fetch"),
+};
+
+module.exports = JDCloud;
+
+require("./service");
+require("./config");
+require("./request");

packages/libs/lib-jdcloud/src/lib/credentials.js

@@ -0,0 +1,21 @@
+var JDCloud = require('./core')
+
+JDCloud.Credentials = class Credentials {
+  constructor () {
+    this.expired = false
+    this.expireTime = null
+
+    if (arguments.length === 1 && typeof arguments[0] === 'object') {
+      var creds = arguments[0].credentials || arguments[0]
+      this.accessKeyId = creds.accessKeyId
+      this.secretAccessKey = creds.secretAccessKey
+      this.sessionToken = creds.sessionToken
+    } else {
+      this.accessKeyId = arguments[0]
+      this.secretAccessKey = arguments[1]
+      this.sessionToken = arguments[2]
+    }
+  }
+}
+
+module.exports = JDCloud.Credentials

packages/libs/lib-jdcloud/src/lib/jc.js

@@ -0,0 +1,3 @@
+require('./node_loader')
+var JDCloud = require('./core')
+module.exports = JDCloud

packages/libs/lib-jdcloud/src/lib/node_loader.js

@@ -0,0 +1,12 @@
+var util = require('./util')
+
+util.crypto.lib = require('crypto')
+util.Buffer = require('buffer').Buffer
+util.url = require('url')
+util.querystring = require('querystring')
+util.environment = 'nodejs'
+let JDCloud = require('./core')
+JDCloud.fetch = require('node-fetch')
+module.exports = JDCloud
+
+require('./credentials')

packages/libs/lib-jdcloud/src/lib/request.js

@@ -0,0 +1,137 @@
+var JDCloud = require("./core");
+
+let util = JDCloud.util;
+JDCloud.JCRequest = class JCRequest {
+  constructor(service, path, httpMethod, pathParams, queryParams, headerParams, formParams, postBody, contentTypes, accepts, returnType) {
+    this.service = service;
+
+    var endpoint = service.config.endpoint;
+    pathParams.regionId = pathParams.regionId || service.config.regionId;
+    this.regionId = pathParams.regionId;
+
+    this.path = this.buildPath(path, pathParams);
+    this.path = util.uriEscapePath(this.path);
+
+    var queryString = this.buildQuery(queryParams);
+
+    var url = this.path;
+    if (queryString) {
+      url = this.path + "?" + queryString;
+    }
+
+    var contentType = this.jsonPreferredMime(contentTypes) || "application/json";
+    headerParams["content-type"] = contentType;
+    var requestHeaders = this.buildHeaders(headerParams);
+
+    var requestInit = {
+      method: httpMethod || "GET",
+      headers: requestHeaders,
+    };
+
+    if (contentType === "application/x-www-form-urlencoded") {
+    } else if (contentType === "multipart/form-data") {
+    } else if (postBody) {
+      requestInit.body = JSON.stringify(postBody);
+    }
+    var fetchUrl = endpoint.protocol + "://" + endpoint.host + url;
+    JDCloud.config.logger(`make request where url is :${fetchUrl} \nwith fetch config:${JSON.stringify(requestInit)}`);
+    this.request = new JDCloud.fetch.Request(fetchUrl, requestInit);
+    this.request.bodyCache = requestInit.body;
+  }
+
+  buildPath(path, pathParams) {
+    var uri = (this.service.config.basePath || "") + path;
+    uri = uri.replace(/\{([\w-]+)\}/g, (fullMatch, key) => {
+      var value;
+      if (pathParams.hasOwnProperty(key)) {
+        value = pathParams[key];
+      } else {
+        value = fullMatch;
+      }
+      return value;
+    });
+    return uri;
+  }
+
+  buildQuery(queryParams) {
+    var queryParamsWithoutEmptyItem = {};
+    var keys = Object.keys(queryParams);
+    for (let key of keys) {
+      if (queryParams[key] !== undefined) {
+        queryParamsWithoutEmptyItem[key] = queryParams[key];
+      }
+    }
+    return JDCloud.util.querystring.stringify(queryParamsWithoutEmptyItem);
+  }
+
+  search() {
+    var query = this.request.url.split("?", 2)[1];
+    if (query) {
+      query = JDCloud.util.querystring.parse(query);
+      return JDCloud.util.queryParamsToString(query);
+    }
+    return "";
+  }
+
+  digitizationArray(key, obj) {
+    var result = key;
+    if (Array.isArray(obj)) {
+      JDCloud.util.arrayEach(obj, (arrayValue, index) => {
+        result += this.digitizationArray(`.${index + 1}`, arrayValue);
+      });
+    } else if (typeof obj === "object" && obj != null) {
+      JDCloud.util.each(obj, (key, ObjValue) => {
+        result += `.name=${key}&${result}.values` + this.digitizationArray();
+        result += key + ".name=" + ObjValue + "&" + this.digitizationArray(key + ".values", ObjValue);
+      });
+    } else {
+      result += key + "=" + encodeURI(obj);
+    }
+    return result;
+  }
+
+  buildHeaders(headerParams) {
+    var headers = new JDCloud.fetch.Headers({
+      accept: "application/json",
+    });
+
+    util.each.call(this, headerParams, function (key) {
+      if (headerParams[key] !== undefined && headerParams[key] != null) {
+        headers.append(key, headerParams[key]);
+      }
+    });
+    return headers;
+  }
+
+  /**
+   * Checks whether the given content type represents JSON.<br>
+   * JSON content type examples:<br>
+   * <ul>
+   * <li>application/json</li>
+   * <li>application/json; charset=UTF8</li>
+   * <li>APPLICATION/JSON</li>
+   * </ul>
+   * @param {String} contentType The MIME content type to check.
+   * @returns {Boolean} <code>true</code> if <code>contentType</code> represents JSON, otherwise <code>false</code>.
+   */
+  isJsonMime(contentType) {
+    return Boolean(contentType != null && contentType.match(/^application\/json(;.*)?$/i));
+  }
+
+  /**
+   * Chooses a content type from the given array, with JSON preferred; i.e. return JSON if included, otherwise return the first.
+   * @param {Array.<String>} contentTypes
+   * @returns {String} The chosen content type, preferring JSON.
+   */
+  jsonPreferredMime(contentTypes) {
+    for (var i = 0; i < contentTypes.length; i++) {
+      if (this.isJsonMime(contentTypes[i])) {
+        return contentTypes[i];
+      }
+    }
+
+    return contentTypes[0];
+  }
+};
+
+module.exports = JDCloud.JCRequest;

packages/libs/lib-jdcloud/src/lib/service.js

@@ -0,0 +1,231 @@
+var JDCloud = require('./core')
+var SignerV2 = require('./signers/v2')
+
+JDCloud.Service = class Service {
+  constructor (serviceId, config = {}) {
+    this.serviceId = serviceId
+    this.init(config)
+  }
+
+  init (config) {
+    // 某个服务类型的全局配置
+    var serviceConfig = JDCloud.config[this.serviceId]
+    // 全局配置
+    this.config = new JDCloud.Config(JDCloud.config)
+    if (serviceConfig) {
+      this.config.update(serviceConfig, true)
+    }
+    if (config) {
+      if (!this.config.endpoint.host && !config.endpoint) {
+        config.endpoint = config._defaultEndpoint
+      }
+      delete config._defaultEndpoint
+      this.config.update(config, true)
+    }
+  }
+
+  makeRequest (
+    path,
+    httpMethod,
+    pathParams,
+    queryParams,
+    headerParams,
+    formParams,
+    postBody,
+    contentTypes,
+    accepts,
+    returnType,
+    callback
+  ) {
+    var request = new JDCloud.JCRequest(
+      this,
+      path,
+      httpMethod,
+      pathParams,
+      queryParams,
+      headerParams,
+      formParams,
+      postBody,
+      contentTypes,
+      accepts,
+      returnType
+    )
+
+    var signer = new SignerV2(request, this.serviceId)
+
+    return this.config.getCredentials().then(() => {
+      signer.addAuthorization(this.config.credentials)
+      return JDCloud.fetch(signer.request.request).then(response => {
+        return response.json().then(
+          result => {
+            result.responseObj = response
+            if (response.ok) {
+              return result
+            }
+            return Promise.reject(result)
+          },
+          error => {
+            error.responseObj = response
+            if (error.type === 'invalid-json') {
+              // oss没有返回json
+              if (response.ok) {
+                return Promise.resolve({
+                  requestId: response.headers.get('x-jdcloud-request-id') || ''
+                })
+              } else {
+                /* eslint-disable */
+                return Promise.reject({
+                  requestId: response.headers.get('x-jdcloud-request-id') || ''
+                })
+                /* eslint-enable */
+              }
+            }
+            throw error
+          }
+        )
+      })
+    })
+  }
+
+  buildCollectionParam (param, collectionFormat) {
+    if (param === null || param === undefined) {
+      return param
+    }
+    switch (collectionFormat) {
+      case 'csv':
+        return param.map(this.paramToString).join(',')
+      case 'ssv':
+        return param.map(this.paramToString).join(' ')
+      case 'tsv':
+        return param.map(this.paramToString).join('\t')
+      case 'pipes':
+        return param.map(this.paramToString).join('|')
+      case 'multi':
+        // return the array directly as SuperAgent will handle it as expected
+        return param.map(this.paramToString)
+      default:
+        throw new Error('Unknown collection format: ' + collectionFormat)
+    }
+  }
+
+  /**
+   *  filter is a special type of array
+   *  only contains:
+   *  [
+   *      { name: someString , values:[ someString, someString ] ,operator: someString}
+   *  ]
+   *
+   */
+  buildFilterParam (param, key) {
+    var result = {}
+    if (Array.isArray(param)) {
+      let index = 0
+      for (var i = 0; i < param.length; i++) {
+        var obj = param[i]
+
+        // 兼容空字符串
+        if (obj.values !== '' && !Array.isArray(obj.values)) {
+          throw new Error('The type of filters.values should be Array!')
+        }
+        if (obj.name && obj.values) {
+          if (!obj.values.length) continue
+          result[`${key}.${index + 1}.name`] = obj.name
+          for (var j = 0; j < obj.values.length; j++) {
+            var someString = obj.values[j]
+            result[`${key}.${index + 1}.values.${j + 1}`] = someString
+          }
+          if (obj.operator) {
+            result[`${key}.${index + 1}.operator`] = obj.operator
+          }
+          index++
+        }
+      }
+    }
+    return result
+  }
+
+  buildTagFilterParam (param = [], key) {
+    var result = {}
+    if (!Array.isArray(param)) {
+      throw new Error(`The type of param 'param' should be Array!`)
+    }
+
+    for (var i = 0; i < param.length; i++) {
+      var obj = param[i]
+
+      if (obj.values && !Array.isArray(obj.values)) {
+        throw new Error(
+          `The type of param 'param[${i}].values' should be Array or NULL!`
+        )
+      }
+
+      if (obj.key) {
+        result[`${key}.${i + 1}.key`] = obj.key
+
+        if (obj.values) {
+          for (var j = 0; j < obj.values.length; j++) {
+            var someString = obj.values[j]
+            result[`${key}.${i + 1}.values.${j + 1}`] = someString
+          }
+        }
+      }
+    }
+    return result
+  }
+
+  buildSortParam (param = [], key) {
+    var result = {}
+    if (!Array.isArray(param)) {
+      throw new Error(`The type of param 'param' should be Array!`)
+    }
+
+    var index = 0
+    for (var i = 0; i < param.length; i++) {
+      var obj = param[i]
+
+      if (obj.name && obj.direction) {
+        index++
+        result[`${key}.${index}.name`] = obj.name
+        result[`${key}.${index}.direction`] = obj.direction
+      }
+    }
+    return result
+  }
+
+  // arr=[a,b,c] =>  arr={arr1:a, arr2:b, arr3:c}
+  buildArrayParam (param = [], key) {
+    var result = {}
+    if (!Array.isArray(param)) {
+      throw new Error(`The type of param 'param' should be Array!`)
+    }
+
+    for (var i = 0; i < param.length; i++) {
+      var value = param[i]
+      result[`${key}.${i + 1}`] = value
+    }
+    return result
+  }
+
+  /**
+   * Returns a string representation for an actual parameter.
+   * @param param The actual parameter.
+   * @returns {String} The string representation of <code>param</code>.
+   */
+  paramToString (param) {
+    if (param === undefined || param === null) {
+      return ''
+    }
+    if (param instanceof Date) {
+      return param.toJSON()
+    }
+
+    return param.toString()
+  }
+
+  static hasService (id) {
+    return JDCloud.Service._services.hasOwnProperty(id)
+  }
+}
+JDCloud.Service._services = {}
+
+module.exports = JDCloud.Service

packages/libs/lib-jdcloud/src/lib/signers/request_signer.js

@@ -0,0 +1,13 @@
+module.exports = class RequestSigner {
+  constructor (request) {
+    this.request = request
+  }
+
+  setServiceClientId (id) {
+    this.serviceClientId = id
+  }
+
+  getServiceClientId () {
+    return this.serviceClientId
+  }
+}

packages/libs/lib-jdcloud/src/lib/signers/v2.js

@@ -0,0 +1,162 @@
+// Copyright 2018 JDCLOUD.COM
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License
+// This signer is modified from AWS V4 signer algorithm.
+
+var util = require("../util");
+var RequestSigner = require("./request_signer");
+var v2Credentials = require("./v2_credentials");
+var uuid = require("uuid");
+var JDCloud = require("../core");
+
+module.exports = class SignerV2 extends RequestSigner {
+  constructor(request, serviceName, options = {}) {
+    super(request);
+    this.signatureCache = true;
+    this.algorithm = "JDCLOUD2-HMAC-SHA256";
+    this.unsignableHeaders = ["authorization", "user-agent"];
+    this.serviceName = serviceName;
+    // this.signatureCache = typeof options.signatureCache === 'boolean' ? options.signatureCache : true;
+  }
+
+  // 签名流程见 https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
+
+  addAuthorization(credentials, date) {
+    // var datetime = '20180119T070300Z';
+    var datetime = util.date.iso8601(date).replace(/[:-]|\.\d{3}/g, "");
+    this.addHeaders(credentials, datetime);
+    this.request.request.headers.set("Authorization", this.authorization(credentials, datetime));
+  }
+
+  addHeaders(credentials, datetime) {
+    this.request.request.headers.set("x-jdcloud-date", datetime);
+    this.request.request.headers.set("x-jdcloud-nonce", uuid.v4());
+    this.request.request.headers.set("host", this.request.service.config.endpoint.host);
+  }
+
+  signedHeaders() {
+    var keys = [];
+    this.request.request.headers.forEach((value, key) => {
+      key = key.toLowerCase();
+      if (this.isSignableHeader(key)) {
+        keys.push(key);
+      }
+    });
+    /* util.each.call(this, this.request.headers, function (key) {
+
+        }); */
+    return keys.sort().join(";");
+  }
+
+  credentialString(datetime) {
+    return v2Credentials.createScope(datetime.substr(0, 8), this.request.regionId, this.serviceName);
+  }
+
+  signature(credentials, datetime) {
+    var signingKey = v2Credentials.getSigningKey(credentials, datetime.substr(0, 8), this.request.regionId, this.serviceName, this.signatureCache);
+    return util.crypto.hmac(signingKey, this.stringToSign(datetime), "hex");
+  }
+
+  stringToSign(datetime) {
+    var parts = [];
+    parts.push(this.algorithm);
+    parts.push(datetime);
+    parts.push(this.credentialString(datetime));
+    parts.push(this.hexEncodedHash(this.canonicalString()));
+    JDCloud.config.logger("StringToSign is \n" + JSON.stringify(parts), "DEBUG");
+    return parts.join("\n");
+  }
+
+  // 构建标准签名字符串
+  canonicalString() {
+    var parts = [];
+    var pathname = this.request.path;
+    //    if (this.serviceName !== 'jfs') {
+    //      pathname = util.uriEscapePath(pathname)
+    //    }
+
+    parts.push(this.request.request.method);
+    parts.push(pathname);
+    parts.push(this.request.search());
+    parts.push(this.canonicalHeaders() + "\n");
+    parts.push(this.signedHeaders());
+    parts.push(this.hexEncodedBodyHash());
+    JDCloud.config.logger("canonicalString is \n" + JSON.stringify(parts), "DEBUG");
+    return parts.join("\n");
+  }
+
+  canonicalHeaders() {
+    var headers = [];
+    this.request.request.headers.forEach((value, key) => {
+      headers.push([key, value]);
+    });
+    headers.sort(function (a, b) {
+      return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : 1;
+    });
+    var parts = [];
+    util.arrayEach.call(this, headers, function (item) {
+      var key = item[0].toLowerCase();
+      if (this.isSignableHeader(key)) {
+        var value = item[1];
+        if (typeof value === "undefined" || value === null || typeof value.toString !== "function") {
+          throw util.error(new Error("Header " + key + " contains invalid value"), {
+            code: "InvalidHeader",
+          });
+        }
+        parts.push(key + ":" + this.canonicalHeaderValues(value.toString()));
+      }
+    });
+    return parts.join("\n");
+  }
+
+  canonicalHeaderValues(values) {
+    return values.replace(/\s+/g, " ").replace(/^\s+|\s+$/g, "");
+  }
+
+  authorization(credentials, datetime) {
+    var parts = [];
+    var credString = this.credentialString(datetime);
+    parts.push(this.algorithm + " Credential=" + credentials.accessKeyId + "/" + credString);
+    parts.push("SignedHeaders=" + this.signedHeaders());
+    parts.push("Signature=" + this.signature(credentials, datetime));
+    JDCloud.config.logger("Signature is \n" + JSON.stringify(parts), "DEBUG");
+    return parts.join(", ");
+  }
+
+  hexEncodedHash(string) {
+    return util.crypto.sha256(string, "hex");
+  }
+
+  hexEncodedBodyHash() {
+    let body = this.request.request?.body;
+    if (body && body instanceof ReadableStream) {
+      body = this.request.request?.bodyCache;
+    }
+    return this.hexEncodedHash(body || "");
+    /* var request = this.request;
+        if (this.isPresigned() && this.serviceName === 's3' && !request.body) {
+            return 'UNSIGNED-PAYLOAD';
+        } else if (request.headers['X-Amz-Content-Sha256']) {
+            return request.headers['X-Amz-Content-Sha256'];
+        } else {
+            return this.hexEncodedHash(this.request.body || '');
+        } */
+  }
+
+  isSignableHeader(key) {
+    if (key.toLowerCase().includes("x-jdcloud-")) {
+      return true;
+    }
+    return !this.unsignableHeaders.includes(key.toLowerCase());
+  }
+};

packages/libs/lib-jdcloud/src/lib/signers/v2_credentials.js

@@ -0,0 +1,80 @@
+var cachedSecret = {}
+var cacheQueue = []
+var maxCacheEntries = 50
+var v2Identifier = 'jdcloud2_request'
+
+var util = require('../util')
+
+module.exports = {
+  /**
+   * @api private
+   *
+   * @param date [String]
+   * @param region [String]
+   * @param serviceName [String]
+   * @return [String]
+   */
+  createScope: function createScope (date, region, serviceName) {
+    return [date.substr(0, 8), region, serviceName, v2Identifier].join('/')
+  },
+
+  /**
+   * @api private
+   *
+   * @param credentials [Credentials]
+   * @param date [String]
+   * @param region [String]
+   * @param service [String]
+   * @param shouldCache [Boolean]
+   * @return [String]
+   */
+  getSigningKey: function getSigningKey (
+    credentials,
+    date,
+    region,
+    service,
+    shouldCache
+  ) {
+    var credsIdentifier = util.crypto.hmac(
+      credentials.secretAccessKey,
+      credentials.accessKeyId,
+      'base64'
+    )
+    var cacheKey = [credsIdentifier, date, region, service].join('_')
+    shouldCache = shouldCache !== false
+    if (shouldCache && cacheKey in cachedSecret) {
+      return cachedSecret[cacheKey]
+    }
+
+    var kDate = util.crypto.hmac(
+      'JDCLOUD2' + credentials.secretAccessKey,
+      date,
+      'buffer'
+    )
+    var kRegion = util.crypto.hmac(kDate, region, 'buffer')
+    var kService = util.crypto.hmac(kRegion, service, 'buffer')
+
+    var signingKey = util.crypto.hmac(kService, v2Identifier, 'buffer')
+    if (shouldCache) {
+      cachedSecret[cacheKey] = signingKey
+      cacheQueue.push(cacheKey)
+      if (cacheQueue.length > maxCacheEntries) {
+        // remove the oldest entry (not the least recently used)
+        delete cachedSecret[cacheQueue.shift()]
+      }
+    }
+
+    return signingKey
+  },
+
+  /**
+   * @api private
+   *
+   * Empties the derived signing key cache. Made available for testing purposes
+   * only.
+   */
+  emptyCache: function emptyCache () {
+    cachedSecret = {}
+    cacheQueue = []
+  }
+}

packages/libs/lib-jdcloud/src/lib/util.js

@@ -0,0 +1,219 @@
+var util = {
+  isBrowser: function isBrowser() {
+    return process && process.browser;
+  },
+  isNode: function isNode() {
+    return !util.isBrowser();
+  },
+  uriEscape: function uriEscape(string) {
+    var output = encodeURIComponent(string);
+    output = output.replace(/[^A-Za-z0-9_.~\-%]+/g, escape);
+
+    // AWS percent-encodes some extra non-standard characters in a URI
+    output = output.replace(/[*]/g, function (ch) {
+      return "%" + ch.charCodeAt(0).toString(16).toUpperCase();
+    });
+
+    return output;
+  },
+  uriEscapePath: function uriEscapePath(string) {
+    var parts = [];
+    util.arrayEach(string.split("/"), function (part) {
+      parts.push(util.uriEscape(part));
+    });
+    return parts.join("/");
+  },
+  abort: {},
+  each: function each(object, iterFunction) {
+    for (var key in object) {
+      if (Object.prototype.hasOwnProperty.call(object, key)) {
+        var ret = iterFunction.call(this, key, object[key]);
+        if (ret === util.abort) break;
+      }
+    }
+  },
+
+  arrayEach: function arrayEach(array, iterFunction) {
+    for (var idx in array) {
+      if (Object.prototype.hasOwnProperty.call(array, idx)) {
+        var ret = iterFunction.call(this, array[idx], parseInt(idx, 10));
+        if (ret === util.abort) break;
+      }
+    }
+  },
+  arraySliceFn: function arraySliceFn(obj) {
+    var fn = obj.slice || obj.webkitSlice || obj.mozSlice;
+    return typeof fn === "function" ? fn : null;
+  },
+  queryParamsToString: function queryParamsToString(params) {
+    var items = [];
+    var escape = util.uriEscape;
+    var sortedKeys = Object.keys(params).sort();
+
+    util.arrayEach(sortedKeys, function (name) {
+      var value = params[name];
+      var ename = escape(name);
+      var result = ename + "=";
+      if (Array.isArray(value)) {
+        var vals = [];
+        util.arrayEach(value, function (item) {
+          vals.push(escape(item));
+        });
+        result = ename + "=" + vals.sort().join("&" + ename + "=");
+      } else if (value !== undefined && value !== null) {
+        result = ename + "=" + escape(value);
+      }
+      items.push(result);
+    });
+
+    return items.join("&");
+  },
+  date: {
+    getDate() {
+      return new Date();
+    },
+    iso8601: function iso8601(date) {
+      if (date === undefined) {
+        date = util.date.getDate();
+      }
+      return date.toISOString().replace(/\.\d{3}Z$/, "Z");
+    },
+  },
+  crypto: {
+    /* eslint-disable no-use-before-define */
+    crc32Table: [
+      0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+      0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+      0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+      0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+      0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+      0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+      0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+      0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+      0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+      0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+      0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+      0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+      0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+      0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+      0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+      0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+      0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+      0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+      0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+      0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+      0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+      0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
+    ],
+    /* eslint-disable no-use-before-define */
+
+    crc32: function crc32(data) {
+      var tbl = util.crypto.crc32Table;
+      var crc = 0 ^ -1;
+
+      if (typeof data === "string") {
+        data = new util.Buffer(data);
+      }
+
+      for (var i = 0; i < data.length; i++) {
+        var code = data.readUInt8(i);
+        crc = (crc >>> 8) ^ tbl[(crc ^ code) & 0xff];
+      }
+      return (crc ^ -1) >>> 0;
+    },
+
+    hmac: function hmac(key, string, digest, fn) {
+      if (!digest) digest = "binary";
+      if (digest === "buffer") {
+        digest = undefined;
+      }
+      if (!fn) fn = "sha256";
+      if (typeof string === "string") string = new util.Buffer(string);
+      return util.crypto.lib.createHmac(fn, key).update(string).digest(digest);
+    },
+
+    md5: function md5(data, digest, callback) {
+      return util.crypto.hash("md5", data, digest, callback);
+    },
+
+    sha256: function sha256(data, digest, callback) {
+      return util.crypto.hash("sha256", data, digest, callback);
+    },
+
+    hash: function (algorithm, data, digest, callback) {
+      var hash = util.crypto.createHash(algorithm);
+      if (!digest) {
+        digest = "binary";
+      }
+      if (digest === "buffer") {
+        digest = undefined;
+      }
+      if (typeof data === "string") data = new util.Buffer(data);
+      var sliceFn = util.arraySliceFn(data);
+      var isBuffer = util.Buffer.isBuffer(data);
+      // Identifying objects with an ArrayBuffer as buffers
+      if (util.isBrowser() && typeof ArrayBuffer !== "undefined" && data && data.buffer instanceof ArrayBuffer) {
+        isBuffer = true;
+      }
+
+      if (callback && typeof data === "object" && typeof data.on === "function" && !isBuffer) {
+        data.on("data", function (chunk) {
+          hash.update(chunk);
+        });
+        data.on("error", function (err) {
+          callback(err);
+        });
+        data.on("end", function () {
+          callback(null, hash.digest(digest));
+        });
+      } else if (callback && sliceFn && !isBuffer && typeof FileReader !== "undefined") {
+        // this might be a File/Blob
+        var index = 0;
+        var size = 1024 * 512;
+        var reader = new FileReader();
+        reader.onerror = function () {
+          callback(new Error("Failed to read data."));
+        };
+        reader.onload = function () {
+          var buf = new util.Buffer(new Uint8Array(reader.result));
+          hash.update(buf);
+          index += buf.length;
+          reader._continueReading();
+        };
+        reader._continueReading = function () {
+          if (index >= data.size) {
+            callback(null, hash.digest(digest));
+            return;
+          }
+
+          var back = index + size;
+          if (back > data.size) back = data.size;
+          reader.readAsArrayBuffer(sliceFn.call(data, index, back));
+        };
+
+        reader._continueReading();
+      } else {
+        if (util.isBrowser() && typeof data === "object" && !isBuffer) {
+          data = new util.Buffer(new Uint8Array(data));
+        }
+        var out = hash.update(data).digest(digest);
+        if (callback) callback(null, out);
+        return out;
+      }
+    },
+
+    toHex: function toHex(data) {
+      var out = [];
+      for (var i = 0; i < data.length; i++) {
+        out.push(("0" + data.charCodeAt(i).toString(16)).substr(-2, 2));
+      }
+      return out.join("");
+    },
+
+    createHash: function createHash(algorithm) {
+      return util.crypto.lib.createHash(algorithm);
+    },
+  },
+};
+
+module.exports = util;

packages/libs/lib-jdcloud/tsconfig.json

@@ -0,0 +1,41 @@
+{
+  "compileOnSave": false,
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "node",
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    "inlineSourceMap":true,
+    "noImplicitThis": true,
+    "noUnusedLocals": true,
+    "stripInternal": true,
+    "skipLibCheck": true,
+    "pretty": true,
+    "declaration": true,
+    "forceConsistentCasingInFileNames": true,
+    "typeRoots": [ "./typings", "./node_modules/@types"],
+    "outDir": "dist",
+    "rootDir": "src",
+    "composite": true,
+    "useDefineForClassFields": true,
+    "strict": false,
+    "sourceMap": true,
+    "resolveJsonModule": true,
+    "isolatedModules": false,
+    "lib": ["ESNext", "DOM"],
+  },
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.d.ts",
+    "src/**/*.js",
+    "src/**/*.json"
+  ],
+  "exclude": [
+    "*.ts",
+    "dist",
+    "node_modules",
+    "test"
+  ],
+}

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,28 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+### Performance Improvements
+
+* 支持k8s ingress secret ([e5a5d0a](https://github.com/certd/certd/commit/e5a5d0a607bb6b4e1a1f7a1a419bada5f2dee59f))
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.24.2",
+  "version": "1.25.2",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -16,7 +16,7 @@
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
-    "@certd/pipeline": "^1.24.2",
+    "@certd/pipeline": "^1.25.2",
     "@rollup/plugin-commonjs": "^23.0.4",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-node-resolve": "^15.0.1",
@@ -37,5 +37,5 @@
     "tslib": "^2.5.2",
     "typescript": "^4.8.4"
   },
-  "gitHead": "bef6b981e26a010a797734e508de6822de8564f5"
+  "gitHead": "c7f7910fa98e96edeff905326b0a714f1e49b8d5"
 }

packages/libs/lib-k8s/src/index.ts

@@ -1 +1 @@
-export * from "./lib/k8s.client.js";
+export * from './lib/k8s.client.js';

packages/libs/lib-k8s/src/lib/k8s.client.ts

@@ -1,6 +1,7 @@
-import { KubeConfig, CoreV1Api, V1Secret, NetworkingV1Api, V1Ingress } from '@kubernetes/client-node';
+import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from '@kubernetes/client-node';
 import dns from 'dns';
 import { ILogger } from '@certd/pipeline';
+import _ from 'lodash-es';
 
 export type K8sClientOpts = {
   kubeConfigStr: string;
@@ -74,7 +75,7 @@ export class K8sClient {
   async createSecret(opts: { namespace: string; body: V1Secret }) {
     const namespace = opts.namespace || 'default';
     const created = await this.client.createNamespacedSecret(namespace, opts.body);
-    this.logger.info('new secrets:', created.body);
+    this.logger.info('new secrets:', opts.body);
     return created.body;
   }
 
@@ -93,8 +94,11 @@ export class K8sClient {
     if (secretName == null) {
       throw new Error('secretName 不能为空');
     }
-    const res = await this.client.patchNamespacedSecret(secretName, namespace, opts.body);
-    this.logger.info('secret patched:', res.body);
+    this.logger.info('patch secret:', secretName, namespace);
+    const oldSecret = await this.client.readNamespacedSecret(secretName, namespace);
+    const newSecret = _.merge(oldSecret.body, opts.body);
+    const res = await this.client.replaceNamespacedSecret(secretName, namespace, newSecret);
+    this.logger.info('secret updated');
     return res.body;
   }
 
@@ -123,9 +127,12 @@ export class K8sClient {
     if (!ingressName) {
       throw new Error('ingressName 不能为空');
     }
+    this.logger.info('patch ingress:', ingressName, namespace);
     const client = this.kubeconfig.makeApiClient(NetworkingV1Api);
-    const res = await client.patchNamespacedIngress(ingressName, namespace, opts.body);
-    this.logger.info('ingress patched:', res.body);
+    const oldIngress = await client.readNamespacedIngress(ingressName, namespace);
+    const newIngress = _.merge(oldIngress.body, opts.body);
+    const res = await client.replaceNamespacedIngress(ingressName, namespace, newIngress);
+    this.logger.info('ingress patched', opts.body);
     return res;
   }
 }

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,22 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.22.6",
+  "version": "1.25.2",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -33,7 +33,7 @@
     "@rollup/plugin-terser": "^0.4.3",
     "@rollup/plugin-typescript": "^11.0.0",
     "@types/chai": "^4.3.3",
-    "@types/node": "16",
+    "@types/node": "^18",
     "@typescript-eslint/eslint-plugin": "^5.38.1",
     "@typescript-eslint/parser": "^5.38.1",
     "better-sqlite3": "^11.1.2",
@@ -53,5 +53,5 @@
     "typeorm": "^0.3.11",
     "typescript": "~5.1.0"
   },
-  "gitHead": "e5da46cfc31b2e30a4903bcb2251b1851265ef41"
+  "gitHead": "c7f7910fa98e96edeff905326b0a714f1e49b8d5"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,35 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+### Features
+
+* 支持中间证书 ([e86756e](https://github.com/certd/certd/commit/e86756e4c65a53dd23106d7ecbfe2fa987cc13f3))
+
+### Performance Improvements
+
+* 证书支持旧版RSA，pkcs1 ([3d9c3ec](https://github.com/certd/certd/commit/3d9c3ecb3eb604b2458154f608bde0f01915d116))
+* plugins增加图标 ([a8da658](https://github.com/certd/certd/commit/a8da658a9723342b4f43a579f7805bfef0648efb))
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+### Performance Improvements
+
+* 支持群晖 ([5c270b6](https://github.com/certd/certd/commit/5c270b6b9d45a2152f9fdb3c07bd98b7c803cb8e))
+
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
 
 ### Performance Improvements

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.24.2",
+  "version": "1.25.2",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -13,8 +13,8 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.24.2",
-    "@certd/pipeline": "^1.24.2",
+    "@certd/acme-client": "^1.25.2",
+    "@certd/pipeline": "^1.25.2",
     "jszip": "^3.10.1",
     "node-forge": "^0.10.0",
     "psl": "^1.9.0"
@@ -53,5 +53,5 @@
     "vite": "^3.1.0",
     "vue-tsc": "^0.38.9"
   },
-  "gitHead": "bef6b981e26a010a797734e508de6822de8564f5"
+  "gitHead": "c7f7910fa98e96edeff905326b0a714f1e49b8d5"
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -12,6 +12,7 @@ export type CertInfo = {
   crt: string;
   key: string;
   csr: string;
+  ic?: string;
   pfx?: string;
   der?: string;
 };
@@ -243,13 +244,25 @@ export class AcmeService {
     if (privateKeyArr.length > 1) {
       size = parseInt(privateKeyArr[1]);
     }
+
+    let encodingType = "pkcs8";
+    if (privateKeyArr.length > 2) {
+      encodingType = privateKeyArr[2];
+    }
+
     if (type == "ec") {
       const name: any = "P-" + size;
-      privateKey = await acme.crypto.createPrivateEcdsaKey(name);
+      privateKey = await acme.crypto.createPrivateEcdsaKey(name, encodingType);
     } else {
-      privateKey = await acme.crypto.createPrivateRsaKey(size);
+      privateKey = await acme.crypto.createPrivateRsaKey(size, encodingType);
     }
-    const [key, csr] = await acme.crypto.createCsr(
+
+    let createCsr: any = acme.crypto.createCsr;
+    if (encodingType === "pkcs1") {
+      //兼容老版本
+      createCsr = acme.forge.createCsr;
+    }
+    const [key, csr] = await createCsr(
       {
         commonName,
         ...csrInfo,
@@ -257,6 +270,7 @@ export class AcmeService {
       },
       privateKey
     );
+
     if (dnsProvider == null) {
       throw new Error("dnsProvider 不能为空");
     }
@@ -276,8 +290,9 @@ export class AcmeService {
       signal: this.options.signal,
     });
 
+    const crtString = crt.toString();
     const cert: CertInfo = {
-      crt: crt.toString(),
+      crt: crtString,
       key: key.toString(),
       csr: csr.toString(),
     };
@@ -311,7 +326,7 @@ export class AcmeService {
 
   private async testDirectory(directoryUrl: string) {
     try {
-      await utils.http({
+      await utils.http.request({
         url: directoryUrl,
         method: "GET",
         timeout: 10000,

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -45,7 +45,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
   email!: string;
 
   @TaskInput({
-    title: "PFX密码",
+    title: "PFX证书密码",
     component: {
       name: "a-input-password",
       vModel: "value",
@@ -175,6 +175,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     const zip = new JSZip();
     zip.file("cert.crt", cert.crt);
     zip.file("cert.key", cert.key);
+    zip.file("intermediate.crt", cert.ic);
     if (cert.pfx) {
       zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
     }
@@ -191,14 +192,14 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
    */
   async condition() {
     if (this.forceUpdate) {
+      this.logger.info("强制更新证书选项已勾选，准备申请新证书");
       return null;
     }
 
-    let inputChanged = false;
-    const oldInput = JSON.stringify(this.lastStatus?.input?.domains);
-    const thisInput = JSON.stringify(this.domains);
-    if (oldInput !== thisInput) {
-      inputChanged = true;
+    const inputChanged = this.ctx.inputChanged;
+    if (inputChanged) {
+      this.logger.info("输入参数变更，准备申请新证书");
+      return null;
     }
 
     let oldCert: CertReader | undefined = undefined;
@@ -212,11 +213,6 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
       return null;
     }
 
-    if (inputChanged) {
-      this.logger.info("输入参数变更，申请新证书");
-      return null;
-    }
-
     const ret = this.isWillExpire(oldCert.expires, this.renewDays);
     if (!ret.isWillExpire) {
       this.logger.info(`证书还未过期：过期时间${dayjs(oldCert.expires).format("YYYY-MM-DD HH:mm:ss")},剩余${ret.leftDays}天`);

packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts

@@ -6,7 +6,14 @@ import { crypto } from "@certd/acme-client";
 import { ILogger } from "@certd/pipeline";
 import dayjs from "dayjs";
 
-export type CertReaderHandleContext = { reader: CertReader; tmpCrtPath: string; tmpKeyPath: string; tmpPfxPath?: string; tmpDerPath?: string };
+export type CertReaderHandleContext = {
+  reader: CertReader;
+  tmpCrtPath: string;
+  tmpKeyPath: string;
+  tmpPfxPath?: string;
+  tmpDerPath?: string;
+  tmpIcPath?: string;
+};
 export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
 export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
 export class CertReader {
@@ -14,6 +21,7 @@ export class CertReader {
   crt: string;
   key: string;
   csr: string;
+  ic: string; //中间证书
 
   detail: any;
   expires: number;
@@ -23,11 +31,30 @@ export class CertReader {
     this.key = certInfo.key;
     this.csr = certInfo.csr;
 
+    this.ic = certInfo.ic;
+    if (!this.ic) {
+      this.ic = this.getIc();
+      this.cert.ic = this.ic;
+    }
+
     const { detail, expires } = this.getCrtDetail(this.cert.crt);
     this.detail = detail;
     this.expires = expires.getTime();
   }
 
+  getIc() {
+    //中间证书ic， 就是crt的第一个 -----END CERTIFICATE----- 之后的内容
+    const endStr = "-----END CERTIFICATE-----";
+    const firstBlockEndIndex = this.crt.indexOf(endStr);
+
+    const start = firstBlockEndIndex + endStr.length + 1;
+    if (this.crt.length <= start) {
+      return "";
+    }
+    const ic = this.crt.substring(start);
+    return ic.trim();
+  }
+
   toCertInfo(): CertInfo {
     return this.cert;
   }
@@ -38,7 +65,7 @@ export class CertReader {
     return { detail, expires };
   }
 
-  saveToFile(type: "crt" | "key" | "pfx" | "der", filepath?: string) {
+  saveToFile(type: "crt" | "key" | "pfx" | "der" | "ic", filepath?: string) {
     if (!this.cert[type]) {
       return;
     }
@@ -52,7 +79,7 @@ export class CertReader {
     if (!fs.existsSync(dir)) {
       fs.mkdirSync(dir, { recursive: true });
     }
-    if (type === "crt" || type === "key") {
+    if (type === "crt" || type === "key" || type === "ic") {
       fs.writeFileSync(filepath, this.cert[type]);
     } else {
       fs.writeFileSync(filepath, Buffer.from(this.cert[type], "base64"));
@@ -66,16 +93,20 @@ export class CertReader {
     const tmpCrtPath = this.saveToFile("crt");
     const tmpKeyPath = this.saveToFile("key");
     const tmpPfxPath = this.saveToFile("pfx");
-    const tmpDerPath = this.saveToFile("der");
+    const tmpIcPath = this.saveToFile("ic");
     logger.info("本地文件写入成功");
+    const tmpDerPath = this.saveToFile("der");
     try {
-      await opts.handle({
+      return await opts.handle({
         reader: this,
         tmpCrtPath: tmpCrtPath,
         tmpKeyPath: tmpKeyPath,
         tmpPfxPath: tmpPfxPath,
         tmpDerPath: tmpDerPath,
+        tmpIcPath: tmpIcPath,
       });
+    } catch (err) {
+      throw err;
     } finally {
       //删除临时文件
       logger.info("删除临时文件");
@@ -88,6 +119,7 @@ export class CertReader {
       removeFile(tmpKeyPath);
       removeFile(tmpPfxPath);
       removeFile(tmpDerPath);
+      removeFile(tmpIcPath);
     }
   }
 

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -12,6 +12,7 @@ export * from "./cert-reader.js";
 @IsTaskPlugin({
   name: "CertApply",
   title: "证书申请（JS版）",
+  icon: "ph:certificate",
   group: pluginGroups.cert.key,
   desc: "免费通配符域名证书申请，支持多个域名打到同一个证书上",
   default: {
@@ -73,6 +74,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         { value: "rsa_2048", label: "RSA 2048" },
         { value: "rsa_3072", label: "RSA 3072" },
         { value: "rsa_4096", label: "RSA 4096" },
+        { value: "rsa_2048_pkcs1", label: "RSA 2048 pkcs1 (旧版)" },
         { value: "ec_256", label: "EC 256" },
         { value: "ec_384", label: "EC 384" },
         // { value: "ec_521", label: "EC 521" },
@@ -194,8 +196,8 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       const certInfo = this.formatCerts(cert);
       return new CertReader(certInfo);
     } catch (e: any) {
-      const message: string = e.message;
-      if (message.indexOf("redundant with a wildcard domain in the same request") >= 0) {
+      const message: string = e?.message;
+      if (message != null && message.indexOf("redundant with a wildcard domain in the same request") >= 0) {
         this.logger.error(e);
         throw new Error(`通配符域名已经包含了普通域名，请删除其中一个（${message}）`);
       }

packages/plugins/plugin-cert/src/plugin/cert-plugin/lego/index.ts

@@ -11,6 +11,7 @@ export type { CertInfo };
 
 @IsTaskPlugin({
   name: "CertApplyLego",
+  icon: "ph:certificate",
   title: "证书申请（Lego）",
   group: pluginGroups.cert.key,
   desc: "支持海量DNS解析提供商，推荐使用，一样的免费通配符域名证书申请，支持多个域名打到同一个证书上",

packages/ui/Dockerfile

@@ -1,15 +1,17 @@
-FROM node:20-alpine AS builder
+FROM node:18-alpine AS builder
 EXPOSE 7001
 WORKDIR /workspace/
 COPY . /workspace/
-RUN npm install -g pnpm
+# armv7 目前只能用node18， pnpm9不支持node18,所以pnpm只能用8.15.7版本
+# https://github.com/nodejs/docker-node/issues/1946
+RUN npm install -g pnpm@8.15.7
 
 #RUN cd /workspace/certd-client && pnpm install && npm run build
 RUN cp /workspace/certd-client/dist/* /workspace/certd-server/public/ -rf
 RUN cd /workspace/certd-server && pnpm install && npm run build-on-docker
 
 
-FROM node:20-alpine
+FROM node:18-alpine
 RUN apk add --no-cache openssl
 WORKDIR /app/
 COPY --from=builder /workspace/certd-server/ /app/

packages/ui/certd-client/.env

@@ -6,6 +6,6 @@ VITE_APP_SLOGAN=让你的证书永不过期
 VITE_APP_COPYRIGHT_YEAR=2021-2024
 VITE_APP_COPYRIGHT_NAME=handsfree.work
 VITE_APP_COPYRIGHT_URL=https://certd.handsfree.work
-VITE_APP_LOGO_PATH=./images/logo/logo.svg
+VITE_APP_LOGO=./images/logo/logo.svg
 VITE_APP_PROJECT_PATH=https://github.com/certd/certd
-VITE_APP_ICP_NO=
+

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,45 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/ui-client
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/ui-client
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+### Bug Fixes
+
+* 修复首次创建任务运行时不自动设置当前运行情况的bug ([ecd83ee](https://github.com/certd/certd/commit/ecd83ee136abdd3df9ed2f21ec2ff0f24c0ed9d9))
+
+### Features
+
+* 账号绑定 ([e046640](https://github.com/certd/certd/commit/e0466409d0c021bb415abd94df448c8a0d4799e9))
+* 支持中间证书 ([e86756e](https://github.com/certd/certd/commit/e86756e4c65a53dd23106d7ecbfe2fa987cc13f3))
+* 支持vip转移 ([361e8fe](https://github.com/certd/certd/commit/361e8fe7ae5877e23fd5de31bc919bedd09c57f5))
+
+### Performance Improvements
+
+* 群晖支持OTP双重验证登录 ([8b8039f](https://github.com/certd/certd/commit/8b8039f42bbce10a4d0e737cdeeeef9bb17bee5a))
+* 任务支持禁用 ([8ed16b3](https://github.com/certd/certd/commit/8ed16b3ea2dfe847357863a0bfa614e4fa5fc041))
+* 优化收件邮箱输入 ([22ef28f](https://github.com/certd/certd/commit/22ef28f6338a78465bd52ccbad13e66e80263b2f))
+* 支持阿里云ACK证书部署 ([d331fea](https://github.com/certd/certd/commit/d331fea47789122650e057ec7c9e85ee8e66f09b))
+* 支持七牛云 ([8ecc2f9](https://github.com/certd/certd/commit/8ecc2f9446a9ebd11b9bfbffbb6cf7812a043495))
+* plugins增加图标 ([a8da658](https://github.com/certd/certd/commit/a8da658a9723342b4f43a579f7805bfef0648efb))
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+### Performance Improvements
+
+* 插件选择支持搜索 ([d1498a7](https://github.com/certd/certd/commit/d1498a71601b74d38343b1d070eadd03705dd9d5))
+
+## [1.24.3](https://github.com/certd/certd/compare/v1.24.2...v1.24.3) (2024-09-06)
+
+**Note:** Version bump only for package @certd/ui-client
+
 ## [1.24.2](https://github.com/certd/certd/compare/v1.24.1...v1.24.2) (2024-09-06)
 
 ### Bug Fixes

packages/ui/certd-client/index.html

@@ -1,26 +1,27 @@
 <!DOCTYPE html>
 <html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <link rel="icon" href="/logo.svg" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+<head>
+    <meta charset="UTF-8"/>
+    <link rel="icon" href="/logo.svg"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <title>Certd-让你的证书永不过期</title>
-    <link rel="stylesheet" type="text/css" href="/index.css" />
-  </head>
-  <body>
-    <div id="app">
-        <div class="fs-bootstrap">
-            <div class="fs-bootstrap__main">
-                <div class="fs-bootstrap__loading"></div>
-            </div>
-            <div class="fs-bootstrap__footer">
-                <a href="https://github.com/certd/certd" target="_blank">
-                    https://github.com/certd/certd
-                </a>
-            </div>
+    <script src="/icons/iconfont.js"></script>
+    <link rel="stylesheet" type="text/css" href="/index.css"/>
+</head>
+<body>
+<div id="app">
+    <div class="fs-bootstrap">
+        <div class="fs-bootstrap__main">
+            <div class="fs-bootstrap__loading"></div>
+        </div>
+        <div class="fs-bootstrap__footer">
+            <a href="https://github.com/certd/certd" target="_blank">
+                https://github.com/certd/certd
+            </a>
         </div>
-
     </div>
-    <script type="module" src="/src/main.ts"></script>
-  </body>
+
+</div>
+<script type="module" src="/src/main.ts"></script>
+</body>
 </html>

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.24.2",
+  "version": "1.25.2",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -58,13 +58,14 @@
     "vuedraggable": "^4.1.0"
   },
   "devDependencies": {
-    "@certd/pipeline": "^1.24.2",
+    "@certd/lib-iframe": "^1.25.2",
+    "@certd/pipeline": "^1.25.2",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",
     "@types/lodash-es": "^4.17.12",
     "@types/mocha": "^10.0.6",
-    "@types/node": "^20.11.28",
+    "@types/node": "^18",
     "@types/nprogress": "^0.2.3",
     "@typescript-eslint/eslint-plugin": "^7.2.0",
     "@typescript-eslint/parser": "^7.2.0",

packages/ui/certd-client/public/icons/demo.css

@@ -0,0 +1,539 @@
+/* Logo 字体 */
+@font-face {
+  font-family: "iconfont logo";
+  src: url('https://at.alicdn.com/t/font_985780_km7mi63cihi.eot?t=1545807318834');
+  src: url('https://at.alicdn.com/t/font_985780_km7mi63cihi.eot?t=1545807318834#iefix') format('embedded-opentype'),
+    url('https://at.alicdn.com/t/font_985780_km7mi63cihi.woff?t=1545807318834') format('woff'),
+    url('https://at.alicdn.com/t/font_985780_km7mi63cihi.ttf?t=1545807318834') format('truetype'),
+    url('https://at.alicdn.com/t/font_985780_km7mi63cihi.svg?t=1545807318834#iconfont') format('svg');
+}
+
+.logo {
+  font-family: "iconfont logo";
+  font-size: 160px;
+  font-style: normal;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+/* tabs */
+.nav-tabs {
+  position: relative;
+}
+
+.nav-tabs .nav-more {
+  position: absolute;
+  right: 0;
+  bottom: 0;
+  height: 42px;
+  line-height: 42px;
+  color: #666;
+}
+
+#tabs {
+  border-bottom: 1px solid #eee;
+}
+
+#tabs li {
+  cursor: pointer;
+  width: 100px;
+  height: 40px;
+  line-height: 40px;
+  text-align: center;
+  font-size: 16px;
+  border-bottom: 2px solid transparent;
+  position: relative;
+  z-index: 1;
+  margin-bottom: -1px;
+  color: #666;
+}
+
+
+#tabs .active {
+  border-bottom-color: #f00;
+  color: #222;
+}
+
+.tab-container .content {
+  display: none;
+}
+
+/* 页面布局 */
+.main {
+  padding: 30px 100px;
+  width: 960px;
+  margin: 0 auto;
+}
+
+.main .logo {
+  color: #333;
+  text-align: left;
+  margin-bottom: 30px;
+  line-height: 1;
+  height: 110px;
+  margin-top: -50px;
+  overflow: hidden;
+  *zoom: 1;
+}
+
+.main .logo a {
+  font-size: 160px;
+  color: #333;
+}
+
+.helps {
+  margin-top: 40px;
+}
+
+.helps pre {
+  padding: 20px;
+  margin: 10px 0;
+  border: solid 1px #e7e1cd;
+  background-color: #fffdef;
+  overflow: auto;
+}
+
+.icon_lists {
+  width: 100% !important;
+  overflow: hidden;
+  *zoom: 1;
+}
+
+.icon_lists li {
+  width: 100px;
+  margin-bottom: 10px;
+  margin-right: 20px;
+  text-align: center;
+  list-style: none !important;
+  cursor: default;
+}
+
+.icon_lists li .code-name {
+  line-height: 1.2;
+}
+
+.icon_lists .icon {
+  display: block;
+  height: 100px;
+  line-height: 100px;
+  font-size: 42px;
+  margin: 10px auto;
+  color: #333;
+  -webkit-transition: font-size 0.25s linear, width 0.25s linear;
+  -moz-transition: font-size 0.25s linear, width 0.25s linear;
+  transition: font-size 0.25s linear, width 0.25s linear;
+}
+
+.icon_lists .icon:hover {
+  font-size: 100px;
+}
+
+.icon_lists .svg-icon {
+  /* 通过设置 font-size 来改变图标大小 */
+  width: 1em;
+  /* 图标和文字相邻时，垂直对齐 */
+  vertical-align: -0.15em;
+  /* 通过设置 color 来改变 SVG 的颜色/fill */
+  fill: currentColor;
+  /* path 和 stroke 溢出 viewBox 部分在 IE 下会显示
+      normalize.css 中也包含这行 */
+  overflow: hidden;
+}
+
+.icon_lists li .name,
+.icon_lists li .code-name {
+  color: #666;
+}
+
+/* markdown 样式 */
+.markdown {
+  color: #666;
+  font-size: 14px;
+  line-height: 1.8;
+}
+
+.highlight {
+  line-height: 1.5;
+}
+
+.markdown img {
+  vertical-align: middle;
+  max-width: 100%;
+}
+
+.markdown h1 {
+  color: #404040;
+  font-weight: 500;
+  line-height: 40px;
+  margin-bottom: 24px;
+}
+
+.markdown h2,
+.markdown h3,
+.markdown h4,
+.markdown h5,
+.markdown h6 {
+  color: #404040;
+  margin: 1.6em 0 0.6em 0;
+  font-weight: 500;
+  clear: both;
+}
+
+.markdown h1 {
+  font-size: 28px;
+}
+
+.markdown h2 {
+  font-size: 22px;
+}
+
+.markdown h3 {
+  font-size: 16px;
+}
+
+.markdown h4 {
+  font-size: 14px;
+}
+
+.markdown h5 {
+  font-size: 12px;
+}
+
+.markdown h6 {
+  font-size: 12px;
+}
+
+.markdown hr {
+  height: 1px;
+  border: 0;
+  background: #e9e9e9;
+  margin: 16px 0;
+  clear: both;
+}
+
+.markdown p {
+  margin: 1em 0;
+}
+
+.markdown>p,
+.markdown>blockquote,
+.markdown>.highlight,
+.markdown>ol,
+.markdown>ul {
+  width: 80%;
+}
+
+.markdown ul>li {
+  list-style: circle;
+}
+
+.markdown>ul li,
+.markdown blockquote ul>li {
+  margin-left: 20px;
+  padding-left: 4px;
+}
+
+.markdown>ul li p,
+.markdown>ol li p {
+  margin: 0.6em 0;
+}
+
+.markdown ol>li {
+  list-style: decimal;
+}
+
+.markdown>ol li,
+.markdown blockquote ol>li {
+  margin-left: 20px;
+  padding-left: 4px;
+}
+
+.markdown code {
+  margin: 0 3px;
+  padding: 0 5px;
+  background: #eee;
+  border-radius: 3px;
+}
+
+.markdown strong,
+.markdown b {
+  font-weight: 600;
+}
+
+.markdown>table {
+  border-collapse: collapse;
+  border-spacing: 0px;
+  empty-cells: show;
+  border: 1px solid #e9e9e9;
+  width: 95%;
+  margin-bottom: 24px;
+}
+
+.markdown>table th {
+  white-space: nowrap;
+  color: #333;
+  font-weight: 600;
+}
+
+.markdown>table th,
+.markdown>table td {
+  border: 1px solid #e9e9e9;
+  padding: 8px 16px;
+  text-align: left;
+}
+
+.markdown>table th {
+  background: #F7F7F7;
+}
+
+.markdown blockquote {
+  font-size: 90%;
+  color: #999;
+  border-left: 4px solid #e9e9e9;
+  padding-left: 0.8em;
+  margin: 1em 0;
+}
+
+.markdown blockquote p {
+  margin: 0;
+}
+
+.markdown .anchor {
+  opacity: 0;
+  transition: opacity 0.3s ease;
+  margin-left: 8px;
+}
+
+.markdown .waiting {
+  color: #ccc;
+}
+
+.markdown h1:hover .anchor,
+.markdown h2:hover .anchor,
+.markdown h3:hover .anchor,
+.markdown h4:hover .anchor,
+.markdown h5:hover .anchor,
+.markdown h6:hover .anchor {
+  opacity: 1;
+  display: inline-block;
+}
+
+.markdown>br,
+.markdown>p>br {
+  clear: both;
+}
+
+
+.hljs {
+  display: block;
+  background: white;
+  padding: 0.5em;
+  color: #333333;
+  overflow-x: auto;
+}
+
+.hljs-comment,
+.hljs-meta {
+  color: #969896;
+}
+
+.hljs-string,
+.hljs-variable,
+.hljs-template-variable,
+.hljs-strong,
+.hljs-emphasis,
+.hljs-quote {
+  color: #df5000;
+}
+
+.hljs-keyword,
+.hljs-selector-tag,
+.hljs-type {
+  color: #a71d5d;
+}
+
+.hljs-literal,
+.hljs-symbol,
+.hljs-bullet,
+.hljs-attribute {
+  color: #0086b3;
+}
+
+.hljs-section,
+.hljs-name {
+  color: #63a35c;
+}
+
+.hljs-tag {
+  color: #333333;
+}
+
+.hljs-title,
+.hljs-attr,
+.hljs-selector-id,
+.hljs-selector-class,
+.hljs-selector-attr,
+.hljs-selector-pseudo {
+  color: #795da3;
+}
+
+.hljs-addition {
+  color: #55a532;
+  background-color: #eaffea;
+}
+
+.hljs-deletion {
+  color: #bd2c00;
+  background-color: #ffecec;
+}
+
+.hljs-link {
+  text-decoration: underline;
+}
+
+/* 代码高亮 */
+/* PrismJS 1.15.0
+https://prismjs.com/download.html#themes=prism&languages=markup+css+clike+javascript */
+/**
+ * prism.js default theme for JavaScript, CSS and HTML
+ * Based on dabblet (http://dabblet.com)
+ * @author Lea Verou
+ */
+code[class*="language-"],
+pre[class*="language-"] {
+  color: black;
+  background: none;
+  text-shadow: 0 1px white;
+  font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace;
+  text-align: left;
+  white-space: pre;
+  word-spacing: normal;
+  word-break: normal;
+  word-wrap: normal;
+  line-height: 1.5;
+
+  -moz-tab-size: 4;
+  -o-tab-size: 4;
+  tab-size: 4;
+
+  -webkit-hyphens: none;
+  -moz-hyphens: none;
+  -ms-hyphens: none;
+  hyphens: none;
+}
+
+pre[class*="language-"]::-moz-selection,
+pre[class*="language-"] ::-moz-selection,
+code[class*="language-"]::-moz-selection,
+code[class*="language-"] ::-moz-selection {
+  text-shadow: none;
+  background: #b3d4fc;
+}
+
+pre[class*="language-"]::selection,
+pre[class*="language-"] ::selection,
+code[class*="language-"]::selection,
+code[class*="language-"] ::selection {
+  text-shadow: none;
+  background: #b3d4fc;
+}
+
+@media print {
+
+  code[class*="language-"],
+  pre[class*="language-"] {
+    text-shadow: none;
+  }
+}
+
+/* Code blocks */
+pre[class*="language-"] {
+  padding: 1em;
+  margin: .5em 0;
+  overflow: auto;
+}
+
+:not(pre)>code[class*="language-"],
+pre[class*="language-"] {
+  background: #f5f2f0;
+}
+
+/* Inline code */
+:not(pre)>code[class*="language-"] {
+  padding: .1em;
+  border-radius: .3em;
+  white-space: normal;
+}
+
+.token.comment,
+.token.prolog,
+.token.doctype,
+.token.cdata {
+  color: slategray;
+}
+
+.token.punctuation {
+  color: #999;
+}
+
+.namespace {
+  opacity: .7;
+}
+
+.token.property,
+.token.tag,
+.token.boolean,
+.token.number,
+.token.constant,
+.token.symbol,
+.token.deleted {
+  color: #905;
+}
+
+.token.selector,
+.token.attr-name,
+.token.string,
+.token.char,
+.token.builtin,
+.token.inserted {
+  color: #690;
+}
+
+.token.operator,
+.token.entity,
+.token.url,
+.language-css .token.string,
+.style .token.string {
+  color: #9a6e3a;
+  background: hsla(0, 0%, 100%, .5);
+}
+
+.token.atrule,
+.token.attr-value,
+.token.keyword {
+  color: #07a;
+}
+
+.token.function,
+.token.class-name {
+  color: #DD4A68;
+}
+
+.token.regex,
+.token.important,
+.token.variable {
+  color: #e90;
+}
+
+.token.important,
+.token.bold {
+  font-weight: bold;
+}
+
+.token.italic {
+  font-style: italic;
+}
+
+.token.entity {
+  cursor: help;
+}

packages/ui/certd-client/public/icons/demo_index.html

@@ -0,0 +1,301 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8"/>
+  <title>iconfont Demo</title>
+  <link rel="shortcut icon" href="//img.alicdn.com/imgextra/i4/O1CN01Z5paLz1O0zuCC7osS_!!6000000001644-55-tps-83-82.svg" type="image/x-icon"/>
+  <link rel="icon" type="image/svg+xml" href="//img.alicdn.com/imgextra/i4/O1CN01Z5paLz1O0zuCC7osS_!!6000000001644-55-tps-83-82.svg"/>
+  <link rel="stylesheet" href="https://g.alicdn.com/thx/cube/1.3.2/cube.min.css">
+  <link rel="stylesheet" href="demo.css">
+  <link rel="stylesheet" href="iconfont.css">
+  <script src="iconfont.js"></script>
+  <!-- jQuery -->
+  <script src="https://a1.alicdn.com/oss/uploads/2018/12/26/7bfddb60-08e8-11e9-9b04-53e73bb6408b.js"></script>
+  <!-- 代码高亮 -->
+  <script src="https://a1.alicdn.com/oss/uploads/2018/12/26/a3f714d0-08e6-11e9-8a15-ebf944d7534c.js"></script>
+  <style>
+    .main .logo {
+      margin-top: 0;
+      height: auto;
+    }
+
+    .main .logo a {
+      display: flex;
+      align-items: center;
+    }
+
+    .main .logo .sub-title {
+      margin-left: 0.5em;
+      font-size: 22px;
+      color: #fff;
+      background: linear-gradient(-45deg, #3967FF, #B500FE);
+      -webkit-background-clip: text;
+      -webkit-text-fill-color: transparent;
+    }
+  </style>
+</head>
+<body>
+  <div class="main">
+    <h1 class="logo"><a href="https://www.iconfont.cn/" title="iconfont 首页" target="_blank">
+      <img width="200" src="https://img.alicdn.com/imgextra/i3/O1CN01Mn65HV1FfSEzR6DKv_!!6000000000514-55-tps-228-59.svg">
+      
+    </a></h1>
+    <div class="nav-tabs">
+      <ul id="tabs" class="dib-box">
+        <li class="dib active"><span>Unicode</span></li>
+        <li class="dib"><span>Font class</span></li>
+        <li class="dib"><span>Symbol</span></li>
+      </ul>
+      
+      <a href="https://www.iconfont.cn/manage/index?manage_type=myprojects&projectId=4688792" target="_blank" class="nav-more">查看项目</a>
+      
+    </div>
+    <div class="tab-container">
+      <div class="content unicode" style="display: block;">
+          <ul class="icon_lists dib-box">
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe603;</span>
+                <div class="name">qiniuyun</div>
+                <div class="code-name">&amp;#xe603;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe601;</span>
+                <div class="name">aliyun</div>
+                <div class="code-name">&amp;#xe601;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe747;</span>
+                <div class="name">腾讯云</div>
+                <div class="code-name">&amp;#xe747;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe605;</span>
+                <div class="name">doge</div>
+                <div class="code-name">&amp;#xe605;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe600;</span>
+                <div class="name">bt</div>
+                <div class="code-name">&amp;#xe600;</div>
+              </li>
+          
+          </ul>
+          <div class="article markdown">
+          <h2 id="unicode-">Unicode 引用</h2>
+          <hr>
+
+          <p>Unicode 是字体在网页端最原始的应用方式，特点是：</p>
+          <ul>
+            <li>支持按字体的方式去动态调整图标大小，颜色等等。</li>
+            <li>默认情况下不支持多色，直接添加多色图标会自动去色。</li>
+          </ul>
+          <blockquote>
+            <p>注意：新版 iconfont 支持两种方式引用多色图标：SVG symbol 引用方式和彩色字体图标模式。（使用彩色字体图标需要在「编辑项目」中开启「彩色」选项后并重新生成。）</p>
+          </blockquote>
+          <p>Unicode 使用步骤如下：</p>
+          <h3 id="-font-face">第一步：拷贝项目下面生成的 <code>@font-face</code></h3>
+<pre><code class="language-css"
+>@font-face {
+  font-family: 'iconfont';
+  src: url('iconfont.svg?t=1727153857332#iconfont') format('svg');
+}
+</code></pre>
+          <h3 id="-iconfont-">第二步：定义使用 iconfont 的样式</h3>
+<pre><code class="language-css"
+>.iconfont {
+  font-family: "iconfont" !important;
+  font-size: 16px;
+  font-style: normal;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+</code></pre>
+          <h3 id="-">第三步：挑选相应图标并获取字体编码，应用于页面</h3>
+<pre>
+<code class="language-html"
+>&lt;span class="iconfont"&gt;&amp;#x33;&lt;/span&gt;
+</code></pre>
+          <blockquote>
+            <p>"iconfont" 是你项目下的 font-family。可以通过编辑项目查看，默认是 "iconfont"。</p>
+          </blockquote>
+          </div>
+      </div>
+      <div class="content font-class">
+        <ul class="icon_lists dib-box">
+          
+          <li class="dib">
+            <span class="icon iconfont icon-qiniuyun"></span>
+            <div class="name">
+              qiniuyun
+            </div>
+            <div class="code-name">.icon-qiniuyun
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-aliyun"></span>
+            <div class="name">
+              aliyun
+            </div>
+            <div class="code-name">.icon-aliyun
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-tencentcloud"></span>
+            <div class="name">
+              腾讯云
+            </div>
+            <div class="code-name">.icon-tencentcloud
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-dogecloud"></span>
+            <div class="name">
+              doge
+            </div>
+            <div class="code-name">.icon-dogecloud
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-bt"></span>
+            <div class="name">
+              bt
+            </div>
+            <div class="code-name">.icon-bt
+            </div>
+          </li>
+          
+        </ul>
+        <div class="article markdown">
+        <h2 id="font-class-">font-class 引用</h2>
+        <hr>
+
+        <p>font-class 是 Unicode 使用方式的一种变种，主要是解决 Unicode 书写不直观，语意不明确的问题。</p>
+        <p>与 Unicode 使用方式相比，具有如下特点：</p>
+        <ul>
+          <li>相比于 Unicode 语意明确，书写更直观。可以很容易分辨这个 icon 是什么。</li>
+          <li>因为使用 class 来定义图标，所以当要替换图标时，只需要修改 class 里面的 Unicode 引用。</li>
+        </ul>
+        <p>使用步骤如下：</p>
+        <h3 id="-fontclass-">第一步：引入项目下面生成的 fontclass 代码：</h3>
+<pre><code class="language-html">&lt;link rel="stylesheet" href="./iconfont.css"&gt;
+</code></pre>
+        <h3 id="-">第二步：挑选相应图标并获取类名，应用于页面：</h3>
+<pre><code class="language-html">&lt;span class="iconfont icon-xxx"&gt;&lt;/span&gt;
+</code></pre>
+        <blockquote>
+          <p>"
+            iconfont" 是你项目下的 font-family。可以通过编辑项目查看，默认是 "iconfont"。</p>
+        </blockquote>
+      </div>
+      </div>
+      <div class="content symbol">
+          <ul class="icon_lists dib-box">
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-qiniuyun"></use>
+                </svg>
+                <div class="name">qiniuyun</div>
+                <div class="code-name">#icon-qiniuyun</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-aliyun"></use>
+                </svg>
+                <div class="name">aliyun</div>
+                <div class="code-name">#icon-aliyun</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-tencentcloud"></use>
+                </svg>
+                <div class="name">腾讯云</div>
+                <div class="code-name">#icon-tencentcloud</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-dogecloud"></use>
+                </svg>
+                <div class="name">doge</div>
+                <div class="code-name">#icon-dogecloud</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-bt"></use>
+                </svg>
+                <div class="name">bt</div>
+                <div class="code-name">#icon-bt</div>
+            </li>
+          
+          </ul>
+          <div class="article markdown">
+          <h2 id="symbol-">Symbol 引用</h2>
+          <hr>
+
+          <p>这是一种全新的使用方式，应该说这才是未来的主流，也是平台目前推荐的用法。相关介绍可以参考这篇<a href="">文章</a>
+            这种用法其实是做了一个 SVG 的集合，与另外两种相比具有如下特点：</p>
+          <ul>
+            <li>支持多色图标了，不再受单色限制。</li>
+            <li>通过一些技巧，支持像字体那样，通过 <code>font-size</code>, <code>color</code> 来调整样式。</li>
+            <li>兼容性较差，支持 IE9+，及现代浏览器。</li>
+            <li>浏览器渲染 SVG 的性能一般，还不如 png。</li>
+          </ul>
+          <p>使用步骤如下：</p>
+          <h3 id="-symbol-">第一步：引入项目下面生成的 symbol 代码：</h3>
+<pre><code class="language-html">&lt;script src="./iconfont.js"&gt;&lt;/script&gt;
+</code></pre>
+          <h3 id="-css-">第二步：加入通用 CSS 代码（引入一次就行）：</h3>
+<pre><code class="language-html">&lt;style&gt;
+.icon {
+  width: 1em;
+  height: 1em;
+  vertical-align: -0.15em;
+  fill: currentColor;
+  overflow: hidden;
+}
+&lt;/style&gt;
+</code></pre>
+          <h3 id="-">第三步：挑选相应图标并获取类名，应用于页面：</h3>
+<pre><code class="language-html">&lt;svg class="icon" aria-hidden="true"&gt;
+  &lt;use xlink:href="#icon-xxx"&gt;&lt;/use&gt;
+&lt;/svg&gt;
+</code></pre>
+          </div>
+      </div>
+
+    </div>
+  </div>
+  <script>
+  $(document).ready(function () {
+      $('.tab-container .content:first').show()
+
+      $('#tabs li').click(function (e) {
+        var tabContent = $('.tab-container .content')
+        var index = $(this).index()
+
+        if ($(this).hasClass('active')) {
+          return
+        } else {
+          $('#tabs li').removeClass('active')
+          $(this).addClass('active')
+
+          tabContent.hide().eq(index).fadeIn()
+        }
+      })
+    })
+  </script>
+</body>
+</html>

packages/ui/certd-client/public/icons/iconfont.css

@@ -0,0 +1,33 @@
+@font-face {
+  font-family: "iconfont"; /* Project id 4688792 */
+  src: url('iconfont.svg?t=1727153857332#iconfont') format('svg');
+}
+
+.iconfont {
+  font-family: "iconfont" !important;
+  font-size: 16px;
+  font-style: normal;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+.icon-qiniuyun:before {
+  content: "\e603";
+}
+
+.icon-aliyun:before {
+  content: "\e601";
+}
+
+.icon-tencentcloud:before {
+  content: "\e747";
+}
+
+.icon-dogecloud:before {
+  content: "\e605";
+}
+
+.icon-bt:before {
+  content: "\e600";
+}
+