v1.26.5

Closes https://github.com/certd/certd/issues/200

.github/workflows/build-image.yml

@@ -87,3 +87,15 @@ jobs:
             registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}-armv7
             greper/certd:armv7
             greper/certd:${{steps.get_certd_version.outputs.result}}-armv7
+
+      - name: Build agent
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          context: ./packages/ui/agent/
+          tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:latest
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:${{steps.get_certd_version.outputs.result}}
+            greper/certd-agent:latest
+            greper/certd-agent:${{steps.get_certd_version.outputs.result}}

CHANGELOG.md

@@ -3,6 +3,67 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+### Bug Fixes
+
+* 修复版本号获取错误的bug ([8851870](https://github.com/certd/certd/commit/8851870400df86e496198ad509061b8989fcc44f))
+
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+### Performance Improvements
+
+* [comm] 支持插件管理 ([e8b617b](https://github.com/certd/certd/commit/e8b617b80ce882dd63006f0cfc719a80a1cc6acc))
+* 新增代理设置功能 ([273ab61](https://github.com/certd/certd/commit/273ab6139f5807f4d7fe865cc353b97f51b9a668))
+* EAB授权支持绑定邮箱，支持公共EAB设置 ([07043af](https://github.com/certd/certd/commit/07043aff0ca7fd29c56dd3c363002cb15d78b464))
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+### Performance Improvements
+
+* 优化系统设置加载时机 ([7396253](https://github.com/certd/certd/commit/73962536d5a4769902d760d005f3f879465addcc))
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+### Bug Fixes
+
+* 修复某些情况下bindUrl失败的bug ([91fc1cd](https://github.com/certd/certd/commit/91fc1cd7353be4a22be951239ed70b38baebc74e))
+
+### Performance Improvements
+
+* 邮箱设置改为系统设置，普通用户无需配置发件邮箱 ([4244569](https://github.com/certd/certd/commit/42445692117184a3293e63bef84a74cbb5984b0e))
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package root
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+### Bug Fixes
+
+* 修复管理员编辑其他用户流水线任务时归属userid也被修改的bug ([e85c477](https://github.com/certd/certd/commit/e85c47744cf740b4af3b93dca7c2f0ccc818ec2f))
+* 修复历史记录根据流水线名称查询报错的bug ([ce9a986](https://github.com/certd/certd/commit/ce9a9862f122fce2186e7727eaa4b251b59e6032))
+* 修复某些代理情况下 报 400 The plain HTTP request was sent to HTTPS port use proxy 的bug ([a13203f](https://github.com/certd/certd/commit/a13203fb3f48c427d0d81a504912248dcc07df1a))
+
+### Features
+
+* 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析 ([f3d3508](https://github.com/certd/certd/commit/f3d35084ed44f9f33845f7045e520be5c27eed93))
+* 站点个性化设置 ([11a9fe9](https://github.com/certd/certd/commit/11a9fe9014d96cba929e5a066e78f2af7ae59d14))
+
+### Performance Improvements
+
+* 并行任务名称改成添加任务，取消并行，可以在同一个阶段获取上一个task的输出 ([c5e5877](https://github.com/certd/certd/commit/c5e58770d1c5edc19c6f9ea1618f44b68e091f35))
+* 调整静态资源到static目录 ([0584b36](https://github.com/certd/certd/commit/0584b3672b40f9042a2ed87e5627022606d046cd))
+* 调整全部静态资源到static目录 ([a218890](https://github.com/certd/certd/commit/a21889080d6c7ffdf0af526a3a21f0b2d1c77288))
+* 检查cname是否正确配置 ([b5d8935](https://github.com/certd/certd/commit/b5d8935159374fbe7fc7d4c48ae0ed9396861bdd))
+* 七牛云cdn支持配置多个域名 ([88d745e](https://github.com/certd/certd/commit/88d745e29063a089864fb9c6705be7b8d4c2669a))
+* 上传到主机插件支持注入环境变量 ([81fac73](https://github.com/certd/certd/commit/81fac736f9ccc8d1cda7ef4178752239cec20849))
+* 优化宝塔网站部署插件远程获取数据的提示 ([2a3ca9f](https://github.com/certd/certd/commit/2a3ca9f552d96594ec6690a1c4c91f598451b9a1))
+* 优化缩短首页缓存时间 ([49395e8](https://github.com/certd/certd/commit/49395e8cb65f4b30c0145329ed5de48be4ef3842))
+* 域名输入增加校验提示，避免输入错误的域名 ([0c8e83e](https://github.com/certd/certd/commit/0c8e83e1254a9ce4d5a4e7888eb1710394a4b77c))
+* cname校验配置增加未校验通过提示 ([77cc3c4](https://github.com/certd/certd/commit/77cc3c4a5cbd81f8233a8e0bb33fab0621c0905f))
+* google eab授权支持自动获取，不过要配置代理 ([592791d](https://github.com/certd/certd/commit/592791d1356fc252fbb70d7f168567aee9585507))
+
 ## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
 
 ### Bug Fixes

README.md

@@ -9,11 +9,11 @@ Certd 是一个免费全自动申请和自动部署更新SSL证书的工具。
 ## 一、特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     
 
-* 全自动申请证书（支持阿里云、腾讯云、华为云、Cloudflare等各种途径注册的域名）
-* 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等）
+* 全自动申请证书（支持所有注册商注册的域名）
+* 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等，目前已支持30+部署插件）
 * 支持通配符域名/泛域名，支持多个域名打到一个证书上
 * 邮件通知
-* 私有化部署，保障安全
+* 私有化部署，保障数据安全
 * 免费、免费、免费（[阿里云单个通配符域名证书最便宜也要1800/年](https://yundun.console.aliyun.com/?p=cas#/certExtend/buy/cn-hangzhou)）
 
 
@@ -29,11 +29,11 @@ https://certd.handsfree.work/
 ## 三、使用教程
 本案例演示，如何配置自动申请证书，并部署到阿里云CDN，然后快要到期前自动更新证书并重新部署     
 
-![演示](./packages/ui/certd-client/public/doc/images/5-view.png)
-![演示](./packages/ui/certd-client/public/doc/images/9-start.png)
-![演示](./packages/ui/certd-client/public/doc/images/10-1-log.png)
-![演示](./packages/ui/certd-client/public/doc/images/13-3-download.png)
-![演示](./packages/ui/certd-client/public/doc/images/13-1-result.png)
+![演示](packages/ui/certd-client/public/static/doc/images/5-view.png)
+![演示](packages/ui/certd-client/public/static/doc/images/9-start.png)
+![演示](packages/ui/certd-client/public/static/doc/images/10-1-log.png)
+![演示](packages/ui/certd-client/public/static/doc/images/13-3-download.png)
+![演示](packages/ui/certd-client/public/static/doc/images/13-1-result.png)
 
 ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓      
 -------> [点我查看详细使用步骤演示](./step.md)   <--------      
@@ -124,6 +124,7 @@ git clone https://github.com/certd/certd
 cd certd
 # 启动服务
 ./start.sh  
+# 数据默认保存在 ./packages/ui/certd-server/data 目录下,注意数据备份
 ```
 如果是windows，请先安装`git for windows` ，然后右键，选择`open git bash here`打开终端，再执行`./start.sh`命令
 
@@ -169,6 +170,7 @@ docker compose up -d
 * [google证书](./doc/google/google.md)
 * [群晖部署certd及证书更新教程](./doc/synology/index.md)
 
+* [CNAME证书校验方式说明](./doc/cname/index.md)
 
 ## 八、问题处理
 ### 7.1 忘记管理员密码   

build.trigger

@@ -1 +1 @@
-18:06
+1

doc/cname/index.md

@@ -0,0 +1,27 @@
+# CNAME代理校验方式说明
+
+## 1. 前言
+申请域名证书是需要校验域名所有权的。
+目前有两种校验方式：
+1. http-01： 在网站根目录下放置一份txt文件（Certd不支持）
+2. dns-01： 需要给域名添加txt解析记录，通配符域名只能用这种方式（Certd采用这种方式）
+
+DNS-01方式需要开发适配DNS服务商的接口，目前已实现主流域名注册商的接口（阿里云、腾讯云、华为云、Cloudflare、西数）
+
+如果域名不在这几家，那么就只能通过CNAME代理校验方式来实现
+
+
+## 2. 使用步骤
+
+1. 假设你要申请证书的域名叫：need.cert.com ,它是在其他服务商注册的
+2. 现在你需要另外一个域名：cname.foo.com，这个域名属于是在阿里云、腾讯云、华为云、Cloudflare、西数，或者你把这个域名的DNS服务器转到这几家。
+3. 到Certd的 CNAME服务管理界面，用`cname.foo.com`创建一条默认的CNAME服务，需要提供DNS提供商授权。
+![](./images/cname1.png)
+4. 申请证书时，Certd会生成一个随机的CNAME记录，例如：`_acme-challenge.need`->`xxxxxx.cname.foo.com`
+   ![](./images/cname2.png)
+5. 您需要手动添加这条CNAME记录到你要申请证书的域名解析中，点击校验，校验成功后就可以开始申请证书了 (此操作每个域名只需要做一次，后续可以重复使用，注意不要删除添加的CNAME记录)
+   ![](./images/cname3.png)
+6. ![](./images/cname4.png)
+6. 申请过程中，Certd会在`xxxxxx.cname.foo.com`下自动添加验证TXT记录。 
+7. 由于您配置了`_acme-challenge.need`的CNAME，所以这个TXT记录会被解析到`_acme-challenge.need.cert.com`下，从而完成域名校验。
+

doc/dev/development.md

@@ -3,7 +3,7 @@
 
 ## 1.本地调试运行
 
-安装依赖包:      
+### 克隆代码
 ```shell
 
 # 克隆代码
@@ -11,22 +11,38 @@ git clone https://github.com/certd/certd
 
 #进入项目目录
 cd certd
+```
 
+### 修改pnpm-workspace.yaml文件     
+重要：否则无法正确加载专业版的access和plugin
+```yaml
+# pnpm-workspace.yaml
+packages:
+   - 'packages/**'  # <--------------注释掉这一行，PR时不要提交此修改
+   - 'packages/ui/**'
+```
+
+### 安装依赖和初始化:
+```shell
+# 安装pnpm，如果提示npm命令不存在，就需要先安装nodejs
+npm install -g pnpm@8.15.7 --registry=https://registry.npmmirror.com
+
+# 使用国内镜像源，如果有代理，就不需要
+pnpm config set registry https://registry.npmmirror.com
 # 安装依赖
-npm install -g pnpm@8.15.7
 pnpm install
 
 # 初始化构建
 npm run init
 ```
 
-启动 server:    
+### 启动 server:    
 ```shell
 cd packages/ui/certd-server
 npm run dev
 ```
 
-启动 client:    
+### 启动 client:    
 ```shell
 cd packages/ui/certd-client
 npm run dev
@@ -48,7 +64,7 @@ npm run dev
 这样用户就可以在`certd`后台中创建这种授权凭证了
 
 ### 3. dns-provider
-如果域名是这个平台进行解析的，那么你需要实现dns-provider
+如果域名是这个平台进行解析的，那么你需要实现dns-provider，（申请证书需要）    
 参考`plugin-cloudflare/dns-provider.ts` 修改为你要做的平台的`dns-provider`
 
 ### 4. plugin-deploy
@@ -66,7 +82,7 @@ export * from './plugins/plugin-deploy-to-xx'
 在`./src/plugins/index.ts`中增加`import`
 
 ```ts
-export * from "./plugin-cloudflare"
+export * from "./plugin-cloudflare.js"
 ```
 
 ## 重启服务进行调试

doc/google/google.md

@@ -7,16 +7,18 @@ https://console.cloud.google.com/apis/library/publicca.googleapis.com
 
 打开该链接后点击“启用”，随后等待右侧出现“API已启用”则可以关闭该页。
 
-## 2、 申请Key
-随后打开“Google Cloud Shell”（在右上角点击激活CloudShell图标）。
+## 2、 获取授权
+以下两种方式任选其一
+### 2.1 直接获取EAB 【推荐】
 
+
+1. 打开“Google Cloud Shell”（在右上角点击激活CloudShell图标）。   
 等待分配完成后在 Shell 窗口内输入如下命令：
     
 ```shell
 gcloud beta publicca external-account-keys create
 ```
-此时会弹出“为 Cloud Shell 提供授权”，点击授权即可。
-
+2. 此时会弹出“为 Cloud Shell 提供授权”，点击授权即可。    
 执行完成后会返回类似如下输出；注意不要在没有收到 Google 的邮件时执行该命令，会返回命令不存在。
 
 ```shell
@@ -24,14 +26,31 @@ Created an external account key
 [b64MacKey: xxxxxxxxxxxxxxxx
 keyId: xxxxxxxxxxxxx]
 ```
-记录以上信息备用（注意keyId是不带中括号的）
+
+3. 到Certd中，创建一条EAB授权记录，填写keyId(=kid) 和 b64MacKey 信息    
+   注意：keyId没有`]`结尾，不要把`]`也复制了   
+
+注意：EAB授权使用过一次之后，会绑定邮箱，后续再次使用时，要使用相同的邮箱    
+否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation`
+
+### 2.2 通过服务账号获取EAB
+
+此方式可以自动EAB，需要配置代理
+
+1. 创建服务账号    
+https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts/create?walkthrough_id=iam--create-service-account&hl=zh-cn#step_index=1
+
+2. 选择一个项目，进入创建服务账号页面
+3. 给服务账号起一个名字，点击`创建并继续`
+4. 向此服务账号授予对项目的访问权限： `选择角色`->`基本`->`Owner`
+5. 点击完成
+6. 点击服务账号，进入服务账号详情页面
+7. 点击`添加密钥`->`创建新密钥`->`JSON`，下载密钥文件
+8. 将json文件内容粘贴到 certd中 Google服务授权输入框中
 
 
 ## 3、 创建证书流水线
-选择证书提供商为google， 开启使用代理
+选择证书提供商为google， 选择EAB授权 或 服务账号授权
 
-## 4、 将key信息作为EAB授权信息
-google证书需要EAB授权， 使用第二步中的 keyId 和 b64MacKey 信息创建一条EAB授权记录         
-注意：keyId没有`]`结尾，不要把`]`也复制了
-## 5、 其他就跟正常申请证书一样了
+## 4、 其他就跟正常申请证书一样了
 

doc/tencent/tencent.md

@@ -1,8 +1,7 @@
 # 腾讯云
 
 
-## DNSPOD 授权设置
-目前腾讯云管理的域名的dns暂时只支持从DNSPOD进行设置    
+## DNSPOD 授权设置【已废弃，请使用腾讯云API】
 打开 https://console.dnspod.cn/account/token/apikey    
 然后按如下方式获取DNSPOD的授权
 ![](./dnspod-token.png)
@@ -13,4 +12,4 @@
 腾讯云其他部署需要API密钥，需要在腾讯云控制台进行设置   
 打开 https://console.cloud.tencent.com/cam/capi   
 然后按如下方式获取腾讯云的API密钥    
-![](./tencent-access.png)
+![](./tencent-access.png)

docker/run/docker-compose.yaml

@@ -1,7 +1,7 @@
 version: '3.3' # 兼容旧版docker-compose
 services:
   certd:
-    # 镜像                                                  #  ↓↓↓↓↓ --- 镜像版本号，建议改成固定版本号
+    # 镜像                                                  #  ↓↓↓↓↓ ---- 镜像版本号，建议改成固定版本号
     image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
     container_name: certd # 容器名
     restart: unless-stopped # 自动重启
@@ -23,21 +23,28 @@ services:
 #      - "localdomain.comm:192.168.1.3"
     environment: # 环境变量
       - TZ=Asia/Shanghai
+      # 设置环境变量即可自定义certd配置
+      # 配置项见： packages/ui/certd-server/src/config/config.default.ts
+      # 配置规则： certd_ + 配置项, 点号用_代替
+
+                           #  ↓↓↓↓  ------------------------------------ 这里可以设置http代理
       #- HTTPS_PROXY=http://xxxxxx:xx
       #- HTTP_PROXY=http://xxxxxx:xx
-                          #  ↑↑↑↑↑ ------------------------------------- 这里可以设置http代理
+      #                               ↓↓↓↓ ----------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
       - certd_system_resetAdminPasswd=false
-                                     #  ↑↑↑↑↑--------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
+      #                                  ↓↓↓↓ -------------------------- 如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次
       - certd_cron_immediateTriggerOnce=false
-                                     #  ↑↑↑↑↑--------------------------- 如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次
-      - VITE_APP_ICP_NO=
-                      #  ↑↑↑↑↑ ----------------------------------------- 这里可以设置备案号
+      #                            ↓↓↓↓ -------------------------------- 配置证书和key，则表示https方式启动，使用https协议访问，https://your.domain:7001
       #- certd_koa_key=./data/ssl/cert.key
       #- certd_koa_cert=./data/ssl/cert.crt
-                      #  ↑↑↑↑↑ ----------------------------------------- 配置证书和key，则表示https方式启动，使用https协议访问，https://your.domain:7001
-      # 设置环境变量即可自定义certd配置
-      # 服务端配置项见： packages/ui/certd-server/src/config/config.default.ts
-      # 服务端配置规则： certd_ + 配置项, 点号用_代替
 
-      # 客户端配置项见： packages/ui/certd-client/.env
-      # 按实际名称配置环境变量即可，如： VITE_APP_API=http://localhost:7001
+      #                             ↓↓↓↓ ------------------------------- 使用postgresql数据库
+#      - certd_flyway_scriptDir=./db/migration-pg               # 升级脚本目录
+#      - certd_typeorm_dataSource_default_type=postgres         # 数据库类型
+#      - certd_typeorm_dataSource_default_host=localhost        # 数据库地址
+#      - certd_typeorm_dataSource_default_port=5433             # 数据库端口
+#      - certd_typeorm_dataSource_default_username=postgres     # 用户名
+#      - certd_typeorm_dataSource_default_password=yourpasswd   # 密码
+#      - certd_typeorm_dataSource_default_database=certd        # 数据库名
+
+

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.25.9"
+  "version": "1.26.5"
 }

package.json

@@ -4,28 +4,29 @@
   "private": true,
   "type": "module",
   "devDependencies": {
-    "@lerna-lite/cli": "^3.2.1",
-    "@lerna-lite/publish": "^3.2.1",
-    "@lerna-lite/run": "^3.2.1",
-    "@lerna-lite/version": "^3.2.1"
+    "@lerna-lite/cli": "^3.9.3",
+    "@lerna-lite/publish": "^3.9.3",
+    "@lerna-lite/run": "^3.9.3",
+    "@lerna-lite/version": "^3.9.3"
   },
   "scripts": {
     "start": "lerna bootstrap --hoist",
     "i-all": "lerna link && lerna exec npm install  ",
     "publish": "npm run prepublishOnly2  && lerna publish --force-publish=pro/plus-core --conventional-commits --create-release github && npm run afterpublishOnly && npm run commitAll",
     "afterpublishOnly": "time /t >build.trigger && git add ./build.trigger && git commit -m \"build: trigger build image\" && TIMEOUT /T 10 && git push",
-    "commitAll" : "git add . && git commit -m \"build: publish\" && git push && npm run commitPro",
-    "commitPro" : "cd ./packages/core/ && git add . && git commit -m \"build: publish\" && git push",
+    "transform-sql":"cd ./packages/ui/certd-server/db/ && node --experimental-json-modules transform.js",
+    "commitAll": "git add . && git commit -m \"build: publish\" && git push && npm run commitPro",
+    "commitPro": "cd ./packages/core/ && git add . && git commit -m \"build: publish\" && git push",
     "prepublishOnly1": "npm run check && lerna run build ",
     "prepublishOnly2": "npm run check && npm run before-build && lerna run build ",
-    "before-build": "cd ./packages/core/basic && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
+    "before-build": "npm run transform-sql && cd ./packages/core/basic && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",
     "deploy1": "node --experimental-json-modules deploy.js ",
     "check": "node --experimental-json-modules publish-check.js",
     "init": "lerna run build"
   },
   "license": "AGPL-3.0",
   "dependencies": {
-    "axios": "^1.7.2",
+    "axios": "^1.7.7",
     "lodash-es": "^4.17.21"
   },
   "workspaces": [

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,32 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.5](https://github.com/publishlab/node-acme-client/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.4](https://github.com/publishlab/node-acme-client/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.3](https://github.com/publishlab/node-acme-client/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.2](https://github.com/publishlab/node-acme-client/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.1](https://github.com/publishlab/node-acme-client/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/acme-client
+
+# [1.26.0](https://github.com/publishlab/node-acme-client/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+### Features
+
+* 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析 ([f3d3508](https://github.com/publishlab/node-acme-client/commit/f3d35084ed44f9f33845f7045e520be5c27eed93))
+
 ## [1.25.9](https://github.com/publishlab/node-acme-client/compare/v1.25.8...v1.25.9) (2024-10-01)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.25.9",
+    "version": "1.26.5",
     "main": "src/index.js",
     "types": "types/index.d.ts",
     "license": "MIT",
@@ -20,7 +20,7 @@
         "asn1js": "^3.0.5",
         "axios": "^1.7.2",
         "debug": "^4.3.5",
-        "https-proxy-agent": "^7.0.4",
+        "https-proxy-agent": "^7.0.5",
         "node-forge": "^1.3.1"
     },
     "devDependencies": {
@@ -59,5 +59,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "f548fe70117c7b56f40c66a3021e63b6cb264fb3"
+    "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
 }

packages/core/acme-client/src/auto.js

@@ -118,16 +118,16 @@ module.exports = async (client, userOpts) => {
             /* Trigger challengeCreateFn() */
             log(`[auto] [${d}] Trigger challengeCreateFn()`);
             const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
-            let recordItem = null;
+
             try {
-                recordItem = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
+                const { recordReq, recordRes, dnsProvider } = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
                 log(`[auto] [${d}] challengeCreateFn success`);
                 log(`[auto] [${d}] add challengeRemoveFn()`);
                 clearTasks.push(async () => {
                     /* Trigger challengeRemoveFn(), suppress errors */
                     log(`[auto] [${d}] Trigger challengeRemoveFn()`);
                     try {
-                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem);
+                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
                     }
                     catch (e) {
                         log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);

packages/core/acme-client/src/index.js

@@ -45,3 +45,5 @@ exports.axios = require('./axios');
  */
 
 exports.setLogger = require('./logger').setLogger;
+
+exports.walkTxtRecord = require('./verify').walkTxtRecord;

packages/core/acme-client/src/verify.js

@@ -66,17 +66,35 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
         log(`Checking name for TXT records: ${recordName}`);
         const txtRecords = await resolver.resolveTxt(recordName);
 
-        if (txtRecords.length) {
+        if (txtRecords && txtRecords.length) {
             log(`Found ${txtRecords.length} TXT records at ${recordName}`);
+            log(`TXT records: ${JSON.stringify(txtRecords)}`);
             return [].concat(...txtRecords);
         }
+        return [];
     }
     catch (e) {
-        log(`No TXT records found for name: ${recordName}`);
+        log(`Resolve TXT records error, ${recordName} :${e.message}`);
+        throw e;
     }
+}
 
-    /* Found nothing */
-    throw new Error(`No TXT records found for name: ${recordName}`);
+async function walkTxtRecord(recordName) {
+    try {
+        /* Default DNS resolver first */
+        log('Attempting to resolve TXT with default DNS resolver first');
+        const res = await walkDnsChallengeRecord(recordName);
+        if (res && res.length > 0) {
+            return res;
+        }
+        throw new Error('No TXT records found');
+    }
+    catch (e) {
+        /* Authoritative DNS resolver */
+        log(`Error using default resolver, attempting to resolve TXT with authoritative NS: ${e.message}`);
+        const authoritativeResolver = await util.getAuthoritativeDnsResolver(recordName);
+        return await walkDnsChallengeRecord(recordName, authoritativeResolver);
+    }
 }
 
 /**
@@ -92,24 +110,10 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
  */
 
 async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
-    let recordValues = [];
     const recordName = `${prefix}${authz.identifier.value}`;
     log(`Resolving DNS TXT from record: ${recordName}`);
-
-    try {
-        /* Default DNS resolver first */
-        log('Attempting to resolve TXT with default DNS resolver first');
-        recordValues = await walkDnsChallengeRecord(recordName);
-    }
-    catch (e) {
-        /* Authoritative DNS resolver */
-        log(`Error using default resolver, attempting to resolve TXT with authoritative NS: ${e.message}`);
-        const authoritativeResolver = await util.getAuthoritativeDnsResolver(recordName);
-        recordValues = await walkDnsChallengeRecord(recordName, authoritativeResolver);
-    }
-
+    const recordValues = await walkTxtRecord(recordName);
     log(`DNS query finished successfully, found ${recordValues.length} TXT records`);
-
     if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
         throw new Error(`Authorization not found in DNS TXT record: ${recordName}，need:${keyAuthorization},found:${recordValues}`);
     }
@@ -153,4 +157,5 @@ module.exports = {
     'http-01': verifyHttpChallenge,
     'dns-01': verifyDnsChallenge,
     'tls-alpn-01': verifyTlsAlpnChallenge,
+    walkTxtRecord,
 };

packages/core/acme-client/types/index.d.ts

@@ -55,8 +55,8 @@ export interface ClientExternalAccountBindingOptions {
 
 export interface ClientAutoOptions {
     csr: CsrBuffer | CsrString;
-    challengeCreateFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string) => Promise<any>;
-    challengeRemoveFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string, recordRes:any) => Promise<any>;
+    challengeCreateFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string) => Promise<{recordReq:any,recordRes:any,dnsProvider:any}>;
+    challengeRemoveFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string,recordReq:any, recordRes:any,dnsProvider:any) => Promise<any>;
     email?: string;
     termsOfServiceAgreed?: boolean;
     skipChallengeVerification?: boolean;
@@ -197,3 +197,5 @@ export const axios: AxiosInstance;
  */
 
 export function setLogger(fn: (msg: string) => void): void;
+
+export function walkTxtRecord(record: any): Promise<string[]>;

packages/core/basic/.eslintrc

@@ -0,0 +1,22 @@
+{
+  "parser": "@typescript-eslint/parser",
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "extends": [
+    "plugin:@typescript-eslint/recommended",
+    "plugin:prettier/recommended",
+    "prettier"
+  ],
+  "env": {
+    "mocha": true
+  },
+  "rules": {
+    "@typescript-eslint/no-var-requires": "off",
+    "@typescript-eslint/ban-ts-comment": "off",
+    "@typescript-eslint/ban-ts-ignore": "off",
+    "@typescript-eslint/no-explicit-any": "off",
+//    "no-unused-expressions": "off",
+    "max-len": [0, 160, 2, { "ignoreUrls": true }]
+  }
+}

packages/core/basic/.gitignore

@@ -0,0 +1,28 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+test/user.secret.*
+test/**/*.js
+src/**/*.spec.ts

packages/core/basic/.npmignore

@@ -0,0 +1,3 @@
+node_modules
+src
+dist/**/*.spec.*

packages/core/basic/.npmrc

@@ -0,0 +1,2 @@
+link-workspace-packages=true
+prefer-workspace-packages=true

packages/core/basic/CHANGELOG.md

@@ -3,8 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
-## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
 
-### Bug Fixes
+**Note:** Version bump only for package @certd/basic
 
-* 修复西部数码账户级别apikey不可用的bug ([f8f3e8b](https://github.com/certd/certd/commit/f8f3e8b43fd5d815887bcb53b95f46dc96424b79))
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+### Performance Improvements
+
+* 新增代理设置功能 ([273ab61](https://github.com/certd/certd/commit/273ab6139f5807f4d7fe865cc353b97f51b9a668))
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/basic
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+### Performance Improvements
+
+* 检查cname是否正确配置 ([b5d8935](https://github.com/certd/certd/commit/b5d8935159374fbe7fc7d4c48ae0ed9396861bdd))

packages/core/basic/build.md

@@ -1 +1 @@
-02:02
+13:48

packages/core/basic/package.json

@@ -1,11 +1,68 @@
 {
   "name": "@certd/basic",
-  "version": "1.25.9",
-  "main": "src/index.js",
+  "private": false,
+  "version": "1.26.5",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "scripts": {
-    "build": "echo 'basic'"
+    "dev": "vite",
+    "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
+    "build": "npm run before-build && tsc --skipLibCheck",
+    "dev-build": "npm run build",
+    "preview": "vite preview",
+    "test": "mocha   --loader=ts-node/esm"
   },
-  "author": "",
-  "license": "MIT",
-  "description": ""
+  "dependencies": {
+    "axios": "^1.7.2",
+    "dayjs": "^1.11.7",
+    "fix-path": "^4.0.0",
+    "http-proxy-agent": "^7.0.2",
+    "https-proxy-agent": "^7.0.5",
+    "lodash-es": "^4.17.21",
+    "lru-cache": "^10.0.0",
+    "nanoid": "^5.0.7",
+    "node-forge": "^1.3.1",
+    "nodemailer": "^6.9.3",
+    "proxy-agent": "^6.4.0",
+    "qs": "^6.11.2"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^23.0.4",
+    "@rollup/plugin-json": "^6.0.0",
+    "@rollup/plugin-node-resolve": "^15.0.1",
+    "@rollup/plugin-terser": "^0.4.3",
+    "@rollup/plugin-typescript": "^11.0.0",
+    "@types/chai": "^4.3.10",
+    "@types/lodash-es": "^4.17.12",
+    "@types/mocha": "^10.0.1",
+    "@types/node-forge": "^1.3.2",
+    "@types/uuid": "^9.0.2",
+    "@typescript-eslint/eslint-plugin": "^5.59.7",
+    "@typescript-eslint/parser": "^5.59.7",
+    "chai": "4.3.10",
+    "dayjs": "^1.11.7",
+    "eslint": "^8.41.0",
+    "eslint-config-prettier": "^8.8.0",
+    "eslint-plugin-import": "^2.27.5",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "iconv-lite": "^0.6.3",
+    "log4js": "^6.9.1",
+    "mocha": "^10.2.0",
+    "prettier": "^2.8.8",
+    "reflect-metadata": "^0.1.13",
+    "rimraf": "^5.0.5",
+    "rollup": "^3.7.4",
+    "rollup-plugin-typescript2": "^0.34.1",
+    "rollup-plugin-visualizer": "^5.8.2",
+    "ts-node": "^10.9.1",
+    "tsc-esm-fix": "^3.0.0",
+    "tslib": "^2.5.2",
+    "typescript": "^5.4.2",
+    "vite": "^4.3.8",
+    "vue-tsc": "^1.6.5"
+  },
+  "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
 }

packages/core/basic/src/index.ts

@@ -0,0 +1 @@
+export * from './utils/index.js';

packages/core/basic/src/utils/index.ts

@@ -0,0 +1,33 @@
+export * from './util.request.js';
+export * from './util.log.js';
+export * from './util.file.js';
+export * from './util.sp.js';
+export * from './util.promise.js';
+export * from './util.hash.js';
+export * from './util.merge.js';
+export * from './util.cache.js';
+import sleep from './util.sleep.js';
+import { http } from './util.request.js';
+import { nanoid } from 'nanoid';
+import { mergeUtils } from './util.merge.js';
+import { sp } from './util.sp.js';
+import { hashUtils } from './util.hash.js';
+import { promises } from './util.promise.js';
+import { fileUtils } from './util.file.js';
+import * as _ from 'lodash-es';
+import { cache } from './util.cache.js';
+import dayjs from 'dayjs';
+
+export const utils = {
+  sleep,
+  http,
+  sp,
+  hash: hashUtils,
+  promises,
+  file: fileUtils,
+  _,
+  mergeUtils,
+  cache,
+  nanoid,
+  dayjs,
+};

packages/core/basic/src/utils/util.promise.ts

@@ -25,7 +25,26 @@ export function safePromise<T>(callback: (resolve: (ret: T) => void, reject: (re
   });
 }
 
+export function promisify(func: any) {
+  return function (...args: any) {
+    return new Promise((resolve, reject) => {
+      try {
+        func(...args, (err: any, data: any) => {
+          if (err) {
+            reject(err);
+          } else {
+            resolve(data);
+          }
+        });
+      } catch (e) {
+        reject(e);
+      }
+    });
+  };
+}
+
 export const promises = {
   TimeoutPromise,
   safePromise,
+  promisify,
 };

packages/core/basic/src/utils/util.request.ts

@@ -1,9 +1,10 @@
-import axios, { AxiosRequestConfig } from "axios";
-import { logger } from "./util.log.js";
-import { Logger } from "log4js";
-import { HttpProxyAgent } from "http-proxy-agent";
-import { HttpsProxyAgent } from "https-proxy-agent";
-import nodeHttp from "http";
+import axios, { AxiosRequestConfig } from 'axios';
+import { logger } from './util.log.js';
+import { Logger } from 'log4js';
+import { HttpProxyAgent } from 'http-proxy-agent';
+import { HttpsProxyAgent } from 'https-proxy-agent';
+import nodeHttp from 'http';
+import * as https from 'node:https';
 export class HttpError extends Error {
   status?: number;
   statusText?: string;
@@ -16,6 +17,11 @@ export class HttpError extends Error {
       return;
     }
     super(error.message);
+
+    if (error?.message?.indexOf('ssl3_get_record:wrong version number') >= 0) {
+      this.message = 'http协议错误，服务端要求http协议，请检查是否使用了https请求';
+    }
+
     this.name = error.name;
     this.code = error.code;
     this.cause = error.cause;
@@ -41,6 +47,21 @@ export class HttpError extends Error {
 }
 
 export const HttpCommonError = HttpError;
+
+let defaultAgents = createAgent();
+
+export function setGlobalProxy(opts: { httpProxy?: string; httpsProxy?: string }) {
+  logger.info('setGlobalProxy:', opts);
+  if (opts.httpProxy) {
+    process.env.HTTP_PROXY = opts.httpProxy;
+  }
+  if (opts.httpsProxy) {
+    process.env.HTTPS_PROXY = opts.httpsProxy;
+  }
+
+  defaultAgents = createAgent();
+}
+
 /**
  * @description 创建请求实例
  */
@@ -48,7 +69,6 @@ export function createAxiosService({ logger }: { logger: Logger }) {
   // 创建一个 axios 实例
   const service = axios.create();
 
-  const defaultAgents = createAgent();
   // 请求拦截
   service.interceptors.request.use(
     (config: any) => {
@@ -58,62 +78,62 @@ export function createAxiosService({ logger }: { logger: Logger }) {
       }
       let agents = defaultAgents;
       if (config.skipSslVerify) {
-        logger.info("跳过SSL验证");
+        logger.info('跳过SSL验证');
         agents = createAgent({ rejectUnauthorized: false } as any);
       }
       delete config.skipSslVerify;
       config.httpsAgent = agents.httpsAgent;
       config.httpAgent = agents.httpAgent;
-
+      config.proxy = false; //必须 否则还会走一层代理，
       return config;
     },
     (error: Error) => {
       // 发送失败
-      logger.error("接口请求失败：", error);
+      logger.error('接口请求失败：', error);
       return Promise.reject(error);
     }
   );
   // 响应拦截
   service.interceptors.response.use(
     (response: any) => {
-      logger.info("http response:", JSON.stringify(response?.data));
+      logger.info('http response:', JSON.stringify(response?.data));
       return response.data;
     },
     (error: any) => {
       const status = error.response?.status;
       switch (status) {
         case 400:
-          error.message = "请求错误";
+          error.message = '请求错误';
           break;
         case 401:
-          error.message = "未授权，请登录";
+          error.message = '未授权，请登录';
           break;
         case 403:
-          error.message = "拒绝访问";
+          error.message = '拒绝访问';
           break;
         case 404:
           error.message = `请求地址出错: ${error.response.config.url}`;
           break;
         case 408:
-          error.message = "请求超时";
+          error.message = '请求超时';
           break;
         case 500:
-          error.message = "服务器内部错误";
+          error.message = '服务器内部错误';
           break;
         case 501:
-          error.message = "服务未实现";
+          error.message = '服务未实现';
           break;
         case 502:
-          error.message = "网关错误";
+          error.message = '网关错误';
           break;
         case 503:
-          error.message = "服务不可用";
+          error.message = '服务不可用';
           break;
         case 504:
-          error.message = "网关超时";
+          error.message = '网关超时';
           break;
         case 505:
-          error.message = "HTTP版本不受支持";
+          error.message = 'HTTP版本不受支持';
           break;
         default:
           break;
@@ -121,12 +141,12 @@ export function createAxiosService({ logger }: { logger: Logger }) {
       logger.error(
         `请求出错：status:${error.response?.status},statusText:${error.response?.statusText},url:${error.config?.url},method:${error.config?.method}。`
       );
-      logger.error("返回数据:", JSON.stringify(error.response?.data));
+      logger.error('返回数据:', JSON.stringify(error.response?.data));
       if (error.response?.data) {
         error.message = error.response.data.message || error.response.data.msg || error.response.data.error || error.response.data;
       }
       if (error instanceof AggregateError) {
-        logger.error("AggregateError", error);
+        logger.error('AggregateError', error);
       }
       const err = new HttpError(error);
       return Promise.reject(err);
@@ -149,13 +169,18 @@ export function createAgent(opts: nodeHttp.AgentOptions = {}) {
   let httpAgent, httpsAgent;
   const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
   if (httpProxy) {
+    logger.info('use httpProxy:', httpProxy);
     httpAgent = new HttpProxyAgent(httpProxy, opts as any);
+  } else {
+    httpAgent = new nodeHttp.Agent(opts);
   }
   const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
   if (httpsProxy) {
+    logger.info('use httpsProxy:', httpsProxy);
     httpsAgent = new HttpsProxyAgent(httpsProxy, opts as any);
+  } else {
+    httpsAgent = new https.Agent(opts);
   }
-
   return {
     httpAgent,
     httpsAgent,

packages/core/basic/tsconfig.json

@@ -0,0 +1,42 @@
+{
+  "compileOnSave": true,
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleResolution": "node",
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    "inlineSourceMap":true,
+    "noImplicitThis": true,
+    "noUnusedLocals": true,
+    "stripInternal": true,
+    "skipLibCheck": true,
+    "pretty": true,
+    "declaration": true,
+    "forceConsistentCasingInFileNames": true,
+    "typeRoots": [ "./typings", "./node_modules/@types"],
+    "outDir": "dist",
+    "rootDir": "src",
+    "composite": true,
+    "useDefineForClassFields": true,
+    "strict": true,
+//    "sourceMap": true,
+    "resolveJsonModule": true,
+    "isolatedModules": false,
+    "lib": ["ESNext", "DOM"],
+  },
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.d.ts",
+    "src/**/*.json"
+  ],
+  "exclude": [
+    "*.js",
+    "*.ts",
+    "*.spec.ts",
+    "dist",
+    "node_modules",
+    "test"
+  ],
+}

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,46 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+### Performance Improvements
+
+* [comm] 支持插件管理 ([e8b617b](https://github.com/certd/certd/commit/e8b617b80ce882dd63006f0cfc719a80a1cc6acc))
+* EAB授权支持绑定邮箱，支持公共EAB设置 ([07043af](https://github.com/certd/certd/commit/07043aff0ca7fd29c56dd3c363002cb15d78b464))
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/pipeline
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+### Bug Fixes
+
+* 修复某些代理情况下 报 400 The plain HTTP request was sent to HTTPS port use proxy 的bug ([a13203f](https://github.com/certd/certd/commit/a13203fb3f48c427d0d81a504912248dcc07df1a))
+
+### Features
+
+* 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析 ([f3d3508](https://github.com/certd/certd/commit/f3d35084ed44f9f33845f7045e520be5c27eed93))
+* 站点个性化设置 ([11a9fe9](https://github.com/certd/certd/commit/11a9fe9014d96cba929e5a066e78f2af7ae59d14))
+
+### Performance Improvements
+
+* 调整全部静态资源到static目录 ([a218890](https://github.com/certd/certd/commit/a21889080d6c7ffdf0af526a3a21f0b2d1c77288))
+* 检查cname是否正确配置 ([b5d8935](https://github.com/certd/certd/commit/b5d8935159374fbe7fc7d4c48ae0ed9396861bdd))
+* cname校验配置增加未校验通过提示 ([77cc3c4](https://github.com/certd/certd/commit/77cc3c4a5cbd81f8233a8e0bb33fab0621c0905f))
+
 ## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.25.9",
+  "version": "1.26.5",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -9,20 +9,22 @@
     "dev": "vite",
     "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
     "build": "npm run before-build && tsc --skipLibCheck",
+    "dev-build": "npm run build",
     "build3": "rollup -c",
-    "build2": "vue-tsc --noEmit && vite build",
     "preview": "vite preview",
     "test": "mocha   --loader=ts-node/esm"
   },
   "dependencies": {
-    "@certd/basic": "^1.25.9",
-    "@certd/plus-core": "^1.25.9",
+    "@certd/basic": "^1.26.5",
+    "@certd/plus-core": "^1.26.5",
     "axios": "^1.7.2",
+    "dayjs": "^1.11.7",
     "fix-path": "^4.0.0",
     "http-proxy-agent": "^7.0.2",
     "https-proxy-agent": "^7.0.5",
     "lodash-es": "^4.17.21",
     "lru-cache": "^10.0.0",
+    "nanoid": "^5.0.7",
     "node-forge": "^1.3.1",
     "nodemailer": "^6.9.3",
     "proxy-agent": "^6.4.0",
@@ -64,5 +66,5 @@
     "vite": "^4.3.8",
     "vue-tsc": "^1.6.5"
   },
-  "gitHead": "f548fe70117c7b56f40c66a3021e63b6cb264fb3"
+  "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
 }

packages/core/pipeline/src/core/executor.ts

@@ -1,19 +1,16 @@
 import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../dt/index.js";
-import _ from "lodash-es";
 import { RunHistory, RunnableCollection } from "./run-history.js";
 import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext, UserInfo } from "../plugin/index.js";
 import { ContextFactory, IContext } from "./context.js";
 import { IStorage } from "./storage.js";
-import { logger } from "../utils/util.log.js";
+import { createAxiosService, hashUtils, logger, utils } from "../utils/index.js";
 import { Logger } from "log4js";
-import { createAxiosService } from "../utils/util.request.js";
 import { IAccessService } from "../access/index.js";
 import { RegistryItem } from "../registry/index.js";
 import { Decorator } from "../decorator/index.js";
-import { IEmailService } from "../service/index.js";
+import { ICnameProxyService, IEmailService, IPluginConfigService } from "../service/index.js";
 import { FileStore } from "./file-store.js";
-import { hashUtils, utils } from "../utils/index.js";
-// import { TimeoutPromise } from "../utils/util.promise.js";
+import { cloneDeep, forEach, merge } from "lodash-es";
 
 export type ExecutorOptions = {
   pipeline: Pipeline;
@@ -21,6 +18,8 @@ export type ExecutorOptions = {
   onChanged: (history: RunHistory) => Promise<void>;
   accessService: IAccessService;
   emailService: IEmailService;
+  cnameProxyService: ICnameProxyService;
+  pluginConfigService: IPluginConfigService;
   fileRootDir?: string;
   user: UserInfo;
 };
@@ -42,7 +41,7 @@ export class Executor {
   onChanged: (history: RunHistory) => Promise<void>;
   constructor(options: ExecutorOptions) {
     this.options = options;
-    this.pipeline = _.cloneDeep(options.pipeline);
+    this.pipeline = cloneDeep(options.pipeline);
     this.onChanged = async (history: RunHistory) => {
       await options.onChanged(history);
     };
@@ -218,10 +217,12 @@ export class Executor {
     const instance: ITaskPlugin = new plugin.target();
     // @ts-ignore
     const define: PluginDefine = plugin.define;
+    const pluginName = define.name;
+    const pluginConfig = await this.options.pluginConfigService.getPluginConfig(pluginName);
     //从outputContext读取输入参数
-    const input = _.cloneDeep(step.input);
+    const input = cloneDeep(step.input);
     Decorator.inject(define.input, instance, input, (item, key) => {
-      if (item.component?.name === "pi-output-selector") {
+      if (item.component?.name === "output-selector") {
         const contextKey = input[key];
         if (contextKey != null) {
           if (typeof contextKey !== "string") {
@@ -239,6 +240,12 @@ export class Executor {
       }
     });
 
+    const sysInput = pluginConfig.sysSetting?.input || {};
+    //注入系统设置参数
+    for (const sysInputKey in sysInput) {
+      input[sysInputKey] = sysInput[sysInputKey];
+    }
+
     const newInputHash = hashUtils.md5(JSON.stringify(input));
     step.status!.inputHash = newInputHash;
     //判断是否需要跳过
@@ -268,6 +275,8 @@ export class Executor {
       inputChanged,
       accessService: this.options.accessService,
       emailService: this.options.emailService,
+      cnameProxyService: this.options.cnameProxyService,
+      pluginConfigService: this.options.pluginConfigService,
       pipelineContext: this.pipelineContext,
       userContext: this.contextFactory.getContext("user", this.options.user.id),
       fileStore: new FileStore({
@@ -289,7 +298,7 @@ export class Executor {
       this.lastStatusMap.clear();
     }
     //输出上下文变量到output context
-    _.forEach(define.output, (item: any, key: any) => {
+    forEach(define.output, (item: any, key: any) => {
       step.status!.output[key] = instance[key];
       // const stepOutputKey = `step.${step.id}.${key}`;
       // this.runtime.context[stepOutputKey] = instance[key];
@@ -299,7 +308,7 @@ export class Executor {
     if (Object.keys(instance._result.pipelineVars).length > 0) {
       // 判断 pipelineVars 有值时更新
       const vars = this.pipelineContext.getObj("vars");
-      _.merge(vars, instance._result.pipelineVars);
+      merge(vars, instance._result.pipelineVars);
       await this.pipelineContext.setObj("vars", vars);
     }
   }

packages/core/pipeline/src/core/license.ts

@@ -1,5 +1,5 @@
 import { logger } from "../utils/index.js";
-import { setLogger, isPlus } from "@certd/plus-core";
+import { setLogger, isPlus, isComm } from "@certd/plus-core";
 setLogger(logger);
 export * from "@certd/plus-core";
 
@@ -8,3 +8,9 @@ export function checkPlus() {
     throw new Error("此为专业版功能，请升级到专业版");
   }
 }
+
+export function checkComm() {
+  if (!isComm()) {
+    throw new Error("此为商业版功能，请升级到商业版");
+  }
+}

packages/core/pipeline/src/core/run-history.ts

@@ -1,6 +1,6 @@
 import { HistoryResult, Pipeline, ResultType, Runnable, RunnableMap, Stage, Step, Task } from "../dt/index.js";
 import _ from "lodash-es";
-import { buildLogger } from "../utils/util.log.js";
+import { buildLogger } from "../utils/index.js";
 import { Logger } from "log4js";
 
 export type HistoryStatus = {

packages/core/pipeline/src/core/storage.ts

@@ -1,6 +1,6 @@
 import fs from "fs";
 import path from "path";
-import { fileUtils } from "../utils/util.file.js";
+import { fileUtils } from "../utils/index.js";
 
 export interface IStorage {
   get(scope: string, namespace: string, version: string, key: string): Promise<string | null>;

packages/core/pipeline/src/index.ts

@@ -1,4 +1,3 @@
-import "util";
 export * from "./core/index.js";
 export * from "./dt/index.js";
 export * from "./access/index.js";

packages/core/pipeline/src/plugin/api.ts

@@ -3,12 +3,13 @@ import { FileItem, FormItemProps, Pipeline, Runnable, Step } from "../dt/index.j
 import { FileStore } from "../core/file-store.js";
 import { Logger } from "log4js";
 import { IAccessService } from "../access/index.js";
-import { IEmailService } from "../service/index.js";
+import { ICnameProxyService, IEmailService } from "../service/index.js";
 import { IContext, PluginRequestHandleReq, RunnableCollection } from "../core/index.js";
 import { ILogger, logger, utils } from "../utils/index.js";
-import { HttpClient } from "../utils/util.request.js";
+import { HttpClient } from "../utils/index.js";
 import dayjs from "dayjs";
-import _ from "lodash-es";
+import { IPluginConfigService } from "../service/config";
+import { upperFirst } from "lodash-es";
 export type UserInfo = {
   role: "admin" | "user";
   id: any;
@@ -25,7 +26,10 @@ export type TaskOutputDefine = {
   type?: string;
 };
 
-export type TaskInputDefine = FormItemProps;
+export type TaskInputDefine = {
+  required?: boolean;
+  isSys?: boolean;
+} & FormItemProps;
 
 export type PluginDefine = Registrable & {
   default?: any;
@@ -70,6 +74,10 @@ export type TaskInstanceContext = {
   accessService: IAccessService;
   //邮件服务
   emailService: IEmailService;
+  //cname记录服务
+  cnameProxyService: ICnameProxyService;
+  //插件配置服务
+  pluginConfigService: IPluginConfigService;
   //流水线上下文
   pipelineContext: IContext;
   //用户上下文
@@ -84,7 +92,7 @@ export type TaskInstanceContext = {
   signal: AbortSignal;
   //工具类
   utils: typeof utils;
-
+  //用户信息
   user: UserInfo;
 };
 
@@ -167,7 +175,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
 
     let methodName = req.action;
     if (!req.action.startsWith("on")) {
-      methodName = `on${_.upperFirst(req.action)}`;
+      methodName = `on${upperFirst(req.action)}`;
     }
 
     // @ts-ignore

packages/core/pipeline/src/plugin/decorator.ts

@@ -1,9 +1,9 @@
-import _ from "lodash-es";
 import { pluginRegistry } from "./registry.js";
 import { PluginDefine, TaskInputDefine, TaskOutputDefine } from "./api.js";
 import { Decorator } from "../decorator/index.js";
 import { AUTOWIRE_KEY } from "../decorator/index.js";
 import "reflect-metadata";
+import { merge, sortBy } from "lodash-es";
 // 提供一个唯一 key
 export const PLUGIN_CLASS_KEY = "pipeline:plugin";
 
@@ -42,13 +42,13 @@ export function IsTaskPlugin(define: PluginDefine): ClassDecorator {
       }
       inputArray.push([key, _input]);
     }
-    inputArray = _.sortBy(inputArray, (item: any) => item[1].order);
+    inputArray = sortBy(inputArray, (item: any) => item[1].order);
     const inputMap: any = {};
     inputArray.forEach((item: any) => {
       inputMap[item[0]] = item[1];
     });
 
-    _.merge(define, { input: inputMap, autowire: autowires, output: outputs });
+    merge(define, { input: inputMap, autowire: autowires, output: outputs });
 
     Reflect.defineMetadata(PLUGIN_CLASS_KEY, define, target);
 

packages/core/pipeline/src/service/cname.ts

@@ -0,0 +1,17 @@
+export type CnameProvider = {
+  id: any;
+  domain: string;
+  dnsProviderType: string;
+  accessId: any;
+};
+export type CnameRecord = {
+  id: any;
+  domain: string;
+  hostRecord: string;
+  recordValue: string;
+  cnameProvider: CnameProvider;
+  status: string;
+};
+export type ICnameProxyService = {
+  getByDomain: (domain: string) => Promise<CnameRecord>;
+};

packages/core/pipeline/src/service/config.ts

@@ -0,0 +1,12 @@
+export type PluginConfig = {
+  name: string;
+  disabled: boolean;
+  sysSetting: {
+    input: Record<string, any>;
+  };
+};
+
+//插件配置服务
+export type IPluginConfigService = {
+  getPluginConfig: (pluginName: string) => Promise<PluginConfig>;
+};

packages/core/pipeline/src/service/index.ts

@@ -1 +1,3 @@
 export * from "./email.js";
+export * from "./cname.js";
+export * from "./config.js";

packages/core/pipeline/src/utils/index.ts

@@ -1,28 +1 @@
-import sleep from "./util.sleep.js";
-import { http } from "./util.request.js";
-export * from "./util.request.js";
-export * from "./util.log.js";
-export * from "./util.file.js";
-export * from "./util.sp.js";
-export * from "./util.promise.js";
-export * from "./util.hash.js";
-export * from "./util.merge.js";
-export * from "./util.cache.js";
-import { mergeUtils } from "./util.merge.js";
-import { sp } from "./util.sp.js";
-import { hashUtils } from "./util.hash.js";
-import { promises } from "./util.promise.js";
-import { fileUtils } from "./util.file.js";
-import _ from "lodash-es";
-import { cache } from "./util.cache.js";
-export const utils = {
-  sleep,
-  http,
-  sp,
-  hash: hashUtils,
-  promises,
-  file: fileUtils,
-  _,
-  mergeUtils,
-  cache,
-};
+export * from "@certd/basic";

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.25.9",
+  "version": "1.26.5",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -9,7 +9,7 @@
     "dev": "vite",
     "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
     "build": "npm run before-build && rollup -c ",
-    "build2": "vue-tsc --noEmit && vite build",
+    "dev-build": "npm run build",
     "preview": "vite preview"
   },
   "dependencies": {
@@ -17,5 +17,5 @@
     "rimraf": "^5.0.5",
     "rollup": "^3.7.4"
   },
-  "gitHead": "f548fe70117c7b56f40c66a3021e63b6cb264fb3"
+  "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.25.9",
+  "version": "1.26.5",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -9,6 +9,7 @@
     "dev": "vite",
     "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
     "build": "npm run before-build && tsc --skipLibCheck",
+    "dev-build": "npm run build",
     "build3": "rollup -c",
     "build2": "vue-tsc --noEmit && vite build",
     "preview": "vite preview"
@@ -38,5 +39,5 @@
     "tslib": "^2.5.2",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f548fe70117c7b56f40c66a3021e63b6cb264fb3"
+  "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
 ## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
 
 **Note:** Version bump only for package @certd/lib-jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-jdcloud",
   "private": false,
-  "version": "1.25.9",
+  "version": "1.26.5",
   "main": "./dist/bundle.mjs",
   "module": "./dist/bundle.mjs",
   "types": "./dist/d/index.d.ts",
@@ -9,7 +9,7 @@
     "dev": "vite",
     "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
     "build": "npm run before-build && rollup -c ",
-    "build2": "vue-tsc --noEmit && vite build",
+    "dev-build": "npm run build",
     "preview": "vite preview"
   },
   "dependencies": {
@@ -27,5 +27,5 @@
     "rimraf": "^5.0.5",
     "rollup": "^3.7.4"
   },
-  "gitHead": "f548fe70117c7b56f40c66a3021e63b6cb264fb3"
+  "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.25.9",
+  "version": "1.26.5",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -9,6 +9,7 @@
     "dev": "vite",
     "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
     "build": "npm run before-build && tsc --skipLibCheck",
+    "dev-build": "npm run build",
     "build3": "rollup -c",
     "build2": "vue-tsc --noEmit && vite build",
     "preview": "vite preview"
@@ -17,7 +18,7 @@
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
-    "@certd/pipeline": "^1.25.9",
+    "@certd/pipeline": "^1.26.5",
     "@rollup/plugin-commonjs": "^23.0.4",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-node-resolve": "^15.0.1",
@@ -39,5 +40,5 @@
     "tslib": "^2.5.2",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f548fe70117c7b56f40c66a3021e63b6cb264fb3"
+  "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
 }

packages/libs/lib-server/.dockerignore

@@ -0,0 +1,16 @@
+logs/
+npm-debug.log
+yarn-error.log
+node_modules/
+package-lock.json
+yarn.lock
+coverage/
+!dist/
+.idea/
+run/
+.DS_Store
+*.sw*
+*.un~
+.tsbuildinfo
+.tsbuildinfo.*
+/data/db.sqlite

packages/libs/lib-server/.editorconfig

@@ -0,0 +1,11 @@
+# 🎨 editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true

packages/libs/lib-server/.eslintrc.json

@@ -0,0 +1,7 @@
+{
+  "extends": "./node_modules/mwts/",
+  "ignorePatterns": ["node_modules", "dist", "test", "jest.config.js", "typings"],
+  "env": {
+    "jest": true
+  }
+}

packages/libs/lib-server/.gitignore

@@ -0,0 +1,28 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+test/user.secret.ts
+
+tsconfig.tsbuildinfo

packages/libs/lib-server/.npmignore

@@ -0,0 +1,2 @@
+node_modules
+src

packages/libs/lib-server/.prettierrc

@@ -0,0 +1,7 @@
+{
+  "printWidth": 160,
+  "bracketSpacing": true,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "arrowParens": "avoid"
+}

packages/libs/lib-server/CHANGELOG.md

@@ -0,0 +1,121 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+## [1.26.5](https://github.com/certd/certd/compare/v1.26.4...v1.26.5) (2024-10-14)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.4](https://github.com/certd/certd/compare/v1.26.3...v1.26.4) (2024-10-14)
+
+### Performance Improvements
+
+* [comm] 支持插件管理 ([e8b617b](https://github.com/certd/certd/commit/e8b617b80ce882dd63006f0cfc719a80a1cc6acc))
+* 新增代理设置功能 ([273ab61](https://github.com/certd/certd/commit/273ab6139f5807f4d7fe865cc353b97f51b9a668))
+* EAB授权支持绑定邮箱，支持公共EAB设置 ([07043af](https://github.com/certd/certd/commit/07043aff0ca7fd29c56dd3c363002cb15d78b464))
+
+## [1.26.3](https://github.com/certd/certd/compare/v1.26.2...v1.26.3) (2024-10-12)
+
+### Performance Improvements
+
+* 优化系统设置加载时机 ([7396253](https://github.com/certd/certd/commit/73962536d5a4769902d760d005f3f879465addcc))
+
+## [1.26.2](https://github.com/certd/certd/compare/v1.26.1...v1.26.2) (2024-10-11)
+
+### Bug Fixes
+
+* 修复某些情况下bindUrl失败的bug ([91fc1cd](https://github.com/certd/certd/commit/91fc1cd7353be4a22be951239ed70b38baebc74e))
+
+### Performance Improvements
+
+* 邮箱设置改为系统设置，普通用户无需配置发件邮箱 ([4244569](https://github.com/certd/certd/commit/42445692117184a3293e63bef84a74cbb5984b0e))
+
+## [1.26.1](https://github.com/certd/certd/compare/v1.26.0...v1.26.1) (2024-10-10)
+
+**Note:** Version bump only for package @certd/lib-server
+
+# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
+
+### Bug Fixes
+
+* 修复历史记录根据流水线名称查询报错的bug ([ce9a986](https://github.com/certd/certd/commit/ce9a9862f122fce2186e7727eaa4b251b59e6032))
+
+### Features
+
+* 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析 ([f3d3508](https://github.com/certd/certd/commit/f3d35084ed44f9f33845f7045e520be5c27eed93))
+* 站点个性化设置 ([11a9fe9](https://github.com/certd/certd/commit/11a9fe9014d96cba929e5a066e78f2af7ae59d14))
+
+### Performance Improvements
+
+* 调整全部静态资源到static目录 ([a218890](https://github.com/certd/certd/commit/a21889080d6c7ffdf0af526a3a21f0b2d1c77288))
+* 检查cname是否正确配置 ([b5d8935](https://github.com/certd/certd/commit/b5d8935159374fbe7fc7d4c48ae0ed9396861bdd))
+
+## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.8](https://github.com/certd/certd/compare/v1.25.7...v1.25.8) (2024-09-30)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.7](https://github.com/certd/certd/compare/v1.25.6...v1.25.7) (2024-09-29)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.6](https://github.com/certd/certd/compare/v1.25.5...v1.25.6) (2024-09-29)
+
+### Performance Improvements
+
+* 部署支持1Panel ([d047234](https://github.com/certd/certd/commit/d047234d98d31504f2e5a472b66e1b75806af26e))
+
+## [1.25.5](https://github.com/certd/certd/compare/v1.25.4...v1.25.5) (2024-09-26)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.4](https://github.com/certd/certd/compare/v1.25.3...v1.25.4) (2024-09-25)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.3](https://github.com/certd/certd/compare/v1.25.2...v1.25.3) (2024-09-24)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.2](https://github.com/certd/certd/compare/v1.25.1...v1.25.2) (2024-09-24)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.25.1](https://github.com/certd/certd/compare/v1.25.0...v1.25.1) (2024-09-24)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+# [1.25.0](https://github.com/certd/certd/compare/v1.24.4...v1.25.0) (2024-09-24)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.24.4](https://github.com/certd/certd/compare/v1.24.3...v1.24.4) (2024-09-09)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.22.6](https://github.com/certd/certd/compare/v1.22.5...v1.22.6) (2024-08-03)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.22.2](https://github.com/certd/certd/compare/v1.22.1...v1.22.2) (2024-07-23)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.22.1](https://github.com/certd/certd/compare/v1.22.0...v1.22.1) (2024-07-20)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+# [1.22.0](https://github.com/certd/certd/compare/v1.21.2...v1.22.0) (2024-07-19)
+
+### Features
+
+* 升级midway，支持esm ([485e603](https://github.com/certd/certd/commit/485e603b5165c28bc08694997726eaf2a585ebe7))
+* 支持postgresql ([3b19bfb](https://github.com/certd/certd/commit/3b19bfb4291e89064b3b407a80dae092d54747d5))

packages/libs/lib-server/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Greper
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

packages/libs/lib-server/README.md

@@ -0,0 +1,16 @@
+# Vue 3 + TypeScript + Vite
+
+This template should help get you started developing with Vue 3 and TypeScript in Vite. The template uses Vue 3 `<script setup>` SFCs, check out the [script setup docs](https://v3.vuejs.org/api/sfc-script-setup.html#sfc-script-setup) to learn more.
+
+## Recommended IDE Setup
+
+- [VS Code](https://code.visualstudio.com/) + [Volar](https://marketplace.visualstudio.com/items?itemName=Vue.volar)
+
+## Type Support For `.vue` Imports in TS
+
+Since TypeScript cannot handle type information for `.vue` imports, they are shimmed to be a generic Vue component type by default. In most cases this is fine if you don't really care about component prop types outside of templates. However, if you wish to get actual prop types in `.vue` imports (for example to get props validation when using manual `h(...)` calls), you can enable Volar's Take Over mode by following these steps:
+
+1. Run `Extensions: Show Built-in Extensions` from VS Code's command palette, look for `TypeScript and JavaScript Language Features`, then right click and select `Disable (Workspace)`. By default, Take Over mode will enable itself if the default TypeScript extension is disabled.
+2. Reload the VS Code window by running `Developer: Reload Window` from the command palette.
+
+You can learn more about Take Over mode [here](https://github.com/johnsoncodehk/volar/discussions/471).

packages/libs/lib-server/README_zhCN.md

@@ -0,0 +1,125 @@
+# midway-flyway-js
+
+[English](./README.md) | [简体中文](./README_zhCN.md)
+
+
+`midway-flyway-js`是基于typeorm的flyway的js实现。
+本项目被构建为midway组件，可与midway无缝集成。
+
+# flyway
+flyway是一款java版本的数据库升级迁移解决方案。
+它能在server启动时自动检查脚本目录，执行sql升级脚本，记录执行历史。
+
+本项目根据类似flyway的思路实现数据库升级迁移方案
+
+# 快速开始
+
+## 1. 准备
+* nodejs环境
+* midway项目
+* [配置typeorm](https://www.yuque.com/midwayjs/midway_v2/orm)
+
+## 2. 安装
+```
+npm install midway-flyway-js
+# or
+yarn add midway-flyway-js
+```
+## 3. 集成
+```js
+import * as orm from 'typeorm';
+import * as flyway from 'midway-flyway-js';
+@Configuration({
+  imports: [
+    orm, // 加载 orm 组件
+    flyway, //加载flyway组件
+  ],
+})
+export class ContainerConfiguration {}
+```
+
+
+## 4. 配置参数【可选】
+`/src/config/config.default.js`文件
+```js
+export const flyway ={
+  // 脚本目录
+  // 默认值 "./db/migrition"
+  scriptDir:"./db/migrition",
+  // 基线，基线脚本及之前的脚本都跳过不执行
+  // 默认值：null
+  // 如果你原本就是空数据库，那么不需要配置此项
+  baseline: 'v1__init.sql',
+  // 执行记录表名
+  // 默认值 flyway_history
+  flywayTableName:'flyway_history',
+  // 是否允许hash值不同
+  // 默认值：false
+  // 相同名称sql文件被改动后，hash会变化
+  // 此时运行会报hash conflict错误
+  // 配置此参数为true，将忽略hash conflict错误
+  allowHashNotMatch:false
+}
+
+```
+## 5. 编写升级sql
+
+将你的sql升级脚本，放到 `/src/db/migrition`目录下
+
+建议命名规则`v{version}__{name}.sql`,例如`v1__init.sql`
+
+
+## 6. 启动你的midway服务
+```
+npm run dev
+```
+
+## 7. 运行效果
+以下效果为midway自动启动后，自动执行`v1__init.sql`脚本的记录
+```
+2021-06-26 15:45:39,630 INFO 12245 [ midfly ] start-------------
+query: SELECT * FROM "sqlite_master" WHERE "type" = 'table' AND "name" = 'flyway_history'
+query: CREATE TABLE "flyway_history" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "timestamp" bigint NOT NULL, "name" varchar NOT NULL, "hash" varchar, "success" boolean)
+query: BEGIN TRANSACTION
+query: SELECT "FlywayHistory"."id" AS "FlywayHistory_id", "FlywayHistory"."name" AS "FlywayHistory_name", "FlywayHistory"."hash" AS "FlywayHistory_hash", "FlywayHistory"."timestamp" AS "FlywayHistory_timestamp", "FlywayHistory"."success" AS "FlywayHistory_success" FROM "flyway_history" "FlywayHistory" WHERE "FlywayHistory"."name" = ? AND "FlywayHistory"."success" = ? LIMIT 1 -- PARAMETERS: ["v1__init.sql",1]
+2021-06-26 15:45:39,664 INFO 12245 need exec script file:
+2021-06-26 15:45:39,666 INFO 12245 [ midfly ] exec
+query: -- 表：sys_permission
+CREATE TABLE "sys_permission" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "title" varchar(100) NOT NULL, "permission" varchar(100), "parent_id" integer NOT NULL DEFAULT (-1), "sort" integer NOT NULL, "create_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP), "update_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP));
+query: INSERT INTO sys_permission (id, title, permission, parent_id, sort, create_time, update_time) VALUES (1, '系统管理', 'sys', -1, 1, 1, 1624085863636);
+query: -- 表：sys_role
+CREATE TABLE "sys_role" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(100) NOT NULL, "create_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP), "update_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP));
+query: INSERT INTO sys_role (id, name, create_time, update_time) VALUES (1, '管理员', 1, 1623749138537);
+query: -- 表：sys_role_permission
+CREATE TABLE "sys_role_permission" ("role_id" integer NOT NULL, "permission_id" integer NOT NULL, PRIMARY KEY ("role_id", "permission_id"));
+query: INSERT INTO sys_role_permission (role_id, permission_id) VALUES (1, 1);
+query: -- 表：sys_user
+CREATE TABLE "sys_user" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "username" varchar(100) NOT NULL, "password" varchar(50) NOT NULL, "nick_name" varchar(50), "avatar" varchar(255), "phone_code" varchar(20), "mobile" varchar(20), "email" varchar(100),"remark" varchar(100), "status" integer NOT NULL DEFAULT (1), "create_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP), "update_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP));
+query: INSERT INTO sys_user (id, username, password, nick_name, avatar, phone_code, mobile, email, status, create_time, update_time,remark) VALUES (1, 'admin', 'e10adc3949ba59abbe56e057f20f883e', 'admin', NULL, NULL, NULL, NULL, 1, 2011123132, 123132,NULL);
+query: -- 表：sys_user_role
+CREATE TABLE "sys_user_role" ("role_id" integer NOT NULL, "user_id" integer NOT NULL, PRIMARY KEY ("role_id", "user_id"));
+query: INSERT INTO sys_user_role (role_id, user_id) VALUES (1, 1);
+query: -- 索引：IDX_223de54d6badbe43a5490450c3
+CREATE UNIQUE INDEX "IDX_223de54d6badbe43a5490450c3" ON "sys_role" ("name");
+query: -- 索引：IDX_9e7164b2f1ea1348bc0eb0a7da
+CREATE UNIQUE INDEX "IDX_9e7164b2f1ea1348bc0eb0a7da" ON "sys_user" ("username");
+query: DELETE FROM "flyway_history" WHERE "name" = ? -- PARAMETERS: ["v1__init.sql"]
+query: INSERT INTO "flyway_history"("id", "name", "hash", "timestamp", "success") VALUES (NULL, ?, ?, ?, ?) -- PARAMETERS: ["v1__init.sql","0c661bd7afebac224bbaa60bc5bb56e9",1624693539781,1]
+query: SELECT "FlywayHistory"."id" AS "FlywayHistory_id", "FlywayHistory"."success" AS "FlywayHistory_success" FROM "flyway_history" "FlywayHistory" WHERE "FlywayHistory"."id" = ? -- PARAMETERS: [1]
+query: COMMIT
+2021-06-26 15:45:39,800 INFO 12245 [ midfly ] end-------------
+```
+
+# 注意事项
+1. 升级sql文件最后一行请不要有注释，应该以一条sql语句的分号结尾。
+
+# 他们在用
+* [fs-server-js](https://github.com/fast-crud/fs-server-js)
+
+# 参考项目
+* [flyway](https://github.com/flyway/flyway) : java版flyway
+* [flyway-js](https://github.com/wanglihui/flyway-js) : Sequelize版flyway
+
+感谢以上项目
+
+

packages/libs/lib-server/jest.config.js

@@ -0,0 +1,6 @@
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+  testPathIgnorePatterns: ['<rootDir>/test/fixtures'],
+  coveragePathIgnorePatterns: ['<rootDir>/test/'],
+};

packages/libs/lib-server/ormconfig.json

@@ -0,0 +1,7 @@
+{
+  "type": "sqlite",
+  "database": "./data/db.sqlite",
+  "synchronize": false,
+  "logging": true,
+  "entities": [ "src/**/entity.ts"]
+}

packages/libs/lib-server/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "@certd/lib-server",
+  "version": "1.26.5",
+  "description": "midway with flyway, sql upgrade way ",
+  "private": false,
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
+    "build": "npm run before-build && tsc --skipLibCheck",
+    "dev-build": "npm run build",
+    "test": "midway-bin test --ts -V",
+    "test1": "midway-bin test --ts -V -f test/blank.test.ts -t 'hash-check'",
+    "cov": "midway-bin cov --ts",
+    "lint": "mwts check",
+    "lint:fix": "mwts fix",
+    "prepublish": "npm run build",
+    "pub": "npm publish"
+  },
+  "keywords": [],
+  "author": "greper",
+  "files": [
+    "dist/**/*.js",
+    "dist/**/*.d.ts"
+  ],
+  "license": "AGPL",
+  "dependencies": {
+    "@certd/basic": "^1.26.5",
+    "@certd/pipeline": "^1.26.5",
+    "@midwayjs/cache": "~3.14.0",
+    "@midwayjs/core": "~3.17.1",
+    "@midwayjs/i18n": "~3.17.3",
+    "@midwayjs/info": "~3.17.3",
+    "@midwayjs/koa": "~3.17.1",
+    "@midwayjs/logger": "~3.4.2",
+    "@midwayjs/typeorm": "~3.17.1",
+    "@midwayjs/upload": "^3.17.3",
+    "better-sqlite3": "^11.1.2",
+    "dayjs": "^1.11.7",
+    "lodash-es": "^4.17.21",
+    "typeorm": "^0.3.20"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^23.0.4",
+    "@rollup/plugin-json": "^6.0.0",
+    "@rollup/plugin-node-resolve": "^15.0.1",
+    "@rollup/plugin-terser": "^0.4.3",
+    "@rollup/plugin-typescript": "^11.0.0",
+    "@types/chai": "^4.3.3",
+    "@types/node": "^18",
+    "@typescript-eslint/eslint-plugin": "^5.38.1",
+    "@typescript-eslint/parser": "^5.38.1",
+    "cross-env": "^6.0.0",
+    "eslint": "^8.24.0",
+    "eslint-config-prettier": "^8.5.0",
+    "eslint-plugin-import": "^2.26.0",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "mwts": "^1.3.0",
+    "mwtsc": "^1.4.0",
+    "prettier": "^2.8.8",
+    "rimraf": "^5.0.5",
+    "rollup": "^3.7.4",
+    "rollup-plugin-visualizer": "^5.8.2",
+    "ts-node": "^10.9.1",
+    "tslib": "^2.5.2",
+    "typeorm": "^0.3.11",
+    "typescript": "^5.4.2"
+  },
+  "gitHead": "e96a83a528d6b850bca12d1636690d2ec654ed57"
+}

packages/libs/lib-server/src/basic/base-controller.ts

@@ -1,10 +1,10 @@
 import { Inject } from '@midwayjs/core';
-import { Context } from '@midwayjs/koa';
+import * as koa from '@midwayjs/koa';
 import { Constants } from './constants.js';
 
 export abstract class BaseController {
   @Inject()
-  ctx: Context;
+  ctx: koa.Context;
 
   /**
    * 成功返回

packages/libs/lib-server/src/basic/base-service.ts

@@ -1,11 +1,24 @@
-import { ValidateException } from './exception/validation-exception.js';
+import { ValidateException } from './exception/index.js';
 import * as _ from 'lodash-es';
-import { PermissionException } from './exception/permission-exception.js';
-import { Repository } from 'typeorm';
+import { PermissionException } from './exception/index.js';
+import { In, Repository, SelectQueryBuilder } from 'typeorm';
 import { Inject } from '@midwayjs/core';
 import { TypeORMDataSourceManager } from '@midwayjs/typeorm';
 import { EntityManager } from 'typeorm/entity-manager/EntityManager.js';
 
+export type PageReq<T = any> = {
+  page?: { offset: number; limit: number };
+} & ListReq<T>;
+
+export type ListReq<T = any> = {
+  query?: Partial<T>;
+  order?: {
+    prop: string;
+    asc: boolean;
+  };
+  buildQuery?: (bq: SelectQueryBuilder<any>) => void;
+};
+
 /**
  * 服务基类
  */
@@ -49,16 +62,22 @@ export abstract class BaseService<T> {
   /**
    * 删除
    * @param ids 删除的ID集合 如：[1,2,3] 或者 1,2,3
+   * @param where
    */
-  async delete(ids) {
-    if (ids instanceof Array) {
-      await this.getRepository().delete(ids);
-    } else if (typeof ids === 'string') {
-      await this.getRepository().delete(ids.split(','));
-    } else {
-      //ids是一个condition
-      await this.getRepository().delete(ids);
+  async delete(ids: any, where?: any) {
+    if (!ids) {
+      throw new ValidateException('ids不能为空');
     }
+    if (typeof ids === 'string') {
+      ids = ids.split(',');
+    }
+    if (ids.length === 0) {
+      return;
+    }
+    await this.getRepository().delete({
+      id: In(ids),
+      ...where,
+    });
     await this.modifyAfter(ids);
   }
 
@@ -90,7 +109,7 @@ export abstract class BaseService<T> {
    * @param param 数据
    */
   async update(param) {
-    if (!param.id) throw new ValidateException('no id');
+    if (!param.id) throw new ValidateException('id 不能为空');
     param.updateTime = new Date();
     await this.addOrUpdate(param);
     await this.modifyAfter(param);
@@ -100,50 +119,22 @@ export abstract class BaseService<T> {
    * 新增|修改|删除 之后的操作
    * @param data 对应数据
    */
-  async modifyAfter(data) {}
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  async modifyAfter(data: any) {}
 
   /**
    * 分页查询
-   * @param query 查询条件 bean
-   * @param page
-   * @param order
-   * @param buildQuery
    */
-  async page(query, page = { offset: 0, limit: 20 }, order, buildQuery) {
+  async page(pageReq: PageReq<T>) {
+    const { page } = pageReq;
     if (page.offset == null) {
       page.offset = 0;
     }
     if (page.limit == null) {
       page.limit = 20;
     }
-    const qb = this.getRepository().createQueryBuilder('main');
-    if (order && order.prop) {
-      qb.addOrderBy('main.' + order.prop, order.asc ? 'ASC' : 'DESC');
-    }
-    qb.addOrderBy('id', 'DESC');
+    const qb = this.buildListQuery(pageReq);
     qb.offset(page.offset).limit(page.limit);
-    //根据bean query
-    if (query) {
-      let whereSql = '';
-      let index = 0;
-      _.forEach(query, (value, key) => {
-        if (!value) {
-          return;
-        }
-        if (index !== 0) {
-          whereSql += ' and ';
-        }
-        whereSql += ` main.${key} = :${key} `;
-        index++;
-      });
-      if (index > 0) {
-        qb.where(whereSql, query);
-      }
-    }
-    //自定义query
-    if (buildQuery) {
-      buildQuery(qb);
-    }
     const list = await qb.getMany();
     const total = await qb.getCount();
     return {
@@ -154,19 +145,13 @@ export abstract class BaseService<T> {
     };
   }
 
-  /**
-   * 分页查询
-   * @param query 查询条件 bean
-   * @param order
-   * @param buildQuery
-   */
-  async list(query, order, buildQuery) {
+  private buildListQuery(listReq: ListReq<T>) {
+    const { query, order, buildQuery } = listReq;
     const qb = this.getRepository().createQueryBuilder('main');
     if (order && order.prop) {
-      qb.orderBy('main.' + order.prop, order.asc ? 'ASC' : 'DESC');
-    } else {
-      qb.orderBy('id', 'DESC');
+      qb.addOrderBy('main.' + order.prop, order.asc ? 'ASC' : 'DESC');
     }
+    qb.addOrderBy('id', 'DESC');
     //根据bean query
     if (query) {
       let whereSql = '';
@@ -182,28 +167,35 @@ export abstract class BaseService<T> {
         index++;
       });
       if (index > 0) {
-        qb.where(whereSql, query);
+        qb.andWhere(whereSql, query);
       }
     }
     //自定义query
     if (buildQuery) {
       buildQuery(qb);
     }
+    return qb;
+  }
+
+  /**
+   * 分页查询
+   */
+  async list(listReq: ListReq<T>) {
+    const qb = this.buildListQuery(listReq);
     return await qb.getMany();
   }
 
-  async checkUserId(id: any = 0, userId, userKey = 'userId') {
-    // @ts-ignore
+  async checkUserId(id: any = 0, userId: number, userKey = 'userId') {
     const res = await this.getRepository().findOne({
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       select: { [userKey]: true },
-      // @ts-ignore
       where: {
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
         // @ts-ignore
         id,
       },
     });
-    // @ts-ignore
     if (!res || res[userKey] === userId) {
       return;
     }

packages/libs/lib-server/src/basic/constants.ts

@@ -44,6 +44,14 @@ export const Constants = {
       code: 402,
       message: '您没有权限',
     },
+    param: {
+      code: 400,
+      message: '参数错误',
+    },
+    notFound: {
+      code: 404,
+      message: '页面/文件/资源不存在',
+    },
     preview: {
       code: 10001,
       message: '对不起，预览环境不允许修改此数据',

packages/libs/lib-server/src/basic/crud-controller.ts

@@ -2,59 +2,50 @@ import { ALL, Body, Post, Query } from '@midwayjs/core';
 import { BaseController } from './base-controller.js';
 
 export abstract class CrudController<T> extends BaseController {
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
   abstract getService<T>();
 
   @Post('/page')
-  async page(
-    @Body(ALL)
-    body
-  ) {
-    const pageRet = await this.getService().page(body?.query, body?.page, body?.sort, null);
+  async page(@Body(ALL) body: any) {
+    const pageRet = await this.getService().page({
+      query: body.query ?? {},
+      page: body.page,
+      sort: body.sort,
+      bq: body.bq,
+    });
     return this.ok(pageRet);
   }
 
   @Post('/list')
-  async list(
-    @Body(ALL)
-    body
-  ) {
-    const listRet = await this.getService().list(body, null, null);
+  async list(@Body(ALL) body: any) {
+    const listRet = await this.getService().list({
+      query: body.query ?? {},
+      order: body.order,
+    });
     return this.ok(listRet);
   }
 
   @Post('/add')
-  async add(
-    @Body(ALL)
-    bean
-  ) {
+  async add(@Body(ALL) bean: any) {
     delete bean.id;
     const id = await this.getService().add(bean);
     return this.ok(id);
   }
 
   @Post('/info')
-  async info(
-    @Query('id')
-    id
-  ) {
+  async info(@Query('id') id: number) {
     const bean = await this.getService().info(id);
     return this.ok(bean);
   }
 
   @Post('/update')
-  async update(
-    @Body(ALL)
-    bean
-  ) {
+  async update(@Body(ALL) bean: any) {
     await this.getService().update(bean);
     return this.ok(null);
   }
 
   @Post('/delete')
-  async delete(
-    @Query('id')
-    id
-  ) {
+  async delete(@Query('id') id: number) {
     await this.getService().delete([id]);
     return this.ok(null);
   }

packages/libs/lib-server/src/basic/exception/index.ts

@@ -0,0 +1,9 @@
+export * from './auth-exception.js';
+export * from './base-exception.js';
+export * from './permission-exception.js';
+export * from './preview-exception.js';
+export * from './validation-exception.js';
+export * from './vip-exception.js';
+export * from './common-exception.js';
+export * from './not-found-exception.js';
+export * from './param-exception.js';

packages/libs/lib-server/src/basic/exception/not-found-exception.ts

@@ -0,0 +1,10 @@
+import { Constants } from '../constants.js';
+import { BaseException } from './base-exception.js';
+/**
+ * 资源不存在
+ */
+export class NotFoundException extends BaseException {
+  constructor(message) {
+    super('NotFoundException', Constants.res.notFound.code, message ? message : Constants.res.notFound.message);
+  }
+}

packages/libs/lib-server/src/basic/exception/param-exception.ts

@@ -0,0 +1,10 @@
+import { Constants } from '../constants.js';
+import { BaseException } from './base-exception.js';
+/**
+ * 参数异常
+ */
+export class ParamException extends BaseException {
+  constructor(message) {
+    super('ParamException', Constants.res.param.code, message ? message : Constants.res.param.message);
+  }
+}

packages/libs/lib-server/src/basic/exception/permission-exception.ts

@@ -5,10 +5,6 @@ import { BaseException } from './base-exception.js';
  */
 export class PermissionException extends BaseException {
   constructor(message?: string) {
-    super(
-      'PermissionException',
-      Constants.res.permission.code,
-      message ? message : Constants.res.permission.message
-    );
+    super('PermissionException', Constants.res.permission.code, message ? message : Constants.res.permission.message);
   }
 }

packages/libs/lib-server/src/basic/exception/validation-exception.ts

@@ -5,10 +5,6 @@ import { BaseException } from './base-exception.js';
  */
 export class ValidateException extends BaseException {
   constructor(message) {
-    super(
-      'ValidateException',
-      Constants.res.validation.code,
-      message ? message : Constants.res.validation.message
-    );
+    super('ValidateException', Constants.res.validation.code, message ? message : Constants.res.validation.message);
   }
 }

packages/libs/lib-server/src/basic/index.ts

@@ -0,0 +1,7 @@
+export * from './base-controller.js';
+export * from './constants.js';
+export * from './crud-controller.js';
+export * from './enum-item.js';
+export * from './exception/index.js';
+export * from './result.js';
+export * from './base-service.js';

packages/libs/lib-server/src/configuration.ts

@@ -0,0 +1,11 @@
+import type { IMidwayContainer } from '@midwayjs/core';
+import { Configuration } from '@midwayjs/core';
+import { logger } from '@certd/pipeline';
+@Configuration({
+  namespace: 'lib-server',
+})
+export class LibServerConfiguration {
+  async onReady(container: IMidwayContainer) {
+    logger.info('lib start');
+  }
+}

packages/libs/lib-server/src/index.ts

@@ -0,0 +1,7 @@
+import { SysSettingsEntity } from './system/index.js';
+
+export * from './basic/index.js';
+export * from './system/index.js';
+export { LibServerConfiguration as Configuration } from './configuration.js';
+
+export const libServerEntities = [SysSettingsEntity];

packages/libs/lib-server/src/system/basic/index.ts

@@ -0,0 +1,2 @@
+export * from './service/plus-service.js';
+export * from './service/file-service.js';

packages/libs/lib-server/src/system/basic/service/file-service.ts

@@ -0,0 +1,86 @@
+import { Provide } from '@midwayjs/core';
+import dayjs from 'dayjs';
+import path from 'path';
+import fs from 'fs';
+import { cache, logger, utils } from '@certd/pipeline';
+import { NotFoundException, ParamException, PermissionException } from '../../../basic/index.js';
+
+export type UploadFileItem = {
+  filename: string;
+  tmpFilePath: string;
+};
+const uploadRootDir = './data/upload';
+export const uploadTmpFileCacheKey = 'tmpfile_key_';
+/**
+ */
+@Provide()
+export class FileService {
+  async saveFile(userId: number, tmpCacheKey: any, permission: 'public' | 'private') {
+    if (tmpCacheKey.startsWith(`/${permission}`)) {
+      //已经保存过，不需要再次保存
+      return tmpCacheKey;
+    }
+    let fileName = '';
+    let tmpFilePath = tmpCacheKey;
+    if (uploadTmpFileCacheKey && tmpCacheKey.startsWith(uploadTmpFileCacheKey)) {
+      const tmpFile: UploadFileItem = cache.get(tmpCacheKey);
+      if (!tmpFile) {
+        throw new ParamException('文件已过期，请重新上传');
+      }
+      tmpFilePath = tmpFile.tmpFilePath;
+      fileName = tmpFile.filename || path.basename(tmpFilePath);
+    }
+    if (!tmpFilePath || !fs.existsSync(tmpFilePath)) {
+      throw new Error('文件不存在,请重新上传');
+    }
+    const date = dayjs().format('YYYY_MM_DD');
+    const random = Math.random().toString(36).substring(7);
+    const userIdMd5 = Buffer.from(Buffer.from(userId + '').toString('base64')).toString('hex');
+    const key = `/${permission}/${userIdMd5}/${date}/${random}_${fileName}`;
+    let savePath = path.join(uploadRootDir, key);
+    savePath = path.resolve(savePath);
+    const parentDir = path.dirname(savePath);
+    if (!fs.existsSync(parentDir)) {
+      fs.mkdirSync(parentDir, { recursive: true });
+    }
+    // eslint-disable-next-line node/no-unsupported-features/node-builtins
+    const copyFile = utils.promises.promisify(fs.copyFile);
+    await copyFile(tmpFilePath, savePath);
+    try {
+      fs.unlinkSync(tmpFilePath);
+    } catch (e) {
+      logger.error(e);
+    }
+
+    return key;
+  }
+
+  getFile(key: string, userId?: number) {
+    if (!key) {
+      throw new ParamException('参数错误');
+    }
+    if (key.indexOf('..') >= 0) {
+      //安全性判断
+      throw new ParamException('参数错误');
+    }
+    if (!key.startsWith('/')) {
+      throw new ParamException('参数错误');
+    }
+    const keyArr = key.split('/');
+    const permission = keyArr[1];
+    const userIdMd5 = keyArr[2];
+    if (permission !== 'public') {
+      //非公开文件需要验证用户
+      const userIdStr = Buffer.from(Buffer.from(userIdMd5, 'hex').toString('base64')).toString();
+      const userIdInt: number = parseInt(userIdStr, 10);
+      if (userId == null || userIdInt !== userId) {
+        throw new PermissionException('无访问权限');
+      }
+    }
+    const filePath = path.join(uploadRootDir, key);
+    if (!fs.existsSync(filePath)) {
+      throw new NotFoundException('文件不存在');
+    }
+    return filePath;
+  }
+}

packages/libs/lib-server/src/system/basic/service/plus-service.ts

@@ -1,8 +1,7 @@
-import { Config, Init, Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
-import { SysSettingsService } from '../../system/service/sys-settings-service.js';
-import { SysInstallInfo, SysLicenseInfo } from '../../system/service/models.js';
-import { AppKey, http, PlusRequestService, verify } from '@certd/pipeline';
-import { logger } from '../../../utils/logger.js';
+import { Config, Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
+import { AppKey, PlusRequestService, verify } from '@certd/pipeline';
+import { logger } from '@certd/basic';
+import { SysInstallInfo, SysLicenseInfo, SysSettingsService } from '../../settings/index.js';
 
 @Provide()
 @Scope(ScopeEnum.Singleton)
@@ -12,28 +11,26 @@ export class PlusService {
   @Config('plus.server.baseUrls')
   plusServerBaseUrls: string[];
 
-  plusRequestService: PlusRequestService;
-
-  @Init()
-  async init() {
+  async getPlusRequestService() {
     const installInfo: SysInstallInfo = await this.sysSettingsService.getSetting(SysInstallInfo);
-    this.plusRequestService = new PlusRequestService({
+    return new PlusRequestService({
       plusServerBaseUrls: this.plusServerBaseUrls,
-      http: http,
-      logger,
       subjectId: installInfo.siteId,
     });
   }
 
   async requestWithoutSign(config: any) {
-    return await this.plusRequestService.requestWithoutSign(config);
+    const plusRequestService = await this.getPlusRequestService();
+    return await plusRequestService.requestWithoutSign(config);
   }
   async request(config: any) {
-    return await this.plusRequestService.request(config);
+    const plusRequestService = await this.getPlusRequestService();
+    return await plusRequestService.request(config);
   }
 
   async active(formData: { code: any; appKey: string; subjectId: string }) {
-    return await this.plusRequestService.requestWithoutSign({
+    const plusRequestService = await this.getPlusRequestService();
+    return await plusRequestService.requestWithoutSign({
       url: '/activation/active',
       method: 'post',
       data: formData,
@@ -58,16 +55,18 @@ export class PlusService {
     const licenseInfo: SysLicenseInfo = await this.sysSettingsService.getSetting(SysLicenseInfo);
     const installInfo: SysInstallInfo = await this.sysSettingsService.getSetting(SysInstallInfo);
 
+    const plusRequestService = await this.getPlusRequestService();
     return await verify({
       subjectId: installInfo.siteId,
       license: licenseInfo.license,
-      plusRequestService: this.plusRequestService,
+      plusRequestService: plusRequestService,
       bindUrl: installInfo?.bindUrl,
     });
   }
 
   async bindUrl(subjectId: string, url: string) {
-    return await this.plusRequestService.request({
+    const plusRequestService = await this.getPlusRequestService();
+    return await plusRequestService.request({
       url: '/activation/subject/urlBind',
       data: {
         subjectId,

packages/libs/lib-server/src/system/index.ts

@@ -0,0 +1,2 @@
+export * from './settings/index.js';
+export * from './basic/index.js';

packages/libs/lib-server/src/system/settings/index.ts

@@ -0,0 +1,3 @@
+export * from './service/sys-settings-service.js';
+export * from './service/models.js';
+export * from './entity/sys-settings.js';