lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-04-03 22:20:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: lkddi:v1.28.2
Branches Tags
lkddi:v2 lkddi:v2-dev lkddi:v2_admin_mode lkddi:v2-domain-sync lkddi:v2_singleton lkddi:v2-dev-buy lkddi:v2-dev-addon lkddi:v2-dev-plugin-config lkddi:alert-autofix-26 lkddi:alert-autofix-31 lkddi:client_sync lkddi:v2-dev-order lkddi:v2-dev-auto lkddi:acme_sync lkddi:server_sync lkddi:master
lkddi:v1.39.8 lkddi:v1.39.7 lkddi:v1.39.6 lkddi:v1.39.5 lkddi:v1.39.4 lkddi:v1.39.3 lkddi:v1.39.2 lkddi:v1.39.1 lkddi:v1.39.0 lkddi:v1.38.12 lkddi:v1.38.11 lkddi:v1.38.10 lkddi:v1.38.9 lkddi:v1.38.8 lkddi:v1.38.7 lkddi:v1.38.6 lkddi:v1.38.5 lkddi:v1.38.4 lkddi:v1.38.3 lkddi:v1.38.2 lkddi:v1.38.1 lkddi:v1.38.0 lkddi:v1.37.17 lkddi:v1.37.16 lkddi:v1.37.15 lkddi:v1.37.14 lkddi:v1.37.13 lkddi:v1.37.12 lkddi:v1.37.11 lkddi:v1.37.10 lkddi:v1.37.9 lkddi:v1.37.8 lkddi:v1.37.7 lkddi:v1.37.6 lkddi:v1.37.5 lkddi:v1.37.4 lkddi:v1.37.3 lkddi:v1.37.2 lkddi:v1.37.1 lkddi:v1.37.0 lkddi:v1.36.25 lkddi:v1.36.24 lkddi:v1.36.23 lkddi:v1.36.22 lkddi:v1.36.21 lkddi:v1.36.20 lkddi:v1.36.19 lkddi:v1.36.18 lkddi:v1.36.17 lkddi:v1.36.16 lkddi:v1.36.15 lkddi:v1.36.14 lkddi:v1.36.13 lkddi:v1.36.12 lkddi:v1.36.11 lkddi:v1.36.10 lkddi:v1.36.9 lkddi:v1.36.7 lkddi:v1.36.6 lkddi:v1.36.5 lkddi:v1.36.4 lkddi:v1.36.3 lkddi:v1.36.2 lkddi:v1.36.1 lkddi:v1.36.0 lkddi:v1.35.5 lkddi:v1.35.4 lkddi:v1.35.3 lkddi:v1.35.2 lkddi:v1.35.1 lkddi:v1.35.0 lkddi:v1.34.11 lkddi:v1.34.10 lkddi:v1.34.9 lkddi:v1.34.8 lkddi:v1.34.7 lkddi:v1.34.6 lkddi:v1.34.5 lkddi:v1.34.4 lkddi:v1.34.3 lkddi:v1.34.2 lkddi:v1.34.1 lkddi:v1.34.0 lkddi:v1.33.8 lkddi:v1.33.7 lkddi:v1.33.6 lkddi:v1.33.5 lkddi:v1.33.4 lkddi:v1.33.3 lkddi:v1.33.2 lkddi:v1.33.1 lkddi:v1.33.0 lkddi:v1.32.0 lkddi:v1.31.11 lkddi:v1.31.10 lkddi:v1.31.9 lkddi:v1.31.8 lkddi:v1.31.7 lkddi:v1.31.6 lkddi:v1.31.5 lkddi:v1.31.4 lkddi:v1.31.3 lkddi:v1.31.2 lkddi:v1.31.1 lkddi:v1.31.0 lkddi:v1.30.6 lkddi:v1.30.5 lkddi:v1.30.4 lkddi:v1.30.3 lkddi:v1.30.2 lkddi:v1.30.1 lkddi:v1.30.0 lkddi:v1.29.5 lkddi:v1.29.4 lkddi:v1.29.3 lkddi:v1.29.2 lkddi:v1.29.1 lkddi:v1.29.0 lkddi:v1.28.4 lkddi:v1.28.3 lkddi:v1.28.2 lkddi:v1.28.1 lkddi:v1.28.0 lkddi:v1.27.9 lkddi:v1.27.8 lkddi:v1.27.7 lkddi:v1.27.6 lkddi:v1.27.5 lkddi:v1.27.4 lkddi:v1.27.3 lkddi:v1.27.2 lkddi:v1.27.1 lkddi:v1.27.0 lkddi:v1.26.16 lkddi:v1.26.15 lkddi:v1.26.14 lkddi:v1.26.13 lkddi:v1.26.12 lkddi:v1.26.11 lkddi:v1.26.10 lkddi:v1.26.9 lkddi:v1.26.8 lkddi:v1.26.7 lkddi:v1.26.6 lkddi:v1.26.5 lkddi:v1.26.4 lkddi:v1.26.3 lkddi:v1.26.2 lkddi:v1.26.1 lkddi:v1.26.0 lkddi:v1.25.9 lkddi:v1.25.8 lkddi:v1.25.7 lkddi:v1.25.6 lkddi:v1.25.5 lkddi:v1.25.4 lkddi:v1.25.3 lkddi:v1.25.2 lkddi:v1.25.1 lkddi:v1.25.0 lkddi:v1.24.4 lkddi:v1.24.3 lkddi:v1.24.2 lkddi:v1.24.1 lkddi:v1.24.0 lkddi:v1.23.1 lkddi:v1.23.0 lkddi:v1.22.9 lkddi:v1.22.8 lkddi:v1.22.7 lkddi:v1.22.6 lkddi:v1.22.5 lkddi:v1.22.4 lkddi:v1.22.3 lkddi:v1.22.2 lkddi:v1.22.1 lkddi:v1.22.0 lkddi:v1.21.2 lkddi:v1.21.1 lkddi:v1.21.0 lkddi:v1.20.17 lkddi:v1.20.16 lkddi:v1.20.15 lkddi:v1.20.14 lkddi:v1.20.13 lkddi:v1.20.12 lkddi:v1.20.10 lkddi:v1.20.9 lkddi:v1.20.8 lkddi:v1.20.7 lkddi:v1.20.6 lkddi:v1.20.5 lkddi:v1.20.2 lkddi:v1.2.1 lkddi:v1.2.0 lkddi:v1.1.6 lkddi:v1.1.5 lkddi:v1.1.4 lkddi:v1.1.3 lkddi:v1.1.2 lkddi:v1.1.1 lkddi:v1.1.0 lkddi:v1.0.6 lkddi:v1.0.5 lkddi:v1.0.4 lkddi:v1.0.3 lkddi:v1.0.2 lkddi:v1.0.1 lkddi:v1.0.0 lkddi:v0.3.1 lkddi:v0.3.0 lkddi:v0.2.2 lkddi:v0.2.1 lkddi:v0.2.0 lkddi:v0.1.21 lkddi:v0.1.20 lkddi:v0.1.19 lkddi:v0.1.18 lkddi:v0.1.17 lkddi:v0.1.16 lkddi:v0.1.15 lkddi:v0.1.14 lkddi:v0.1.13 lkddi:v0.1.12 lkddi:v0.1.11 lkddi:v0.1.10 lkddi:v0.1.9 lkddi:v0.1.8 lkddi:v0.1.7
...
compare: lkddi:v1.30.1
Branches Tags
lkddi:v2-dev lkddi:v2 lkddi:v2_admin_mode lkddi:v2-domain-sync lkddi:v2_singleton lkddi:v2-dev-buy lkddi:v2-dev-addon lkddi:v2-dev-plugin-config lkddi:alert-autofix-26 lkddi:alert-autofix-31 lkddi:client_sync lkddi:v2-dev-order lkddi:v2-dev-auto lkddi:acme_sync lkddi:server_sync lkddi:master
lkddi:v1.39.8 lkddi:v1.39.7 lkddi:v1.39.6 lkddi:v1.39.5 lkddi:v1.39.4 lkddi:v1.39.3 lkddi:v1.39.2 lkddi:v1.39.1 lkddi:v1.39.0 lkddi:v1.38.12 lkddi:v1.38.11 lkddi:v1.38.10 lkddi:v1.38.9 lkddi:v1.38.8 lkddi:v1.38.7 lkddi:v1.38.6 lkddi:v1.38.5 lkddi:v1.38.4 lkddi:v1.38.3 lkddi:v1.38.2 lkddi:v1.38.1 lkddi:v1.38.0 lkddi:v1.37.17 lkddi:v1.37.16 lkddi:v1.37.15 lkddi:v1.37.14 lkddi:v1.37.13 lkddi:v1.37.12 lkddi:v1.37.11 lkddi:v1.37.10 lkddi:v1.37.9 lkddi:v1.37.8 lkddi:v1.37.7 lkddi:v1.37.6 lkddi:v1.37.5 lkddi:v1.37.4 lkddi:v1.37.3 lkddi:v1.37.2 lkddi:v1.37.1 lkddi:v1.37.0 lkddi:v1.36.25 lkddi:v1.36.24 lkddi:v1.36.23 lkddi:v1.36.22 lkddi:v1.36.21 lkddi:v1.36.20 lkddi:v1.36.19 lkddi:v1.36.18 lkddi:v1.36.17 lkddi:v1.36.16 lkddi:v1.36.15 lkddi:v1.36.14 lkddi:v1.36.13 lkddi:v1.36.12 lkddi:v1.36.11 lkddi:v1.36.10 lkddi:v1.36.9 lkddi:v1.36.7 lkddi:v1.36.6 lkddi:v1.36.5 lkddi:v1.36.4 lkddi:v1.36.3 lkddi:v1.36.2 lkddi:v1.36.1 lkddi:v1.36.0 lkddi:v1.35.5 lkddi:v1.35.4 lkddi:v1.35.3 lkddi:v1.35.2 lkddi:v1.35.1 lkddi:v1.35.0 lkddi:v1.34.11 lkddi:v1.34.10 lkddi:v1.34.9 lkddi:v1.34.8 lkddi:v1.34.7 lkddi:v1.34.6 lkddi:v1.34.5 lkddi:v1.34.4 lkddi:v1.34.3 lkddi:v1.34.2 lkddi:v1.34.1 lkddi:v1.34.0 lkddi:v1.33.8 lkddi:v1.33.7 lkddi:v1.33.6 lkddi:v1.33.5 lkddi:v1.33.4 lkddi:v1.33.3 lkddi:v1.33.2 lkddi:v1.33.1 lkddi:v1.33.0 lkddi:v1.32.0 lkddi:v1.31.11 lkddi:v1.31.10 lkddi:v1.31.9 lkddi:v1.31.8 lkddi:v1.31.7 lkddi:v1.31.6 lkddi:v1.31.5 lkddi:v1.31.4 lkddi:v1.31.3 lkddi:v1.31.2 lkddi:v1.31.1 lkddi:v1.31.0 lkddi:v1.30.6 lkddi:v1.30.5 lkddi:v1.30.4 lkddi:v1.30.3 lkddi:v1.30.2 lkddi:v1.30.1 lkddi:v1.30.0 lkddi:v1.29.5 lkddi:v1.29.4 lkddi:v1.29.3 lkddi:v1.29.2 lkddi:v1.29.1 lkddi:v1.29.0 lkddi:v1.28.4 lkddi:v1.28.3 lkddi:v1.28.2 lkddi:v1.28.1 lkddi:v1.28.0 lkddi:v1.27.9 lkddi:v1.27.8 lkddi:v1.27.7 lkddi:v1.27.6 lkddi:v1.27.5 lkddi:v1.27.4 lkddi:v1.27.3 lkddi:v1.27.2 lkddi:v1.27.1 lkddi:v1.27.0 lkddi:v1.26.16 lkddi:v1.26.15 lkddi:v1.26.14 lkddi:v1.26.13 lkddi:v1.26.12 lkddi:v1.26.11 lkddi:v1.26.10 lkddi:v1.26.9 lkddi:v1.26.8 lkddi:v1.26.7 lkddi:v1.26.6 lkddi:v1.26.5 lkddi:v1.26.4 lkddi:v1.26.3 lkddi:v1.26.2 lkddi:v1.26.1 lkddi:v1.26.0 lkddi:v1.25.9 lkddi:v1.25.8 lkddi:v1.25.7 lkddi:v1.25.6 lkddi:v1.25.5 lkddi:v1.25.4 lkddi:v1.25.3 lkddi:v1.25.2 lkddi:v1.25.1 lkddi:v1.25.0 lkddi:v1.24.4 lkddi:v1.24.3 lkddi:v1.24.2 lkddi:v1.24.1 lkddi:v1.24.0 lkddi:v1.23.1 lkddi:v1.23.0 lkddi:v1.22.9 lkddi:v1.22.8 lkddi:v1.22.7 lkddi:v1.22.6 lkddi:v1.22.5 lkddi:v1.22.4 lkddi:v1.22.3 lkddi:v1.22.2 lkddi:v1.22.1 lkddi:v1.22.0 lkddi:v1.21.2 lkddi:v1.21.1 lkddi:v1.21.0 lkddi:v1.20.17 lkddi:v1.20.16 lkddi:v1.20.15 lkddi:v1.20.14 lkddi:v1.20.13 lkddi:v1.20.12 lkddi:v1.20.10 lkddi:v1.20.9 lkddi:v1.20.8 lkddi:v1.20.7 lkddi:v1.20.6 lkddi:v1.20.5 lkddi:v1.20.2 lkddi:v1.2.1 lkddi:v1.2.0 lkddi:v1.1.6 lkddi:v1.1.5 lkddi:v1.1.4 lkddi:v1.1.3 lkddi:v1.1.2 lkddi:v1.1.1 lkddi:v1.1.0 lkddi:v1.0.6 lkddi:v1.0.5 lkddi:v1.0.4 lkddi:v1.0.3 lkddi:v1.0.2 lkddi:v1.0.1 lkddi:v1.0.0 lkddi:v0.3.1 lkddi:v0.3.0 lkddi:v0.2.2 lkddi:v0.2.1 lkddi:v0.2.0 lkddi:v0.1.21 lkddi:v0.1.20 lkddi:v0.1.19 lkddi:v0.1.18 lkddi:v0.1.17 lkddi:v0.1.16 lkddi:v0.1.15 lkddi:v0.1.14 lkddi:v0.1.13 lkddi:v0.1.12 lkddi:v0.1.11 lkddi:v0.1.10 lkddi:v0.1.9 lkddi:v0.1.8 lkddi:v0.1.7

180 Commits
v1.28.2 ... v1.30.1

Author SHA1 Message Date
xiaojunnuo
089825d360 v1.30.1 2025-01-20 23:37:28 +08:00
xiaojunnuo
333629caff build: prepare to build 2025-01-20 23:35:50 +08:00
xiaojunnuo
d715cd1129 chore: 2025-01-20 23:30:54 +08:00
xiaojunnuo
15d6eaf553 perf: http方式校验,选择sftp时,支持修改文件访问权限比如777 2025-01-20 23:29:03 +08:00
xiaojunnuo
ae5dfc3bee fix: 修复tg消息内容中存在.和*就会发送失败的bug 2025-01-20 18:45:07 +08:00
xiaojunnuo
6ab83b662a fix: 修复部署到阿里云ALB、NLB插件加载混乱的bug 2025-01-20 18:18:16 +08:00
xiaojunnuo
52ae6902d2 perf: 创建流水线时,默认成功时也发送通知 2025-01-20 16:20:14 +08:00
xiaojunnuo
c30adb2671 chore: 2025-01-20 11:55:13 +08:00
xiaojunnuo
e95d29f446 fix: 修复腾讯clb重复执行会报错的bug 2025-01-20 11:53:52 +08:00
xiaojunnuo
c20bb38b06 build: publish 2025-01-20 00:39:15 +08:00
xiaojunnuo
d0213d275d build: trigger build image 2025-01-20 00:38:54 +08:00
xiaojunnuo
9a78dad576 v1.30.0 2025-01-20 00:36:25 +08:00
xiaojunnuo
880f1aeb66 build: prepare to build 2025-01-20 00:34:48 +08:00
xiaojunnuo
e764eabd97 chore: 2025-01-20 00:34:33 +08:00
xiaojunnuo
235f9cf854 build: prepare to build 2025-01-20 00:30:50 +08:00
xiaojunnuo
d10795ecd9 perf: 支持部署证书到proxmox 2025-01-20 00:29:59 +08:00
xiaojunnuo
a7e45dace0 chore: 2025-01-19 23:27:39 +08:00
xiaojunnuo
7e482f798c fix: 修复查看任务日志偶发性无法自动滚动底部的bug 2025-01-19 23:13:30 +08:00
xiaojunnuo
c085bac5d8 perf: 支持部署到阿里云NLB、SLB 2025-01-19 22:55:46 +08:00
xiaojunnuo
653940a0ca perf: 支持部署到阿里云ALB 2025-01-19 15:31:37 +08:00
xiaojunnuo
417d37b199 perf: 支持部署到腾讯云直播 2025-01-19 14:12:16 +08:00
xiaojunnuo
3b2107a4f1 chore: 2025-01-19 01:21:58 +08:00
xiaojunnuo
7f6d03c02a chore: 2025-01-19 01:07:20 +08:00
xiaojunnuo
5fc07d4dd4 chore: 2025-01-19 00:40:43 +08:00
xiaojunnuo
3fb9524cbd Merge remote-tracking branch 'origin/v2-dev' into v2-dev 2025-01-19 00:37:26 +08:00
xiaojunnuo
e79703e49b chore: 2025-01-19 00:33:34 +08:00
xiaojunnuo
b829bd1341 Merge remote-tracking branch 'origin/v2-dev' into v2-dev 2025-01-16 11:49:38 +08:00
xiaojunnuo
8cbab7525a pref: 优化重置管理员密码后打印出用户名,避免忘记用户名的情况 2025-01-16 11:49:09 +08:00
xiaojunnuo
93b37a89c9 chore: 2025-01-15 23:13:17 +08:00
xiaojunnuo
87620b9072 chore: 2025-01-15 22:58:11 +08:00
xiaojunnuo
6877b865a7 chore: 2025-01-15 01:26:39 +08:00
xiaojunnuo
d6b3142a02 chore: 2025-01-15 01:26:23 +08:00
xiaojunnuo
14cdb54212 Merge remote-tracking branch 'origin/v2-dev' into v2-dev 2025-01-15 01:06:16 +08:00
xiaojunnuo
91e7f45a1c perf: 证书仓库 2025-01-15 01:05:34 +08:00
xiaojunnuo
709105120c Merge remote-tracking branch 'origin/v2-dev' into v2-dev 2025-01-14 15:09:16 +08:00
xiaojunnuo
865f26d75c fix: 修复namesilo ttl太短的问题 2025-01-14 14:47:03 +08:00
xiaojunnuo
52a4fd3318 feat: 支持open api接口,根据域名获取证书 2025-01-14 00:54:30 +08:00
xiaojunnuo
c6c269f9e4 chore: 2025-01-12 21:49:17 +08:00
xiaojunnuo
2a8eeaf240 build: publish 2025-01-07 23:19:36 +08:00
xiaojunnuo
f7dcff5113 build: trigger build image 2025-01-07 23:19:12 +08:00
xiaojunnuo
98a81385a6 v1.29.5 2025-01-07 23:16:46 +08:00
xiaojunnuo
7bdc277b58 build: prepare to build 2025-01-07 23:14:55 +08:00
xiaojunnuo
f57116d2be fix: 修复复制到本机插件,pfx格式复制时报错的bug 2025-01-07 23:13:44 +08:00
xiaojunnuo
85c99f7f80 fix: 修复授权管理,点击了查看原文按钮后,无法修改值的bug 2025-01-07 11:00:04 +08:00
xiaojunnuo
75081ceac3 build: publish 2025-01-07 00:02:42 +08:00
xiaojunnuo
65da3ca298 build: trigger build image 2025-01-07 00:02:21 +08:00
xiaojunnuo
94509c64b9 v1.29.4 2025-01-06 23:59:56 +08:00
xiaojunnuo
4f36d94726 build: prepare to build 2025-01-06 23:56:50 +08:00
xiaojunnuo
05c284b999 docs: 文档 2025-01-06 23:55:41 +08:00
xiaojunnuo
635b042690 perf: 优化腾讯云CLB插件,支持非sni情况,sni情况支持填写多个域名 2025-01-06 23:47:08 +08:00
xiaojunnuo
1cb4a539cc fix: 修复站点监控域名校验无法通过的bug 2025-01-06 23:08:16 +08:00
xiaojunnuo
46b87250b2 Merge remote-tracking branch 'origin/v2-dev' into v2-dev 2025-01-06 22:12:42 +08:00
xiaojunnuo
1a05355e54 docs: payments文档 2025-01-06 22:11:07 +08:00
xiaojunnuo
c81c17d17b chore: 2025-01-06 15:32:14 +08:00
xiaojunnuo
7b4f8d31e8 chore: db transform text改成longtext 2025-01-06 09:39:44 +08:00
xiaojunnuo
5cef28c5bd build: publish 2025-01-05 01:14:01 +08:00
xiaojunnuo
6e68da7936 build: trigger build image 2025-01-05 01:13:39 +08:00
xiaojunnuo
0c130f9596 v1.29.3 2025-01-05 01:11:06 +08:00
xiaojunnuo
f156f4cb4e build: prepare to build 2025-01-05 01:09:09 +08:00
xiaojunnuo
fa3bfa2ea8 chore: 2025-01-05 01:07:04 +08:00
xiaojunnuo
ab5c7bb75a chore: 2025-01-05 01:02:41 +08:00
xiaojunnuo
81b322cd60 chore: 2025-01-04 20:17:08 +08:00
xiaojunnuo
e6dd7cd54a perf: 优化站点证书检查页面,检查增加3次重试 2025-01-04 20:10:00 +08:00
xiaojunnuo
aa1da7c11a chore: 2025-01-04 01:46:49 +08:00
xiaojunnuo
3f74d4d9e5 perf: http校验方式,支持七牛云oss、阿里云oss、腾讯云cos 2025-01-04 01:45:24 +08:00
xiaojunnuo
297d09c5ad docs: 增加支付配置说明 2025-01-03 16:50:16 +08:00
xiaojunnuo
07e1dbb4cc chore: 2025-01-03 16:12:37 +08:00
xiaojunnuo
3c6618b4fc chore: 2025-01-03 09:27:51 +08:00
xiaojunnuo
54db744282 perf: 优化acme sdk 2025-01-03 01:17:20 +08:00
xiaojunnuo
03b751fa13 chore: 2025-01-03 00:12:15 +08:00
xiaojunnuo
ec342708b2 chore: 2025-01-02 17:48:54 +08:00
xiaojunnuo
405591c5d0 perf: 支持http校验方式申请证书 2025-01-02 00:28:13 +08:00
xiaojunnuo
67af67b92d chore: 2024-12-27 22:40:07 +08:00
xiaojunnuo
8644348fc4 fix: 修复系统级授权无法查看密钥的bug 2024-12-26 23:15:35 +08:00
xiaojunnuo
00dc226bd2 chore: auto-upgrade 2024-12-26 16:14:08 +08:00
xiaojunnuo
b6b7c3e2e0 chore: storage存储的数据量优化,去掉logs信息 2024-12-26 13:48:55 +08:00
xiaojunnuo
246ef348d3 chore: mysql text 改成longtext 2024-12-26 13:26:10 +08:00
xiaojunnuo
3e9ba1a30a docs: 2024-12-26 09:02:04 +08:00
xiaojunnuo
598cde4865 build: publish 2024-12-26 01:56:08 +08:00
xiaojunnuo
fc4a716b4e build: trigger build image 2024-12-26 01:55:50 +08:00
xiaojunnuo
ed5634ff83 v1.29.2 2024-12-26 01:53:32 +08:00
xiaojunnuo
884af1ea62 build: prepare to build 2024-12-26 01:51:48 +08:00
xiaojunnuo
01ad62df16 build: prepare to build 2024-12-26 01:49:48 +08:00
xiaojunnuo
512a667e44 Merge remote-tracking branch 'origin/v2-dev' into v2-dev 2024-12-26 01:47:50 +08:00
xiaojunnuo
d0e841f7de build: publish 2024-12-26 01:43:52 +08:00
xiaojunnuo
c04641d835 build: trigger build image 2024-12-26 01:43:35 +08:00
xiaojunnuo
f9128d4d45 v1.29.1 2024-12-26 01:41:20 +08:00
xiaojunnuo
2026211622 build: prepare to build 2024-12-26 01:39:23 +08:00
xiaojunnuo
9d0f21a9e5 chore: 2024-12-26 01:36:01 +08:00
xiaojunnuo
26adf7d437 perf: 优化插件名称显示 2024-12-26 01:32:52 +08:00
xiaojunnuo
d2d6f12218 fix: 修复某处金额转换丢失精度的bug 2024-12-26 01:01:28 +08:00
xiaojunnuo
b31c0b6a8d chore: 2024-12-25 23:24:42 +08:00
xiaojunnuo
472f06c2d1 perf: 用户创建证书流水线没有购买套餐或者超限时提前报错 2024-12-25 23:20:07 +08:00
xiaojunnuo
f5ec9870fd fix: 免费套餐支持购买 2024-12-25 17:05:24 +08:00
xiaojunnuo
66fb9e5f49 fix: 修复套餐关闭状态下,仍然限制用户流水线数量的bug 2024-12-25 11:42:42 +08:00
xiaojunnuo
a323f3aa2c chore: 2024-12-25 10:38:48 +08:00
xiaojunnuo
fe4786e168 fix: 修复新版本小红点显示错误问题 2024-12-25 09:25:27 +08:00
xiaojunnuo
83185c8c50 chore: 2024-12-25 01:16:32 +08:00
xiaojunnuo
83ae9db02d build: publish 2024-12-25 01:07:17 +08:00
xiaojunnuo
8bf328ca94 build: trigger build image 2024-12-25 01:06:48 +08:00
xiaojunnuo
36993cb6f8 v1.29.0 2024-12-25 01:04:12 +08:00
xiaojunnuo
c854415319 build: prepare to build 2024-12-25 01:02:01 +08:00
xiaojunnuo
aecc1cd979 build: prepare to build 2024-12-25 00:59:27 +08:00
xiaojunnuo
b2f3b0b584 build: prepare to build 2024-12-25 00:53:02 +08:00
xiaojunnuo
c937f5afc7 chore: 兼容数据库 2024-12-25 00:52:39 +08:00
xiaojunnuo
2d580a26af chore:menu.meta.show参数支持 2024-12-24 23:55:50 +08:00
xiaojunnuo
4a00a3cc1b chore: 2024-12-24 23:23:02 +08:00
xiaojunnuo
d3935219f2 perf: 调整创建证书表单字段的顺序 2024-12-24 23:14:12 +08:00
xiaojunnuo
040788c793 fix: 修复手机模式下,查询框被文字遮盖的bug 2024-12-24 17:52:03 +08:00
xiaojunnuo
005622307e fix: 修复左侧菜单收起时无法展开子菜单的bug 2024-12-24 17:09:06 +08:00
xiaojunnuo
8ebf95a222 perf: 同一时间只允许一个套餐生效 2024-12-24 10:39:54 +08:00
xiaojunnuo
7f596ed315 chore: 2024-12-24 01:16:27 +08:00
xiaojunnuo
ffa4de6911 chore: 2024-12-24 01:12:12 +08:00
xiaojunnuo
cb27d4b490 feat: 基础版不再限制流水线数量 2024-12-23 23:33:13 +08:00
xiaojunnuo
bb4910f4e5 perf: 站点证书监控通知发送,每天定时检查 2024-12-23 18:11:06 +08:00
xiaojunnuo
89c7f07034 perf: 用户名支持修改 2024-12-23 14:47:27 +08:00
xiaojunnuo
b150b2f034 chore: 2024-12-23 13:28:25 +08:00
xiaojunnuo
45d6347f5b feat: 支持微信支付 2024-12-23 13:27:04 +08:00
xiaojunnuo
67d762b6a5 perf: 优化证书申请跳过的状态显示,成功通知现在在跳过时不会发送 2024-12-23 00:49:56 +08:00
xiaojunnuo
faa28f88f9 feat: 套餐购买支持易支付、支付宝支付 2024-12-23 00:24:31 +08:00
xiaojunnuo
9c8c7a7812 feat: 站点证书监控 2024-12-22 14:01:10 +08:00
xiaojunnuo
a019956698 feat: 用户套餐,用户支付功能 2024-12-22 14:00:46 +08:00
xiaojunnuo
d70e2b66a3 chore: 2024-12-20 18:04:32 +08:00
xiaojunnuo
5d568efac3 chore: suite 2024-12-20 01:00:13 +08:00
xiaojunnuo
08111f1418 chore: 2024-12-19 22:37:27 +08:00
xiaojunnuo
45839f227a chore: suite 2024-12-19 01:21:55 +08:00
xiaojunnuo
8814ffeda6 Merge branch 'v2-dev' into v2-dev-suite 2024-12-18 21:28:38 +08:00
xiaojunnuo
d224c4c124 chore: 2024-12-18 21:25:39 +08:00
xiaojunnuo
549525fb37 chore: plesk ok 2024-12-18 10:22:22 +08:00
xiaojunnuo
1c8e25beb3 chore: suite 2024-12-18 09:07:52 +08:00
xiaojunnuo
eda45c1528 perf: 支持plesk网站证书部署 2024-12-18 00:38:27 +08:00
xiaojunnuo
53c38cf714 perf: 支持一体证书 2024-12-17 22:50:18 +08:00
xiaojunnuo
0e7578043e chore: 2024-12-17 22:45:14 +08:00
xiaojunnuo
21f50e0b38 Merge branch 'v2' into v2-dev 2024-12-17 22:22:19 +08:00
greper
515f00c7cd docs: 自动更新方法(@coolxitech) 
Update README.md
 2024-12-17 10:52:30 +08:00
xiaojunnuo
8057586dc1 chore: suite first 2024-12-17 10:27:35 +08:00
酷曦科技
b101ac7c7f Update README.md 
Include the Docker compose configuration file content for automatic version updates.
 2024-12-17 00:06:21 +08:00
xiaojunnuo
64319937a1 Merge remote-tracking branch 'origin/v2-dev' into v2-dev 2024-12-13 09:51:13 +08:00
xiaojunnuo
1c0cfd6769 build: publish 2024-12-13 00:19:43 +08:00
xiaojunnuo
f8e17d5285 build: trigger build image 2024-12-13 00:19:23 +08:00
xiaojunnuo
d4385ad8a5 v1.28.4 2024-12-13 00:17:10 +08:00
xiaojunnuo
da07ce419f build: prepare to build 2024-12-13 00:08:18 +08:00
xiaojunnuo
714e0206c4 build: prepare to build 2024-12-13 00:07:32 +08:00
xiaojunnuo
40da82666a chore: 2024-12-12 18:06:07 +08:00
xiaojunnuo
79f7ec4672 perf: 群晖支持6.x 2024-12-12 17:55:54 +08:00
xiaojunnuo
0f5c69040b fix: 修复证书成功通知发送失败的bug 2024-12-12 17:28:33 +08:00
xiaojunnuo
c9d1c45d97 docs: 证书成功同志 2024-12-12 16:49:40 +08:00
xiaojunnuo
ea8fdb120c docs: 证书说明 2024-12-12 16:45:40 +08:00
xiaojunnuo
f6fa830ffe docs: 2024-12-12 12:37:38 +08:00
xiaojunnuo
992e50c014 docs: 2024-12-12 12:30:26 +08:00
xiaojunnuo
bd705d91ba build: publish 2024-12-12 12:08:12 +08:00
xiaojunnuo
2656394195 build: trigger build image 2024-12-12 12:07:54 +08:00
xiaojunnuo
c8df9e698c v1.28.3 2024-12-12 12:06:46 +08:00
xiaojunnuo
19b78a1d2f build: prepare to build 2024-12-12 12:05:16 +08:00
xiaojunnuo
8039e8baf8 perf: 支持腾讯虚拟机开关机(@wujingke) 2024-12-12 11:50:01 +08:00
xiaojunnuo
9c5142c73c chore: 2024-12-12 11:42:46 +08:00
xiaojunnuo
8e3dcdde17 chore: tke挪出来 2024-12-11 22:17:11 +08:00
xiaojunnuo
34023adafb chore: 2024-12-11 17:40:34 +08:00
xiaojunnuo
79914e8d08 chore: 2024-12-11 15:06:02 +08:00
xiaojunnuo
454fbda581 perf: 点击版本红点按钮,跳转到升级帮助页面 2024-12-11 13:59:00 +08:00
xiaojunnuo
2c32703e6b chore: 2024-12-11 12:01:06 +08:00
xiaojunnuo
b561535626 Merge branch 'v2' into v2-dev 2024-12-11 11:48:34 +08:00
xiaojunnuo
1fc684d995 chore: 2024-12-11 11:48:05 +08:00
greper
7595d9fdfd pref: 腾讯云实例开机插件( @wujingke ) 
pr:  #265
 2024-12-11 11:44:53 +08:00
w
3bf7732a21 腾讯云实例开机插件 2024-12-11 11:40:11 +08:00
xiaojunnuo
71b5aaf8ab chore: 2024-12-11 11:38:28 +08:00
xiaojunnuo
e1e5347476 chore: 2024-12-11 11:37:52 +08:00
xiaojunnuo
cdcdb6a2d9 chore: 2024-12-11 11:36:00 +08:00
xiaojunnuo
ec79104ad2 chore: 2024-12-11 11:33:33 +08:00
xiaojunnuo
ff083ce684 perf: 通知标题优化 2024-12-11 11:30:32 +08:00
xiaojunnuo
0f051e322e docs: upgrade 2024-12-11 10:25:16 +08:00
xiaojunnuo
657a2ae032 fix: 修复没有配置eab时,报order无法读取的问题 2024-12-11 09:30:21 +08:00
xiaojunnuo
0db3570026 chore: 2024-12-10 18:30:32 +08:00
xiaojunnuo
0ae39f160a perf: 支持aws cloudfront 2024-12-10 18:28:48 +08:00
xiaojunnuo
b45977c29a fix: 修复授权被删除后,无法清空的bug 2024-12-10 17:22:43 +08:00
xiaojunnuo
b7f5740c57 fix: mysql下access.setting字段改成text 2024-12-10 00:19:35 +08:00
xiaojunnuo
21e23369d3 chore: 2024-12-09 23:08:40 +08:00
xiaojunnuo
fca598991a chore: 2024-12-09 22:56:18 +08:00
xiaojunnuo
aa5b909486 build: publish 2024-12-09 22:53:08 +08:00
xiaojunnuo
0a888cf51a build: trigger build image 2024-12-09 22:52:44 +08:00
367 changed files with 12686 additions and 1140 deletions
Expand all files Collapse all files

22
.github/workflows/build-image.yml vendored
View File

@@ -91,14 +91,14 @@ jobs:
# greper/certd:armv7
# greper/certd:${{steps.get_certd_version.outputs.result}}-armv7
- name: Build agent
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
push: true
context: ./packages/ui/agent/
tags: |
registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:latest
registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:${{steps.get_certd_version.outputs.result}}
greper/certd-agent:latest
greper/certd-agent:${{steps.get_certd_version.outputs.result}}
# - name: Build agent
# uses: docker/build-push-action@v6
# with:
# platforms: linux/amd64,linux/arm64
# push: true
# context: ./packages/ui/agent/
# tags: |
# registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:latest
# registry.cn-shenzhen.aliyuncs.com/handsfree/certd-agent:${{steps.get_certd_version.outputs.result}}
# greper/certd-agent:latest
# greper/certd-agent:${{steps.get_certd_version.outputs.result}}

131
CHANGELOG.md
View File

@@ -3,6 +3,137 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
### Bug Fixes
* 修复部署到阿里云ALB、NLB插件加载混乱的bug ([6ab83b6](https://github.com/certd/certd/commit/6ab83b662a2c5e715b9cb7eb1244de2ebb7f47b0))
* 修复腾讯clb重复执行会报错的bug ([e95d29f](https://github.com/certd/certd/commit/e95d29f446d06eced315a3087fc9e105a30b20bd))
* 修复tg消息内容中存在.和*就会发送失败的bug ([ae5dfc3](https://github.com/certd/certd/commit/ae5dfc3bee950267123ae2fbd1c11e7ce36626ea))
### Performance Improvements
* 创建流水线时,默认成功时也发送通知 ([52ae690](https://github.com/certd/certd/commit/52ae6902d203ca56e0312692b50c55cb6ddd3e39))
* http方式校验选择sftp时支持修改文件访问权限比如777 ([15d6eaf](https://github.com/certd/certd/commit/15d6eaf5532ed25acd4f8d58c429353a2f44206c))
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
### Bug Fixes
* 修复查看任务日志偶发性无法自动滚动底部的bug ([7e482f7](https://github.com/certd/certd/commit/7e482f798c0142bce1866f84676cb40210f9638a))
* 修复namesilo ttl太短的问题 ([865f26d](https://github.com/certd/certd/commit/865f26d75c0d3dd4dc8b41448f8830068e45957c))
### Features
* 支持open api接口根据域名获取证书 ([52a4fd3](https://github.com/certd/certd/commit/52a4fd33180e9b3f71b8dc9f7671d7cd8e448c3b))
### Performance Improvements
* 证书仓库 ([91e7f45](https://github.com/certd/certd/commit/91e7f45a1c5ea1e0ec0aa3236b80028f03a6d0aa))
* 支持部署到阿里云ALB ([653940a](https://github.com/certd/certd/commit/653940a0ca64fc380178c1b0b58ae0af64dfaf07))
* 支持部署到阿里云NLB、SLB ([c085bac](https://github.com/certd/certd/commit/c085bac5d877c4250a8a79e17eb8673b8e4fc89c))
* 支持部署到腾讯云直播 ([417d37b](https://github.com/certd/certd/commit/417d37b199b79a42f790f9edab8f178eedf8fbf7))
* 支持部署证书到proxmox ([d10795e](https://github.com/certd/certd/commit/d10795ecd97eb8cf2ffa46aabfdbfc6812636396))
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
### Bug Fixes
* 修复复制到本机插件pfx格式复制时报错的bug ([f57116d](https://github.com/certd/certd/commit/f57116d2bebf33e47ad93e0b39c4efe8e4aea25c))
* 修复授权管理点击了查看原文按钮后无法修改值的bug ([85c99f7](https://github.com/certd/certd/commit/85c99f7f80761ac6efaf3255c03b933442db1686))
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
### Bug Fixes
* 修复站点监控域名校验无法通过的bug ([1cb4a53](https://github.com/certd/certd/commit/1cb4a539cc523721ffd4b22d40d0e3d2d68cd915))
### Performance Improvements
* 优化腾讯云CLB插件支持非sni情况sni情况支持填写多个域名 ([635b042](https://github.com/certd/certd/commit/635b042690637bff85e97e07c7aac4b87a8a124b))
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
### Bug Fixes
* 修复系统级授权无法查看密钥的bug ([8644348](https://github.com/certd/certd/commit/8644348fc41ae2e1672f946ca37e5d3a674e0218))
### Performance Improvements
* 优化站点证书检查页面检查增加3次重试 ([e6dd7cd](https://github.com/certd/certd/commit/e6dd7cd54a3e23897031b5df6e0c3cdc0545d35a))
* 优化acme sdk ([54db744](https://github.com/certd/certd/commit/54db74428259de64d12230c2ab7353ae11197bbc))
* 支持http校验方式申请证书 ([405591c](https://github.com/certd/certd/commit/405591c5d08fa1a3b228ee3980199e7731cfec4a))
* http校验方式支持七牛云oss、阿里云oss、腾讯云cos ([3f74d4d](https://github.com/certd/certd/commit/3f74d4d9e5f5d0e629b44cff1895b3f7a8fbcafc))
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
### Bug Fixes
* 修复套餐关闭状态下仍然限制用户流水线数量的bug ([66fb9e5](https://github.com/certd/certd/commit/66fb9e5f49491f9c159363b48af14720a37673b1))
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
### Bug Fixes
* 免费套餐支持购买 ([f5ec987](https://github.com/certd/certd/commit/f5ec9870fd6af1f0c9099852bbdb4d07813ccce8))
* 修复某处金额转换丢失精度的bug ([d2d6f12](https://github.com/certd/certd/commit/d2d6f12218cbe7bd55f4ae082b93084be85f0a7b))
* 修复新版本小红点显示错误问题 ([fe4786e](https://github.com/certd/certd/commit/fe4786e168afe03a5243dd67971476c348339809))
### Performance Improvements
* 用户创建证书流水线没有购买套餐或者超限时提前报错 ([472f06c](https://github.com/certd/certd/commit/472f06c2d190d0ae48e8b53c18bc278437656a1c))
* 优化插件名称显示 ([26adf7d](https://github.com/certd/certd/commit/26adf7d437e674385f26a8f92fded6521a620671))
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
### Bug Fixes
* 修复手机模式下查询框被文字遮盖的bug ([040788c](https://github.com/certd/certd/commit/040788c793642c3bb2a3ede87fe30fcf3be471bd))
* 修复左侧菜单收起时无法展开子菜单的bug ([0056223](https://github.com/certd/certd/commit/005622307e612717a5408aa1484717ef03003a22))
### Features
* 基础版不再限制流水线数量 ([cb27d4b](https://github.com/certd/certd/commit/cb27d4b4906b2782eaceb0a95bbdc5d0534370d2))
* 套餐购买支持易支付、支付宝支付 ([faa28f8](https://github.com/certd/certd/commit/faa28f88f954cba4c1dd29125562e5acd2fd99af))
* 用户套餐,用户支付功能 ([a019956](https://github.com/certd/certd/commit/a019956698acaf2c4beb620b5ad8c18918ead6a1))
* 站点证书监控 ([9c8c7a7](https://github.com/certd/certd/commit/9c8c7a781223f4217f45510db1e89495600e3cd5))
* 支持微信支付 ([45d6347](https://github.com/certd/certd/commit/45d6347f5b6199493b11aabdd74177f6dca2cea4))
### Performance Improvements
* 调整创建证书表单字段的顺序 ([d393521](https://github.com/certd/certd/commit/d3935219f2aa50d6662c5b5ebf7ee25ad696ab2b))
* 同一时间只允许一个套餐生效 ([8ebf95a](https://github.com/certd/certd/commit/8ebf95a222a900d1707716c7b1f3b39f8a6d8f94))
* 用户名支持修改 ([89c7f07](https://github.com/certd/certd/commit/89c7f070343e86453c84677ebe1669f9b266d871))
* 优化证书申请跳过的状态显示,成功通知现在在跳过时不会发送 ([67d762b](https://github.com/certd/certd/commit/67d762b6a520f1fa24719a124e5ae975a81f5f82))
* 站点证书监控通知发送,每天定时检查 ([bb4910f](https://github.com/certd/certd/commit/bb4910f4e57234e42b44505f4620ae7af66025c5))
* 支持一体证书 ([53c38cf](https://github.com/certd/certd/commit/53c38cf714a6f7486abbf1d71c9f48f56a790100))
* 支持plesk网站证书部署 ([eda45c1](https://github.com/certd/certd/commit/eda45c1528199648b3970505e87f492d398226cd))
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
### Bug Fixes
* 修复证书成功通知发送失败的bug ([0f5c690](https://github.com/certd/certd/commit/0f5c69040ba77340c909813220a26bc7ddada3ea))
### Performance Improvements
* 群晖支持6.x ([79f7ec4](https://github.com/certd/certd/commit/79f7ec4672f4fd5744cc45e4a6f104da943f4026))
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
### Bug Fixes
* 修复没有配置eab时报order无法读取的问题 ([657a2ae](https://github.com/certd/certd/commit/657a2ae032e6f61ac27fbdd26c7bf169c041219e))
* 修复授权被删除后无法清空的bug ([b45977c](https://github.com/certd/certd/commit/b45977c29a29084c11e496bec3415eaaebafdd74))
* mysql下access.setting字段改成text ([b7f5740](https://github.com/certd/certd/commit/b7f5740c57743914f754f3b4fdd94b59a2e8338c))
### Performance Improvements
* 点击版本红点按钮,跳转到升级帮助页面 ([454fbda](https://github.com/certd/certd/commit/454fbda581bbe22abca5b91e5086ea9d9d58a020))
* 通知标题优化 ([ff083ce](https://github.com/certd/certd/commit/ff083ce6848a8bee3c8248e4b881086ae1517c28))
* 支持腾讯虚拟机开关机([@wujingke](https://github.com/wujingke)) ([8039e8b](https://github.com/certd/certd/commit/8039e8baf83c82d03f1a6198cf61c372026b962b))
* 支持aws cloudfront ([0ae39f1](https://github.com/certd/certd/commit/0ae39f160a7c6b6696b3bf513d68aa28905810ad))
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
### Bug Fixes

81
README.md
View File

@@ -9,15 +9,23 @@ Certd 是一个免费全自动申请和自动部署更新SSL证书的管理系
本项目不仅支持证书申请过程自动化,还可以自动化部署更新证书,让你的证书永不过期。
* 全自动申请证书(支持所有注册商注册的域名)
* 全自动部署更新证书(目前支持部署到主机、部署到阿里云、腾讯云等,目前已支持30+部署插件)
* 全自动部署更新证书(目前支持部署到主机、阿里云、腾讯云等,目前已支持40+部署插件)
* 支持DNS-01、HTTP-01、CNAME代理等多种域名验证方式
* 支持通配符域名/泛域名支持多个域名打到一个证书上支持pem、pfx、der、jks等多种证书格式
* 邮件通知
* 私有化部署数据保存本地镜像由Github Actions构建过程公开透明
* 支持sqlitepostgresql数据库
* 邮件通知、webhook通知
* 私有化部署,数据保存本地,授权信息加密存储,镜像由Github Actions构建过程公开透明
* 支持SQLitePostgreSQL、MySQL数据库
>
> 流水线数量现已调整为无限制,欢迎大家使用
>
> 关于证书续期:
>* 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
>* 我们所说的续期,其实就是按照全套流程重新申请一份新证书,然后重新部署上去。
## 二、在线体验
官方Demo地址自助注册后体验
@@ -86,11 +94,13 @@ https://certd.handfree.work/
## 五、 升级
如果使用固定版本号
### docker-compose方式部署
#### 1. 如果使用固定版本号
1. 修改`docker-compose.yaml`中的镜像版本号
2. 运行`docker compose up -d` 即可
如果使用`latest`版本
#### 2. 如果需要使用最新版本
```shell
#重新拉取镜像
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
@@ -98,19 +108,54 @@ docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
docker compose down
docker compose up -d
```
> 数据默认存在`/data/certd`目录下,不用担心数据丢失
> 数据默认存在`/data/certd`目录下,不用担心数据丢失
### 自动升级(仅限尝鲜建议非生产使用)
```yaml
version: '3.3'
services:
certd:
image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
container_name: certd
restart: unless-stopped
volumes:
- /data/certd:/app/data
ports:
- "7001:7001"
- "7002:7002"
environment:
- certd_system_resetAdminPasswd=false
labels:
com.centurylinklabs.watchtower.enable: "true"
certd-updater: # 添加 Watchtower 服务
image: containrrr/watchtower:latest
container_name: certd-updater
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# 配置 自动更新
environment:
- WATCHTOWER_CLEANUP=true # 自动清理旧版本容器
- WATCHTOWER_INCLUDE_STOPPED=false # 不更新已停止的容器
- WATCHTOWER_LABEL_ENABLE=true # 根据容器标签进行更新
- WATCHTOWER_POLL_INTERVAL=300 # 每 5 分钟检查一次更新
```
### 其他部署方式升级方法
请参考 https://certd.docmirror.cn/guide/install/upgrade.html
更新日志: [CHANGELOG](./CHANGELOG.md)
### 更新日志:
[CHANGELOG](./CHANGELOG.md)
## 六、一些说明
* 本项目ssl证书提供商为letencrypt/Google/ZeroSSL
* 申请过程遵循acme协议
* 需要验证域名所有权一般有两种方式目前本项目仅支持dns-01
* http-01 在网站根目录下放置一份txt文件
* dns-01 需要给域名添加txt解析记录通配符域名只能用这种方式
* 证书续期:
* 实际上没有办法不改变证书文件本身情况下直接续期或者续签。
* 我们所说的续期,其实就是按照全套流程重新申请一份新证书,然后重新部署上去。
@@ -155,12 +200,14 @@ https://afdian.com/a/greper
专业版特权对比
| 功能 | 免费版 | 专业版 |
|---------|-------------------|-----------------------|
| 免费证书申请 | 免费无限制 | 免费无限制 |
| 自动部署插件 | 阿里云、腾讯云、七牛云、主机部署等 | 支持群晖、宝塔、1Panel等持续开发中 |
| 发邮件功能 | 需要配置 | 免配置 |
| 证书流水线条数 | 10条 | 无限制 |
| 功能 | 基础版 | 专业版 |
|------|-----------------|-------------------|
| 免费证书申请 | 免费无限制 | 无限制 |
| 域名数量 | 免费无限制 | 无限制 |
| 证书流水线条数 | 免费无限制 | 无限制 |
| 站点证书监控 | 1 | 无限制 |
| 自动部署插件 | 阿里云、腾讯云、七牛云、SSH | 支持群晖、宝塔、1Panel等持续开发中 |
| 通知 | 邮件、webhook | server酱、企微、anpush等 |
************************

2
build.trigger
View File

@@ -1 +1 @@
01:55
00:38

33
docker/run/docker-compose.yaml
View File

@@ -1,7 +1,7 @@
version: '3.3' # 兼容旧版docker-compose
services:
certd:
# 镜像 # ↓↓↓↓↓ ---- 镜像版本号,建议改成固定版本号
# 镜像 # ↓↓↓↓↓ ---- 镜像版本号,建议改成固定版本号,例如certd:1.29.0
image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
container_name: certd # 容器名
restart: unless-stopped # 自动重启
@@ -25,14 +25,22 @@ services:
# - 8.8.4.4
# extra_hosts:
# # ↓↓↓↓ -------------------------------------------------------- 这里可以配置自定义hosts外网域名可以指向本地局域网ip地址
# - "localdomain.comm:192.168.1.3"
# - "localdomain.com:192.168.1.3"
labels:
com.centurylinklabs.watchtower.enable: "true"
# ↓↓↓↓ -------------------------------------------------------------- 启用ipv6网络还需要把下面networks的注释放开
# networks:
# - ip6net
environment:
# 设置环境变量即可自定义certd配置
# 配置项见: packages/ui/certd-server/src/config/config.default.ts
# 配置规则: certd_ + 配置项, 点号用_代替
# #↓↓↓↓ ----------------------------- 如果忘记管理员密码可以设置为true重启之后管理员密码将改成123456然后请及时修改回false
- certd_system_resetAdminPasswd=false
# 默认使用sqlite文件数据库如果需要使用其他数据库请设置以下环境变量
# 注意: 选定使用一种数据库之后,不支持更换数据库。
# 数据库迁移方法1、使用新数据库重新部署一套然后将旧数据同步过去注意flyway_history表的数据不要同步
# #↓↓↓↓ ----------------------------- 使用postgresql数据库需要提前创建数据库
# - certd_flyway_scriptDir=./db/migration-pg # 升级脚本目录
# - certd_typeorm_dataSource_default_type=postgres # 数据库类型
@@ -51,13 +59,22 @@ services:
# - certd_typeorm_dataSource_default_password=yourpasswd # 密码
# - certd_typeorm_dataSource_default_database=certd # 数据库名
# ↓↓↓↓ --------------------------------------------------------- 自动升级上面certd的版本号要保持为latest
# certd-updater: # 添加 Watchtower 服务
# image: containrrr/watchtower:latest
# container_name: certd-updater
# restart: unless-stopped
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# # 配置 自动更新
# environment:
# - WATCHTOWER_CLEANUP=true # 自动清理旧版本容器
# - WATCHTOWER_INCLUDE_STOPPED=false # 不更新已停止的容器
# - WATCHTOWER_LABEL_ENABLE=true # 根据容器标签进行更新
# - WATCHTOWER_POLL_INTERVAL=600 # 每 10 分钟检查一次更新
# #↓↓↓↓ ------------------------------------------------------------- 启用ipv6网络
# networks:
# - ip6net
# ↓↓↓↓ -------------------------------------------------------------- 启用ipv6网络还需要把上面networks的注释放开
#networks:
# ip6net:
# enable_ipv6: true

17
docs/.vitepress/config.ts
View File

@@ -57,6 +57,7 @@ export default defineConfig({
nav: [
{ text: "首页", link: "/" },
{ text: "指南", link: "/guide/" },
{ text: "商业版", link: "/comm/" },
{ text: "Demo体验", link: "https://certd.handfree.work" }
],
sidebar: {
@@ -76,8 +77,8 @@ export default defineConfig({
{ text: "源码部署", link: "/guide/install/source/" }
]
},
{ text: "演示教程", link: "/guide/tutorial.md" }
{ text: "演示教程", link: "/guide/tutorial.md" },
{ text: "版本升级", link: "/guide/install/upgrade.md" }
]
},
{
@@ -116,8 +117,20 @@ export default defineConfig({
]
}
],
"/comm/": [
{
text: "商业版",
items: [
{ text: "支付宝配置", link: "/comm/payments/alipay.md" },
{ text: "微信支付配置", link: "/comm/payments/wxpay.md" },
{ text: "彩虹易支付配置", link: "/comm/payments/yizhifu.md" },
]
}
]
,
},
socialLinks: [
{ icon: "github", link: "https://github.com/certd/certd" }
],

BIN
docs/comm/images/index.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 165 KiB

9
docs/comm/index.md Normal file
View File

@@ -0,0 +1,9 @@
# 商业版文档
![](./images/index.png)
## 支付方式配置
* [支付宝支付配置](./payments/alipay.md)
* [微信支付配置](./payments/wxpay.md)
* [彩虹易支付配置](./payments/yizhifu.md)

21
docs/comm/payments/alipay.md Normal file
View File

@@ -0,0 +1,21 @@
# 支付宝配置
## 配置步骤
1. 创建应用获取APPID
* 登录支付宝开放平台进入开发者中心创建网页应用获取应用的AppId左上角复制
* 开发者中心https://open.alipay.com/develop/manage
2. 进入应用详情,选择开发设置,配置接口加签方式 (选择密钥类型)
* 参考文档https://opendocs.alipay.com/common/02kdnc?pathHash=fb0c752a
* 此步骤完成后,可以获取应用的私钥、支付宝公钥。
* 注意:支付宝不会保存应用的私钥,你需要自己保管好私钥。
3. 在Certd后台配置支付宝
* 进入“系统”->"设置"->“支付设置”
* 启用支付宝,选择“支付宝配置”,点击添加
* 填写支付宝AppId、应用私钥、支付宝公钥等信息即可。

27
docs/comm/payments/wxpay.md Normal file
View File

@@ -0,0 +1,27 @@
# 微信支付配置
## 配置步骤
1. 开通Native支付
* 登录微信支付平台
* 进入产品中心: https://pay.weixin.qq.com/index.php/extend/product/lists?tid=3
* 选择开通Native支付
2. 申请证书
* 进入“账户中心”->“API安全”->“商户API证书”->“管理证书”
* 根据指引生成证书
* 得到私钥和公钥
3. 填写APIv3密钥
* 进入“账户中心”->“API安全”->“解密回调”
* 填写APIv3密钥
* 参考文档 https://kf.qq.com/faq/180830E36vyQ180830AZFZvu.html
4. 在Certd后台配置微信支付
* 进入“系统”->"设置"->“支付设置”
* 启用微信支付,选择“微信支付配置”,点击添加
* 填写微信支付商户号、证书私钥、证书公钥、APIv3密钥即可。

19
docs/comm/payments/yizhifu.md Normal file
View File

@@ -0,0 +1,19 @@
# 彩虹易支付配置
彩虹易支付是一款非常流行的php聚合支付系统。
## 配置步骤
1. 获取商户ID、商户密钥
* 登录彩虹易支付平台
* 进入用户中心https://xxxxxx.com/user/userinfo.php?mod=api
* 点击API信息
* 可以复制接口地址、商户ID、商户密钥key
* 点击查看文档了解支持的签名类型一般为MD5
2. 进入Certd后台配置彩虹易支付
* 进入“系统”->"设置"->“支付设置”
* 启用彩虹易支付,选择“彩虹易支付配置”,点击添加
* 填写接口地址、商户ID、商户密钥、签名方式等信息即可。

130
docs/guide/changelogs/CHANGELOG.md
View File

@@ -3,6 +3,136 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
### Bug Fixes
* 修复查看任务日志偶发性无法自动滚动底部的bug ([7e482f7](https://github.com/certd/certd/commit/7e482f798c0142bce1866f84676cb40210f9638a))
* 修复namesilo ttl太短的问题 ([865f26d](https://github.com/certd/certd/commit/865f26d75c0d3dd4dc8b41448f8830068e45957c))
### Features
* 支持open api接口根据域名获取证书 ([52a4fd3](https://github.com/certd/certd/commit/52a4fd33180e9b3f71b8dc9f7671d7cd8e448c3b))
### Performance Improvements
* 证书仓库 ([91e7f45](https://github.com/certd/certd/commit/91e7f45a1c5ea1e0ec0aa3236b80028f03a6d0aa))
* 支持部署到阿里云ALB ([653940a](https://github.com/certd/certd/commit/653940a0ca64fc380178c1b0b58ae0af64dfaf07))
* 支持部署到阿里云NLB、SLB ([c085bac](https://github.com/certd/certd/commit/c085bac5d877c4250a8a79e17eb8673b8e4fc89c))
* 支持部署到腾讯云直播 ([417d37b](https://github.com/certd/certd/commit/417d37b199b79a42f790f9edab8f178eedf8fbf7))
* 支持部署证书到proxmox ([d10795e](https://github.com/certd/certd/commit/d10795ecd97eb8cf2ffa46aabfdbfc6812636396))
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
### Bug Fixes
* 修复复制到本机插件pfx格式复制时报错的bug ([f57116d](https://github.com/certd/certd/commit/f57116d2bebf33e47ad93e0b39c4efe8e4aea25c))
* 修复授权管理点击了查看原文按钮后无法修改值的bug ([85c99f7](https://github.com/certd/certd/commit/85c99f7f80761ac6efaf3255c03b933442db1686))
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
### Bug Fixes
* 修复站点监控域名校验无法通过的bug ([1cb4a53](https://github.com/certd/certd/commit/1cb4a539cc523721ffd4b22d40d0e3d2d68cd915))
### Performance Improvements
* 优化腾讯云CLB插件支持非sni情况sni情况支持填写多个域名 ([635b042](https://github.com/certd/certd/commit/635b042690637bff85e97e07c7aac4b87a8a124b))
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
### Bug Fixes
* 修复系统级授权无法查看密钥的bug ([8644348](https://github.com/certd/certd/commit/8644348fc41ae2e1672f946ca37e5d3a674e0218))
### Performance Improvements
* 优化站点证书检查页面检查增加3次重试 ([e6dd7cd](https://github.com/certd/certd/commit/e6dd7cd54a3e23897031b5df6e0c3cdc0545d35a))
* 优化acme sdk ([54db744](https://github.com/certd/certd/commit/54db74428259de64d12230c2ab7353ae11197bbc))
* 支持http校验方式申请证书 ([405591c](https://github.com/certd/certd/commit/405591c5d08fa1a3b228ee3980199e7731cfec4a))
* http校验方式支持七牛云oss、阿里云oss、腾讯云cos ([3f74d4d](https://github.com/certd/certd/commit/3f74d4d9e5f5d0e629b44cff1895b3f7a8fbcafc))
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
### Bug Fixes
* 修复套餐关闭状态下仍然限制用户流水线数量的bug ([66fb9e5](https://github.com/certd/certd/commit/66fb9e5f49491f9c159363b48af14720a37673b1))
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
### Bug Fixes
* 免费套餐支持购买 ([f5ec987](https://github.com/certd/certd/commit/f5ec9870fd6af1f0c9099852bbdb4d07813ccce8))
* 修复某处金额转换丢失精度的bug ([d2d6f12](https://github.com/certd/certd/commit/d2d6f12218cbe7bd55f4ae082b93084be85f0a7b))
* 修复新版本小红点显示错误问题 ([fe4786e](https://github.com/certd/certd/commit/fe4786e168afe03a5243dd67971476c348339809))
### Performance Improvements
* 用户创建证书流水线没有购买套餐或者超限时提前报错 ([472f06c](https://github.com/certd/certd/commit/472f06c2d190d0ae48e8b53c18bc278437656a1c))
* 优化插件名称显示 ([26adf7d](https://github.com/certd/certd/commit/26adf7d437e674385f26a8f92fded6521a620671))
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
### Bug Fixes
* 修复手机模式下查询框被文字遮盖的bug ([040788c](https://github.com/certd/certd/commit/040788c793642c3bb2a3ede87fe30fcf3be471bd))
* 修复左侧菜单收起时无法展开子菜单的bug ([0056223](https://github.com/certd/certd/commit/005622307e612717a5408aa1484717ef03003a22))
### Features
* 基础版不再限制流水线数量 ([cb27d4b](https://github.com/certd/certd/commit/cb27d4b4906b2782eaceb0a95bbdc5d0534370d2))
* 套餐购买支持易支付、支付宝支付 ([faa28f8](https://github.com/certd/certd/commit/faa28f88f954cba4c1dd29125562e5acd2fd99af))
* 用户套餐,用户支付功能 ([a019956](https://github.com/certd/certd/commit/a019956698acaf2c4beb620b5ad8c18918ead6a1))
* 站点证书监控 ([9c8c7a7](https://github.com/certd/certd/commit/9c8c7a781223f4217f45510db1e89495600e3cd5))
* 支持微信支付 ([45d6347](https://github.com/certd/certd/commit/45d6347f5b6199493b11aabdd74177f6dca2cea4))
### Performance Improvements
* 调整创建证书表单字段的顺序 ([d393521](https://github.com/certd/certd/commit/d3935219f2aa50d6662c5b5ebf7ee25ad696ab2b))
* 同一时间只允许一个套餐生效 ([8ebf95a](https://github.com/certd/certd/commit/8ebf95a222a900d1707716c7b1f3b39f8a6d8f94))
* 用户名支持修改 ([89c7f07](https://github.com/certd/certd/commit/89c7f070343e86453c84677ebe1669f9b266d871))
* 优化证书申请跳过的状态显示,成功通知现在在跳过时不会发送 ([67d762b](https://github.com/certd/certd/commit/67d762b6a520f1fa24719a124e5ae975a81f5f82))
* 站点证书监控通知发送,每天定时检查 ([bb4910f](https://github.com/certd/certd/commit/bb4910f4e57234e42b44505f4620ae7af66025c5))
* 支持一体证书 ([53c38cf](https://github.com/certd/certd/commit/53c38cf714a6f7486abbf1d71c9f48f56a790100))
* 支持plesk网站证书部署 ([eda45c1](https://github.com/certd/certd/commit/eda45c1528199648b3970505e87f492d398226cd))
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
### Bug Fixes
* 修复证书成功通知发送失败的bug ([0f5c690](https://github.com/certd/certd/commit/0f5c69040ba77340c909813220a26bc7ddada3ea))
### Performance Improvements
* 群晖支持6.x ([79f7ec4](https://github.com/certd/certd/commit/79f7ec4672f4fd5744cc45e4a6f104da943f4026))
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
### Bug Fixes
* 修复没有配置eab时报order无法读取的问题 ([657a2ae](https://github.com/certd/certd/commit/657a2ae032e6f61ac27fbdd26c7bf169c041219e))
* 修复授权被删除后无法清空的bug ([b45977c](https://github.com/certd/certd/commit/b45977c29a29084c11e496bec3415eaaebafdd74))
* mysql下access.setting字段改成text ([b7f5740](https://github.com/certd/certd/commit/b7f5740c57743914f754f3b4fdd94b59a2e8338c))
### Performance Improvements
* 点击版本红点按钮,跳转到升级帮助页面 ([454fbda](https://github.com/certd/certd/commit/454fbda581bbe22abca5b91e5086ea9d9d58a020))
* 通知标题优化 ([ff083ce](https://github.com/certd/certd/commit/ff083ce6848a8bee3c8248e4b881086ae1517c28))
* 支持腾讯虚拟机开关机([@wujingke](https://github.com/wujingke)) ([8039e8b](https://github.com/certd/certd/commit/8039e8baf83c82d03f1a6198cf61c372026b962b))
* 支持aws cloudfront ([0ae39f1](https://github.com/certd/certd/commit/0ae39f160a7c6b6696b3bf513d68aa28905810ad))
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
### Bug Fixes
* 修复创建流水线通知设置无效的bug ([498cf34](https://github.com/certd/certd/commit/498cf34999fddfa24ce088e2e678469fa669abb8))
* 修复流水线分组可以被所有人看见的bug ([a0e838d](https://github.com/certd/certd/commit/a0e838d1eec918e5dc92fe95dc72ac14facb930e))
### Performance Improvements
* 优化数据表索引 ([228fdf0](https://github.com/certd/certd/commit/228fdf0a0d28013f5dd156a97bbde80537e8e97e))
* 支持mysql ([7cde1fd](https://github.com/certd/certd/commit/7cde1fdc4a9ed851900d231a5460c8dbfbcd148e))
## [1.28.1](https://github.com/certd/certd/compare/v1.28.0...v1.28.1) (2024-12-08)
### Bug Fixes

2
docs/guide/development/index.md
View File

@@ -106,4 +106,4 @@ throw new Error("错误信息")
## 五、贡献插件送激活码
- PR要求插件功能完整代码规范
- PR通过后联系我们送您一个专业版激活码
- PR通过后联系我们送您一个半年期专业版激活码

2
docs/guide/index.md
View File

@@ -14,7 +14,7 @@ Certd 是一款开源、免费、全自动申请和部署更新SSL证书的工
* 支持通配符域名/泛域名,支持多个域名打到一个证书上
* 邮件通知
* 私有化部署,保障数据安全
* 支持sqlitepostgresql数据库
* 支持SQLite、Postgresql、MySQL数据库
## 二、一些说明

BIN
docs/guide/install/1panel/images/upgrade-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
docs/guide/install/1panel/images/upgrade-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

11
docs/guide/install/1panel/index.md
View File

@@ -31,15 +31,12 @@ admin/123456
## 三、升级
1. 找到容器,点击编辑
![](./images/edit1.png)
1. 找到容器,点击更多->升级
![](./images/upgrade-1.png)
2. 将latest修改为最新版本号
![](https://img.shields.io/npm/v/%40certd%2Fpipeline)
2. 选择强制拉取镜像,点击确认即可
![img.png](./images/upgrade-2.png)
![img.png](./images/edit2.png)
3. 点击确定,重启容器
## 四、数据备份

20
docs/guide/install/baota/index.md
View File

@@ -38,28 +38,12 @@ admin/123456
登录后请及时修改密码
## 三、如何升级
宝塔升级certd非常简单
### 1. 应用商店安装,直接更新镜像即可
`docker`->`容器编排`->`左侧选择Certd-xxxx`->`更新镜像`
`docker`->`容器编排`->`左侧选择Certd`->`更新镜像`
![img.png](./images/upgrade.png)
### 2. latest更新方式
在主机上拉取最新镜像,然后面板上重启容器
```shell
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
```
### 3. 固定版本号方式
修改容器编排模版中的镜像版本号,然后面板上重启容器
```shell
services:
certd:
# 镜像 # 修改最新版本号 ---- ↓↓↓↓↓
image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:v1.xx.x
```
## 四、数据备份
### 4.1 应用商店部署方式

10
docs/guide/install/source/index.md
View File

@@ -8,7 +8,7 @@
```shell
# 克隆代码
git clone https://github.com/certd/certd
# git checkout v1.x.x # 1.x.x换成最新版本号当v2主干分支代码无法正常启动时可以尝试此命令
# git checkout v1.x.x # 当v2主干分支代码无法正常启动时可以尝试此命令1.x.x换成最新版本号
cd certd
# 启动服务
./start.sh
@@ -29,9 +29,15 @@ https://your_server_ip:7002
## 二、升级
```shell
# 更新代码并启动
cd certd
# 确保数据安全,备份一下数据
cp -rf ./packages/ui/certd-server/data ../certd-data-backup
git pull
# 如果提示pull失败可以尝试强制更新
# git checkout v2 -f && git pull
# 先停止旧的服务,7001是certd的默认端口
kill -9 $(lsof -t -i:7001)
# 重新编译启动

12
docs/guide/install/upgrade.md Normal file
View File

@@ -0,0 +1,12 @@
# 版本升级
## 升级方法
根据不同部署方式查看升级方法
1. [Docker方式部署升级](./docker/#二、升级)
2. [宝塔面板方式部署升级](./baota/#三、如何升级)
3. [1Panel面板方式部署升级](./1panel/#三、升级)
4. [源码方式部署](./source/#二、升级)
## 升级日志
[CHANGELOG](../changelogs/CHANGELOG.md)

10
docs/guide/use/cert/index.md Normal file
View File

@@ -0,0 +1,10 @@
# 证书申请失败情况
## DNS记录问题
1. DNS 不要设置CAA记录删除即可
2. DNSSEC相关报错DNSSEC管理中删除即可
3. DNS 有其他平台申请过的_acme-challenge记录删除即可

BIN
docs/guide/use/synology/images/deploy1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 53 KiB

6
docs/guide/use/synology/index.md
View File

@@ -1,8 +1,12 @@
# 群晖部署和证书更新
支持群晖`6.x``7.x`
## 一、群晖部署Certd
以下是群晖`7.x`的部署`certd`步骤。
群晖`6.x`请参考[docker部署](./../../install/docker/)
### 1. 打开Container Manager
![](./images/1.png)
@@ -32,6 +36,8 @@
## 二、更新群晖证书
证书部署插件支持群晖`6.x``7.x`
## 1. 前提条件
* 已经部署了certd
* 群晖上已经设置好了证书(证书建议设置好描述,插件需要根据描述查找证书)

4
docs/index.md
View File

@@ -30,7 +30,7 @@ features:
- title: 多证书格式支持
details: 支持pem、pfx、der、jks等多种证书格式支持Google、Letsencrypt、ZeroSSL证书颁发机构
- title: 支持私有化部署
details: 保障数据安全
details: 授权数据加密存储,保障数据安全
- title: 多数据库支持
details: 支持sqlitepostgresql数据库
details: 支持SQLite、Postgresql、MySQL数据库
---

2
lerna.json
View File

@@ -9,5 +9,5 @@
}
},
"npmClient": "pnpm",
"version": "1.28.2"
"version": "1.30.1"
}

44
packages/core/acme-client/CHANGELOG.md
View File

@@ -3,6 +3,50 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/publishlab/node-acme-client/compare/v1.30.0...v1.30.1) (2025-01-20)
**Note:** Version bump only for package @certd/acme-client
# [1.30.0](https://github.com/publishlab/node-acme-client/compare/v1.29.5...v1.30.0) (2025-01-19)
### Bug Fixes
* 修复查看任务日志偶发性无法自动滚动底部的bug ([7e482f7](https://github.com/publishlab/node-acme-client/commit/7e482f798c0142bce1866f84676cb40210f9638a))
## [1.29.5](https://github.com/publishlab/node-acme-client/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/acme-client
## [1.29.4](https://github.com/publishlab/node-acme-client/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/acme-client
## [1.29.3](https://github.com/publishlab/node-acme-client/compare/v1.29.2...v1.29.3) (2025-01-04)
### Performance Improvements
* 优化acme sdk ([54db744](https://github.com/publishlab/node-acme-client/commit/54db74428259de64d12230c2ab7353ae11197bbc))
## [1.29.2](https://github.com/publishlab/node-acme-client/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/acme-client
## [1.29.1](https://github.com/publishlab/node-acme-client/compare/v1.29.0...v1.29.1) (2024-12-25)
**Note:** Version bump only for package @certd/acme-client
# [1.29.0](https://github.com/publishlab/node-acme-client/compare/v1.28.4...v1.29.0) (2024-12-24)
**Note:** Version bump only for package @certd/acme-client
## [1.28.4](https://github.com/publishlab/node-acme-client/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/acme-client
## [1.28.3](https://github.com/publishlab/node-acme-client/compare/v1.28.2...v1.28.3) (2024-12-12)
**Note:** Version bump only for package @certd/acme-client
## [1.28.2](https://github.com/publishlab/node-acme-client/compare/v1.28.1...v1.28.2) (2024-12-09)
### Performance Improvements

6
packages/core/acme-client/package.json
View File

@@ -3,7 +3,7 @@
"description": "Simple and unopinionated ACME client",
"private": false,
"author": "nmorsman",
"version": "1.28.2",
"version": "1.30.1",
"type": "module",
"module": "scr/index.js",
"main": "src/index.js",
@@ -18,7 +18,7 @@
"types"
],
"dependencies": {
"@certd/basic": "^1.28.2",
"@certd/basic": "^1.30.1",
"@peculiar/x509": "^1.11.0",
"asn1js": "^3.0.5",
"axios": "^1.7.2",
@@ -65,5 +65,5 @@
"bugs": {
"url": "https://github.com/publishlab/node-acme-client/issues"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

29
packages/core/acme-client/src/auto.js
View File

@@ -99,31 +99,14 @@ export default async (client, userOpts) => {
return;
}
const keyAuthorizationGetter = async (challenge) => {
return await client.getChallengeKeyAuthorization(challenge);
}
try {
/* Select challenge based on priority */
const challenge = authz.challenges.sort((a, b) => {
const aidx = opts.challengePriority.indexOf(a.type);
const bidx = opts.challengePriority.indexOf(b.type);
if (aidx === -1) return 1;
if (bidx === -1) return -1;
return aidx - bidx;
}).slice(0, 1)[0];
if (!challenge) {
throw new Error(`Unable to select challenge for ${d}, no challenge found`);
}
log(`[auto] [${d}] Found ${authz.challenges.length} challenges, selected type: ${challenge.type}`);
/* Trigger challengeCreateFn() */
log(`[auto] [${d}] Trigger challengeCreateFn()`);
const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
try {
const { recordReq, recordRes, dnsProvider } = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
log(`[auto] [${d}] challengeCreateFn success`);
log(`[auto] [${d}] add challengeRemoveFn()`);
const { recordReq, recordRes, dnsProvider,challenge ,keyAuthorization} = await opts.challengeCreateFn(authz, keyAuthorizationGetter);
clearTasks.push(async () => {
/* Trigger challengeRemoveFn(), suppress errors */
log(`[auto] [${d}] Trigger challengeRemoveFn()`);
@@ -141,7 +124,7 @@ export default async (client, userOpts) => {
await wait(60 * 1000);
}
else {
log(`[auto] [${d}] Running challenge verification`);
log(`[auto] [${d}] Running challenge verification, type = ${challenge.type}`);
try {
await client.verifyChallenge(authz, challenge);
}

1
packages/core/acme-client/src/axios.js
View File

@@ -126,6 +126,7 @@ instance.interceptors.response.use(null, async (error) => {
/* Wait and retry the request */
await new Promise((resolve) => { setTimeout(resolve, (retryAfter * 1000)); });
log(`Retrying request to URL ${config.url}`);
return instance(config);
}
}

2
packages/core/acme-client/src/error.js
View File

@@ -5,3 +5,5 @@ export class CancelError extends Error {
}
}

6
packages/core/acme-client/types/index.d.ts vendored
View File

@@ -4,6 +4,8 @@
import { AxiosInstance } from 'axios';
import * as rfc8555 from './rfc8555';
import {CancelError} from '../src/error.js'
export * from '../src/error.js'
export type PrivateKeyBuffer = Buffer;
export type PublicKeyBuffer = Buffer;
@@ -56,7 +58,7 @@ export interface ClientExternalAccountBindingOptions {
export interface ClientAutoOptions {
csr: CsrBuffer | CsrString;
challengeCreateFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string) => Promise<{recordReq:any,recordRes:any,dnsProvider:any}>;
challengeCreateFn: (authz: Authorization, keyAuthorization: (challenge:rfc8555.Challenge)=>Promise<string>) => Promise<{recordReq?:any,recordRes?:any,dnsProvider?:any,challenge: rfc8555.Challenge,keyAuthorization:string}>;
challengeRemoveFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string,recordReq:any, recordRes:any,dnsProvider:any) => Promise<any>;
email?: string;
termsOfServiceAgreed?: boolean;
@@ -202,4 +204,4 @@ export function setLogger(fn: (message: any, ...args: any[]) => void): void;
export function walkTxtRecord(record: any): Promise<string[]>;
export const CancelError: Error;
export const CancelError: typeof CancelError;

50
packages/core/basic/CHANGELOG.md
View File

@@ -3,6 +3,56 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
**Note:** Version bump only for package @certd/basic
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
**Note:** Version bump only for package @certd/basic
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/basic
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/basic
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
**Note:** Version bump only for package @certd/basic
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/basic
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
### Bug Fixes
* 修复某处金额转换丢失精度的bug ([d2d6f12](https://github.com/certd/certd/commit/d2d6f12218cbe7bd55f4ae082b93084be85f0a7b))
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
### Features
* 用户套餐,用户支付功能 ([a019956](https://github.com/certd/certd/commit/a019956698acaf2c4beb620b5ad8c18918ead6a1))
* 支持微信支付 ([45d6347](https://github.com/certd/certd/commit/45d6347f5b6199493b11aabdd74177f6dca2cea4))
### Performance Improvements
* 站点证书监控通知发送,每天定时检查 ([bb4910f](https://github.com/certd/certd/commit/bb4910f4e57234e42b44505f4620ae7af66025c5))
* 支持plesk网站证书部署 ([eda45c1](https://github.com/certd/certd/commit/eda45c1528199648b3970505e87f492d398226cd))
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/basic
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
**Note:** Version bump only for package @certd/basic
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/basic

2
packages/core/basic/build.md
View File

@@ -1 +1 @@
22:42
23:35

5
packages/core/basic/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@certd/basic",
"private": false,
"version": "1.28.2",
"version": "1.30.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -23,6 +23,7 @@
"lodash-es": "^4.17.21",
"log4js": "^6.9.1",
"lru-cache": "^10.0.0",
"mitt": "^3.0.1",
"nanoid": "^5.0.7",
"node-forge": "^1.3.1",
"nodemailer": "^6.9.3"
@@ -43,5 +44,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

11
packages/core/basic/src/utils/index.ts
View File

@@ -8,6 +8,11 @@ export * from './util.hash.js';
export * from './util.merge.js';
export * from './util.cache.js';
export * from './util.string.js';
export * from './util.lock.js';
export * from './util.mitter.js';
export * from './util.id.js';
export * from './util.domain.js';
export * from './util.amount.js';
import { stringUtils } from './util.string.js';
import sleep from './util.sleep.js';
import { http, download } from './util.request.js';
@@ -22,8 +27,11 @@ import { cache } from './util.cache.js';
import dayjs from 'dayjs';
import { domainUtils } from './util.domain.js';
import { optionsUtils } from './util.options.js';
import { amountUtils } from './util.amount.js';
import { nanoid } from 'nanoid';
import * as id from './util.id.js';
import { locker } from './util.lock.js';
import { mitter } from './util.mitter.js';
export const utils = {
sleep,
http,
@@ -41,4 +49,7 @@ export const utils = {
domain: domainUtils,
options: optionsUtils,
string: stringUtils,
locker,
mitter,
amount: amountUtils,
};

9
packages/core/basic/src/utils/util.amount.ts Normal file
View File

@@ -0,0 +1,9 @@
export const amountUtils = {
toCent(amount: number): number {
return parseInt((amount * 100).toFixed(0));
},
toYuan(amount: number): number {
return parseFloat((amount / 100).toFixed(2));
},
};

2
packages/core/basic/src/utils/util.env.ts
View File

@@ -1,4 +1,4 @@
export function isDev() {
const nodeEnv = process.env.NODE_ENV || '';
return nodeEnv === 'development' || nodeEnv.indexOf('local') >= 0;
return nodeEnv === 'development' || nodeEnv.includes('local') || nodeEnv.startsWith('dev');
}

5
packages/core/basic/src/utils/util.hash.ts
View File

@@ -3,7 +3,10 @@ import crypto from 'crypto';
function md5(data: string) {
return crypto.createHash('md5').update(data).digest('hex');
}
function sha256(data: string) {
return crypto.createHash('sha256').update(data).digest('hex');
}
export const hashUtils = {
md5,
sha256,
};

47
packages/core/basic/src/utils/util.lock.ts Normal file
View File

@@ -0,0 +1,47 @@
import { logger, utils } from './index.js';
export class Locker {
locked: Record<string, any> = {};
async execute(lockStr: string, callback: any) {
await this.lock(lockStr);
const timeoutId = setTimeout(() => {
logger.warn('Lock timeout,自动解锁', lockStr);
this.unlock(lockStr);
}, 20000);
try {
return await callback();
} finally {
clearTimeout(timeoutId);
this.unlock(lockStr);
}
}
async lock(str: string) {
const isLocked = this.isLocked(str);
if (isLocked) {
let count = 0;
while (true) {
await utils.sleep(100);
if (!this.isLocked(str)) {
break;
}
count++;
if (count > 20) {
throw new Error('Lock timeout');
}
}
}
this.locked[str] = true;
}
unlock(str: string) {
delete this.locked[str];
}
isLocked(str: string) {
return this.locked[str] ?? false;
}
}
export const locker = new Locker();

2
packages/core/basic/src/utils/util.mitter.ts Normal file
View File

@@ -0,0 +1,2 @@
import mitt from 'mitt';
export const mitter = mitt();

2
packages/core/basic/src/utils/util.options.ts
View File

@@ -37,6 +37,8 @@ function buildGroupOptions(options: any[], inDomains: string[]) {
}
export const optionsUtils = {
//获取分组
groupByDomain,
//构建分组后的选项列表,常用
buildGroupOptions,
};

10
packages/core/basic/src/utils/util.request.ts
View File

@@ -1,4 +1,4 @@
import axios, { AxiosRequestConfig } from 'axios';
import axios, { AxiosHeaders, AxiosRequestConfig } from 'axios';
import { ILogger, logger } from './util.log.js';
import { Logger } from 'log4js';
import { HttpProxyAgent } from 'http-proxy-agent';
@@ -13,7 +13,7 @@ export class HttpError extends Error {
statusText?: string;
code?: string;
request?: { baseURL: string; url: string; method: string; params?: any; data?: any };
response?: { data: any };
response?: { data: any; headers: AxiosHeaders };
cause?: any;
constructor(error: any) {
if (!error) {
@@ -55,6 +55,7 @@ export class HttpError extends Error {
this.response = {
data: error.response?.data,
headers: error.response?.headers,
};
const { stack, cause } = error;
@@ -156,13 +157,13 @@ export function createAxiosService({ logger }: { logger: Logger }) {
error.message = '请求错误';
break;
case 401:
error.message = '未授权,请登录';
error.message = '认证/登录失败';
break;
case 403:
error.message = '拒绝访问';
break;
case 404:
error.message = `请求地址出错: ${error.response.config.url}`;
error.message = `请求地址出错`;
break;
case 408:
error.message = '请求超时';
@@ -216,6 +217,7 @@ export type HttpRequestConfig<D = any> = {
logParams?: boolean;
logRes?: boolean;
httpProxy?: string;
returnResponse?: boolean;
} & AxiosRequestConfig<D>;
export type HttpClient = {
request<D = any, R = any>(config: HttpRequestConfig<D>): Promise<HttpClientResponse<R>>;

62
packages/core/pipeline/CHANGELOG.md
View File

@@ -3,6 +3,68 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
### Bug Fixes
* 修复tg消息内容中存在.和*就会发送失败的bug ([ae5dfc3](https://github.com/certd/certd/commit/ae5dfc3bee950267123ae2fbd1c11e7ce36626ea))
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
### Performance Improvements
* 证书仓库 ([91e7f45](https://github.com/certd/certd/commit/91e7f45a1c5ea1e0ec0aa3236b80028f03a6d0aa))
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/pipeline
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/pipeline
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
### Performance Improvements
* 支持http校验方式申请证书 ([405591c](https://github.com/certd/certd/commit/405591c5d08fa1a3b228ee3980199e7731cfec4a))
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/pipeline
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
### Performance Improvements
* 用户创建证书流水线没有购买套餐或者超限时提前报错 ([472f06c](https://github.com/certd/certd/commit/472f06c2d190d0ae48e8b53c18bc278437656a1c))
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
### Features
* 套餐购买支持易支付、支付宝支付 ([faa28f8](https://github.com/certd/certd/commit/faa28f88f954cba4c1dd29125562e5acd2fd99af))
* 支持微信支付 ([45d6347](https://github.com/certd/certd/commit/45d6347f5b6199493b11aabdd74177f6dca2cea4))
### Performance Improvements
* 同一时间只允许一个套餐生效 ([8ebf95a](https://github.com/certd/certd/commit/8ebf95a222a900d1707716c7b1f3b39f8a6d8f94))
* 优化证书申请跳过的状态显示,成功通知现在在跳过时不会发送 ([67d762b](https://github.com/certd/certd/commit/67d762b6a520f1fa24719a124e5ae975a81f5f82))
* 支持plesk网站证书部署 ([eda45c1](https://github.com/certd/certd/commit/eda45c1528199648b3970505e87f492d398226cd))
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
### Bug Fixes
* 修复证书成功通知发送失败的bug ([0f5c690](https://github.com/certd/certd/commit/0f5c69040ba77340c909813220a26bc7ddada3ea))
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
### Performance Improvements
* 通知标题优化 ([ff083ce](https://github.com/certd/certd/commit/ff083ce6848a8bee3c8248e4b881086ae1517c28))
* 支持aws cloudfront ([0ae39f1](https://github.com/certd/certd/commit/0ae39f160a7c6b6696b3bf513d68aa28905810ad))
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/pipeline

8
packages/core/pipeline/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@certd/pipeline",
"private": false,
"version": "1.28.2",
"version": "1.30.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -16,8 +16,8 @@
"test": "mocha --loader=ts-node/esm"
},
"dependencies": {
"@certd/basic": "^1.28.2",
"@certd/plus-core": "^1.28.2",
"@certd/basic": "^1.30.1",
"@certd/plus-core": "^1.30.1",
"dayjs": "^1.11.7",
"lodash-es": "^4.17.21",
"reflect-metadata": "^0.1.13"
@@ -43,5 +43,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

96
packages/core/pipeline/src/core/executor.ts
View File

@@ -10,7 +10,9 @@ import { Decorator } from "../decorator/index.js";
import { ICnameProxyService, IEmailService, IPluginConfigService, IUrlService } from "../service/index.js";
import { FileStore } from "./file-store.js";
import { cloneDeep, forEach, merge } from "lodash-es";
import { INotificationService, NotificationBody, NotificationContext, notificationRegistry } from "../notification/index.js";
import { INotificationService } from "../notification/index.js";
import { taskEmitterCreate } from "../service/emit.js";
export type SysInfo = {
//系统标题
title?: string;
@@ -91,20 +93,30 @@ export class Executor {
await this.onChanged(this.runtime);
}, 5000);
await this.runWithHistory(this.pipeline, "pipeline", async () => {
const result = await this.runWithHistory(this.pipeline, "pipeline", async () => {
return await this.runStages(this.pipeline);
});
if (this.lastRuntime && this.lastRuntime.pipeline.status?.status === ResultType.error) {
await this.notification("turnToSuccess");
if (result === ResultType.success) {
if (this.lastRuntime && this.lastRuntime.pipeline.status?.status === ResultType.error) {
await this.notification("turnToSuccess");
} else {
await this.notification("success");
}
}
await this.notification("success");
return result;
} catch (e: any) {
await this.notification("error", e);
this.logger.error("pipeline 执行失败", e);
} finally {
clearInterval(intervalFlushLogId);
await this.onChanged(this.runtime);
await this.pipelineContext.setObj("lastRuntime", this.runtime);
//保存之前移除logs
const lastRuntime: any = {
...this.runtime,
};
delete lastRuntime.logs;
delete lastRuntime._loggers;
await this.pipelineContext.setObj("lastRuntime", lastRuntime);
this.logger.info(`pipeline.${this.pipeline.id} end`);
}
}
@@ -331,11 +343,15 @@ export class Executor {
signal: this.abort.signal,
utils,
user: this.options.user,
emitter: taskEmitterCreate({
step,
pipeline: this.pipeline,
}),
};
instance.setCtx(taskCtx);
await instance.onInstance();
await instance.execute();
const result = await instance.execute();
//执行结果处理
if (instance._result.clearLastStatus) {
//是否需要清除所有状态
@@ -363,6 +379,8 @@ export class Executor {
merge(vars, instance._result.pipelinePrivateVars);
await this.pipelineContext.setObj("privateVars", vars);
}
return result;
}
async notification(when: NotificationWhen, error?: any) {
@@ -373,19 +391,18 @@ export class Executor {
let subject = "";
let content = "";
const errorMessage = error?.message;
const sysTitle = this.options.sysInfo?.title || "Certd";
if (when === "start") {
subject = `${sysTitle}开始执行,${this.pipeline.title}${this.pipeline.id}`;
subject = `开始执行,${this.pipeline.title}${this.pipeline.id}`;
content = `流水线ID:${this.pipeline.id}运行ID:${this.runtime.id}`;
} else if (when === "success") {
subject = `${sysTitle}执行成功,${this.pipeline.title}${this.pipeline.id}`;
subject = `执行成功,${this.pipeline.title}${this.pipeline.id}`;
content = `流水线ID:${this.pipeline.id}运行ID:${this.runtime.id}`;
} else if (when === "turnToSuccess") {
subject = `${sysTitle}执行成功(失败转成功),${this.pipeline.title}${this.pipeline.id}`;
subject = `执行成功(失败转成功),${this.pipeline.title}${this.pipeline.id}`;
content = `流水线ID:${this.pipeline.id}运行ID:${this.runtime.id}`;
} else if (when === "error") {
subject = `${sysTitle}执行失败,${this.pipeline.title}${this.pipeline.id}`;
content = `流水线ID:${this.pipeline.id}运行ID:${this.runtime.id}\n错误详情:${error.message}`;
subject = `执行失败,${this.pipeline.title}${this.pipeline.id}`;
content = `流水线ID:${this.pipeline.id}运行ID:${this.runtime.id}\n\n${this.currentStatusMap?.currentStep?.title} 执行失败\n\n错误详情:${error.message}`;
} else {
return;
}
@@ -407,43 +424,24 @@ export class Executor {
}
} else {
try {
//构建notification插件发送通知
let notifyConfig: any;
if (notification.notificationId === 0) {
notifyConfig = await this.options.notificationService.getDefault();
} else {
notifyConfig = await this.options.notificationService.getById(notification.notificationId);
}
if (notifyConfig == null) {
throw new Error(`通知配置<id:${notification.notificationId}>不存在`);
}
const notificationPlugin = notificationRegistry.get(notifyConfig.type);
const notificationCls: any = notificationPlugin.target;
const notificationSender = new notificationCls();
const notificationCtx: NotificationContext = {
http: utils.http,
logger,
utils,
emailService: this.options.emailService,
};
//设置参数
merge(notificationSender, notifyConfig.setting);
notificationSender.setCtx(notificationCtx);
await notificationSender.onInstance();
const body: NotificationBody = {
title: subject,
content,
userId: this.pipeline.userId,
pipeline: this.pipeline,
result: this.lastRuntime.pipeline.status,
pipelineId: this.pipeline.id,
historyId: this.runtime.id,
errorMessage,
url,
};
//发送通知
await notificationSender.send(body);
await this.options.notificationService.send({
id: notification.notificationId,
useDefault: true,
useEmail: false,
logger: this.logger,
body: {
title: subject,
content,
userId: this.pipeline.userId,
pipeline: this.pipeline,
result: this.lastRuntime?.pipeline?.status,
pipelineId: this.pipeline.id,
historyId: this.runtime.id,
errorMessage,
url,
},
});
} catch (e) {
logger.error("send notification error", e);
}

21
packages/core/pipeline/src/core/run-history.ts
View File

@@ -134,6 +134,7 @@ export class RunHistory {
export class RunnableCollection {
private collection: RunnableMap = {};
private pipeline!: Pipeline;
currentStep!: Step;
constructor(pipeline?: Pipeline) {
if (!pipeline) {
return;
@@ -143,6 +144,23 @@ export class RunnableCollection {
this.collection = map;
}
static initPipelineRunnableType(pipeline: Pipeline) {
pipeline.runnableType = "pipeline";
if (pipeline.stages === undefined) {
pipeline.stages = [];
return;
}
pipeline.stages.forEach((stage) => {
stage.runnableType = "stage";
stage.tasks.forEach((task) => {
task.runnableType = "task";
task.steps.forEach((step) => {
step.runnableType = "step";
});
});
});
}
static each<T extends Runnable>(list: T[], exec: (item: Runnable) => void) {
list.forEach((item) => {
exec(item);
@@ -193,5 +211,8 @@ export class RunnableCollection {
add(runnable: Runnable) {
this.collection[runnable.id] = runnable;
if (runnable.runnableType === "step") {
this.currentStep = runnable as Step;
}
}
}

15
packages/core/pipeline/src/notification/api.ts
View File

@@ -48,9 +48,18 @@ export type NotificationInstanceConfig = {
};
};
export type NotificationSendReq = {
id?: number;
useDefault?: boolean;
useEmail?: boolean;
emailAddress?: string;
logger: ILogger;
body: NotificationBody;
};
export interface INotificationService {
getById(id: number): Promise<NotificationInstanceConfig>;
getDefault(): Promise<NotificationInstanceConfig>;
send(req: NotificationSendReq): Promise<void>;
}
export interface INotification {
@@ -112,11 +121,11 @@ export abstract class BaseNotification implements INotification {
async onTestRequest() {
await this.doSend({
userId: 0,
title: "【Certd】测试通知标题长度测试、测试、测试",
content: "测试通知",
title: "【Certd】测试通知【*.foo.com】,标题长度测试、测试、测试",
content: "测试通知,*.foo.com",
pipeline: {
id: 1,
title: "测试流水线",
title: "证书申请成功【测试流水线",
} as any,
pipelineId: 1,
historyId: 1,

9
packages/core/pipeline/src/notification/decorator.ts
View File

@@ -1,9 +1,9 @@
// src/decorator/memoryCache.decorator.ts
import { Decorator } from "../decorator/index.js";
import * as _ from "lodash-es";
import { merge } from "lodash-es";
import { notificationRegistry } from "./registry.js";
import { BaseNotification, NotificationBody, NotificationContext, NotificationDefine, NotificationInputDefine, NotificationInstanceConfig } from "./api.js";
import { isPlus } from "@certd/plus-core";
// 提供一个唯一 key
export const NOTIFICATION_CLASS_KEY = "pipeline:notification";
@@ -47,9 +47,7 @@ export async function newNotification(type: string, input: any, ctx: Notificatio
// @ts-ignore
const plugin = new register.target();
for (const key in input) {
plugin[key] = input[key];
}
merge(plugin, input);
if (!ctx) {
throw new Error("ctx is required");
}
@@ -61,8 +59,5 @@ export async function newNotification(type: string, input: any, ctx: Notificatio
export async function sendNotification(opts: { config: NotificationInstanceConfig; ctx: NotificationContext; body: NotificationBody }) {
const notification: BaseNotification = await newNotification(opts.config.type, opts.config.setting, opts.ctx);
if (notification.define.needPlus && !isPlus()) {
opts.body.content = `${opts.body.content}\n\n注意此通知渠道已调整为专业版功能后续版本将不再支持发送请尽快修改或升级为专业版`;
}
await notification.doSend(opts.body);
}

11
packages/core/pipeline/src/plugin/api.ts
View File

@@ -7,9 +7,10 @@ import { CancelError, IContext, RunHistory, RunnableCollection } from "../core/i
import { HttpRequestConfig, ILogger, logger, utils } from "@certd/basic";
import { HttpClient } from "@certd/basic";
import dayjs from "dayjs";
import { IPluginConfigService } from "../service/config";
import { IPluginConfigService } from "../service/config.js";
import { upperFirst } from "lodash-es";
import { INotificationService } from "../notification";
import { INotificationService } from "../notification/index.js";
import { TaskEmitter } from "../service/emit.js";
export type PluginRequestHandleReq<T = any> = {
typeName: string;
@@ -59,7 +60,7 @@ export type PluginDefine = Registrable & {
export type ITaskPlugin = {
onInstance(): Promise<void>;
execute(): Promise<void>;
execute(): Promise<void | string>;
onRequest(req: PluginRequestHandleReq<any>): Promise<any>;
[key: string]: any;
};
@@ -111,6 +112,8 @@ export type TaskInstanceContext = {
utils: typeof utils;
//用户信息
user: UserInfo;
emitter: TaskEmitter;
};
export abstract class AbstractTaskPlugin implements ITaskPlugin {
@@ -184,7 +187,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
return;
}
abstract execute(): Promise<void>;
abstract execute(): Promise<void | string>;
appendTimeSuffix(name?: string) {
if (name == null) {

9
packages/core/pipeline/src/plugin/group.ts
View File

@@ -21,8 +21,9 @@ export const pluginGroups = {
huawei: new PluginGroup("huawei", "华为云", 3),
tencent: new PluginGroup("tencent", "腾讯云", 4),
qiniu: new PluginGroup("qiniu", "七牛云", 5),
host: new PluginGroup("host", "主机", 6),
cdn: new PluginGroup("cdn", "CDN", 7),
panel: new PluginGroup("panel", "面板", 8),
other: new PluginGroup("other", "其他", 9),
aws: new PluginGroup("aws", "亚马逊云", 6),
host: new PluginGroup("host", "主机", 7),
cdn: new PluginGroup("cdn", "CDN", 8),
panel: new PluginGroup("panel", "面板", 9),
other: new PluginGroup("other", "其他", 10),
};

1
packages/core/pipeline/src/service/cname.ts
View File

@@ -18,6 +18,7 @@ export type CnameRecord = {
status: string;
commonDnsProvider?: any;
};
export type ICnameProxyService = {
getByDomain: (domain: string) => Promise<CnameRecord>;
};

68
packages/core/pipeline/src/service/emit.ts Normal file
View File

@@ -0,0 +1,68 @@
import { logger } from "@certd/basic";
import { Pipeline, Runnable } from "../dt";
export type PipelineEventListener = (...args: any[]) => Promise<void>;
export type PipelineEvent<T> = {
pipeline: Pipeline;
step: Runnable;
event: T;
};
export class PipelineEmitter {
events: Record<string, PipelineEventListener[]>;
constructor() {
this.events = {};
}
on(event: string, listener: PipelineEventListener) {
if (!this.events[event]) {
this.events[event] = [];
}
this.events[event].push(listener);
}
async emit<T>(name: string, event: PipelineEvent<T>) {
const listeners = this.events[name];
if (listeners) {
for (const listener of listeners) {
try {
await listener(event);
} catch (e) {
logger.error(`事件<${name}>监听器执行失败:`, e);
}
}
}
}
off(event: string, listener: PipelineEventListener) {
if (this.events[event]) {
this.events[event] = this.events[event].filter((l) => l !== listener);
}
}
once(event: string, listener: PipelineEventListener) {
const onceListener = async (...args: any[]) => {
this.off(event, onceListener);
await listener(...args);
};
this.on(event, onceListener);
}
}
export const pipelineEmitter = new PipelineEmitter();
export type TaskEmitterCreateReq = {
step: Runnable;
pipeline: Pipeline;
};
export type TaskEmitter = {
emit: <T>(name: string, event: T) => Promise<void>;
};
export function taskEmitterCreate(req: TaskEmitterCreateReq) {
return {
emit: async <T>(name: string, event: T) => {
await pipelineEmitter.emit(name, {
pipeline: req.pipeline,
step: req.step,
event,
});
},
} as TaskEmitter;
}

1
packages/core/pipeline/src/service/index.ts
View File

@@ -2,3 +2,4 @@ export * from "./email.js";
export * from "./cname.js";
export * from "./config.js";
export * from "./url.js";
export * from "./emit.js";

40
packages/libs/lib-huawei/CHANGELOG.md
View File

@@ -3,6 +3,46 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
**Note:** Version bump only for package @certd/lib-huawei
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
**Note:** Version bump only for package @certd/lib-huawei
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/lib-huawei
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/lib-huawei
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
**Note:** Version bump only for package @certd/lib-huawei
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/lib-huawei
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
**Note:** Version bump only for package @certd/lib-huawei
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
**Note:** Version bump only for package @certd/lib-huawei
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/lib-huawei
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
**Note:** Version bump only for package @certd/lib-huawei
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/lib-huawei

4
packages/libs/lib-huawei/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@certd/lib-huawei",
"private": false,
"version": "1.28.2",
"version": "1.30.1",
"main": "./dist/bundle.js",
"module": "./dist/bundle.js",
"types": "./dist/d/index.d.ts",
@@ -21,5 +21,5 @@
"prettier": "^2.8.8",
"tslib": "^2.8.1"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

40
packages/libs/lib-iframe/CHANGELOG.md
View File

@@ -3,6 +3,46 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
**Note:** Version bump only for package @certd/lib-iframe
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
**Note:** Version bump only for package @certd/lib-iframe
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/lib-iframe
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/lib-iframe
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
**Note:** Version bump only for package @certd/lib-iframe
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/lib-iframe
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
**Note:** Version bump only for package @certd/lib-iframe
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
**Note:** Version bump only for package @certd/lib-iframe
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/lib-iframe
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
**Note:** Version bump only for package @certd/lib-iframe
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/lib-iframe

4
packages/libs/lib-iframe/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@certd/lib-iframe",
"private": false,
"version": "1.28.2",
"version": "1.30.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -30,5 +30,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

40
packages/libs/lib-k8s/CHANGELOG.md
View File

@@ -3,6 +3,46 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
**Note:** Version bump only for package @certd/lib-k8s
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
**Note:** Version bump only for package @certd/lib-k8s
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/lib-k8s
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/lib-k8s
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
**Note:** Version bump only for package @certd/lib-k8s
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/lib-k8s
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
**Note:** Version bump only for package @certd/lib-k8s
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
**Note:** Version bump only for package @certd/lib-k8s
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/lib-k8s
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
**Note:** Version bump only for package @certd/lib-k8s
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/lib-k8s

6
packages/libs/lib-k8s/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@certd/lib-k8s",
"private": false,
"version": "1.28.2",
"version": "1.30.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -16,7 +16,7 @@
"preview": "vite preview"
},
"dependencies": {
"@certd/basic": "^1.28.2",
"@certd/basic": "^1.30.1",
"@kubernetes/client-node": "0.21.0"
},
"devDependencies": {
@@ -31,5 +31,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

52
packages/libs/lib-server/CHANGELOG.md
View File

@@ -3,6 +3,58 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
**Note:** Version bump only for package @certd/lib-server
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
### Features
* 支持open api接口根据域名获取证书 ([52a4fd3](https://github.com/certd/certd/commit/52a4fd33180e9b3f71b8dc9f7671d7cd8e448c3b))
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/lib-server
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/lib-server
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
### Bug Fixes
* 修复系统级授权无法查看密钥的bug ([8644348](https://github.com/certd/certd/commit/8644348fc41ae2e1672f946ca37e5d3a674e0218))
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/lib-server
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
**Note:** Version bump only for package @certd/lib-server
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
### Features
* 基础版不再限制流水线数量 ([cb27d4b](https://github.com/certd/certd/commit/cb27d4b4906b2782eaceb0a95bbdc5d0534370d2))
* 套餐购买支持易支付、支付宝支付 ([faa28f8](https://github.com/certd/certd/commit/faa28f88f954cba4c1dd29125562e5acd2fd99af))
* 用户套餐,用户支付功能 ([a019956](https://github.com/certd/certd/commit/a019956698acaf2c4beb620b5ad8c18918ead6a1))
### Performance Improvements
* 站点证书监控通知发送,每天定时检查 ([bb4910f](https://github.com/certd/certd/commit/bb4910f4e57234e42b44505f4620ae7af66025c5))
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/lib-server
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
**Note:** Version bump only for package @certd/lib-server
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/lib-server

12
packages/libs/lib-server/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@certd/lib-server",
"version": "1.28.2",
"version": "1.30.1",
"description": "midway with flyway, sql upgrade way ",
"private": false,
"type": "module",
@@ -27,10 +27,10 @@
],
"license": "AGPL",
"dependencies": {
"@certd/acme-client": "^1.28.2",
"@certd/basic": "^1.28.2",
"@certd/pipeline": "^1.28.2",
"@certd/plus-core": "^1.28.2",
"@certd/acme-client": "^1.30.1",
"@certd/basic": "^1.30.1",
"@certd/pipeline": "^1.30.1",
"@certd/plus-core": "^1.30.1",
"@midwayjs/cache": "~3.14.0",
"@midwayjs/core": "~3.17.1",
"@midwayjs/i18n": "~3.17.3",
@@ -61,5 +61,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

10
packages/libs/lib-server/src/basic/base-controller.ts
View File

@@ -25,7 +25,7 @@ export abstract class BaseController {
* @param msg
* @param code
*/
fail(msg: string, code: any) {
fail(msg: string, code?: any) {
return {
code: code ? code : Constants.res.error.code,
msg: msg ? msg : Constants.res.error.code,
@@ -39,4 +39,12 @@ export abstract class BaseController {
}
return userId;
}
getLoginUser() {
const user = this.ctx.user;
if (user == null) {
throw new Error('Token已过期');
}
return user;
}
}

11
packages/libs/lib-server/src/basic/base-service.ts
View File

@@ -3,6 +3,7 @@ import { In, Repository, SelectQueryBuilder } from 'typeorm';
import { Inject } from '@midwayjs/core';
import { TypeORMDataSourceManager } from '@midwayjs/typeorm';
import { EntityManager } from 'typeorm/entity-manager/EntityManager.js';
import { FindManyOptions } from 'typeorm';
export type PageReq<T = any> = {
page?: { offset: number; limit: number };
@@ -15,6 +16,7 @@ export type ListReq<T = any> = {
asc: boolean;
};
buildQuery?: (bq: SelectQueryBuilder<any>) => void;
select?: any;
};
/**
@@ -53,7 +55,7 @@ export abstract class BaseService<T> {
* 非分页查询
* @param options
*/
async find(options) {
async find(options: FindManyOptions<T>) {
return await this.getRepository().find(options);
}
@@ -99,7 +101,7 @@ export abstract class BaseService<T> {
* 新增|修改
* @param param 数据
*/
async addOrUpdate(param) {
async addOrUpdate(param: any) {
await this.getRepository().save(param);
}
@@ -107,7 +109,7 @@ export abstract class BaseService<T> {
* 新增
* @param param 数据
*/
async add(param) {
async add(param: any) {
const now = new Date();
param.createTime = now;
param.updateTime = now;
@@ -122,7 +124,7 @@ export abstract class BaseService<T> {
* 修改
* @param param 数据
*/
async update(param) {
async update(param: any) {
if (!param.id) throw new ValidateException('id 不能为空');
param.updateTime = new Date();
await this.addOrUpdate(param);
@@ -148,6 +150,7 @@ export abstract class BaseService<T> {
page.limit = 20;
}
const qb = this.buildListQuery(pageReq);
qb.offset(page.offset).limit(page.limit);
const list = await qb.getMany();
const total = await qb.getCount();

34
packages/libs/lib-server/src/basic/constants.ts
View File

@@ -12,6 +12,8 @@ export const Constants = {
authOnly: '_authOnly_',
//仅需要登录
loginOnly: '_authOnly_',
open: '_open_',
},
res: {
serverError(message: string) {
@@ -36,6 +38,10 @@ export const Constants = {
code: 88,
message: '需要VIP',
},
needsuite: {
code: 89,
message: '需要购买或升级套餐',
},
loginError: {
code: 2,
message: '登录失败',
@@ -64,5 +70,33 @@ export const Constants = {
code: 10001,
message: '对不起,预览环境不允许修改此数据',
},
openKeyError: {
code: 20000,
message: 'ApiToken错误',
},
openKeySignError: {
code: 20001,
message: 'ApiToken签名错误',
},
openKeyExpiresError: {
code: 20002,
message: 'ApiToken时间戳错误',
},
openKeySignTypeError: {
code: 20003,
message: 'ApiToken签名类型不支持',
},
openParamError: {
code: 20010,
message: '请求参数错误',
},
openCertNotFound: {
code: 20011,
message: '证书不存在',
},
openCertNotReady: {
code: 20012,
message: '证书还未生成',
},
},
};

6
packages/libs/lib-server/src/basic/crud-controller.ts
View File

@@ -49,4 +49,10 @@ export abstract class CrudController<T> extends BaseController {
await this.getService().delete([id]);
return this.ok(null);
}
@Post('/deleteByIds')
async deleteByIds(@Body('ids') ids: number[]) {
await this.getService().delete(ids);
return this.ok(null);
}
}

6
packages/libs/lib-server/src/basic/exception/auth-exception.ts
View File

@@ -5,10 +5,6 @@ import { BaseException } from './base-exception.js';
*/
export class AuthException extends BaseException {
constructor(message) {
super(
'AuthException',
Constants.res.auth.code,
message ? message : Constants.res.auth.message
);
super('AuthException', Constants.res.auth.code, message ? message : Constants.res.auth.message);
}
}

4
packages/libs/lib-server/src/basic/exception/base-exception.ts
View File

@@ -2,10 +2,10 @@
* 异常基类
*/
export class BaseException extends Error {
status: number;
code: number;
constructor(name, code, message) {
super(message);
this.name = name;
this.status = code;
this.code = code;
}
}

6
packages/libs/lib-server/src/basic/exception/common-exception.ts
View File

@@ -8,3 +8,9 @@ export class CommonException extends BaseException {
super('CommonException', Constants.res.error.code, message ? message : Constants.res.error.message);
}
}
export class CodeException extends BaseException {
constructor(res: { code: number; message: string }) {
super('CodeException', res.code, res.message);
}
}

6
packages/libs/lib-server/src/basic/exception/vip-exception.ts
View File

@@ -8,3 +8,9 @@ export class NeedVIPException extends BaseException {
super('NeedVIPException', Constants.res.needvip.code, message ? message : Constants.res.needvip.message);
}
}
export class NeedSuiteException extends BaseException {
constructor(message) {
super('NeedSuiteException', Constants.res.needsuite.code, message ? message : Constants.res.needsuite.message);
}
}

2
packages/libs/lib-server/src/basic/result.ts
View File

@@ -9,7 +9,7 @@ export class Result<T> {
}
static error(code = 1, msg) {
return new Result(code, msg, null);
return new Result(code, msg);
}
static success(msg, data?) {

5
packages/libs/lib-server/src/index.ts
View File

@@ -1,7 +1,8 @@
import { SysSettingsEntity } from './system/index.js';
import { AccessEntity } from './user/access/entity/access.js';
export * from './basic/index.js';
export * from './system/index.js';
export * from './user/index.js';
export { LibServerConfiguration as Configuration } from './configuration.js';
export const libServerEntities = [SysSettingsEntity];
export const libServerEntities = [SysSettingsEntity, AccessEntity];

1
packages/libs/lib-server/src/system/basic/index.ts
View File

@@ -1,2 +1,3 @@
export * from './service/plus-service.js';
export * from './service/file-service.js';
export * from './service/encryptor.js';

21
packages/ui/certd-server/src/modules/pipeline/service/encrypt-service.ts → packages/libs/lib-server/src/system/basic/service/encryptor.ts
View File

@@ -1,25 +1,10 @@
import { Init, Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
import crypto from 'crypto';
import { SysSettingsService } from '@certd/lib-server';
import { SysPrivateSettings } from '@certd/lib-server';
/**
*
*/
@Provide()
@Scope(ScopeEnum.Singleton)
export class EncryptService {
export class Encryptor {
secretKey: Buffer;
@Inject()
sysSettingService: SysSettingsService;
@Init()
async init() {
const privateInfo: SysPrivateSettings = await this.sysSettingService.getSetting(SysPrivateSettings);
this.secretKey = Buffer.from(privateInfo.encryptSecret, 'base64');
constructor(encryptSecret: string, encoding: BufferEncoding = 'base64') {
this.secretKey = Buffer.from(encryptSecret, encoding);
}
// 加密函数
encrypt(text: string) {
const iv = crypto.randomBytes(16); // 初始化向量

2
packages/libs/lib-server/src/system/basic/service/file-service.ts
View File

@@ -14,7 +14,7 @@ export const uploadTmpFileCacheKey = 'tmpfile_key_';
/**
*/
@Provide()
@Scope(ScopeEnum.Singleton)
@Scope(ScopeEnum.Request, { allowDowngrade: true })
export class FileService {
async saveFile(userId: number, tmpCacheKey: any, permission: 'public' | 'private') {
if (tmpCacheKey.startsWith(`/${permission}`)) {

2
packages/libs/lib-server/src/system/basic/service/plus-service.ts
View File

@@ -5,7 +5,7 @@ import { SysInstallInfo, SysLicenseInfo, SysSettingsService } from '../../settin
import { merge } from 'lodash-es';
@Provide()
@Scope(ScopeEnum.Singleton)
@Scope(ScopeEnum.Request, { allowDowngrade: true })
export class PlusService {
@Inject()
sysSettingsService: SysSettingsService;

43
packages/libs/lib-server/src/system/settings/service/models.ts
View File

@@ -112,6 +112,17 @@ export class SysSecretBackup extends BaseSettings {
encryptSecret?: string;
}
/**
* 不要修改
*/
export class SysSecret extends BaseSettings {
static __title__ = '密钥信息';
static __key__ = 'sys.secret';
static __access__ = 'private';
siteId?: string;
encryptSecret?: string;
}
export class SysSiteEnv {
agent?: {
enabled?: boolean;
@@ -136,3 +147,35 @@ export class SysHeaderMenus extends BaseSettings {
menus: MenuItem[];
}
export type PaymentItem = {
enabled: boolean;
accessId?: number;
};
export class SysPaymentSetting extends BaseSettings {
static __title__ = '支付设置';
static __key__ = 'sys.payment';
static __access__ = 'private';
yizhifu?: PaymentItem = { enabled: false };
alipay?: PaymentItem = { enabled: false };
wxpay?: PaymentItem = { enabled: false };
}
export class SysSuiteSetting extends BaseSettings {
static __title__ = '套餐设置';
static __key__ = 'sys.suite';
static __access__ = 'private';
enabled = false;
registerGift?: {
productId: number;
duration: number;
};
intro?: string;
}

41
packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts
View File

@@ -1,13 +1,13 @@
import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
import { InjectEntityModel } from '@midwayjs/typeorm';
import { Repository } from 'typeorm';
import { SysSettingsEntity } from '../entity/sys-settings.js';
import { CacheManager } from '@midwayjs/cache';
import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecretBackup } from './models.js';
import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecret, SysSecretBackup } from './models.js';
import * as _ from 'lodash-es';
import { BaseService } from '../../../basic/index.js';
import { logger, setGlobalProxy } from '@certd/basic';
import { cache, logger, setGlobalProxy } from '@certd/basic';
import * as dns from 'node:dns';
/**
* 设置
*/
@@ -17,9 +17,6 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
@InjectEntityModel(SysSettingsEntity)
repository: Repository<SysSettingsEntity>;
@Inject()
cache: CacheManager; // 依赖注入CacheManager
getRepository() {
return this.repository;
}
@@ -72,7 +69,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
async getSetting<T>(type: any): Promise<T> {
const key = type.__key__;
const cacheKey = type.getCacheKey();
const settings: T = await this.cache.get(cacheKey);
const settings: T = cache.get(cacheKey);
if (settings) {
return settings;
}
@@ -80,7 +77,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
const savedSettings = await this.getSettingByKey(key);
newSetting = _.merge(newSetting, savedSettings);
await this.saveSetting(newSetting);
await this.cache.set(cacheKey, newSetting);
cache.set(cacheKey, newSetting);
return newSetting;
}
@@ -93,6 +90,12 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
if (entity) {
entity.setting = JSON.stringify(bean);
entity.access = type.__access__;
if (key === SysSecretBackup.__key__) {
//备份密钥不允许更新
return;
}
await this.repository.save(entity);
} else {
const newEntity = new SysSettingsEntity();
@@ -103,7 +106,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
await this.repository.save(newEntity);
}
await this.cache.set(cacheKey, bean);
cache.set(cacheKey, bean);
}
async getPublicSettings(): Promise<SysPublicSettings> {
@@ -146,7 +149,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
} else {
throw new Error('该设置不存在');
}
await this.cache.del(`settings.${key}`);
cache.delete(`settings.${key}`);
}
async backupSecret() {
@@ -173,4 +176,20 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
}
}
}
async getSecret() {
const sysSecret = await this.getSetting<SysSecret>(SysSecret);
if (sysSecret.encryptSecret) {
return sysSecret;
}
//从备份中读取
const settings = await this.getSettingByKey(SysSecretBackup.__key__);
if (settings == null || !settings.encryptSecret) {
throw new Error('密钥备份不存在');
}
sysSecret.siteId = settings.siteId;
sysSecret.encryptSecret = settings.encryptSecret;
await this.saveSetting(sysSecret);
logger.info('密钥恢复成功');
return sysSecret;
}
}

0
packages/ui/certd-server/src/modules/pipeline/entity/access.ts → packages/libs/lib-server/src/user/access/entity/access.ts
View File

5
packages/libs/lib-server/src/user/access/index.ts Normal file
View File

@@ -0,0 +1,5 @@
export * from './entity/access.js';
export * from './service/access-service.js';
export * from './service/access-sys-getter.js';
export * from './service/access-getter.js';
export * from './service/encrypt-service.js';

0
packages/ui/certd-server/src/modules/pipeline/service/access-getter.ts → packages/libs/lib-server/src/user/access/service/access-getter.ts
View File

5
packages/ui/certd-server/src/modules/pipeline/service/access-service.ts → packages/libs/lib-server/src/user/access/service/access-service.ts
View File

@@ -1,7 +1,7 @@
import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
import { InjectEntityModel } from '@midwayjs/typeorm';
import { Repository } from 'typeorm';
import { BaseService, PageReq, PermissionException, ValidateException } from '@certd/lib-server';
import { BaseService, PageReq, PermissionException, ValidateException } from '../../../index.js';
import { AccessEntity } from '../entity/access.js';
import { AccessDefine, accessRegistry, newAccess } from '@certd/pipeline';
import { EncryptService } from './encrypt-service.js';
@@ -10,7 +10,7 @@ import { EncryptService } from './encrypt-service.js';
*
*/
@Provide()
@Scope(ScopeEnum.Singleton)
@Scope(ScopeEnum.Request, { allowDowngrade: true })
export class AccessService extends BaseService<AccessEntity> {
@InjectEntityModel(AccessEntity)
repository: Repository<AccessEntity>;
@@ -18,6 +18,7 @@ export class AccessService extends BaseService<AccessEntity> {
@Inject()
encryptService: EncryptService;
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
//@ts-ignore
getRepository() {
return this.repository;

0
packages/ui/certd-server/src/modules/pipeline/service/access-sys-getter.ts → packages/libs/lib-server/src/user/access/service/access-sys-getter.ts
View File

30
packages/libs/lib-server/src/user/access/service/encrypt-service.ts Normal file
View File

@@ -0,0 +1,30 @@
import { Init, Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
import { Encryptor, SysSecret, SysSettingsService } from '../../../system/index.js';
/**
* 授权
*/
@Provide()
@Scope(ScopeEnum.Singleton)
export class EncryptService {
encryptor: Encryptor;
@Inject()
sysSettingService: SysSettingsService;
@Init()
async init() {
const secret: SysSecret = await this.sysSettingService.getSecret();
this.encryptor = new Encryptor(secret.encryptSecret);
}
// 加密函数
encrypt(text: string) {
return this.encryptor.encrypt(text);
}
// 解密函数
decrypt(encryptedText: string) {
return this.encryptor.decrypt(encryptedText);
}
}

1
packages/libs/lib-server/src/user/index.ts Normal file
View File

@@ -0,0 +1 @@
export * from './access/index.js';

40
packages/libs/midway-flyway-js/CHANGELOG.md
View File

@@ -3,6 +3,46 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
**Note:** Version bump only for package @certd/midway-flyway-js
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
**Note:** Version bump only for package @certd/midway-flyway-js
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/midway-flyway-js

4
packages/libs/midway-flyway-js/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@certd/midway-flyway-js",
"version": "1.28.2",
"version": "1.30.1",
"description": "midway with flyway, sql upgrade way ",
"private": false,
"type": "module",
@@ -46,5 +46,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

69
packages/plugins/plugin-cert/CHANGELOG.md
View File

@@ -3,6 +3,75 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.30.1](https://github.com/certd/certd/compare/v1.30.0...v1.30.1) (2025-01-20)
### Performance Improvements
* http方式校验选择sftp时支持修改文件访问权限比如777 ([15d6eaf](https://github.com/certd/certd/commit/15d6eaf5532ed25acd4f8d58c429353a2f44206c))
# [1.30.0](https://github.com/certd/certd/compare/v1.29.5...v1.30.0) (2025-01-19)
### Bug Fixes
* 修复namesilo ttl太短的问题 ([865f26d](https://github.com/certd/certd/commit/865f26d75c0d3dd4dc8b41448f8830068e45957c))
### Performance Improvements
* 证书仓库 ([91e7f45](https://github.com/certd/certd/commit/91e7f45a1c5ea1e0ec0aa3236b80028f03a6d0aa))
## [1.29.5](https://github.com/certd/certd/compare/v1.29.4...v1.29.5) (2025-01-07)
### Bug Fixes
* 修复复制到本机插件pfx格式复制时报错的bug ([f57116d](https://github.com/certd/certd/commit/f57116d2bebf33e47ad93e0b39c4efe8e4aea25c))
## [1.29.4](https://github.com/certd/certd/compare/v1.29.3...v1.29.4) (2025-01-06)
**Note:** Version bump only for package @certd/plugin-cert
## [1.29.3](https://github.com/certd/certd/compare/v1.29.2...v1.29.3) (2025-01-04)
### Performance Improvements
* 优化acme sdk ([54db744](https://github.com/certd/certd/commit/54db74428259de64d12230c2ab7353ae11197bbc))
* 支持http校验方式申请证书 ([405591c](https://github.com/certd/certd/commit/405591c5d08fa1a3b228ee3980199e7731cfec4a))
* http校验方式支持七牛云oss、阿里云oss、腾讯云cos ([3f74d4d](https://github.com/certd/certd/commit/3f74d4d9e5f5d0e629b44cff1895b3f7a8fbcafc))
## [1.29.2](https://github.com/certd/certd/compare/v1.29.1...v1.29.2) (2024-12-25)
**Note:** Version bump only for package @certd/plugin-cert
## [1.29.1](https://github.com/certd/certd/compare/v1.29.0...v1.29.1) (2024-12-25)
**Note:** Version bump only for package @certd/plugin-cert
# [1.29.0](https://github.com/certd/certd/compare/v1.28.4...v1.29.0) (2024-12-24)
### Bug Fixes
* 修复左侧菜单收起时无法展开子菜单的bug ([0056223](https://github.com/certd/certd/commit/005622307e612717a5408aa1484717ef03003a22))
### Performance Improvements
* 调整创建证书表单字段的顺序 ([d393521](https://github.com/certd/certd/commit/d3935219f2aa50d6662c5b5ebf7ee25ad696ab2b))
* 优化证书申请跳过的状态显示,成功通知现在在跳过时不会发送 ([67d762b](https://github.com/certd/certd/commit/67d762b6a520f1fa24719a124e5ae975a81f5f82))
* 站点证书监控通知发送,每天定时检查 ([bb4910f](https://github.com/certd/certd/commit/bb4910f4e57234e42b44505f4620ae7af66025c5))
* 支持一体证书 ([53c38cf](https://github.com/certd/certd/commit/53c38cf714a6f7486abbf1d71c9f48f56a790100))
## [1.28.4](https://github.com/certd/certd/compare/v1.28.3...v1.28.4) (2024-12-12)
**Note:** Version bump only for package @certd/plugin-cert
## [1.28.3](https://github.com/certd/certd/compare/v1.28.2...v1.28.3) (2024-12-12)
### Bug Fixes
* 修复没有配置eab时报order无法读取的问题 ([657a2ae](https://github.com/certd/certd/commit/657a2ae032e6f61ac27fbdd26c7bf169c041219e))
### Performance Improvements
* 通知标题优化 ([ff083ce](https://github.com/certd/certd/commit/ff083ce6848a8bee3c8248e4b881086ae1517c28))
## [1.28.2](https://github.com/certd/certd/compare/v1.28.1...v1.28.2) (2024-12-09)
**Note:** Version bump only for package @certd/plugin-cert

11
packages/plugins/plugin-cert/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@certd/plugin-cert",
"private": false,
"version": "1.28.2",
"version": "1.30.1",
"type": "module",
"main": "./dist/index.js",
"types": "./dist/index.d.ts",
@@ -15,9 +15,10 @@
"preview": "vite preview"
},
"dependencies": {
"@certd/acme-client": "^1.28.2",
"@certd/basic": "^1.28.2",
"@certd/pipeline": "^1.28.2",
"@certd/acme-client": "^1.30.1",
"@certd/basic": "^1.30.1",
"@certd/pipeline": "^1.30.1",
"@certd/plugin-lib": "^1.30.1",
"@google-cloud/publicca": "^1.3.0",
"dayjs": "^1.11.7",
"jszip": "^3.10.1",
@@ -40,5 +41,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "a6cd532035f55a7ce122ea1229bb65f9d41e7125"
"gitHead": "9a78dad57619e02d1390cf5a013695a2aaf20e64"
}

191
packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
View File

@@ -6,31 +6,47 @@ import { Challenge } from "@certd/acme-client/types/rfc8555";
import { IContext } from "@certd/pipeline";
import { ILogger, utils } from "@certd/basic";
import { IDnsProvider, parseDomain } from "../../dns-provider/index.js";
import { HttpChallengeUploader } from "./uploads/api.js";
export type CnameVerifyPlan = {
type?: string;
domain: string;
fullRecord: string;
dnsProvider: IDnsProvider;
};
export type HttpVerifyPlan = {
type: string;
domain: string;
httpUploader: HttpChallengeUploader;
};
export type DomainVerifyPlan = {
domain: string;
type: "cname" | "dns";
type: "cname" | "dns" | "http";
dnsProvider?: IDnsProvider;
cnameVerifyPlan?: Record<string, CnameVerifyPlan>;
httpVerifyPlan?: Record<string, HttpVerifyPlan>;
};
export type DomainsVerifyPlan = {
[key: string]: DomainVerifyPlan;
};
export type Providers = {
dnsProvider?: IDnsProvider;
domainsVerifyPlan?: DomainsVerifyPlan;
httpUploader?: HttpChallengeUploader;
};
export type CertInfo = {
crt: string;
key: string;
csr: string;
ic?: string;
crt: string; //fullchain证书
key: string; //私钥
csr: string; //csr
oc?: string; //仅证书非fullchain证书
ic?: string; //中间证书
pfx?: string;
der?: string;
jks?: string;
one?: string;
};
export type SSLProvider = "letsencrypt" | "google" | "zerossl";
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
@@ -153,58 +169,37 @@ export class AcmeService {
return key.toString();
}
async challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, dnsProvider: IDnsProvider, domainsVerifyPlan: DomainsVerifyPlan) {
async challengeCreateFn(authz: any, keyAuthorizationGetter: (challenge: Challenge) => Promise<string>, providers: Providers) {
this.logger.info("Triggered challengeCreateFn()");
/* http-01 */
const fullDomain = authz.identifier.value;
if (challenge.type === "http-01") {
const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
let domain = parseDomain(fullDomain);
this.logger.info("主域名为:" + domain);
const getChallenge = (type: string) => {
return authz.challenges.find((c: any) => c.type === type);
};
const doHttpVerify = async (challenge: any, httpUploader: HttpChallengeUploader) => {
const keyAuthorization = await keyAuthorizationGetter(challenge);
this.logger.info("http校验");
const filePath = `.well-known/acme-challenge/${challenge.token}`;
const fileContents = keyAuthorization;
this.logger.info(`校验 ${fullDomain} ,准备上传文件:${filePath}`);
await httpUploader.upload(filePath, Buffer.from(fileContents));
this.logger.info(`上传文件【${filePath}】成功`);
return {
challenge,
keyAuthorization,
httpUploader,
};
};
this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);
const doDnsVerify = async (challenge: any, fullRecord: string, dnsProvider: IDnsProvider) => {
this.logger.info("dns校验");
const keyAuthorization = await keyAuthorizationGetter(challenge);
/* Replace this */
this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
// await fs.writeFileAsync(filePath, fileContents);
} else if (challenge.type === "dns-01") {
/* dns-01 */
let fullRecord = `_acme-challenge.${fullDomain}`;
const recordValue = keyAuthorization;
this.logger.info(`Creating TXT record for ${fullDomain}: ${fullRecord}`);
/* Replace this */
this.logger.info(`Would create TXT record "${fullRecord}" with value "${recordValue}"`);
let domain = parseDomain(fullDomain);
this.logger.info("解析到域名domain=" + domain);
if (domainsVerifyPlan) {
//按照计划执行
const domainVerifyPlan = domainsVerifyPlan[domain];
if (domainVerifyPlan) {
if (domainVerifyPlan.type === "dns") {
dnsProvider = domainVerifyPlan.dnsProvider;
} else if (domainVerifyPlan.type === "cname") {
const cnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
if (cnameVerifyPlan) {
const cname = cnameVerifyPlan[fullDomain];
if (cname) {
dnsProvider = cname.dnsProvider;
domain = parseDomain(cname.domain);
fullRecord = cname.fullRecord;
}
} else {
this.logger.error("未找到域名Cname校验计划使用默认的dnsProvider");
}
} else {
this.logger.error("不支持的校验类型", domainVerifyPlan.type);
}
} else {
this.logger.info("未找到域名校验计划使用默认的dnsProvider");
}
}
let hostRecord = fullRecord.replace(`${domain}`, "");
if (hostRecord.endsWith(".")) {
hostRecord = hostRecord.substring(0, hostRecord.length - 1);
@@ -224,8 +219,54 @@ export class AcmeService {
recordReq,
recordRes,
dnsProvider,
challenge,
keyAuthorization,
};
};
let dnsProvider = providers.dnsProvider;
let fullRecord = `_acme-challenge.${fullDomain}`;
if (providers.domainsVerifyPlan) {
//按照计划执行
const domainVerifyPlan = providers.domainsVerifyPlan[domain];
if (domainVerifyPlan) {
if (domainVerifyPlan.type === "dns") {
dnsProvider = domainVerifyPlan.dnsProvider;
} else if (domainVerifyPlan.type === "cname") {
const cnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
if (cnameVerifyPlan) {
const cname = cnameVerifyPlan[fullDomain];
if (cname) {
dnsProvider = cname.dnsProvider;
domain = parseDomain(cname.domain);
fullRecord = cname.fullRecord;
}
} else {
this.logger.error("未找到域名Cname校验计划使用默认的dnsProvider");
}
} else if (domainVerifyPlan.type === "http") {
const httpVerifyPlan = domainVerifyPlan.httpVerifyPlan;
if (httpVerifyPlan) {
const httpChallenge = getChallenge("http-01");
if (httpChallenge == null) {
throw new Error("该域名不支持http-01方式校验");
}
const plan = httpVerifyPlan[fullDomain];
return await doHttpVerify(httpChallenge, plan.httpUploader);
} else {
throw new Error("未找到域名【" + fullDomain + "】的http校验配置");
}
} else {
throw new Error("不支持的校验类型", domainVerifyPlan.type);
}
} else {
this.logger.info("未找到域名校验计划使用默认的dnsProvider");
}
}
const dnsChallenge = getChallenge("dns-01");
return await doDnsVerify(dnsChallenge, fullRecord, dnsProvider);
}
/**
@@ -237,22 +278,28 @@ export class AcmeService {
* @param recordReq
* @param recordRes
* @param dnsProvider dnsProvider
* @param httpUploader
* @returns {Promise}
*/
async challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordReq: any, recordRes: any, dnsProvider: IDnsProvider) {
this.logger.info("Triggered challengeRemoveFn()");
async challengeRemoveFn(
authz: any,
challenge: any,
keyAuthorization: string,
recordReq: any,
recordRes: any,
dnsProvider?: IDnsProvider,
httpUploader?: HttpChallengeUploader
) {
this.logger.info("执行清理");
/* http-01 */
const fullDomain = authz.identifier.value;
if (challenge.type === "http-01") {
const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);
/* Replace this */
this.logger.info(`Would remove file on path "${filePath}"`);
// await fs.unlinkAsync(filePath);
const filePath = `.well-known/acme-challenge/${challenge.token}`;
this.logger.info(`Removing challenge response for ${fullDomain} at file: ${filePath}`);
await httpUploader.remove(filePath);
this.logger.info(`删除文件【${filePath}】成功`);
} else if (challenge.type === "dns-01") {
this.logger.info(`删除 TXT 解析记录:${JSON.stringify(recordReq)} ,recordRes = ${JSON.stringify(recordRes)}`);
try {
@@ -273,11 +320,12 @@ export class AcmeService {
domains: string | string[];
dnsProvider?: any;
domainsVerifyPlan?: DomainsVerifyPlan;
httpUploader?: any;
csrInfo: any;
isTest?: boolean;
privateKeyType?: string;
}): Promise<CertInfo> {
const { email, isTest, domains, csrInfo, dnsProvider, domainsVerifyPlan } = options;
const { email, isTest, domains, csrInfo, dnsProvider, domainsVerifyPlan, httpUploader } = options;
const client: acme.Client = await this.getAcmeClient(email, isTest);
/* Create CSR */
@@ -317,22 +365,27 @@ export class AcmeService {
privateKey
);
if (dnsProvider == null && domainsVerifyPlan == null) {
throw new Error("dnsProvider 、 domainsVerifyPlan 不能都为空");
if (dnsProvider == null && domainsVerifyPlan == null && httpUploader == null) {
throw new Error("dnsProvider 、 domainsVerifyPlan 、 httpUploader不能都为空");
}
const providers: Providers = {
dnsProvider,
domainsVerifyPlan,
httpUploader,
};
/* 自动申请证书 */
const crt = await client.auto({
csr,
email: email,
termsOfServiceAgreed: true,
skipChallengeVerification: this.skipLocalVerify,
challengePriority: ["dns-01"],
challengePriority: ["dns-01", "http-01"],
challengeCreateFn: async (
authz: acme.Authorization,
challenge: Challenge,
keyAuthorization: string
): Promise<{ recordReq: any; recordRes: any; dnsProvider: any }> => {
return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider, domainsVerifyPlan);
keyAuthorizationGetter: (challenge: Challenge) => Promise<string>
): Promise<{ recordReq?: any; recordRes?: any; dnsProvider?: any; challenge: Challenge; keyAuthorization: string }> => {
return await this.challengeCreateFn(authz, keyAuthorizationGetter, providers);
},
challengeRemoveFn: async (
authz: acme.Authorization,
@@ -342,7 +395,7 @@ export class AcmeService {
recordRes: any,
dnsProvider: IDnsProvider
): Promise<any> => {
return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider, httpUploader);
},
signal: this.options.signal,
});

133
packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
View File

@@ -1,4 +1,4 @@
import { AbstractTaskPlugin, IContext, NotificationBody, sendNotification, Step, TaskInput, TaskOutput } from "@certd/pipeline";
import { AbstractTaskPlugin, IContext, NotificationBody, Step, TaskEmitter, TaskInput, TaskOutput } from "@certd/pipeline";
import dayjs from "dayjs";
import type { CertInfo } from "./acme.js";
import { CertReader } from "./cert-reader.js";
@@ -6,8 +6,11 @@ import JSZip from "jszip";
import { CertConverter } from "./convert.js";
import { pick } from "lodash-es";
export { CertReader };
export type { CertInfo };
export const EVENT_CERT_APPLY_SUCCESS = "CertApply.success";
export async function emitCertApplySuccess(emitter: TaskEmitter, cert: CertReader) {
await emitter.emit(EVENT_CERT_APPLY_SUCCESS, cert);
}
export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
@TaskInput({
@@ -17,6 +20,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
vModel: "value",
mode: "tags",
open: false,
placeholder: "foo.com / *.foo.com / *.bar.com",
tokenSeparators: [",", " ", "", "、", "|"],
},
rules: [{ type: "domains" }],
@@ -26,9 +30,9 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
},
order: -999,
helper:
"1、支持通配符域名,例如: *.foo.comfoo.com*.test.handsfree.work\n" +
"2、支持多个域名、多个子域名、多个通配符域名打到一个证书上域名必须是在同一个DNS提供商解析\n" +
"3、多级子域名要分成多个域名输入*.foo.com的证书不能用于xxx.yyy.foo.com、foo.com\n" +
"1、支持多个域名打到一个证书上,例如: foo.com*.foo.com*.bar.com\n" +
"2、子域名被通配符包含的不要填写例如www.foo.com已经被*.foo.com包含不要填写www.foo.com\n" +
"3、泛域名只能通配*号那一级*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com\n" +
"4、输入一个空格之后再输入下一个",
})
domains!: string[];
@@ -54,7 +58,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
},
required: false,
order: 100,
helper: "PFX、jks格式证书是否加密jks必须设置密码不传则默认123456",
helper: "PFX、jks格式证书是否加密\njks必须设置密码不传则默认123456",
})
pfxPassword!: string;
@@ -62,12 +66,17 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
title: "PFX证书转换参数",
value: "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES",
component: {
name: "a-input",
name: "a-auto-complete",
vModel: "value",
options: [
{ value: "", label: "兼容 Windows Server 最新" },
{ value: "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES", label: "兼容 Windows Server 2016" },
{ value: "-nomac -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES", label: "兼容 Windows Server 2008" },
],
},
required: false,
order: 100,
helper: "兼容Server 2016如果导入证书失败请删除此参数",
helper: "兼容Windows Server各个版本",
})
pfxArgs = "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES";
@@ -118,16 +127,19 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
abstract onInit(): Promise<void>;
abstract doCertApply(): Promise<any>;
abstract doCertApply(): Promise<CertReader>;
async execute(): Promise<void> {
async execute(): Promise<string | void> {
const oldCert = await this.condition();
if (oldCert != null) {
return await this.output(oldCert, false);
await this.output(oldCert, false);
return "skip";
}
const cert = await this.doCertApply();
if (cert != null) {
await this.output(cert, true);
await emitCertApplySuccess(this.ctx.emitter, cert);
//清空后续任务的状态,让后续任务能够重新执行
this.clearLastStatus();
@@ -191,7 +203,8 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
zip.file("cert.crt", cert.crt);
zip.file("cert.key", cert.key);
zip.file("intermediate.crt", cert.ic);
zip.file("origin.crt", cert.oc);
zip.file("one.pem", cert.one);
if (cert.pfx) {
zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
}
@@ -201,6 +214,21 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
if (cert.jks) {
zip.file("cert.jks", Buffer.from(cert.jks, "base64"));
}
zip.file(
"说明.txt",
`证书文件说明
cert.crt证书文件包含证书链pem格式
cert.key私钥文件pem格式
intermediate.crt中间证书文件pem格式
origin.crt原始证书文件不含证书链pem格式
one.pem 证书和私钥简单合并成一个文件pem格式crt正文+key正文
cert.pfxpfx格式证书文件iis服务器使用
cert.derder格式证书文件
cert.jksjks格式证书文件java服务器使用
`
);
const content = await zip.generateAsync({ type: "nodebuffer" });
this.saveFile(filename, content);
this.logger.info(`已保存文件:${filename}`);
@@ -216,39 +244,23 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
// return null;
// }
let inputChanged = this.ctx.inputChanged;
if (inputChanged) {
this.logger.info("input hash 有变更,检查是否需要重新申请证书");
//判断域名有没有变更
/**
* "renewDays": 35,
* "certApplyPlugin": "CertApply",
* "sslProvider": "letsencrypt",
* "privateKeyType": "rsa_2048_pkcs1",
* "dnsProviderType": "aliyun",
* "domains": [
* "*.handsfree.work"
* ],
* "email": "xiaojunnuo@qq.com",
* "dnsProviderAccess": 3,
* "useProxy": false,
* "skipLocalVerify": false,
* "successNotify": true,
* "pfxPassword": "123456"
*/
const checkInputChanges = ["domains", "sslProvider", "privateKeyType", "dnsProviderType", "pfxPassword"];
const oldInput = JSON.stringify(pick(this.lastStatus?.input, checkInputChanges));
const thisInput = JSON.stringify(pick(this, checkInputChanges));
inputChanged = oldInput !== thisInput;
const checkInputChanges = ["domains", "sslProvider", "privateKeyType", "dnsProviderType", "pfxPassword"];
const oldInput = JSON.stringify(pick(this.lastStatus?.input, checkInputChanges));
const thisInput = JSON.stringify(pick(this, checkInputChanges));
const inputChanged = oldInput !== thisInput;
if (inputChanged) {
this.logger.info("输入参数变更,准备申请新证书");
return null;
}
this.logger.info(`旧参数:${oldInput}`);
this.logger.info(`新参数:${thisInput}`);
if (inputChanged) {
this.logger.info("输入参数变更,准备申请新证书");
return null;
} else {
this.logger.info("输入参数未变更,检查证书是否过期");
}
let oldCert: CertReader | undefined = undefined;
try {
this.logger.info("读取上次证书");
oldCert = await this.readLastCert();
} catch (e) {
this.logger.warn("读取cert失败", e);
@@ -286,6 +298,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
async readLastCert(): Promise<CertReader | undefined> {
const cert = this.lastStatus?.status?.output?.cert;
if (cert == null) {
this.logger.info("没有找到上次的证书");
return undefined;
}
return new CertReader(cert);
@@ -295,7 +308,6 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
* 检查是否过期默认提前35天
* @param expires
* @param maxDays
* @returns {boolean}
*/
isWillExpire(expires: number, maxDays = 20) {
if (expires == null) {
@@ -304,7 +316,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
// 检查有效期
const leftDays = dayjs(expires).diff(dayjs(), "day");
return {
isWillExpire: leftDays < maxDays,
isWillExpire: leftDays <= maxDays,
leftDays,
};
}
@@ -312,39 +324,20 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
this.logger.info("发送证书申请成功通知");
const url = await this.ctx.urlService.getPipelineDetailUrl(this.pipeline.id, this.ctx.runtime.id);
const body: NotificationBody = {
title: `【Certd】证书申请成功【${this.pipeline.title}`,
title: `证书申请成功【${this.pipeline.title}`,
content: `域名:${this.domains.join(",")}`,
url: url,
};
try {
const defNotification = await this.ctx.notificationService.getDefault();
if (defNotification) {
this.logger.info(`通知渠道:${defNotification.name}`);
const notificationCtx = {
http: this.ctx.http,
logger: this.logger,
utils: this.ctx.utils,
emailService: this.ctx.emailService,
};
await sendNotification({
config: defNotification,
ctx: notificationCtx,
body,
});
return;
}
this.logger.warn("未配置默认通知,将发送邮件通知");
await this.sendSuccessEmail(body);
await this.ctx.notificationService.send({
useDefault: true,
useEmail: true,
emailAddress: this.email,
logger: this.logger,
body,
});
} catch (e) {
this.logger.error("证书申请成功通知发送失败", e);
}
}
async sendSuccessEmail(body: NotificationBody) {
this.logger.info("发送邮件通知:" + this.email);
await this.ctx.emailService.send({
receivers: [this.email],
subject: body.title,
content: body.content,
});
}
}

66
packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts
View File

@@ -2,7 +2,7 @@ import { CertInfo } from "./acme.js";
import fs from "fs";
import os from "os";
import path from "path";
import { crypto } from "@certd/acme-client";
import { CertificateInfo, crypto } from "@certd/acme-client";
import { ILogger } from "@certd/basic";
import dayjs from "dayjs";
@@ -10,32 +10,33 @@ export type CertReaderHandleContext = {
reader: CertReader;
tmpCrtPath: string;
tmpKeyPath: string;
tmpOcPath?: string;
tmpPfxPath?: string;
tmpDerPath?: string;
tmpIcPath?: string;
tmpJksPath?: string;
tmpOnePath?: string;
};
export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
export class CertReader {
cert: CertInfo;
crt: string;
key: string;
csr: string;
ic: string; //中间证书
detail: any;
detail: CertificateInfo;
expires: number;
constructor(certInfo: CertInfo) {
this.cert = certInfo;
this.crt = certInfo.crt;
this.key = certInfo.key;
this.csr = certInfo.csr;
this.ic = certInfo.ic;
if (!this.ic) {
this.ic = this.getIc();
this.cert.ic = this.ic;
if (!certInfo.ic) {
this.cert.ic = this.getIc();
}
if (!certInfo.oc) {
this.cert.oc = this.getOc();
}
if (!certInfo.one) {
this.cert.one = this.cert.crt + "\n" + this.cert.key;
}
const { detail, expires } = this.getCrtDetail(this.cert.crt);
@@ -46,14 +47,24 @@ export class CertReader {
getIc() {
//中间证书ic 就是crt的第一个 -----END CERTIFICATE----- 之后的内容
const endStr = "-----END CERTIFICATE-----";
const firstBlockEndIndex = this.crt.indexOf(endStr);
const firstBlockEndIndex = this.cert.crt.indexOf(endStr);
const start = firstBlockEndIndex + endStr.length + 1;
if (this.crt.length <= start) {
if (this.cert.crt.length <= start) {
return "";
}
const ic = this.crt.substring(start);
return ic.trim();
const ic = this.cert.crt.substring(start);
if (ic == null) {
return "";
}
return ic?.trim();
}
getOc() {
//原始证书 就是crt的第一个 -----END CERTIFICATE----- 之前的内容
const endStr = "-----END CERTIFICATE-----";
const arr = this.cert.crt.split(endStr);
return arr[0] + endStr;
}
toCertInfo(): CertInfo {
@@ -61,6 +72,10 @@ export class CertReader {
}
getCrtDetail(crt: string = this.cert.crt) {
return CertReader.readCertDetail(crt);
}
static readCertDetail(crt: string) {
const detail = crypto.readCertificateInfo(crt.toString());
const expires = detail.notAfter;
return { detail, expires };
@@ -73,7 +88,7 @@ export class CertReader {
return domains;
}
saveToFile(type: "crt" | "key" | "pfx" | "der" | "ic" | "jks", filepath?: string) {
saveToFile(type: "crt" | "key" | "pfx" | "der" | "oc" | "one" | "ic" | "jks", filepath?: string) {
if (!this.cert[type]) {
return;
}
@@ -87,7 +102,7 @@ export class CertReader {
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
if (type === "crt" || type === "key" || type === "ic") {
if (type === "crt" || type === "key" || type === "ic" || type === "oc" || type === "one") {
fs.writeFileSync(filepath, this.cert[type]);
} else {
fs.writeFileSync(filepath, Buffer.from(this.cert[type], "base64"));
@@ -102,9 +117,11 @@ export class CertReader {
const tmpKeyPath = this.saveToFile("key");
const tmpPfxPath = this.saveToFile("pfx");
const tmpIcPath = this.saveToFile("ic");
logger.info("本地文件写入成功");
const tmpOcPath = this.saveToFile("oc");
const tmpDerPath = this.saveToFile("der");
const tmpJksPath = this.saveToFile("jks");
const tmpOnePath = this.saveToFile("one");
logger.info("本地文件写入成功");
try {
return await opts.handle({
reader: this,
@@ -114,12 +131,15 @@ export class CertReader {
tmpDerPath: tmpDerPath,
tmpIcPath: tmpIcPath,
tmpJksPath: tmpJksPath,
tmpOcPath: tmpOcPath,
tmpOnePath,
});
} catch (err) {
logger.error("处理失败", err);
throw err;
} finally {
//删除临时文件
logger.info("删除临时文件");
logger.info("清理临时文件");
function removeFile(filepath?: string) {
if (filepath) {
fs.unlinkSync(filepath);
@@ -128,13 +148,15 @@ export class CertReader {
removeFile(tmpCrtPath);
removeFile(tmpKeyPath);
removeFile(tmpPfxPath);
removeFile(tmpOcPath);
removeFile(tmpDerPath);
removeFile(tmpIcPath);
removeFile(tmpJksPath);
removeFile(tmpOnePath);
}
}
buildCertFileName(suffix: string, applyTime: number, prefix = "cert") {
buildCertFileName(suffix: string, applyTime: any, prefix = "cert") {
const detail = this.getCrtDetail();
let domain = detail.detail.domains.commonName;
domain = domain.replace(".", "_").replace("*", "_");

115
packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
View File

@@ -1,7 +1,7 @@
import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CancelError, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { utils } from "@certd/basic";
import type { CertInfo, CnameVerifyPlan, DomainsVerifyPlan, PrivateKeyType, SSLProvider } from "./acme.js";
import type { CertInfo, CnameVerifyPlan, DomainsVerifyPlan, HttpVerifyPlan, PrivateKeyType, SSLProvider } from "./acme.js";
import { AcmeService } from "./acme.js";
import * as _ from "lodash-es";
import { createDnsProvider, DnsProviderContext, IDnsProvider } from "../../dns-provider/index.js";
@@ -9,20 +9,28 @@ import { CertReader } from "./cert-reader.js";
import { CertApplyBasePlugin } from "./base.js";
import { GoogleClient } from "../../libs/google.js";
import { EabAccess } from "../../access";
import { CancelError } from "@certd/pipeline";
import { httpChallengeUploaderFactory } from "./uploads/factory.js";
export * from "./base.js";
export type { CertInfo };
export * from "./cert-reader.js";
export type CnameRecordInput = {
id: number;
status: string;
};
export type HttpRecordInput = {
domain: string;
httpUploaderType: string;
httpUploaderAccess: number;
httpUploadRootDir: string;
};
export type DomainVerifyPlanInput = {
domain: string;
type: "cname" | "dns";
type: "cname" | "dns" | "http";
dnsProviderType?: string;
dnsProviderAccessId?: number;
cnameVerifyPlan?: Record<string, CnameRecordInput>;
httpVerifyPlan?: Record<string, HttpRecordInput>;
};
export type DomainsVerifyPlanInput = {
[key: string]: DomainVerifyPlanInput;
@@ -54,14 +62,33 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
options: [
{ value: "dns", label: "DNS直接验证" },
{ value: "cname", label: "CNAME代理验证" },
{ value: "http", label: "HTTP文件验证" },
],
},
required: true,
helper:
"DNS直接验证域名是在阿里云、腾讯云、华为云、Cloudflare、NameSilo、西数注册的选它。\nCNAME代理验证支持任何注册商注册的域名但第一次需要手动添加CNAME记录",
helper: `DNS直接验证域名是在阿里云、腾讯云、华为云、Cloudflare、NameSilo、西数注册的选它
CNAME代理验证支持任何注册商注册的域名但第一次需要手动添加CNAME记录
HTTP文件验证不支持泛域名需要配置网站文件上传`,
})
challengeType!: string;
@TaskInput({
title: "证书颁发机构",
value: "letsencrypt",
component: {
name: "icon-select",
vModel: "value",
options: [
{ value: "letsencrypt", label: "Let's Encrypt", icon: "simple-icons:letsencrypt" },
{ value: "google", label: "Google", icon: "flat-color-icons:google" },
{ value: "zerossl", label: "ZeroSSL", icon: "emojione:digit-zero" },
],
},
helper: "Let's Encrypt申请最简单\nGoogle大厂光环兼容性好仅首次需要翻墙获取EAB授权\nZeroSSL需要EAB授权无需翻墙",
required: true,
})
sslProvider!: SSLProvider;
@TaskInput({
title: "DNS解析服务商",
component: {
@@ -105,9 +132,8 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
component: {
name: "domains-verify-plan-editor",
},
rules: [{ type: "checkCnameVerifyPlan" }],
rules: [{ type: "checkDomainVerifyPlan" }],
required: true,
helper: "如果选择CNAME方式请按照上面的显示给要申请证书的域名添加CNAME记录添加后点击验证验证成功后不要删除记录申请和续期证书会一直用它",
col: {
span: 24,
},
@@ -115,33 +141,26 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
component:{
domains: ctx.compute(({form})=>{
return form.domains
}),
defaultType: ctx.compute(({form})=>{
return form.challengeType || 'cname'
})
},
show: ctx.compute(({form})=>{
return form.challengeType === 'cname'
return form.challengeType === 'cname' || form.challengeType === 'http'
}),
helper: ctx.compute(({form})=>{
if(form.challengeType === 'cname' ){
return '请按照上面的提示给要申请证书的域名添加CNAME记录添加后点击验证验证成功后不要删除记录申请和续期证书会一直用它'
}else if (form.challengeType === 'http'){
return '请按照上面的提示,给每个域名设置文件上传配置,证书申请过程中会上传校验文件到网站根目录下'
}
})
}
`,
})
domainsVerifyPlan!: DomainsVerifyPlanInput;
@TaskInput({
title: "证书颁发机构",
value: "letsencrypt",
component: {
name: "icon-select",
vModel: "value",
options: [
{ value: "letsencrypt", label: "Let's Encrypt", icon: "simple-icons:letsencrypt" },
{ value: "google", label: "Google", icon: "flat-color-icons:google" },
{ value: "zerossl", label: "ZeroSSL", icon: "emojione:digit-zero" },
],
},
helper: "Let's Encrypt申请最简单\nGoogle大厂光环兼容性好仅首次需要翻墙获取EAB授权\nZeroSSL需要EAB授权无需翻墙",
required: true,
})
sslProvider!: SSLProvider;
@TaskInput({
title: "Google公共EAB授权",
isSys: true,
@@ -213,7 +232,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
// { value: "ec_521", label: "EC 521" },
],
},
helper: "如无特殊需求,默认即可",
helper: "如无特殊需求,默认即可\n选择RSA 2048 pkcs1可以获得旧版RSA证书",
required: true,
})
privateKeyType!: PrivateKeyType;
@@ -271,8 +290,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
this.logger.info("当前正在使用 google公共EAB授权");
eab = await this.ctx.accessService.getCommonById(this.googleCommonEabAccessId);
} else {
this.logger.error("google需要配置EAB授权或服务账号授权");
return;
throw new Error("google需要配置EAB授权或服务账号授权");
}
} else if (this.sslProvider === "zerossl") {
if (this.eabAccessId) {
@@ -282,8 +300,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
this.logger.info("当前正在使用 zerossl 公共EAB授权");
eab = await this.ctx.accessService.getCommonById(this.zerosslCommonEabAccessId);
} else {
this.logger.error("zerossl需要配置EAB授权");
return;
throw new Error("zerossl需要配置EAB授权");
}
}
this.eab = eab;
@@ -322,9 +339,9 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
);
this.logger.info("开始申请证书,", email, domains);
let dnsProvider: any = null;
let dnsProvider: IDnsProvider = null;
let domainsVerifyPlan: DomainsVerifyPlan = null;
if (this.challengeType === "cname") {
if (this.challengeType === "cname" || this.challengeType === "http") {
domainsVerifyPlan = await this.createDomainsVerifyPlan();
} else {
const dnsProviderType = this.dnsProviderType;
@@ -372,10 +389,11 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
const domainVerifyPlan = this.domainsVerifyPlan[domain];
let dnsProvider = null;
const cnameVerifyPlan: Record<string, CnameVerifyPlan> = {};
const httpVerifyPlan: Record<string, HttpVerifyPlan> = {};
if (domainVerifyPlan.type === "dns") {
const access = await this.ctx.accessService.getById(domainVerifyPlan.dnsProviderAccessId);
dnsProvider = await this.createDnsProvider(domainVerifyPlan.dnsProviderType, access);
} else {
} else if (domainVerifyPlan.type === "cname") {
for (const key in domainVerifyPlan.cnameVerifyPlan) {
const cnameRecord = await this.ctx.cnameProxyService.getByDomain(key);
let dnsProvider = cnameRecord.commonDnsProvider;
@@ -383,17 +401,44 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
dnsProvider = await this.createDnsProvider(cnameRecord.cnameProvider.dnsProviderType, cnameRecord.cnameProvider.access);
}
cnameVerifyPlan[key] = {
type: "cname",
domain: cnameRecord.cnameProvider.domain,
fullRecord: cnameRecord.recordValue,
dnsProvider,
};
}
} else if (domainVerifyPlan.type === "http") {
const httpUploaderContext = {
accessService: this.ctx.accessService,
logger: this.logger,
utils,
};
for (const key in domainVerifyPlan.httpVerifyPlan) {
const httpRecord = domainVerifyPlan.httpVerifyPlan[key];
const access = await this.ctx.accessService.getById(httpRecord.httpUploaderAccess);
let rootDir = httpRecord.httpUploadRootDir;
if (!rootDir.endsWith("/") && !rootDir.endsWith("\\")) {
rootDir = rootDir + "/";
}
this.logger.info("上传方式", httpRecord.httpUploaderType);
const httpUploader = await httpChallengeUploaderFactory.createUploaderByType(httpRecord.httpUploaderType, {
access,
rootDir: rootDir,
ctx: httpUploaderContext,
});
httpVerifyPlan[key] = {
type: "http",
domain: key,
httpUploader,
};
}
}
plan[domain] = {
domain,
type: domainVerifyPlan.type,
dnsProvider,
cnameVerifyPlan,
httpVerifyPlan,
};
}
return plan;

35
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/api.ts Normal file
View File

@@ -0,0 +1,35 @@
import { IAccessService } from "@certd/pipeline";
import { ILogger, utils } from "@certd/basic";
export type HttpChallengeUploader = {
upload: (fileName: string, fileContent: Buffer) => Promise<void>;
remove: (fileName: string) => Promise<void>;
};
export type HttpChallengeUploadContext = {
accessService: IAccessService;
logger: ILogger;
utils: typeof utils;
};
export abstract class BaseHttpChallengeUploader<A> implements HttpChallengeUploader {
rootDir: string;
access: A = null;
logger: ILogger;
utils: typeof utils;
ctx: HttpChallengeUploadContext;
protected constructor(opts: { rootDir: string; access: A }) {
this.rootDir = opts.rootDir;
this.access = opts.access;
}
async setCtx(ctx: any) {
// set context
this.ctx = ctx;
this.logger = ctx.logger;
this.utils = ctx.utils;
}
abstract remove(fileName: string): Promise<void>;
abstract upload(fileName: string, fileContent: Buffer): Promise<void>;
}

38
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/factory.ts Normal file
View File

@@ -0,0 +1,38 @@
import { HttpChallengeUploadContext } from "./api";
export class HttpChallengeUploaderFactory {
async getClassByType(type: string) {
if (type === "alioss") {
const module = await import("./impls/alioss.js");
return module.AliossHttpChallengeUploader;
} else if (type === "ssh") {
const module = await import("./impls/ssh.js");
return module.SshHttpChallengeUploader;
} else if (type === "sftp") {
const module = await import("./impls/sftp.js");
return module.SftpHttpChallengeUploader;
} else if (type === "ftp") {
const module = await import("./impls/ftp.js");
return module.FtpHttpChallengeUploader;
} else if (type === "tencentcos") {
const module = await import("./impls/tencentcos.js");
return module.TencentCosHttpChallengeUploader;
} else if (type === "qiniuoss") {
const module = await import("./impls/qiniuoss.js");
return module.QiniuOssHttpChallengeUploader;
} else {
throw new Error(`暂不支持此文件上传方式: ${type}`);
}
}
async createUploaderByType(type: string, opts: { rootDir: string; access: any; ctx: HttpChallengeUploadContext }) {
const cls = await this.getClassByType(type);
if (cls) {
// @ts-ignore
const instance = new cls(opts);
await instance.setCtx(opts.ctx);
return instance;
}
}
}
export const httpChallengeUploaderFactory = new HttpChallengeUploaderFactory();

39
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/alioss.ts Normal file
View File

@@ -0,0 +1,39 @@
import { BaseHttpChallengeUploader } from "../api.js";
import { AliossAccess, AliyunAccess } from "@certd/plugin-lib";
import { AliossClient } from "@certd/plugin-lib";
export class AliossHttpChallengeUploader extends BaseHttpChallengeUploader<AliossAccess> {
async upload(filePath: string, fileContent: Buffer) {
const aliyunAccess = await this.ctx.accessService.getById<AliyunAccess>(this.access.accessId);
const client = new AliossClient({
access: aliyunAccess,
bucket: this.access.bucket,
region: this.access.region,
});
const key = this.rootDir + filePath;
this.logger.info(`开始上传文件: ${key}`);
await client.uploadFile(key, fileContent);
this.logger.info(`校验文件上传成功: ${filePath}`);
}
async remove(filePath: string) {
const key = this.rootDir + filePath;
// remove file from alioss
const client = await this.getAliossClient();
await client.removeFile(key);
this.logger.info(`文件删除成功: ${key}`);
}
private async getAliossClient() {
const aliyunAccess = await this.ctx.accessService.getById<AliyunAccess>(this.access.accessId);
const client = new AliossClient({
access: aliyunAccess,
bucket: this.access.bucket,
region: this.access.region,
});
await client.init();
return client;
}
}

41
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/ftp.ts Normal file
View File

@@ -0,0 +1,41 @@
import { BaseHttpChallengeUploader } from "../api.js";
import { FtpAccess, FtpClient } from "@certd/plugin-lib";
import path from "path";
import os from "os";
import fs from "fs";
export class FtpHttpChallengeUploader extends BaseHttpChallengeUploader<FtpAccess> {
async upload(filePath: string, fileContent: Buffer) {
const client = new FtpClient({
access: this.access,
logger: this.logger,
});
await client.connect(async (client) => {
const tmpFilePath = path.join(os.tmpdir(), "cert", "http", filePath);
const dir = path.dirname(tmpFilePath);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
fs.writeFileSync(tmpFilePath, fileContent);
try {
// Write file to temp path
const path = this.rootDir + filePath;
await client.upload(path, tmpFilePath);
} finally {
// Remove temp file
fs.unlinkSync(tmpFilePath);
}
});
}
async remove(filePath: string) {
const client = new FtpClient({
access: this.access,
logger: this.logger,
});
await client.connect(async (client) => {
const path = this.rootDir + filePath;
await client.client.remove(path);
});
}
}

31
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/qiniuoss.ts Normal file
View File

@@ -0,0 +1,31 @@
import { BaseHttpChallengeUploader } from "../api.js";
import { QiniuOssAccess, QiniuClient, QiniuAccess } from "@certd/plugin-lib";
export class QiniuOssHttpChallengeUploader extends BaseHttpChallengeUploader<QiniuOssAccess> {
async upload(filePath: string, fileContent: Buffer) {
const qiniuAccess = await this.ctx.accessService.getById<QiniuAccess>(this.access.accessId);
const client = new QiniuClient({
access: qiniuAccess,
logger: this.logger,
http: this.ctx.utils.http,
});
if (this.rootDir.endsWith("/")) {
this.rootDir = this.rootDir.slice(0, -1);
}
await client.uploadFile(this.access.bucket, this.rootDir + filePath, fileContent);
}
async remove(filePath: string) {
const qiniuAccess = await this.ctx.accessService.getById<QiniuAccess>(this.access.accessId);
const client = new QiniuClient({
access: qiniuAccess,
logger: this.logger,
http: this.ctx.utils.http,
});
if (this.rootDir.endsWith("/")) {
this.rootDir = this.rootDir.slice(0, -1);
}
await client.removeFile(this.access.bucket, this.rootDir + filePath);
}
}

51
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/sftp.ts Normal file
View File

@@ -0,0 +1,51 @@
import { BaseHttpChallengeUploader } from "../api.js";
import { SshAccess, SshClient } from "@certd/plugin-lib";
import path from "path";
import os from "os";
import fs from "fs";
import { SftpAccess } from "@certd/plugin-lib";
export class SftpHttpChallengeUploader extends BaseHttpChallengeUploader<SftpAccess> {
async upload(filePath: string, fileContent: Buffer) {
const tmpFilePath = path.join(os.tmpdir(), "cert", "http", filePath);
// Write file to temp path
const dir = path.dirname(tmpFilePath);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
fs.writeFileSync(tmpFilePath, fileContent);
const access = await this.ctx.accessService.getById<SshAccess>(this.access.sshAccess);
const key = this.rootDir + filePath;
try {
const client = new SshClient(this.logger);
await client.uploadFiles({
connectConf: access,
mkdirs: true,
transports: [
{
localPath: tmpFilePath,
remotePath: key,
},
],
opts: {
mode: this.access?.fileMode ?? undefined,
},
});
} finally {
// Remove temp file
fs.unlinkSync(tmpFilePath);
}
}
async remove(filePath: string) {
const access = await this.ctx.accessService.getById<SshAccess>(this.access.sshAccess);
const client = new SshClient(this.logger);
const key = this.rootDir + filePath;
await client.removeFiles({
connectConf: access,
files: [key],
});
}
}

45
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/ssh.ts Normal file
View File

@@ -0,0 +1,45 @@
import { BaseHttpChallengeUploader } from "../api.js";
import { SshAccess, SshClient } from "@certd/plugin-lib";
import path from "path";
import os from "os";
import fs from "fs";
export class SshHttpChallengeUploader extends BaseHttpChallengeUploader<SshAccess> {
async upload(filePath: string, fileContent: Buffer) {
const tmpFilePath = path.join(os.tmpdir(), "cert", "http", filePath);
// Write file to temp path
const dir = path.dirname(tmpFilePath);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
fs.writeFileSync(tmpFilePath, fileContent);
const key = this.rootDir + filePath;
try {
const client = new SshClient(this.logger);
await client.uploadFiles({
connectConf: this.access,
mkdirs: true,
transports: [
{
localPath: tmpFilePath,
remotePath: key,
},
],
});
} finally {
// Remove temp file
fs.unlinkSync(tmpFilePath);
}
}
async remove(filePath: string) {
const client = new SshClient(this.logger);
const key = this.rootDir + filePath;
await client.removeFiles({
connectConf: this.access,
files: [key],
});
}
}

28
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/tencentcos.ts Normal file
View File

@@ -0,0 +1,28 @@
import { BaseHttpChallengeUploader } from "../api.js";
import { TencentAccess, TencentCosAccess, TencentCosClient } from "@certd/plugin-lib";
export class TencentCosHttpChallengeUploader extends BaseHttpChallengeUploader<TencentCosAccess> {
async upload(filePath: string, fileContent: Buffer) {
const access = await this.ctx.accessService.getById<TencentAccess>(this.access.accessId);
const client = new TencentCosClient({
access: access,
logger: this.logger,
region: this.access.region,
bucket: this.access.bucket,
});
const key = this.rootDir + filePath;
await client.uploadFile(key, fileContent);
}
async remove(filePath: string) {
const access = await this.ctx.accessService.getById<TencentAccess>(this.access.accessId);
const client = new TencentCosClient({
access: access,
logger: this.logger,
region: this.access.region,
bucket: this.access.bucket,
});
const key = this.rootDir + filePath;
await client.removeFile(key);
}
}

Some files were not shown because too many files have changed in this diff Show More