perf: 支持部署到阿里云云原生API网关、AI网关

更新我爱云CDN域名地址，和部分目录结构

.editorconfig

@@ -0,0 +1,11 @@
+#
+# http://editorconfig.org
+#
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+

.github/ISSUE_TEMPLATE/1plugin.md

@@ -0,0 +1,36 @@
+---
+name: Plugin Apply
+about: 部署插件申请支持
+title: "[Plugin] "
+labels: feature
+---
+
+> > 感谢您支持certd，请按如下规范提交issue
+> 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
+
+# 新部署插件申请支持
+
+## 1. 需求描述
+`请在此处简要描述你的需求`
+
+
+## 2. 要部署证书应用的信息
+
+1. 应用名称：
+
+
+2. 应用网址/项目地址/官方网站：
+
+
+3. 管理证书界面截图（或者手动部署证书方式介绍及截图）：
+
+
+4. 是否有API接口，接口地址：
+
+
+5. 如果没有API接口，网页登录是否需要验证码：
+
+
+6. 是否可以提供测试账号？（如果可以请留下联系方式或者加作者好友）
+
+

.github/ISSUE_TEMPLATE/2dns.md

@@ -0,0 +1,36 @@
+---
+name: DNS Provider Apply
+about: 域名提供商申请支持
+title: "[DNS] "
+labels: feature
+---
+
+
+> 感谢您支持certd，请按如下规范提交issue
+> 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
+
+# 新域名提供商支持申请
+
+## 1. 基本信息
+请填写如下内容：
+
+1. 域名提供商名称：
+
+
+2. 管理页面地址：
+
+
+3. 是否有API接口，接口地址：
+
+
+4. 如果没有API接口，网页登录是否有验证码：
+
+
+5. 是否可以提供测试账号？（如果可以请留下联系方式或者加作者好友）
+
+
+
+## 2. 截图
+
+`域名管理页面截图`
+

.github/ISSUE_TEMPLATE/3bug.md

@@ -1,21 +1,28 @@
-> 感谢您支持certd，请按如下规范提交issue    
+---
+name: Bug Report
+about: 错误或问题报告
+title: "[BUG] "
+labels: bug
+---
+
+
+> 感谢您支持certd，请按如下规范提交issue
 > 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
 
-
-## 一、问题描述
+# bug提交
+## 1、问题描述
 `请在此处简要描述你所遇到的问题，必要时请贴出相关截图辅助理解和定位`
 
-### 复现步骤
+### 2、复现步骤
 `请描述复现问题的详细步骤`
 `如果非示例页面的问题，最好能提供最小复现示例的代码、或者仓库链接`
 
 
-### 报错截图
+### 3.报错截图
 `请贴出报错日志截图`
 
-### 效果截图
+### 4、效果截图
 `请贴出效果截图`
-#### 1. 期望效果
-
-#### 2. 实际效果
+#### 4.1. 期望效果
 
+#### 4.2. 实际效果

.github/ISSUE_TEMPLATE/4feature.md

@@ -0,0 +1,24 @@
+---
+name: Feature Request
+about: 新需求、新特性申请支持
+title: "[Feature] "
+labels: feature
+---
+
+> > 感谢您支持certd，请按如下规范提交issue
+> 如果有条件，请尽量在[github上提交](https://github.com/certd/certd/issues)
+
+
+# 新特性申请
+>注意：这里仅供如果是要申请新的部署插件，请提交插件申请
+
+## 1. 需求描述，需求背景
+`请在此处简要描述你所遇到的问题，必要时请贴出相关截图辅助理解`
+
+
+## 2. 期望效果
+`必要时可以截图描述你的期望效果`
+
+
+## 3. 你的解决方案
+`如果你有解决方案，请描述你的方案`

CHANGELOG.md

@@ -3,6 +3,153 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+### Bug Fixes
+
+* 修复新部署的无法保存公共eab配置的bug ([d5dee75](https://github.com/certd/certd/commit/d5dee75df3bd635a597436e448b2de1407531f3a))
+
+### Performance Improvements
+
+* 阿里云 FC3.0 不在要求证书加密方式为旧版， 修复支持的协议类型可以正常选择 ([a34db74](https://github.com/certd/certd/commit/a34db7449eff6ad1dda01de673bf85579fa3865a))
+* 部署到腾讯云cdn，每个域名增加3每秒延迟 ([f7d43ad](https://github.com/certd/certd/commit/f7d43ad5af4663d4be369820a80d1fd9817ca4ab))
+* 腾讯云关闭证书通知增加开关选项，在腾讯云授权里面 ([a77c777](https://github.com/certd/certd/commit/a77c777980dd38d97d983124eeed1596879bba95))
+* 证书申请任务默认不发送申请成功通知 ([0283bd2](https://github.com/certd/certd/commit/0283bd2f978dbcd13d361129135e439dd9fbc180))
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+### Bug Fixes
+
+* 修复授权配置复制功能，无法复制已加密字段的问题 ([221e068](https://github.com/certd/certd/commit/221e068bac3af6cd5d1794f8cd4c2ec5c0bc3f45))
+
+### Performance Improvements
+
+* 百度云支持上传到证书托管，支持部署到负载均衡 ([798a48a](https://github.com/certd/certd/commit/798a48aa9686fd5d11cfffb6cd93eadfc40aacb3))
+* 部署到百度cdn支持自动获取域名列表选择 ([4e432ed](https://github.com/certd/certd/commit/4e432ed03f4fb564e85a2f284ee26b58400b82f5))
+* 验证码可重试次数设置为3次 ([1bdceee](https://github.com/certd/certd/commit/1bdceeecf4b5daecdd621a05a2596b6eb45ce8ea))
+* 增加找回密码的验证码可重试次数 [@nicheng-he](https://github.com/nicheng-he)  ([#496](https://github.com/certd/certd/issues/496)) ([fe03f99](https://github.com/certd/certd/commit/fe03f9942b5662fb90cad86da10782f5dc3603f5))
+* 支持阿里云API网关 ([9e1e4ee](https://github.com/certd/certd/commit/9e1e4eeec2859759ca5b07834c9d24cf88a6ad33))
+* 支持部署到金山云CDN ([dfa74a6](https://github.com/certd/certd/commit/dfa74a69f7cbb9009d3e20c7eecfa1b905a00cf0))
+* 支持更新金山云cdn证书 ([462e22a](https://github.com/certd/certd/commit/462e22a3b0a94887462fe6aa68e4671a365e0737))
+* 支持apisix证书部署 ([9b63fb4](https://github.com/certd/certd/commit/9b63fb4ee2c6b56139160c5bf63482dab0869c2b))
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+### Bug Fixes
+
+* 修复  https://cas.undefined.aliyuncs.com 的bug ([60e6aa9](https://github.com/certd/certd/commit/60e6aa9b54a761a47e39acee4a1ff947a745be27))
+* 修复阿里云clb api接口没有使用region的问题 ([0770f17](https://github.com/certd/certd/commit/0770f174a14313e28d08113e69829ef6cc02d719))
+* 修复站点监控使用自定义dns解析域名报错的bug ([eb8cd53](https://github.com/certd/certd/commit/eb8cd53de27991321e36dd14e5ce95f42b51351f))
+
+### Performance Improvements
+
+* 部署到阿里云支持选择bucket和域名 ([013b9c4](https://github.com/certd/certd/commit/013b9c4c7c2adf485d086123ccea448719577fd4))
+* 清理数据库备份的临时目录 ([fd95549](https://github.com/certd/certd/commit/fd95549de9a5d8cec09772ee2630bb7521e15e1f))
+* 添加免费通知,OneBot V11协议通知支持 ([#491](https://github.com/certd/certd/issues/491)) [@ayakasuki](https://github.com/ayakasuki)  ([be053d4](https://github.com/certd/certd/commit/be053d47e41084f817882400882b64143d036d1a))
+* 支持webhook部署证书 ([cbe0b1c](https://github.com/certd/certd/commit/cbe0b1c5a6538f232e9a63f1693d20d5acf0a306))
+* 注册时支持填写用户名 ([fdcfcc7](https://github.com/certd/certd/commit/fdcfcc77a0db87954e0b026635d3ccdd9bc6cee8))
+* add start:server npm script for quick server launch from root directory ([#484](https://github.com/certd/certd/issues/484)) [@orzyyyy](https://github.com/orzyyyy) ([fae1981](https://github.com/certd/certd/commit/fae1981161080f698c3f1263b712306d63baae64))
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+### Bug Fixes
+
+* 修复复制流水线为空的bug ([b070773](https://github.com/certd/certd/commit/b0707739fdfbae3d78db4efd3f180db05c4e4164))
+* 修复商用证书上传第二次运行无法使用pfx格式证书的bug ([251dd1f](https://github.com/certd/certd/commit/251dd1fe457a7b152f43eb6de18f7beb9f0b194e))
+
+### Performance Improvements
+
+* 1panel支持 currenNode ([acc8907](https://github.com/certd/certd/commit/acc890730f43d492c9b1bd3668814cf10efdf7b8))
+* 授权管理支持模糊查询 ([866eb62](https://github.com/certd/certd/commit/866eb6241baa7b21f6eddc649966324c188236c6))
+* 新增找回密码功能 [@nicheng-he](https://github.com/nicheng-he) ([81ac240](https://github.com/certd/certd/commit/81ac240ac84db0af2f56b6352e227ecb49f38377))
+* 优化start脚本 ([238ad7c](https://github.com/certd/certd/commit/238ad7ce51f17e1098c624e7f61ee2d98de1e02d))
+* 运行主机脚本插件支持选择运行策略 ([86b3df1](https://github.com/certd/certd/commit/86b3df194126476e1f58e0952a77e986f62eecce))
+* cdnfly 支持 账号密码登陆授权 ([e87f6d5](https://github.com/certd/certd/commit/e87f6d56f524dbbb9e3243e382b348b6e49f0d2c))
+* k8s ack、tke 支持重启ingress ([95715a0](https://github.com/certd/certd/commit/95715a007d931c64fa7dd953d94957398e00a443))
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+### Bug Fixes
+
+* 修复阿里云发送短信验证码失败的bug ([2e6d03f](https://github.com/certd/certd/commit/2e6d03ff001f521f57368e7a62b97ed7b122e8d0))
+
+### Performance Improvements
+
+* 阿里云部分插件优化  [@nicheng-he](https://github.com/nicheng-he) ([e3738f6](https://github.com/certd/certd/commit/e3738f6422270d75ec414c15a343248cc4cad6e1))
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+### Bug Fixes
+
+* 上传到阿里云cas，证书前缀无效的bug ([b382351](https://github.com/certd/certd/commit/b382351c7b91ec10e1f61d94bec5aad075207ec8))
+* 修复自定义插件onlyAdmin报错的bug ([4e5e862](https://github.com/certd/certd/commit/4e5e862f5834ad180e4428959c272d444a6f78ab))
+
+### Performance Improvements
+
+* 部署到k8s，tke，ack忽悠证书校验 ([ab84835](https://github.com/certd/certd/commit/ab848353621869464a2c9a45fdb5e28d998b8a58))
+* 首页增加更新日志按钮 ([41ce848](https://github.com/certd/certd/commit/41ce8489dc2f03a705dfa3fbb357769defb56c60))
+* 增加版本过低提示 ([d1ce360](https://github.com/certd/certd/commit/d1ce36038cab72b5dc1b320d0a708c261ffbdacb))
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+### Bug Fixes
+
+* 安全更新，备份数据库插件仅限管理员运行 ([13dfca1](https://github.com/certd/certd/commit/13dfca1749275526c82465a17c482b607c820fdd))
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+### Bug Fixes
+
+* 企业微信通知改成text类型，因为markdown类型不支持@用户 ([747d266](https://github.com/certd/certd/commit/747d26674248082e678a3fd5ecc94712641a2716))
+* api接口获取不到证书的bug ([05a33a0](https://github.com/certd/certd/commit/05a33a0ec9999e2802f6c7b23cc1c61a2b9e963d))
+
+### Performance Improvements
+
+* 部署到阿里云oss插件支持选择上传到阿里云cas中的证书 ([2ea2c8c](https://github.com/certd/certd/commit/2ea2c8c05fc40f79595f1bbde67c1413558bf684))
+* 优化子域名托管的说明 ([b15f514](https://github.com/certd/certd/commit/b15f514018b728acb0922ee3f93c1f302eb5d471))
+* 账号即将过期通知 ([e403450](https://github.com/certd/certd/commit/e40345095f31e2fb8e2333a6647466659133fa0c))
+* 子域名托管重复域名不允许添加 ([ffc0c7b](https://github.com/certd/certd/commit/ffc0c7bb7b16d9904fd2d905d1c4e1d4854e92a9))
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+### Bug Fixes
+
+* 修复ssh无法执行命令的bug ([9763cb0](https://github.com/certd/certd/commit/9763cb00e5d95b2fa5d1c2d3d4a8eecac71600e6))
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+### Bug Fixes
+
+* 修复流水线列表页报length错误的bug ([9864792](https://github.com/certd/certd/commit/9864792bbfd149e770d6e1ffa809573694f99dd3))
+* 修复流水线页面状态没有刷新的bug ([93e9498](https://github.com/certd/certd/commit/93e9498b410353f504e11e264db62468895d7290))
+* 修复自定义证书检查时间重启之后不生效的bug ([38e867c](https://github.com/certd/certd/commit/38e867c917bbc68bd228bdd8064f3e7358d6413d))
+
+### Performance Improvements
+
+* 支持上传证书到各种对象存储，oss、cos、七牛、s3、minio等 ([1da8617](https://github.com/certd/certd/commit/1da8617a53a675776635bbc3bcb3c6d7dff83e27))
+* 支持邮箱发送证书 ([95332d5](https://github.com/certd/certd/commit/95332d5db96cd54ddab6ab737332417a09169b39))
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+### Bug Fixes
+
+* 修复某些页面翻译不全显示错误的bug ([0b3158f](https://github.com/certd/certd/commit/0b3158fdd5fe5bb0a98c4e65715dbc3de2c38047))
+* 修复运行流水线后会闪烁一下的bug ([dfc9362](https://github.com/certd/certd/commit/dfc9362084082ee535b898f23b2609c1d946a6fd))
+
+### Performance Improvements
+
+* 部署plesk证书，支持删除未使用的证书 ([902d246](https://github.com/certd/certd/commit/902d246d1a7473ad90f604028c4eb09c8c67d99c))
+* 通知和定时器的删除按钮显示为红色更显眼 ([61ba83c](https://github.com/certd/certd/commit/61ba83c77546c3d505d081e19a3d68c127662bf1))
+* 优化流水线列表页面、详情页面性能，精简返回数据 ([609ac9c](https://github.com/certd/certd/commit/609ac9c9a2dde605eb09834ae59693c1cb238765))
+* 支持自动选择校验方式申请证书 ([3f99432](https://github.com/certd/certd/commit/3f9943270cfb12946e38e6272bc5e8d95ad6ab9e))
+* OpenAPI支持autoApply参数 ([42f4d14](https://github.com/certd/certd/commit/42f4d1477dc791520a874aed56035abcbc8c433b))
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+### Bug Fixes
+
+* 某些插件找不到的bug ([4b3f4a8](https://github.com/certd/certd/commit/4b3f4a868a8b0800c5c59de9d0f47bddc079e7b3))
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 ### Bug Fixes

README.md

@@ -16,7 +16,6 @@ Certd® 是一个免费的全自动证书管理系统，让你的网站证书永
 
 > 流水线数量现已调整为无限制，欢迎大家使用
 
-
 ## 一、特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     
 
@@ -87,8 +86,8 @@ https://certd.handfree.work/
 1. 【推荐】[Docker方式部署 ](https://certd.docmirror.cn/guide/install/docker/)
 2. 【推荐】[宝塔面板方式部署 ](https://certd.docmirror.cn/guide/install/docker/)
 3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
-4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2_) ： 首充翻倍，每月仅需2.2元    
-[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2_)
+4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) ： 首充翻倍，每月仅需2.2元    
+[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
 5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
 
 #### Docker镜像说明：

build.trigger

@@ -1 +1 @@
-22:21
+23:58

docker/run/docker-compose.yaml

@@ -11,6 +11,9 @@ services:
       #   ↓↓↓↓↓ -------------------------------------------------------- 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下，【您需要定时备份此目录，以保障数据容灾】
       #                                                                  只要修改冒号前面的，冒号后面的/app/data不要动
       - /data/certd:/app/data
+      #   ↓↓↓↓↓ -------------------------------------------------------- 如果走时不准，考虑挂载localtime文件
+      #- /etc/localtime:/etc/localtime
+      #- /etc/timezone:/etc/timezone
     ports: # 端口映射
       #  ↓↓↓↓ ---------------------------------------------------------- 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号，第二个7001不要动
       - "7001:7001"
@@ -38,11 +41,11 @@ services:
 #      - ip6net
     environment:
 #             ↓↓↓↓ ----------------------------------------------------- 使用上海东八时区
-#      - TZ=Asia/Shanghai
+      - TZ=Asia/Shanghai
 #     设置环境变量即可自定义certd配置
 #     配置项见： packages/ui/certd-server/src/config/config.default.ts
 #     配置规则： certd_ + 配置项, 点号用_代替
-#                                    #↓↓↓↓ ----------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
+#                                    #↓↓↓↓ ----------------------------- 如果忘记管理员密码，可以设置为true，docker compose up -d 重建容器之后，管理员密码将改成123456，然后请及时修改回false
       - certd_system_resetAdminPasswd=false
 
 #     默认使用sqlite文件数据库，如果需要使用其他数据库，请设置以下环境变量

docs/guide/changelogs/CHANGELOG.md

@@ -3,6 +3,170 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+### Bug Fixes
+
+* 修复新部署的无法保存公共eab配置的bug ([d5dee75](https://github.com/certd/certd/commit/d5dee75df3bd635a597436e448b2de1407531f3a))
+
+### Performance Improvements
+
+* 阿里云 FC3.0 不在要求证书加密方式为旧版， 修复支持的协议类型可以正常选择 ([a34db74](https://github.com/certd/certd/commit/a34db7449eff6ad1dda01de673bf85579fa3865a))
+* 部署到腾讯云cdn，每个域名增加3每秒延迟 ([f7d43ad](https://github.com/certd/certd/commit/f7d43ad5af4663d4be369820a80d1fd9817ca4ab))
+* 腾讯云关闭证书通知增加开关选项，在腾讯云授权里面 ([a77c777](https://github.com/certd/certd/commit/a77c777980dd38d97d983124eeed1596879bba95))
+* 证书申请任务默认不发送申请成功通知 ([0283bd2](https://github.com/certd/certd/commit/0283bd2f978dbcd13d361129135e439dd9fbc180))
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+### Bug Fixes
+
+* 修复授权配置复制功能，无法复制已加密字段的问题 ([221e068](https://github.com/certd/certd/commit/221e068bac3af6cd5d1794f8cd4c2ec5c0bc3f45))
+
+### Performance Improvements
+
+* 百度云支持上传到证书托管，支持部署到负载均衡 ([798a48a](https://github.com/certd/certd/commit/798a48aa9686fd5d11cfffb6cd93eadfc40aacb3))
+* 部署到百度cdn支持自动获取域名列表选择 ([4e432ed](https://github.com/certd/certd/commit/4e432ed03f4fb564e85a2f284ee26b58400b82f5))
+* 验证码可重试次数设置为3次 ([1bdceee](https://github.com/certd/certd/commit/1bdceeecf4b5daecdd621a05a2596b6eb45ce8ea))
+* 增加找回密码的验证码可重试次数 [@nicheng-he](https://github.com/nicheng-he)  ([#496](https://github.com/certd/certd/issues/496)) ([fe03f99](https://github.com/certd/certd/commit/fe03f9942b5662fb90cad86da10782f5dc3603f5))
+* 支持阿里云API网关 ([9e1e4ee](https://github.com/certd/certd/commit/9e1e4eeec2859759ca5b07834c9d24cf88a6ad33))
+* 支持部署到金山云CDN ([dfa74a6](https://github.com/certd/certd/commit/dfa74a69f7cbb9009d3e20c7eecfa1b905a00cf0))
+* 支持更新金山云cdn证书 ([462e22a](https://github.com/certd/certd/commit/462e22a3b0a94887462fe6aa68e4671a365e0737))
+* 支持apisix证书部署 ([9b63fb4](https://github.com/certd/certd/commit/9b63fb4ee2c6b56139160c5bf63482dab0869c2b))
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+### Bug Fixes
+
+* 修复  https://cas.undefined.aliyuncs.com 的bug ([60e6aa9](https://github.com/certd/certd/commit/60e6aa9b54a761a47e39acee4a1ff947a745be27))
+* 修复阿里云clb api接口没有使用region的问题 ([0770f17](https://github.com/certd/certd/commit/0770f174a14313e28d08113e69829ef6cc02d719))
+* 修复站点监控使用自定义dns解析域名报错的bug ([eb8cd53](https://github.com/certd/certd/commit/eb8cd53de27991321e36dd14e5ce95f42b51351f))
+
+### Performance Improvements
+
+* 部署到阿里云支持选择bucket和域名 ([013b9c4](https://github.com/certd/certd/commit/013b9c4c7c2adf485d086123ccea448719577fd4))
+* 清理数据库备份的临时目录 ([fd95549](https://github.com/certd/certd/commit/fd95549de9a5d8cec09772ee2630bb7521e15e1f))
+* 添加免费通知,OneBot V11协议通知支持 ([#491](https://github.com/certd/certd/issues/491)) [@ayakasuki](https://github.com/ayakasuki)  ([be053d4](https://github.com/certd/certd/commit/be053d47e41084f817882400882b64143d036d1a))
+* 支持webhook部署证书 ([cbe0b1c](https://github.com/certd/certd/commit/cbe0b1c5a6538f232e9a63f1693d20d5acf0a306))
+* 注册时支持填写用户名 ([fdcfcc7](https://github.com/certd/certd/commit/fdcfcc77a0db87954e0b026635d3ccdd9bc6cee8))
+* add start:server npm script for quick server launch from root directory ([#484](https://github.com/certd/certd/issues/484)) [@orzyyyy](https://github.com/orzyyyy) ([fae1981](https://github.com/certd/certd/commit/fae1981161080f698c3f1263b712306d63baae64))
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+### Bug Fixes
+
+* 修复复制流水线为空的bug ([b070773](https://github.com/certd/certd/commit/b0707739fdfbae3d78db4efd3f180db05c4e4164))
+* 修复商用证书上传第二次运行无法使用pfx格式证书的bug ([251dd1f](https://github.com/certd/certd/commit/251dd1fe457a7b152f43eb6de18f7beb9f0b194e))
+
+### Performance Improvements
+
+* 1panel支持 currenNode ([acc8907](https://github.com/certd/certd/commit/acc890730f43d492c9b1bd3668814cf10efdf7b8))
+* 授权管理支持模糊查询 ([866eb62](https://github.com/certd/certd/commit/866eb6241baa7b21f6eddc649966324c188236c6))
+* 新增找回密码功能 [@nicheng-he](https://github.com/nicheng-he) ([81ac240](https://github.com/certd/certd/commit/81ac240ac84db0af2f56b6352e227ecb49f38377))
+* 优化start脚本 ([238ad7c](https://github.com/certd/certd/commit/238ad7ce51f17e1098c624e7f61ee2d98de1e02d))
+* 运行主机脚本插件支持选择运行策略 ([86b3df1](https://github.com/certd/certd/commit/86b3df194126476e1f58e0952a77e986f62eecce))
+* cdnfly 支持 账号密码登陆授权 ([e87f6d5](https://github.com/certd/certd/commit/e87f6d56f524dbbb9e3243e382b348b6e49f0d2c))
+* k8s ack、tke 支持重启ingress ([95715a0](https://github.com/certd/certd/commit/95715a007d931c64fa7dd953d94957398e00a443))
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+### Bug Fixes
+
+* 修复阿里云发送短信验证码失败的bug ([2e6d03f](https://github.com/certd/certd/commit/2e6d03ff001f521f57368e7a62b97ed7b122e8d0))
+
+### Performance Improvements
+
+* 阿里云部分插件优化  [@nicheng-he](https://github.com/nicheng-he) ([e3738f6](https://github.com/certd/certd/commit/e3738f6422270d75ec414c15a343248cc4cad6e1))
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+### Bug Fixes
+
+* 上传到阿里云cas，证书前缀无效的bug ([b382351](https://github.com/certd/certd/commit/b382351c7b91ec10e1f61d94bec5aad075207ec8))
+* 修复自定义插件onlyAdmin报错的bug ([4e5e862](https://github.com/certd/certd/commit/4e5e862f5834ad180e4428959c272d444a6f78ab))
+
+### Performance Improvements
+
+* 部署到k8s，tke，ack忽悠证书校验 ([ab84835](https://github.com/certd/certd/commit/ab848353621869464a2c9a45fdb5e28d998b8a58))
+* 首页增加更新日志按钮 ([41ce848](https://github.com/certd/certd/commit/41ce8489dc2f03a705dfa3fbb357769defb56c60))
+* 增加版本过低提示 ([d1ce360](https://github.com/certd/certd/commit/d1ce36038cab72b5dc1b320d0a708c261ffbdacb))
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+### Bug Fixes
+
+* 安全更新，备份数据库插件仅限管理员运行 ([13dfca1](https://github.com/certd/certd/commit/13dfca1749275526c82465a17c482b607c820fdd))
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+### Bug Fixes
+
+* 企业微信通知改成text类型，因为markdown类型不支持@用户 ([747d266](https://github.com/certd/certd/commit/747d26674248082e678a3fd5ecc94712641a2716))
+* api接口获取不到证书的bug ([05a33a0](https://github.com/certd/certd/commit/05a33a0ec9999e2802f6c7b23cc1c61a2b9e963d))
+
+### Performance Improvements
+
+* 部署到阿里云oss插件支持选择上传到阿里云cas中的证书 ([2ea2c8c](https://github.com/certd/certd/commit/2ea2c8c05fc40f79595f1bbde67c1413558bf684))
+* 优化子域名托管的说明 ([b15f514](https://github.com/certd/certd/commit/b15f514018b728acb0922ee3f93c1f302eb5d471))
+* 账号即将过期通知 ([e403450](https://github.com/certd/certd/commit/e40345095f31e2fb8e2333a6647466659133fa0c))
+* 子域名托管重复域名不允许添加 ([ffc0c7b](https://github.com/certd/certd/commit/ffc0c7bb7b16d9904fd2d905d1c4e1d4854e92a9))
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+### Bug Fixes
+
+* 修复ssh无法执行命令的bug ([9763cb0](https://github.com/certd/certd/commit/9763cb00e5d95b2fa5d1c2d3d4a8eecac71600e6))
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+### Bug Fixes
+
+* 修复流水线列表页报length错误的bug ([9864792](https://github.com/certd/certd/commit/9864792bbfd149e770d6e1ffa809573694f99dd3))
+* 修复流水线页面状态没有刷新的bug ([93e9498](https://github.com/certd/certd/commit/93e9498b410353f504e11e264db62468895d7290))
+* 修复自定义证书检查时间重启之后不生效的bug ([38e867c](https://github.com/certd/certd/commit/38e867c917bbc68bd228bdd8064f3e7358d6413d))
+
+### Performance Improvements
+
+* 支持上传证书到各种对象存储，oss、cos、七牛、s3、minio等 ([1da8617](https://github.com/certd/certd/commit/1da8617a53a675776635bbc3bcb3c6d7dff83e27))
+* 支持邮箱发送证书 ([95332d5](https://github.com/certd/certd/commit/95332d5db96cd54ddab6ab737332417a09169b39))
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+### Bug Fixes
+
+* 修复某些页面翻译不全显示错误的bug ([0b3158f](https://github.com/certd/certd/commit/0b3158fdd5fe5bb0a98c4e65715dbc3de2c38047))
+* 修复运行流水线后会闪烁一下的bug ([dfc9362](https://github.com/certd/certd/commit/dfc9362084082ee535b898f23b2609c1d946a6fd))
+
+### Performance Improvements
+
+* 部署plesk证书，支持删除未使用的证书 ([902d246](https://github.com/certd/certd/commit/902d246d1a7473ad90f604028c4eb09c8c67d99c))
+* 通知和定时器的删除按钮显示为红色更显眼 ([61ba83c](https://github.com/certd/certd/commit/61ba83c77546c3d505d081e19a3d68c127662bf1))
+* 优化流水线列表页面、详情页面性能，精简返回数据 ([609ac9c](https://github.com/certd/certd/commit/609ac9c9a2dde605eb09834ae59693c1cb238765))
+* 支持自动选择校验方式申请证书 ([3f99432](https://github.com/certd/certd/commit/3f9943270cfb12946e38e6272bc5e8d95ad6ab9e))
+* OpenAPI支持autoApply参数 ([42f4d14](https://github.com/certd/certd/commit/42f4d1477dc791520a874aed56035abcbc8c433b))
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+### Bug Fixes
+
+* 某些插件找不到的bug ([4b3f4a8](https://github.com/certd/certd/commit/4b3f4a868a8b0800c5c59de9d0f47bddc079e7b3))
+
+## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
+
+### Bug Fixes
+
+* 修复查看证书对话框翻译错误的bug ([8626b6d](https://github.com/certd/certd/commit/8626b6d9f235c511766f2ae98e0a37f6cebb621c))
+* 修复translation后分组编辑打不开的bug ([46a1b74](https://github.com/certd/certd/commit/46a1b7479923d2feb2dece202a5932b99981b2cd))
+* 执行windows nginx命令时，改为return code判断是否执行成功 ([b37cffd](https://github.com/certd/certd/commit/b37cffd704cd08b8bdd68a6e284706eabe59e78d))
+
+### Performance Improvements
+
+* 优化证书进度条颜色 ([2af91db](https://github.com/certd/certd/commit/2af91dbf2ae36a4ed17c6788bc2a2a79a3bb29f8))
+* 站点证书即将过期通知标题颜色优化为红色 ([80c5331](https://github.com/certd/certd/commit/80c5331a5d4c320323d9b9b800e4ea3b72577b33))
+* 支持部署到阿里云vod ([98da4e1](https://github.com/certd/certd/commit/98da4e1791ed8bb21daf2a9914fda875d14633c9))
+* 支持部署证书到网宿CDN ([c3da026](https://github.com/certd/certd/commit/c3da026b33106f5195959825a68cadbe49efef00))
+* 重置管理员密码同时可以清除管理员的2FA设置 ([1ece091](https://github.com/certd/certd/commit/1ece0915f172d5f8b8adb866434e7efcc5c8c46d))
+* output-selector from参数支持更丰富的过滤规则 ([87853a2](https://github.com/certd/certd/commit/87853a201535f3bfe8505c40f8f5229d82ffcc73))
+
 ## [1.36.3](https://github.com/certd/certd/compare/v1.36.2...v1.36.3) (2025-07-07)
 
 ### Bug Fixes

docs/guide/install/baota/index.md

@@ -10,7 +10,8 @@
 * 登录宝塔面板，在菜单栏中点击 Docker，首次进入会提示安装Docker服务，点击立即安装，按提示完成安装
 
 ### 2、部署certd
-以下两种方式人选一种：
+以下两种方式任选一种：
+
 #### 2.1 应用商店方式一键部署【推荐】
 
 * 在宝塔Docker应用商店中找到`certd`（要先点右上角更新应用）

docs/guide/install/source/index.md

@@ -4,7 +4,7 @@
 ## 一、源码安装
 
 ### 环境要求
-- nodejs 20 及以上
+- nodejs 22 及以上
 ### 源码启动
 ```shell
 # 克隆代码

docs/guide/install/upgrade.md

@@ -13,4 +13,54 @@
 :::
 
 ## 升级日志
+可以查看最新版本号，以及所有版本的更新日志     
 [CHANGELOG](../changelogs/CHANGELOG.md)
+
+
+## 自动升级配置
+
+### 1. 方法一：使用watchtower监控
+
+修改docker-compose.yaml文件增加如下配置， 使用watchtower监控自动升级
+```yaml
+services:
+  certd:
+    ...
+    labels:
+      com.centurylinklabs.watchtower.enable: "true"
+
+#         ↓↓↓↓ ---------------------------------------------------------  自动升级，上面certd的版本号要保持为latest
+  certd-updater:  # 添加 Watchtower 服务
+    image: containrrr/watchtower:latest
+    container_name: certd-updater
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    # 配置 自动更新
+    environment:
+      - WATCHTOWER_CLEANUP=true            # 自动清理旧版本容器
+      - WATCHTOWER_INCLUDE_STOPPED=false   # 不更新已停止的容器
+      - WATCHTOWER_LABEL_ENABLE=true       # 根据容器标签进行更新
+      - WATCHTOWER_POLL_INTERVAL=600       # 每 10 分钟检查一次更新
+
+```
+
+
+### 2. 方法二：使用Certd版本监控功能
+
+选择Github-检查Release版本插件
+![](./images/github-release.png)
+按如下图填写配置
+![](./images/github-release-2.png)
+
+
+检测到新版本后执行宿主机升级命令：
+
+```shell
+# 拉取最新镜像
+docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
+# 升级容器命令， 替换成你自己的certd更新命令
+export RESTART_CERT='sleep 10; cd ~/deploy/certd/ ; docker compose down; docker compose up -d'
+# 构造一个脚本10s后在后台执行，避免容器销毁时执行太快，导致流水线任务无法结束
+nohup sh -c '$RESTART_CERT' >/dev/null  2>&1 & echo '10秒后重启' && exit
+```

docs/guide/qa/index.md

@@ -65,8 +65,16 @@ networks:
 docker logs -f --tail 200 certd
 ```
 
-
-
+## 6. 容器内走时不准，或者时区不对
+走时不准确，慢慢偏差越来越大    
+或者整个时区都不对    
+可以尝试挂载localtime文件
+```yaml
+    volumes:
+      #   ↓↓↓↓↓ -------------------- 如果走时不准，请尝试挂载localtime文件
+      - /etc/localtime:/etc/localtime
+      - /etc/timezone:/etc/timezone
+```
 
 
 

docs/guide/use/comm/payments/alipay.md

@@ -2,19 +2,24 @@
 
 ## 配置步骤
 
-1. 创建应用，获取APPID
+
+1. 注册支付宝商家账号
+   * 开通电脑网站支付产品(需营业执照)： https://b.alipay.com/page/product-workspace/all-product
+   
+
+2. 开放平台，创建应用，获取APPID
    * 登录支付宝开放平台，进入开发者中心，创建网页应用，获取应用的AppId（左上角复制）
    * 开发者中心：https://open.alipay.com/develop/manage
 
 
-2. 进入应用详情，选择开发设置，配置接口加签方式 （选择密钥类型）
+3. 进入应用详情，选择开发设置，配置接口加签方式 （选择密钥类型）
 
    * 参考文档：https://opendocs.alipay.com/common/02kdnc?pathHash=fb0c752a
    * 此步骤完成后，可以获取应用的私钥、支付宝公钥。     
    * 注意：支付宝不会保存应用的私钥，你需要自己保管好私钥。
 
 
-3. 在Certd后台配置支付宝 
+4. 在Certd后台配置支付宝 
 
    * 进入“系统”->"设置"->“支付设置”
    * 启用支付宝，选择“支付宝配置”，点击添加

docs/guide/use/tencent/index.md

@@ -8,8 +8,11 @@
 ![](./tencent-access.png)
 
 
+
 ## 如何避免收到腾讯云证书过期邮件
 
+> 新版本已经自动将证书设置为免提醒，certd上传的证书后续都不会再提醒了。
+
 腾讯云在证书有效期还剩28天时会发送过期通知邮件    
 您可以通过配置“腾讯云过期证书删除”任务来避免收到此类邮件。
 
@@ -18,4 +21,17 @@
 注意点：
 > 1. 选择腾讯云授权，需授权`服务角色SSL_QCSLinkedRoleInReplaceLoadCertificate`权限
 > 2. `1.26.14`版本之前Certd创建的证书流水线默认是到期前20天才更新证书，需要将之前创建的证书申请任务的更新天数修改为35天，保证删除之前就已经替换掉即将过期证书
-![](./images/delete2.png)
+![](./images/delete2.png)
+
+
+
+
+## TKE service 的 TCP_SSL Opaque类型证书授权
+
+部署证书到腾讯云TKE，如果报以下错误：     
+`is forbidden: User "xxxxxx-xxxxx" cannot get resource "secrets" in API group "" in the namespace "default"'`     
+则需要单独从授权管理侧再授权子用户的权限
+
+![](./images/tcpssl.png)
+
+![](./images/opaque.png)

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.36.4"
+  "version": "1.36.17"
 }

package.json

@@ -14,6 +14,7 @@
   },
   "scripts": {
     "start": "lerna bootstrap --hoist",
+    "start:server": "cd ./packages/ui/certd-server && npm start",
     "devb": "lerna run dev-build",
     "i-all": "lerna link && lerna exec npm install  ",
     "publish": "npm run prepublishOnly2  && lerna publish --force-publish=pro/plus-core --conventional-commits --create-release github && npm run afterpublishOnly && npm run commitAll",
@@ -30,12 +31,13 @@
     "init": "lerna run build",
     "init:dev": "lerna run build",
     "docs:dev": "vitepress dev docs",
-    "docs:build": "vitepress build docs",
+    "docs:build": "npm run copylogs && vitepress build docs",
     "docs:preview": "vitepress preview docs",
     "pub": "echo 1"
   },
   "license": "AGPL-3.0",
   "dependencies": {
+    "@certd/ui-server": "link:packages/ui/certd-server",
     "axios": "^1.7.7",
     "copyfiles": "^2.4.1",
     "lodash-es": "^4.17.21",

packages/core/acme-client/.editorconfig

@@ -6,7 +6,7 @@ root = true
 
 [*]
 indent_style = space
-indent_size = 4
+indent_size = 2
 trim_trailing_whitespace = true
 
 [{*.yml,*.yaml}]

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,56 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/publishlab/node-acme-client/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.16](https://github.com/publishlab/node-acme-client/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+### Performance Improvements
+
+* 部署到百度cdn支持自动获取域名列表选择 ([4e432ed](https://github.com/publishlab/node-acme-client/commit/4e432ed03f4fb564e85a2f284ee26b58400b82f5))
+
+## [1.36.15](https://github.com/publishlab/node-acme-client/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.14](https://github.com/publishlab/node-acme-client/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.13](https://github.com/publishlab/node-acme-client/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.12](https://github.com/publishlab/node-acme-client/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.11](https://github.com/publishlab/node-acme-client/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.10](https://github.com/publishlab/node-acme-client/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.9](https://github.com/publishlab/node-acme-client/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.7](https://github.com/publishlab/node-acme-client/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.6](https://github.com/publishlab/node-acme-client/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.36.5](https://github.com/publishlab/node-acme-client/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.36.4](https://github.com/publishlab/node-acme-client/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.36.4",
+    "version": "1.36.17",
     "type": "module",
     "module": "scr/index.js",
     "main": "src/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.36.4",
+        "@certd/basic": "^1.36.17",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.7.2",
@@ -69,5 +69,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+    "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,54 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-23:36
+23:53

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.36.4",
+  "version": "1.36.17",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -45,5 +45,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,63 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+### Performance Improvements
+
+* 百度云支持上传到证书托管，支持部署到负载均衡 ([798a48a](https://github.com/certd/certd/commit/798a48aa9686fd5d11cfffb6cd93eadfc40aacb3))
+* 支持部署到金山云CDN ([dfa74a6](https://github.com/certd/certd/commit/dfa74a69f7cbb9009d3e20c7eecfa1b905a00cf0))
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+### Bug Fixes
+
+* 修复自定义插件onlyAdmin报错的bug ([4e5e862](https://github.com/certd/certd/commit/4e5e862f5834ad180e4428959c272d444a6f78ab))
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+### Bug Fixes
+
+* 安全更新，备份数据库插件仅限管理员运行 ([13dfca1](https://github.com/certd/certd/commit/13dfca1749275526c82465a17c482b607c820fdd))
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+### Performance Improvements
+
+* 支持邮箱发送证书 ([95332d5](https://github.com/certd/certd/commit/95332d5db96cd54ddab6ab737332417a09169b39))
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.36.4",
+  "version": "1.36.17",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,8 +17,8 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/basic": "^1.36.4",
-    "@certd/plus-core": "^1.36.4",
+    "@certd/basic": "^1.36.17",
+    "@certd/plus-core": "^1.36.17",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"
@@ -44,5 +44,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/core/pipeline/src/context/index.ts

@@ -11,7 +11,6 @@ export type PageSearch = {
   // sortOrder?: "asc" | "desc";
 };
 
-
 export type PageRes = {
   pageNo?: number;
   pageSize?: number;

packages/core/pipeline/src/core/executor.ts

@@ -352,6 +352,7 @@ export class Executor {
       pipeline: this.pipeline,
       runtime: this.runtime,
       step,
+      define: cloneDeep(define),
       lastStatus,
       http,
       download,

packages/core/pipeline/src/plugin/api.ts

@@ -59,6 +59,7 @@ export type PluginDefine = Registrable & {
       form: any;
     };
   };
+  onlyAdmin?: boolean;
   needPlus?: boolean;
   showRunStrategy?: boolean;
   pluginType?: string; //类型
@@ -85,6 +86,7 @@ export type TaskInstanceContext = {
   runtime: RunHistory;
   //步骤定义
   step: Step;
+  define: PluginDefine;
   //日志
   logger: ILogger;
   //当前步骤输入参数跟上一次执行比较是否有变化
@@ -162,6 +164,12 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
       this.registerSecret(cert.key);
       this.registerSecret(cert.one);
     }
+
+    if (this.ctx?.define?.onlyAdmin) {
+      if (!this.isAdmin()) {
+        throw new Error("只有管理员才能运行此任务");
+      }
+    }
   }
 
   async getAccess<T = any>(accessId: string | number, isCommon = false) {

packages/core/pipeline/src/plugin/group.ts

@@ -27,7 +27,9 @@ export const pluginGroups = {
   tencent: new PluginGroup("tencent", "腾讯云", 4, "svg:icon-tencentcloud"),
   volcengine: new PluginGroup("volcengine", "火山引擎", 4, "svg:icon-volcengine"),
   jdcloud: new PluginGroup("jdcloud", "京东云", 4, "svg:icon-jdcloud"),
+  baidu: new PluginGroup("baidu", "百度云", 4, "ant-design:baidu-outlined"),
   qiniu: new PluginGroup("qiniu", "七牛云", 5, "svg:icon-qiniuyun"),
   aws: new PluginGroup("aws", "亚马逊云", 6, "svg:icon-aws"),
   other: new PluginGroup("other", "其他", 10, "clarity:plugin-line"),
+  admin: new PluginGroup("admin", "管理", 11, "ion:settings-outline"),
 };

packages/core/pipeline/src/service/email.ts

@@ -1,7 +1,9 @@
 export type EmailSend = {
   subject: string;
-  content: string;
   receivers: string[];
+  content?: string;
+  attachments?: any[];
+  html?: string;
 };
 
 export interface IEmailService {

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,54 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.36.4",
+  "version": "1.36.17",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,54 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.36.4",
+  "version": "1.36.17",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -31,5 +31,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,54 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.36.4",
+  "version": "1.36.17",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
@@ -61,5 +61,5 @@
       "fetch"
     ]
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,58 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+### Performance Improvements
+
+* k8s ack、tke 支持重启ingress ([95715a0](https://github.com/certd/certd/commit/95715a007d931c64fa7dd953d94957398e00a443))
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+### Performance Improvements
+
+* 部署到k8s，tke，ack忽悠证书校验 ([ab84835](https://github.com/certd/certd/commit/ab848353621869464a2c9a45fdb5e28d998b8a58))
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.36.4",
+  "version": "1.36.17",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,7 +17,7 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/basic": "^1.36.4",
+    "@certd/basic": "^1.36.17",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
@@ -32,5 +32,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/libs/lib-k8s/src/index.ts

@@ -1 +1 @@
-export * from './lib/k8s.client.js';
+export * from "./lib/k8s.client.js";

packages/libs/lib-k8s/src/lib/k8s.client.ts

@@ -1,7 +1,7 @@
-import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from '@kubernetes/client-node';
-import dns from 'dns';
-import { ILogger } from '@certd/basic';
-import _ from 'lodash-es';
+import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from "@kubernetes/client-node";
+import dns from "dns";
+import { ILogger } from "@certd/basic";
+import _ from "lodash-es";
 
 export type K8sClientOpts = {
   kubeConfigStr: string;
@@ -9,6 +9,7 @@ export type K8sClientOpts = {
   //{  [domain]:{ip:'xxx.xx.xxx'} }
   //暂时没用
   lookup?: any;
+  skipTLSVerify?: boolean;
 };
 export class K8sClient {
   kubeconfig!: KubeConfig;
@@ -16,10 +17,12 @@ export class K8sClient {
   lookup!: (hostnameReq: any, options: any, callback: any) => void;
   client!: CoreV1Api;
   logger: ILogger;
+  skipTLSVerify?: boolean;
   constructor(opts: K8sClientOpts) {
     this.kubeConfigStr = opts.kubeConfigStr;
     this.logger = opts.logger;
     this.setLookup(opts.lookup);
+    this.skipTLSVerify = opts.skipTLSVerify;
     this.init();
   }
 
@@ -27,6 +30,18 @@ export class K8sClient {
     const kubeconfig = new KubeConfig();
     kubeconfig.loadFromString(this.kubeConfigStr);
     this.kubeconfig = kubeconfig;
+
+    try {
+      if (this.skipTLSVerify == true) {
+        for (const cluster of kubeconfig.getClusters()) {
+          // @ts-ignore
+          cluster["skipTLSVerify"] = this.skipTLSVerify;
+        }
+      }
+    } catch (e) {
+      this.logger.warn("skipTLSVerify error", e);
+    }
+
     this.client = kubeconfig.makeApiClient(CoreV1Api);
 
     // const reqOpts = { kubeconfig, request: {} } as any;
@@ -47,9 +62,9 @@ export class K8sClient {
       return;
     }
     this.lookup = (hostnameReq: any, options: any, callback: any) => {
-      this.logger.info('custom lookup', hostnameReq, localRecords);
+      this.logger.info("custom lookup", hostnameReq, localRecords);
       if (localRecords[hostnameReq]) {
-        this.logger.info('local record', hostnameReq, localRecords[hostnameReq]);
+        this.logger.info("local record", hostnameReq, localRecords[hostnameReq]);
         callback(null, localRecords[hostnameReq].ip, 4);
       } else {
         dns.lookup(hostnameReq, options, callback);
@@ -63,7 +78,7 @@ export class K8sClient {
    * @returns secretsList
    */
   async getSecrets(opts: { namespace: string }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     return await this.client.listNamespacedSecret(namespace);
   }
 
@@ -73,9 +88,9 @@ export class K8sClient {
    * @returns {Promise<*>}
    */
   async createSecret(opts: { namespace: string; body: V1Secret }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const created = await this.client.createNamespacedSecret(namespace, opts.body);
-    this.logger.info('new secrets:', opts.body);
+    this.logger.info("new secrets:", opts.body);
     return created.body;
   }
 
@@ -89,24 +104,24 @@ export class K8sClient {
   // }
 
   async patchSecret(opts: { namespace: string; secretName: string; body: V1Secret }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const secretName = opts.secretName;
     if (secretName == null) {
-      throw new Error('secretName 不能为空');
+      throw new Error("secretName 不能为空");
     }
-    this.logger.info('patch secret:', secretName, namespace);
+    this.logger.info("patch secret:", secretName, namespace);
     const oldSecret = await this.client.readNamespacedSecret(secretName, namespace);
     const newSecret = _.merge(oldSecret.body, opts.body);
     const res = await this.client.replaceNamespacedSecret(secretName, namespace, newSecret);
-    this.logger.info('secret updated');
+    this.logger.info("secret updated");
     return res.body;
   }
 
   async getIngressList(opts: { namespace: string }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const client = this.kubeconfig.makeApiClient(NetworkingV1Api);
     const res = await client.listNamespacedIngress(namespace);
-    this.logger.info('ingress list get:', res.body);
+    this.logger.info("ingress list get:", res.body);
     return res.body;
   }
 
@@ -122,17 +137,31 @@ export class K8sClient {
   // }
 
   async patchIngress(opts: { namespace: string; ingressName: string; body: V1Ingress }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const ingressName = opts.ingressName;
     if (!ingressName) {
-      throw new Error('ingressName 不能为空');
+      throw new Error("ingressName 不能为空");
     }
-    this.logger.info('patch ingress:', ingressName, namespace);
+    this.logger.info("patch ingress:", ingressName, namespace);
     const client = this.kubeconfig.makeApiClient(NetworkingV1Api);
     const oldIngress = await client.readNamespacedIngress(ingressName, namespace);
     const newIngress = _.merge(oldIngress.body, opts.body);
     const res = await client.replaceNamespacedIngress(ingressName, namespace, newIngress);
-    this.logger.info('ingress patched', opts.body);
+    this.logger.info("ingress patched", opts.body);
     return res;
   }
+
+  async restartIngress(namespace: string, ingressNames: string[], labels: any) {
+    const body = {
+      metadata: {
+        labels: {
+          ...labels,
+        },
+      },
+    };
+    for (const ingress of ingressNames) {
+      await this.patchIngress({ namespace, ingressName: ingress, body });
+      this.logger.info(`ingress已重启:${ingress}`);
+    }
+  }
 }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,61 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+### Bug Fixes
+
+* 修复授权配置复制功能，无法复制已加密字段的问题 ([221e068](https://github.com/certd/certd/commit/221e068bac3af6cd5d1794f8cd4c2ec5c0bc3f45))
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+### Performance Improvements
+
+* 新增找回密码功能 [@nicheng-he](https://github.com/nicheng-he) ([81ac240](https://github.com/certd/certd/commit/81ac240ac84db0af2f56b6352e227ecb49f38377))
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+### Performance Improvements
+
+* 优化流水线列表页面、详情页面性能，精简返回数据 ([609ac9c](https://github.com/certd/certd/commit/609ac9c9a2dde605eb09834ae59693c1cb238765))
+* OpenAPI支持autoApply参数 ([42f4d14](https://github.com/certd/certd/commit/42f4d1477dc791520a874aed56035abcbc8c433b))
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/lib-server

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.36.4",
+  "version": "1.36.17",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -27,10 +27,10 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.36.4",
-    "@certd/basic": "^1.36.4",
-    "@certd/pipeline": "^1.36.4",
-    "@certd/plus-core": "^1.36.4",
+    "@certd/acme-client": "^1.36.17",
+    "@certd/basic": "^1.36.17",
+    "@certd/pipeline": "^1.36.17",
+    "@certd/plus-core": "^1.36.17",
     "@midwayjs/cache": "~3.14.0",
     "@midwayjs/core": "~3.20.3",
     "@midwayjs/i18n": "~3.20.3",
@@ -61,5 +61,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/libs/lib-server/src/basic/base-service.ts

@@ -164,8 +164,11 @@ export abstract class BaseService<T> {
   }
 
   private buildListQuery(listReq: ListReq<T>) {
-    const { query, sort, buildQuery } = listReq;
+    const { query, sort, buildQuery,select } = listReq;
     const qb = this.getRepository().createQueryBuilder('main');
+    if (select) {
+      qb.setFindOptions({select});
+    }
     if (query) {
       const keys = Object.keys(query);
       for (const key of keys) {
@@ -191,6 +194,7 @@ export abstract class BaseService<T> {
     if (buildQuery) {
       buildQuery(qb);
     }
+
     return qb;
   }
 

packages/libs/lib-server/src/basic/constants.ts

@@ -107,5 +107,17 @@ export const Constants = {
       code: 20012,
       message: '证书还未生成',
     },
+    openCertApplying: {
+      code: 20013,
+      message: '证书正在申请中，请稍后重新获取',
+    },
+    openDomainNoVerifier:{
+      code: 20014,
+      message: '域名校验方式未配置',
+    },
+    openEmailNotFound: {
+      code: 20021,
+      message: '用户邮箱还未配置',
+    },
   },
 };

packages/libs/lib-server/src/basic/exception/common-exception.ts

@@ -11,13 +11,13 @@ export class CommonException extends BaseException {
 }
 
 export class CodeException extends BaseException {
-  constructor(res: { code: number; message: string }) {
-    super("CodeException", res.code, res.message);
+  constructor(res: { code: number; message: string; data?: any }) {
+    super("CodeException", res.code, res.message, res.data);
   }
 }
 
 export class TextException extends BaseException {
-  constructor(name, code,message, data?) {
+  constructor(name, code, message, data?) {
     super(name, code, message, data);
   }
 }

packages/libs/lib-server/src/system/settings/service/models.ts

@@ -22,6 +22,7 @@ export class SysPublicSettings extends BaseSettings {
   mobileRegisterEnabled = false;
   smsLoginEnabled = false;
   emailRegisterEnabled = false;
+  selfServicePasswordRetrievalEnabled = false;
 
   limitUserPipelineCount = 0;
   managerOtherUserPipeline = false;

packages/libs/lib-server/src/user/access/service/access-service.ts

@@ -1,6 +1,6 @@
 import {Inject, Provide, Scope, ScopeEnum} from '@midwayjs/core';
 import {InjectEntityModel} from '@midwayjs/typeorm';
-import {Repository} from 'typeorm';
+import { In, Repository } from "typeorm";
 import {AccessGetter, BaseService, PageReq, PermissionException, ValidateException} from '../../../index.js';
 import {AccessEntity} from '../entity/access.js';
 import {AccessDefine, accessRegistry, newAccess} from '@certd/pipeline';
@@ -34,7 +34,18 @@ export class AccessService extends BaseService<AccessEntity> {
   }
 
   async add(param) {
-    this.encryptSetting(param, null);
+    let oldEntity = null;
+    if (param._copyFrom){
+      oldEntity = await this.info(param._copyFrom);
+      if (oldEntity == null) {
+        throw new ValidateException('该授权配置不存在,请确认是否已被删除');
+      }
+      if (oldEntity.userId  !== param.userId) {
+        throw new ValidateException('您无权查看该授权配置');
+      }
+    }
+    delete param._copyFrom
+    this.encryptSetting(param, oldEntity);
     return await super.add(param);
   }
 
@@ -175,4 +186,27 @@ export class AccessService extends BaseService<AccessEntity> {
   getDefineByType(type: string) {
     return accessRegistry.getDefine(type);
   }
+
+
+  async getSimpleByIds(ids: number[], userId: any) {
+    if (ids.length === 0) {
+      return [];
+    }
+    if (!userId) {
+      return [];
+    }
+    return await this.repository.find({
+      where: {
+        id: In(ids),
+        userId,
+      },
+      select: {
+        id: true,
+        name: true,
+        type: true,
+        userId:true
+      },
+    });
+
+  }
 }

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,54 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.36.4",
+  "version": "1.36.17",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -46,5 +46,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,65 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+### Performance Improvements
+
+* 证书申请任务默认不发送申请成功通知 ([0283bd2](https://github.com/certd/certd/commit/0283bd2f978dbcd13d361129135e439dd9fbc180))
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+### Performance Improvements
+
+* 百度云支持上传到证书托管，支持部署到负载均衡 ([798a48a](https://github.com/certd/certd/commit/798a48aa9686fd5d11cfffb6cd93eadfc40aacb3))
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+### Bug Fixes
+
+* 修复商用证书上传第二次运行无法使用pfx格式证书的bug ([251dd1f](https://github.com/certd/certd/commit/251dd1fe457a7b152f43eb6de18f7beb9f0b194e))
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+### Performance Improvements
+
+* 支持邮箱发送证书 ([95332d5](https://github.com/certd/certd/commit/95332d5db96cd54ddab6ab737332417a09169b39))
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+### Performance Improvements
+
+* 支持自动选择校验方式申请证书 ([3f99432](https://github.com/certd/certd/commit/3f9943270cfb12946e38e6272bc5e8d95ad6ab9e))
+* OpenAPI支持autoApply参数 ([42f4d14](https://github.com/certd/certd/commit/42f4d1477dc791520a874aed56035abcbc8c433b))
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 ### Performance Improvements

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.36.4",
+  "version": "1.36.17",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -16,10 +16,10 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.36.4",
-    "@certd/basic": "^1.36.4",
-    "@certd/pipeline": "^1.36.4",
-    "@certd/plugin-lib": "^1.36.4",
+    "@certd/acme-client": "^1.36.17",
+    "@certd/basic": "^1.36.17",
+    "@certd/pipeline": "^1.36.17",
+    "@certd/plugin-lib": "^1.36.17",
     "@google-cloud/publicca": "^1.3.0",
     "dayjs": "^1.11.7",
     "jszip": "^3.10.1",
@@ -43,5 +43,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/plugins/plugin-cert/src/dns-provider/api.ts

@@ -59,3 +59,38 @@ export interface ISubDomainsGetter {
 export interface IDomainParser {
   parse(fullDomain: string): Promise<string>;
 }
+
+export type DnsVerifier = {
+  // dns直接校验
+  dnsProviderType?: string;
+  dnsProviderAccessId?: number;
+};
+
+export type CnameVerifier = {
+  hostRecord: string;
+  domain: string;
+  recordValue: string;
+};
+
+export type HttpVerifier = {
+  // http校验
+  httpUploaderType: string;
+  httpUploaderAccess: number;
+  httpUploadRootDir: string;
+};
+export type DomainVerifier = {
+  domain: string;
+  mainDomain: string;
+  type: string;
+  dns?: DnsVerifier;
+  cname?: CnameVerifier;
+  http?: HttpVerifier;
+};
+
+export type DomainVerifiers = {
+  [key: string]: DomainVerifier;
+};
+
+export interface IDomainVerifierGetter {
+  getVerifiers(domains: string[]): Promise<DomainVerifiers>;
+}

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -23,10 +23,11 @@ export type HttpVerifyPlan = {
 
 export type DomainVerifyPlan = {
   domain: string;
+  mainDomain: string;
   type: "cname" | "dns" | "http";
   dnsProvider?: IDnsProvider;
-  cnameVerifyPlan?: Record<string, CnameVerifyPlan>;
-  httpVerifyPlan?: Record<string, HttpVerifyPlan>;
+  cnameVerifyPlan?: CnameVerifyPlan;
+  httpVerifyPlan?: HttpVerifyPlan;
 };
 export type DomainsVerifyPlan = {
   [key: string]: DomainVerifyPlan;
@@ -47,6 +48,7 @@ export type CertInfo = {
   der?: string;
   jks?: string;
   one?: string;
+  p7b?: string;
 };
 export type SSLProvider = "letsencrypt" | "google" | "zerossl";
 export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
@@ -233,23 +235,20 @@ export class AcmeService {
     let dnsProvider = providers.dnsProvider;
     let fullRecord = `_acme-challenge.${fullDomain}`;
 
-    const origDomain = punycode.toUnicode(domain);
+    // const origDomain = punycode.toUnicode(domain);
     const origFullDomain = punycode.toUnicode(fullDomain);
     if (providers.domainsVerifyPlan) {
       //按照计划执行
-      const domainVerifyPlan = providers.domainsVerifyPlan[origDomain];
+      const domainVerifyPlan = providers.domainsVerifyPlan[origFullDomain];
       if (domainVerifyPlan) {
         if (domainVerifyPlan.type === "dns") {
           dnsProvider = domainVerifyPlan.dnsProvider;
         } else if (domainVerifyPlan.type === "cname") {
-          const cnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
-          if (cnameVerifyPlan) {
-            const cname = cnameVerifyPlan[origFullDomain];
-            if (cname) {
-              dnsProvider = cname.dnsProvider;
-              domain = await this.options.domainParser.parse(cname.domain);
-              fullRecord = cname.fullRecord;
-            }
+          const cname: CnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
+          if (cname) {
+            dnsProvider = cname.dnsProvider;
+            domain = await this.options.domainParser.parse(cname.domain);
+            fullRecord = cname.fullRecord;
           } else {
             this.logger.error(`未找到域名${fullDomain}的CNAME校验计划，请修改证书申请配置`);
           }
@@ -257,13 +256,12 @@ export class AcmeService {
             throw new Error(`未找到域名${fullDomain}CNAME校验计划的DnsProvider，请修改证书申请配置`);
           }
         } else if (domainVerifyPlan.type === "http") {
-          const httpVerifyPlan = domainVerifyPlan.httpVerifyPlan;
-          if (httpVerifyPlan) {
+          const plan: HttpVerifyPlan = domainVerifyPlan.httpVerifyPlan;
+          if (plan) {
             const httpChallenge = getChallenge("http-01");
             if (httpChallenge == null) {
               throw new Error("该域名不支持http-01方式校验");
             }
-            const plan = httpVerifyPlan[fullDomain];
             return await doHttpVerify(httpChallenge, plan.httpUploader);
           } else {
             throw new Error("未找到域名【" + fullDomain + "】的http校验配置");
@@ -272,9 +270,12 @@ export class AcmeService {
           throw new Error("不支持的校验类型", domainVerifyPlan.type);
         }
       } else {
-        this.logger.info("未找到域名校验计划，使用默认的dnsProvider");
+        this.logger.warn(`未找到域名${fullDomain}的校验计划，使用默认的dnsProvider`);
       }
     }
+    if (!dnsProvider) {
+      throw new Error(`域名${fullDomain}没有匹配到任何校验方式，证书申请失败`);
+    }
 
     const dnsChallenge = getChallenge("dns-01");
     return await doDnsVerify(dnsChallenge, fullRecord, dnsProvider);

packages/plugins/plugin-cert/src/plugin/cert-plugin/base-convert.ts

@@ -1,4 +1,4 @@
-import { AbstractTaskPlugin, IContext, Step, TaskInput, TaskOutput } from "@certd/pipeline";
+import { AbstractTaskPlugin, FileItem, IContext, Step, TaskInput, TaskOutput } from "@certd/pipeline";
 import dayjs from "dayjs";
 import type { CertInfo } from "./acme.js";
 import { CertReader } from "./cert-reader.js";
@@ -71,6 +71,12 @@ export abstract class CertApplyBaseConvertPlugin extends AbstractTaskPlugin {
   })
   cert?: CertInfo;
 
+  @TaskOutput({
+    title: "域名证书压缩文件",
+    type: "certZip",
+  })
+  certZip?: FileItem;
+
   async onInstance() {
     this.userContext = this.ctx.userContext;
     this.lastStatus = this.ctx.lastStatus as Step;
@@ -119,6 +125,10 @@ export abstract class CertApplyBaseConvertPlugin extends AbstractTaskPlugin {
           cert.jks = res.jks;
         }
 
+        if (cert.p7b == null && res.p7b) {
+          cert.p7b = res.p7b;
+        }
+
         this.logger.info("转换证书格式成功");
       } catch (e) {
         this.logger.error("转换证书格式失败", e);
@@ -131,6 +141,7 @@ export abstract class CertApplyBaseConvertPlugin extends AbstractTaskPlugin {
     } else {
       this.extendsFiles();
     }
+    this.certZip = this._result.files[0];
   }
 
   async zipCert(cert: CertInfo, filename: string) {
@@ -143,6 +154,7 @@ export abstract class CertApplyBaseConvertPlugin extends AbstractTaskPlugin {
     zip.file("intermediate.crt", cert.ic);
     zip.file("origin.crt", cert.oc);
     zip.file("one.pem", cert.one);
+    zip.file("cert.p7b", cert.p7b);
     if (cert.pfx) {
       zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
     }
@@ -187,4 +199,13 @@ cert.jks：jks格式证书文件，java服务器使用
     };
     return newCert;
   }
+
+  async readLastCert(): Promise<CertReader | undefined> {
+    const cert = this.lastStatus?.status?.output?.cert;
+    if (cert == null) {
+      this.logger.info("没有找到上次的证书");
+      return undefined;
+    }
+    return new CertReader(cert);
+  }
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -33,7 +33,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
 
   @TaskInput({
     title: "证书申请成功通知",
-    value: true,
+    value: false,
     component: {
       name: "a-switch",
       vModel: "checked",
@@ -41,7 +41,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
     order: 100,
     helper: "证书申请成功后是否发送通知，优先使用默认通知渠道",
   })
-  successNotify = true;
+  successNotify = false;
 
   // @TaskInput({
   //   title: "CsrInfo",
@@ -130,15 +130,6 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
     return null;
   }
 
-  async readLastCert(): Promise<CertReader | undefined> {
-    const cert = this.lastStatus?.status?.output?.cert;
-    if (cert == null) {
-      this.logger.info("没有找到上次的证书");
-      return undefined;
-    }
-    return new CertReader(cert);
-  }
-
   /**
    * 检查是否过期，默认提前35天
    * @param expires

packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts

@@ -17,6 +17,7 @@ export type CertReaderHandleContext = {
   tmpIcPath?: string;
   tmpJksPath?: string;
   tmpOnePath?: string;
+  tmpP7bPath?: string;
 };
 export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
 export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
@@ -124,7 +125,7 @@ export class CertReader {
     return domain;
   }
 
-  saveToFile(type: "crt" | "key" | "pfx" | "der" | "oc" | "one" | "ic" | "jks", filepath?: string) {
+  saveToFile(type: "crt" | "key" | "pfx" | "der" | "oc" | "one" | "ic" | "jks" | "p7b", filepath?: string) {
     if (!this.cert[type]) {
       return;
     }
@@ -138,7 +139,7 @@ export class CertReader {
     if (!fs.existsSync(dir)) {
       fs.mkdirSync(dir, { recursive: true });
     }
-    if (type === "crt" || type === "key" || type === "ic" || type === "oc" || type === "one") {
+    if (type === "crt" || type === "key" || type === "ic" || type === "oc" || type === "one" || type === "p7b") {
       fs.writeFileSync(filepath, this.cert[type]);
     } else {
       fs.writeFileSync(filepath, Buffer.from(this.cert[type], "base64"));
@@ -157,17 +158,19 @@ export class CertReader {
     const tmpDerPath = this.saveToFile("der");
     const tmpJksPath = this.saveToFile("jks");
     const tmpOnePath = this.saveToFile("one");
+    const tmpP7bPath = this.saveToFile("p7b");
     logger.info("本地文件写入成功");
     try {
       return await opts.handle({
         reader: this,
-        tmpCrtPath: tmpCrtPath,
-        tmpKeyPath: tmpKeyPath,
-        tmpPfxPath: tmpPfxPath,
-        tmpDerPath: tmpDerPath,
-        tmpIcPath: tmpIcPath,
-        tmpJksPath: tmpJksPath,
-        tmpOcPath: tmpOcPath,
+        tmpCrtPath,
+        tmpKeyPath,
+        tmpPfxPath,
+        tmpDerPath,
+        tmpIcPath,
+        tmpJksPath,
+        tmpOcPath,
+        tmpP7bPath,
         tmpOnePath,
       });
     } catch (err) {
@@ -189,6 +192,7 @@ export class CertReader {
       removeFile(tmpIcPath);
       removeFile(tmpJksPath);
       removeFile(tmpOnePath);
+      removeFile(tmpP7bPath);
     }
   }
 
@@ -211,4 +215,8 @@ export class CertReader {
     }
     return name + "_" + dayjs().format("YYYYMMDDHHmmssSSS");
   }
+
+  static buildCertName(cert: any) {
+    return new CertReader(cert).buildCertName();
+  }
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts

@@ -18,11 +18,13 @@ export class CertConverter {
     pfx: string;
     der: string;
     jks: string;
+    p7b: string;
   }> {
     const certReader = new CertReader(opts.cert);
     let pfx: string;
     let der: string;
     let jks: string;
+    let p7b: string;
     const handle = async (ctx: CertReaderHandleContext) => {
       // 调用openssl 转pfx
       pfx = await this.convertPfx(ctx, opts.pfxPassword, opts.pfxArgs);
@@ -31,6 +33,8 @@ export class CertConverter {
       der = await this.convertDer(ctx);
 
       jks = await this.convertJks(ctx, opts.pfxPassword);
+
+      p7b = await this.convertP7b(ctx);
     };
 
     await certReader.readCertFile({ logger: this.logger, handle });
@@ -39,6 +43,7 @@ export class CertConverter {
       pfx,
       der,
       jks,
+      p7b,
     };
   }
 
@@ -95,6 +100,23 @@ export class CertConverter {
     return derCert;
   }
 
+  async convertP7b(opts: CertReaderHandleContext) {
+    const { tmpCrtPath } = opts;
+    const p7bPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.p7b`);
+    const dir = path.dirname(p7bPath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    //openssl crl2pkcs7 -nocrl \
+    //     -certfile your_domain.crt \
+    //     -certfile intermediate.crt \
+    //     -out chain.p7b
+    await this.exec(`openssl crl2pkcs7 -nocrl -certfile ${tmpCrtPath} -out ${p7bPath}`);
+    const fileBuffer = fs.readFileSync(p7bPath);
+    const p7bCert = fileBuffer.toString();
+    fs.unlinkSync(p7bPath);
+    return p7bCert;
+  }
   async convertJks(opts: CertReaderHandleContext, pfxPassword = "") {
     const jksPassword = pfxPassword || "123456";
     try {
@@ -113,9 +135,7 @@ export class CertConverter {
       if (!fs.existsSync(dir)) {
         fs.mkdirSync(dir, { recursive: true });
       }
-      await this.exec(
-        `keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `
-      );
+      await this.exec(`keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `);
       fs.unlinkSync(p12Path);
 
       const fileBuffer = fs.readFileSync(jksPath);

packages/plugins/plugin-cert/src/plugin/cert-plugin/custom/index.ts

@@ -100,8 +100,17 @@ export class CertApplyUploadPlugin extends CertApplyBaseConvertPlugin {
   async onInit(): Promise<void> {}
 
   async getCertFromStore() {
-    const certReader = new CertReader(this.uploadCert);
-    if (!certReader.expires && certReader.expires < new Date().getTime()) {
+    let certReader = null;
+    try {
+      this.logger.info("读取上次证书");
+      certReader = await this.readLastCert();
+    } catch (e) {
+      this.logger.warn("读取cert失败：", e);
+    }
+    if (certReader == null) {
+      certReader = new CertReader(this.uploadCert);
+    }
+    if (!certReader.expires || certReader.expires < new Date().getTime()) {
       throw new Error("证书已过期，停止部署，请重新上传证书");
     }
 

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -1,16 +1,16 @@
 import { CancelError, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
 import { utils } from "@certd/basic";
 
-import type { CertInfo, CnameVerifyPlan, DomainsVerifyPlan, HttpVerifyPlan, PrivateKeyType, SSLProvider } from "./acme.js";
-import { AcmeService } from "./acme.js";
+import { AcmeService, CertInfo, DomainsVerifyPlan, DomainVerifyPlan, PrivateKeyType, SSLProvider } from "./acme.js";
 import * as _ from "lodash-es";
-import { createDnsProvider, DnsProviderContext, IDnsProvider, ISubDomainsGetter } from "../../dns-provider/index.js";
+import { createDnsProvider, DnsProviderContext, DnsVerifier, DomainVerifiers, HttpVerifier, IDnsProvider, IDomainVerifierGetter, ISubDomainsGetter } from "../../dns-provider/index.js";
 import { CertReader } from "./cert-reader.js";
 import { CertApplyBasePlugin } from "./base.js";
 import { GoogleClient } from "../../libs/google.js";
 import { EabAccess } from "../../access";
 import { DomainParser } from "../../dns-provider/domain-parser.js";
 import { ossClientFactory } from "@certd/plugin-lib";
+
 export * from "./base.js";
 export type { CertInfo };
 export * from "./cert-reader.js";
@@ -66,13 +66,15 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         { value: "cname", label: "CNAME代理验证" },
         { value: "http", label: "HTTP文件验证" },
         { value: "dnses", label: "多DNS提供商" },
+        { value: "auto", label: "自动匹配" },
       ],
     },
     required: true,
     helper: `1. <b>DNS直接验证</b>：域名dns解析是在阿里云/腾讯云/华为云/CF/NameSilo/西数/火山/dns.la/京东云/51dns的，选它
-2.  <b>CNAME代理验证</b>：支持任何注册商的域名，第一次需要手动添加CNAME记录（建议将DNS服务器修改为阿里云/腾讯云的，然后使用DNS直接验证）
+2.  <b>CNAME代理验证</b>：支持任何注册商的域名，第一次需要手动添加[CNAME记录](#/certd/cname/record)（建议将DNS服务器修改为阿里云/腾讯云的，然后使用DNS直接验证）
 3.  <b>HTTP文件验证</b>：不支持泛域名，需要配置网站文件上传
 4.  <b>多DNS提供商</b>：每个域名可以选择独立的DNS提供商
+5.  <b>自动匹配</b>：需要在[域名管理](#/certd/cert/domain)中事先配置好校验方式
 `,
   })
   challengeType!: string;
@@ -333,6 +335,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
   acme!: AcmeService;
 
   eab!: EabAccess;
+
   async onInit() {
     let eab: EabAccess = null;
 
@@ -408,7 +411,9 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     let dnsProvider: IDnsProvider = null;
     let domainsVerifyPlan: DomainsVerifyPlan = null;
     if (this.challengeType === "cname" || this.challengeType === "http" || this.challengeType === "dnses") {
-      domainsVerifyPlan = await this.createDomainsVerifyPlan();
+      domainsVerifyPlan = await this.createDomainsVerifyPlan(domains, this.domainsVerifyPlan);
+    } else if (this.challengeType === "auto") {
+      domainsVerifyPlan = await this.createDomainsVerifyPlanByAuto(domains);
     } else {
       const dnsProviderType = this.dnsProviderType;
       const access = await this.getAccess(this.dnsProviderAccess);
@@ -444,73 +449,132 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
 
   async createDnsProvider(dnsProviderType: string, dnsProviderAccess: any): Promise<IDnsProvider> {
     const domainParser = this.acme.options.domainParser;
-    const context: DnsProviderContext = { access: dnsProviderAccess, logger: this.logger, http: this.ctx.http, utils, domainParser };
+    const context: DnsProviderContext = {
+      access: dnsProviderAccess,
+      logger: this.logger,
+      http: this.ctx.http,
+      utils,
+      domainParser,
+    };
     return await createDnsProvider({
       dnsProviderType,
       context,
     });
   }
 
-  async createDomainsVerifyPlan(): Promise<DomainsVerifyPlan> {
+  async createDomainsVerifyPlan(domains: string[], verifyPlanSetting: DomainsVerifyPlanInput): Promise<DomainsVerifyPlan> {
     const plan: DomainsVerifyPlan = {};
-    for (const domain in this.domainsVerifyPlan) {
-      const domainVerifyPlan = this.domainsVerifyPlan[domain];
-      let dnsProvider = null;
-      const cnameVerifyPlan: Record<string, CnameVerifyPlan> = {};
-      const httpVerifyPlan: Record<string, HttpVerifyPlan> = {};
-      if (domainVerifyPlan.type === "dns") {
-        const access = await this.getAccess(domainVerifyPlan.dnsProviderAccessId);
-        dnsProvider = await this.createDnsProvider(domainVerifyPlan.dnsProviderType, access);
-      } else if (domainVerifyPlan.type === "cname") {
-        for (const key in domainVerifyPlan.cnameVerifyPlan) {
-          const cnameRecord = await this.ctx.cnameProxyService.getByDomain(key);
-          let dnsProvider = cnameRecord.commonDnsProvider;
-          if (cnameRecord.cnameProvider.id > 0) {
-            dnsProvider = await this.createDnsProvider(cnameRecord.cnameProvider.dnsProviderType, cnameRecord.cnameProvider.access);
-          }
-          cnameVerifyPlan[key] = {
-            type: "cname",
-            domain: cnameRecord.cnameProvider.domain,
-            fullRecord: cnameRecord.recordValue,
-            dnsProvider,
-          };
-        }
-      } else if (domainVerifyPlan.type === "http") {
-        const httpUploaderContext = {
-          accessService: this.ctx.accessService,
-          logger: this.logger,
-          utils,
-        };
-        for (const key in domainVerifyPlan.httpVerifyPlan) {
-          const httpRecord = domainVerifyPlan.httpVerifyPlan[key];
-          const access = await this.getAccess(httpRecord.httpUploaderAccess);
-          let rootDir = httpRecord.httpUploadRootDir;
-          if (!rootDir.endsWith("/") && !rootDir.endsWith("\\")) {
-            rootDir = rootDir + "/";
-          }
-          this.logger.info("上传方式", httpRecord.httpUploaderType);
-          const httpUploader = await ossClientFactory.createOssClientByType(httpRecord.httpUploaderType, {
-            access,
-            rootDir: rootDir,
-            ctx: httpUploaderContext,
-          });
-          httpVerifyPlan[key] = {
-            type: "http",
-            domain: key,
-            httpUploader,
-          };
-        }
+
+    const domainParser = this.acme.options.domainParser;
+    for (const fullDomain of domains) {
+      const domain = fullDomain.replaceAll("*.", "");
+      const mainDomain = await domainParser.parse(domain);
+      const planSetting: DomainVerifyPlanInput = verifyPlanSetting[mainDomain];
+      if (planSetting == null) {
+        throw new Error(`没有找到域名（${domain}）的校验计划`);
+      }
+      if (planSetting.type === "dns") {
+        plan[domain] = await this.createDnsDomainVerifyPlan(planSetting, domain, mainDomain);
+      } else if (planSetting.type === "cname") {
+        plan[domain] = await this.createCnameDomainVerifyPlan(domain, mainDomain);
+      } else if (planSetting.type === "http") {
+        plan[domain] = await this.createHttpDomainVerifyPlan(planSetting.httpVerifyPlan[domain], domain, mainDomain);
       }
-      plan[domain] = {
-        domain,
-        type: domainVerifyPlan.type,
-        dnsProvider,
-        cnameVerifyPlan,
-        httpVerifyPlan,
-      };
     }
     return plan;
   }
+
+  private async createDomainsVerifyPlanByAuto(domains: string[]) {
+    //从数据库里面自动选择校验方式
+    // domain list
+    const domainList = new Set<string>();
+    //整理域名
+    for (let domain of domains) {
+      domain = domain.replaceAll("*.", "");
+      domainList.add(domain);
+    }
+    const domainVerifierGetter: IDomainVerifierGetter = await this.ctx.serviceGetter.get("domainVerifierGetter");
+
+    const verifiers: DomainVerifiers = await domainVerifierGetter.getVerifiers([...domainList]);
+
+    const plan: DomainsVerifyPlan = {};
+
+    for (const domain in verifiers) {
+      const verifier = verifiers[domain];
+      if (verifier == null) {
+        throw new Error(`没有找到与该域名（${domain}）匹配的校验方式，请先到‘域名管理’页面添加校验方式`);
+      }
+      if (verifier.type === "dns") {
+        plan[domain] = await this.createDnsDomainVerifyPlan(verifier.dns, domain, verifier.mainDomain);
+      } else if (verifier.type === "cname") {
+        plan[domain] = await this.createCnameDomainVerifyPlan(domain, verifier.mainDomain);
+      } else if (verifier.type === "http") {
+        plan[domain] = await this.createHttpDomainVerifyPlan(verifier.http, domain, verifier.mainDomain);
+      }
+    }
+    return plan;
+  }
+
+  private async createDnsDomainVerifyPlan(planSetting: DnsVerifier, domain: string, mainDomain: string): Promise<DomainVerifyPlan> {
+    const access = await this.getAccess(planSetting.dnsProviderAccessId);
+    return {
+      type: "dns",
+      mainDomain,
+      domain,
+      dnsProvider: await this.createDnsProvider(planSetting.dnsProviderType, access),
+    };
+  }
+
+  private async createHttpDomainVerifyPlan(httpSetting: HttpVerifier, domain: string, mainDomain: string): Promise<DomainVerifyPlan> {
+    const httpUploaderContext = {
+      accessService: this.ctx.accessService,
+      logger: this.logger,
+      utils,
+    };
+
+    const access = await this.getAccess(httpSetting.httpUploaderAccess);
+    let rootDir = httpSetting.httpUploadRootDir;
+    if (!rootDir.endsWith("/") && !rootDir.endsWith("\\")) {
+      rootDir = rootDir + "/";
+    }
+    this.logger.info("上传方式", httpSetting.httpUploaderType);
+    const httpUploader = await ossClientFactory.createOssClientByType(httpSetting.httpUploaderType, {
+      access,
+      rootDir: rootDir,
+      ctx: httpUploaderContext,
+    });
+    return {
+      type: "http",
+      domain,
+      mainDomain,
+      httpVerifyPlan: {
+        type: "http",
+        domain,
+        httpUploader,
+      },
+    };
+  }
+
+  private async createCnameDomainVerifyPlan(domain: string, mainDomain: string): Promise<DomainVerifyPlan> {
+    const cnameRecord = await this.ctx.cnameProxyService.getByDomain(domain);
+    if (cnameRecord == null) {
+      throw new Error(`请先配置${domain}的CNAME记录，并通过校验`);
+    }
+    let dnsProvider = cnameRecord.commonDnsProvider;
+    if (cnameRecord.cnameProvider.id > 0) {
+      dnsProvider = await this.createDnsProvider(cnameRecord.cnameProvider.dnsProviderType, cnameRecord.cnameProvider.access);
+    }
+    return {
+      type: "cname",
+      domain,
+      mainDomain,
+      cnameVerifyPlan: {
+        domain: cnameRecord.cnameProvider.domain,
+        fullRecord: cnameRecord.recordValue,
+        dnsProvider,
+      },
+    };
+  }
 }
 
 new CertApplyPlugin();

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,66 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+### Performance Improvements
+
+* 腾讯云关闭证书通知增加开关选项，在腾讯云授权里面 ([a77c777](https://github.com/certd/certd/commit/a77c777980dd38d97d983124eeed1596879bba95))
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+### Performance Improvements
+
+* 支持webhook部署证书 ([cbe0b1c](https://github.com/certd/certd/commit/cbe0b1c5a6538f232e9a63f1693d20d5acf0a306))
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+### Performance Improvements
+
+* 1panel支持 currenNode ([acc8907](https://github.com/certd/certd/commit/acc890730f43d492c9b1bd3668814cf10efdf7b8))
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+### Bug Fixes
+
+* 修复阿里云发送短信验证码失败的bug ([2e6d03f](https://github.com/certd/certd/commit/2e6d03ff001f521f57368e7a62b97ed7b122e8d0))
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+### Bug Fixes
+
+* 修复ssh无法执行命令的bug ([9763cb0](https://github.com/certd/certd/commit/9763cb00e5d95b2fa5d1c2d3d4a8eecac71600e6))
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+### Bug Fixes
+
+* 修复流水线页面状态没有刷新的bug ([93e9498](https://github.com/certd/certd/commit/93e9498b410353f504e11e264db62468895d7290))
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 ### Bug Fixes

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.36.4",
+  "version": "1.36.17",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -21,8 +21,8 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.10",
     "@aws-sdk/client-s3": "^3.787.0",
-    "@certd/basic": "^1.36.4",
-    "@certd/pipeline": "^1.36.4",
+    "@certd/basic": "^1.36.17",
+    "@certd/pipeline": "^1.36.17",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",
@@ -53,5 +53,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "1bde777beead9dd23b8d3d98479d616170b8bb69"
+  "gitHead": "831c325c6383ba0a6f2dfa7496451ec714784e93"
 }

packages/plugins/plugin-lib/src/aliyun/access/aliyun-access.ts

@@ -7,9 +7,9 @@ export type AliyunClientV2Req = {
   // 接口 HTTP 方法
   method?: "GET" | "POST";
   authType?: "AK";
-  style?: "RPC";
+  style?: "RPC" | "ROA";
   // 接口 PATH
-  pathname?: `/`;
+  pathname?: string;
 
   data?: any;
 };
@@ -63,10 +63,10 @@ export class AliyunClientV2 {
       protocol: "HTTPS",
       // 接口 HTTP 方法
       method: req.method ?? "POST",
-      authType: "AK",
-      style: "RPC",
+      authType: req.authType ?? "AK",
+      style: req.style ?? "RPC",
       // 接口 PATH
-      pathname: `/`,
+      pathname: req.pathname ?? `/`,
       // 接口请求体内容格式
       reqBodyType: "json",
       // 接口响应体内容格式

packages/plugins/plugin-lib/src/aliyun/lib/base-client.ts

@@ -35,7 +35,7 @@ export class AliyunClient {
   }
 
   checkRet(ret: any) {
-    if (ret.Code != null) {
+    if (ret.Code != null && ret.Code !== "OK" && ret.Message !== "OK") {
       throw new Error("执行失败：" + ret.Message);
     }
   }

packages/plugins/plugin-lib/src/aliyun/lib/ssl-client.ts

@@ -9,7 +9,8 @@ export type AliyunCertInfo = {
 export type AliyunSslClientOpts = {
   access: AliyunAccess;
   logger: ILogger;
-  endpoint: string;
+  endpoint?: string;
+  region?: string;
 };
 
 export type AliyunSslGetResourceListReq = {
@@ -48,10 +49,19 @@ export class AliyunSslClient {
   async getClient() {
     const access = this.opts.access;
     const client = new AliyunClient({ logger: this.opts.logger });
+
+    let endpoint = this.opts.endpoint || "cas.aliyuncs.com";
+    if (this.opts.endpoint == null && this.opts.region) {
+      if (this.opts.region === "cn-hangzhou") {
+        endpoint = "cas.aliyuncs.com";
+      } else {
+        endpoint = `cas.${this.opts.region}.aliyuncs.com`;
+      }
+    }
     await client.init({
       accessKeyId: access.accessKeyId,
       accessKeySecret: access.accessKeySecret,
-      endpoint: `https://${this.opts.endpoint || "cas.aliyuncs.com"}`,
+      endpoint: `https://${endpoint}`,
       apiVersion: "2020-04-07",
     });
     return client;

packages/plugins/plugin-lib/src/common/util.ts

@@ -17,7 +17,7 @@ export function createCertDomainGetterInputDefine(opts?: { certInputKey?: string
           }
         }
         `,
-      template:false,
+      template: false,
       required: true,
     },
     opts?.props
@@ -42,6 +42,7 @@ export function createRemoteSelectInputDefine(opts?: {
   search?: boolean;
   pager?: boolean;
   component?: any;
+  value?: any;
 }) {
   const title = opts?.title || "请选择";
   const certDomainsInputKey = opts?.certDomainsInputKey || "certDomains";
@@ -74,6 +75,7 @@ export function createRemoteSelectInputDefine(opts?: {
       watches: [certDomainsInputKey, accessIdInputKey, ...watches],
       ...opts.component,
     },
+    value: opts.value,
     rules: opts?.rules,
     required: opts.required ?? true,
     mergeScript:

packages/plugins/plugin-lib/src/ctyun/access/ctyun-access.ts

@@ -5,6 +5,7 @@ import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
   title: "天翼云授权",
   desc: "",
   icon: "ant-design:aliyun-outlined",
+  order: 2,
 })
 export class CtyunAccess extends BaseAccess {
   @AccessInput({

packages/plugins/plugin-lib/src/oss/impls/ssh.ts

@@ -16,6 +16,10 @@ export default class SshOssClientImpl extends BaseOssClient<SshAccess> {
     throw new Error("Method not implemented.");
   }
   async upload(filePath: string, fileContent: Buffer) {
+    if (!filePath) {
+      filePath = "";
+    }
+    filePath = filePath.trim();
     const tmpFilePath = path.join(os.tmpdir(), "cert", "http", filePath);
 
     // Write file to temp path

packages/plugins/plugin-lib/src/qiniu/access.ts

@@ -6,6 +6,7 @@ import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
   desc: "",
   icon: "svg:icon-qiniuyun",
   input: {},
+  order: 2,
 })
 export class QiniuAccess extends BaseAccess {
   @AccessInput({

packages/plugins/plugin-lib/src/ssh/ssh-access.ts

@@ -5,6 +5,7 @@ import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
   desc: "",
   icon: "clarity:host-line",
   input: {},
+  order: 0,
 })
 export class SshAccess extends BaseAccess {
   @AccessInput({
@@ -45,8 +46,8 @@ export class SshAccess extends BaseAccess {
     title: "私钥登录",
     helper: "私钥或密码必填一项",
     component: {
-      name: "a-textarea",
-      vModel: "value",
+      name: "pem-input",
+      vModel: "modelValue",
     },
     encrypt: true,
   })

packages/plugins/plugin-lib/src/ssh/ssh.ts

@@ -247,6 +247,9 @@ export class AsyncSsh2Client {
             const err = this.convert(iconv, ret);
             stdErr += err;
             hasErrorLog = true;
+            if (err.includes("sudo: a password is required")) {
+              this.logger.warn("请配置sudo免密，否则命令无法执行");
+            }
             this.logger.error(`[${this.connConf.host}][error]: ` + err.trimEnd());
           });
       });
@@ -491,7 +494,7 @@ export class SshClient {
    * Set-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\cmd.exe"
    * @param options
    */
-  async exec(options: { connectConf: SshAccess; script: string | Array<string>; env?: any; throwOnStdErr?: boolean }): Promise<string> {
+  async exec(options: { connectConf: SshAccess; script: string | Array<string>; env?: any; throwOnStdErr?: boolean; stopOnError?: boolean }): Promise<string> {
     let { script } = options;
     const { connectConf, throwOnStdErr } = options;
 
@@ -521,10 +524,10 @@ export class SshClient {
         }
 
         if (isWinCmd) {
-          //组合成&&的形式
           if (typeof script === "string") {
             script = script.split("\n");
           }
+          //组合成&&的形式
           script = envScripts.concat(script);
           script = script as Array<string>;
           script = script.join(" && ");
@@ -538,6 +541,11 @@ export class SshClient {
             script = envScripts.join(newLine) + newLine + script;
           }
         }
+
+        if (isLinux && options.stopOnError !== false) {
+          script = "set -e\n" + script;
+        }
+
         return await conn.exec(script as string, { throwOnStdErr });
       },
     });

packages/plugins/plugin-lib/src/tencent/access.ts

@@ -4,6 +4,7 @@ import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
   name: "tencent",
   title: "腾讯云",
   icon: "svg:icon-tencentcloud",
+  order: 0,
 })
 export class TencentAccess extends BaseAccess {
   @AccessInput({
@@ -46,7 +47,21 @@ export class TencentAccess extends BaseAccess {
   })
   accountType: string;
 
+  @AccessInput({
+    title: "关闭证书过期通知",
+    value: true,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+  })
+  closeExpiresNotify: boolean = true;
+
   isIntl() {
     return this.accountType === "intl";
   }
+
+  intlDomain() {
+    return this.isIntl() ? "intl." : "";
+  }
 }

packages/plugins/plugin-lib/src/tencent/lib/cos-client.js

@@ -0,0 +1,183 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TencentCosClient = void 0;
+var basic_1 = require("@certd/basic");
+var fs_1 = require("fs");
+var TencentCosClient = /** @class */ (function () {
+    function TencentCosClient(opts) {
+        this.access = opts.access;
+        this.logger = opts.logger;
+        this.bucket = opts.bucket;
+        this.region = opts.region;
+    }
+    TencentCosClient.prototype.getCosClient = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var sdk, clientConfig;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, Promise.resolve().then(function () { return require("cos-nodejs-sdk-v5"); })];
+                    case 1:
+                        sdk = _a.sent();
+                        clientConfig = {
+                            SecretId: this.access.secretId,
+                            SecretKey: this.access.secretKey,
+                        };
+                        return [2 /*return*/, new sdk.default(clientConfig)];
+                }
+            });
+        });
+    };
+    TencentCosClient.prototype.uploadFile = function (key, file) {
+        return __awaiter(this, void 0, void 0, function () {
+            var cos;
+            var _this = this;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.getCosClient()];
+                    case 1:
+                        cos = _a.sent();
+                        return [2 /*return*/, (0, basic_1.safePromise)(function (resolve, reject) {
+                                var readableStream = file;
+                                if (typeof file === "string") {
+                                    readableStream = fs_1.default.createReadStream(file);
+                                }
+                                cos.putObject({
+                                    Bucket: _this.bucket /* 必须 */,
+                                    Region: _this.region /* 必须 */,
+                                    Key: key /* 必须 */,
+                                    Body: readableStream, // 上传文件对象
+                                    onProgress: function (progressData) {
+                                        console.log(JSON.stringify(progressData));
+                                    },
+                                }, function (err, data) {
+                                    if (err) {
+                                        reject(err);
+                                        return;
+                                    }
+                                    resolve(data);
+                                });
+                            })];
+                }
+            });
+        });
+    };
+    TencentCosClient.prototype.removeFile = function (key) {
+        return __awaiter(this, void 0, void 0, function () {
+            var cos;
+            var _this = this;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.getCosClient()];
+                    case 1:
+                        cos = _a.sent();
+                        return [2 /*return*/, (0, basic_1.safePromise)(function (resolve, reject) {
+                                cos.deleteObject({
+                                    Bucket: _this.bucket,
+                                    Region: _this.region,
+                                    Key: key,
+                                }, function (err, data) {
+                                    if (err) {
+                                        reject(err);
+                                        return;
+                                    }
+                                    resolve(data);
+                                });
+                            })];
+                }
+            });
+        });
+    };
+    TencentCosClient.prototype.downloadFile = function (key, savePath) {
+        return __awaiter(this, void 0, void 0, function () {
+            var cos, writeStream;
+            var _this = this;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.getCosClient()];
+                    case 1:
+                        cos = _a.sent();
+                        writeStream = fs_1.default.createWriteStream(savePath);
+                        return [2 /*return*/, (0, basic_1.safePromise)(function (resolve, reject) {
+                                cos.getObject({
+                                    Bucket: _this.bucket,
+                                    Region: _this.region,
+                                    Key: key,
+                                    Output: writeStream,
+                                }, function (err, data) {
+                                    if (err) {
+                                        reject(err);
+                                        return;
+                                    }
+                                    resolve(data);
+                                });
+                            })];
+                }
+            });
+        });
+    };
+    TencentCosClient.prototype.listDir = function (dirKey) {
+        return __awaiter(this, void 0, void 0, function () {
+            var cos;
+            var _this = this;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.getCosClient()];
+                    case 1:
+                        cos = _a.sent();
+                        return [2 /*return*/, (0, basic_1.safePromise)(function (resolve, reject) {
+                                cos.getBucket({
+                                    Bucket: _this.bucket,
+                                    Region: _this.region,
+                                    Prefix: dirKey,
+                                    MaxKeys: 1000,
+                                }, function (err, data) {
+                                    if (err) {
+                                        reject(err);
+                                        return;
+                                    }
+                                    resolve(data.Contents);
+                                });
+                            })];
+                }
+            });
+        });
+    };
+    return TencentCosClient;
+}());
+exports.TencentCosClient = TencentCosClient;

packages/plugins/plugin-lib/src/tencent/lib/ssl-client.ts

@@ -26,7 +26,7 @@ export class TencentSslClient {
       region: this.region,
       profile: {
         httpProfile: {
-          endpoint: "ssl.tencentcloudapi.com",
+          endpoint: this.access.isIntl() ? "ssl.intl.tencentcloudapi.com" : "ssl.tencentcloudapi.com",
         },
       },
     };
@@ -50,7 +50,10 @@ export class TencentSslClient {
     const ret = await client.UploadCertificate(params);
     this.checkRet(ret);
     this.logger.info(`证书[${opts.certName}]上传成功：tencentCertId=`, ret.CertificateId);
-    await this.switchCertNotify([ret.CertificateId], true);
+    if (this.access.closeExpiresNotify) {
+      await this.switchCertNotify([ret.CertificateId], true);
+    }
+
     return ret.CertificateId;
   }
 

packages/ui/certd-client/.env

@@ -9,4 +9,5 @@ VITE_APP_COPYRIGHT_URL=https://certd.handsfree.work
 VITE_APP_LOGO=static/images/logo/logo.svg
 VITE_APP_LOGIN_LOGO=static/images/logo/rect-black.svg
 VITE_APP_PROJECT_PATH=https://github.com/certd/certd
-VITE_APP_NAMESPACE=fs
+VITE_APP_NAMESPACE=fs
+VITE_APP_VIP_PRODUCT_URL=http://localhost:1017/subject#/product/list

packages/ui/certd-client/.gitignore

@@ -9,3 +9,4 @@ yarn.lock
 /.idea/
 yarn-error.log
 vite-profile.cpuprofile
+!build

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,97 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.36.17](https://github.com/certd/certd/compare/v1.36.16...v1.36.17) (2025-08-17)
+
+**Note:** Version bump only for package @certd/ui-client
+
+## [1.36.16](https://github.com/certd/certd/compare/v1.36.15...v1.36.16) (2025-08-16)
+
+### Bug Fixes
+
+* 修复授权配置复制功能，无法复制已加密字段的问题 ([221e068](https://github.com/certd/certd/commit/221e068bac3af6cd5d1794f8cd4c2ec5c0bc3f45))
+
+### Performance Improvements
+
+* 增加找回密码的验证码可重试次数 [@nicheng-he](https://github.com/nicheng-he)  ([#496](https://github.com/certd/certd/issues/496)) ([fe03f99](https://github.com/certd/certd/commit/fe03f9942b5662fb90cad86da10782f5dc3603f5))
+* 支持阿里云API网关 ([9e1e4ee](https://github.com/certd/certd/commit/9e1e4eeec2859759ca5b07834c9d24cf88a6ad33))
+* 支持部署到金山云CDN ([dfa74a6](https://github.com/certd/certd/commit/dfa74a69f7cbb9009d3e20c7eecfa1b905a00cf0))
+
+## [1.36.15](https://github.com/certd/certd/compare/v1.36.14...v1.36.15) (2025-08-07)
+
+### Performance Improvements
+
+* 部署到阿里云支持选择bucket和域名 ([013b9c4](https://github.com/certd/certd/commit/013b9c4c7c2adf485d086123ccea448719577fd4))
+* 支持webhook部署证书 ([cbe0b1c](https://github.com/certd/certd/commit/cbe0b1c5a6538f232e9a63f1693d20d5acf0a306))
+* 注册时支持填写用户名 ([fdcfcc7](https://github.com/certd/certd/commit/fdcfcc77a0db87954e0b026635d3ccdd9bc6cee8))
+
+## [1.36.14](https://github.com/certd/certd/compare/v1.36.13...v1.36.14) (2025-07-28)
+
+### Bug Fixes
+
+* 修复复制流水线为空的bug ([b070773](https://github.com/certd/certd/commit/b0707739fdfbae3d78db4efd3f180db05c4e4164))
+
+### Performance Improvements
+
+* 授权管理支持模糊查询 ([866eb62](https://github.com/certd/certd/commit/866eb6241baa7b21f6eddc649966324c188236c6))
+* 新增找回密码功能 [@nicheng-he](https://github.com/nicheng-he) ([81ac240](https://github.com/certd/certd/commit/81ac240ac84db0af2f56b6352e227ecb49f38377))
+
+## [1.36.13](https://github.com/certd/certd/compare/v1.36.12...v1.36.13) (2025-07-23)
+
+### Performance Improvements
+
+* 阿里云部分插件优化  [@nicheng-he](https://github.com/nicheng-he) ([e3738f6](https://github.com/certd/certd/commit/e3738f6422270d75ec414c15a343248cc4cad6e1))
+
+## [1.36.12](https://github.com/certd/certd/compare/v1.36.11...v1.36.12) (2025-07-22)
+
+### Bug Fixes
+
+* 上传到阿里云cas，证书前缀无效的bug ([b382351](https://github.com/certd/certd/commit/b382351c7b91ec10e1f61d94bec5aad075207ec8))
+
+### Performance Improvements
+
+* 首页增加更新日志按钮 ([41ce848](https://github.com/certd/certd/commit/41ce8489dc2f03a705dfa3fbb357769defb56c60))
+* 增加版本过低提示 ([d1ce360](https://github.com/certd/certd/commit/d1ce36038cab72b5dc1b320d0a708c261ffbdacb))
+
+## [1.36.11](https://github.com/certd/certd/compare/v1.36.10...v1.36.11) (2025-07-22)
+
+**Note:** Version bump only for package @certd/ui-client
+
+## [1.36.10](https://github.com/certd/certd/compare/v1.36.9...v1.36.10) (2025-07-18)
+
+### Performance Improvements
+
+* 优化子域名托管的说明 ([b15f514](https://github.com/certd/certd/commit/b15f514018b728acb0922ee3f93c1f302eb5d471))
+* 账号即将过期通知 ([e403450](https://github.com/certd/certd/commit/e40345095f31e2fb8e2333a6647466659133fa0c))
+* 子域名托管重复域名不允许添加 ([ffc0c7b](https://github.com/certd/certd/commit/ffc0c7bb7b16d9904fd2d905d1c4e1d4854e92a9))
+
+## [1.36.9](https://github.com/certd/certd/compare/v1.36.7...v1.36.9) (2025-07-15)
+
+**Note:** Version bump only for package @certd/ui-client
+
+## [1.36.7](https://github.com/certd/certd/compare/v1.36.6...v1.36.7) (2025-07-15)
+
+### Bug Fixes
+
+* 修复流水线页面状态没有刷新的bug ([93e9498](https://github.com/certd/certd/commit/93e9498b410353f504e11e264db62468895d7290))
+
+## [1.36.6](https://github.com/certd/certd/compare/v1.36.5...v1.36.6) (2025-07-14)
+
+### Bug Fixes
+
+* 修复某些页面翻译不全显示错误的bug ([0b3158f](https://github.com/certd/certd/commit/0b3158fdd5fe5bb0a98c4e65715dbc3de2c38047))
+* 修复运行流水线后会闪烁一下的bug ([dfc9362](https://github.com/certd/certd/commit/dfc9362084082ee535b898f23b2609c1d946a6fd))
+
+### Performance Improvements
+
+* 通知和定时器的删除按钮显示为红色更显眼 ([61ba83c](https://github.com/certd/certd/commit/61ba83c77546c3d505d081e19a3d68c127662bf1))
+* 优化流水线列表页面、详情页面性能，精简返回数据 ([609ac9c](https://github.com/certd/certd/commit/609ac9c9a2dde605eb09834ae59693c1cb238765))
+* OpenAPI支持autoApply参数 ([42f4d14](https://github.com/certd/certd/commit/42f4d1477dc791520a874aed56035abcbc8c433b))
+
+## [1.36.5](https://github.com/certd/certd/compare/v1.36.4...v1.36.5) (2025-07-11)
+
+**Note:** Version bump only for package @certd/ui-client
+
 ## [1.36.4](https://github.com/certd/certd/compare/v1.36.3...v1.36.4) (2025-07-10)
 
 ### Bug Fixes

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.36.4",
+  "version": "1.36.17",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -43,7 +43,7 @@
     "@tailwindcss/typography": "^0.5.16",
     "@tanstack/vue-store": "^0.7.0",
     "@vee-validate/zod": "^4.15.0",
-    "@vue-js-cron/light": "^4.0.5",
+    "@certd/vue-js-cron-light": "^4.0.14",
     "@vue/shared": "^3.5.13",
     "@vueuse/core": "^10.11.0",
     "ant-design-vue": "^4.2.6",
@@ -103,8 +103,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.36.4",
-    "@certd/pipeline": "^1.36.4",
+    "@certd/lib-iframe": "^1.36.17",
+    "@certd/pipeline": "^1.36.17",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",
@@ -120,7 +120,7 @@
     "@vue/compiler-sfc": "^3.4.21",
     "@vue/eslint-config-typescript": "^13.0.0",
     "@vue/test-utils": "^2.4.6",
-    "autoprefixer": "^10.4.20",
+    "autoprefixer": "^10.4.21",
     "caller-path": "^4.0.0",
     "chai": "^5.1.0",
     "dependency-cruiser": "^16.2.3",

packages/ui/certd-client/public/static/icons/demo_index.html

@@ -54,6 +54,36 @@
       <div class="content unicode" style="display: block;">
           <ul class="icon_lists dib-box">
           
+            <li class="dib">
+              <span class="icon iconfont">&#xe8fb;</span>
+                <div class="name">social-foursquare</div>
+                <div class="code-name">&amp;#xe8fb;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe65a;</span>
+                <div class="name">ksyun-logo</div>
+                <div class="code-name">&amp;#xe65a;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe608;</span>
+                <div class="name">雨-copy</div>
+                <div class="code-name">&amp;#xe608;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe655;</span>
+                <div class="name">网宿</div>
+                <div class="code-name">&amp;#xe655;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe727;</span>
+                <div class="name">ai客服</div>
+                <div class="code-name">&amp;#xe727;</div>
+              </li>
+          
             <li class="dib">
               <span class="icon iconfont">&#xe6e4;</span>
                 <div class="name">cdn</div>
@@ -198,7 +228,7 @@
 <pre><code class="language-css"
 >@font-face {
   font-family: 'iconfont';
-  src: url('iconfont.svg?t=1743267254898#iconfont') format('svg');
+  src: url('iconfont.svg?t=1754884110189#iconfont') format('svg');
 }
 </code></pre>
           <h3 id="-iconfont-">第二步：定义使用 iconfont 的样式</h3>
@@ -224,6 +254,51 @@
       <div class="content font-class">
         <ul class="icon_lists dib-box">
           
+          <li class="dib">
+            <span class="icon iconfont icon-four"></span>
+            <div class="name">
+              social-foursquare
+            </div>
+            <div class="code-name">.icon-four
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-ksyun"></span>
+            <div class="name">
+              ksyun-logo
+            </div>
+            <div class="code-name">.icon-ksyun
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-rainyun"></span>
+            <div class="name">
+              雨-copy
+            </div>
+            <div class="code-name">.icon-rainyun
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-wangsu"></span>
+            <div class="name">
+              网宿
+            </div>
+            <div class="code-name">.icon-wangsu
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-aikefu"></span>
+            <div class="name">
+              ai客服
+            </div>
+            <div class="code-name">.icon-aikefu
+            </div>
+          </li>
+          
           <li class="dib">
             <span class="icon iconfont icon-cdn"></span>
             <div class="name">
@@ -440,6 +515,46 @@
       <div class="content symbol">
           <ul class="icon_lists dib-box">
           
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-four"></use>
+                </svg>
+                <div class="name">social-foursquare</div>
+                <div class="code-name">#icon-four</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-ksyun"></use>
+                </svg>
+                <div class="name">ksyun-logo</div>
+                <div class="code-name">#icon-ksyun</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-rainyun"></use>
+                </svg>
+                <div class="name">雨-copy</div>
+                <div class="code-name">#icon-rainyun</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-wangsu"></use>
+                </svg>
+                <div class="name">网宿</div>
+                <div class="code-name">#icon-wangsu</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-aikefu"></use>
+                </svg>
+                <div class="name">ai客服</div>
+                <div class="code-name">#icon-aikefu</div>
+            </li>
+          
             <li class="dib">
                 <svg class="icon svg-icon" aria-hidden="true">
                   <use xlink:href="#icon-cdn"></use>

packages/ui/certd-client/public/static/icons/iconfont.css

@@ -1,6 +1,6 @@
 @font-face {
   font-family: "iconfont"; /* Project id 4688792 */
-  src: url('iconfont.svg?t=1743267254898#iconfont') format('svg');
+  src: url('iconfont.svg?t=1754884110189#iconfont') format('svg');
 }
 
 .iconfont {
@@ -11,6 +11,26 @@
   -moz-osx-font-smoothing: grayscale;
 }
 
+.icon-four:before {
+  content: "\e8fb";
+}
+
+.icon-ksyun:before {
+  content: "\e65a";
+}
+
+.icon-rainyun:before {
+  content: "\e608";
+}
+
+.icon-wangsu:before {
+  content: "\e655";
+}
+
+.icon-aikefu:before {
+  content: "\e727";
+}
+
 .icon-cdn:before {
   content: "\e6e4";
 }

packages/ui/certd-client/public/static/icons/iconfont.json

@@ -5,6 +5,41 @@
   "css_prefix_text": "icon-",
   "description": "",
   "glyphs": [
+    {
+      "icon_id": "544964",
+      "name": "social-foursquare",
+      "font_class": "four",
+      "unicode": "e8fb",
+      "unicode_decimal": 59643
+    },
+    {
+      "icon_id": "8567079",
+      "name": "ksyun-logo",
+      "font_class": "ksyun",
+      "unicode": "e65a",
+      "unicode_decimal": 58970
+    },
+    {
+      "icon_id": "42174864",
+      "name": "雨-copy",
+      "font_class": "rainyun",
+      "unicode": "e608",
+      "unicode_decimal": 58888
+    },
+    {
+      "icon_id": "14065547",
+      "name": "网宿",
+      "font_class": "wangsu",
+      "unicode": "e655",
+      "unicode_decimal": 58965
+    },
+    {
+      "icon_id": "41324539",
+      "name": "ai客服",
+      "font_class": "aikefu",
+      "unicode": "e727",
+      "unicode_decimal": 59175
+    },
     {
       "icon_id": "13592652",
       "name": "cdn",

packages/ui/certd-client/src/components/index.ts

@@ -4,8 +4,8 @@ import vip from "./vip-button/install.js";
 import { CheckCircleOutlined, InfoCircleOutlined, UndoOutlined } from "@ant-design/icons-vue";
 import CronEditor from "./cron-editor/index.vue";
 import FoldBox from "./fold-box.vue";
-import { CronLight } from "@vue-js-cron/light";
-import "@vue-js-cron/light/dist/light.css";
+import { CronLight } from "@certd/vue-js-cron-light";
+import "@certd/vue-js-cron-light/dist/light.css";
 import Plugins from "./plugins/index";
 import LoadingButton from "./loading-button.vue";
 import IconSelect from "./icon-select.vue";

packages/ui/certd-client/src/components/pem-input.vue

@@ -1,7 +1,7 @@
 <template>
   <div class="pem-input">
     <FileInput v-bind="fileInput" class="mb-5" type="primary" text="选择文件" @change="onChange" />
-    <a-textarea v-bind="textarea" :value="modelValue" @update:value="emitValue"></a-textarea>
+    <a-textarea placeholder="或直接粘贴" v-bind="textarea" :value="modelValue" @update:value="emitValue"></a-textarea>
   </div>
 </template>
 
@@ -27,7 +27,7 @@ function onChange(e: any) {
   const size = file.size;
   if (size > 100 * 1024) {
     notification.error({
-      message: "文件超过100k，请选择正确的证书文件",
+      message: "文件超过100k，请选择正确的文件",
     });
     return;
   }

packages/ui/certd-client/src/components/plugins/cert/domains-verify-plan-editor/http-verify-plan.vue

@@ -33,6 +33,7 @@
 import { Ref, ref, watch, nextTick } from "vue";
 import { HttpRecord } from "/@/components/plugins/cert/domains-verify-plan-editor/type";
 import { dict } from "@fast-crud/fast-crud";
+import { Dicts } from "/@/components/plugins/lib/dicts";
 
 defineOptions({
   name: "HttpVerifyPlan",
@@ -68,17 +69,7 @@ async function onRecordChange() {
   emit("change", records.value);
 }
 
-const uploaderTypeDict = dict({
-  data: [
-    { label: "SFTP", value: "sftp" },
-    { label: "FTP", value: "ftp" },
-    { label: "阿里云OSS", value: "alioss" },
-    { label: "腾讯云COS", value: "tencentcos" },
-    { label: "七牛OSS", value: "qiniuoss" },
-    { label: "S3/Minio", value: "s3" },
-    { label: "SSH(已废弃，请选择SFTP方式)", value: "ssh", disabled: true },
-  ],
-});
+const uploaderTypeDict = Dicts.uploaderTypeDict;
 </script>
 
 <style lang="less">

packages/ui/certd-client/src/components/plugins/common/remote-auto-complete.vue

@@ -0,0 +1,164 @@
+<template>
+  <div class="remote-auto-complete">
+    <div class="flex flex-row">
+      <a-auto-complete class="remote-auto-complete-input" :filter-option="filterOption" :options="optionsRef" :value="value" v-bind="attrs" @click="onClick" @update:value="emit('update:value', $event)">
+      </a-auto-complete>
+      <div class="ml-5">
+        <fs-button :loading="loading" title="刷新选项" icon="ion:refresh-outline" @click="refreshOptions"></fs-button>
+      </div>
+    </div>
+    <div class="helper" :class="{ error: hasError }">
+      {{ message }}
+    </div>
+  </div>
+</template>
+<script setup lang="ts">
+import { ComponentPropsType, doRequest } from "/@/components/plugins/lib";
+import { defineComponent, inject, ref, useAttrs, watch, Ref } from "vue";
+import { PluginDefine } from "@certd/pipeline";
+
+defineOptions({
+  name: "RemoteAutoComplete",
+});
+
+const props = defineProps<
+  {
+    watches: string[];
+  } & ComponentPropsType
+>();
+
+const emit = defineEmits<{
+  "update:value": any;
+}>();
+
+const attrs = useAttrs();
+
+const getCurrentPluginDefine: any = inject("getCurrentPluginDefine", () => {
+  return {};
+});
+const getScope: any = inject("get:scope", () => {
+  return {};
+});
+const getPluginType: any = inject("get:plugin:type", () => {
+  return "plugin";
+});
+
+const optionsRef = ref([]);
+const message = ref("");
+const hasError = ref(false);
+const loading = ref(false);
+
+const getOptions = async () => {
+  if (loading.value) {
+    return;
+  }
+
+  if (!getCurrentPluginDefine) {
+    return;
+  }
+
+  const define: PluginDefine = getCurrentPluginDefine()?.value;
+  if (!define) {
+    return;
+  }
+  const pluginType = getPluginType();
+  const { form } = getScope();
+  const input = (pluginType === "plugin" ? form?.input : form) || {};
+
+  for (let key in define.input) {
+    const inWatches = props.watches.includes(key);
+    const inputDefine = define.input[key];
+    if (inWatches && inputDefine.required) {
+      const value = input[key];
+      if (value == null || value === "") {
+        console.log("remote-select required", key);
+        return;
+      }
+    }
+  }
+
+  message.value = "";
+  hasError.value = false;
+  loading.value = true;
+  try {
+    const res = await doRequest(
+      {
+        type: pluginType,
+        typeName: form.type,
+        action: props.action,
+        input,
+        data: {},
+      },
+      {
+        onError(err: any) {
+          hasError.value = true;
+          message.value = `获取选项出错：${err.message}`;
+        },
+        showErrorNotify: false,
+      }
+    );
+    const list = res?.list || res || [];
+    if (list.length > 0) {
+      message.value = "获取数据成功，请从下拉框中选择";
+    } else {
+      message.value = "获取数据成功，没有数据";
+    }
+    optionsRef.value = list;
+
+    return res;
+  } finally {
+    loading.value = false;
+  }
+};
+
+const filterOption = (input: string, option: any) => {
+  return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 || String(option.value).toLowerCase().indexOf(input.toLowerCase());
+};
+
+async function onClick() {
+  if (optionsRef.value?.length === 0) {
+    await refreshOptions();
+  }
+}
+
+async function refreshOptions() {
+  await getOptions();
+}
+
+watch(
+  () => {
+    const pluginType = getPluginType();
+    const { form, key } = getScope();
+    const input = (pluginType === "plugin" ? form?.input : form) || {};
+    const watches = {};
+    for (const key of props.watches) {
+      //@ts-ignore
+      watches[key] = input[key];
+    }
+    return {
+      form: watches,
+      key,
+    };
+  },
+  async (value, oldValue) => {
+    const { form } = value;
+    const oldForm: any = oldValue?.form;
+    let changed = oldForm == null || optionsRef.value.length == 0;
+    for (const key of props.watches) {
+      //@ts-ignore
+      if (oldForm && form[key] != oldForm[key]) {
+        changed = true;
+        break;
+      }
+    }
+    if (changed) {
+      await getOptions();
+    }
+  },
+  {
+    immediate: true,
+  }
+);
+</script>
+
+<style lang="less"></style>

packages/ui/certd-client/src/components/plugins/common/remote-select.vue

@@ -145,6 +145,8 @@ const getOptions = async () => {
     const list = res?.list || res || [];
     if (list.length > 0) {
       message.value = "获取数据成功，请从下拉框中选择";
+    } else {
+      message.value = "获取数据成功，没有数据";
     }
     optionsRef.value = list;
     pagerRef.value.total = list.length;

packages/ui/certd-client/src/components/plugins/index.ts

@@ -1,4 +1,5 @@
 import SynologyIdDeviceGetter from "./synology/device-id-getter.vue";
+import RemoteAutoComplete from "./common/remote-auto-complete.vue";
 import RemoteSelect from "./common/remote-select.vue";
 import RemoteInput from "./common/remote-input.vue";
 import CertDomainsGetter from "./common/cert-domains-getter.vue";
@@ -21,6 +22,7 @@ export default {
     app.component("ApiTest", ApiTest);
 
     app.component("SynologyDeviceIdGetter", SynologyIdDeviceGetter);
+    app.component("RemoteAutoComplete", RemoteAutoComplete);
     app.component("RemoteSelect", RemoteSelect);
     app.component("RemoteInput", RemoteInput);
     app.component("CertDomainsGetter", CertDomainsGetter);

packages/ui/certd-client/src/components/plugins/lib/dicts.ts

@@ -0,0 +1,31 @@
+import { dict } from "@fast-crud/fast-crud";
+
+export const Dicts = {
+  sslProviderDict: dict({
+    data: [
+      { value: "letsencrypt", label: "Let‘s Encrypt" },
+      { value: "zerossl", label: "ZeroSSL" },
+    ],
+  }),
+  challengeTypeDict: dict({
+    data: [
+      { value: "dns", label: "DNS校验", color: "green" },
+      { value: "cname", label: "CNAME代理校验", color: "blue" },
+      { value: "http", label: "HTTP校验", color: "yellow" },
+    ],
+  }),
+  dnsProviderTypeDict: dict({
+    url: "pi/dnsProvider/dnsProviderTypeDict",
+  }),
+  uploaderTypeDict: dict({
+    data: [
+      { label: "SFTP", value: "sftp" },
+      { label: "FTP", value: "ftp" },
+      { label: "阿里云OSS", value: "alioss" },
+      { label: "腾讯云COS", value: "tencentcos" },
+      { label: "七牛OSS", value: "qiniuoss" },
+      { label: "S3/Minio", value: "s3" },
+      { label: "SSH(已废弃，请选择SFTP方式)", value: "ssh", disabled: true },
+    ],
+  }),
+};

packages/ui/certd-client/src/locales/langs/en-US/authentication.ts

@@ -57,6 +57,7 @@ export default {
   passwordPlaceholder: "Please enter your password",
   mobilePlaceholder: "Please enter your mobile number",
   loginButton: "Log In",
+  forgotPassword: "Forgot password?",
   forgotAdminPassword: "Forgot admin password?",
   registerLink: "Register",
 

packages/ui/certd-client/src/locales/langs/en-US/certd.ts

@@ -78,6 +78,7 @@ export default {
     runCount: "Run Count",
     expiringCerts: "Soon-to-Expire Certificates",
     supportedTasks: "Overview of Supported Deployment Tasks",
+    changeLog: "Change Log",
   },
   steps: {
     createPipeline: "Create Certificate Pipeline",
@@ -449,7 +450,7 @@ export default {
   batchDeleteConfirm: "Are you sure to batch delete these {count} records?",
   selectRecordFirst: "Please select records first",
   subdomainHosted: "Hosted Subdomain",
-  subdomainHelpText: "If you don't understand what subdomain hosting is, please refer to the documentation ",
+  subdomainHelpText: "If you don't understand what subdomain hosting is,Do not set it randomly, as it may result in the inability to apply for the certificate. please refer to the documentation ",
   subdomainManagement: "Subdomain Management",
   isDisabled: "Is Disabled",
   enabled: "Enabled",
@@ -471,7 +472,7 @@ export default {
   statusError: "Error",
   actionImportBatch: "Batch Import",
   actionSyncIp: "Sync IP",
-  TitleSyncIp: "Sync IP",
+  modalTitleSyncIp: "Sync IP",
   modalContentSyncIp: "Are you sure to sync IP?",
   notificationSyncComplete: "Sync Complete",
   actionCheckAll: "Check All",
@@ -563,7 +564,8 @@ export default {
   ipv6Priority: "IPv6 Priority",
   dualStackNetworkHelper: "If IPv6 priority is selected, enable IPv6 in docker-compose.yaml",
   enableCommonCnameService: "Enable Public CNAME Service",
-  commonCnameHelper: "Allow use of public CNAME service. If disabled and no <router-link to='/sys/cname/provider'>custom CNAME service</router-link> is set, CNAME proxy certificate application will not work.",
+  commonCnameHelper: "Allow use of public CNAME service. If disabled and no <a href='#/sys/cname/provider'>custom CNAME service</a> is set, CNAME proxy certificate application will not work.",
+  enableCommonSelfServicePasswordRetrieval: "Enable self-service password recovery",
   saveButton: "Save",
   stopSuccess: "Stopped successfully",
   google: "Google",
@@ -712,4 +714,18 @@ export default {
     close: "Close",
     viewCertificateTitle: "View Certificate",
   },
+  domain: {
+    domainManager: "Domain Manager",
+    domainDescription: "used to auto apply for certificate", //管理域名的校验方式，用于申请证书时自动选择验证方式
+    domain: "Domain",
+    challengeType: "Challenge Type",
+    dnsProviderType: "DNS Provider Type",
+    dnsProviderAccess: "DNS Provider Access",
+    httpUploaderType: "HTTP Uploader Type",
+    httpUploaderAccess: "HTTP Uploader Access",
+    httpUploadRootDir: "HTTP Upload Root Dir",
+    disabled: "Disabled",
+    challengeSetting: "Challenge Setting",
+    gotoCnameTip: "Please go to CNAME Record Page",
+  },
 };

packages/ui/certd-client/src/locales/langs/en-US/common.ts

@@ -14,6 +14,8 @@ export default {
   search: "Search",
   enabled: "Enabled",
   disabled: "Disabled",
+  enable: "Enable",
+  disable: "Disable",
   edit: "Edit",
   delete: "Delete",
   create: "Create",

packages/ui/certd-client/src/locales/langs/zh-CN/authentication.ts

@@ -57,6 +57,7 @@ export default {
   passwordPlaceholder: "请输入密码",
   mobilePlaceholder: "请输入手机号",
   loginButton: "登录",
+  forgotPassword: "忘记密码？",
   forgotAdminPassword: "忘记管理员密码？",
   registerLink: "注册",
 

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -84,6 +84,7 @@ export default {
     runCount: "运行次数",
     expiringCerts: "最快到期证书",
     supportedTasks: "已支持的部署任务总览",
+    changeLog: "更新日志",
   },
   steps: {
     createPipeline: "创建证书流水线",
@@ -415,7 +416,7 @@ export default {
   is_present_no: "否",
   basicInfo: "基础信息",
   titlea: "名称",
-  disabled: "是否禁用",
+  disabled: "禁用",
   ordera: "排序",
   supportBuy: "支持购买",
   intro: "介绍",
@@ -455,7 +456,7 @@ export default {
   batchDeleteConfirm: "确定要批量删除这{count}条记录吗",
   selectRecordFirst: "请先勾选记录",
   subdomainHosted: "托管的子域名",
-  subdomainHelpText: "如果您不理解什么是子域托管，可以参考文档",
+  subdomainHelpText: "如果您不理解什么是子域托管，请不要随意设置，可能导致证书无法申请，可以参考文档",
   subdomainManagement: "子域管理",
   isDisabled: "是否禁用",
   enabled: "启用",
@@ -569,7 +570,8 @@ export default {
   ipv6Priority: "IPV6优先",
   dualStackNetworkHelper: "如果选择IPv6优先，需要在docker-compose.yaml中启用ipv6",
   enableCommonCnameService: "启用公共CNAME服务",
-  commonCnameHelper: "是否可以使用公共CNAME服务，如果禁用，且没有设置<router-link to='/sys/cname/provider'>自定义CNAME服务</router-link>，则无法使用CNAME代理方式申请证书",
+  commonCnameHelper: "是否可以使用公共CNAME服务，如果禁用，且没有设置<a href='#/sys/cname/provider'>自定义CNAME服务</a>，则无法使用CNAME代理方式申请证书",
+  enableCommonSelfServicePasswordRetrieval: "启用自助找回密码",
   saveButton: "保存",
   stopSuccess: "停止成功",
   google: "Google",
@@ -715,4 +717,18 @@ export default {
     close: "关闭",
     viewCertificateTitle: "查看证书",
   },
+  domain: {
+    domainManager: "域名管理",
+    domainDescription: "管理域名的校验方式，用于申请证书时自动选择验证方式",
+    domain: "域名",
+    challengeType: "校验类型",
+    dnsProviderType: "DNS提供商类型",
+    dnsProviderAccess: "DNS提供商授权",
+    httpUploaderType: "上传方式",
+    httpUploaderAccess: "上传授权信息",
+    httpUploadRootDir: "网站根路径",
+    disabled: "禁用/启用",
+    challengeSetting: "校验配置",
+    gotoCnameTip: "CNAME域名配置请前往CNAME记录页面添加",
+  },
 };

packages/ui/certd-client/src/locales/langs/zh-CN/common.ts

@@ -14,6 +14,8 @@ export default {
   search: "搜索",
   enabled: "已启用",
   disabled: "已禁用",
+  enable: "启用",
+  disable: "禁用",
   edit: "修改",
   delete: "删除",
   create: "新增",