chore: oidc first

docs: openapi
perf: ssh支持ppk格式私钥
2026-04-26 13:48:07 +08:00 · 2025-11-26 07:34:42 +08:00 · 2025-11-25 09:12:35 +08:00 · 2025-11-25 00:48:21 +08:00 · 2025-11-24 23:43:14 +08:00 · 2025-11-24 23:33:25 +08:00
35 changed files with 1730 additions and 1776 deletions
@@ -3,6 +3,13 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+### Performance Improvements
+
+* 优化dokploy 部署插件，配置选择serverId ([c9709f2](https://github.com/certd/certd/commit/c9709f26981c1cc9f71c14babb204329fcae0db5))
+* 站点证书监控备注输入框改成textarea ([70b603d](https://github.com/certd/certd/commit/70b603d601c34f39148c2ab70c655c51babf563d))
+
 ## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)

 ### Bug Fixes
@@ -19,9 +19,15 @@ header中传入x-certd-token即可调用开放接口
 4、然后将content和sign分别base64后用.号连接： x-certd-token = base64(content) +"."+base64(sign)   


-## 补充说明
-1.证书申请接口支持证书id和域名两种方式获取证书。
-2.autoApply=true将在没有证书时自动触发申请，申请过程中会提示`正在申请中`，可轮循获取状态，直到证书申请成功。
+## 参数
+支持证书id和域名两种方式获取证书。
+
+## 创建新的证书申请
+参数autoApply=true，将在没有证书时自动触发申请证书，检查逻辑如下：
+1. 如果证书仓库里面有，且没有过期，就直接返回证书
+2. 如果没有或者已过期，就会去找流水线，有就触发流水线执行
+3. 如果没有流水线，就创建一个流水线，触发运行（`注意：需要提前在域名管理中配置好域名校验方式，否则会申请失败`）
+4. 再次采用相同参数请求接口，如果在申请过程中，就会提示`正在申请中`，可轮循获取状态，直到证书申请成功。


 ## SDK
@@ -62,7 +62,7 @@
 | 14.| **威联通-部署证书到威联通** | 部署证书到qnap | 
 | 15.| **飞牛NAS-部署证书** |  | 
 | 16.| **Proxmox-上传证书到Proxmox** |  | 
-| 17.| **Dokploy-更新证书** | 自动更新Dokploy证书 | 
+| 17.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 | 
 ## 5. 阿里云

 | 序号 | 名称 | 说明 |
@@ -70,5 +70,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+    "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -31,9 +31,28 @@ export const directory = {
    sslcom:{
      staging: 'https://acme.ssl.com/sslcom-dv-rsa',
      production: 'https://acme.ssl.com/sslcom-dv-rsa',
+      ec: 'https://acme.ssl.com/sslcom-dv-ecc',
    }
 };

+export function getDirectoryUrl(opts) {
+  const {sslProvider, pkType} = opts
+  const list= directory[sslProvider]
+  if (!list) {
+    throw new Error(`sslProvider ${sslProvider} not found`)
+  }
+  let pkTypePrefix = pkType || 'rsa'
+  if (pkType) {
+   pkTypePrefix = pkType.toLowerCase().split("_")[0]
+  }
+
+  if (pkTypePrefix && list[pkTypePrefix]) {
+    return list[pkTypePrefix]
+  }
+
+  return list.production
+}
+
 /**
 * Crypto
 */
@@ -117,6 +117,8 @@ export const directory: {
    }
 };

+export function getDirectoryUrl(opts:{sslProvider:string, pkType: string}): string;
+
 /**
 * Crypto
 */
@@ -17,6 +17,7 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
+    "async-lock": "^1.4.1",
    "axios": "^1.7.2",
    "dayjs": "^1.11.7",
    "http-proxy-agent": "^7.0.2",
@@ -46,5 +47,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -1,46 +1,16 @@
-import { logger, utils } from './index.js';
+// @ts-ignore
+import AsyncLock from "async-lock";

 export class Locker {
-  locked: Record<string, any> = {};
+  private asyncLocker: AsyncLock;

-  async execute(lockStr: string, callback: any) {
-    await this.lock(lockStr);
-    const timeoutId = setTimeout(() => {
-      logger.warn('Lock timeout,自动解锁', lockStr);
-      this.unlock(lockStr);
-    }, 20000);
-    try {
-      return await callback();
-    } finally {
-      clearTimeout(timeoutId);
-      this.unlock(lockStr);
-    }
+  constructor() {
+    this.asyncLocker = new AsyncLock();
  }

-  async lock(str: string) {
-    const isLocked = this.isLocked(str);
-    if (isLocked) {
-      let count = 0;
-      while (true) {
-        await utils.sleep(100);
-        if (!this.isLocked(str)) {
-          break;
-        }
-        count++;
-        if (count > 20) {
-          throw new Error('Lock timeout');
-        }
-      }
-    }
-    this.locked[str] = true;
-  }
-
-  unlock(str: string) {
-    delete this.locked[str];
-  }
-
-  isLocked(str: string) {
-    return this.locked[str] ?? false;
+  async execute(lockStr: string, callback: any, options?: { timeout?: number }) {
+    const timeout = options?.timeout ?? 20000;
+    return this.asyncLocker.acquire(lockStr, callback, { timeout });
  }
 }

@@ -0,0 +1,14 @@
+import { random } from "lodash-es";
+import { locker } from "./dist/utils/util.lock.js";
+
+async function testLocker() {
+  for (let i = 0; i < 10; i++) {
+    await locker.execute("test", async () => {
+      console.log("test", i);
+      await new Promise(resolve => setTimeout(resolve, Math.random() * 1000));
+      throw new Error("test error");
+    });
+  }
+}
+
+await testLocker();
@@ -45,5 +45,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -24,5 +24,5 @@
    "prettier": "^2.8.8",
    "tslib": "^2.8.1"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -31,5 +31,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -6,8 +6,6 @@
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
  "scripts": {
-    "test": "cross-env NODE_CONFIG_DIR=./test/config  mocha --recursive --require babel-register",
-    "dev": "babel src --out-dir babel -w",
    "build": "rollup -c ",
    "dev-build": "npm run build",
    "pub": "npm publish"
@@ -15,7 +13,6 @@
  "author": "",
  "license": "Apache",
  "dependencies": {
-    "babel-register": "^6.26.0",
    "buffer": "^5.0.8",
    "create-hash": "^1.1.3",
    "create-hmac": "^1.1.6",
@@ -30,8 +27,6 @@
    "@rollup/plugin-typescript": "^11.0.0",
    "@typescript-eslint/eslint-plugin": "^8.26.1",
    "@typescript-eslint/parser": "^8.26.1",
-    "babel-cli": "^6.26.0",
-    "babel-preset-env": "^1.6.1",
    "chai": "^4.1.2",
    "config": "^1.30.0",
    "cross-env": "^5.1.4",
@@ -61,5 +56,5 @@
      "fetch"
    ]
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -32,5 +32,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -64,5 +64,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -46,5 +46,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -43,5 +43,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -128,7 +128,7 @@ export class AcmeService {
      await this.saveAccountConfig(email, conf);
      this.logger.info(`创建新的Accountkey:${email}`);
    }
-    const directoryUrl = acme.directory[this.sslProvider].production;
+    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
    if (this.options.useMappingProxy) {
      urlMapping.enabled = true;
    } else {
@@ -35,7 +35,7 @@
    "rimraf": "^5.0.5",
    "socks": "^2.8.3",
    "socks-proxy-agent": "^8.0.4",
-    "ssh2": "^1.15.0",
+    "ssh2": "1.17.0",
    "strip-ansi": "^7.1.0",
    "tencentcloud-sdk-nodejs": "^4.0.1005"
  },
@@ -53,5 +53,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "8bfdef79c48c3151089107ead7134ce4515fd5bc"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }
@@ -19,6 +19,8 @@ RUN apk add --no-cache openjdk8
 WORKDIR /app/
 COPY --from=builder /workspace/certd-server/ /app/

+COPY ./patch/ssh2/*.js /app/node_modules/.pnpm/node_modules/ssh2/lib/protocol/
+
 ENV LEGO_VERSION=4.22.2
 ENV LEGO_DOWNLOAD_DIR=/app/tools/lego
 RUN mkdir -p $LEGO_DOWNLOAD_DIR
@@ -1,7 +1,8 @@
 import { request } from "/src/api/service";
 import { RequestHandleReq } from "/@/components/plugins/lib";
+import { AddonTypeDefines } from "./types";

-export function createAddonApi(opts: { from: any; addonType: string }) {
+export function createAddonApi(opts: { from: any; addonType: string } = { from: "user", addonType: "" }) {
  let apiPrefix = "/addon";
  if (opts.from === "sys") {
    apiPrefix = "/sys/addon";
@@ -128,15 +129,6 @@ export function createAddonApi(opts: { from: any; addonType: string }) {
  };
 }

-export const AddonTypeDefines = {
-  captcha: {
-    name: "captcha",
-    title: "验证码",
-    showDefault: false,
-    showTest: false,
-  },
-};
-
 export function getAddonTypeDefine(addonType: string) {
  return AddonTypeDefines[addonType];
 }
@@ -20,7 +20,7 @@ import { addonProvide } from "/@/views/certd/addon/common";
 export default defineComponent({
  name: "AddonManager",
  setup() {
-    const api = createAddonApi();
+    const api = createAddonApi({ from: "user", addonType: "" });
    addonProvide(api);
    const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { api } });

@@ -0,0 +1,15 @@
+export interface AddonTypeDefine {
+  name: string;
+  title: string;
+  showDefault: boolean;
+  showTest: boolean;
+}
+
+export const AddonTypeDefines: Record<string, AddonTypeDefine> = {
+  captcha: {
+    name: "captcha",
+    title: "验证码",
+    showDefault: false,
+    showTest: false,
+  },
+};
@@ -106,6 +106,7 @@
    "nanoid": "^5.0.7",
    "node-forge": "^1.3.1",
    "nodemailer": "^6.9.16",
+    "openid-client": "^6.8.1",
    "otplib": "^12.0.1",
    "pg": "^8.12.0",
    "psl": "^1.9.0",
@@ -0,0 +1,30 @@
+import { BaseController, Constants } from "@certd/lib-server";
+import { ALL, Body, Controller, Get, Post, Provide, Query } from "@midwayjs/core";
+
+/**
+ */
+@Provide()
+@Controller('/api/connect')
+export class LoginController extends BaseController {
+
+
+  @Get('/login', { summary: Constants.per.guest })
+  public async login(@Query(ALL) body: any) {
+    //构造登录url
+    return this.ok(1);
+  }
+  @Get('/callback', { summary: Constants.per.guest })
+  public async callback(@Query(ALL) body: any) {
+    //处理登录回调
+    return this.ok(1);
+  }
+
+  @Post('/bind', { summary: Constants.per.guest })
+  public async bind(@Body(ALL) body: any) {
+    const autoRegister = body.autoRegister || false;
+    const bindInfo = body.bind || {};
+    //处理登录回调
+    return this.ok(1);
+  }
+  
+}
@@ -0,0 +1,24 @@
+export interface OauthProvider {
+  buildLoginUrl: (params: { redirectUri: string }) => string;
+  handleCallback: (params: { code: string; redirectUri: string }) => Promise<{
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    idToken: string;
+    scope: string;
+    tokenType: string;
+  }>;
+  bind: (params: {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    idToken: string;
+    scope: string;
+    tokenType: string;
+    bindInfo: any;
+  }) => Promise<{
+    success: boolean;
+    message: string;
+  }>;
+  
+}
@@ -1 +1 @@
-15:30
+23:54
@@ -1 +1 @@
-15:41
+23:57
Author	SHA1	Message	Date
xiaojunnuo	5a148aa3b9	chore: oidc first	2025-11-26 07:34:42 +08:00
xiaojunnuo	b4c362da37	docs: openapi	2025-11-25 09:12:35 +08:00
xiaojunnuo	575ae164c8	perf: ssh支持ppk格式私钥	2025-11-25 00:48:21 +08:00
xiaojunnuo	a9606bfb4e	chore: 1	2025-11-24 23:43:14 +08:00
xiaojunnuo	b5ec04723d	perf: ssl.com支持ecc	2025-11-24 23:33:25 +08:00
xiaojunnuo	51cc08411f	perf: 优化宝塔网站证书在并发部署时导致nginx配置文件错乱的问题	2025-11-24 23:18:56 +08:00
xiaojunnuo	d75034deae	build: release	2025-11-19 23:57:16 +08:00
xiaojunnuo	4ce23debb6	build: publish	2025-11-19 23:55:03 +08:00
xiaojunnuo	063706a7bf	build: trigger build image	2025-11-19 23:54:03 +08:00
@@ -1 +1 @@
 :30
 :54
@@ -1 +1 @@
 :41
 :57