chore: singleton

https://github.com/certd/certd/issues/603

README.md

@@ -17,6 +17,13 @@ Certd® 是一个免费的全自动证书管理系统，让你的网站证书永
 > 流水线数量现已调整为无限制，欢迎大家使用
 
 
+|官方开源地址： | |
+| ---- | ---- |
+| [Github](https://github.com/certd/certd)| ![](https://img.shields.io/github/stars/certd/certd?logo=github)      |    
+| [Gitee](https://gitee.com/certd/certd)  | ![](https://gitee.com/certd/certd/badge/star.svg?theme=dark)        |
+| [AtomGit](https://atomgit.com/certd/certd) |![](https://atomgit.com/certd/certd/star/badge.svg)        |   
+
+
 ## 一、特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     
 

README_en.md

@@ -13,6 +13,15 @@ Certd® is a free, fully automated certificate management system that ensures yo
 
 > The number of pipelines is now unlimited. Welcome to use it.
 
+
+Official Open Source Address: 
+
+[Github](https://github.com/certd/certd)   ![](https://img.shields.io/github/stars/certd/certd?logo=github)        
+[Gitee](https://gitee.com/certd/certd)   ![](https://gitee.com/certd/certd/badge/star.svg?theme=dark)        
+[AtomGit](https://atomgit.com/certd/certd)       ![](https://atomgit.com/certd/certd/star/badge.svg)   
+
+
+
 ## 1. Features
 This project not only supports automated certificate application but also automated certificate deployment and updates, ensuring your certificates never expire.
 

docs/.vitepress/config.ts

@@ -122,6 +122,7 @@ export default defineConfig({
                         {text: "宝塔动态IP白名单", link: "/guide/use/baota/white_list.md"},
                         {text: "子域名托管", link: "/guide/use/cert/subdomain.md"},
                         {text: "流水线有效期", link: "/guide/use/pipeline/valid.md"},
+                        {text: "IP证书申请", link: "/guide/use/cert/ip.md"},
                     ]
                 },
                 {

docs/guide/changelogs/CHANGELOG.md

@@ -3,6 +3,21 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.16](https://github.com/certd/certd/compare/v1.37.15...v1.37.16) (2025-12-15)
+
+### Bug Fixes
+
+* 修复ipv6作为证书域名申请证书校验失败的bug ([e4e16bc](https://github.com/certd/certd/commit/e4e16bc6a65bb082c18ca0590226f0987a47d477))
+* 优化西部数据 500 already exists 的问题 ([2bfad9f](https://github.com/certd/certd/commit/2bfad9fc651da208b610abd921fbfb2fbc04203f))
+
+### Performance Improvements
+
+* 批量设置定时，支持清除定时 ([63d8bcf](https://github.com/certd/certd/commit/63d8bcf8823f713365042d3c7aee3cf31d44b044))
+* 新增数据库迁移doc说明文档，优化datetime字段平滑迁移 ([45fbce0](https://github.com/certd/certd/commit/45fbce0c2af5fb3ead6d3dd12a42f8cc1714262f))
+* 支持彩虹聚合登录 ([6f18693](https://github.com/certd/certd/commit/6f186932ccad4becfdc0087c0539f7b2d0069844))
+* 支持邮件模版设置 ([a6c0d2c](https://github.com/certd/certd/commit/a6c0d2c6f1fd6b60e6d7af290487c94564fd91ea))
+* oidc支持使用第三方昵称或账号作为certd用户的用户名 ([b6fea0c](https://github.com/certd/certd/commit/b6fea0c8562abf912daa7d72958ceb2e93575d31))
+
 ## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
 
 ### Bug Fixes

docs/guide/index.md

@@ -6,6 +6,13 @@ Certd 是一款开源、免费、全自动申请和部署更新SSL证书的工
 关键字：证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具
 
 
+| 官方开源地址： | |
+| ---- | ---- |
+| [Github](https://github.com/certd/certd)| ![](https://img.shields.io/github/stars/certd/certd?logo=github)      |    
+| [Gitee](https://gitee.com/certd/certd)  | ![](https://gitee.com/certd/certd/badge/star.svg?theme=dark)        |
+| [AtomGit](https://atomgit.com/certd/certd) |![](https://atomgit.com/certd/certd/star/badge.svg)        |
+
+
 ![首页](../images/start/home.png)
 
 ## 1、关于证书续期

docs/guide/plugins/access.md

@@ -40,32 +40,33 @@
 | 36.| **括彩云cdn授权** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
 | 37.| **uniCloud** | unicloud授权 | 
 | 38.| **猫云授权** |  | 
-| 39.| **西部数码授权** |  | 
+| 39.| **授权插件示例** |  | 
-| 40.| **多吉云** |  | 
+| 40.| **西部数码授权** |  | 
-| 41.| **我爱云授权** | 我爱云CDN | 
+| 41.| **多吉云** |  | 
-| 42.| **CacheFly** | CacheFly | 
+| 42.| **我爱云授权** | 我爱云CDN | 
-| 43.| **Gcore** | Gcore | 
+| 43.| **CacheFly** | CacheFly | 
-| 44.| **亚马逊云aws授权** |  | 
+| 44.| **Gcore** | Gcore | 
-| 45.| **亚马逊云科技（国区）授权** |  | 
+| 45.| **亚马逊云aws授权** |  | 
-| 46.| **dns.la授权** |  | 
+| 46.| **亚马逊云科技（国区）授权** |  | 
-| 47.| **又拍云** |  | 
+| 47.| **dns.la授权** |  | 
-| 48.| **51dns授权** |  | 
+| 48.| **又拍云** |  | 
-| 49.| **FlexCDN授权** |  | 
+| 49.| **51dns授权** |  | 
-| 50.| **farcdn授权** |  | 
+| 50.| **FlexCDN授权** |  | 
-| 51.| **cloudflare授权** |  | 
+| 51.| **farcdn授权** |  | 
-| 52.| **Github授权** |  | 
+| 52.| **cloudflare授权** |  | 
-| 53.| **namesilo授权** |  | 
+| 53.| **Github授权** |  | 
-| 54.| **proxmox** |  | 
+| 54.| **namesilo授权** |  | 
-| 55.| **网宿授权** |  | 
+| 55.| **proxmox** |  | 
-| 56.| **金山云授权** |  | 
+| 56.| **网宿授权** |  | 
-| 57.| **APISIX授权** |  | 
+| 57.| **金山云授权** |  | 
-| 58.| **Dokploy授权** |  | 
+| 58.| **APISIX授权** |  | 
-| 59.| **godaddy授权** |  | 
+| 59.| **Dokploy授权** |  | 
-| 60.| **新网授权** |  | 
+| 60.| **godaddy授权** |  | 
-| 61.| **新网授权（代理方式）** |  | 
+| 61.| **新网授权** |  | 
-| 62.| **新网互联授权** | 仅支持代理账号，ip需要加入白名单 | 
+| 62.| **新网授权（代理方式）** |  | 
-| 63.| **中国移动CND授权** |  | 
+| 63.| **新网互联授权** | 仅支持代理账号，ip需要加入白名单 | 
-| 64.| **雨云授权** | https://app.rainyun.com/ | 
+| 64.| **中国移动CND授权** |  | 
+| 65.| **雨云授权** | https://app.rainyun.com/ | 
 
 <style module>
 table th:first-of-type {

docs/guide/plugins/dns-provider.md

@@ -17,8 +17,9 @@
 | 13.| **cloudflare** | cloudflare dns provider | 
 | 14.| **namesilo** | namesilo dns provider | 
 | 15.| **godaddy** | GoDaddy | 
-| 16.| **51dns** | 51DNS | 
+| 16.| **Dns提供商Demo** | dns provider示例 | 
-| 17.| **新网互联** | 新网互联 | 
+| 17.| **51dns** | 51DNS | 
+| 18.| **新网互联** | 新网互联 | 
 
 <style module>
 table th:first-of-type {

docs/guide/qa/use.md

@@ -43,4 +43,12 @@ service:
       certd_koa_hostname: 0.0.0.0
 ```
 
+## 6. DNS记录问题
+
+1. DNS 不要设置CAA记录，删除即可
+
+2. DNSSEC相关报错，DNSSEC管理中删除即可
+
+3. DNS 有其他平台申请过的_acme-challenge记录，删除即可
+
 

docs/guide/use/baota/white_list.md

@@ -17,7 +17,7 @@
 
 > 如果出现过： 100.25.1.5 ， 100.25.4.8
 >
-> 可以尝试配置 100.25.*.5
+> 可以尝试配置 100.25.*.*
 
 ## 二、nginx代理方案
 

docs/guide/use/cert/index.md

@@ -1,10 +0,0 @@
-# 证书申请失败情况
-
-
-## DNS记录问题
-
-1. DNS 不要设置CAA记录，删除即可
-
-2. DNSSEC相关报错，DNSSEC管理中删除即可
-
-3. DNS 有其他平台申请过的_acme-challenge记录，删除即可

docs/guide/use/cert/ip.md

@@ -0,0 +1,11 @@
+# IP证书申请
+certd已支持IP证书申请
+
+> 注意：IP证书有效期只有7天。
+
+## 申请方式
+相比普通的域名证书申请方式区别在于：
+1. 域名栏填写IP
+2. 校验方式选择HTTP（只能HTTP）
+3. 证书颁发机构选择默认的Let's Encrypt
+4. 过期更新天数改成2天

docs/guide/use/forgotpasswd/index.md

@@ -7,13 +7,14 @@
 services:
   certd:
     environment: # 环境变量
-      - certd_system_resetAdminPasswd=false
+      - certd_system_resetAdminPasswd=true
 ```
 ## 2. 重启容器
 ```shell
 docker compose up -d
 docker logs -f --tail 500 certd
-# 观察日志，当日志中输出“重置1号管理员用户的密码完成”，即可操作下一步
+# 观察日志，当日志中输出“重置1号管理员用户密码完成”，即可操作下一步
+# 这里会打印1号管理员记录的用户名，如果你修改过管理员用户名，请注意查看此条日志
 ```
 ## 3. 恢复环境变量
 修改docker-compose.yaml，将`certd_system_resetAdminPasswd`改回`false`
@@ -23,4 +24,6 @@ docker logs -f --tail 500 certd
 docker compose up -d
 ```
 ## 5. 默认密码登录
-使用`admin/123456`登录系统，请及时修改管理员密码
+使用`原管理员账号/123456`登录系统，请及时修改管理员密码
+> 默认管理员账号： admin
+> 如果忘记管理员账号，请查看修改密码时的启动日志，会打印管理员账号名

packages/core/acme-client/package.json

@@ -70,5 +70,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+    "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/core/acme-client/src/util.js

@@ -247,7 +247,7 @@ async function getAuthoritativeDnsResolver(recordName, logger = log) {
 
     try {
         /* Resolve root domain by SOA */
-        const domain = await resolveDomainBySoaRecord(recordNam,logger);
+        const domain = await resolveDomainBySoaRecord(recordName,logger);
 
         /* Resolve authoritative NS addresses */
         logger(`获取到权威NS服务器name: ${domain}`);

packages/core/basic/package.json

@@ -47,5 +47,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/core/pipeline/package.json

@@ -45,5 +45,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/core/pipeline/src/core/executor.ts

@@ -473,9 +473,7 @@ export class Executor {
           await this.options.emailService?.sendByTemplate({
             type: "pipelineResult",
             data: templateData,
-            email: {
+            receivers: notification.options?.receivers,
-              receivers: notification.options?.receivers,
-            },
           });
         } catch (e) {
           logger.error("send email error", e);

packages/core/pipeline/src/plugin/api.ts

@@ -185,6 +185,8 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
     if (res == null) {
       throw new Error("授权不存在，可能已被删除，请前往任务配置里面重新选择授权");
     }
+    res.ctx.logger = this.logger;
+    res.ctx.http = this.http;
     // @ts-ignore
     if (this.logger?.addSecret) {
       // 隐藏加密信息，不在日志中输出

packages/core/pipeline/src/plugin/group.ts

@@ -27,6 +27,7 @@ export const pluginGroups = {
   tencent: new PluginGroup("tencent", "腾讯云", 4, "svg:icon-tencentcloud"),
   volcengine: new PluginGroup("volcengine", "火山引擎", 4, "svg:icon-volcengine"),
   jdcloud: new PluginGroup("jdcloud", "京东云", 4, "svg:icon-jdcloud"),
+  ucloud: new PluginGroup("ucloud", "UCloud", 4, "svg:icon-ucloud"),
   baidu: new PluginGroup("baidu", "百度云", 4, "ant-design:baidu-outlined"),
   qiniu: new PluginGroup("qiniu", "七牛云", 5, "svg:icon-qiniuyun"),
   aws: new PluginGroup("aws", "亚马逊云", 6, "svg:icon-aws"),

packages/core/pipeline/src/service/email.ts

@@ -9,7 +9,8 @@ export type EmailSend = {
 export type EmailSendByTemplateReq = {
   type: string;
   data: any;
-  email: { receivers: string[]; attachments?: any[] };
+  receivers: string[];
+  attachments?: any[];
 };
 
 export interface IEmailService {

packages/libs/lib-huawei/package.json

@@ -24,5 +24,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/libs/lib-iframe/package.json

@@ -31,5 +31,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/libs/lib-jdcloud/package.json

@@ -56,5 +56,5 @@
       "fetch"
     ]
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/libs/lib-k8s/package.json

@@ -32,5 +32,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/libs/lib-server/package.json

@@ -64,5 +64,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/libs/lib-server/src/system/basic/index.ts

@@ -2,3 +2,4 @@ export * from './service/plus-service.js';
 export * from './service/file-service.js';
 export * from './service/encryptor.js';
 export * from './service/ocr-service.js';
+export * from './service/executor-queue.js';

packages/libs/lib-server/src/system/basic/service/executor-queue.ts

@@ -0,0 +1,79 @@
+import { logger } from "@certd/basic";
+
+export type TaskItem = {
+  task: ()=>Promise<void>;
+}
+
+export class UserTaskQueue{
+  userId: number;
+  pendingQueue: TaskItem[] = [];
+  runningQueue: TaskItem[] = [];
+  getMaxRunningCount: ()=>number ;
+
+  constructor(req: { userId: number ,getMaxRunningCount: ()=>number }) {
+    this.userId = req.userId;
+    this.getMaxRunningCount = req.getMaxRunningCount ;
+  }
+
+  addTask(task: TaskItem) {
+    this.pendingQueue.push(task);
+    this.runTask();
+  }
+
+  runTask() {
+    logger.info(`[user_${this.userId}]当前运行队列：${this.runningQueue.length}, 等待队列：${this.pendingQueue.length}，最大运行队列：${this.getMaxRunningCount()}`);
+    if (this.runningQueue.length >= this.getMaxRunningCount()) {
+      return;
+    }
+    if (this.pendingQueue.length === 0) {
+      return;
+    }
+    const task = this.pendingQueue.shift();
+    if (!task) {
+      return;
+    }
+    // 执行任务
+    this.runningQueue.push(task);
+    const call = async ()=>{
+      try{
+        await task.task();
+      }finally{
+        // 任务执行完成，从运行队列中移除
+        const index = this.runningQueue.indexOf(task);
+        if (index > -1) {
+          this.runningQueue.splice(index, 1);
+        }
+        // 继续执行下一个任务
+        this.runTask();
+      }
+    }
+    logger.info(`[user_${this.userId}]执行任务，当前运行队列：${this.runningQueue.length}, 等待队列：${this.pendingQueue.length}`);
+    call()
+  }
+}
+
+export class ExecutorQueue{
+  queues: Record<number, UserTaskQueue> = {};
+  maxRunningCount: number = 8;
+
+
+  setMaxRunningCount(count: number) {
+    this.maxRunningCount = count;
+  }
+
+  getUserQueue(userId: number) {
+    const userQueue = this.queues[userId];
+    if (!userQueue) {
+      this.queues[userId] = new UserTaskQueue({ userId, getMaxRunningCount: ()=>this.maxRunningCount });
+    }
+    return this.queues[userId];
+  }
+
+  addTask(userId: number, task: TaskItem) {
+    const userQueue = this.getUserQueue(userId);
+    userQueue.addTask(task);
+  }
+ 
+}
+
+export const executorQueue = new ExecutorQueue();

packages/libs/lib-server/src/system/basic/service/file-service.ts

@@ -14,7 +14,7 @@ export const uploadTmpFileCacheKey = 'tmpfile_key_';
 /**
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class FileService {
   async saveFile(userId: number, tmpCacheKey: any, permission: 'public' | 'private') {
     if (tmpCacheKey.startsWith(`/${permission}`)) {

packages/libs/lib-server/src/system/basic/service/ocr-service.ts

@@ -5,7 +5,7 @@ import { IOcrService } from "@certd/plugin-lib";
 /**
  */
 @Provide("ocrService")
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class OcrService implements IOcrService {
   @Inject()
   plusService: PlusService;

packages/libs/lib-server/src/system/basic/service/plus-service.ts

@@ -5,7 +5,7 @@ import { SysInstallInfo, SysLicenseInfo, SysSettingsService } from '../../settin
 import { merge } from 'lodash-es';
 import fs from 'fs';
 @Provide("plusService")
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class PlusService {
   @Inject()
   sysSettingsService: SysSettingsService;

packages/libs/lib-server/src/system/settings/service/models.ts

@@ -43,12 +43,16 @@ export class SysPublicSettings extends BaseSettings {
   //流水线是否启用有效期
   pipelineValidTimeEnabled?: boolean = false;
 
+
   //证书域名添加到监控
   certDomainAddToMonitorEnabled?: boolean = false;
 
   // 固定证书有效期天数，0表示不固定
   fixedCertExpireDays?: number;
 
+  //默认到期前更新天数
+  defaultCertRenewDays?: number;
+
   // 第三方OAuth配置
   oauthEnabled?: boolean = false;
   oauthProviders: Record<string, {
@@ -73,6 +77,8 @@ export class SysPrivateSettings extends BaseSettings {
 
   httpRequestTimeout?: number = 30;
 
+  pipelineMaxRunningCount?: number;
+
   sms?: {
     type?: string;
     config?: any;

packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts

@@ -8,6 +8,7 @@ import { BaseService } from '../../../basic/index.js';
 import { cache, logger, setGlobalProxy } from '@certd/basic';
 import * as dns from 'node:dns';
 import {mergeUtils} from "@certd/basic";
+import { executorQueue } from '../../basic/service/executor-queue.js';
 const {merge} = mergeUtils;
 /**
  * 设置
@@ -140,6 +141,10 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
     if (bean.dnsResultOrder) {
       dns.setDefaultResultOrder(bean.dnsResultOrder as any);
     }
+
+    if (bean.pipelineMaxRunningCount){
+      executorQueue.setMaxRunningCount(bean.pipelineMaxRunningCount);
+    }
   }
 
   async updateByKey(key: string, setting: any) {

packages/libs/lib-server/src/user/access/service/access-service.ts

@@ -10,7 +10,7 @@ import {EncryptService} from './encrypt-service.js';
  * 授权
  */
 @Provide()
-@Scope(ScopeEnum.Request, {allowDowngrade: true})
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AccessService extends BaseService<AccessEntity> {
   @InjectEntityModel(AccessEntity)
   repository: Repository<AccessEntity>;

packages/libs/lib-server/src/user/addon/service/addon-service.ts

@@ -9,7 +9,7 @@ import { AddonEntity } from "../entity/addon.js";
  * Addon
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AddonService extends BaseService<AddonEntity> {
   @InjectEntityModel(AddonEntity)
   repository: Repository<AddonEntity>;

packages/libs/midway-flyway-js/package.json

@@ -46,5 +46,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/plugins/plugin-cert/package.json

@@ -43,5 +43,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -233,13 +233,22 @@ export class AcmeService {
 
     // const origDomain = punycode.toUnicode(domain);
     const origFullDomain = punycode.toUnicode(fullDomain);
+
+    const isIp = utils.domain.isIp(origFullDomain);
+    function checkIpChallenge(type: string) {
+      if (isIp) {
+        throw new Error(`IP证书不支持${type}校验方式，请选择HTTP方式校验`);
+      }
+    }
     if (providers.domainsVerifyPlan) {
       //按照计划执行
       const domainVerifyPlan = providers.domainsVerifyPlan[origFullDomain];
       if (domainVerifyPlan) {
         if (domainVerifyPlan.type === "dns") {
+          checkIpChallenge("dns");
           dnsProvider = domainVerifyPlan.dnsProvider;
         } else if (domainVerifyPlan.type === "cname") {
+          checkIpChallenge("cname");
           const cname: CnameVerifyPlan = domainVerifyPlan.cnameVerifyPlan;
           if (cname) {
             dnsProvider = cname.dnsProvider;
@@ -274,6 +283,7 @@ export class AcmeService {
     }
 
     const dnsChallenge = getChallenge("dns-01");
+    checkIpChallenge("dns");
     return await doDnsVerify(dnsChallenge, fullRecord, dnsProvider);
   }
 

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -20,7 +20,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
 
   @TaskInput({
     title: "更新天数",
-    value: 35,
+    value: 18,
     component: {
       name: "a-input-number",
       vModel: "value",

packages/plugins/plugin-cert/src/plugin/cert-plugin/getter/aliyun.ts

@@ -0,0 +1,165 @@
+import { IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { AliyunAccess, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import type { CertInfo } from "../acme.js";
+import { CertApplyBasePlugin } from "../base.js";
+import { CertReader } from "../cert-reader.js";
+import dayjs from "dayjs";
+
+export { CertReader };
+export type { CertInfo };
+
+@IsTaskPlugin({
+  name: "CertApplyGetFormAliyun",
+  icon: "ph:certificate",
+  title: "获取阿里云订阅证书",
+  group: pluginGroups.cert.key,
+  desc: "从阿里云拉取订阅模式的商用证书",
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.AlwaysRun,
+    },
+  },
+})
+export class CertApplyGetFormAliyunPlugin extends CertApplyBasePlugin {
+  @TaskInput({
+    title: "Access授权",
+    helper: "阿里云授权AccessKeyId、AccessKeySecret",
+    component: {
+      name: "access-selector",
+      type: "aliyun",
+    },
+    required: true,
+  })
+  accessId!: string;
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "证书订单ID",
+      helper: "订阅模式的证书订单Id",
+      typeName: "CertApplyGetFormAliyun",
+      component: {
+        name: "RemoteAutoComplete",
+        vModel: "value",
+      },
+      action: CertApplyGetFormAliyunPlugin.prototype.onGetOrderList.name,
+    })
+  )
+  orderId!: string;
+
+  async onInit(): Promise<void> {}
+
+  async doCertApply(): Promise<CertReader> {
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+    const client = await access.getClient("cas.aliyuncs.com");
+    this.logger.info(`开始获取证书,orderId:${this.orderId}`);
+    let orderId: any = this.orderId;
+    if (!orderId) {
+      throw new Error("请先输入证书订单ID");
+    }
+    if (typeof orderId !== "string") {
+      orderId = parseInt(orderId);
+    }
+    const certState = await this.getCertificateState(client, orderId);
+    this.logger.info(`获取到证书Id:${JSON.stringify(certState.CertId)}`);
+    const certDetail = await this.getCertDetail(client, certState.CertId);
+    this.logger.info(`获取到证书:${certDetail.getAllDomains()}, 过期时间：${dayjs(certDetail.expires).format("YYYY-MM-DD HH:mm:ss")}`);
+    return certDetail;
+  }
+
+  async getCertDetail(client: any, certId: any) {
+    const res = await client.doRequest({
+      // 接口名称
+      // 接口名称
+      action: "GetUserCertificateDetail",
+      // 接口版本
+      version: "2020-04-07",
+      // 接口协议
+      protocol: "HTTPS",
+      // 接口 HTTP 方法
+      method: "POST",
+      authType: "AK",
+      style: "RPC",
+      // 接口 PATH
+      pathname: `/`,
+      data: {
+        query: {
+          CertId: certId,
+        },
+      },
+    });
+
+    const crt = res.Cert;
+    const key = res.Key;
+
+    return new CertReader({
+      crt,
+      key,
+      csr: "",
+    });
+  }
+
+  async getCertificateState(client: any, orderId: any): Promise<{ CertId: string; Type: string; Domain: string }> {
+    const res = await client.doRequest({
+      // 接口名称
+      action: "DescribeCertificateState",
+      // 接口版本
+      version: "2020-04-07",
+      // 接口协议
+      protocol: "HTTPS",
+      // 接口 HTTP 方法
+      method: "POST",
+      authType: "AK",
+      style: "RPC",
+      // 接口 PATH
+      pathname: `/`,
+      data: {
+        query: {
+          OrderId: orderId,
+        },
+      },
+    });
+
+    return res;
+  }
+
+  async onGetOrderList(req: PageSearch) {
+    if (!this.accessId) {
+      throw new Error("请先选择Access授权");
+    }
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+
+    const client = await access.getClient("cas.aliyuncs.com");
+
+    const res = await client.doRequest({
+      // 接口名称
+      action: "ListUserCertificateOrder",
+      // 接口版本
+      version: "2020-04-07",
+      method: "POST",
+      authType: "AK",
+      style: "RPC",
+      // 接口 PATH
+      pathname: `/`,
+      data: {
+        query: {
+          Status: "ISSUED",
+        },
+      },
+    });
+    const list = res?.CertificateOrderList || [];
+    if (!list || list.length === 0) {
+      throw new Error("没有找到已签发的证书订单");
+    }
+
+    return list.map((item: any) => {
+      const label = `${item.Domain}<${item.OrderId}>`;
+      return {
+        label: label,
+        value: item.OrderId,
+        Domain: item.Domain,
+      };
+    });
+  }
+}
+
+new CertApplyGetFormAliyunPlugin();

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -93,7 +93,7 @@ const preferredChainMergeScript = (() => {
   desc: "免费通配符域名证书申请，支持多个域名打到同一个证书上",
   default: {
     input: {
-      renewDays: 35,
+      renewDays: 18,
       forceUpdate: false,
     },
     strategy: {
@@ -111,7 +111,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       options: [
         { value: "dns", label: "DNS直接验证" },
         { value: "cname", label: "CNAME代理验证" },
-        { value: "http", label: "HTTP文件验证" },
+        { value: "http", label: "HTTP文件验证（IP证书只能选它）" },
         { value: "dnses", label: "多DNS提供商" },
         { value: "auto", label: "自动匹配" },
       ],
@@ -119,7 +119,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     required: true,
     helper: `1. <b>DNS直接验证</b>：当域名dns解析已被本系统支持时（即下方DNS解析服务商选项中可选），推荐选择此方式
 2.  <b>CNAME代理验证</b>：支持任何注册商的域名，第一次需要手动添加[CNAME记录](#/certd/cname/record)（如果经常申请失败，建议将DNS服务器修改为阿里云/腾讯云的，然后使用DNS直接验证）
-3.  <b>HTTP文件验证</b>：不支持泛域名，需要配置网站文件上传
+3.  <b>HTTP文件验证</b>：不支持泛域名，需要配置网站文件上传（IP证书必须选它）
 4.  <b>多DNS提供商</b>：每个域名可以选择独立的DNS提供商
 5.  <b>自动匹配</b>：此处无需选择校验方式，需要在[域名管理](#/certd/cert/domain)中提前配置好校验方式
 `,
@@ -133,12 +133,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       name: "icon-select",
       vModel: "value",
       options: [
-        { value: "letsencrypt", label: "Let's Encrypt（免费，新手推荐）", icon: "simple-icons:letsencrypt" },
+        { value: "letsencrypt", label: "Let's Encrypt（免费，新手推荐，支持IP证书）", icon: "simple-icons:letsencrypt" },
         { value: "google", label: "Google（免费）", icon: "flat-color-icons:google" },
         { value: "zerossl", label: "ZeroSSL（免费）", icon: "emojione:digit-zero" },
         { value: "litessl", label: "litessl（免费）", icon: "roentgen:free" },
         { value: "sslcom", label: "SSL.com（仅主域名和www免费）", icon: "la:expeditedssl" },
-        { value: "letsencrypt_staging", label: "Let's Encrypt测试环境（IP证书）", icon: "simple-icons:letsencrypt" },
+        { value: "letsencrypt_staging", label: "Let's Encrypt测试环境（仅供测试）", icon: "simple-icons:letsencrypt" },
       ],
     },
     helper: "Let's Encrypt：申请最简单\nGoogle：大厂光环，兼容性好，仅首次需要翻墙获取EAB授权\nZeroSSL：需要EAB授权，无需翻墙\nSSL.com：仅主域名和www免费,必须设置CAA记录",

packages/plugins/plugin-cert/src/plugin/index.ts

@@ -3,4 +3,5 @@ export { EVENT_CERT_APPLY_SUCCESS } from "./cert-plugin/base-convert.js";
 export * from "./cert-plugin/index.js";
 export * from "./cert-plugin/lego/index.js";
 export * from "./cert-plugin/custom/index.js";
+export * from "./cert-plugin/getter/aliyun.js";
 export const CertApplyPluginNames = [":cert:"];

packages/plugins/plugin-lib/package.json

@@ -53,5 +53,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f2e4e59f8d1b54b835d5da43aef8b527d6a4ba0b"
+  "gitHead": "fa14f6219810ddbfcf1dde7b69963ee8a36c80c4"
 }

packages/ui/certd-client/public/static/icons/demo_index.html

@@ -55,15 +55,39 @@
           <ul class="icon_lists dib-box">
           
             <li class="dib">
-              <span class="icon iconfont">&#xe8fb;</span>
+              <span class="icon iconfont">&#xe60a;</span>
-                <div class="name">social-foursquare</div>
+                <div class="name">飞牛</div>
-                <div class="code-name">&amp;#xe8fb;</div>
+                <div class="code-name">&amp;#xe60a;</div>
               </li>
           
             <li class="dib">
-              <span class="icon iconfont">&#xe65a;</span>
+              <span class="icon iconfont">&#xe8ad;</span>
-                <div class="name">ksyun-logo</div>
+                <div class="name">金山云logo</div>
-                <div class="code-name">&amp;#xe65a;</div>
+                <div class="code-name">&amp;#xe8ad;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe989;</span>
+                <div class="name">中国移动</div>
+                <div class="code-name">&amp;#xe989;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe643;</span>
+                <div class="name">xinnet</div>
+                <div class="code-name">&amp;#xe643;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe717;</span>
+                <div class="name">ucloud</div>
+                <div class="code-name">&amp;#xe717;</div>
+              </li>
+          
+            <li class="dib">
+              <span class="icon iconfont">&#xe8fb;</span>
+                <div class="name">social-foursquare</div>
+                <div class="code-name">&amp;#xe8fb;</div>
               </li>
           
             <li class="dib">
@@ -228,7 +252,7 @@
 <pre><code class="language-css"
 >@font-face {
   font-family: 'iconfont';
-  src: url('iconfont.svg?t=1754884110189#iconfont') format('svg');
+  src: url('iconfont.svg?t=1766772710945#iconfont') format('svg');
 }
 </code></pre>
           <h3 id="-iconfont-">第二步：定义使用 iconfont 的样式</h3>
@@ -255,23 +279,59 @@
         <ul class="icon_lists dib-box">
           
           <li class="dib">
-            <span class="icon iconfont icon-four"></span>
+            <span class="icon iconfont icon-fnos"></span>
             <div class="name">
-              social-foursquare
+              飞牛
             </div>
-            <div class="code-name">.icon-four
+            <div class="code-name">.icon-fnos
             </div>
           </li>
           
           <li class="dib">
             <span class="icon iconfont icon-ksyun"></span>
             <div class="name">
-              ksyun-logo
+              金山云logo
             </div>
             <div class="code-name">.icon-ksyun
             </div>
           </li>
           
+          <li class="dib">
+            <span class="icon iconfont icon-cmcc"></span>
+            <div class="name">
+              中国移动
+            </div>
+            <div class="code-name">.icon-cmcc
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-xinnet"></span>
+            <div class="name">
+              xinnet
+            </div>
+            <div class="code-name">.icon-xinnet
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-ucloud"></span>
+            <div class="name">
+              ucloud
+            </div>
+            <div class="code-name">.icon-ucloud
+            </div>
+          </li>
+          
+          <li class="dib">
+            <span class="icon iconfont icon-four"></span>
+            <div class="name">
+              social-foursquare
+            </div>
+            <div class="code-name">.icon-four
+            </div>
+          </li>
+          
           <li class="dib">
             <span class="icon iconfont icon-rainyun"></span>
             <div class="name">
@@ -517,20 +577,52 @@
           
             <li class="dib">
                 <svg class="icon svg-icon" aria-hidden="true">
-                  <use xlink:href="#icon-four"></use>
+                  <use xlink:href="#icon-fnos"></use>
                 </svg>
-                <div class="name">social-foursquare</div>
+                <div class="name">飞牛</div>
-                <div class="code-name">#icon-four</div>
+                <div class="code-name">#icon-fnos</div>
             </li>
           
             <li class="dib">
                 <svg class="icon svg-icon" aria-hidden="true">
                   <use xlink:href="#icon-ksyun"></use>
                 </svg>
-                <div class="name">ksyun-logo</div>
+                <div class="name">金山云logo</div>
                 <div class="code-name">#icon-ksyun</div>
             </li>
           
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-cmcc"></use>
+                </svg>
+                <div class="name">中国移动</div>
+                <div class="code-name">#icon-cmcc</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-xinnet"></use>
+                </svg>
+                <div class="name">xinnet</div>
+                <div class="code-name">#icon-xinnet</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-ucloud"></use>
+                </svg>
+                <div class="name">ucloud</div>
+                <div class="code-name">#icon-ucloud</div>
+            </li>
+          
+            <li class="dib">
+                <svg class="icon svg-icon" aria-hidden="true">
+                  <use xlink:href="#icon-four"></use>
+                </svg>
+                <div class="name">social-foursquare</div>
+                <div class="code-name">#icon-four</div>
+            </li>
+          
             <li class="dib">
                 <svg class="icon svg-icon" aria-hidden="true">
                   <use xlink:href="#icon-rainyun"></use>

packages/ui/certd-client/public/static/icons/iconfont.css

@@ -1,6 +1,6 @@
 @font-face {
   font-family: "iconfont"; /* Project id 4688792 */
-  src: url('iconfont.svg?t=1754884110189#iconfont') format('svg');
+  src: url('iconfont.svg?t=1766772710945#iconfont') format('svg');
 }
 
 .iconfont {
@@ -11,12 +11,28 @@
   -moz-osx-font-smoothing: grayscale;
 }
 
-.icon-four:before {
+.icon-fnos:before {
-  content: "\e8fb";
+  content: "\e60a";
 }
 
 .icon-ksyun:before {
-  content: "\e65a";
+  content: "\e8ad";
+}
+
+.icon-cmcc:before {
+  content: "\e989";
+}
+
+.icon-xinnet:before {
+  content: "\e643";
+}
+
+.icon-ucloud:before {
+  content: "\e717";
+}
+
+.icon-four:before {
+  content: "\e8fb";
 }
 
 .icon-rainyun:before {

packages/ui/certd-client/public/static/icons/iconfont.json

@@ -5,6 +5,41 @@
   "css_prefix_text": "icon-",
   "description": "",
   "glyphs": [
+    {
+      "icon_id": "45984300",
+      "name": "飞牛",
+      "font_class": "fnos",
+      "unicode": "e60a",
+      "unicode_decimal": 58890
+    },
+    {
+      "icon_id": "21785199",
+      "name": "金山云logo",
+      "font_class": "ksyun",
+      "unicode": "e8ad",
+      "unicode_decimal": 59565
+    },
+    {
+      "icon_id": "17262195",
+      "name": "中国移动",
+      "font_class": "cmcc",
+      "unicode": "e989",
+      "unicode_decimal": 59785
+    },
+    {
+      "icon_id": "3445787",
+      "name": "xinnet",
+      "font_class": "xinnet",
+      "unicode": "e643",
+      "unicode_decimal": 58947
+    },
+    {
+      "icon_id": "41854093",
+      "name": "ucloud",
+      "font_class": "ucloud",
+      "unicode": "e717",
+      "unicode_decimal": 59159
+    },
     {
       "icon_id": "544964",
       "name": "social-foursquare",
@@ -12,13 +47,6 @@
       "unicode": "e8fb",
       "unicode_decimal": 59643
     },
-    {
-      "icon_id": "8567079",
-      "name": "ksyun-logo",
-      "font_class": "ksyun",
-      "unicode": "e65a",
-      "unicode_decimal": 58970
-    },
     {
       "icon_id": "42174864",
       "name": "雨-copy",

packages/ui/certd-client/public/static/icons/iconfont.svg

@@ -14,9 +14,17 @@
     />
       <missing-glyph />
       
-      <glyph glyph-name="four" unicode="&#59643;" d="M769.629867 861.866667c0 0-438.0864 0-508.209067 0C191.287467 861.866667 170.666667 808.964267 170.666667 775.650133c0-33.3376 0-809.898667 0-809.898666 0-37.527467 20.106667-51.4496 31.3984-56.036267 11.304533-4.597333 42.487467-8.471467 61.169066 13.1584 0 0 239.933867 279.242667 244.053334 283.3792 6.231467 6.250667 6.231467 6.250667 12.4672 6.250667 12.4672 0 104.942933 0 155.236266 0 65.224533 0 75.712 46.653867 82.525867 74.1376 5.672533 23.016533 69.309867 349.7856 90.564267 453.4592C864.305067 819.214933 844.256 861.866667 769.629867 861.866667zM757.5168 286.641067c5.672533 23.016533 69.309867 349.7856 90.564267 453.4592M739.6096 723.904l-21.3312-110.365867c-2.549333-12.053333-17.678933-24.736-31.707733-24.736-14.026667 0-204.622933 0-204.622934 0C459.675733 588.8 443.733333 575.7056 443.733333 553.3824l0-28.689067c0-22.3424 16.040533-38.173867 38.325334-38.173866 0 0 158.894933 0 174.609066 0 15.7312 0 31.168-17.2992 27.767467-34.144-3.4176-16.8704-19.383467-99.3472-21.2992-108.565334-1.924267-9.233067-12.469333-25.013333-31.170133-25.013333-15.761067 0-137.1072 0-137.1072 0-24.970667 0-32.520533-3.2704-49.224534-24.091733-16.718933-20.842667-166.946133-201.796267-166.946133-201.796267-1.521067-1.7536-3.008-1.245867-3.008 0.6656L275.68 725.5552c0 14.2592 12.3584 30.9824 30.888533 30.9824 0 0 391.921067 0 407.835734 0C729.412267 756.539733 743.441067 742.391467 739.6096 723.904z"  horiz-adv-x="1024" />
+      <glyph glyph-name="fnos" unicode="&#58890;" d="M144.482434 896h730.821577c67.983402-28.323585 116.141145-76.481328 144.46473-144.46473v-730.821577c-28.323585-67.983402-76.481328-116.141145-144.46473-144.46473h-730.821577c-67.983402 28.323585-116.141145 76.481328-144.46473 144.46473v730.821577c28.323585 67.983402 76.481328 116.141145 144.46473 144.46473zM229.461687 632.564315c-1.665593-32.445079 1.164216-66.43678 8.497926-101.975103 17.990108-19.800166 40.654075-29.717245 67.983402-29.742739-18.63595-17.208299-27.133876-38.453112-25.493776-63.73444-84.486373 1.053743-117.058921 43.543369-97.726141 127.46888a431.320697 431.320697 0 0 0 46.738589 67.983402zM781.826833 632.564315c66.938158-53.536929 75.436083-114.44156 25.493776-182.705394a3226.917178 3226.917178 0 0 0-399.40249-12.746888v-237.941909h50.987552c-9.883087 77.900481 24.108614 109.062373 101.975104 93.477179a275.647203 275.647203 0 0 0 4.248962 67.983402 80.458357 80.458357 0 0 0 21.244813 12.746888 571.281527 571.281527 0 0 0 169.958507-4.248962c-32.436581-40.280166-74.926207-60.105826-127.46888-59.485477 11.149278-79.387618-22.842423-107.719701-101.975104-84.979254a347.871071 347.871071 0 0 0-4.248962-76.481327 59.273029 59.273029 0 0 0-29.742739-21.244814 361.14483 361.14483 0 0 0-110.473029 0 59.273029 59.273029 0 0 0-29.742739 21.244814 814.381676 814.381676 0 0 0-12.746888 161.460581 814.381676 814.381676 0 0 0 12.746888 161.46058 305.415436 305.415436 0 0 0 38.240664 29.742739l365.410789 8.497925c15.576697 4.248963 25.493776 14.166041 29.742738 29.742739 5.761593 31.62078 4.34244 62.782672-4.248962 93.477178z"  horiz-adv-x="1024" />
       
-      <glyph glyph-name="ksyun" unicode="&#58970;" d="M765.457 75.317c-3.34 0-6.63 0.215-9.937 0.354h5.055v0.086c-51.304 1.425-97.07 24.545-128.508 60.633l-0.591-0.035-3.1 4.473c-0.674 0.82-1.386 1.614-2.042 2.451l-9.393 13.59 0.185 0.173-6.552 9.444c-0.056-0.069-0.1-0.138-0.151-0.198l-89.26 129.086-0.221-0.026c-11.154 14.712-28.757 24.264-48.64 24.264-10.982 0-21.26-2.94-30.16-8.016a104.014 104.014 0 0 0 7.117-11.767l144.994-221.015 0.302 0.181c14.453-23.991 40.672-40.084 70.72-40.084 11.496 0 22.434 2.357 32.38 6.604-23.15-22.93-54.986-37.115-90.145-37.115-46.033 0-86.278 24.355-108.867 60.805h-0.289l-64.475 98.628c-35.82-55.668-98.126-92.628-169.227-92.628-1.675 0-3.294 0.208-4.957 0.251v0.111c-125.861 2.66-227.127 105.328-227.127 231.834 0 119.944 91 218.623 207.729 230.8 27.415 126.561 139.986 221.4 274.757 221.4 139.196 0 254.699-101.167 277.171-233.97 112.178-13.248 199.207-108.604 199.207-224.343 0-124.805-101.17-225.971-225.975-225.971z m0 360.781c-26.715 0-51.55-7.873-72.5-21.28a186.8 186.8 0 0 1 11.13 63.584c0 104.403-84.634 189.033-189.033 189.033s-189.032-84.63-189.032-189.033c0-16.603 2.261-32.652 6.324-47.967-20.082 11.072-43.142 17.409-67.695 17.409-77.566 0-140.448-62.882-140.448-140.444 0-77.571 62.882-140.448 140.448-140.448v-0.027c54.52 0 99.642 39.723 108.31 91.783 0.48 2.866 0.864 5.767 1.145 8.702 0.267 3.125 0.479 6.26 0.479 9.445 0 32.116-16.469 60.321-41.346 76.682 7.524 1.74 15.333 2.728 23.392 2.728 32.271 0 60.896-14.794 79.988-37.759 21.117 23.108 51.351 37.68 85.043 37.68 41.367 0 77.553-21.897 97.963-54.709h0.086l61.375-91.04c18.833-26.296 49.556-43.512 84.37-43.512v-0.44c74.454 0 134.811 60.348 134.811 134.802s-60.356 134.811-134.81 134.811z"  horiz-adv-x="1024" />
+      <glyph glyph-name="ksyun" unicode="&#59565;" d="M718.5408 442.1632c-4.1984 0-8.3968 0.7168-12.5952 0.7168a103.8336 103.8336 0 0 1-67.8912-25.088 139.6736 139.6736 0 0 1 13.6192 60.3136 133.12 133.12 0 0 1-2.4576 25.7024 139.5712 139.5712 0 0 1-274.432 0 133.12 133.12 0 0 1-2.4576-25.7024 139.6736 139.6736 0 0 1 13.6192-60.3136 103.8336 103.8336 0 0 1-67.8912 25.088c-4.1984 0-8.3968 0-12.5952-0.7168a104.5504 104.5504 0 1 1 101.0688-159.4368 116.736 116.736 0 0 1 6.144 11.0592 105.1648 105.1648 0 0 1 4.9152 76.6976 62.6688 62.6688 0 0 0 27.3408-20.48l2.6624-3.8912a83.2512 83.2512 0 0 0 133.9392 3.3792l4.7104-6.8608 51.2-73.9328a84.0704 84.0704 0 0 1 62.464-34.6112h5.5296a104.5504 104.5504 0 0 1 12.5952 208.384zM512 896a512 512 0 1 1 512-512A512 512 0 0 1 512 896z m200.8064-732.3648h-6.8608a152.4736 152.4736 0 0 0-120.5248 58.9824S509.2352 331.3664 508.0064 332.8a42.1888 42.1888 0 0 1-32.4608 15.2576 40.96 40.96 0 0 1-24.064-7.5776l122.88-175.4112a62.5664 62.5664 0 0 1 77.0048-20.48A97.5872 97.5872 0 0 0 593.92 112.4352a97.0752 97.0752 0 0 0-95.5392 39.1168l-49.4592 70.656a174.8992 174.8992 0 1 0-143.36 290.5088 209.7152 209.7152 0 0 0 413.9008 0 174.7968 174.7968 0 0 0-6.144-349.0816z"  horiz-adv-x="1024" />
+      
+      <glyph glyph-name="cmcc" unicode="&#59785;" d="M922.8575 285.75C845.75 386.25 730.625 489.45 698.8925 514.575 676.25 532.5 654.4625 541.5 632.6975 541.5a95.3025 95.3025 0 0 1-61.6575-25.125c-3.63-3.5925-9.0675-8.0775-15.4125-13.4625-45.3375-37.695-186.795-166.0275-190.4175-169.6125a58.9425 58.9425 0 0 0-39.9-16.155 69.2175 69.2175 0 0 0-43.5 20.64A1055.0475 1055.0475 0 0 0 166.625 447.27c-34.455 38.5875-63.4725 72.69-63.4725 72.69s-6.345-12.5625-9.975-22.4325a17.025 17.025 0 0 1 0.9075-14.3625C113.1275 456.24 199.25 354.8325 317.15 253.425A100.2675 100.2675 0 0 1 383.3375 226.5a95.3025 95.3025 0 0 1 61.6575 25.125c3.63 3.5925 9.0675 8.0775 15.4125 13.4625 45.3375 37.695 131.4825 115.77 171.375 152.565 9.0675 8.0775 15.4125 13.4625 18.135 16.155a58.9425 58.9425 0 0 0 39.9 16.155 74.295 74.295 0 0 0 43.5-20.64c25.3875-21.54 66.195-59.25 115.155-109.5 35.3625-37.695 63.4725-71.7975 63.4725-72.69 0 0 6.345 13.4625 9.975 22.4325a16.125 16.125 0 0 1 0.9375 16.185zM469.61 660.9525c-39.8025-28.95-202.635-180.0225-234.3-216.21a550.5 550.5 0 0 1 57-53.4 19.8 19.8 0 0 1 28.95 3.615c62.4225 63.3225 190.8825 176.4075 208.065 189.975 47.9475 40.71 104.94 44.325 155.595 6.33 124.8375-94.05 236.1075-241.5075 255.105-268.65 0 0 2.715 13.5675 4.5 25.3275a28.5975 28.5975 0 0 1-3.615 20.805c-117.6 169.1775-242.4225 274.11-290.37 300.345-54.2775 28.0425-117.6 38.0025-180.93-8.1375zM337.505 748.7025c-80.4825-65.13-184.5-161.025-210.75-189.975a706.5 706.5 0 0 1 50.6625-54.2775 11.1225 11.1225 0 0 1 17.19 1.8075c79.605 76.8975 165.5475 155.6025 216.2025 194.505 84.135 65.1375 183.645 71.4675 280.44-5.43a1192.665 1192.665 0 0 0 114.8925-104.94 1623 1623 0 0 0 141.12-180 206.505 206.505 0 0 1-4.5 37.995 57.8325 57.8325 0 0 1-5.43 14.475 857.025 857.025 0 0 1-100.4325 145.59C728.3375 735.135 660.4925 773.13 616.1675 796.65 557.36 826.5 444.2825 835.5525 337.505 748.7025zM554.6375 113.64c39.8025 28.95 202.6425 180 234.3 216.21a615.465 615.465 0 0 1-57 54.2775 19.8 19.8 0 0 1-28.95-3.615c-62.3925-63.3225-190.8525-176.4075-208.0425-189.975-47.9475-40.71-104.94-44.325-156.5025-6.33C213.605 278.2875 103.235 425.745 84.2375 453.7875c0 0-2.715-13.5675-4.5-25.3275a28.5975 28.5975 0 0 1 3.6-20.8125c117.6-169.1625 242.4375-274.11 290.385-300.36 54.2775-29.8275 117.6075-39.75 180.915 6.3525zM686.75 25.8975c80.5125 65.1375 184.545 161.025 210.75 189.975a706.5 706.5 0 0 1-50.6625 54.2775 11.1225 11.1225 0 0 1-17.19-1.8075C750.05 191.445 664.1075 112.74 613.4525 73.8375c-84.135-65.1375-183.645-71.4675-280.44 5.43a1192.6725 1192.6725 0 0 0-114.8925 104.9625A1623 1623 0 0 0 77 364.23a214.4325 214.4325 0 0 1 4.5-37.995 57.8325 57.8325 0 0 1 5.4525-14.505 857.025 857.025 0 0 1 100.4175-145.65c108.555-126.6 176.4-164.61 220.725-188.1 58.8075-29.8875 171.885-38.9325 278.655 47.9175z"  horiz-adv-x="1024" />
+      
+      <glyph glyph-name="xinnet" unicode="&#58947;" d="M449.695 233.805h-88.57v26.492l74.139 5.63 9.618 22.795-127.737-8.113-0.617-2.771v-177.932l28.119 8.282 13.398 3.923v0.03l3.08 0.91v99.226h23.988v-112.394l44.58 13.168v99.226h8.25zM304.441 276.603h-48.809s-6.702 11.83-28.222 11.83c-21.525 0-27.389-11.83-27.389-11.83h-48.383v-21.643l141.504 0.102 11.299 21.541zM304.513 233.38h-20.7l7.837 14.765h-43.566l-11.614-14.934h-18.218l-10.865 14.861h-45.663l8.036-14.692h-18.233v-21.33h141.42zM161.927 164.311l-13.801-57.507h40.163l11.728 57.507zM256.84 164.311l9.477-55.332h38.3l-10.506 55.332zM304.733 194.389h-53.886v10.74h-44.438v-10.74h-54.771v-21.446h54.771v-48.318h-8.643v-0.111h-0.188v-24.631h13.742l39.527 24.954v48.106h42.296zM864.869 288.799H593.381v-188.916l44.496 12.932V265.246h188.049zM877.851 288.577l-44.705-26.382v-138.056h-36.295v-24.18h36.975l7.072 4.223 36.953 20zM734.63 248.512h-36.384l-8.753-21.764-9.535 24.053h-36.402l26.135-64.327-25.837-62.403h36.394l8.878 22.154 8.792-22.154h36.403l-25.344 62.403zM826.948 248.512H790.55l-9.685-24.121-9.843 23.793H734.63l26.974-62.699-25.413-61.414h36.394l9.023 22.51 7.39-18.144H825.4l-24.559 57.048zM380.676 634.375c0-18.175-13.885-32.909-30.973-32.909-17.115 0-30.994 14.734-30.994 32.909 0 18.184 13.879 32.903 30.994 32.903 17.088 0 30.973-14.719 30.973-32.903M708.995 555.937c-17.526 18.575-35.742 16.512-35.742 16.512h-101.77v-188.863h44.27V525.21h35.131s11.535 0.583 19.521-7.881c7.973-8.491 7.723-19.026 7.723-19.026v-114.718h44.496V519.638c-0.001 0 0.293 21.58-13.629 36.299M952.059 619.991h44.539v-214.982l-44.539-40.773zM923.821 565.444h100.994v-47.234H923.821zM327.123 502.904v-119.319h44.508V528.96c-11.426-8.281-26.541-17.127-44.508-26.056M208.431 456.805c-49.177-15.085-95.271-24.986-131.765-29.172l-27.514-44.048h100.25l26.299 53.23 23.829-53.23h100.255l-50.09 86.893c-13.222-4.714-26.999-9.32-41.264-13.673M384.299 570.887c-4.249 15.558-46.788 17.206-106.439 6.753 32.997 4.075 55.276 1.879 57.824-7.445 3.938-14.56-41.703-41.739-106.182-64.657l-4.818 8.344 75.1 135.905H199.53l-23.831-53.233-26.297 53.233H49.151l81.398-135.905-24.658-39.493c-33.66-4.29-56.458-2.133-59.02 7.278-2.77 10.262 18.963 26.743 54.58 43.6C37.942 498.585-3.402 470.228 1.158 453.44c6.298-23.116 97.141-15.564 202.949 16.861 105.786 32.439 186.461 77.47 180.192 100.586M873.015 443.356c-10.421-13.998-26.54-22.961-44.674-22.961-25.423 0-46.964 17.714-54.271 42.163h144.285a106.258 106.258 0 0 1 1.601 18.312c0 53.732-41.021 97.293-91.614 97.293-50.556 0-91.57-43.561-91.57-97.293 0-53.725 41.015-97.285 91.57-97.285 38.085 0 70.728 24.677 84.548 59.771h-39.875z m-44.674 98.009c25.456 0 47.013-17.729 54.296-42.172H774.069c7.308 24.443 28.849 42.172 54.272 42.172M533.527 555.937c-17.575 18.575-35.783 16.512-35.783 16.512h-101.78v-188.863h44.301V525.21h35.108s11.542 0.583 19.518-7.881c8.002-8.491 7.725-19.026 7.725-19.026v-114.718h44.495V519.638c-0.001 0 0.289 21.58-13.584 36.299M974.67 115.784c-22.534 0-40.867 18.328-40.867 40.857 0 22.528 18.333 40.856 40.867 40.856 22.529 0 40.857-18.328 40.857-40.856 0-22.529-18.328-40.857-40.857-40.857z m0 78.714c-20.88 0-37.867-16.982-37.867-37.856 0-20.875 16.987-37.857 37.867-37.857 20.875 0 37.857 16.982 37.857 37.857 0 20.874-16.982 37.856-37.857 37.856zM993.532 133.594h-6.949l-7.567 12.662c-1.512 2.532-2.896 4.255-4.152 5.167-1.256 0.913-2.758 1.37-4.505 1.37h-4.24v-19.199h-5.889v45.611h13.898c4.436 0 7.91-1.069 10.424-3.209 2.512-2.14 3.769-5.134 3.769-8.981 0-6.321-3.377-10.424-10.129-12.309v-0.146a9.343 9.343 0 0 0 3.253-2.268c0.913-0.981 2.096-2.66 3.549-5.035l8.538-13.663z m-27.414 40.459v-16.107h6.949c2.689 0 4.873 0.785 6.552 2.355s2.518 3.632 2.518 6.184c0 2.375-0.766 4.23-2.297 5.565s-3.759 2.003-6.684 2.003h-7.038z"  horiz-adv-x="1024" />
+      
+      <glyph glyph-name="ucloud" unicode="&#59159;" d="M945.883 829.294v-592.457c0-191.927-150.162-342.09-342.089-342.09h-108.47c-191.927 0-342.09 150.163-342.09 342.09V562.249h100.06v91.794h83.456v83.383h66.78v-542.28A149.504 149.504 0 0 1 553.69 44.91h16.823a149.723 149.723 0 0 1 150.163 150.235V829.294h225.28z m-734.28-183.589v-58.441h-58.369v58.441h58.368z m83.455 91.721v-58.368h-50.03v58.368h50.03z m-83.383 0v-41.691h-50.102v41.691h50.03z m-91.794-8.265v-33.426H78.117v33.5h41.691z m275.31 100.133v-58.515H336.75V829.294h58.514z m-100.133-8.412v-41.691h-50.03V820.882h50.03z m-91.794 0v-33.353h-41.691V820.882h41.691z m-91.794-8.338v-25.015H78.117V812.544h33.353zM278.382 896v-25.015h-25.088V896h25.088z m-75.118 0v-25.015h-33.353V896h33.353z"  horiz-adv-x="1024" />
+      
+      <glyph glyph-name="four" unicode="&#59643;" d="M769.629867 861.866667c0 0-438.0864 0-508.209067 0C191.287467 861.866667 170.666667 808.964267 170.666667 775.650133c0-33.3376 0-809.898667 0-809.898666 0-37.527467 20.106667-51.4496 31.3984-56.036267 11.304533-4.597333 42.487467-8.471467 61.169066 13.1584 0 0 239.933867 279.242667 244.053334 283.3792 6.231467 6.250667 6.231467 6.250667 12.4672 6.250667 12.4672 0 104.942933 0 155.236266 0 65.224533 0 75.712 46.653867 82.525867 74.1376 5.672533 23.016533 69.309867 349.7856 90.564267 453.4592C864.305067 819.214933 844.256 861.866667 769.629867 861.866667zM757.5168 286.641067c5.672533 23.016533 69.309867 349.7856 90.564267 453.4592M739.6096 723.904l-21.3312-110.365867c-2.549333-12.053333-17.678933-24.736-31.707733-24.736-14.026667 0-204.622933 0-204.622934 0C459.675733 588.8 443.733333 575.7056 443.733333 553.3824l0-28.689067c0-22.3424 16.040533-38.173867 38.325334-38.173866 0 0 158.894933 0 174.609066 0 15.7312 0 31.168-17.2992 27.767467-34.144-3.4176-16.8704-19.383467-99.3472-21.2992-108.565334-1.924267-9.233067-12.469333-25.013333-31.170133-25.013333-15.761067 0-137.1072 0-137.1072 0-24.970667 0-32.520533-3.2704-49.224534-24.091733-16.718933-20.842667-166.946133-201.796267-166.946133-201.796267-1.521067-1.7536-3.008-1.245867-3.008 0.6656L275.68 725.5552c0 14.2592 12.3584 30.9824 30.888533 30.9824 0 0 391.921067 0 407.835734 0C729.412267 756.539733 743.441067 742.391467 739.6096 723.904z"  horiz-adv-x="1024" />
       
       <glyph glyph-name="rainyun" unicode="&#58888;" d="M718.134993 776.973274c-70.87597 0-133.984711-37.986607-175.005393-97.211733-25.971674 39.685689-67.113719 65.414637-113.595733 65.414637-70.390519 0-128.766104-58.861037-140.05286-135.926519h-54.49197c-83.13363 0-150.368711-77.308207-150.368711-172.699496 0-95.391289 67.356444-172.699496 150.368711-172.699496h483.145956c123.426133 0 223.429215 114.809363 223.429214 256.43994 0 141.873304-100.003081 256.682667-223.429214 256.682667zM718.134993 805.49357c-66.264178 0-128.644741-29.855289-175.005393-82.76954-30.70483 32.768-70.754607 50.972444-113.595733 50.972444-74.759585 0-139.081956-55.948326-160.077748-135.926518h-34.467082c-96.847644 0-175.612207-90.294044-175.612207-201.219793s78.764563-201.09843 175.612207-201.09843h483.145956c137.140148 0 248.672711 127.7952 248.672711 284.960237 0 157.2864-111.532563 285.0816-248.672711 285.0816z m0-513.001244H234.989037c-69.055526 0-125.246578 64.686459-125.246578 144.1792s56.191052 144.1792 125.246578 144.1792h54.49197c12.379022 0 22.816237 10.073126 24.879408 23.787141 9.466311 64.929185 58.011496 112.139378 115.173452 112.139377 37.015704 0 70.997333-19.6608 93.328118-53.885155 4.733156-7.160415 12.014933-11.408119 19.903526-11.529482 7.403141 0 15.291733 3.883615 20.146252 10.922667 37.986607 54.856059 94.420385 86.289067 155.101867 86.289067 109.34803 0 198.307081-102.308978 198.307081-228.041008 0.121363-125.73203-88.837689-228.041007-198.185718-228.041007zM216.056415 169.915733L66.658607-1.084681c-9.8304-11.165393-9.709037-29.248474 0.242726-40.292504 4.854519-5.461333 11.286756-8.252681 17.718993-8.252682 6.5536 0 12.985837 2.791348 17.961718 8.495408l149.397808 171.000415c9.8304 11.165393 9.709037 29.248474-0.242726 40.292503-9.951763 11.165393-25.971674 11.04403-35.680711-0.242726zM448.223763 170.158459c-9.951763 11.04403-25.850311 10.922667-35.680711-0.242726l-74.638222-85.439526c-9.8304-11.165393-9.709037-29.248474 0.242726-40.292503 4.854519-5.461333 11.286756-8.252681 17.718992-8.252682 6.5536 0 12.985837 2.791348 17.961719 8.495408l74.638222 85.439526c9.8304 11.286756 9.709037 29.248474-0.242726 40.292503zM808.793126 169.915733l-74.638222-85.439526c-9.8304-11.165393-9.709037-29.248474 0.242726-40.292503 4.854519-5.461333 11.286756-8.252681 17.718992-8.252682 6.5536 0 12.985837 2.791348 17.961719 8.495408l74.638222 85.439526c9.8304 11.165393 9.709037 29.248474-0.242726 40.292503-9.951763 11.165393-25.850311 11.04403-35.680711-0.242726zM612.427852 169.915733L463.030044-1.084681c-9.8304-11.165393-9.709037-29.248474 0.242726-40.292504 4.854519-5.461333 11.286756-8.252681 17.718993-8.252682 6.5536 0 12.985837 2.791348 17.961718 8.495408l149.276445 171.000415c9.8304 11.165393 9.709037 29.248474-0.242726 40.292503-9.8304 11.165393-25.850311 11.04403-35.559348-0.242726z"  horiz-adv-x="1024" />
       

packages/ui/certd-client/src/api/service.ts

@@ -71,7 +71,7 @@ function createService() {
             // @ts-ignore
             response.config.onError(err);
           }
-          errorCreate(`${errorMessage}: ${response.config.url}`, showErrorNotify, dataAxios);
+          errorCreate(`${errorMessage} （请求接口： ${response.config.url}）`, showErrorNotify, dataAxios);
       }
     },
     error => {
@@ -113,7 +113,7 @@ function createService() {
         default:
           break;
       }
-      error.message += `: ${error.response?.config?.url}`;
+      error.message += `（ 请求接口：${error.response?.config?.url}）`;
       errorLog(error, error?.response?.config?.showErrorNotify);
       if (status === 401) {
         const userStore = useUserStore();

packages/ui/certd-client/src/locales/langs/en-US/certd.ts

@@ -52,6 +52,7 @@ export default {
   siteMonitorSetting: "Site Monitor Settings",
   userSecurity: "Security Settings",
   userProfile: "Account Info",
+  userGrant: "Grant Delegation",
   suite: "Suite",
   mySuite: "My Suite",
   suiteBuy: "Suite Purchase",
@@ -62,6 +63,12 @@ export default {
     greeting: "Hello",
     profile: "Account Info",
     logout: "Logout",
+    setting: {
+      grantSetting: "Grant Settings",
+      saveSuccess: "Save Success",
+      allowAdminViewCerts: "Allow Admin view and download Certs",
+      allowAdminViewCertsHelper: "Allow admin view and download all certificates",
+    },
   },
   dashboard: {
     greeting: "Hello, {name}, welcome to 【{site}】",
@@ -220,6 +227,7 @@ export default {
     selectTitle: "Certificate Apply Plugin",
     jsAcme: "JS-ACME: Easy to use, powerful features [Recommended]",
     legoAcme: "Lego-ACME: Based on Lego, supports a wide range of DNS providers, suitable for users familiar with Lego",
+    aliyunOrder: "Aliyun-Order: Get certificate from Aliyun certificate order",
   },
   pipelineForm: {
     createTitle: "Create Certificate Pipeline",

packages/ui/certd-client/src/locales/langs/en-US/guide.ts

@@ -61,7 +61,7 @@ export default {
     description: "Automatic running",
     setSchedule: "Set Scheduled Execution",
     pipelineSuccessThenSchedule: "Pipeline tests succeed, then configure scheduled triggers so it runs automatically daily",
-    recommendDailyRun: "Recommend configuring to run once daily; new certs requested 35 days before expiry and auto-skipped otherwise",
+    recommendDailyRun: "Recommend configuring to run once daily; new certs requested 18 days before expiry and auto-skipped otherwise",
     setEmailNotification: "Set Email Notifications",
     suggestErrorAndRecoveryEmails: "Suggest listening for 'On Error' and 'Error to Success' to quickly troubleshoot failures (basic version requires mail server setup)",
     tutorialEndTitle: "Tutorial End",

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -57,6 +57,7 @@ export default {
   siteMonitorSetting: "站点监控设置",
   userSecurity: "认证安全设置",
   userProfile: "账号信息",
+  userGrant: "授权委托",
   suite: "套餐",
   mySuite: "我的套餐",
   suiteBuy: "套餐购买",
@@ -68,6 +69,13 @@ export default {
     greeting: "您好",
     profile: "账号信息",
     logout: "注销登录",
+
+    setting: {
+      grantSetting: "授权委托设置",
+      saveSuccess: "保存成功",
+      allowAdminViewCerts: "授权管理员查看和下载证书",
+      allowAdminViewCertsHelper: "允许管理员查看和下载我的所有证书",
+    },
   },
   dashboard: {
     greeting: "您好，{name}，欢迎使用 【{site}】",
@@ -225,6 +233,7 @@ export default {
     selectTitle: "证书申请插件",
     jsAcme: "JS-ACME：使用简单方便，功能强大【推荐】",
     legoAcme: "Lego-ACME：基于Lego实现，支持海量DNS提供商，熟悉LEGO的用户可以使用",
+    aliyunOrder: "Aliyun-Order：从阿里云证书订单中获取证书更新",
   },
   pipelineForm: {
     createTitle: "创建证书流水线",
@@ -759,6 +768,14 @@ export default {
       certDomainAddToMonitorEnabled: "证书域名添加到证书监控",
       certDomainAddToMonitorEnabledHelper: "创建证书流水线时是否可以选择将域名添加到证书监控",
 
+      defaultCertRenewDays: "默认到期前更新天数",
+      defaultCertRenewDaysHelper: "创建证书流水线时，默认的证书到期前更新天数",
+      defaultCertRenewDaysRecommend: "默认值15",
+
+      pipelineMaxRunningCount: "同时最大运行流水线数量",
+      pipelineMaxRunningCountHelper: "同一个用户同时运行的最大流水线数量，避免同时触发太多导致ACME账户被限制",
+      pipelineMaxRunningCountRecommend: "推荐5-10",
+
       fixedCertExpireDays: "固定证书有效期天数",
       fixedCertExpireDaysHelper: "固定证书有效期天数，有助于列表进度条整齐显示",
       fixedCertExpireDaysRecommend: "推荐90",

packages/ui/certd-client/src/locales/langs/zh-CN/guide.ts

@@ -61,7 +61,7 @@ export default {
     description: "自动运行",
     setSchedule: "设置定时执行",
     pipelineSuccessThenSchedule: "流水线测试成功，接下来配置定时触发，以后每天定时执行就不用管了",
-    recommendDailyRun: "推荐配置每天运行一次，默认到期前35天会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
+    recommendDailyRun: "推荐配置每天运行一次，默认到期前18天会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
     setEmailNotification: "设置邮件通知",
     suggestErrorAndRecoveryEmails: "建议选择监听'错误时'和'错误转成功'两种即可，在意外失败时可以尽快去排查问题",
     tutorialEndTitle: "教程结束",

packages/ui/certd-client/src/router/source/modules/certd.ts

@@ -204,6 +204,17 @@ export const certdResources = [
               isMenu: true,
             },
           },
+          {
+            title: "certd.userGrant",
+            name: "UserGrantSetting",
+            path: "/certd/mine/grant",
+            component: "/certd/mine/grant/index.vue",
+            meta: {
+              icon: "mi:user-check",
+              auth: true,
+              isMenu: true,
+            },
+          },
           {
             title: "certd.userProfile",
             name: "UserProfile",

packages/ui/certd-client/src/store/settings/api.basic.ts

@@ -54,6 +54,9 @@ export type SysPublicSetting = {
   //流水线是否启用有效期
   pipelineValidTimeEnabled?: boolean;
 
+  // 默认到期前更新天数
+  defaultCertRenewDays?: number;
+
   //证书域名添加到监控
   certDomainAddToMonitorEnabled?: boolean;
 
@@ -86,6 +89,9 @@ export type SysPrivateSetting = {
   httpsProxy?: string;
   dnsResultOrder?: string;
   commonCnameEnabled?: boolean;
+  // 同一个用户同时最大运行流水线数量
+  pipelineMaxRunningCount?: number;
+
   sms?: {
     type?: string;
     config?: any;

packages/ui/certd-client/src/views/certd/mine/change-password-button.vue

@@ -1,6 +1,6 @@
 <template>
   <a-button v-if="showButton" type="primary" @click="open">
-    {{ $t("authentication.changePasswordButton") }}
+    {{ t("authentication.changePasswordButton") }}
   </a-button>
 </template>
 

packages/ui/certd-client/src/views/certd/mine/grant/api.ts

@@ -0,0 +1,25 @@
+// @ts-ignore
+import { request } from "/@/api/service";
+const apiPrefix = "/user/settings";
+export type UserGrantSetting = {
+  allowAdminViewCerts: boolean;
+};
+
+export async function GrantSettingsGet() {
+  const res = await request({
+    url: apiPrefix + "/grant/get",
+    method: "post",
+  });
+  if (!res) {
+    return {};
+  }
+  return res as UserGrantSetting;
+}
+
+export async function UserSettingSave(req: any) {
+  return await request({
+    url: apiPrefix + "/grant/save",
+    method: "post",
+    data: req,
+  });
+}

packages/ui/certd-client/src/views/certd/mine/grant/index.vue

@@ -0,0 +1,67 @@
+<template>
+  <fs-page class="page-user-settings page-grant">
+    <template #header>
+      <div class="title">{{ t("certd.user.setting.grantSetting") }}</div>
+    </template>
+
+    <div class="user-settings-form settings-form">
+      <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off">
+        <a-form-item :label="t('certd.user.setting.allowAdminViewCerts')" :name="['allowAdminViewCerts']">
+          <div class="flex mt-5">
+            <a-switch v-model:checked="formState.allowAdminViewCerts" :disabled="!settingsStore.isPlus" />
+            <vip-button class="ml-5" mode="button"></vip-button>
+          </div>
+          <div class="helper">{{ t("certd.user.setting.allowAdminViewCertsHelper") }}</div>
+        </a-form-item>
+
+        <a-form-item label=" " :colon="false" :wrapper-col="{ span: 16 }">
+          <loading-button type="primary" html-type="button" :click="doSave">{{ t("certd.confirm") }}</loading-button>
+        </a-form-item>
+      </a-form>
+    </div>
+  </fs-page>
+</template>
+
+<script setup lang="tsx">
+import { computed, reactive, watch } from "vue";
+import * as api from "./api";
+import { UserGrantSetting } from "./api";
+import { Modal, notification } from "ant-design-vue";
+import { merge } from "lodash-es";
+import { useSettingStore } from "/@/store/settings";
+import { useI18n } from "/src/locales";
+
+const { t } = useI18n();
+const settingsStore = useSettingStore();
+defineOptions({
+  name: "UserSecurity",
+});
+
+const formState = reactive<Partial<UserGrantSetting>>({
+  allowAdminViewCerts: false,
+});
+
+async function loadUserSettings() {
+  const data: any = await api.GrantSettingsGet();
+  merge(formState, data);
+}
+
+loadUserSettings();
+const doSave = async () => {
+  await api.UserSettingSave({
+    ...formState,
+  });
+  notification.success({
+    message: t("certd.user.setting.saveSuccess"),
+  });
+};
+</script>
+
+<style lang="less">
+.page-user-settings {
+  .user-settings-form {
+    width: 600px;
+    margin: 20px;
+  }
+}
+</style>

packages/ui/certd-client/src/views/certd/pipeline/certd-form/use.tsx

@@ -163,6 +163,7 @@ export function useCertPipelineCreator() {
               data: [
                 { value: "CertApply", label: "JS-ACME" },
                 { value: "CertApplyLego", label: "Lego-ACME" },
+                { value: "CertApplyGetFormAliyun", label: "Aliyun-Order" },
               ],
             }),
             form: {
@@ -174,6 +175,7 @@ export function useCertPipelineCreator() {
                     <ul>
                       <li>{t("certd.plugin.jsAcme")}</li>
                       <li>{t("certd.plugin.legoAcme")}</li>
+                      <li>{t("certd.plugin.aliyunOrder")}</li>
                     </ul>
                   );
                 },
@@ -201,7 +203,7 @@ export function useCertPipelineCreator() {
               component: {
                 name: "cron-editor",
                 vModel: "modelValue",
-                placeholder: "0 0 4 * * *",
+                placeholder: "0 0 4 * * * (表示凌晨4点执行)",
               },
               helper: t("certd.pipelineForm.triggerCronHelper"),
               order: 100,

packages/ui/certd-client/src/views/certd/pipeline/components/change-trigger.vue

@@ -22,6 +22,8 @@ async function batchUpdateRequest(form: any) {
     title: "定时触发",
     type: "timer",
     props: form.clear ? false : form.props,
+    random: form.random,
+    randomRange: form.randomRange,
   });
   emit("change");
 }
@@ -56,6 +58,49 @@ async function openFormDialog() {
           },
         },
       },
+      random: {
+        title: "随机时间",
+        form: {
+          value: true,
+          helper: "是否给流水线随机设置一个时间",
+          show: compute(({ form }) => {
+            return form.clear !== true;
+          }),
+          component: {
+            name: "fs-dict-switch",
+            vModel: "checked",
+            dict: dict({
+              data: [
+                {
+                  label: "随机时间",
+                  value: true,
+                },
+                {
+                  label: "固定时间",
+                  value: false,
+                },
+              ],
+            }),
+          },
+        },
+      },
+      randomRange: {
+        title: "随机时间范围",
+        form: {
+          value: ["00:00:00", "08:00:00"],
+          helper: "随机时间范围，单位秒",
+          component: {
+            //  <a-time-range-picker :bordered="false" />
+            name: "a-time-range-picker",
+            vModel: "value",
+            valueFormat: "HH:mm:ss",
+          },
+          show: compute(({ form }) => {
+            return form.clear !== true && form.random === true;
+          }),
+          rules: [{ required: true, message: "请选择随机时间范围" }],
+        },
+      },
       "props.cron": {
         title: t("certd.schedule"),
         form: {
@@ -64,7 +109,7 @@ async function openFormDialog() {
             vModel: "modelValue",
           },
           show: compute(({ form }) => {
-            return form.clear !== true;
+            return form.clear !== true && form?.random !== true;
           }),
           rules: [{ required: true, message: t("certd.selectCron") }],
         },

packages/ui/certd-client/src/views/certd/pipeline/crud.tsx

@@ -145,6 +145,9 @@ export default function ({ crudExpose, context: { selectedRowKeys } }: CreateCru
           },
         },
       },
+      search: {
+        col: { span: 3 },
+      },
       form: {
         afterSubmit({ form, res, mode }) {
           if (mode === "add") {
@@ -262,6 +265,7 @@ export default function ({ crudExpose, context: { selectedRowKeys } }: CreateCru
           type: "number",
           search: {
             show: true,
+            col: { span: 3 },
           },
           column: {
             width: 100,
@@ -277,6 +281,7 @@ export default function ({ crudExpose, context: { selectedRowKeys } }: CreateCru
             show: computed(() => {
               return userStore.isAdmin && settingStore.sysPublic.managerOtherUserPipeline;
             }),
+            col: { span: 3 },
           },
           form: {
             show: false,
@@ -297,6 +302,7 @@ export default function ({ crudExpose, context: { selectedRowKeys } }: CreateCru
             component: {
               name: "a-input",
             },
+            col: { span: 3 },
           },
           form: {
             rules: [{ required: true, message: t("certd.fields.required") }],

packages/ui/certd-client/src/views/sys/settings/tabs/pipeline.vue

@@ -26,12 +26,26 @@
 
       <a-form-item :label="t('certd.sys.setting.fixedCertExpireDays')" :name="['public', 'fixedCertExpireDays']">
         <div class="flex items-center">
-          <a-input-number v-model:value="formState.public.fixedCertExpireDays" :placeholder="t('certd.sys.setting.fixedCertExpireDaysRecommend')" />
+          <a-input-number v-model:value="formState.public.fixedCertExpireDays" :disabled="!settingsStore.isPlus" :placeholder="t('certd.sys.setting.fixedCertExpireDaysRecommend')" />
           <vip-button class="ml-5" mode="button"></vip-button>
         </div>
         <div class="helper">{{ t("certd.sys.setting.fixedCertExpireDaysHelper") }}</div>
       </a-form-item>
 
+      <a-form-item :label="t('certd.sys.setting.defaultCertRenewDays')" :name="['public', 'defaultCertRenewDays']">
+        <div class="flex items-center">
+          <a-input-number v-model:value="formState.public.defaultCertRenewDays" :placeholder="t('certd.sys.setting.defaultCertRenewDaysRecommend')" />
+        </div>
+        <div class="helper">{{ t("certd.sys.setting.defaultCertRenewDaysHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.sys.setting.pipelineMaxRunningCount')" :name="['private', 'pipelineMaxRunningCount']">
+        <div class="flex items-center">
+          <a-input-number v-model:value="formState.private.pipelineMaxRunningCount" :placeholder="t('certd.sys.setting.pipelineMaxRunningCountRecommend')" />
+        </div>
+        <div class="helper">{{ t("certd.sys.setting.pipelineMaxRunningCountHelper") }}</div>
+      </a-form-item>
+
       <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
         <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
       </a-form-item>

packages/ui/certd-server/package.json

@@ -6,7 +6,7 @@
   "type": "module",
   "scripts": {
     "start": "cross-env NODE_ENV=production node --optimize-for-size ./bootstrap.js",
-    "dev-start": "cross-env NODE_ENV=dev & mwtsc --watch --run @midwayjs/mock/app",
+    "dev-start": "cross-env NODE_ENV=dev & mwtsc --watch --run  @midwayjs/mock/app",
     "dc": "cd ../../../ && pnpm run dev",
     "dev": "cross-env NODE_ENV=local & pnpm run dev-start",
     "dev-commlocal": "cross-env NODE_ENV=dev-commlocal mwtsc --watch --run @midwayjs/mock/app",
@@ -44,6 +44,7 @@
     "@aws-sdk/client-acm": "^3.699.0",
     "@aws-sdk/client-cloudfront": "^3.699.0",
     "@aws-sdk/client-iam": "^3.699.0",
+    "@aws-sdk/client-route-53": "^3.957.0",
     "@aws-sdk/client-s3": "^3.705.0",
     "@certd/acme-client": "^1.37.16",
     "@certd/basic": "^1.37.16",
@@ -74,6 +75,7 @@
     "@midwayjs/upload": "3.20.13",
     "@midwayjs/validate": "3.20.13",
     "@peculiar/x509": "^1.11.0",
+    "@ucloud-sdks/ucloud-sdk-js": "^0.2.4",
     "@volcengine/openapi": "^1.28.1",
     "ali-oss": "^6.21.0",
     "axios": "^1.7.2",

packages/ui/certd-server/src/configuration.ts

@@ -31,6 +31,20 @@ process.on('uncaughtException', error => {
   }
 });
 
+// function startHeapLog() {
+//   function format(bytes: any) {
+//     return (bytes / 1024 / 1024).toFixed(2) + ' MB';
+//   }
+//   function log()  {
+//     const mu = process.memoryUsage();
+//     logger.info(`rss:${format(mu.rss)},heapUsed: ${format(mu.heapUsed)},heapTotal: ${format(mu.heapTotal)},external: ${format(mu.external)}`);
+//   }
+//   setInterval(log, 200);
+//   log()
+// }
+
+// startHeapLog();
+
 @Configuration({
   detectorOptions: {
     ignore: [
@@ -64,6 +78,9 @@ export class MainConfiguration {
   app: koa.Application;
 
   async onReady() {
+
+
+
     // add middleware
     // this.app.useMiddleware([ReportMiddleware]);
     // add filter

packages/ui/certd-server/src/controller/user/mine/user-settings-controller.ts

@@ -2,6 +2,9 @@ import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/c
 import { Constants, CrudController } from "@certd/lib-server";
 import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
 import { UserSettingsEntity } from "../../../modules/mine/entity/user-settings.js";
+import { UserGrantSetting } from "../../../modules/mine/service/models.js";
+import { isPlus } from "@certd/plus-core";
+import { merge } from "lodash-es";
 
 /**
  */
@@ -65,6 +68,26 @@ export class UserSettingsController extends CrudController<UserSettingsService>
     const entity = await this.service.getByKey(key, this.getUserId());
     return this.ok(entity);
   }
+@Post("/grant/get", { summary: Constants.per.authOnly })
+  async grantSettingsGet() {
+    const userId = this.getUserId();
+    const setting = await this.service.getSetting<UserGrantSetting>(userId, UserGrantSetting);
+    return this.ok(setting);
+  }
+
+  @Post("/grant/save", { summary: Constants.per.authOnly })
+  async grantSettingsSave(@Body(ALL) bean: UserGrantSetting) {
+    if (!isPlus()) {
+      throw new Error('本功能需要开通专业版')
+    }
+    const userId = this.getUserId();
+    const setting = new UserGrantSetting();
+    merge(setting, bean);
+
+    await this.service.saveSetting(userId, setting);
+    return this.ok({});
+  }
+
 
 
 }

packages/ui/certd-server/src/controller/user/pipeline/cert-controller.ts

@@ -1,8 +1,10 @@
-import {Body, Controller, Inject, Post, Provide, Query} from '@midwayjs/core';
+import { Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core';
 import { PipelineService } from '../../../modules/pipeline/service/pipeline-service.js';
-import { BaseController, Constants } from '@certd/lib-server';
+import { BaseController, Constants, PermissionException } from '@certd/lib-server';
 import { StorageService } from '../../../modules/pipeline/service/storage-service.js';
-import {CertReader} from "@certd/plugin-cert";
+import { CertReader } from "@certd/plugin-cert";
+import { UserSettingsService } from '../../../modules/mine/service/user-settings-service.js';
+import { UserGrantSetting } from '../../../modules/mine/service/models.js';
 
 @Provide()
 @Controller('/api/pi/cert')
@@ -12,10 +14,32 @@ export class CertController extends BaseController {
   @Inject()
   storeService: StorageService;
 
+
+  @Inject()
+  userSettingsService: UserSettingsService;
+
+
   @Post('/get', { summary: Constants.per.authOnly })
   async getCert(@Query('id') id: number) {
     const userId = this.getUserId();
-    await this.pipelineService.checkUserId(id, userId);
+
+
+
+    const pipleinUserId = await this.pipelineService.getPipelineUserId(id);
+
+    if (pipleinUserId !== userId) {
+      // 如果是管理员，检查用户是否有授权管理员查看
+      const isAdmin = await this.isAdmin()
+      if (!isAdmin) {
+        throw new PermissionException();
+      }
+      // 是否允许管理员查看
+      const setting = await this.userSettingsService.getSetting<UserGrantSetting>(pipleinUserId, UserGrantSetting, false);
+      if (setting?.allowAdminViewCerts !== true) {
+        //不允许管理员查看
+        throw new PermissionException("该流水线的用户还未授权管理员查看证书，请先让用户在”设置->授权委托“中打开开关");
+      }
+    }
     const privateVars = await this.storeService.getPipelinePrivateVars(id);
     return this.ok(privateVars.cert);
   }
@@ -24,7 +48,7 @@ export class CertController extends BaseController {
   @Post('/readCertDetail', { summary: Constants.per.authOnly })
   async readCertDetail(@Body('crt') crt: string) {
     if (!crt) {
-       throw new Error('crt is required');
+      throw new Error('crt is required');
     }
     const certDetail = CertReader.readCertDetail(crt)
     return this.ok(certDetail);

packages/ui/certd-server/src/controller/user/pipeline/history-controller.ts

@@ -10,6 +10,8 @@ import * as fs from "fs";
 import { logger } from "@certd/basic";
 import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
 import { In } from "typeorm";
+import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
+import { UserGrantSetting } from "../../../modules/mine/service/models.js";
 
 /**
  * 证书
@@ -30,6 +32,9 @@ export class HistoryController extends CrudController<HistoryService> {
   @Inject()
   sysSettingsService: SysSettingsService;
 
+  @Inject()
+  userSettingsService: UserSettingsService;
+
   getService(): HistoryService {
     return this.service;
   }
@@ -77,7 +82,7 @@ export class HistoryController extends CrudController<HistoryService> {
 
   @Post('/list', { summary: Constants.per.authOnly })
   async list(@Body(ALL) body) {
-    const isAdmin = await this.authService.isAdmin(this.ctx);
+    const isAdmin = this.authService.isAdmin(this.ctx);
     if (!isAdmin) {
       body.userId = this.getUserId();
     }
@@ -89,7 +94,7 @@ export class HistoryController extends CrudController<HistoryService> {
     };
     const withDetail = body.withDetail;
     delete body.withDetail;
-    let select:any = null
+    let select: any = null
     if (!withDetail) {
       select = {
         pipeline: true, // 后面这里改成false
@@ -193,7 +198,6 @@ export class HistoryController extends CrudController<HistoryService> {
 
   @Post('/files', { summary: Constants.per.authOnly })
   async files(@Query('pipelineId') pipelineId: number, @Query('historyId') historyId: number) {
-    await this.authService.checkEntityUserId(this.ctx, this.service, historyId);
     const files = await this.getFiles(historyId, pipelineId);
     return this.ok(files);
   }
@@ -210,14 +214,24 @@ export class HistoryController extends CrudController<HistoryService> {
       throw new CommonException('historyId is null');
     }
     if (history.userId !== this.getUserId()) {
-      throw new PermissionException();
+      // 如果是管理员，检查用户是否有授权管理员查看
+      const isAdmin = await this.isAdmin()
+      if (!isAdmin) {
+        throw new PermissionException();
+      }
+      // 是否允许管理员查看
+      const setting = await this.userSettingsService.getSetting<UserGrantSetting>(history.userId, UserGrantSetting, false);
+      if (setting?.allowAdminViewCerts!==true) {
+        //不允许管理员查看
+        throw new PermissionException("该流水线的用户还未授权管理员下载证书，请先让用户在”设置->授权委托“中打开开关");
+      }
+      //允许管理员查看
     }
     return await this.service.getFiles(history);
   }
 
   @Get('/download', { summary: Constants.per.authOnly })
   async download(@Query('pipelineId') pipelineId: number, @Query('historyId') historyId: number, @Query('fileId') fileId: string) {
-    await this.authService.checkEntityUserId(this.ctx, this.service, historyId);
     const files = await this.getFiles(historyId, pipelineId);
     const file = files.find(f => f.id === fileId);
     if (file == null) {

packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts

@@ -33,7 +33,20 @@ export class PipelineController extends CrudController<PipelineService> {
   async page(@Body(ALL) body) {
     const isAdmin = await this.authService.isAdmin(this.ctx);
     const publicSettings = await this.sysSettingsService.getPublicSettings();
-    if (!(publicSettings.managerOtherUserPipeline && isAdmin)) {
+
+    let onlyOther = false
+    if(isAdmin){
+      if(publicSettings.managerOtherUserPipeline){
+        //管理员管理 其他用户
+        if( body.query.userId === -1){
+          //如果只查询其他用户
+          onlyOther = true;
+          delete body.query.userId;
+        }
+      }else{
+        body.query.userId = this.getUserId();
+      }
+    }else{
       body.query.userId = this.getUserId();
     }
 
@@ -44,6 +57,9 @@ export class PipelineController extends CrudController<PipelineService> {
       if (title) {
         qb.andWhere('(title like :title or content like :content)', { title: `%${title}%`, content: `%${title}%` });
       }
+      if(onlyOther){
+        qb.andWhere('user_id  != :userId', { userId: this.getUserId() });
+      }
     };
     if (!body.sort || !body.sort?.prop) {
       body.sort = { prop: 'order', asc: false };
@@ -142,26 +158,36 @@ export class PipelineController extends CrudController<PipelineService> {
 
   @Post('/batchDelete', { summary: Constants.per.authOnly })
   async batchDelete(@Body('ids') ids: number[]) {
-    await this.service.batchDelete(ids, this.getUserId());
+    const isAdmin = await this.authService.isAdmin(this.ctx);
+    const userId = isAdmin ?  undefined : this.getUserId() ;
+    await this.service.batchDelete(ids, userId);
     return this.ok({});
   }
 
+
+
   @Post('/batchUpdateGroup', { summary: Constants.per.authOnly })
   async batchUpdateGroup(@Body('ids') ids: number[], @Body('groupId') groupId: number) {
-    await this.service.batchUpdateGroup(ids, groupId, this.getUserId());
+    const isAdmin = await this.authService.isAdmin(this.ctx);
+    const userId = isAdmin ?  undefined : this.getUserId() ;
+    await this.service.batchUpdateGroup(ids, groupId, userId);
     return this.ok({});
   }
 
 
   @Post('/batchUpdateTrigger', { summary: Constants.per.authOnly })
   async batchUpdateTrigger(@Body('ids') ids: number[], @Body('trigger') trigger: any) {
-    await this.service.batchUpdateTrigger(ids, trigger, this.getUserId());
+    const isAdmin = await this.authService.isAdmin(this.ctx);
+    const userId = isAdmin ?  undefined : this.getUserId() ;
+    await this.service.batchUpdateTrigger(ids, trigger, userId);
     return this.ok({});
   }
 
   @Post('/batchUpdateNotification', { summary: Constants.per.authOnly })
   async batchUpdateNotification(@Body('ids') ids: number[], @Body('notification') notification: any) {
-    await this.service.batchUpdateNotifications(ids, notification, this.getUserId());
+    const isAdmin = await this.authService.isAdmin(this.ctx);
+    const userId = isAdmin ?  undefined : this.getUserId() ;
+    await this.service.batchUpdateNotifications(ids, notification, userId);
     return this.ok({});
   }
 

packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts

@@ -7,7 +7,7 @@ import crypto from 'crypto';
 import {SafeService} from "../sys/settings/safe-service.js";
 
 @Autoload()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AutoAInitSite {
   @Inject()
   userService: UserService;

packages/ui/certd-server/src/modules/auto/auto-b-load-plugins.ts

@@ -3,7 +3,7 @@ import { logger } from "@certd/basic";
 import { PluginService } from "../plugin/service/plugin-service.js";
 
 @Autoload()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AutoBLoadPlugins {
   @Inject()
   pluginService: PluginService;

packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts

@@ -13,7 +13,7 @@ import {UserService} from "../sys/authority/service/user-service.js";
 import {Between} from "typeorm";
 
 @Autoload()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AutoCRegisterCron {
   @Inject()
   pipelineService: PipelineService;

packages/ui/certd-server/src/modules/auto/auto-d-mitter-register.ts

@@ -3,7 +3,7 @@ import { UserSuiteService } from '@certd/commercial-core';
 import { Autoload, Init, Inject, Scope, ScopeEnum } from '@midwayjs/core';
 
 @Autoload()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AutoDMitterRegister {
   @Inject()
   userSuiteService: UserSuiteService;

packages/ui/certd-server/src/modules/auto/auto-e-pipeline-emitter-register.ts

@@ -5,7 +5,7 @@ import { CertInfo, EVENT_CERT_APPLY_SUCCESS } from "@certd/plugin-cert";
 import { PipelineEvent } from "@certd/pipeline";
 
 @Autoload()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AutoEPipelineEmitterRegister {
   @Inject()
   certInfoService: CertInfoService;

packages/ui/certd-server/src/modules/auto/auto-z.ts

@@ -9,7 +9,7 @@ import { Application } from '@midwayjs/koa';
 import { httpsServer, HttpsServerOptions } from './https/server.js';
 
 @Autoload()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AutoZPrint {
   @Inject()
   sysSettingsService: SysSettingsService;

packages/ui/certd-server/src/modules/basic/service/captcha-service.ts

@@ -5,7 +5,7 @@ import { ICaptchaAddon } from "../../../plugins/plugin-captcha/api.js";
 import { AddonGetterService } from "../../pipeline/service/addon-getter-service.js";
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class CaptchaService {
   @Inject()
   sysSettingsService: SysSettingsService;

packages/ui/certd-server/src/modules/basic/service/code-service.ts

@@ -10,7 +10,7 @@ import { EmailService } from './email-service.js';
 /**
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class CodeService {
   @Inject()
   sysSettingsService: SysSettingsService;
@@ -108,9 +108,7 @@ export class CodeService {
     await this.emailService.sendByTemplate({
         type: templateData.notificationType,
         data: templateData,
-        email:{
+        receivers: [email],
-          receivers: [email],
-        },
     });
 
     const key = this.buildEmailCodeKey(email,opts?.verificationType);

packages/ui/certd-server/src/modules/basic/service/email-service.ts

@@ -30,7 +30,7 @@ export type EmailConfig = {
   usePlus?: boolean;
 } & SendMailOptions;
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class EmailService implements IEmailService {
   @Inject()
   settingsService: UserSettingsService;
@@ -123,9 +123,7 @@ export class EmailService implements IEmailService {
         content: '测试邮件,from certd',
         url:"https://certd.handfree.work",
       },
-      email: {
+      receivers: [receiver],
-        receivers: [receiver],
-      },
     });
   }
 
@@ -186,8 +184,9 @@ export class EmailService implements IEmailService {
       content = await addon.buildDefaultContent({ data: req.data })
     }
     return await this.send({
-      ...req.email,
+      ...content,
-      ...content
+      receivers: req.receivers,
+      attachments: req.attachments,
     })
   }
 }

packages/ui/certd-server/src/modules/basic/service/group-service.ts

@@ -6,7 +6,7 @@ import { merge } from 'lodash-es';
 import { GroupEntity } from '../entity/group.js';
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class GroupService extends BaseService<GroupEntity> {
   @InjectEntityModel(GroupEntity)
   repository: Repository<GroupEntity>;

packages/ui/certd-server/src/modules/cert/service/domain-service.ts

@@ -15,7 +15,7 @@ import { CnameRecordEntity } from "../../cname/entity/cname-record.js";
  *
  */
 @Provide()
-@Scope(ScopeEnum.Request, {allowDowngrade: true})
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class DomainService extends BaseService<DomainEntity> {
   @InjectEntityModel(DomainEntity)
   repository: Repository<DomainEntity>;

packages/ui/certd-server/src/modules/cname/service/cname-provider-service.ts

@@ -9,7 +9,7 @@ import { CommonProviders } from './common-provider.js';
  * 授权
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class CnameProviderService extends BaseService<CnameProviderEntity> {
   @InjectEntityModel(CnameProviderEntity)
   repository: Repository<CnameProviderEntity>;

packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts

@@ -37,7 +37,7 @@ type CnameCheckCacheValue = {
  * 授权
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class CnameRecordService extends BaseService<CnameRecordEntity> {
   @InjectEntityModel(CnameRecordEntity)
   repository: Repository<CnameRecordEntity>;

packages/ui/certd-server/src/modules/db/index.ts

@@ -5,7 +5,7 @@ import { SqlAdapter } from './d.js';
 import { MysqlAdapter } from './mysql.js';
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class DbAdapter implements SqlAdapter {
   adapter: SqlAdapter;
   @Config('typeorm.dataSource.default.type')

packages/ui/certd-server/src/modules/login/service/login-service.ts

@@ -22,7 +22,7 @@ import { OauthBoundService } from "./oauth-bound-service.js";
 /**
  */
 @Provide()
-@Scope(ScopeEnum.Request, {allowDowngrade: true})
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class LoginService {
   @Inject()
   userService: UserService;
@@ -242,7 +242,9 @@ export class LoginService {
     }
     const info = await this.userService.findOne({id: oauthBound.userId});
     if (info == null) {
-      throw new CommonException('用户不存在');
+      // 用户已被删除，删除此oauth绑定
+      await this.oauthBoundService.delete([oauthBound.id]);
+      return null
     }
     return this.generateToken(info);
   }

packages/ui/certd-server/src/modules/login/service/oauth-bound-service.ts

@@ -6,7 +6,7 @@ import { OauthBoundEntity } from "../entity/oauth-bound.js";
 
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class OauthBoundService extends BaseService<OauthBoundEntity> {
  
   @InjectEntityModel(OauthBoundEntity)

packages/ui/certd-server/src/modules/mine/service/models.ts

@@ -37,3 +37,12 @@ export class UserEmailSetting extends BaseSettings {
 
   list:string[] = [];
 }
+
+
+
+export class UserGrantSetting extends BaseSettings {
+  static __title__ = "用户授权设置";
+  static __key__ = "user.grant";
+
+  allowAdminViewCerts:boolean = false;
+}

packages/ui/certd-server/src/modules/mine/service/two-factor-service.ts

@@ -7,7 +7,7 @@ import { UserService } from "../../sys/authority/service/user-service.js";
  * 授权
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class TwoFactorService {
   @Inject()
   userSettingsService: UserSettingsService;

packages/ui/certd-server/src/modules/mine/service/user-settings-service.ts

@@ -14,7 +14,7 @@ const UserSettingCache = new LocalCache({
  * 授权
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class UserSettingsService extends BaseService<UserSettingsEntity> {
   @InjectEntityModel(UserSettingsEntity)
   repository: Repository<UserSettingsEntity>;

packages/ui/certd-server/src/modules/monitor/facade/cert-info-facade.ts

@@ -12,7 +12,7 @@ import { DomainVerifierGetter } from "../../pipeline/service/getter/domain-verif
 
 
 @Provide("CertInfoFacade")
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class CertInfoFacade  {
 
   @Inject()

packages/ui/certd-server/src/modules/monitor/service/cert-info-service.ts

@@ -16,7 +16,7 @@ export type UploadCertReq = {
 
 
 @Provide("CertInfoService")
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class CertInfoService extends BaseService<CertInfoEntity> {
   @InjectEntityModel(CertInfoEntity)
   repository: Repository<CertInfoEntity>;

packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts

@@ -18,7 +18,7 @@ import {Cron} from "../../cron/cron.js";
 import { dnsContainer } from "./dns-custom.js";
 
 @Provide()
-@Scope(ScopeEnum.Request, {allowDowngrade: true})
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class SiteInfoService extends BaseService<SiteInfoEntity> {
   @InjectEntityModel(SiteInfoEntity)
   repository: Repository<SiteInfoEntity>;

packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts

@@ -18,7 +18,7 @@ import { dnsContainer } from "./dns-custom.js";
 const dns =  dnsSdk.promises;
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class SiteIpService extends BaseService<SiteIpEntity> {
   @InjectEntityModel(SiteIpEntity)
   repository: Repository<SiteIpEntity>;

packages/ui/certd-server/src/modules/open/service/open-key-service.ts

@@ -15,7 +15,7 @@ export type OpenKey = {
   scope: string;
 };
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class OpenKeyService extends BaseService<OpenKeyEntity> {
   @InjectEntityModel(OpenKeyEntity)
   repository: Repository<OpenKeyEntity>;

packages/ui/certd-server/src/modules/pipeline/service/addon-getter-service.ts

@@ -7,7 +7,7 @@ import { AddonService, newAddon, PermissionException, ValidateException } from "
  * Addon
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class AddonGetterService  {
 
   @Inject()

packages/ui/certd-server/src/modules/pipeline/service/builtin-plugin-service.ts

@@ -3,7 +3,7 @@ import { pluginGroups, pluginRegistry } from '@certd/pipeline';
 import { cloneDeep } from 'lodash-es';
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class BuiltInPluginService {
   getList() {
     const collection = pluginRegistry.storage;

packages/ui/certd-server/src/modules/pipeline/service/getter/site-info-getter.ts

@@ -3,7 +3,7 @@ import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
 import { SiteInfo ,ISiteInfoGetter} from "@certd/plugin-lib";
 
 @Provide("siteInfoGetter")
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class SiteInfoGetter implements ISiteInfoGetter{
     @Inject()
     sysSettingsService: SysSettingsService;

packages/ui/certd-server/src/modules/pipeline/service/getter/task-service-getter.ts

@@ -70,7 +70,7 @@ export class TaskServiceGetter implements IServiceGetter{
   }
 }
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class TaskServiceBuilder  {
   @ApplicationContext()
   appCtx: IMidwayContainer;

packages/ui/certd-server/src/modules/pipeline/service/history-log-service.ts

@@ -8,7 +8,7 @@ import { HistoryLogEntity } from '../entity/history-log.js';
  * 证书申请
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class HistoryLogService extends BaseService<HistoryLogEntity> {
   @InjectEntityModel(HistoryLogEntity)
   repository: Repository<HistoryLogEntity>;

packages/ui/certd-server/src/modules/pipeline/service/history-service.ts

@@ -16,7 +16,7 @@ import { logger } from '@certd/basic';
  * 证书申请
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class HistoryService extends BaseService<HistoryEntity> {
   @InjectEntityModel(HistoryEntity)
   repository: Repository<HistoryEntity>;

packages/ui/certd-server/src/modules/pipeline/service/notification-service.ts

@@ -16,7 +16,7 @@ import { EmailService } from '../../basic/service/email-service.js';
 import { isComm, isPlus } from '@certd/plus-core';
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class NotificationService extends BaseService<NotificationEntity> {
   @InjectEntityModel(NotificationEntity)
   repository: Repository<NotificationEntity>;

packages/ui/certd-server/src/modules/pipeline/service/pipeline-group-service.ts

@@ -6,7 +6,7 @@ import { PipelineGroupEntity } from '../entity/pipeline-group.js';
 import { merge } from 'lodash-es';
 
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class PipelineGroupService extends BaseService<PipelineGroupEntity> {
   @InjectEntityModel(PipelineGroupEntity)
   repository: Repository<PipelineGroupEntity>;

packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts

@@ -47,6 +47,7 @@ import { CertInfoService } from "../../monitor/service/cert-info-service.js";
 import { TaskServiceBuilder } from "./getter/task-service-getter.js";
 import { nanoid } from "nanoid";
 import { set } from "lodash-es";
+import { executorQueue } from "@certd/lib-server";
 
 const runningTasks: Map<string | number, Executor> = new Map();
 
@@ -55,7 +56,7 @@ const runningTasks: Map<string | number, Executor> = new Map();
  * 证书申请
  */
 @Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton, { allowDowngrade: true })
 export class PipelineService extends BaseService<PipelineEntity> {
   @InjectEntityModel(PipelineEntity)
   repository: Repository<PipelineEntity>;
@@ -311,7 +312,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
       },
       where: {
         disabled: false,
-        templateId: 0
+        isTemplate: false
       }
     });
     const ids = idEntityList.map(item => {
@@ -372,7 +373,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
       return;
     }
     for (const trigger of pipeline.triggers) {
-      this.registerCron(pipeline.id, trigger);
+      this.registerCron(pipeline.id, pipeline.userId, trigger);
     }
 
     if (immediateTriggerOnce) {
@@ -460,7 +461,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
     logger.info("当前定时器数量：", this.cron.getTaskSize());
   }
 
-  registerCron(pipelineId, trigger) {
+  registerCron(pipelineId: number, userId: number, trigger) {
     if (pipelineId == null) {
       logger.warn("pipelineId为空，无法注册定时任务");
       return;
@@ -489,11 +490,16 @@ export class PipelineService extends BaseService<PipelineEntity> {
           logger.warn("pipelineId为空,无法执行");
           return;
         }
-        try {
+        //加入执行队列
-          await this.run(pipelineId, triggerId);
+        executorQueue.addTask(userId, {
-        } catch (e) {
+          task: async () => {
-          logger.error("定时job执行失败：", e);
+            try {
-        }
+              await this.run(pipelineId, triggerId);
+            } catch (e) {
+              logger.error("定时job执行失败：", e);
+            }
+          }
+        });
       }
     });
     logger.info("当前定时器数量：", this.cron.getTaskSize());
@@ -666,12 +672,13 @@ export class PipelineService extends BaseService<PipelineEntity> {
       //如果不是手动触发
       //查找trigger
       const found = this.findTrigger(pipeline, triggerId);
+      const key = this.buildCronKey(pipeline.id, triggerId);
       if (!found) {
         //如果没有找到triggerId，说明被用户删掉了，这里再删除一次
-        this.cron.remove(this.buildCronKey(pipeline.id, triggerId));
+        this.cron.remove(key);
         triggerType = null;
       } else {
-        logger.info("timer trigger:" + found.id, found.title, found.cron);
+        logger.info(`timer trigger:${key}, ${found.title}, ${JSON.stringify(found.props)}`);
         triggerType = "timer";
       }
     }
@@ -746,7 +753,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
         status: true
       },
       where: {
-        userId
+        userId,
+        disabled: false
       }
     });
     await this.fillLastVars(list);
@@ -777,17 +785,29 @@ export class PipelineService extends BaseService<PipelineEntity> {
   }
 
   async batchDelete(ids: number[], userId: number) {
+    if (!isPlus()) {
+      throw new NeedVIPException("此功能需要升级专业版");
+    }
     for (const id of ids) {
-      await this.checkUserId(id, userId);
+      if (userId) {
+        await this.checkUserId(id, userId);
+      }
       await this.delete(id);
     }
   }
 
   async batchUpdateGroup(ids: number[], groupId: number, userId: any) {
+    if (!isPlus()) {
+      throw new NeedVIPException("此功能需要升级专业版");
+    }
+    const query :any = {}
+    if(userId && userId>0){
+      query.userId = userId;
+    }
     await this.repository.update(
       {
         id: In(ids),
-        userId
+        ...query
       },
       { groupId }
     );
@@ -795,11 +815,17 @@ export class PipelineService extends BaseService<PipelineEntity> {
 
 
   async batchUpdateTrigger(ids: number[], trigger: any, userId: any) {
-
+    if (!isPlus()) {
+      throw new NeedVIPException("此功能需要升级专业版");
+    }
+    const query :any = {}
+    if(userId && userId>0){
+      query.userId = userId;
+    }
     const list = await this.find({
       where: {
         id: In(ids),
-        userId
+        ...query
       }
     });
 
@@ -809,6 +835,22 @@ export class PipelineService extends BaseService<PipelineEntity> {
         //清除trigger
         pipeline.triggers = []
       } else {
+        if(trigger.random === true){
+            //随机时间
+            const start = dayjs().format("YYYY-MM-DD") + " " + trigger.randomRange[0];
+            let end = dayjs().format("YYYY-MM-DD") + " " + trigger.randomRange[1];
+            if(trigger.randomRange[1]<trigger.randomRange[0]){
+              //跨天
+              end = dayjs().add(1, "day").format("YYYY-MM-DD") + " " + trigger.randomRange[1];
+            }
+            const startTime = dayjs(start).valueOf();
+            const endTime = dayjs(end).valueOf();
+            const randomTime = Math.floor(Math.random() * (endTime - startTime)) + startTime;
+            const time = dayjs(randomTime).format(" ss:mm:HH").replaceAll(":", " ").replaceAll(" 0", " ").trim();
+            set(trigger,"props.cron",  `${time} * * *`)
+        } 
+        delete trigger.random
+        delete trigger.randomRange;
         pipeline.triggers = [{
           id: nanoid(),
           title: "定时触发",
@@ -822,11 +864,17 @@ export class PipelineService extends BaseService<PipelineEntity> {
   }
 
   async batchUpdateNotifications(ids: number[], notification: Notification, userId: any) {
-
+    if (!isPlus()) {
+      throw new NeedVIPException("此功能需要升级专业版");
+    }
+    const query :any = {}
+    if(userId && userId>0){
+      query.userId = userId;
+    }
     const list = await this.find({
       where: {
         id: In(ids),
-        userId
+        ...query
       }
     });
 
@@ -972,7 +1020,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
                   title: "申请证书",
                   runnableType: "step",
                   input: {
-                    renewDays: 35,
+                    renewDays: 18,
                     domains: req.domains,
                     email: req.email,
                     "challengeType": "auto",
@@ -1024,4 +1072,16 @@ export class PipelineService extends BaseService<PipelineEntity> {
     });
     return res?.status;
   }
+
+  async getPipelineUserId(pipelineId: number) {
+    const res = await this.repository.findOne({
+      select: {
+        userId: true
+      },
+      where: {
+        id: pipelineId
+      }
+    });
+    return res?.userId;
+  }
 }