Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev

https://github.com/certd/certd/issues/586

.vscode/settings.json

@@ -8,5 +8,6 @@
     "editor.defaultFormatter": "dbaeumer.vscode-eslint",
     "[typescript]": {
         "editor.defaultFormatter": "vscode.typescript-language-features"
-    }
+    },
+    "editor.tabSize": 2
 }

CHANGELOG.md

@@ -3,6 +3,23 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+### Performance Improvements
+
+* 优化dokploy 部署插件，配置选择serverId ([c9709f2](https://github.com/certd/certd/commit/c9709f26981c1cc9f71c14babb204329fcae0db5))
+* 站点证书监控备注输入框改成textarea ([70b603d](https://github.com/certd/certd/commit/70b603d601c34f39148c2ab70c655c51babf563d))
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+### Bug Fixes
+
+* 商用证书上传保存失败的bug ([075b1dc](https://github.com/certd/certd/commit/075b1dc0eb8c39acc277277b1b334d66b6717ab2))
+
+### Performance Improvements
+
+* 优化阿里云clb 过期证书清理报错的问题 ([d465367](https://github.com/certd/certd/commit/d4653678b2e3643460f918992eeae4044d3a1cc7))
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 ### Bug Fixes

README.md

@@ -17,12 +17,6 @@ Certd® 是一个免费的全自动证书管理系统，让你的网站证书永
 > 流水线数量现已调整为无限制，欢迎大家使用
 
 
-**************************************************************************************************
-                   🔥🔥🔥永久专业版上线，双11活动火热进行中🔥🔥🔥
-       赶快升级到最新版点击右上角金色VIP按钮，点击立即赞助，看看你的优惠券金额是多少？
-**************************************************************************************************
-
-
 ## 一、特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     
 
@@ -158,9 +152,9 @@ https://certd.handfree.work/
 
 
 ## 八、捐赠
-************************
+
 开源为什么要做专业版收费？
-1. 纯靠为爱发电不可持续（比如：我的dev-sidecar项目即便是拥有20K+star,也差点凉凉，幸亏有另外大佬接手用爱发电）    
+1. 纯靠为爱发电不可持续（比如：我的dev-sidecar项目即便是拥有20K+star，也差点凉凉，幸亏有另外大佬接手用爱发电）    
 2. 没有赞助的项目，作者会比较任性，不会用心倾听用户的心声，不顾用户体验（比如：下意识拒绝需求、频繁破坏性变更升级、全盘推倒重来之类的） 
 3. 没有赞助的项目，交流群的戾气有时候比较重，容易起冲突     
 
@@ -171,16 +165,16 @@ https://certd.handfree.work/
 
 专业版特权对比
 
-| 功能      | 免费版                                   | 专业版                            |
+| 功能      | 免费版                                   | 专业版                     |
 |---------|---------------------------------------|--------------------------------|
-| 免费证书申请  | 免费无限制                                 | 免费无限制                          |
+| 免费证书申请  | 免费无限制                        | 免费无限制                      |
-| 域名数量 | 无限制                                   | 无限制                            |
+| 域名数量      | 无限制                           | 无限制                          |
-| 证书流水线条数 | 无限制                                   | 无限制                            |
+| 证书流水线条数 | 无限制                           | 无限制                          |
-| 站点证书监控  | 限制1条                                  | 无限制                            |
+| 站点证书监控  | 限制1条                           | 无限制                          |
-| 自动部署插件  | 阿里云CDN、腾讯云、七牛CDN、主机部署、宝塔、1Panel等大部分插件 | 群晖                             |
+| 自动部署插件  | 阿里云CDN、腾讯云、七牛CDN、主机部署、宝塔、1Panel等大部分插件     |     群晖、威联通、proxmox等  |
-| 通知      | 邮件通知、自定义webhook                       | 邮件免配置、企微、钉钉、飞书、anpush、server酱等 |
+| 通知         | 邮件通知、自定义webhook            | 邮件免配置、企微、钉钉、飞书、anpush、server酱等 |
-| VIP群      | 无                                       | 可加，一对一技术支持，必要时远程协助       |
+| 批量操作      | 无                               | 流水线模版，流水线复制，批量运行，批量设置通知、定时等 |
-************************
+| VIP群        | 无                               | 可加，一对一技术支持，必要时可申请远程协助  |
 
 
 ## 九、贡献代码

docker/run/docker-compose.yaml

@@ -9,8 +9,7 @@ services:
     restart: unless-stopped # 自动重启
     volumes:
       #   ↓↓↓↓↓ -------------------------------------------------------- 数据库以及证书存储路径,默认存在宿主机的/data/certd/目录下，【您需要定时备份此目录，以保障数据容灾】
-      #                                                                  只要修改冒号前面的，冒号后面的/app/data不要动
+      - /data/certd:/app/data # 只要修改冒号前面的，冒号后面的/app/data切记切记不要动
-      - /data/certd:/app/data
       #- /volume1/docker/certd:/app/data:delegated  #群晖使用这个配置
       #   ↓↓↓↓↓ -------------------------------------------------------- 如果走时不准，考虑挂载localtime文件
       #- /etc/localtime:/etc/localtime

docs/guide/changelogs/CHANGELOG.md

@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+### Performance Improvements
+
+* 优化dokploy 部署插件，配置选择serverId ([c9709f2](https://github.com/certd/certd/commit/c9709f26981c1cc9f71c14babb204329fcae0db5))
+* 站点证书监控备注输入框改成textarea ([70b603d](https://github.com/certd/certd/commit/70b603d601c34f39148c2ab70c655c51babf563d))
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+### Bug Fixes
+
+* 商用证书上传保存失败的bug ([075b1dc](https://github.com/certd/certd/commit/075b1dc0eb8c39acc277277b1b334d66b6717ab2))
+
+### Performance Improvements
+
+* 优化阿里云clb 过期证书清理报错的问题 ([d465367](https://github.com/certd/certd/commit/d4653678b2e3643460f918992eeae4044d3a1cc7))
+
+## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
+
+### Bug Fixes
+
+* **plugins/woai-cdn:** 修正默认接口域名与帮助链接中的路径 ([#576](https://github.com/certd/certd/issues/576)) @LjyLab ([d20046c](https://github.com/certd/certd/commit/d20046c86681ea177ece434423b7c81a76b437fb))
+
+### Performance Improvements
+
+* 修复西数解析记录添加失败的bug，支持部署证书到西数虚拟主机 ([1102952](https://github.com/certd/certd/commit/1102952b4703e8c0bbc17b0700c0ed3ef6f866d3))
+* 支持回车键触发登录 ([eb5c88f](https://github.com/certd/certd/commit/eb5c88fbb2901f1a9669429a7cd8dc76f6806d01))
+
 ## [1.37.7](https://github.com/certd/certd/compare/v1.37.6...v1.37.7) (2025-11-12)
 
 ### Bug Fixes

docs/guide/install/docker/index.md

@@ -57,6 +57,10 @@ https://your_server_ip:7002
 
 ::: warning   
 如果您是第一次升级certd版本，切记切记先备份一下数据    
+```
+# docker-compose.yaml配置
+- /data/certd:/app/data   # 请务必确保 /app/data 这个路径没有改动，固定写死
+```
 :::
 
 

docs/guide/install/upgrade.md

@@ -10,6 +10,12 @@
 
 ::: warning   
 如果您是第一次升级certd版本，切记切记先备份一下数据    
+很多人docker不太会配置，数据目录没有映射出来，升级导致数据丢失
+```
+# docker-compose.yaml配置
+- /data/certd:/app/data   #  请务必确保 /app/data 这个路径没有改动，固定写死
+```
+具体备份方法可以参考上面每种部署方式升级方法后面的备份章节
 :::
 
 ## 升级日志

docs/guide/open/index.md

@@ -19,9 +19,15 @@ header中传入x-certd-token即可调用开放接口
 4、然后将content和sign分别base64后用.号连接： x-certd-token = base64(content) +"."+base64(sign)   
 
 
-## 补充说明
+## 参数
-1.证书申请接口支持证书id和域名两种方式获取证书。
+支持证书id和域名两种方式获取证书。
-2.autoApply=true将在没有证书时自动触发申请，申请过程中会提示`正在申请中`，可轮循获取状态，直到证书申请成功。
+
+## 创建新的证书申请
+参数autoApply=true，将在没有证书时自动触发申请证书，检查逻辑如下：
+1. 如果证书仓库里面有，且没有过期，就直接返回证书
+2. 如果没有或者已过期，就会去找流水线，有就触发流水线执行
+3. 如果没有流水线，就创建一个流水线，触发运行（`注意：需要提前在域名管理中配置好域名校验方式，否则会申请失败`）
+4. 再次采用相同参数请求接口，如果在申请过程中，就会提示`正在申请中`，可轮循获取状态，直到证书申请成功。
 
 
 ## SDK

docs/guide/plugins/deploy.md

@@ -1,5 +1,5 @@
 # 任务插件
-共 `102` 款任务插件    
+共 `103` 款任务插件    
 ## 1. 证书申请
 
 | 序号 | 名称 | 说明 |
@@ -29,18 +29,19 @@
 | 6.| **白山云-更新证书** |  | 
 | 7.| **天翼云-部署证书到CDN** | 部署证书到天翼云CDN和全站加速 | 
 | 8.| **括彩云-部署到括彩云CDN** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
-| 9.| **多吉云-部署到多吉云CDN** |  | 
+| 9.| **西数-部署到虚拟主机** | 西部数码部署证书到虚拟主机 | 
-| 10.| **我爱云-部署证书到我爱云CDN** | 部署证书到我爱云CDN | 
+| 10.| **多吉云-部署到多吉云CDN** |  | 
-| 11.| **CacheFly-部署证书到CacheFly** | 部署证书到 CacheFly | 
+| 11.| **我爱云-部署证书到我爱云CDN** | 部署证书到我爱云CDN | 
-| 12.| **Gcore-部署证书到Gcore** | 仅上传 并不会部署到cdn | 
+| 12.| **CacheFly-部署证书到CacheFly** | 部署证书到 CacheFly | 
-| 13.| **Gcore-刷新Gcore证书** | 刷新现有的证书 | 
+| 13.| **Gcore-部署证书到Gcore** | 仅上传 并不会部署到cdn | 
-| 14.| **又拍云-部署证书到CDN/USS** | 支持又拍云CDN，又拍云云存储USS | 
+| 14.| **Gcore-刷新Gcore证书** | 刷新现有的证书 | 
-| 15.| **FlexCDN-更新证书** |  | 
+| 15.| **又拍云-部署证书到CDN/USS** | 支持又拍云CDN，又拍云云存储USS | 
-| 16.| **farcdn-更新证书** | www.farcdn.net | 
+| 16.| **FlexCDN-更新证书** |  | 
-| 17.| **雨云-更新证书** | app.rainyun.com | 
+| 17.| **farcdn-更新证书** | www.farcdn.net | 
-| 18.| **网宿-更新证书** | 网宿证书自动更新 | 
+| 18.| **雨云-更新证书** | app.rainyun.com | 
-| 19.| **金山云-更新CDN证书** | 金山云自动更新CDN证书 | 
+| 19.| **网宿-更新证书** | 网宿证书自动更新 | 
-| 20.| **APISIX-更新证书** | 自动更新APISIX证书 | 
+| 20.| **金山云-更新CDN证书** | 金山云自动更新CDN证书 | 
+| 21.| **APISIX-更新证书** | 自动更新APISIX证书 | 
 ## 4. 面板
 
 | 序号 | 名称 | 说明 |
@@ -61,7 +62,7 @@
 | 14.| **威联通-部署证书到威联通** | 部署证书到qnap | 
 | 15.| **飞牛NAS-部署证书** |  | 
 | 16.| **Proxmox-上传证书到Proxmox** |  | 
-| 17.| **Dokploy-更新证书** | 自动更新Dokploy证书 | 
+| 17.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 | 
 ## 5. 阿里云
 
 | 序号 | 名称 | 说明 |

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.37.8"
+  "version": "1.37.10"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/publishlab/node-acme-client/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.37.9](https://github.com/publishlab/node-acme-client/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.37.8](https://github.com/publishlab/node-acme-client/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.37.8",
+    "version": "1.37.10",
     "type": "module",
     "module": "scr/index.js",
     "main": "src/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.37.8",
+        "@certd/basic": "^1.37.10",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.7.2",
@@ -70,5 +70,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+    "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/core/acme-client/src/index.js

@@ -31,9 +31,28 @@ export const directory = {
     sslcom:{
       staging: 'https://acme.ssl.com/sslcom-dv-rsa',
       production: 'https://acme.ssl.com/sslcom-dv-rsa',
+      ec: 'https://acme.ssl.com/sslcom-dv-ecc',
     }
 };
 
+export function getDirectoryUrl(opts) {
+  const {sslProvider, pkType} = opts
+  const list= directory[sslProvider]
+  if (!list) {
+    throw new Error(`sslProvider ${sslProvider} not found`)
+  }
+  let pkTypePrefix = pkType || 'rsa'
+  if (pkType) {
+   pkTypePrefix = pkType.toLowerCase().split("_")[0]
+  }
+
+  if (pkTypePrefix && list[pkTypePrefix]) {
+    return list[pkTypePrefix]
+  }
+
+  return list.production
+}
+
 /**
  * Crypto
  */

packages/core/acme-client/types/index.d.ts

@@ -117,6 +117,8 @@ export const directory: {
     }
 };
 
+export function getDirectoryUrl(opts:{sslProvider:string, pkType: string}): string;
+
 /**
  * Crypto
  */

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-01:14
+23:49

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.37.8",
+  "version": "1.37.10",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,6 +17,7 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
+    "async-lock": "^1.4.1",
     "axios": "^1.7.2",
     "dayjs": "^1.11.7",
     "http-proxy-agent": "^7.0.2",
@@ -46,5 +47,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/core/basic/src/utils/util.lock.ts

@@ -1,46 +1,16 @@
-import { logger, utils } from './index.js';
+// @ts-ignore
+import AsyncLock from "async-lock";
 
 export class Locker {
-  locked: Record<string, any> = {};
+  private asyncLocker: AsyncLock;
 
-  async execute(lockStr: string, callback: any) {
+  constructor() {
-    await this.lock(lockStr);
+    this.asyncLocker = new AsyncLock();
-    const timeoutId = setTimeout(() => {
-      logger.warn('Lock timeout,自动解锁', lockStr);
-      this.unlock(lockStr);
-    }, 20000);
-    try {
-      return await callback();
-    } finally {
-      clearTimeout(timeoutId);
-      this.unlock(lockStr);
-    }
   }
 
-  async lock(str: string) {
+  async execute(lockStr: string, callback: any, options?: { timeout?: number }) {
-    const isLocked = this.isLocked(str);
+    const timeout = options?.timeout ?? 20000;
-    if (isLocked) {
+    return this.asyncLocker.acquire(lockStr, callback, { timeout });
-      let count = 0;
-      while (true) {
-        await utils.sleep(100);
-        if (!this.isLocked(str)) {
-          break;
-        }
-        count++;
-        if (count > 20) {
-          throw new Error('Lock timeout');
-        }
-      }
-    }
-    this.locked[str] = true;
-  }
-
-  unlock(str: string) {
-    delete this.locked[str];
-  }
-
-  isLocked(str: string) {
-    return this.locked[str] ?? false;
   }
 }
 

packages/core/basic/test.mjs

@@ -0,0 +1,14 @@
+import { random } from "lodash-es";
+import { locker } from "./dist/utils/util.lock.js";
+
+async function testLocker() {
+  for (let i = 0; i < 10; i++) {
+    await locker.execute("test", async () => {
+      console.log("test", i);
+      await new Promise(resolve => setTimeout(resolve, Math.random() * 1000));
+      throw new Error("test error");
+    });
+  }
+}
+
+await testLocker();

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.37.8",
+  "version": "1.37.10",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,8 +18,8 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.37.8",
+    "@certd/basic": "^1.37.10",
-    "@certd/plus-core": "^1.37.8",
+    "@certd/plus-core": "^1.37.10",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.37.8",
+  "version": "1.37.10",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.37.8",
+  "version": "1.37.10",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -31,5 +31,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,13 +1,11 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.37.8",
+  "version": "1.37.10",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
   "scripts": {
-    "test": "cross-env NODE_CONFIG_DIR=./test/config  mocha --recursive --require babel-register",
-    "dev": "babel src --out-dir babel -w",
     "build": "rollup -c ",
     "dev-build": "npm run build",
     "pub": "npm publish"
@@ -15,7 +13,6 @@
   "author": "",
   "license": "Apache",
   "dependencies": {
-    "babel-register": "^6.26.0",
     "buffer": "^5.0.8",
     "create-hash": "^1.1.3",
     "create-hmac": "^1.1.6",
@@ -30,8 +27,6 @@
     "@rollup/plugin-typescript": "^11.0.0",
     "@typescript-eslint/eslint-plugin": "^8.26.1",
     "@typescript-eslint/parser": "^8.26.1",
-    "babel-cli": "^6.26.0",
-    "babel-preset-env": "^1.6.1",
     "chai": "^4.1.2",
     "config": "^1.30.0",
     "cross-env": "^5.1.4",
@@ -61,5 +56,5 @@
       "fetch"
     ]
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.37.8",
+  "version": "1.37.10",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,7 +17,7 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/basic": "^1.37.8",
+    "@certd/basic": "^1.37.10",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
@@ -32,5 +32,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/lib-server

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.37.8",
+  "version": "1.37.10",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -28,11 +28,11 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.37.8",
+    "@certd/acme-client": "^1.37.10",
-    "@certd/basic": "^1.37.8",
+    "@certd/basic": "^1.37.10",
-    "@certd/pipeline": "^1.37.8",
+    "@certd/pipeline": "^1.37.10",
-    "@certd/plugin-lib": "^1.37.8",
+    "@certd/plugin-lib": "^1.37.10",
-    "@certd/plus-core": "^1.37.8",
+    "@certd/plus-core": "^1.37.10",
     "@midwayjs/cache": "3.14.0",
     "@midwayjs/core": "3.20.11",
     "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/libs/lib-server/src/system/settings/service/models.ts

@@ -16,7 +16,7 @@ export class SysPublicSettings extends BaseSettings {
   static __access__ = 'public';
 
   registerEnabled = false;
-  userValidTimeEnabled?:boolean = false;
+  userValidTimeEnabled?: boolean = false;
   passwordLoginEnabled = true;
   usernameRegisterEnabled = true;
   mobileRegisterEnabled = false;
@@ -36,7 +36,7 @@ export class SysPublicSettings extends BaseSettings {
   captchaEnabled = false;
   //验证码类型
   captchaType?: string;
-  captchaAddonId?:number;
+  captchaAddonId?: number;
 
 
 
@@ -49,6 +49,14 @@ export class SysPublicSettings extends BaseSettings {
   // 固定证书有效期天数，0表示不固定
   fixedCertExpireDays?: number;
 
+  // 第三方OAuth配置
+  oauthEnabled?: boolean = false;
+  oauthProviders: Record<string, {
+    type: string;
+    title: string;
+    addonId: number;
+  }> = {};
+
 }
 
 export class SysPrivateSettings extends BaseSettings {
@@ -69,9 +77,9 @@ export class SysPrivateSettings extends BaseSettings {
     type?: string;
     config?: any;
   } = {
-    type: 'aliyun',
+      type: 'aliyun',
-    config: {},
+      config: {},
-  };
+    };
 
   removeSecret() {
     const clone = cloneDeep(this);
@@ -196,7 +204,7 @@ export class SysSuiteSetting extends BaseSettings {
   static __key__ = 'sys.suite';
   static __access__ = 'private';
 
-  enabled:boolean = false;
+  enabled: boolean = false;
 
   registerGift?: {
     productId: number;
@@ -221,11 +229,9 @@ export class SysSafeSetting extends BaseSettings {
   static __access__ = 'private';
 
   // 站点隐藏
-  hidden:SiteHidden = {
+  hidden: SiteHidden = {
     enabled: false,
-    hiddenOpenApi:false,
+    hiddenOpenApi: false,
     autoHiddenTimes: 5,
   };
 }
-
-

packages/libs/lib-server/src/user/addon/service/addon-service.ts

@@ -76,7 +76,7 @@ export class AddonService extends BaseService<AddonEntity> {
 
 
   getDefineList(addonType: string) {
-    return addonRegistry.getDefineList();
+    return addonRegistry.getDefineList(addonType);
   }
 
   getDefineByType(type: string, prefix?: string) {
@@ -187,4 +187,14 @@ export class AddonService extends BaseService<AddonEntity> {
     });
     return this.buildAddonInstanceConfig(res);
   }
+
+  async getOneByType(req:{addonType:string,type:string,userId:number}) {
+    return await this.repository.findOne({
+      where: {
+        addonType: req.addonType,
+        type: req.type,
+        userId: req.userId
+      }
+    });
+  }
 }

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.37.8",
+  "version": "1.37.10",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -46,5 +46,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+### Performance Improvements
+
+* 优化dokploy 部署插件，配置选择serverId ([c9709f2](https://github.com/certd/certd/commit/c9709f26981c1cc9f71c14babb204329fcae0db5))
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/plugin-cert

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.37.8",
+  "version": "1.37.10",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.37.8",
+    "@certd/acme-client": "^1.37.10",
-    "@certd/basic": "^1.37.8",
+    "@certd/basic": "^1.37.10",
-    "@certd/pipeline": "^1.37.8",
+    "@certd/pipeline": "^1.37.10",
-    "@certd/plugin-lib": "^1.37.8",
+    "@certd/plugin-lib": "^1.37.10",
     "@google-cloud/publicca": "^1.3.0",
     "dayjs": "^1.11.7",
     "jszip": "^3.10.1",
@@ -43,5 +43,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -128,7 +128,7 @@ export class AcmeService {
       await this.saveAccountConfig(email, conf);
       this.logger.info(`创建新的Accountkey:${email}`);
     }
-    const directoryUrl = acme.directory[this.sslProvider].production;
+    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
     if (this.options.useMappingProxy) {
       urlMapping.enabled = true;
     } else {

packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts

@@ -36,6 +36,7 @@ export class CertReader {
   detail: CertificateInfo;
   //毫秒时间戳
   effective: number;
+  //毫秒时间戳
   expires: number;
   constructor(certInfo: CertInfo) {
     this.cert = certInfo;

packages/plugins/plugin-lib/.eslintrc

@@ -17,6 +17,7 @@
     "@typescript-eslint/ban-ts-ignore": "off",
     "@typescript-eslint/no-explicit-any": "off",
     "@typescript-eslint/no-empty-function": "off",
-    "@typescript-eslint/no-unused-vars": "off"
+    "@typescript-eslint/no-unused-vars": "off",
+    "max-len": [0, 160, 2, { "ignoreUrls": true }]
   }
 }

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 **Note:** Version bump only for package @certd/plugin-lib

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.37.8",
+  "version": "1.37.10",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -22,8 +22,8 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.10",
     "@aws-sdk/client-s3": "^3.787.0",
-    "@certd/basic": "^1.37.8",
+    "@certd/basic": "^1.37.10",
-    "@certd/pipeline": "^1.37.8",
+    "@certd/pipeline": "^1.37.10",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",
@@ -35,7 +35,7 @@
     "rimraf": "^5.0.5",
     "socks": "^2.8.3",
     "socks-proxy-agent": "^8.0.4",
-    "ssh2": "^1.15.0",
+    "ssh2": "1.17.0",
     "strip-ansi": "^7.1.0",
     "tencentcloud-sdk-nodejs": "^4.0.1005"
   },
@@ -53,5 +53,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "55d2a1f09b617bc73bd81a65796446c4602ed1b2"
+  "gitHead": "eb41a3655fe91af94f1c42a51aaa9122edfcf40e"
 }

packages/plugins/plugin-lib/src/index.ts

@@ -7,4 +7,5 @@ export * from "./qiniu/index.js";
 export * from "./ctyun/index.js";
 export * from "./oss/index.js";
 export * from "./s3/index.js";
-export * from "./lib/index.js";
+export * from "./lib/index.js";
+export * from "./service/index.js";

packages/plugins/plugin-lib/src/service/index.ts

@@ -0,0 +1 @@
+export * from "./site-info.js";

packages/plugins/plugin-lib/src/service/site-info.ts

@@ -0,0 +1,7 @@
+export type SiteInfo = {
+  siteUrl: string;
+};
+
+export interface ISiteInfoGetter {
+  getSiteInfo(): Promise<SiteInfo>;
+}

packages/ui/Dockerfile

@@ -19,6 +19,8 @@ RUN apk add --no-cache openjdk8
 WORKDIR /app/
 COPY --from=builder /workspace/certd-server/ /app/
 
+COPY ./patch/ssh2/*.js /app/node_modules/.pnpm/node_modules/ssh2/lib/protocol/
+
 ENV LEGO_VERSION=4.22.2
 ENV LEGO_DOWNLOAD_DIR=/app/tools/lego
 RUN mkdir -p $LEGO_DOWNLOAD_DIR

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+### Performance Improvements
+
+* 站点证书监控备注输入框改成textarea ([70b603d](https://github.com/certd/certd/commit/70b603d601c34f39148c2ab70c655c51babf563d))
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+### Bug Fixes
+
+* 商用证书上传保存失败的bug ([075b1dc](https://github.com/certd/certd/commit/075b1dc0eb8c39acc277277b1b334d66b6717ab2))
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 ### Performance Improvements

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.37.8",
+  "version": "1.37.10",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.37.8",
+    "@certd/lib-iframe": "^1.37.10",
-    "@certd/pipeline": "^1.37.8",
+    "@certd/pipeline": "^1.37.10",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/router/source/outside.ts

@@ -32,6 +32,14 @@ export const outsideResource = [
         path: "/forgotPassword",
         component: "/framework/forgot-password/index.vue",
       },
+      {
+        meta: {
+          title: "第三方登录回调",
+        },
+        name: "oauthCallback",
+        path: "/oauth/callback/:type",
+        component: "/framework/oauth/oauth-callback.vue",
+      },
     ],
   },
   ...errorPage,

packages/ui/certd-client/src/store/settings/api.basic.ts

@@ -59,6 +59,17 @@ export type SysPublicSetting = {
 
   // 固定证书有效期天数，0表示不固定
   fixedCertExpireDays?: number;
+
+  // 第三方OAuth配置
+  oauthEnabled?: boolean;
+  oauthProviders?: Record<
+    string,
+    {
+      type: string;
+      title: string;
+      addonId: number;
+    }
+  >;
 };
 export type SuiteSetting = {
   enabled?: boolean;

packages/ui/certd-client/src/views/certd/addon/addon-selector/index.vue

@@ -82,6 +82,7 @@ function createCrudOptionsWithApi(opts: any) {
   opts.context = {
     api,
     addonType: props.addonType,
+    type: props.type,
   };
   return createCrudOptions(opts);
 }

packages/ui/certd-client/src/views/certd/addon/api.ts

@@ -1,7 +1,8 @@
 import { request } from "/src/api/service";
 import { RequestHandleReq } from "/@/components/plugins/lib";
+import { AddonTypeDefines } from "./types";
 
-export function createAddonApi(opts: { from: any; addonType: string }) {
+export function createAddonApi(opts: { from: any; addonType: string } = { from: "user", addonType: "" }) {
   let apiPrefix = "/addon";
   if (opts.from === "sys") {
     apiPrefix = "/sys/addon";
@@ -128,15 +129,6 @@ export function createAddonApi(opts: { from: any; addonType: string }) {
   };
 }
 
-export const AddonTypeDefines = {
-  captcha: {
-    name: "captcha",
-    title: "验证码",
-    showDefault: false,
-    showTest: false,
-  },
-};
-
 export function getAddonTypeDefine(addonType: string) {
   return AddonTypeDefines[addonType];
 }

packages/ui/certd-client/src/views/certd/addon/common.tsx

@@ -110,7 +110,8 @@ export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any, a
       type: "dict-select",
       dict: addonTypeDictRef,
       search: {
-        show: false,
+        show: true,
+        valueChange: null,
       },
       column: {
         width: 200,

packages/ui/certd-client/src/views/certd/addon/crud.tsx

@@ -5,7 +5,12 @@ import { AddReq, CreateCrudOptionsProps, CreateCrudOptionsRet, DelReq, EditReq,
 export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
   const api = context.api;
   const addonType = context.addonType;
+  const type = context.type;
   const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
+    if (query.query?.body) {
+      delete query.query.body;
+    }
+
     return await api.GetList(query);
   };
   const editRequest = async (req: EditReq) => {
@@ -44,6 +49,12 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
           },
         },
       },
+      addForm: {
+        initialForm: {
+          addonType: addonType,
+          type: type,
+        },
+      },
       rowHandle: {
         width: 200,
       },

packages/ui/certd-client/src/views/certd/addon/index.vue

@@ -20,7 +20,7 @@ import { addonProvide } from "/@/views/certd/addon/common";
 export default defineComponent({
   name: "AddonManager",
   setup() {
-    const api = createAddonApi();
+    const api = createAddonApi({ from: "user", addonType: "" });
     addonProvide(api);
     const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { api } });
 

packages/ui/certd-client/src/views/certd/addon/types.ts

@@ -0,0 +1,15 @@
+export interface AddonTypeDefine {
+  name: string;
+  title: string;
+  showDefault: boolean;
+  showTest: boolean;
+}
+
+export const AddonTypeDefines: Record<string, AddonTypeDefine> = {
+  captcha: {
+    name: "captcha",
+    title: "验证码",
+    showDefault: false,
+    showTest: false,
+  },
+};

packages/ui/certd-client/src/views/certd/cert/domain/crud.tsx

@@ -184,7 +184,8 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
               name: "AccessSelector",
               vModel: "modelValue",
               type: compute(({ form }) => {
-                return form.dnsProviderType;
+                const type = form.dnsProviderType || "aliyun";
+                return dnsProviderTypeDict?.dataMap[type]?.accessType;
               }),
             },
             show: compute(({ form }) => {

packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx

@@ -555,10 +555,11 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
           search: {
             show: false,
           },
-          type: "text",
+          type: "textarea",
           column: {
             width: 200,
             sorter: true,
+            ellipsis: true,
             cellRender({ value }) {
               return <a-tooltip title={value}>{value}</a-tooltip>;
             },

packages/ui/certd-client/src/views/certd/monitor/site/ip/crud.tsx

@@ -350,6 +350,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             show: false,
           },
           column: {
+            ellipsis: true,
             width: 200,
             sorter: true,
             tooltip: true,

packages/ui/certd-client/src/views/certd/pipeline/cert-upload/use.tsx

@@ -204,7 +204,7 @@ export function useCertUpload() {
                 notifications,
               };
 
-              const id = await api.Save({
+              const { id } = await api.Save({
                 title: pipeline.title,
                 content: JSON.stringify(pipeline),
                 keepHistoryCount: 30,

packages/ui/certd-client/src/views/framework/login/index.vue

@@ -51,7 +51,7 @@
           {{ t("authentication.loginButton") }}
         </a-button>
 
-        <div v-if="!!settingStore.sysPublic.selfServicePasswordRetrievalEnabled" class="mt-2">
+        <div v-if="!!settingStore.sysPublic.selfServicePasswordRetrievalEnabled && !queryBindCode" class="mt-2">
           <router-link :to="{ name: 'forgotPassword' }">
             {{ t("authentication.forgotPassword") }}
           </router-link>
@@ -61,10 +61,14 @@
       <a-form-item class="user-login-other">
         <div class="flex flex-between justify-between items-center">
           <language-toggle class="color-blue"></language-toggle>
-          <router-link v-if="hasRegisterTypeEnabled()" class="register" :to="{ name: 'register' }">
+          <router-link v-if="hasRegisterTypeEnabled() && !queryBindCode" class="register" :to="{ name: 'register' }">
             {{ t("authentication.registerLink") }}
           </router-link>
         </div>
+
+        <div class="flex flex-between justify-between items-center mt-5">
+          <oauth-footer></oauth-footer>
+        </div>
       </a-form-item>
     </a-form>
     <a-form v-else ref="twoFactorFormRef" class="user-layout-login" :model="twoFactor" v-bind="layout">
@@ -96,12 +100,18 @@ import { useI18n } from "/@/locales";
 import { LanguageToggle } from "/@/vben/layouts";
 import CaptchaInput from "/@/components/captcha/captcha-input.vue";
 import { useRoute } from "vue-router";
+import OauthFooter from "/@/views/framework/oauth/oauth-footer.vue";
+import * as oauthApi from "../oauth/api";
+import { notification } from "ant-design-vue";
 export default defineComponent({
   name: "LoginPage",
-  components: { LanguageToggle, SmsCode, CaptchaInput },
+  components: { LanguageToggle, SmsCode, CaptchaInput, OauthFooter },
   setup() {
     const { t } = useI18n();
     const route = useRoute();
+
+    const queryBindCode = ref(route.query.bindCode as string | undefined);
+
     const urlLoginType = route.query.loginType as string | undefined;
     const verifyCodeInputRef = ref();
     const loading = ref(false);
@@ -160,6 +170,13 @@ export default defineComponent({
       },
     };
 
+    async function afterLoginSuccess() {
+      if (queryBindCode.value) {
+        await oauthApi.BindUser(queryBindCode.value);
+        notification.success({ message: "绑定第三方账号成功" });
+      }
+    }
+
     const twoFactor = reactive({
       loginId: "",
       verifyCode: "",
@@ -167,6 +184,7 @@ export default defineComponent({
 
     const handleTwoFactorSubmit = async () => {
       await userStore.loginByTwoFactor(twoFactor);
+      afterLoginSuccess();
     };
 
     const handleFinish = async () => {
@@ -178,6 +196,7 @@ export default defineComponent({
         // }
         const loginType = formState.loginType;
         await userStore.login(loginType, toRaw(formState));
+        afterLoginSuccess();
       } catch (e: any) {
         //@ts-ignore
         if (e.code === 10020) {
@@ -233,6 +252,7 @@ export default defineComponent({
       settingStore,
       captchaInputRef,
       captchaInputForSmsCode,
+      queryBindCode,
     };
   },
 });

packages/ui/certd-client/src/views/framework/oauth/api.ts

@@ -0,0 +1,45 @@
+import { request } from "/src/api/service";
+
+const apiPrefix = "/oauth";
+
+export async function OauthLogin(type: string) {
+  return await request({
+    url: apiPrefix + `/login`,
+    method: "post",
+    data: {
+      type,
+    },
+  });
+}
+
+export async function OauthCallback(type: string, query: Record<string, string>) {
+  return await request({
+    url: apiPrefix + `/callback`,
+    method: "post",
+    data: {
+      type,
+      ...query,
+    },
+  });
+}
+
+export async function AutoRegister(type: string, code: string) {
+  return await request({
+    url: apiPrefix + `/autoRegister`,
+    method: "post",
+    data: {
+      validationCode: code,
+      type,
+    },
+  });
+}
+
+export async function BindUser(code: string) {
+  return await request({
+    url: apiPrefix + `/bind`,
+    method: "post",
+    data: {
+      validationCode: code,
+    },
+  });
+}

packages/ui/certd-client/src/views/framework/oauth/oauth-callback.vue

@@ -0,0 +1,105 @@
+<template>
+  <div class="oauth-callback-page">
+    <div class="oauth-callback-content">
+      <div v-if="!bindRequired" class="oauth-callback-title">
+        <span>登录中...</span>
+      </div>
+      <div v-else class="oauth-callback-title">
+        <div>第三方登录成功，还未绑定账号，请选择</div>
+
+        <div>
+          <a-button class="w-full mt-5" type="primary" @click="goBindUser">绑定已有账号</a-button>
+          <a-button class="w-full mt-5" type="primary" @click="autoRegister">创建新账号</a-button>
+        </div>
+
+        <div class="w-full mt-5">
+          <router-link to="/login" class="w-full mt-5" type="primary">返回登录页</router-link>
+        </div>
+      </div>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { ref, onMounted } from "vue";
+import * as api from "./api";
+import { useRoute, useRouter } from "vue-router";
+import { useUserStore } from "/@/store/user";
+
+const route = useRoute();
+const router = useRouter();
+const oauthType = route.params.type as string;
+
+const query = route.query as Record<string, string>;
+
+const userStore = useUserStore();
+
+const bindRequired = ref(false);
+const bindCode = ref("");
+
+async function handleOauthCallback() {
+  //处理第三方登录回调
+  const res = await api.OauthCallback(oauthType, query);
+  if (res.token) {
+    //登录成功
+    userStore.onLoginSuccess(res);
+    //跳转到首页
+    router.replace("/");
+    return;
+  }
+  if (res.bindRequired) {
+    //需要绑定
+    bindRequired.value = true;
+    bindCode.value = res.validationCode;
+  }
+}
+
+onMounted(async () => {
+  await handleOauthCallback();
+});
+
+async function goBindUser() {
+  //绑定已有账号
+  router.replace({
+    path: "/login",
+    query: {
+      bindCode: bindCode.value,
+    },
+  });
+}
+
+async function autoRegister() {
+  //自动注册账号
+  const res = await api.AutoRegister(oauthType, bindCode.value);
+  //登录成功
+  userStore.onLoginSuccess(res);
+  //跳转到首页
+  router.replace("/");
+}
+</script>
+<style lang="less">
+.oauth-callback-page {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  gap: 16px;
+
+  .oauth-callback-content {
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    gap: 16px;
+    padding: 16px;
+    border-radius: 16px;
+    box-shadow: 0 0 16px rgba(0, 0, 0, 0.1);
+    width: 500px;
+    margin: 0 auto;
+    margin-top: 50px;
+
+    .oauth-callback-title {
+      font-size: 24px;
+      font-weight: 500;
+    }
+  }
+}
+</style>

packages/ui/certd-client/src/views/framework/oauth/oauth-footer.vue

@@ -0,0 +1,45 @@
+<template>
+  <div class="oauth-footer">
+    <div v-for="item in oauthList" :key="item.type">
+      <div class="oauth-icon-button pointer" @click="goOauthLogin(item.type)">
+        <el-icon :icon="item.icon" />
+        <span>{{ item.name }}</span>
+      </div>
+    </div>
+  </div>
+</template>
+<script setup lang="ts">
+import { ref } from "vue";
+import * as api from "./api";
+
+const oauthList = ref([
+  {
+    name: "OIDC",
+    type: "oidc",
+    icon: "ion:oidc",
+  },
+]);
+
+async function goOauthLogin(type: string) {
+  //获取第三方登录URL
+  const res = await api.OauthLogin(type);
+  const loginUrl = res.loginUrl;
+  window.location.href = loginUrl;
+}
+</script>
+<style lang="less">
+.oauth-footer {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  gap: 16px;
+  .oauth-icon-button {
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    gap: 8px;
+    padding: 8px 16px;
+    border-radius: 100px;
+  }
+}
+</style>

packages/ui/certd-client/src/views/sys/settings/api.ts

@@ -111,3 +111,10 @@ export async function GetSmsTypeDefine(type: string) {
     },
   });
 }
+
+export async function GetOauthProviders() {
+  return await request({
+    url: apiPrefix + "/oauth/providers",
+    method: "post",
+  });
+}

packages/ui/certd-client/src/views/sys/settings/tabs/register.vue

@@ -54,6 +54,33 @@
             <div class="helper">{{ t("certd.saveThenTest") }}</div>
           </a-form-item>
         </template>
+        <a-form-item :label="t('certd.enableOauth')" :name="['public', 'oauthEnabled']">
+          <div class="flex-o">
+            <a-switch v-model:checked="formState.public.oauthEnabled" :disabled="!settingsStore.isPlus" :title="t('certd.plusFeature')" />
+            <vip-button class="ml-5" mode="plus"></vip-button>
+          </div>
+        </a-form-item>
+        <a-form-item v-if="formState.public.oauthEnabled" :label="t('certd.oauthProviders')" :name="['public', 'oauthProviders']">
+          <div class="flex flex-wrap">
+            <table>
+              <tr>
+                <th>{{ t("certd.oauthType") }}</th>
+                <th>{{ t("certd.oauthConfig") }}</th>
+              </tr>
+              <tr v-for="(item, key) of oauthProviders" :key="key">
+                <td>
+                  <div class="flex items-center">
+                    <fs-icon :icon="item.icon" />
+                    {{ item.title }}
+                  </div>
+                </td>
+                <td>
+                  <AddonSelector v-model:model-value="item.addonId" addon-type="oauth" from="sys" :type="item.name" :placeholder="t('certd.clientIdPlaceholder')" />
+                </td>
+              </tr>
+            </table>
+          </div>
+        </a-form-item>
       </template>
 
       <a-form-item label=" " :colon="false" :wrapper-col="{ span: 16 }">
@@ -64,14 +91,14 @@
 </template>
 
 <script setup lang="tsx">
-import { reactive, ref, Ref } from "vue";
+import { computed, reactive, ref, Ref } from "vue";
 import { GetSmsTypeDefine, SysSettings } from "/@/views/sys/settings/api";
 import * as api from "/@/views/sys/settings/api";
 import { merge } from "lodash-es";
 import { useSettingStore } from "/@/store/settings";
 import { notification } from "ant-design-vue";
 import { useI18n } from "/src/locales";
-
+import AddonSelector from "../../../certd/addon/addon-selector/index.vue";
 const { t } = useI18n();
 
 defineOptions({
@@ -158,6 +185,35 @@ async function loadTypeDefine(type: string) {
   smsTypeDefineInputs.value = inputs;
 }
 
+const oauthProviders = ref([]);
+async function loadOauthProviders() {
+  let list: any = await api.GetOauthProviders();
+  oauthProviders.value = list;
+  for (const item of list) {
+    debugger;
+    const type = item.name;
+    const provider = formState.public.oauthProviders?.[type];
+    if (provider) {
+      item.addonId = provider.addonId;
+    }
+  }
+}
+
+function fillOauthProviders(form: any) {
+  const providers: any = {};
+  for (const item of oauthProviders.value) {
+    const type = item.name;
+    providers[type] = {
+      type: type,
+      title: item.title,
+      icon: item.icon,
+      addonId: item.addonId || null,
+    };
+  }
+  form.public.oauthProviders = providers;
+  return providers;
+}
+
 async function loadSysSettings() {
   const data: any = await api.SysSettingsGet();
   merge(formState, data);
@@ -172,6 +228,7 @@ async function loadSysSettings() {
   if (!settingsStore.isComm) {
     formState.public.smsLoginEnabled = false;
   }
+  await loadOauthProviders();
 }
 
 const saveLoading = ref(false);
@@ -180,6 +237,7 @@ const settingsStore = useSettingStore();
 const onFinish = async (form: any) => {
   try {
     saveLoading.value = true;
+    fillOauthProviders(form);
     await api.SysSettingsSave(form);
     await settingsStore.loadSysSettings();
     notification.success({

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.10](https://github.com/certd/certd/compare/v1.37.9...v1.37.10) (2025-11-19)
+
+### Performance Improvements
+
+* 优化dokploy 部署插件，配置选择serverId ([c9709f2](https://github.com/certd/certd/commit/c9709f26981c1cc9f71c14babb204329fcae0db5))
+
+## [1.37.9](https://github.com/certd/certd/compare/v1.37.8...v1.37.9) (2025-11-19)
+
+### Performance Improvements
+
+* 优化阿里云clb 过期证书清理报错的问题 ([d465367](https://github.com/certd/certd/commit/d4653678b2e3643460f918992eeae4044d3a1cc7))
+
 ## [1.37.8](https://github.com/certd/certd/compare/v1.37.7...v1.37.8) (2025-11-17)
 
 ### Bug Fixes

packages/ui/certd-server/db/migration/v10034__oauth_bound.sql

@@ -0,0 +1,14 @@
+
+CREATE TABLE "cd_oauth_bound"
+(
+  "id"          integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+  "user_id"     integer      NOT NULL,
+  "type"        varchar(512) NOT NULL,
+  "open_id"     varchar(512) NOT NULL,
+  "create_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_oauth_bound_user_id" ON "cd_oauth_bound" ("user_id");
+CREATE INDEX "index_oauth_bound_open_id" ON "cd_oauth_bound" ("open_id");

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.37.8",
+  "version": "1.37.10",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -45,20 +45,20 @@
     "@aws-sdk/client-cloudfront": "^3.699.0",
     "@aws-sdk/client-iam": "^3.699.0",
     "@aws-sdk/client-s3": "^3.705.0",
-    "@certd/acme-client": "^1.37.8",
+    "@certd/acme-client": "^1.37.10",
-    "@certd/basic": "^1.37.8",
+    "@certd/basic": "^1.37.10",
-    "@certd/commercial-core": "^1.37.8",
+    "@certd/commercial-core": "^1.37.10",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.37.8",
+    "@certd/jdcloud": "^1.37.10",
-    "@certd/lib-huawei": "^1.37.8",
+    "@certd/lib-huawei": "^1.37.10",
-    "@certd/lib-k8s": "^1.37.8",
+    "@certd/lib-k8s": "^1.37.10",
-    "@certd/lib-server": "^1.37.8",
+    "@certd/lib-server": "^1.37.10",
-    "@certd/midway-flyway-js": "^1.37.8",
+    "@certd/midway-flyway-js": "^1.37.10",
-    "@certd/pipeline": "^1.37.8",
+    "@certd/pipeline": "^1.37.10",
-    "@certd/plugin-cert": "^1.37.8",
+    "@certd/plugin-cert": "^1.37.10",
-    "@certd/plugin-lib": "^1.37.8",
+    "@certd/plugin-lib": "^1.37.10",
-    "@certd/plugin-plus": "^1.37.8",
+    "@certd/plugin-plus": "^1.37.10",
-    "@certd/plus-core": "^1.37.8",
+    "@certd/plus-core": "^1.37.10",
     "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.120",
     "@huaweicloud/huaweicloud-sdk-core": "^3.1.120",
     "@koa/cors": "^5.0.0",
@@ -106,6 +106,7 @@
     "nanoid": "^5.0.7",
     "node-forge": "^1.3.1",
     "nodemailer": "^6.9.16",
+    "openid-client": "^6.8.1",
     "otplib": "^12.0.1",
     "pg": "^8.12.0",
     "psl": "^1.9.0",

packages/ui/certd-server/src/controller/basic/login/forgot-password-controller.ts

@@ -8,7 +8,7 @@ import { LoginService } from "../../../modules/login/service/login-service.js";
  */
 @Provide()
 @Controller('/api')
-export class LoginController extends BaseController {
+export class ForgotPasswordController extends BaseController {
   @Inject()
   loginService: LoginService;
   @Inject()

packages/ui/certd-server/src/controller/basic/login/oauth-controller.ts

@@ -0,0 +1,153 @@
+import { addonRegistry, BaseController, Constants, SysInstallInfo, SysSettingsService } from "@certd/lib-server";
+import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
+import { AddonGetterService } from "../../../modules/pipeline/service/addon-getter-service.js";
+import { IOauthProvider } from "../../../plugins/plugin-oauth/api.js";
+import { LoginService } from "../../../modules/login/service/login-service.js";
+import { CodeService } from "../../../modules/basic/service/code-service.js";
+import { UserService } from "../../../modules/sys/authority/service/user-service.js";
+import { UserEntity } from "../../../modules/sys/authority/entity/user.js";
+import { simpleNanoId } from "@certd/basic";
+import { OauthBoundService } from "../../../modules/login/service/oauth-bound-service.js";
+import { OauthBoundEntity } from "../../../modules/login/entity/oauth-bound.js";
+
+/**
+ */
+@Provide()
+@Controller('/api/oauth')
+export class ConnectController extends BaseController {
+
+  @Inject()
+  addonGetterService: AddonGetterService;
+  @Inject()
+  sysSettingsService: SysSettingsService;
+  @Inject()
+  loginService: LoginService;
+  @Inject()
+  codeService: CodeService;
+  @Inject()
+  userService: UserService;
+
+  @Inject()
+  oauthBoundService: OauthBoundService;
+
+
+
+  private async getOauthProvider(type: string) {
+    const publicSettings = await this.sysSettingsService.getPublicSettings()
+    if (!publicSettings?.oauthEnabled) {
+      throw new Error("OAuth功能未启用");
+    }
+    const setting = publicSettings?.oauthProviders?.[type || ""]
+    if (!setting) {
+      throw new Error(`未配置该OAuth类型:${type}`);
+    }
+
+    const addon = await this.addonGetterService.getAddonById(setting.addonId, true, 0);
+    if (!addon) {
+      throw new Error("初始化OAuth插件失败");
+    }
+    return addon as IOauthProvider;
+  }
+
+  @Post('/login', { summary: Constants.per.guest })
+  public async login(@Body(ALL) body: { type: string }) {
+
+    const addon = await this.getOauthProvider(body.type);
+    const installInfo = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo);
+    const bindUrl = installInfo?.bindUrl || "";
+    //构造登录url
+    const redirectUrl = `${bindUrl}#/oauth/callback/${body.type}`;
+    const loginUrl = await addon.buildLoginUrl({ redirectUri: redirectUrl });
+    return this.ok({loginUrl});
+  }
+  @Post('/callback', { summary: Constants.per.guest })
+  public async callback(@Body(ALL) body: any) {
+    //处理登录回调
+    const addon = await this.getOauthProvider(body.type);
+    const tokenRes = await addon.onCallback({
+      code: body.code,
+      state: body.state,
+    });
+
+    const userInfo = tokenRes.userInfo;
+
+    const openId = userInfo.openId;
+
+    const loginRes = await this.loginService.loginByOpenId({ openId, type: body.type });
+    if (loginRes == null) {
+      // 用户还未绑定，让用户选择绑定已有账号还是自动注册新账号
+      const validationCode = await this.codeService.setValidationValue({
+        type: body.type,
+        userInfo,
+      });
+      return this.ok({
+        bindRequired: true,
+        validationCode,
+      });
+    }
+
+    //返回登录成功token
+    return this.ok(loginRes);
+  }
+
+  @Post('/bind', { summary: Constants.per.loginOnly })
+  public async bind(@Body(ALL) body: any) {
+    //需要已登录
+    const userId = this.getUserId();
+    const validationValue = this.codeService.getValidationValue(body.validationCode);
+    if (!validationValue) {
+      throw new Error("校验码错误");
+    }
+
+    await this.oauthBoundService.bind({
+      userId,
+      type: body.type,
+      openId: validationValue.openId,
+    });
+    return this.ok(1);
+  }
+
+  @Post('/autoRegister', { summary: Constants.per.guest })
+  public async autoRegister(@Body(ALL) body: { validationCode: string, type: string }) {
+
+    const validationValue = this.codeService.getValidationValue(body.validationCode);
+    if (!validationValue) {
+      throw new Error("第三方认证授权已过期");
+    }
+    const userInfo = validationValue.userInfo;
+    const oauthType = validationValue.type;
+    let newUser = new UserEntity()
+    newUser.username = `${oauthType}:_${userInfo.nickName}_${simpleNanoId(6)}`;
+    newUser.avatar = userInfo.avatar;
+    newUser.nickName = userInfo.nickName;
+
+    newUser = await this.userService.register("username", newUser, async (txManager) => {
+      const oauthBound : OauthBoundEntity = new OauthBoundEntity()
+      oauthBound.userId = newUser.id;
+      oauthBound.type = oauthType;
+      oauthBound.openId = userInfo.openId;
+      await txManager.save(oauthBound);
+    });
+
+    const loginRes = await this.loginService.generateToken(newUser);
+    return this.ok(loginRes);
+  }
+
+  @Post('/unbind', { summary: Constants.per.loginOnly })
+  public async unbind(@Body(ALL) body: any) {
+    //需要已登录
+    const userId = this.getUserId();
+    await this.oauthBoundService.unbind({
+      userId,
+      type: body.type,
+    });
+    return this.ok(1);
+  }
+
+  @Post('/providers', { summary: Constants.per.guest })
+  public async providers() {
+    const list = addonRegistry.getDefineList("oauth");
+    return this.ok(list);
+  }
+
+}

packages/ui/certd-server/src/controller/sys/settings/sys-settings-controller.ts

@@ -1,5 +1,6 @@
 import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
 import {
+  addonRegistry,
   CrudController,
   SysPrivateSettings,
   SysPublicSettings,
@@ -199,4 +200,10 @@ export class SysSettingsController extends CrudController<SysSettingsService> {
     await this.codeService.checkCaptcha(body)
     return this.ok({});
   }
+
+  @Post('/oauth/providers', { summary: 'sys:settings:view' })
+  async oauthProviders() {
+    const list = await addonRegistry.getDefineList("oauth");
+    return this.ok(list);
+  }
 }

packages/ui/certd-server/src/modules/basic/service/code-service.ts

@@ -1,5 +1,5 @@
 import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
-import { cache, isDev, randomNumber } from '@certd/basic';
+import { cache, isDev, randomNumber, simpleNanoId } from '@certd/basic';
 import { SysSettingsService, SysSiteInfo } from '@certd/lib-server';
 import { SmsServiceFactory } from '../sms/factory.js';
 import { ISmsService } from '../sms/api.js';
@@ -188,4 +188,20 @@ export class CodeService {
     `
     );
   }
+
+
+  buildValidationValueKey(code:string) {
+    return `validationValue:${code}`;
+  }
+  setValidationValue(value:any) {
+    const randomCode = simpleNanoId(12);
+    const key = this.buildValidationValueKey(randomCode);
+    cache.set(key, value, {
+      ttl: 5 * 60 * 1000, //5分钟
+    });
+    return randomCode;
+  }
+  getValidationValue(code:string) {
+    return cache.get(this.buildValidationValueKey(code));
+  }
 }

packages/ui/certd-server/src/modules/login/entity/oauth-bound.ts

@@ -0,0 +1,22 @@
+import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
+
+@Entity('cd_oauth_bound')
+export class OauthBoundEntity {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @Column({ name: 'user_id', comment: '用户id' })
+  userId: number;
+
+  @Column({ name: 'type', comment: '第三方类型' })
+  type: string; // oidc, wechat, github, gitee , qq , alipay
+
+  @Column({ name: 'open_id', comment: '第三方openid' })
+  openId: string;
+
+  @Column({ name: 'create_time',comment: '创建时间', default: () => 'CURRENT_TIMESTAMP',})
+  createTime: Date;
+
+  @Column({ name: 'update_time',  comment: '修改时间',default: () => 'CURRENT_TIMESTAMP',})
+  updateTime: Date;
+}

packages/ui/certd-server/src/modules/login/service/login-service.ts

@@ -17,9 +17,9 @@ import { TwoFactorService } from "../../mine/service/two-factor-service.js";
 import { UserSettingsService } from "../../mine/service/user-settings-service.js";
 import { isPlus } from "@certd/plus-core";
 import { AddonService } from "@certd/lib-server";
+import { OauthBoundService } from "./oauth-bound-service.js";
 
 /**
- * 系统用户
  */
 @Provide()
 @Scope(ScopeEnum.Request, {allowDowngrade: true})
@@ -42,6 +42,8 @@ export class LoginService {
   twoFactorService: TwoFactorService;
   @Inject()
   addonService: AddonService;
+  @Inject()
+  oauthBoundService: OauthBoundService;
 
   checkIsBlocked(username: string) {
     const blockDurationKey = `login_block_duration:${username}`;
@@ -204,6 +206,10 @@ export class LoginService {
    * @param roleIds
    */
   async generateToken(user: UserEntity) {
+    if (user.status === 0) {
+      throw new CommonException('用户已被禁用');
+    }
+
     const roleIds = await this.roleService.getRoleIdsByUserId(user.id);
     const tokenInfo = {
       username: user.username,
@@ -224,4 +230,20 @@ export class LoginService {
       expire,
     };
   }
+
+
+  async loginByOpenId(req: { openId: string, type:string }) {
+    const {openId, type} = req;
+    const oauthBound = await this.oauthBoundService.findOne({
+      where:{openId, type}
+    });
+    if (oauthBound == null) {
+      return null
+    }
+    const info = await this.userService.findOne({id: oauthBound.userId});
+    if (info == null) {
+      throw new CommonException('用户不存在');
+    }
+    return this.generateToken(info);
+  }
 }

packages/ui/certd-server/src/modules/login/service/oauth-bound-service.ts

@@ -0,0 +1,74 @@
+import { BaseService, SysSettingsService } from "@certd/lib-server";
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { InjectEntityModel } from "@midwayjs/typeorm";
+import { Repository } from "typeorm";
+import { OauthBoundEntity } from "../entity/oauth-bound.js";
+
+
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class OauthBoundService extends BaseService<OauthBoundEntity> {
+ 
+  @InjectEntityModel(OauthBoundEntity)
+  repository: Repository<OauthBoundEntity>;
+
+  @Inject()
+  sysSettingsService: SysSettingsService;
+
+
+  //@ts-ignore
+  getRepository() {
+    return this.repository;
+  }
+
+  async unbind(req: { userId: any; type: any; }) {
+    const { userId, type } = req;
+    if (!userId || !type) {
+      throw new Error('参数错误');
+    }
+
+    await this.repository.delete({
+      userId,
+      type,
+    });
+  }
+
+ async bind(req: { userId: any; type: any; openId: any; }) {
+    const { userId, type, openId } = req;
+    if (!userId || !type || !openId) {
+      throw new Error('参数错误');
+    }
+    const exist = await this.repository.findOne({
+      where: {
+        openId,
+        type,
+      },
+    });
+    if (exist) {
+      throw new Error('该第三方账号已绑定用户');
+    }
+
+    const exist2 = await this.repository.findOne({
+      where: {
+        userId,
+        type,
+      },
+    });
+    if (exist2) {
+      //覆盖绑定
+      exist2.openId = openId;
+      await this.update({
+        id: exist2.id,
+        openId,
+      });
+      return;
+    } 
+    //新增
+    await this.add({
+      userId,
+      type,
+      openId,
+    });
+  }
+
+}

packages/ui/certd-server/src/modules/pipeline/service/getter/site-info-getter.ts

@@ -0,0 +1,20 @@
+import { SysSettingsService, SysInstallInfo } from "@certd/lib-server";
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { SiteInfo ,ISiteInfoGetter} from "@certd/plugin-lib";
+
+@Provide("siteInfoGetter")
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class SiteInfoGetter implements ISiteInfoGetter{
+    @Inject()
+    sysSettingsService: SysSettingsService;
+
+
+    async getSiteInfo(): Promise<SiteInfo> {
+
+        const installInfo = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo);
+
+        return {
+            siteUrl: installInfo?.bindUrl || "",
+        }
+    }
+}

packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts

@@ -1,6 +1,6 @@
 import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import { InjectEntityModel } from '@midwayjs/typeorm';
-import {In, MoreThan, Not, Repository} from 'typeorm';
+import {EntityManager, In, MoreThan, Not, Repository} from 'typeorm';
 import { UserEntity } from '../entity/user.js';
 import * as _ from 'lodash-es';
 import { BaseService, CommonException, Constants, FileService, SysInstallInfo, SysSettingsService } from '@certd/lib-server';
@@ -171,7 +171,7 @@ export class UserService extends BaseService<UserEntity> {
     return await this.roleService.getPermissionByRoleIds(roleIds);
   }
 
-  async register(type: string, user: UserEntity) {
+  async register(type: string, user: UserEntity,withTx?:(tx: EntityManager)=>Promise<void>) {
     if (!user.password) {
       user.password = simpleNanoId();
     }
@@ -227,6 +227,10 @@ export class UserService extends BaseService<UserEntity> {
       newUser = await txManager.save(newUser);
       const userRole: UserRoleEntity = UserRoleEntity.of(newUser.id, Constants.role.defaultUser);
       await txManager.save(userRole);
+
+      if(withTx) {
+        await withTx(txManager);
+      }
     });
 
     delete newUser.password;

packages/ui/certd-server/src/plugins/index.ts

@@ -38,3 +38,4 @@ export * from './plugin-godaddy/index.js'
 export * from './plugin-captcha/index.js'
 export * from './plugin-xinnet/index.js'
 export * from './plugin-xinnetconnet/index.js'
+export * from './plugin-oauth/index.js'

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts

@@ -155,10 +155,14 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
       const client = await this.getLBClient(access, this.regionId);
       await this.deployDefaultCert(certId, client);
     }
-
+    this.logger.info(`准备开始清理过期证书`);
-    await this.ctx.utils.sleep(10000)
+    await this.ctx.utils.sleep(30000)
     for (const listener of this.listeners) {
-      await this.clearInvalidCert(albClientV2, listener);
+      try{
+        await this.clearInvalidCert(albClientV2, listener);
+      }catch(e){
+        this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+      }
     }
 
 
@@ -236,6 +240,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
 
     const certIds = [];
     for (const item of list) {
+      this.logger.info(`监听器${listener}绑定的证书${item.CertificateId},status:${item.Status},IsDefault:${item.IsDefault}`);
       if (item.Status !== "Associated") {
         continue;
       }
@@ -244,10 +249,12 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
       }
       certIds.push( parseInt(item.CertificateId));
     }
+    this.logger.info(`监听器${listener}绑定的证书${certIds}`);
     //检查是否过期，过期则删除
     const invalidCertIds = [];
     for (const certId of certIds) {
       const res = await sslClient.getCertInfo(certId);
+      this.logger.info(`证书${certId}过期时间:${res.notAfter}`);
       if (res.notAfter < new Date().getTime()) {
         invalidCertIds.push(certId);
       }
@@ -256,7 +263,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
       this.logger.info(`监听器${listener}没有过期的证书`);
       return
     }
-    this.logger.info(`开始解绑过期的证书:${invalidCertIds}`);
+    this.logger.info(`开始解绑过期的证书:${invalidCertIds}，listener:${listener}`);
     await client.doRequest({
       // 接口名称
       action: "DissociateAdditionalCertificatesFromListener",

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-nlb/index.ts

@@ -152,9 +152,14 @@ export class AliyunDeployCertToNLB extends AbstractTaskPlugin {
       await this.deployDefaultCert(certId, client);
     }
 
-    await this.ctx.utils.sleep(10000)
+    this.logger.info(`准备开始清理过期证书`);
+    await this.ctx.utils.sleep(30000)
     for (const listener of this.listeners) {
-      await this.clearInvalidCert(nlbClientV2, listener);
+      try{
+        await this.clearInvalidCert(nlbClientV2, listener);
+      }catch(e){
+        this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+      }
     }
 
     this.logger.info('执行完成');
@@ -232,6 +237,7 @@ export class AliyunDeployCertToNLB extends AbstractTaskPlugin {
 
     const certIds = [];
     for (const item of list) {
+      this.logger.info(`监听器${listener}绑定的证书${item.CertificateId},status:${item.Status},IsDefault:${item.IsDefault}`);
       if (item.Status !== "Associated") {
         continue;
       }
@@ -240,10 +246,12 @@ export class AliyunDeployCertToNLB extends AbstractTaskPlugin {
       }
       certIds.push( parseInt(item.CertificateId));
     }
+    this.logger.info(`监听器${listener}绑定的证书${certIds}`);
     //检查是否过期，过期则删除
     const invalidCertIds = [];
     for (const certId of certIds) {
       const res = await sslClient.getCertInfo(certId);
+      this.logger.info(`证书${certId}过期时间:${res.notAfter}`);
       if (res.notAfter < new Date().getTime()) {
         invalidCertIds.push(certId);
       }
@@ -252,7 +260,7 @@ export class AliyunDeployCertToNLB extends AbstractTaskPlugin {
       this.logger.info(`监听器${listener}没有过期的证书`);
       return
     }
-    this.logger.info(`开始解绑过期的证书:${invalidCertIds}`);
+    this.logger.info(`开始解绑过期的证书:${invalidCertIds},listener:${listener}`);
 
     const ids:any = {}
     let i = 0

packages/ui/certd-server/src/plugins/plugin-dokploy/access.ts

@@ -50,6 +50,14 @@ export class DokployAccess extends BaseAccess {
     return "ok"
   }
 
+  async getServerList(){
+    const req = {
+      url :"/api/server.all",
+      method: "get",
+    }
+    return await this.doRequest(req);
+  }
+
   async getCertList(){
     const req = {
       url :"/api/certificates.all",
@@ -96,7 +104,7 @@ export class DokployAccess extends BaseAccess {
       headers,
       baseURL: this.endpoint,
       ...req,
-      logRes: true,
+      logRes: false,
     });
   }
 

packages/ui/certd-server/src/plugins/plugin-dokploy/plugins/plugin-refresh-cert.ts

@@ -1,13 +1,13 @@
 import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
-import {CertApplyPluginNames, CertInfo} from "@certd/plugin-cert";
+import {CertApplyPluginNames, CertInfo, CertReader} from "@certd/plugin-cert";
 import {createCertDomainGetterInputDefine, createRemoteSelectInputDefine} from "@certd/plugin-lib";
 import {DokployAccess} from "../access.js";
 
 @IsTaskPlugin({
   //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
   name: "DokployRefreshCert",
-  title: "Dokploy-更新证书",
+  title: "Dokploy-部署server证书",
-  desc: "自动更新Dokploy证书",
+  desc: "自动更新Dokploy server证书",
   icon: "svg:icon-lucky",
   //插件分组
   group: pluginGroups.panel.key,
@@ -52,12 +52,12 @@ export class DokployRefreshCert extends AbstractTaskPlugin {
     createRemoteSelectInputDefine({
       title: "证书名称",
       helper: "要更新的证书名称，如果这里没有，请先给手动绑定一次证书",
-      action: DokployRefreshCert.prototype.onGetCertList.name,
+      action: DokployRefreshCert.prototype.onGetServerList.name,
       pager: false,
       search: false
     })
   )
-  certList!: string[];
+  serverList!: string[];
 
   //插件实例化时执行的方法
   async onInstance() {
@@ -67,46 +67,61 @@ export class DokployRefreshCert extends AbstractTaskPlugin {
   async execute(): Promise<void> {
     const access = await this.getAccess<DokployAccess>(this.accessId);
 
+    if (!this.serverList || this.serverList.length === 0) {
+      throw new Error("请先选择要部署证书的server");
+    }
+
     // await access.createCert({cert:this.cert})
 
-    const certList = await access.getCertList();
+    const oldCertList = await access.getCertList();
 
 
-    for (const certId of this.certList) {
+    const certReader = new CertReader(this.cert);
-      this.logger.info(`----------- 开始更新证书：${certId}`);
+    for (const serverId of this.serverList) {
-      const [serverId,name] = certId.split("#");
+      this.logger.info(`----------- 开始部署server证书：${serverId}`);
-      const founds = certList.filter((item: any) => item.name === name);
+      if(!serverId){
-      if (founds){
+        this.logger.error(`----------- serverId不能为空，跳过更新`);
-        for (const found of founds) {
+        continue;
-          await access.removeCert({id:found.certificateId})
-        }
       }
-
       await access.createCert({
-        name,
+        name: certReader.buildCertName(),
         cert: this.cert,
         serverId: serverId,
       });
-      this.logger.info(`----------- 更新证书${certId}成功`);
+      this.logger.info(`----------- 部署server${serverId}证书成功`);
+    }
+
+    this.logger.info(`----------- 等待10秒后开始清理过期证书`);
+    await this.ctx.utils.sleep(10000);
+    //清理过期证书
+    for (const certItem of oldCertList) {
+      
+      const certDetail = CertReader.readCertDetail(certItem.certificateData);
+      if (certDetail.expires.getTime() < new Date().getTime()){
+          this.logger.info(`----------- 证书${certItem.certificateId}已过期`);
+          await access.removeCert({id:certItem.certificateId});
+          this.logger.info(`----------- 清理过期证书${certItem.certificateId}成功`);  
+      }else{
+        this.logger.info(`----------- 证书${certItem.certificateId}还未过期`);  
+      }
     }
 
     this.logger.info("部署完成");
   }
 
-  async onGetCertList(data: PageSearch = {}) {
+  async onGetServerList(data: PageSearch = {}) {
     const access = await this.getAccess<DokployAccess>(this.accessId);
 
-    const res = await access.getCertList()
+    const res = await access.getServerList()
     const list = res
     if (!list || list.length === 0) {
-      throw new Error("没有找到证书，你可以直接手动输入id，如果id不存在将自动创建");
+      throw new Error("没有找到Server，你可以直接手动输入serverId");
     }
 
     const options = list.map((item: any) => {
       return {
         label: `${item.name}<${item.serverId}>`,
-        value: `${item.serverId}#${item.name}`,
+        value: `${item.serverId}`,
-        domain: item.name
       };
     });
     return options;

packages/ui/certd-server/src/plugins/plugin-oauth/api.ts

@@ -0,0 +1,37 @@
+export type OnCallbackReq = {
+    code: string;
+    state: string;
+}
+
+export type OauthToken = {
+    userInfo: {
+        openId: string;
+        nickName: string;
+        avatar: string;
+    },
+    token: {
+        accessToken: string;
+        refreshToken: string;
+        expiresIn: number;
+    }
+}
+
+export type OnBindReq = {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    idToken: string;
+    scope: string;
+    tokenType: string;
+    bindInfo: any;
+}
+export type OnBindReply = {
+    success: boolean;
+    message: string;
+}
+
+export interface IOauthProvider {
+    buildLoginUrl: (params: { redirectUri: string }) => Promise<string>;
+    onCallback: (params: OnCallbackReq) => Promise<OauthToken>;
+    onBind: (params: OnBindReq) => Promise<OnBindReply>;
+}

packages/ui/certd-server/src/plugins/plugin-oauth/index.ts

@@ -0,0 +1,2 @@
+export * from './api.js'
+export * from './oidc/plugin-oidc.js'

packages/ui/certd-server/src/plugins/plugin-oauth/oidc/plugin-oidc.ts

@@ -0,0 +1,131 @@
+import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
+import { IOauthProvider, OnBindReq, OnCallbackReq } from "../api.js";
+
+@IsAddon({
+  addonType: "oauth",
+  name: 'oidc',
+  title: 'OpenId connect 认证',
+  desc: '',
+  showTest: false,
+})
+export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
+
+  @AddonInput({
+    title: "ClientId",
+    helper: "ClientId / appId",
+    required: true,
+  })
+  clientId = "";
+
+  @AddonInput({
+    title: "ClientSecretKey",
+    component: {
+      placeholder: "ClientSecretKey / appSecretKey",
+    },
+    required: true,
+  })
+  clientSecretKey = "";
+
+  @AddonInput({
+    title: "服务地址",
+    helper: "Issuer地址",
+    component: {
+      placeholder: "https://oidc.example.com/oidc",
+    },
+    required: true,
+  })
+  issuerUrl = "";
+
+
+  async getClient() {
+    const client = await import('openid-client')
+    let server = new URL(this.issuerUrl)// Authorization Server's Issuer Identifier
+
+    let config = await client.discovery(
+      server,
+      this.clientId,
+      this.clientSecretKey,
+    )
+
+    // console.log(config.serverMetadata())
+
+    return {
+      config,
+      client
+    }
+  }
+
+  async onCallback(req: OnCallbackReq) {
+    const { config, client } = await this.getClient()
+
+    const currentUrl = new URL("")
+    let tokens: any = await client.authorizationCodeGrant(
+      config,
+      currentUrl,
+      {
+        pkceCodeVerifier: req.code,
+        expectedState: req.state,
+      },
+    )
+
+    console.log('Token Endpoint Response', tokens)
+    const claims = tokens.claims()
+    return {
+      token:{
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresIn: tokens.expires_in,
+      },
+      userInfo: {
+        openId: claims.sub,
+        nickName: claims.nickname,
+        avatar: claims.picture,
+      },
+    }
+  };
+  async onBind(req: OnBindReq) {
+    return {
+      success: false,
+      message: '绑定失败',
+    }
+  }
+  async buildLoginUrl(params: { redirectUri: string }) {
+    const { config, client } = await this.getClient()
+
+    let redirect_uri = new URL(params.redirectUri)
+    let scope = 'openid profile' // Scope of the access request
+    /**
+     * PKCE: The following MUST be generated for every redirect to the
+     * authorization_endpoint. You must store the code_verifier and state in the
+     * end-user session such that it can be recovered as the user gets redirected
+     * from the authorization server back to your application.
+     */
+    let code_verifier = client.randomPKCECodeVerifier()
+    let code_challenge = await client.calculatePKCECodeChallenge(code_verifier)
+    let state = client.randomState()
+
+    let parameters: any = {
+      redirect_uri,
+      scope,
+      code_challenge,
+      code_challenge_method: 'S256',
+      state,
+    }
+
+    // if (!config.serverMetadata().supportsPKCE()) {
+    //     /**
+    //      * We cannot be sure the server supports PKCE so we're going to use state too.
+    //      * Use of PKCE is backwards compatible even if the AS doesn't support it which
+    //      * is why we're using it regardless. Like PKCE, random state must be generated
+    //      * for every redirect to the authorization_endpoint.
+    //      */
+    //     parameters.state = client.randomState()
+    // }
+
+    let redirectTo = client.buildAuthorizationUrl(config, parameters)
+
+    // now redirect the user to redirectTo.href
+    console.log('redirecting to', redirectTo.href)
+    return redirectTo.href;
+  }
+}

trigger/build.trigger

@@ -1 +1 @@
-01:16
+23:54

trigger/release.trigger

@@ -1 +1 @@
-01:31
+23:57