chore: 企业管理模式初步

2026-05-04 04:27:26 +08:00 · 2026-02-04 15:49:01 +08:00
96 changed files with 510 additions and 1170 deletions
@@ -3,39 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-### Performance Improvements
-
-* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
-* 优化申请证书最大超时时长 ([00f67d8](https://github.com/certd/certd/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
-* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
-* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-### Bug Fixes
-
-* 修复有域名记录时，域名输入框无法关闭的bug ([54c8217](https://github.com/certd/certd/commit/54c8217808453b121abf646b004596f28932509f))
-
-### Performance Improvements
-
-*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
-* 第三方登录支持Microsoft ([beb7a4c](https://github.com/certd/certd/commit/beb7a4c99277262bb9681c5594cfcd3e36c52074))
-* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/certd/certd/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-### Bug Fixes
-
-* 修复新网找错域名的bug ([bd511f9](https://github.com/certd/certd/commit/bd511f97cb7fbdcaeff7ac899f0460a5c7b41826))
-
-### Performance Improvements
-
-* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([9166a57](https://github.com/certd/certd/commit/9166a579301a60750f0b72b6a42b0c8d730695fd))
-* count tip ([e19743f](https://github.com/certd/certd/commit/e19743f70553700f1f91bff76f87370f749dd247))
-* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 ### Bug Fixes
@@ -3,30 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-### Bug Fixes
-
-* 修复有域名记录时，域名输入框无法关闭的bug ([54c8217](https://github.com/certd/certd/commit/54c8217808453b121abf646b004596f28932509f))
-
-### Performance Improvements
-
-*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
-* 第三方登录支持Microsoft ([beb7a4c](https://github.com/certd/certd/commit/beb7a4c99277262bb9681c5594cfcd3e36c52074))
-* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/certd/certd/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-### Bug Fixes
-
-* 修复新网找错域名的bug ([bd511f9](https://github.com/certd/certd/commit/bd511f97cb7fbdcaeff7ac899f0460a5c7b41826))
-
-### Performance Improvements
-
-* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([9166a57](https://github.com/certd/certd/commit/9166a579301a60750f0b72b6a42b0c8d730695fd))
-* count tip ([e19743f](https://github.com/certd/certd/commit/e19743f70553700f1f91bff76f87370f749dd247))
-* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 ### Bug Fixes
@@ -5,7 +5,7 @@
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **证书申请（JS版）** | 免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
-| 2.| **已有证书托管** | 手动上传自定义证书后，自动部署（每次证书有更新，都需要手动上传一次） | 
+| 2.| **商用证书托管** | 手动上传自定义证书后，自动部署（每次证书有更新，都需要手动上传一次） | 
 | 3.| **获取阿里云订阅证书** | 从阿里云拉取订阅模式的商用证书 | 
 | 4.| **证书申请（Lego）** | 支持海量DNS解析提供商，推荐使用，一样的免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
 ## 2. 主机
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.38.8"
+  "version": "1.38.5"
 }
@@ -3,23 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/publishlab/node-acme-client/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-### Performance Improvements
-
-* 优化申请证书最大超时时长 ([00f67d8](https://github.com/publishlab/node-acme-client/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
-* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/publishlab/node-acme-client/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
-
-## [1.38.7](https://github.com/publishlab/node-acme-client/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-### Performance Improvements
-
-* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/publishlab/node-acme-client/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
-
-## [1.38.6](https://github.com/publishlab/node-acme-client/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/acme-client
-
 ## [1.38.5](https://github.com/publishlab/node-acme-client/compare/v1.38.4...v1.38.5) (2026-02-02)

 ### Bug Fixes
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.38.8",
+    "version": "1.38.5",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.38.8",
+        "@certd/basic": "^1.38.5",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
@@ -70,5 +70,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+    "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -600,11 +600,8 @@ class AcmeClient {
            throw new Error(`[${d}] Unexpected item status: ${resp.data.status}`);
        };

-        this.log(`[${d}] Waiting for valid status （等待valid状态）: ${item.url}`, JSON.stringify(this.backoffOpts));
-        const log = (...args)=>{
-            this.logger.info(...args)
-        }
-        return util.retry(verifyFn, this.backoffOpts,log);
+        this.log(`[${d}] Waiting for valid status （等待valid状态）: ${item.url}`, this.backoffOpts);
+        return util.retry(verifyFn, this.backoffOpts);
    }

    /**
@@ -57,32 +57,6 @@ export function getDirectoryUrl(opts) {
  return list.production
 }

-
-export function getAllSslProviderDomains() {
-  const list = Object.values(directory).map((item) => {
-    let url =  item.production.replace('https://', '')
-    url = url.substring(0, url.indexOf('/'))
-    return url
-  })
-  return list
-}
-
-let sslProviderReverseProxies = {}
-
-function initSslProviderReverseProxies() {
-  for (const sslProvider of getAllSslProviderDomains()) {
-    sslProviderReverseProxies[sslProvider] = ""
-  }
-}
-initSslProviderReverseProxies()
-
-export function getSslProviderReverseProxies() {
-  return sslProviderReverseProxies
-}
-export function setSslProviderReverseProxies(reverseProxies) {
-  Object.assign(sslProviderReverseProxies, reverseProxies)
-}
-
 /**
 * Crypto
 */
@@ -52,17 +52,11 @@ async function retryPromise(fn, attempts, backoff, logger = log) {
    let aborted = false;

    try {
-        const setAbort = () => { aborted = true; }
-        const data = await fn(setAbort);
+        const data = await fn(() => { aborted = true; });
        return data;
    }
    catch (e) {
-        if (aborted){
-            logger(`用户取消重试`);
-            throw e;
-        }
-        if ( ((backoff.attempts + 1) >= attempts)) {
-            logger(`重试次数超过${attempts}次`);
+        if (aborted || ((backoff.attempts + 1) >= attempts)) {
            throw e;
        }

@@ -118,9 +118,6 @@ export const directory: {
 };

 export function getDirectoryUrl(opts:{sslProvider:string, pkType: string}): string;
-export function getAllSslProviderDomains(): string[];
-export function getSslProviderReverseProxies(): Record<string, string>;
-export function setSslProviderReverseProxies(reverseProxies: Record<string, string>): void;

 /**
 * Crypto
@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/basic
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/basic
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/basic
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/basic
@@ -1 +1 @@
-02:23
+23:59
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.38.8",
+  "version": "1.38.5",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -47,5 +47,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -18,7 +18,7 @@ export function resetLogConfigure() {
  });
 }
 resetLogConfigure();
-export const logger: ILogger = log4js.getLogger("default") as any;
+export const logger = log4js.getLogger("default");

 export function resetLogFilePath(filePath: string) {
  logFilePath = filePath;
@@ -77,8 +77,6 @@ export type ILogger = {
  fatal(message: any, ...args: any[]): void;

  mark(message: any, ...args: any[]): void;
-
-  addSecret(secret: string): void;
 };

 const locale = Intl.DateTimeFormat().resolvedOptions().locale;
@@ -108,14 +106,10 @@ export class PipelineLogger implements ILogger {

  constructor(name: string, write: (text: string) => void) {
    this.customWriter = write;
-    //@ts-ignore
    this.logger = log4js.getLogger(name);
  }

  addSecret(secret: string) {
-    if (!secret) {
-      return;
-    }
    this._secrets.push(secret);
  }

@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/pipeline
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/pipeline
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/pipeline
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/pipeline
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.38.8",
+  "version": "1.38.5",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.8",
-    "@certd/plus-core": "^1.38.8",
+    "@certd/basic": "^1.38.5",
+    "@certd/plus-core": "^1.38.5",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/lib-huawei
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/lib-huawei
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/lib-huawei
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.38.8",
+  "version": "1.38.5",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
    "prettier": "^2.8.8",
    "tslib": "^2.8.1"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/lib-iframe
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/lib-iframe
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/lib-iframe
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.38.8",
+  "version": "1.38.5",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -31,5 +31,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/jdcloud
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/jdcloud
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/jdcloud
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.38.8",
+  "version": "1.38.5",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
      "fetch"
    ]
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/lib-k8s
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/lib-k8s
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/lib-k8s
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.38.8",
+  "version": "1.38.5",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.8",
+    "@certd/basic": "^1.38.5",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -32,5 +32,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -3,20 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-### Performance Improvements
-
-* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/lib-server
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/lib-server
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 ### Performance Improvements
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.38.8",
+  "version": "1.38.5",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.38.8",
-    "@certd/basic": "^1.38.8",
-    "@certd/pipeline": "^1.38.8",
-    "@certd/plugin-lib": "^1.38.8",
-    "@certd/plus-core": "^1.38.8",
+    "@certd/acme-client": "^1.38.5",
+    "@certd/basic": "^1.38.5",
+    "@certd/pipeline": "^1.38.5",
+    "@certd/plugin-lib": "^1.38.5",
+    "@certd/plus-core": "^1.38.5",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -65,6 +65,8 @@ export class SysPublicSettings extends BaseSettings {
  }> = {};

  notice?: string;
+
+  adminMode?: "enterprise" | "saas" = "saas";
 }

 export class SysPrivateSettings extends BaseSettings {
@@ -76,9 +78,6 @@ export class SysPrivateSettings extends BaseSettings {

  httpsProxy? = '';
  httpProxy? = '';
-
-  reverseProxies?: Record<string, string> = {};
-
  dnsResultOrder? = '';
  commonCnameEnabled?: boolean = true;

@@ -4,10 +4,10 @@ import { Repository } from 'typeorm';
 import { SysSettingsEntity } from '../entity/sys-settings.js';
 import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecret, SysSecretBackup } from './models.js';

-import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
-import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
-import * as dns from 'node:dns';
 import { BaseService } from '../../../basic/index.js';
+import { cache, logger, setGlobalProxy } from '@certd/basic';
+import * as dns from 'node:dns';
+import {mergeUtils} from "@certd/basic";
 import { executorQueue } from '../../basic/service/executor-queue.js';
 const {merge} = mergeUtils;
 /**
@@ -120,14 +120,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
  }

  async getPrivateSettings(): Promise<SysPrivateSettings> {
-    const res = await this.getSetting<SysPrivateSettings>(SysPrivateSettings);
-    const sslProviderDomains = getAllSslProviderDomains();
-    for (const domain of sslProviderDomains) {
-      if (!res.reverseProxies[domain]) {
-        res.reverseProxies[domain] = "";
-      }
-    }
-    return res
+    return await this.getSetting(SysPrivateSettings);
  }

  async savePrivateSettings(bean: SysPrivateSettings) {
@@ -152,8 +145,6 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
    if (bean.pipelineMaxRunningCount){
      executorQueue.setMaxRunningCount(bean.pipelineMaxRunningCount);
    }
-
-    setSslProviderReverseProxies(bean.reverseProxies);
  }

  async updateByKey(key: string, setting: any) {
@@ -21,6 +21,9 @@ export class AccessEntity {
  @Column({ name: 'encrypt_setting', comment: '已加密设置', length: 10240, nullable: true })
  encryptSetting: string;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -28,6 +28,9 @@ export class AddonEntity {
  @Column({ name: 'is_default', comment: '是否默认',  nullable: false, default: false })
  isDefault: boolean;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+

  @Column({
    name: 'create_time',
@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/midway-flyway-js
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/midway-flyway-js
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/midway-flyway-js
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.38.8",
+  "version": "1.38.5",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -46,5 +46,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -3,20 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/plugin-cert
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-### Performance Improvements
-
-*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/plugin-cert
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/plugin-cert
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.38.8",
+  "version": "1.38.5",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.38.8",
-    "@certd/basic": "^1.38.8",
-    "@certd/pipeline": "^1.38.8",
-    "@certd/plugin-lib": "^1.38.8",
+    "@certd/acme-client": "^1.38.5",
+    "@certd/basic": "^1.38.5",
+    "@certd/pipeline": "^1.38.5",
+    "@certd/plugin-lib": "^1.38.5",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
@@ -38,5 +38,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -1 +1 @@
-export * from "@certd/plugin-lib";
+export * from "@certd/plugin-lib";
@@ -3,18 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-**Note:** Version bump only for package @certd/plugin-lib
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-**Note:** Version bump only for package @certd/plugin-lib
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-**Note:** Version bump only for package @certd/plugin-lib
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 **Note:** Version bump only for package @certd/plugin-lib
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.38.8",
+  "version": "1.38.5",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.8",
-    "@certd/basic": "^1.38.8",
-    "@certd/pipeline": "^1.38.8",
-    "@certd/plus-core": "^1.38.8",
+    "@certd/acme-client": "^1.38.5",
+    "@certd/basic": "^1.38.5",
+    "@certd/pipeline": "^1.38.5",
+    "@certd/plus-core": "^1.38.5",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -57,5 +57,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "29d37075dd600fa4898c5e38611e09db522e32fc"
+  "gitHead": "eeb1f27fa47ddc616451f3e5a8fb8d1de345d252"
 }
@@ -3,32 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-### Performance Improvements
-
-* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
-* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
-* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-### Bug Fixes
-
-* 修复有域名记录时，域名输入框无法关闭的bug ([54c8217](https://github.com/certd/certd/commit/54c8217808453b121abf646b004596f28932509f))
-
-### Performance Improvements
-
-*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-### Performance Improvements
-
-* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([9166a57](https://github.com/certd/certd/commit/9166a579301a60750f0b72b6a42b0c8d730695fd))
-* count tip ([e19743f](https://github.com/certd/certd/commit/e19743f70553700f1f91bff76f87370f749dd247))
-* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.38.8",
+  "version": "1.38.5",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.38.8",
-    "@certd/pipeline": "^1.38.8",
+    "@certd/lib-iframe": "^1.38.5",
+    "@certd/pipeline": "^1.38.5",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -3,7 +3,6 @@
    <div class="flex flex-row">
      <a-select
        class="domain-select-input"
-        :popup-class-name="popupClassName"
        :dropdown-style="dropdownStyle"
        show-search
        :filter-option="filterOption"
@@ -56,12 +55,12 @@
  </div>
 </template>
 <script setup lang="ts">
-import { computed, defineComponent, onMounted, ref, Ref, useAttrs } from "vue";
-import { useRouter } from "vue-router";
-import { Dicts } from "../lib/dicts";
+import { computed, defineComponent, ref, Ref, useAttrs } from "vue";
 import { request } from "/@/api/service";
+import { Dicts } from "../lib/dicts";
+import { useRouter } from "vue-router";
+import { useDomainImport, useDomainImportManage } from "/@/views/certd/cert/domain/use";
 import { openRouteInNewWindow } from "/@/vben/utils";
-import { useDomainImportManage } from "/@/views/certd/cert/domain/use";

 defineOptions({
  name: "DomainSelector",
@@ -91,15 +90,6 @@ const emit = defineEmits<{

 const attrs = useAttrs();

-const hasOptions: Ref = ref(null);
-
-const popupClassName = computed(() => {
-  if (!hasOptions.value) {
-    return "hidden-important";
-  }
-  return "";
-});
-
 const searchKeyRef = ref("");
 const optionsRef = ref([]);
 const message = ref("");
@@ -153,14 +143,6 @@ const getOptions = async () => {
    }

    optionsRef.value = options;
-    if (hasOptions.value == null) {
-      //初始设置一次
-      if (options.length > 0) {
-        hasOptions.value = true;
-      } else {
-        hasOptions.value = false;
-      }
-    }
    pagerRef.value.total = list.length;
    if (props.pager) {
      if (res.total != null) {
@@ -223,10 +205,6 @@ function openDomainImportDialog() {
 const dropdownStyle = ref({
  zIndex: 2000,
 });
-
-onMounted(() => {
-  refreshOptions();
-});
 </script>

 <style lang="less"></style>
@@ -1,8 +1,8 @@
 <template>
  <div class="params-show">
-    <a-tag v-for="item of params" :key="item.value" type="primary" color="green" class="item">
+    <a-tag type="primary" color="green" v-for="item of params" :key="item.value" class="item">
      <span class="label">{{ item.label }}=</span>
-      <fs-copyable :model-value="`\$\{${item.value}\}`" :button="{ show: false }" :inline="true"></fs-copyable>
+      <fs-copyable :modelValue="`\$\{${item.value}\}`" :button="{show:false}" :inline="true"></fs-copyable>
    </a-tag>
  </div>
 </template>
@@ -161,30 +161,27 @@ function openStarModal(vipType: string) {
    return;
  }
  Modal.destroyAll();
+  const goGithub = () => {
+    window.open("https://github.com/certd/certd/");
+  };

-  openTrialModal(vipType);
-
-  // const goGithub = () => {
-  //   window.open("https://github.com/certd/certd/");
-  // };
-
-  // modal.confirm({
-  //   title: t("vip.get_7_day_pro_trial"),
-  //   okText: t("vip.star_now"),
-  //   onOk() {
-  //     goGithub();
-  //     openTrialModal(vipType);
-  //   },
-  //   width: 600,
-  //   content: () => {
-  //     return (
-  //       <div class="flex mt-10 mb-10">
-  //         <div>{t("vip.please_help_star")}</div>
-  //         <img class="ml-5" src="https://img.shields.io/github/stars/certd/certd?logo=github" />
-  //       </div>
-  //     );
-  //   },
-  // });
+  modal.confirm({
+    title: t("vip.get_7_day_pro_trial"),
+    okText: t("vip.star_now"),
+    onOk() {
+      goGithub();
+      openTrialModal(vipType);
+    },
+    width: 600,
+    content: () => {
+      return (
+        <div class="flex mt-10 mb-10">
+          <div>{t("vip.please_help_star")}</div>
+          <img class="ml-5" src="https://img.shields.io/github/stars/certd/certd?logo=github" />
+        </div>
+      );
+    },
+  });
 }

 function openUpgrade() {
@@ -8,20 +8,9 @@
        <div class="flex flex-col order-count-text weight-bold">
          <div class="count-text ml-4 flex items-center">
            <fs-icon icon="noto:fire" class="fs-20 mr-2"></fs-icon>
-            <template v-if="stage.vipTotal > 0">
-              <span> 已有 </span>
-              <span class="count-number color-red font-bold text-2xl ml-1 mr-1"> {{ stage.vipTotal }} </span> 位小伙伴赞助，
-              <span>
-                {{ stage.title }}
-              </span>
-            </template>
-            <template v-else>
-              <span> 今日赞助 </span>
-              <span class="count-number color-red font-bold text-2xl ml-1 mr-1"> {{ stage.orderCount }} </span> 人，
-              <span>
-                {{ stage.title }}
-              </span>
-            </template>
+            <span> 今日赞助 </span>
+            <span class="count-number color-red font-bold text-2xl ml-1 mr-1"> {{ stage.orderCount }} </span>人，
+            <span> {{ stage.title }} </span>
          </div>
        </div>
      </div>
@@ -120,13 +109,14 @@
 </template>

 <script lang="ts" setup>
+import { computed, nextTick, onMounted, reactive, Ref, ref } from "vue";
 import { message, Modal } from "ant-design-vue";
 import dayjs from "dayjs";
-import { computed, nextTick, onMounted, onUnmounted, reactive, Ref, ref } from "vue";
 import { useI18n } from "vue-i18n";
 import { useRouter } from "vue-router";
-import * as api from "./api";
 import { useSettingStore } from "/@/store/settings";
+import * as api from "./api";
+import { utils } from "/@/utils";

 const { t } = useI18n();
 const router = useRouter();
@@ -240,13 +230,12 @@ const vipTypeDefine: any = {
  },
 };

-const TodayVipOrderCountRef: Ref = ref({ enabled: false, current: 0, stages: [] });
+const TodayVipOrderCountRef: Ref = ref({});

 async function getTodayVipOrderCount() {
  const res = await api.getTodayVipOrderCount();
  if (res) {
    TodayVipOrderCountRef.value = res;
-    TodayVipOrderCountRef.value.current = 0;
  }
 }

@@ -259,50 +248,31 @@ const todayOrderCount = computed(() => {
  }
  const lastStage = countInfo?.stages?.[countInfo?.stages?.length - 1] || {};
  lastStage.orderCount = orderCount;
-
-  const stages: any = [];
-  stages.push({
-    title: countInfo.title,
-    vipTotal: countInfo?.vipTotal || 0,
-    orderCount: orderCount,
-    bg: lastStage.bg,
-  });
-  if (lastStage.orderCount > 0) {
-    stages.push(lastStage);
-  }
  return {
    enabled: enabled,
-    stages: stages,
+    orderCount: orderCount,
+    title: lastStage.title || "",
+    stages: countInfo?.stages,
  };
 });

 async function scrollOrderCount() {
  const stages = todayOrderCount.value.stages;
-  if (stages.length === 0) {
+  if (!stages.length) {
    return;
  }
  let index = 0;
-  const doScroll = () => {
+  for (const stage of stages) {
    TodayVipOrderCountRef.value.current = index;
+    await utils.sleep(500);
    index++;
-    if (index >= stages.length) {
-      index = 0;
-    }
-  };
-  doScroll();
-  scrollOrderCountIntervalRef.value = setInterval(doScroll, 7000);
+  }
 }

-const scrollOrderCountIntervalRef: Ref = ref(null);
 onMounted(async () => {
  await getTodayVipOrderCount();
-  await nextTick();
  await scrollOrderCount();
 });
-
-onUnmounted(() => {
-  clearInterval(scrollOrderCountIntervalRef.value);
-});
 </script>

 <style lang="less">
@@ -35,13 +35,7 @@ const menus = computed(() => [

 const avatar = computed(() => {
  const avt = userStore.getUserInfo?.avatar;
-  if (!avt) {
-    return "";
-  }
-  if (avt.startsWith("http")) {
-    return avt;
-  }
-  return `/api/basic/file/download?key=${avt}`;
+  return avt ? `/api/basic/file/download?key=${avt}` : "";
 });

 async function handleLogout() {
@@ -511,7 +511,6 @@ export default {
  selectRecordFirst: "Please select records first",
  subdomainHosted: "Hosted Subdomain",
  subdomainHelpText: "If you don't understand what subdomain hosting is,Do not set it randomly, as it may result in the inability to apply for the certificate. please refer to the documentation ",
-  subdomainHelpSupportStart: "Supports * wildcard, indicating that all subdomains of the domain are hosted (free subdomains)",
  subdomainManagement: "Subdomain Management",
  isDisabled: "Is Disabled",
  enabled: "Enabled",
@@ -785,7 +784,6 @@ export default {
      captchaSetting: "Captcha Setting",
      pipelineSetting: "Pipeline Settings",
      oauthSetting: "OAuth2 Settings",
-      networkSetting: "Network Settings",

      showRunStrategy: "Show RunStrategy",
      showRunStrategyHelper: "Allow modify the run strategy of the task",
@@ -837,11 +835,6 @@ export default {
      notice: "System Notice",
      noticeHelper: "System notice, will be displayed on the login page",
      noticePlaceholder: "System notice",
-
-      reverseProxy: "Reverse Proxy List",
-      reverseProxyHelper: "Reverse proxy for ACME address, used when applying for certificate",
-      reverseProxyPlaceholder: "http://le.px.handfree.work",
-      reverseProxyEmpty: "No reverse proxy list configured",
    },
  },
  modal: {
@@ -868,4 +861,8 @@ export default {
    select: "Select",
    placeholder: "select please",
  },
+  adminMode: {
+    enterpriseMode: "Enterprise Mode",
+    saasMode: "SaaS Mode",
+  },
 };
@@ -521,7 +521,6 @@ export default {
  selectRecordFirst: "请先勾选记录",
  subdomainHosted: "托管的子域名",
  subdomainHelpText: "如果您不理解什么是子域托管，请不要随意设置（可能导致证书无法申请，以前设置过的cname记录也需要重新配置），可以参考文档",
-  subdomainHelpSupportStart: "支持*号通配符,表示该域名下的子域名都是托管的（免费子域名）",
  subdomainManagement: "子域管理",
  isDisabled: "是否禁用",
  enabled: "启用",
@@ -792,7 +791,6 @@ export default {
      captchaSetting: "验证码设置",
      pipelineSetting: "流水线设置",
      oauthSetting: "第三方登录",
-      networkSetting: "网络设置",

      showRunStrategy: "显示运行策略选择",
      showRunStrategyHelper: "任务设置中是否允许选择运行策略",
@@ -852,11 +850,6 @@ export default {
      notice: "系统公告",
      noticeHelper: "系统公告，将在首页显示",
      noticePlaceholder: "系统公告",
-
-      reverseProxy: "反向代理列表",
-      reverseProxyHelper: "证书颁发机构ACME地址的反向代理，在申请证书时自动使用",
-      reverseProxyPlaceholder: "http://le.px.handfree.work",
-      reverseProxyEmpty: "未配置反向代理",
    },
  },
  modal: {
@@ -883,4 +876,8 @@ export default {
    select: "选择",
    placeholder: "请选择",
  },
+  adminMode: {
+    enterpriseMode: "企业模式",
+    saasMode: "SaaS模式",
+  },
 };
@@ -86,6 +86,9 @@ export type SysPublicSetting = {
  >;
  // 系统通知
  notice?: string;
+
+  // 管理员模式
+  adminMode?: "enterprise" | "saas";
 };
 export type SuiteSetting = {
  enabled?: boolean;
@@ -93,7 +96,6 @@ export type SuiteSetting = {
 export type SysPrivateSetting = {
  httpProxy?: string;
  httpsProxy?: string;
-  reverseProxies?: any;
  dnsResultOrder?: string;
  commonCnameEnabled?: boolean;
  // 同一个用户同时最大运行流水线数量
@@ -372,13 +372,6 @@ h6 {
  border-spacing: 0;
  overflow: auto;

-  &.cd-table-none-border {
-    border: 0 !important;
-    td, th {
-      border: 0 !important;
-    }
-  }
-
  .fs-loading {
    position: absolute;
    left: 0;
@@ -483,10 +476,4 @@ h6 {
  .fs-icon{
    margin-right: 5px;
  }
-}
-
-
-.hidden-important {
-  display: none !important;
-  visibility: hidden !important;
 }
@@ -28,7 +28,7 @@ export async function TwoFactorAuthenticatorGet() {
    url: apiPrefix + "/twoFactor/authenticator/qrcode",
    method: "post",
  });
-  return res as { qrcode: string; link: string; secret: string }; //base64
+  return res as string; //base64
 }

 export async function TwoFactorAuthenticatorSave(req: AuthenticatorSaveReq) {
@@ -57,17 +57,6 @@
            <div class="ml-20">
              <img class="full-w" :src="authenticatorForm.qrcodeSrc" />
            </div>
-            <div class="ml-20 mt-5">
-              <div>您也可以手动添加：</div>
-              <div class="flex mt-5">
-                <a-tag type="primary" color="green" class="mr-2">Secret：</a-tag>
-                <fs-copyable :model-value="authenticatorForm.secret" />
-              </div>
-              <div class="flex mt-5">
-                <a-tag type="primary" color="green" class="mr-2">Link：</a-tag>
-                <fs-copyable :model-value="authenticatorForm.link" />
-              </div>
-            </div>
          </div>
          <h3 class="font-bold m-10">{{ t("certd.step3") }}</h3>
          <div class="ml-20">
@@ -108,8 +97,6 @@ const formState = reactive<Partial<UserTwoFactorSetting>>({
 const authenticatorForm = reactive({
  qrcodeSrc: "",
  verifyCode: "",
-  link: "",
-  secret: "",
  open: false,
 });

@@ -123,14 +110,9 @@ watch(
  async open => {
    if (open) {
      //base64 转图片
-      const { qrcode, link, secret } = await api.TwoFactorAuthenticatorGet();
-      authenticatorForm.qrcodeSrc = qrcode;
-      authenticatorForm.link = link;
-      authenticatorForm.secret = secret;
+      authenticatorForm.qrcodeSrc = await api.TwoFactorAuthenticatorGet();
    } else {
      authenticatorForm.qrcodeSrc = "";
-      authenticatorForm.link = "";
-      authenticatorForm.secret = "";
      authenticatorForm.verifyCode = "";
    }
  }
@@ -8,7 +8,7 @@
        <a-descriptions-item :label="t('authentication.username')">{{ userInfo.username }}</a-descriptions-item>
        <a-descriptions-item :label="t('authentication.nickName')">{{ userInfo.nickName }}</a-descriptions-item>
        <a-descriptions-item :label="t('authentication.avatar')">
-          <a-avatar v-if="userInfo.avatar" size="large" :src="userAvatar" style="background-color: #eee"> </a-avatar>
+          <a-avatar v-if="userInfo.avatar" size="large" :src="'api/basic/file/download?&key=' + userInfo.avatar" style="background-color: #eee"> </a-avatar>
          <a-avatar v-else size="large" style="background-color: #00b4f5">
            {{ userInfo.username }}
          </a-avatar>
@@ -108,17 +108,6 @@ async function bind(type: string) {
  window.location.href = loginUrl;
 }

-const userAvatar = computed(() => {
-  if (isEmpty(userInfo.value.avatar)) {
-    return "";
-  }
-  if (userInfo.value.avatar.startsWith("http")) {
-    return userInfo.value.avatar;
-  }
-
-  return "api/basic/file/download?&key=" + userInfo.value.avatar;
-});
-
 onMounted(async () => {
  await getUserInfo();
  await loadOauthBounds();
@@ -1065,7 +1065,7 @@ export default defineComponent({
    }

    .layout-right {
-      width: 368px;
+      width: 364px;
      height: 100%;
      max-width: 90vw;
    }
@@ -1292,7 +1292,7 @@ export default defineComponent({
  .layout-right {
    position: relative;
    &.collapsed {
-      margin-right: max(-368px, -90vw);
+      margin-right: max(-364px, -90vw);
    }

    .collapse-toggle {
@@ -80,13 +80,10 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
              render() {
                return (
                  <div>
-                    <div>
-                      1. {t("certd.subdomainHelpText")}
-                      <a href={"https://help.aliyun.com/zh/dns/subdomain-management"} target={"_blank"}>
-                        {t("certd.subdomainManagement")}
-                      </a>
-                    </div>
-                    <div>2. {t("certd.subdomainHelpSupportStart")}</div>
+                    {t("certd.subdomainHelpText")}
+                    <a href={"https://help.aliyun.com/zh/dns/subdomain-management"} target={"_blank"}>
+                      {t("certd.subdomainManagement")}
+                    </a>
                  </div>
                );
              },
@@ -26,8 +26,8 @@
        <a-tab-pane key="pipeline" :tab="t('certd.sys.setting.pipelineSetting')">
          <SettingPipeline v-if="activeKey === 'pipeline'" />
        </a-tab-pane>
-        <a-tab-pane key="network" :tab="t('certd.sys.setting.networkSetting')">
-          <SettingNetwork v-if="activeKey === 'network'" />
+        <a-tab-pane key="mode" :tab="t('certd.adminMode')">
+          <SettingMode v-if="activeKey === 'mode'" />
        </a-tab-pane>
      </a-tabs>
    </div>
@@ -42,7 +42,8 @@ import SettingSafe from "/@/views/sys/settings/tabs/safe.vue";
 import SettingCaptcha from "/@/views/sys/settings/tabs/captcha.vue";
 import SettingPipeline from "/@/views/sys/settings/tabs/pipeline.vue";
 import SettingOauth from "/@/views/sys/settings/tabs/oauth.vue";
-import SettingNetwork from "/@/views/sys/settings/tabs/network.vue";
+import SettingMode from "/@/views/sys/settings/tabs/mode.vue";
+
 import { useRoute, useRouter } from "vue-router";
 import { ref } from "vue";
 import { useSettingStore } from "/@/store/settings";
@@ -15,6 +15,35 @@
        <a-switch v-model:checked="formState.public.robots" />
      </a-form-item>

+      <a-form-item :label="t('certd.httpProxy')" :name="['private', 'httpProxy']" :rules="urlRules">
+        <a-input v-model:value="formState.private.httpProxy" :placeholder="t('certd.httpProxyPlaceholder')" />
+        <div class="helper">{{ t("certd.httpProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.httpsProxy')" :name="['private', 'httpsProxy']" :rules="urlRules">
+        <div class="flex">
+          <a-input v-model:value="formState.private.httpsProxy" :placeholder="t('certd.httpsProxyPlaceholder')" />
+          <a-button class="ml-5" type="primary" :loading="testProxyLoading" :title="t('certd.saveThenTestTitle')" @click="testProxy">{{ t("certd.testButton") }}</a-button>
+        </div>
+        <div class="helper">{{ t("certd.httpsProxyHelper") }}</div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.dualStackNetwork')" :name="['private', 'dnsResultOrder']">
+        <a-select v-model:value="formState.private.dnsResultOrder">
+          <a-select-option value="verbatim">{{ t("certd.default") }}</a-select-option>
+          <a-select-option value="ipv4first">{{ t("certd.ipv4Priority") }}</a-select-option>
+          <a-select-option value="ipv6first">{{ t("certd.ipv6Priority") }}</a-select-option>
+        </a-select>
+        <div class="helper">
+          {{ t("certd.dualStackNetworkHelper") }}, <a href="https://certd.docmirror.cn/guide/use/setting/ipv6.html" target="_blank">{{ t("certd.helpDocLink") }}</a>
+        </div>
+      </a-form-item>
+
+      <a-form-item :label="t('certd.sys.setting.showRunStrategy')" :name="['public', 'showRunStrategy']">
+        <a-switch v-model:checked="formState.public.showRunStrategy" />
+        <div class="helper">{{ t("certd.sys.setting.showRunStrategyHelper") }}</div>
+      </a-form-item>
+
      <a-form-item :label="t('certd.enableCommonCnameService')" :name="['private', 'commonCnameEnabled']">
        <a-switch v-model:checked="formState.private.commonCnameEnabled" />
        <div class="helper" v-html="t('certd.commonCnameHelper')"></div>
@@ -33,13 +62,13 @@
 </template>

 <script setup lang="tsx">
-import { notification } from "ant-design-vue";
-import { merge } from "lodash-es";
 import { reactive, ref } from "vue";
-import { useSettingStore } from "/@/store/settings";
-import * as api from "/@/views/sys/settings/api";
 import { SysSettings } from "/@/views/sys/settings/api";
-
+import * as api from "/@/views/sys/settings/api";
+import { merge } from "lodash-es";
+import { useSettingStore } from "/@/store/settings";
+import { notification } from "ant-design-vue";
+import { util } from "/@/utils";
 import { useI18n } from "/src/locales";
 const { t } = useI18n();

@@ -55,6 +84,11 @@ const formState = reactive<Partial<SysSettings>>({
  private: {},
 });

+const urlRules = ref({
+  type: "url",
+  message: "请输入正确的URL",
+});
+
 async function loadSysSettings() {
  const data: any = await api.SysSettingsGet();
  merge(formState, data);
@@ -76,6 +110,43 @@ const onFinish = async (form: any) => {
    saveLoading.value = false;
  }
 };
+
+const testProxyLoading = ref(false);
+async function testProxy() {
+  testProxyLoading.value = true;
+  try {
+    const res = await api.TestProxy();
+    let success = true;
+    if (res.google !== true || res.baidu !== true) {
+      success = false;
+    }
+    const content = () => {
+      return (
+        <div>
+          <div>
+            {t("certd.google")}: {res.google === true ? t("certd.success") : util.maxLength(res.google)}
+          </div>
+          <div>
+            {t("certd.baidu")}: {res.baidu === true ? t("certd.success") : util.maxLength(res.baidu)}
+          </div>
+        </div>
+      );
+    };
+    if (!success) {
+      notification.error({
+        message: t("certd.testFailed"),
+        description: content,
+      });
+      return;
+    }
+    notification.success({
+      message: t("certd.testCompleted"),
+      description: content,
+    });
+  } finally {
+    testProxyLoading.value = false;
+  }
+}
 </script>
 <style lang="less">
 .sys-settings-base {
@@ -0,0 +1,67 @@
+<template>
+  <div class="sys-settings-form sys-settings-mode">
+    <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
+      <a-form-item :label="t('certd.adminMode')" :name="['public', 'adminMode']">
+        <fs-dict-radio v-model:checked="formState.public.adminMode" :dict="adminModeDict" />
+      </a-form-item>
+
+      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
+        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
+      </a-form-item>
+    </a-form>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { reactive, ref } from "vue";
+import { SysSettings } from "/@/views/sys/settings/api";
+import * as api from "/@/views/sys/settings/api";
+import { merge } from "lodash-es";
+import { useSettingStore } from "/@/store/settings";
+import { notification } from "ant-design-vue";
+import { useI18n } from "/src/locales";
+const { t } = useI18n();
+
+defineOptions({
+  name: "SettingMode",
+});
+
+const adminModeDict = [
+  {
+    label: t("certd.adminMode.enterpriseMode"),
+    value: "enterprise",
+  },
+  {
+    label: t("certd.adminMode.saasMode"),
+    value: "saas",
+  },
+];
+
+const formState = reactive<Partial<SysSettings>>({
+  public: {},
+  private: {},
+});
+
+async function loadSysSettings() {
+  const data: any = await api.SysSettingsGet();
+  merge(formState, data);
+}
+
+const saveLoading = ref(false);
+loadSysSettings();
+const settingsStore = useSettingStore();
+const onFinish = async (form: any) => {
+  try {
+    saveLoading.value = true;
+
+    await api.SysSettingsSave(form);
+    await settingsStore.loadSysSettings();
+    notification.success({
+      message: t("certd.saveSuccess"),
+    });
+  } finally {
+    saveLoading.value = false;
+  }
+};
+</script>
+<style lang="less"></style>
@@ -1,127 +0,0 @@
-<template>
-  <div class="sys-settings-form sys-settings-network">
-    <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
-      <a-form-item :label="t('certd.httpProxy')" :name="['private', 'httpProxy']" :rules="urlRules">
-        <a-input v-model:value="formState.private.httpProxy" :placeholder="t('certd.httpProxyPlaceholder')" />
-        <div class="helper">{{ t("certd.httpProxyHelper") }}</div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.httpsProxy')" :name="['private', 'httpsProxy']" :rules="urlRules">
-        <div class="flex">
-          <a-input v-model:value="formState.private.httpsProxy" :placeholder="t('certd.httpsProxyPlaceholder')" />
-          <a-button class="ml-5" type="primary" :loading="testProxyLoading" :title="t('certd.saveThenTestTitle')" @click="testProxy">{{ t("certd.testButton") }}</a-button>
-        </div>
-        <div class="helper">{{ t("certd.httpsProxyHelper") }}</div>
-      </a-form-item>
-
-      <a-form-item :label="t('certd.dualStackNetwork')" :name="['private', 'dnsResultOrder']">
-        <a-select v-model:value="formState.private.dnsResultOrder">
-          <a-select-option value="verbatim">{{ t("certd.default") }}</a-select-option>
-          <a-select-option value="ipv4first">{{ t("certd.ipv4Priority") }}</a-select-option>
-          <a-select-option value="ipv6first">{{ t("certd.ipv6Priority") }}</a-select-option>
-        </a-select>
-        <div class="helper">
-          {{ t("certd.dualStackNetworkHelper") }}, <a href="https://certd.docmirror.cn/guide/use/setting/ipv6.html" target="_blank">{{ t("certd.helpDocLink") }}</a>
-        </div>
-      </a-form-item>
-      <a-form-item :label="t('certd.sys.setting.reverseProxy')" :name="['private', 'reverseProxy']">
-        <div class="mt-5">
-          <div v-for="(value, key) in formState.private.reverseProxies" :key="key" class="flex items-center p-2 border-b border-gray-300">
-            <span class="flex-1">{{ key }}</span>
-            <span class="flex-1 ml-5"><a-input v-model:value="formState.private.reverseProxies[key]" placeholder="proxy.xxxx.com" allow-clear /></span>
-          </div>
-        </div>
-        <div class="helper">{{ t("certd.sys.setting.reverseProxyHelper") }}</div>
-      </a-form-item>
-
-      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
-        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
-      </a-form-item>
-    </a-form>
-  </div>
-</template>
-
-<script setup lang="tsx">
-import { proxyRefs, reactive, ref } from "vue";
-import { SysSettings } from "/@/views/sys/settings/api";
-import * as api from "/@/views/sys/settings/api";
-import { merge } from "lodash-es";
-import { useSettingStore } from "/@/store/settings";
-import { message, notification } from "ant-design-vue";
-import { useI18n } from "/src/locales";
-const { t } = useI18n();
-import { util } from "/@/utils";
-defineOptions({
-  name: "SettingNetwork",
-});
-
-const formState = reactive<Partial<SysSettings>>({
-  public: {},
-  private: {},
-});
-
-const urlRules = ref({
-  type: "url",
-  message: "请输入正确的URL",
-});
-
-async function loadSysSettings() {
-  const data: any = await api.SysSettingsGet();
-  merge(formState, data);
-}
-
-const saveLoading = ref(false);
-loadSysSettings();
-const settingsStore = useSettingStore();
-const onFinish = async (form: any) => {
-  try {
-    saveLoading.value = true;
-    form.private.reverseProxies = formState.private.reverseProxies;
-    await api.SysSettingsSave(form);
-    await settingsStore.loadSysSettings();
-    notification.success({
-      message: t("certd.saveSuccess"),
-    });
-  } finally {
-    saveLoading.value = false;
-  }
-};
-
-const testProxyLoading = ref(false);
-async function testProxy() {
-  testProxyLoading.value = true;
-  try {
-    const res = await api.TestProxy();
-    let success = true;
-    if (res.google !== true || res.baidu !== true) {
-      success = false;
-    }
-    const content = () => {
-      return (
-        <div>
-          <div>
-            {t("certd.google")}: {res.google === true ? t("certd.success") : util.maxLength(res.google)}
-          </div>
-          <div>
-            {t("certd.baidu")}: {res.baidu === true ? t("certd.success") : util.maxLength(res.baidu)}
-          </div>
-        </div>
-      );
-    };
-    if (!success) {
-      notification.error({
-        message: t("certd.testFailed"),
-        description: content,
-      });
-      return;
-    }
-    notification.success({
-      message: t("certd.testCompleted"),
-      description: content,
-    });
-  } finally {
-    testProxyLoading.value = false;
-  }
-}
-</script>
-<style lang="less"></style>
@@ -8,10 +8,6 @@
        <a-input-number v-model:value="formState.public.limitUserPipelineCount" />
        <div class="helper">{{ t("certd.limitUserPipelineCountHelper") }}</div>
      </a-form-item>
-      <a-form-item :label="t('certd.sys.setting.showRunStrategy')" :name="['public', 'showRunStrategy']">
-        <a-switch v-model:checked="formState.public.showRunStrategy" />
-        <div class="helper">{{ t("certd.sys.setting.showRunStrategyHelper") }}</div>
-      </a-form-item>
      <a-form-item :label="t('certd.sys.setting.pipelineValidTimeEnabled')" :name="['public', 'pipelineValidTimeEnabled']">
        <div class="flex items-center">
          <a-switch v-model:checked="formState.public.pipelineValidTimeEnabled" :disabled="!settingsStore.isPlus" />
@@ -3,33 +3,6 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

-## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
-
-### Performance Improvements
-
-* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
-* 优化申请证书最大超时时长 ([00f67d8](https://github.com/certd/certd/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
-* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
-* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
-
-## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)
-
-### Performance Improvements
-
-*  eab从更多参数中挪到外面 ([5ea4f46](https://github.com/certd/certd/commit/5ea4f46de7ae403a7a16e9488dc1d9c7523d019a))
-* 第三方登录支持Microsoft ([beb7a4c](https://github.com/certd/certd/commit/beb7a4c99277262bb9681c5594cfcd3e36c52074))
-* 优化zerossl申请证书稳定性 ([4d86fb3](https://github.com/certd/certd/commit/4d86fb319b81dbf6fa6485982105725b1b066593))
-
-## [1.38.6](https://github.com/certd/certd/compare/v1.38.5...v1.38.6) (2026-02-04)
-
-### Bug Fixes
-
-* 修复新网找错域名的bug ([bd511f9](https://github.com/certd/certd/commit/bd511f97cb7fbdcaeff7ac899f0460a5c7b41826))
-
-### Performance Improvements
-
-* oauth支持github 和google， 修复头像显示问题 ([693a4a6](https://github.com/certd/certd/commit/693a4a663385ced3176286bf4b5f3566da83d90e))
-
 ## [1.38.5](https://github.com/certd/certd/compare/v1.38.4...v1.38.5) (2026-02-02)

 ### Bug Fixes
@@ -0,0 +1,53 @@
+
+CREATE TABLE "cd_project"
+(
+  "id"          integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+  "user_id"     integer      NOT NULL,
+  "name"        varchar(512) NOT NULL,
+  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "create_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
+INSERT INTO cd_project (id, user_id, "name", "disabled") VALUES (1, 0, 'default', false);
+
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id integer;
+CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id integer;
+CREATE INDEX "index_site_project_id" ON "cd_site_info" ("project_id");
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id integer;
+CREATE INDEX "index_site_ip_project_id" ON "cd_site_ip" ("project_id");
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id integer;
+CREATE INDEX "index_open_key_project_id" ON "cd_open_key" ("project_id");
+
+ALTER TABLE cd_access ADD COLUMN  project_id integer;
+CREATE INDEX "index_access_project_id" ON "cd_access" ("project_id");
+
+ALTER TABLE cd_addon ADD COLUMN  project_id integer;
+CREATE INDEX "index_addon_project_id" ON "cd_addon" ("project_id");
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id integer;
+CREATE INDEX "index_pipeline_project_id" ON "cd_pipeline" ("project_id");
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id integer;
+CREATE INDEX "index_pipeline_group_project_id" ON "cd_pipeline_group" ("project_id");
+
+ALTER TABLE pi_storage ADD COLUMN  project_id integer;
+CREATE INDEX "index_storage_project_id" ON "cd_storage" ("project_id");
+
+ALTER TABLE pi_notification ADD COLUMN  project_id integer;
+CREATE INDEX "index_notification_project_id" ON "cd_notification" ("project_id");
+
+ALTER TABLE pi_history ADD COLUMN  project_id integer;
+CREATE INDEX "index_history_project_id" ON "cd_history" ("project_id");
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id integer;
+CREATE INDEX "index_history_log_project_id" ON "cd_history_log" ("project_id");
+
+
@@ -22,9 +22,7 @@ input:
    component:
      name: api-test
      action: TestRequest
-    helper: |-
-      测试前请务必先在新网后台关闭异地登录保护、关闭动态口令验证
-      如果提示需要短信验证码，请等几个小时后再试
+    helper: 点击测试接口是否正常
 pluginType: access
 type: builtIn
 scriptFilePath: /plugins/plugin-xinnet/access.js
@@ -1,19 +0,0 @@
-addonType: oauth
-name: github
-title: GitHub认证
-desc: GitHub OAuth2登录
-icon: simple-icons:github
-showTest: false
-input:
-  clientId:
-    title: ClientId
-    helper: '[GitHub Developer Settings](https://github.com/settings/developers)创建应用后获取'
-    required: true
-  clientSecretKey:
-    title: ClientSecretKey
-    component:
-      placeholder: ClientSecretKey / appSecretKey
-    required: true
-pluginType: addon
-type: builtIn
-scriptFilePath: /plugins/plugin-oauth/oauth2/plugin-github.js
@@ -1,21 +0,0 @@
-addonType: oauth
-name: google
-title: Google认证
-desc: Google OAuth2登录
-icon: simple-icons:google
-showTest: false
-input:
-  clientId:
-    title: ClientId
-    helper: >-
-      [Google Cloud
-      Console](https://console.cloud.google.com/apis/credentials)创建应用后获取
-    required: true
-  clientSecretKey:
-    title: ClientSecretKey
-    component:
-      placeholder: ClientSecretKey / appSecretKey
-    required: true
-pluginType: addon
-type: builtIn
-scriptFilePath: /plugins/plugin-oauth/oauth2/plugin-google.js
@@ -1,26 +0,0 @@
-addonType: oauth
-name: microsoft
-title: Microsoft认证
-desc: Microsoft OAuth2登录
-icon: simple-icons:microsoft
-showTest: false
-input:
-  clientId:
-    title: ClientId
-    helper: '[Azure Portal](https://portal.azure.com/)创建应用后获取'
-    required: true
-  clientSecretKey:
-    title: ClientSecretKey
-    component:
-      placeholder: ClientSecretKey / appSecretKey
-    required: true
-  tenantId:
-    title: TenantId
-    helper: 租户ID，留空使用/common端点（需要应用配置为多租户）
-    component:
-      placeholder: common 或 租户ID
-    value: common
-    required: false
-pluginType: addon
-type: builtIn
-scriptFilePath: /plugins/plugin-oauth/oauth2/plugin-microsoft.js
@@ -215,7 +215,7 @@ input:
    component:
      name: access-selector
      type: eab
-    maybeNeed: false
+    maybeNeed: true
    required: false
    helper: >-
      需要提供EAB授权
@@ -246,7 +246,7 @@ input:
    component:
      name: access-selector
      type: google
-    maybeNeed: false
+    maybeNeed: true
    required: false
    helper: >-
      google服务账号授权与EAB授权选填其中一个，[服务账号授权获取方法](https://certd.docmirror.cn/guide/use/google/)
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.38.8",
+  "version": "1.38.5",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -48,20 +48,20 @@
    "@aws-sdk/client-iam": "^3.964.0",
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.8",
-    "@certd/basic": "^1.38.8",
-    "@certd/commercial-core": "^1.38.8",
+    "@certd/acme-client": "^1.38.5",
+    "@certd/basic": "^1.38.5",
+    "@certd/commercial-core": "^1.38.5",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.8",
-    "@certd/lib-huawei": "^1.38.8",
-    "@certd/lib-k8s": "^1.38.8",
-    "@certd/lib-server": "^1.38.8",
-    "@certd/midway-flyway-js": "^1.38.8",
-    "@certd/pipeline": "^1.38.8",
-    "@certd/plugin-cert": "^1.38.8",
-    "@certd/plugin-lib": "^1.38.8",
-    "@certd/plugin-plus": "^1.38.8",
-    "@certd/plus-core": "^1.38.8",
+    "@certd/jdcloud": "^1.38.5",
+    "@certd/lib-huawei": "^1.38.5",
+    "@certd/lib-k8s": "^1.38.5",
+    "@certd/lib-server": "^1.38.5",
+    "@certd/midway-flyway-js": "^1.38.5",
+    "@certd/pipeline": "^1.38.5",
+    "@certd/plugin-cert": "^1.38.5",
+    "@certd/plugin-lib": "^1.38.5",
+    "@certd/plugin-plus": "^1.38.5",
+    "@certd/plus-core": "^1.38.5",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -48,8 +48,8 @@ export class UserTwoFactorSettingController extends BaseController {
  @Post("/authenticator/qrcode", { summary: Constants.per.authOnly })
  async authenticatorQrcode() {
    const userId = this.getUserId();
-    const {qrcode,link,secret} = await this.twoFactorService.getAuthenticatorQrCode(userId);
-    return this.ok({qrcode,link,secret}); 
+    const qrcode = await this.twoFactorService.getAuthenticatorQrCode(userId);
+    return this.ok(qrcode);
  }

  @Post("/authenticator/save", { summary: Constants.per.authOnly })
@@ -84,9 +84,5 @@ export function startProxyServer(opts:{port:number}) {
     logger.info(`[proxy] 正向代理服务器运行在 http://0.0.0.0:${port}`);
  });

-  proxyServer.close(() => {
-    logger.info('[proxy] 正向代理服务器已关闭');
-  });
-
  return proxyServer
 }
@@ -33,8 +33,7 @@ export class TwoFactorService {

    //生成qrcode base64
    const qrcode = await import("qrcode");
-    const qrcodeBase64 = await qrcode.toDataURL(qrcodeContent);
-    return {qrcode:qrcodeBase64,link:qrcodeContent,secret}
+    return await qrcode.toDataURL(qrcodeContent);

  }

@@ -42,6 +42,9 @@ export class CertInfoEntity {
  @Column({ name: 'cert_file', comment: '证书下载' })
  certFile: string;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -71,6 +71,9 @@ export class SiteInfoEntity {
  @Column({ name: 'group_id', comment: '分组id' })
  groupId: number;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({ name: 'create_time', comment: '创建时间', default: () => 'CURRENT_TIMESTAMP' })
  createTime: Date;
  @Column({ name: 'update_time', comment: '修改时间', default: () => 'CURRENT_TIMESTAMP' })
@@ -33,6 +33,8 @@ export class SiteIpEntity {
  remark: string;
  @Column({ name: "disabled", comment: "禁用启用" })
  disabled: boolean;
+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;

  @Column({ name: 'create_time', comment: '创建时间', default: () => 'CURRENT_TIMESTAMP' })
  createTime: Date;
@@ -17,6 +17,9 @@ export class OpenKeyEntity {
  @Column({ name: 'scope', comment: '权限范围' })
  scope: string; // open 仅开放接口、 user 用户所有权限

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({ name: 'create_time', comment: '创建时间', default: () => 'CURRENT_TIMESTAMP' })
  createTime: Date;

@@ -25,6 +25,9 @@ export class HistoryLogEntity {
  @Column({ comment: '日志内容', length: 40960, nullable: true })
  logs: string;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -26,6 +26,9 @@ export class HistoryEntity {
  })
  endTime: Date;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -38,6 +41,7 @@ export class HistoryEntity {
    default: () => 'CURRENT_TIMESTAMP',
  })
  updateTime: Date;
+  

  pipelineTitle: string;

@@ -20,6 +20,9 @@ export class NotificationEntity {
  @Column({ name: 'is_default', comment: '是否默认' })
  isDefault: boolean;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -17,6 +17,9 @@ export class PipelineGroupEntity {
  @Column({ name: 'favorite', comment: '收藏' })
  favorite: boolean;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -61,6 +61,9 @@ export class PipelineEntity {
  @Column({name: 'order', comment: '排序', nullable: true,})
  order: number;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({name: 'create_time',comment: '创建时间', default: () => 'CURRENT_TIMESTAMP',})
  createTime: Date;
  @Column({
@@ -23,6 +23,9 @@ export class StorageEntity {
  @Column({ comment: 'value', length: 40960, nullable: true })
  value: string;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -39,6 +39,9 @@ export class TemplateEntity {
  })
  order: number;

+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -1,5 +1,5 @@
-import { ISubDomainsGetter } from "@certd/plugin-cert";
-import { SubDomainService } from "../sub-domain-service.js";
+import {ISubDomainsGetter} from "@certd/plugin-cert";
+import {SubDomainService} from "../sub-domain-service.js";
 import { DomainService } from "../../../cert/service/domain-service.js";

 export class SubDomainsGetter implements ISubDomainsGetter {
@@ -18,39 +18,18 @@ export class SubDomainsGetter implements ISubDomainsGetter {
  }

  async hasSubDomain(fullDomain: string) {
-    let arr = fullDomain.split(".")
    const subDomains = await this.getSubDomains()
-    if (subDomains && subDomains.length > 0) {
+     if (subDomains && subDomains.length > 0) {
      const fullDomainDot = "." + fullDomain;
      for (const subDomain of subDomains) {
        if (fullDomainDot.endsWith("." + subDomain)) {
          //找到子域名托管
          return subDomain;
        }
-
-        if (subDomain.startsWith("*.")) {
-          //如果子域名配置的是泛域名，说明这一层及以下的子域名都是托管的
-          //以fullDomain在这一层的子域名作为返回值
-          const nonStarDomain = subDomain.slice(1)
-          if (fullDomainDot.endsWith(nonStarDomain)) {
-            //提取fullDomain在这一层的子域名
-            const fullArr = arr.reverse()
-            const subArr = subDomain.split(".").reverse()
-            let strBuilder = ""
-            for (let i =0 ;i<subArr.length;i++) {
-              if (strBuilder) {
-                strBuilder = fullArr[i] + "." + strBuilder
-              } else {
-                strBuilder = fullArr[i]
-              }
-            }
-            return strBuilder
-          }
-        }
-
      }
    }
-    while (arr.length > 0) {
+    let arr = fullDomain.split(".")
+    while(arr.length>0){
      const subDomain = arr.join(".")
      const domain = await this.domainService.findOne({
        where: {
@@ -59,10 +38,10 @@ export class SubDomainsGetter implements ISubDomainsGetter {
          challengeType: "dns",
        }
      })
-      if (domain) {
+      if(domain){
        return subDomain
      }
-      arr = arr.slice(1)
+       arr = arr.slice(1)
    }
    return null
  }
@@ -113,9 +113,6 @@ export class PipelineService extends BaseService<PipelineEntity> {

  async add(bean: PipelineEntity) {
    bean.status = ResultType.none;
-    if (bean.order == null) {
-      bean.order = 0;
-    }
    await this.save(bean);
    return bean;
  }
@@ -246,9 +243,6 @@ export class PipelineService extends BaseService<PipelineEntity> {
    if (!bean.status) {
      bean.status = ResultType.none;
    }
-    if (bean.order == null) {
-      bean.order = 0;
-    }
    if (!isUpdate) {
      //如果是添加，先保存一下，获取到id，更新pipeline.id
      await this.addOrUpdate(bean);
@@ -0,0 +1,43 @@
+import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
+
+/**
+ */
+@Entity('cd_audit_log')
+export class AuditLogEntity {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @Column({ name: 'user_id', comment: 'UserId' })
+  userId: number;
+
+  @Column({ name: 'user_name', comment: '用户名' })
+  userName: string;
+
+  @Column({ name: 'project_id', comment: 'ProjectId' })
+  projectId: number;
+
+  @Column({ name: 'project_name', comment: '项目名称' })
+  projectName: string;
+
+  @Column({ name: 'action', comment: '操作' })
+  action: string;
+
+  @Column({ name: 'content', comment: '内容' })
+  content: string;
+
+  @Column({ name: 'ip_address', comment: 'IP地址' })
+  ipAddress: string; 
+
+  @Column({
+    name: 'create_time',
+    comment: '创建时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  createTime: Date;
+  @Column({
+    name: 'update_time',
+    comment: '修改时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  updateTime: Date;
+}
@@ -0,0 +1,31 @@
+import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
+
+/**
+ */
+@Entity('cd_project_user')
+export class ProjectUserEntity {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @Column({ name: 'user_id', comment: 'UserId' })
+  userId: number;
+
+  @Column({ name: 'project_id', comment: 'ProjectId' })
+  projectId: number;
+  
+  @Column({ name: 'permission', comment: '权限' })
+  permission: string; // read / write
+
+  @Column({
+    name: 'create_time',
+    comment: '创建时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  createTime: Date;
+  @Column({
+    name: 'update_time',
+    comment: '修改时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  updateTime: Date;
+}
@@ -0,0 +1,31 @@
+import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
+
+/**
+ */
+@Entity('cd_project')
+export class ProjectEntity {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @Column({ name: 'user_id', comment: 'UserId' })
+  userId: number;
+
+  @Column({ name: 'name', comment: '项目名称' })
+  name: string;
+
+  @Column({ name: 'disabled', comment: '禁用' })
+  disabled: boolean;
+
+  @Column({
+    name: 'create_time',
+    comment: '创建时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  createTime: Date;
+  @Column({
+    name: 'update_time',
+    comment: '修改时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  updateTime: Date;
+}
@@ -151,7 +151,6 @@ export class DeployCertToAliyunCDN extends AbstractTaskPlugin {
  }

  async SetCdnDomainSSLCertificate(client: any, params: { CertId: number; DomainName: string,CertName:string,CertRegion:string }) {
-    this.logger.info('设置CDN: ',JSON.stringify(params));
    const requestOption = {
      method: 'POST',
      formatParams: false,
@@ -1,12 +1,13 @@
 // @ts-ignore
 import * as acme from "@certd/acme-client";
 import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
+import * as _ from "lodash-es";
 import { Challenge } from "@certd/acme-client/types/rfc8555.js";
-import { ILogger, utils } from "@certd/basic";
 import { IContext } from "@certd/pipeline";
-import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
+import { ILogger, utils } from "@certd/basic";
 import punycode from "punycode.js";
 import { IOssClient } from "../../../plugin-lib/index.js";
+import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
 export type CnameVerifyPlan = {
  type?: string;
  domain: string;
@@ -111,26 +112,11 @@ export class AcmeService {
  }

  async getAcmeClient(email: string): Promise<acme.Client> {
-
-    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
-    let targetUrl = directoryUrl.replace("https://", "");
-    targetUrl = targetUrl.substring(0, targetUrl.indexOf("/"));
-    
-    const mappings = {
-      "acme-v02.api.letsencrypt.org": "le.px.certd.handfree.work",
-      "dv.acme-v02.api.pki.goog": "gg.px.certd.handfree.work",
-    };
-    const reverseProxies = acme.getSslProviderReverseProxies();
-    if (reverseProxies) {
-      for (const key in reverseProxies) {
-        const value = reverseProxies[key];
-        if (value) {
-          mappings[key] = value;
-        }
-      }
-    }
-    if (this.options.reverseProxy && targetUrl) {
-      mappings[targetUrl] = this.options.reverseProxy;
+    const mappings = {};
+    if (this.sslProvider === "letsencrypt") {
+      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
+    } else if (this.sslProvider === "google") {
+      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
    }
    const urlMapping: UrlMapping = {
      enabled: false,
@@ -142,7 +128,7 @@ export class AcmeService {
      await this.saveAccountConfig(email, conf);
      this.logger.info(`创建新的Accountkey:${email}`);
    }
-
+    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
    if (this.options.useMappingProxy) {
      urlMapping.enabled = true;
    } else {
@@ -161,7 +147,7 @@ export class AcmeService {
      externalAccountBinding: this.eab,
      backoffAttempts: this.options.maxCheckRetryCount || 20,
      backoffMin: 5000,
-      backoffMax: 30 * 1000,
+      backoffMax: 10000,
      urlMapping,
      signal: this.options.signal,
      logger: this.logger,
@@ -448,7 +434,11 @@ export class AcmeService {
    if (domains.length === 0) {
      throw new Error("domain can not be empty");
    }
-
+    // const commonName = domains[0];
+    // let altNames: undefined | string[] = undefined;
+    // if (domains.length > 1) {
+    //   altNames = _.slice(domains, 1);
+    // }
    return {
      // commonName,
      altNames: domains,
@@ -264,7 +264,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
      name: "access-selector",
      type: "eab",
    },
-    maybeNeed: false,
+    maybeNeed: true,
    required: false,
    helper:
      "需要提供EAB授权" +
@@ -291,7 +291,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
      name: "access-selector",
      type: "google",
    },
-    maybeNeed: false,
+    maybeNeed: true,
    required: false,
    helper: "google服务账号授权与EAB授权选填其中一个，[服务账号授权获取方法](https://certd.docmirror.cn/guide/use/google/)\n服务账号授权需要配置代理或者服务器本身在海外",
    mergeScript: `
@@ -458,7 +458,6 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
    this.eab = eab;
    const subDomainsGetter = await this.ctx.serviceGetter.get<ISubDomainsGetter>("subDomainsGetter");
    const domainParser = new DomainParser(subDomainsGetter, this.logger);
-
    this.acme = new AcmeService({
      userId: this.ctx.user.id,
      userContext: this.userContext,
@@ -674,12 +673,6 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
      },
    };
  }
-
-  async onGetReverseProxyList() {
-    const sysSettingsService:any = await this.ctx.serviceGetter.get("sysSettingsService");
-    const sysSettings = await sysSettingsService.getPrivateSettings();
-    return sysSettings.reverseProxyList || []
-  }
 }

 new CertApplyPlugin();
@@ -60,7 +60,6 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
  abstract doCertApply(): Promise<CertReader>;

  async execute(): Promise<string | void> {
-    this.logger.addSecret(this.pfxPassword);
    const oldCert = await this.condition();
    if (oldCert != null) {
      await this.output(oldCert, false);
@@ -2,7 +2,4 @@ export * from './api.js'
 export * from './oidc/plugin-oidc.js'
 export * from './wx/plugin-wx.js'
 export * from './oauth2/plugin-gitee.js'
-export * from './oauth2/plugin-clogin.js'
-export * from './oauth2/plugin-github.js'
-export * from './oauth2/plugin-google.js'
-export * from './oauth2/plugin-microsoft.js'
+export * from './oauth2/plugin-clogin.js'
@@ -1,103 +0,0 @@
-import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
-import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
-
-@IsAddon({
-  addonType: "oauth",
-  name: 'github',
-  title: 'GitHub认证',
-  desc: 'GitHub OAuth2登录',
-  icon:"simple-icons:github",
-  showTest: false,
-})
-export class GithubOauthProvider extends BaseAddon implements IOauthProvider {
-
-  @AddonInput({
-    title: "ClientId",
-    helper: "[GitHub Developer Settings](https://github.com/settings/developers)创建应用后获取",
-    required: true,
-  })
-  clientId = "";
-
-  @AddonInput({
-    title: "ClientSecretKey",
-    component: {
-      placeholder: "ClientSecretKey / appSecretKey",
-    },
-    required: true,
-  })
-  clientSecretKey = "";
-
-  async buildLoginUrl(params: BuildLoginUrlReq) {
-
-    let scope = "user:email" // Scope of the access request
-    let state:any = {
-      forType: params.forType || 'login',
-    }
-    state = this.ctx.utils.hash.base64(JSON.stringify(state))
-
-    const authorizeEndpoint = "https://github.com/login/oauth/authorize"
-    const redirectUrl = encodeURIComponent(params.redirectUri)
-    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
-    return {
-      loginUrl,
-      ticketValue: {
-        state,
-      },
-    };
-  }
-
-  async onCallback(req: OnCallbackReq) {
-    
-    const code = req.code || ""
-
-    const tokenEndpoint = "https://github.com/login/oauth/access_token"
-
-    const uri = new URL(req.currentURL)
-    const redirectUri = `${uri.origin}${uri.pathname}`
-    const res = await this.ctx.utils.http.request( {
-        url: tokenEndpoint,
-        method: "post",
-        headers: {
-          "Accept": "application/json"
-        },
-        data:{
-          client_id: this.clientId,
-          client_secret: this.clientSecretKey,
-          code,
-          redirect_uri: redirectUri
-        }
-    })
-    
-    const tokens = res
-
-    const userInfoEndpoint = "https://api.github.com/user"
-
-    // 获取用户信息
-     const userInfoRes = await this.ctx.utils.http.request( {
-        url: userInfoEndpoint,
-        method: "get",
-        headers: {
-          "Authorization": `Bearer ${tokens.access_token}`,
-          "Accept": "application/json"
-        }
-    })
-    const userInfo = userInfoRes
-
-    return {
-      token:{
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token,
-        expiresIn: tokens.expires_in,
-      },
-      userInfo: {
-        openId: userInfo.id,
-        nickName: userInfo.login || userInfo.name || "",
-        avatar: userInfo.avatar_url,
-      },
-    }
-  };
-
-  async buildLogoutUrl(params: BuildLogoutUrlReq) {
-    return {};
-  }
-}
@@ -1,103 +0,0 @@
-import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
-import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
-
-@IsAddon({
-  addonType: "oauth",
-  name: 'google',
-  title: 'Google认证',
-  desc: 'Google OAuth2登录',
-  icon:"simple-icons:google",
-  showTest: false,
-})
-export class GoogleOauthProvider extends BaseAddon implements IOauthProvider {
-
-  @AddonInput({
-    title: "ClientId",
-    helper: "[Google Cloud Console](https://console.cloud.google.com/apis/credentials)创建应用后获取",
-    required: true,
-  })
-  clientId = "";
-
-  @AddonInput({
-    title: "ClientSecretKey",
-    component: {
-      placeholder: "ClientSecretKey / appSecretKey",
-    },
-    required: true,
-  })
-  clientSecretKey = "";
-
-  async buildLoginUrl(params: BuildLoginUrlReq) {
-
-    let scope = "email profile" // Scope of the access request
-    let state:any = {
-      forType: params.forType || 'login',
-    }
-    state = this.ctx.utils.hash.base64(JSON.stringify(state))
-
-    const authorizeEndpoint = "https://accounts.google.com/o/oauth2/auth"
-    const redirectUrl = encodeURIComponent(params.redirectUri)
-    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
-    return {
-      loginUrl,
-      ticketValue: {
-        state,
-      },
-    };
-  }
-
-  async onCallback(req: OnCallbackReq) {
-    
-    const code = req.code || ""
-
-    const tokenEndpoint = "https://oauth2.googleapis.com/token"
-
-    const uri = new URL(req.currentURL)
-    const redirectUri = `${uri.origin}${uri.pathname}`
-    const res = await this.ctx.utils.http.request( {
-        url: tokenEndpoint,
-        method: "post",
-        headers: {
-          "Content-Type": "application/x-www-form-urlencoded"
-        },
-        data:{
-          client_id: this.clientId,
-          client_secret: this.clientSecretKey,
-          code,
-          redirect_uri: redirectUri,
-          grant_type: "authorization_code"
-        }
-    })
-    
-    const tokens = res
-
-    const userInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo"
-
-    // 获取用户信息
-     const userInfoRes = await this.ctx.utils.http.request( {
-        url: userInfoEndpoint,
-        method: "get",
-        headers: {
-          "Authorization": `Bearer ${tokens.access_token}`
-        }
-    })
-    const userInfo = userInfoRes
-
-    return {
-      token:{
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token,
-        expiresIn: tokens.expires_in,
-      },
-      userInfo: {
-        openId: userInfo.sub,
-        nickName: userInfo.name || userInfo.email || "",
-        avatar: userInfo.picture,
-      },
-    }
-  };
-
-  async buildLogoutUrl(params: BuildLogoutUrlReq) {
-    return {};
-  }
-}
@@ -1,122 +0,0 @@
-import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
-import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
-
-@IsAddon({
-  addonType: "oauth",
-  name: 'microsoft',
-  title: 'Microsoft认证',
-  desc: 'Microsoft OAuth2登录',
-  icon:"simple-icons:microsoft",
-  showTest: false,
-})
-export class MicrosoftOauthProvider extends BaseAddon implements IOauthProvider {
-
-  @AddonInput({
-    title: "ClientId",
-    helper: "[Azure Portal](https://portal.azure.com/)创建应用后获取",
-    required: true,
-  })
-  clientId = "";
-
-  @AddonInput({
-    title: "ClientSecretKey",
-    component: {
-      placeholder: "ClientSecretKey / appSecretKey",
-    },
-    required: true,
-  })
-  clientSecretKey = "";
-
-  @AddonInput({
-    title: "TenantId",
-    helper: "租户ID，留空使用/common端点（需要应用配置为多租户）",
-    component: {
-      placeholder: "common 或 租户ID",
-    },
-    value: "common",
-    required: false,
-  })
-  tenantId = "common";
-
-  async buildLoginUrl(params: BuildLoginUrlReq) {
-
-    let scope = "openid profile email User.Read" // Scope of the access request
-    let state:any = {
-      forType: params.forType || 'login',
-    }
-    state = this.ctx.utils.hash.base64(JSON.stringify(state))
-
-    const authorizeEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/authorize`
-    const redirectUrl = encodeURIComponent(params.redirectUri)
-    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
-    return {
-      loginUrl,
-      ticketValue: {
-        state,
-      },
-    };
-  }
-
-  async onCallback(req: OnCallbackReq) {
-    
-    const code = req.code || ""
-    if (!code) {
-      throw new Error("Missing code parameter");
-    }
-
-    const tokenEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/token`
-
-    const uri = new URL(req.currentURL)
-    const redirectUri = `${uri.origin}${uri.pathname}`
-    
-    // 构建 form-urlencoded 格式的数据
-    const formData = new URLSearchParams();
-    formData.append('client_id', this.clientId);
-    formData.append('client_secret', this.clientSecretKey);
-    formData.append('code', code);
-    formData.append('redirect_uri', redirectUri);
-    formData.append('grant_type', 'authorization_code');
-
-    const res = await this.ctx.utils.http.request( {
-        url: tokenEndpoint,
-        method: "post",
-        headers: {
-          "Content-Type": "application/x-www-form-urlencoded",
-          "Accept": "application/json"
-        },
-        data: formData.toString()
-    })
-    
-    const tokens = res
-
-    const userInfoEndpoint = "https://graph.microsoft.com/v1.0/me"
-
-    // 获取用户信息
-     const userInfoRes = await this.ctx.utils.http.request( {
-        url: userInfoEndpoint,
-        method: "get",
-        headers: {
-          "Authorization": `Bearer ${tokens.access_token}`,
-          "Accept": "application/json"
-        }
-    })
-    const userInfo = userInfoRes
-
-    return {
-      token:{
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token,
-        expiresIn: tokens.expires_in,
-      },
-      userInfo: {
-        openId: userInfo.id,
-        nickName: userInfo.displayName || userInfo.userPrincipalName || "",
-        avatar: userInfo.avatar || "",
-      },
-    }
-  };
-
-  async buildLogoutUrl(params: BuildLogoutUrlReq) {
-    return {};
-  }
-}
@@ -1 +1 @@
-16:31
+00:04
@@ -1 +1 @@
-16
+11
@@ -1 +1 @@
-17:12
+00:18
@@ -1 +1 @@
 :23
 :59
@@ -1 +1 @@
 :31
 :04
@@ -1 +1 @@
 :12
 :18