Compare commits
33 Commits
v1.39.10
...
1f1d687317
| Author | SHA1 | Date | |
|---|---|---|---|
| 1f1d687317 | |||
| edc7bfc230 | |||
| 7b6b3aa293 | |||
| 2f7514a2e7 | |||
| 575415b93a | |||
| c28dfa8aca | |||
| 91141922ee | |||
| cc5154e04e | |||
| 77db5ecd12 | |||
| 7ac789c9c7 | |||
| 24dff05f64 | |||
| 64a350364d | |||
| 11b7cfe5cb | |||
| 71cfcad2a1 | |||
| ab4373b26e | |||
| d23ddc96ac | |||
| 147708e779 | |||
| dc969dd7ed | |||
| ef7d1d9327 | |||
| 2e6e9ed925 | |||
| 296dcab4c7 | |||
| f9e1c46c45 | |||
| 94fd5bd7ec | |||
| eb6ca96e85 | |||
| a2bbc7e272 | |||
| f075a991f0 | |||
| edeb817c39 | |||
| 23b4658672 | |||
| 5f95ee987f | |||
| cc73f156a7 | |||
| ee72d10718 | |||
| 831871d37f | |||
| 6072550ec1 |
@@ -1,190 +1,59 @@
|
||||
---
|
||||
name: access-plugin-dev
|
||||
description: 用于开发 Certd 系统中的 Access 插件,存储用户第三方应用授权数据并对接实现第三方 API 接口。当用户需要创建授权插件、实现第三方API接口、添加新的授权方式或修改现有 Access 插件时触发。
|
||||
version: 1.0.0
|
||||
---
|
||||
|
||||
# Access 插件开发技能
|
||||
|
||||
## 什么是 Access 插件
|
||||
## 角色定义
|
||||
你是一名 Certd 插件开发专家,擅长创建和实现 Access 类型的插件,熟悉 TypeScript 编程和 Certd 插件开发规范。
|
||||
|
||||
Access 插件是 Certd 系统中用于存储用户第三方应用授权数据的插件,例如用户名密码、accessSecret 或 accessToken 等。同时,它还负责对接实现第三方的 API 接口,供其他插件调用使用。
|
||||
## 核心指令
|
||||
请严格按照以下步骤执行任务:
|
||||
|
||||
## 开发步骤
|
||||
1. **导入必要的依赖**
|
||||
- 导入 `AccessInput`, `BaseAccess`, `IsAccess`, `Pager`, `PageRes`, `PageSearch` 等必要的类型和装饰器
|
||||
- 导入 `DomainRecord` 等相关类型
|
||||
|
||||
### 1. 导入必要的依赖
|
||||
2. **使用 @IsAccess 注解注册插件**
|
||||
- 配置插件的唯一标识、标题、图标和描述
|
||||
- 继承 `BaseAccess` 类
|
||||
|
||||
```typescript
|
||||
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
|
||||
import { DomainRecord } from '@certd/plugin-lib';
|
||||
```
|
||||
3. **定义授权属性**
|
||||
- 使用 `@AccessInput` 注解定义授权属性
|
||||
- 配置属性的标题、默认值、组件类型和验证规则
|
||||
- 对于敏感信息,设置 `encrypt: true` 进行加密
|
||||
|
||||
### 2. 使用 @IsAccess 注解注册插件
|
||||
4. **实现测试方法**
|
||||
- 添加测试按钮配置
|
||||
- 实现 `onTestRequest` 方法,用于测试接口调用是否正常
|
||||
|
||||
```typescript
|
||||
@IsAccess({
|
||||
name: 'demo', // 插件唯一标识
|
||||
title: '授权插件示例', // 插件标题
|
||||
icon: 'clarity:plugin-line', // 插件图标
|
||||
desc: '这是一个示例授权插件,用于演示如何实现一个授权插件', // 插件描述
|
||||
})
|
||||
export class DemoAccess extends BaseAccess {
|
||||
// 插件实现...
|
||||
}
|
||||
```
|
||||
5. **实现 API 方法**
|
||||
- 实现必要的 API 方法,如 `GetDomainList`
|
||||
- 封装统一的 API 请求方法 `doRequest`,处理错误和日志
|
||||
|
||||
### 3. 定义授权属性
|
||||
6. **遵循开发最佳实践**
|
||||
- 使用 `this.ctx.logger` 输出日志
|
||||
- 统一处理错误,抛出明确的错误信息
|
||||
- 实现代码复用,避免重复逻辑
|
||||
|
||||
使用 `@AccessInput` 注解定义授权属性:
|
||||
## 输出规范
|
||||
- 必须包含完整的插件实现代码,包括所有必要的导入语句
|
||||
- 代码必须包含详细的注释说明,解释每个步骤的目的和实现细节
|
||||
- 提供完整的示例代码,展示插件的使用方法,包括不同类型的授权方式
|
||||
- 代码块必须使用正确的语法高亮,确保代码可读性
|
||||
- 包含开发技巧和注意事项,帮助开发者避免常见错误
|
||||
- 输出内容必须结构清晰,使用适当的标题和列表格式
|
||||
|
||||
```typescript
|
||||
@AccessInput({
|
||||
title: '授权方式',
|
||||
value: 'apiKey', // 默认值
|
||||
component: {
|
||||
name: "a-select", // 基于 antdv 的输入组件
|
||||
vModel: "value", // v-model 绑定的属性名
|
||||
options: [ // 组件参数
|
||||
{ label: "API密钥(推荐)", value: "apiKey" },
|
||||
{ label: "账号密码", value: "account" },
|
||||
],
|
||||
placeholder: 'demoKeyId',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
apiType = '';
|
||||
## 示例
|
||||
|
||||
@AccessInput({
|
||||
title: '密钥Id',
|
||||
component: {
|
||||
name:"a-input",
|
||||
allowClear: true,
|
||||
placeholder: 'demoKeyId',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
demoKeyId = '';
|
||||
### 示例 1: 基本 Access 插件
|
||||
|
||||
@AccessInput({
|
||||
title: '密钥',//标题
|
||||
required: true, //text组件可以省略
|
||||
encrypt: true, //该属性是否需要加密
|
||||
})
|
||||
demoKeySecret = '';
|
||||
#### 用户输入
|
||||
创建一个 Access 插件,用于存储第三方应用的授权信息并提供 API 接口。
|
||||
|
||||
|
||||
|
||||
@AccessInput({
|
||||
title: '另外一个授权Id',//标题
|
||||
component: {
|
||||
name:"access-selector", //access选择组件
|
||||
vModel:"modelValue",
|
||||
type: "ssh", // access类型,让用户固定选择这种类型的access
|
||||
},
|
||||
required: true, //text组件可以省略
|
||||
})
|
||||
otherAccessId;
|
||||
|
||||
```
|
||||
|
||||
### 4. 实现测试方法
|
||||
|
||||
```typescript
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
name: "api-test",
|
||||
action: "TestRequest"
|
||||
},
|
||||
helper: "点击测试接口是否正常"
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
/**
|
||||
* 会通过上面的testRequest参数在ui界面上生成测试按钮,供用户测试接口调用是否正常
|
||||
*/
|
||||
async onTestRequest() {
|
||||
await this.GetDomainList({});
|
||||
return "ok"
|
||||
}
|
||||
```
|
||||
|
||||
### 5. 实现 API 方法
|
||||
|
||||
```typescript
|
||||
/**
|
||||
* api接口示例 获取域名列表,
|
||||
*/
|
||||
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
//输出日志必须使用ctx.logger
|
||||
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
|
||||
const pager = new Pager(req);
|
||||
const resp = await this.doRequest({
|
||||
action: "ListDomains",
|
||||
data: {
|
||||
domain: req.searchKey,
|
||||
offset: pager.getOffset(),
|
||||
limit: pager.pageSize,
|
||||
}
|
||||
});
|
||||
const total = resp?.TotalCount || 0;
|
||||
let list = resp?.DomainList?.map((item) => {
|
||||
item.domain = item.Domain;
|
||||
item.id = item.DomainId;
|
||||
return item;
|
||||
})
|
||||
return {
|
||||
total,
|
||||
list
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* 通用api调用方法, 具体如何构造请求体,需参考对应应用的API文档
|
||||
*/
|
||||
async doRequest(req: { action: string, data?: any }) {
|
||||
/**
|
||||
this.ctx中包含很多有用的工具类
|
||||
type AccessContext = {
|
||||
http: HttpClient;
|
||||
logger: ILogger;
|
||||
utils: typeof utils;
|
||||
accessService: IAccessService;
|
||||
}
|
||||
*/
|
||||
const res = await this.ctx.http.request({
|
||||
url: "https://api.demo.cn/api/",
|
||||
method: "POST",
|
||||
data: {
|
||||
Action: req.action,
|
||||
Body: req.data
|
||||
}
|
||||
});
|
||||
|
||||
if (res.Code !== 0) {
|
||||
//异常处理
|
||||
throw new Error(res.Message || "请求失败");
|
||||
}
|
||||
return res.Resp;
|
||||
}
|
||||
```
|
||||
|
||||
--- 开发技巧:实现统一的 API 请求封装
|
||||
|
||||
**好处:**
|
||||
- **代码复用**:避免在每个 API 方法中重复编写相同的 header 设置和错误处理逻辑
|
||||
- **错误处理一致**:统一捕获和处理各种错误情况,确保错误信息格式统一
|
||||
- **日志记录完善**:集中记录详细的错误信息,便于调试和问题排查
|
||||
- **接口调用简化**:调用方只需关注业务逻辑,无需关心底层请求细节
|
||||
- **易于维护**:统一修改 API 调用方式时,只需修改一处代码
|
||||
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **插件命名**:插件名称应简洁明了,反映其功能。
|
||||
2. **属性加密**:对于敏感信息(如密钥),应设置 `encrypt: true`。
|
||||
3. **日志输出**:必须使用 `this.ctx.logger` 输出日志,而不是 `console`。
|
||||
4. **错误处理**:API 调用失败时应抛出明确的错误信息。
|
||||
5. **测试方法**:实现 `onTestRequest` 方法,以便用户可以测试授权是否正常。
|
||||
6. **统一接口调用方法**:封装统一的 API 请求方法,避免在每个 API 方法调用中重复编写错误处理逻辑。
|
||||
|
||||
## 完整示例
|
||||
|
||||
### 示例 1: 通用授权插件
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
|
||||
@@ -202,7 +71,7 @@ import { DomainRecord } from '@certd/plugin-lib';
|
||||
})
|
||||
export class DemoAccess extends BaseAccess {
|
||||
|
||||
/**
|
||||
/**
|
||||
* 授权属性配置
|
||||
*/
|
||||
@AccessInput({
|
||||
@@ -248,7 +117,6 @@ export class DemoAccess extends BaseAccess {
|
||||
})
|
||||
demoKeySecret = '';
|
||||
|
||||
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
@@ -268,7 +136,7 @@ export class DemoAccess extends BaseAccess {
|
||||
}
|
||||
|
||||
/**
|
||||
* 获api接口示例 取域名列表,
|
||||
* api接口示例 获取域名列表
|
||||
*/
|
||||
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
//输出日志必须使用ctx.logger
|
||||
@@ -294,21 +162,10 @@ export class DemoAccess extends BaseAccess {
|
||||
};
|
||||
}
|
||||
|
||||
// 还可以继续编写API
|
||||
|
||||
/**
|
||||
* 通用api调用方法, 具体如何构造请求体,需参考对应应用的API文档
|
||||
* 通用api调用方法, 具体如何构造请求体,需参考对应应用的API文档
|
||||
*/
|
||||
async doRequest(req: { action: string, data?: any }) {
|
||||
/**
|
||||
this.ctx中包含很多有用的工具类
|
||||
type AccessContext = {
|
||||
http: HttpClient;
|
||||
logger: ILogger;
|
||||
utils: typeof utils;
|
||||
accessService: IAccessService;
|
||||
}
|
||||
*/
|
||||
const res = await this.ctx.http.request({
|
||||
url: "https://api.demo.cn/api/",
|
||||
method: "POST",
|
||||
@@ -325,4 +182,224 @@ export class DemoAccess extends BaseAccess {
|
||||
return res.Resp;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### 示例 2: 支持 OAuth 授权的 Access 插件
|
||||
|
||||
#### 用户输入
|
||||
创建一个支持 OAuth 授权方式的 Access 插件。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
|
||||
import { DomainRecord } from '@certd/plugin-lib';
|
||||
|
||||
/**
|
||||
* OAuth 授权插件示例
|
||||
*/
|
||||
@IsAccess({
|
||||
name: 'oauth-demo',
|
||||
title: 'OAuth授权插件示例',
|
||||
icon: 'clarity:plugin-line',
|
||||
desc: '这是一个支持OAuth授权的插件示例',
|
||||
})
|
||||
export class OAuthDemoAccess extends BaseAccess {
|
||||
|
||||
@AccessInput({
|
||||
title: '授权方式',
|
||||
value: 'oauth',
|
||||
component: {
|
||||
name: "a-select",
|
||||
vModel: "value",
|
||||
options: [
|
||||
{
|
||||
label: "OAuth授权",
|
||||
value: "oauth"
|
||||
},
|
||||
{
|
||||
label: "API密钥",
|
||||
value: "apiKey"
|
||||
},
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
authType = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '客户端ID',
|
||||
component: {
|
||||
name:"a-input",
|
||||
placeholder: 'Client ID',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
clientId = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '客户端密钥',
|
||||
required: true,
|
||||
encrypt: true,
|
||||
})
|
||||
clientSecret = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '授权回调地址',
|
||||
component: {
|
||||
name:"a-input",
|
||||
placeholder: 'https://your-domain.com/callback',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
redirectUri = '';
|
||||
|
||||
@AccessInput({
|
||||
title: 'AccessToken',
|
||||
required: true,
|
||||
encrypt: true,
|
||||
})
|
||||
accessToken = '';
|
||||
|
||||
@AccessInput({
|
||||
title: 'RefreshToken',
|
||||
encrypt: true,
|
||||
})
|
||||
refreshToken = '';
|
||||
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
name: "api-test",
|
||||
action: "TestOAuth"
|
||||
},
|
||||
helper: "点击测试OAuth授权是否正常"
|
||||
})
|
||||
testOAuth = true;
|
||||
|
||||
/**
|
||||
* 测试OAuth授权
|
||||
*/
|
||||
async onTestOAuth() {
|
||||
try {
|
||||
// 测试AccessToken是否有效
|
||||
const result = await this.doOAuthRequest('GET', '/api/user/profile');
|
||||
this.ctx.logger.info('OAuth测试成功:', result);
|
||||
return "OAuth授权测试成功";
|
||||
} catch (error) {
|
||||
this.ctx.logger.error('OAuth测试失败:', error);
|
||||
throw new Error('OAuth授权测试失败');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* OAuth API请求方法
|
||||
*/
|
||||
async doOAuthRequest(method: string, endpoint: string, data?: any) {
|
||||
const res = await this.ctx.http.request({
|
||||
url: `https://api.oauth-demo.com${endpoint}`,
|
||||
method,
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.accessToken}`,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
data
|
||||
});
|
||||
|
||||
if (res.status !== 200) {
|
||||
throw new Error(`API请求失败: ${res.status} ${res.statusText}`);
|
||||
}
|
||||
return res.data;
|
||||
}
|
||||
|
||||
/**
|
||||
* 刷新AccessToken
|
||||
*/
|
||||
async refreshAccessToken() {
|
||||
if (!this.refreshToken) {
|
||||
throw new Error('没有提供RefreshToken');
|
||||
}
|
||||
|
||||
const res = await this.ctx.http.request({
|
||||
url: 'https://api.oauth-demo.com/oauth/token',
|
||||
method: 'POST',
|
||||
data: {
|
||||
grant_type: 'refresh_token',
|
||||
refresh_token: this.refreshToken,
|
||||
client_id: this.clientId,
|
||||
client_secret: this.clientSecret
|
||||
}
|
||||
});
|
||||
|
||||
if (res.status === 200 && res.data.access_token) {
|
||||
this.accessToken = res.data.access_token;
|
||||
if (res.data.refresh_token) {
|
||||
this.refreshToken = res.data.refresh_token;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
throw new Error('刷新AccessToken失败');
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名列表
|
||||
*/
|
||||
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
try {
|
||||
const res = await this.doOAuthRequest('GET', '/api/domains', {
|
||||
search: req.searchKey,
|
||||
page: req.page,
|
||||
pageSize: req.pageSize
|
||||
});
|
||||
|
||||
return {
|
||||
total: res.total,
|
||||
list: res.items.map((item: any) => ({
|
||||
id: item.id,
|
||||
domain: item.domain
|
||||
}))
|
||||
};
|
||||
} catch (error) {
|
||||
// 尝试刷新AccessToken并重试
|
||||
if (error.message.includes('401')) {
|
||||
await this.refreshAccessToken();
|
||||
const res = await this.doOAuthRequest('GET', '/api/domains', {
|
||||
search: req.searchKey,
|
||||
page: req.page,
|
||||
pageSize: req.pageSize
|
||||
});
|
||||
|
||||
return {
|
||||
total: res.total,
|
||||
list: res.items.map((item: any) => ({
|
||||
id: item.id,
|
||||
domain: item.domain
|
||||
}))
|
||||
};
|
||||
}
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **插件命名**:插件名称应简洁明了,反映其功能。
|
||||
2. **属性加密**:对于敏感信息(如密钥),应设置 `encrypt: true`。
|
||||
3. **日志输出**:必须使用 `this.ctx.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`。
|
||||
4. **错误处理**:API 调用失败时应抛出明确的错误信息。
|
||||
5. **测试方法**:实现 `onTestRequest` 方法,以便用户可以测试授权是否正常。
|
||||
6. **统一接口调用**:封装统一的 API 请求方法,避免重复编写错误处理逻辑。
|
||||
|
||||
## 开发技巧
|
||||
|
||||
### 实现统一的 API 请求封装
|
||||
|
||||
**好处:**
|
||||
- **代码复用**:避免在每个 API 方法中重复编写相同的 header 设置和错误处理逻辑
|
||||
- **错误处理一致**:统一捕获和处理各种错误情况,确保错误信息格式统一
|
||||
- **日志记录完善**:集中记录详细的错误信息,便于调试和问题排查
|
||||
- **接口调用简化**:调用方只需关注业务逻辑,无需关心底层请求细节
|
||||
- **易于维护**:统一修改 API 调用方式时,只需修改一处代码
|
||||
```
|
||||
@@ -1,141 +1,82 @@
|
||||
---
|
||||
name: dns-provider-dev
|
||||
description: 用于开发 Certd 系统中的 DNS Provider 插件,在 ACME 申请证书时给域名添加 TXT 解析记录以验证域名所有权。当用户需要创建DNS提供商插件、实现DNS解析、ACME证书验证或修改现有 DNS Provider 插件时触发。
|
||||
version: 1.0.0
|
||||
---
|
||||
|
||||
# DNS Provider 插件开发技能
|
||||
|
||||
## 什么是 DNS Provider 插件
|
||||
## 角色定义
|
||||
你是一名 Certd 插件开发专家,擅长创建和实现 DNS Provider 类型的插件,熟悉 TypeScript 编程和 Certd 插件开发规范。
|
||||
|
||||
DNS Provider 插件是 Certd 系统中的 DNS 提供商插件,它用于在 ACME 申请证书时给域名添加 TXT 解析记录,以验证域名所有权。
|
||||
## 核心指令
|
||||
请严格按照以下步骤执行任务:
|
||||
|
||||
## 开发步骤
|
||||
1. **导入必要的依赖**
|
||||
- 导入 `AbstractDnsProvider`, `CreateRecordOptions`, `IsDnsProvider`, `RemoveRecordOptions` 等必要的类型和装饰器
|
||||
- 导入对应的 Access 插件类型
|
||||
|
||||
### 1. 导入必要的依赖
|
||||
2. **定义记录数据结构**
|
||||
- 定义适合对应云平台的记录数据结构
|
||||
- 至少包含 id 字段,用于后续删除记录
|
||||
|
||||
3. **使用 @IsDnsProvider 注解注册插件**
|
||||
- 配置插件的唯一标识、标题、描述、图标
|
||||
- 指定对应的云平台的 access 类型名称
|
||||
- 设置排序值(可选)
|
||||
- 继承 `AbstractDnsProvider` 类
|
||||
|
||||
4. **实现 onInstance 方法**
|
||||
- 获取并保存对应的 Access 实例
|
||||
- 执行初始化操作
|
||||
|
||||
5. **实现 createRecord 方法**
|
||||
- 解析传入的参数(fullRecord, value, type, domain)
|
||||
- 记录操作开始日志
|
||||
- 调用云平台 API 创建 TXT 类型的 DNS 解析记录
|
||||
- 处理可能的错误:网络错误、API调用失败、授权失败等
|
||||
- 记录操作结果日志
|
||||
- 返回创建的记录信息,用于后续删除操作
|
||||
|
||||
6. **实现 removeRecord 方法**
|
||||
- 解析传入的参数和之前创建的记录信息
|
||||
- 记录操作开始日志
|
||||
- 调用云平台 API 删除 TXT 类型的 DNS 解析记录
|
||||
- 处理可能的错误:网络错误、API调用失败、记录不存在等
|
||||
- 记录操作结果日志
|
||||
|
||||
7. **实现 getDomainListPage 方法**
|
||||
- 实现获取域名列表的方法
|
||||
- 支持分页查询
|
||||
- 处理可能的错误:网络错误、API调用失败、授权失败等
|
||||
- 返回标准化的域名列表格式
|
||||
|
||||
8. **实例化插件**
|
||||
- 实例化插件,确保插件被注册
|
||||
|
||||
## 输出规范
|
||||
- 必须包含完整的插件实现代码
|
||||
- 代码必须包含详细的注释说明
|
||||
- 提供完整的示例代码,展示插件的使用方法
|
||||
- 包含开发注意事项
|
||||
|
||||
## 示例
|
||||
|
||||
### 示例 1: 基本 DNS Provider 插件
|
||||
|
||||
#### 用户输入
|
||||
创建一个 DNS Provider 插件,用于在 ACME 申请证书时添加和删除 TXT 解析记录。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
import { Pager, PageRes, PageSearch } from "@certd/pipeline";
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions, DomainRecord } from '@certd/plugin-cert';
|
||||
import { DemoAccess } from './access.js';
|
||||
import { isDev } from '../../utils/env.js';
|
||||
```
|
||||
|
||||
### 2. 定义记录数据结构
|
||||
|
||||
```typescript
|
||||
type DemoRecord = {
|
||||
// 这里定义 Record 记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到 id 就行,用于删除 txt 解析记录,清理申请痕迹
|
||||
// id:string
|
||||
};
|
||||
```
|
||||
|
||||
### 3. 使用 @IsDnsProvider 注解注册插件
|
||||
|
||||
```typescript
|
||||
// 这里通过 IsDnsProvider 注册一个 dnsProvider
|
||||
@IsDnsProvider({
|
||||
name: 'demo', // 插件唯一标识
|
||||
title: 'Dns提供商Demo', // 插件标题
|
||||
desc: 'dns provider示例', // 插件描述
|
||||
icon: 'clarity:plugin-line', // 插件图标
|
||||
// 这里是对应的云平台的 access 类型名称
|
||||
accessType: 'demo',
|
||||
order: 99, // 排序
|
||||
})
|
||||
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
access!: DemoAccess;
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as DemoAccess;
|
||||
// 也可以通过 ctx 成员变量传递 context
|
||||
this.logger.debug('access', this.access);
|
||||
// 初始化的操作
|
||||
// ...
|
||||
}
|
||||
|
||||
// 插件实现...
|
||||
}
|
||||
```
|
||||
|
||||
### 4. 实现 createRecord 方法
|
||||
|
||||
```typescript
|
||||
/**
|
||||
* 创建 dns 解析记录,用于验证域名所有权
|
||||
*/
|
||||
async createRecord(options: CreateRecordOptions): Promise<any> {
|
||||
/**
|
||||
* options 参数说明
|
||||
* fullRecord: '_acme-challenge.example.com',
|
||||
* value: 一串 uuid
|
||||
* type: 'TXT',
|
||||
* domain: 'example.com'
|
||||
*/
|
||||
const { fullRecord, value, type, domain } = options;
|
||||
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
|
||||
|
||||
// 调用创建 dns 解析记录的对应的云端接口,创建 txt 类型的 dns 解析记录
|
||||
// 请根据实际接口情况调用,例如:
|
||||
// const createDnsRecordUrl = "xxx"
|
||||
// const record = this.http.post(createDnsRecordUrl,{
|
||||
// // 授权参数
|
||||
// // 创建 dns 解析记录的参数
|
||||
// })
|
||||
// // 返回本次创建的 dns 解析记录,这个记录会在删除的时候用到
|
||||
// return record
|
||||
}
|
||||
```
|
||||
|
||||
### 5. 实现 removeRecord 方法
|
||||
|
||||
```typescript
|
||||
/**
|
||||
* 删除 dns 解析记录,清理申请痕迹
|
||||
* @param options
|
||||
*/
|
||||
async removeRecord(options: RemoveRecordOptions<DemoRecord>): Promise<void> {
|
||||
const { fullRecord, value, domain } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
this.logger.info('删除域名解析:', domain, fullRecord, value, record);
|
||||
// 这里调用删除 txt dns 解析记录接口
|
||||
// 请根据实际接口情况调用,例如:
|
||||
|
||||
// const deleteDnsRecordUrl = "xxx"
|
||||
// const res = this.http.delete(deleteDnsRecordUrl,{
|
||||
// // 授权参数
|
||||
// // 删除 dns 解析记录的参数
|
||||
// })
|
||||
|
||||
|
||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||
}
|
||||
```
|
||||
|
||||
### 6. 实例化插件
|
||||
|
||||
```typescript
|
||||
// 实例化这个 provider,将其自动注册到系统中
|
||||
if (isDev()) {
|
||||
// 你的实现 要去掉这个 if,不然生产环境将不会显示
|
||||
new DemoDnsProvider();
|
||||
}
|
||||
```
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **插件命名**:插件名称应简洁明了,反映其功能。
|
||||
2. **accessType**:必须指定对应的云平台的 access 类型名称。
|
||||
3. **记录结构**:定义适合对应云平台的记录数据结构,至少包含 id 字段用于删除记录。
|
||||
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`。
|
||||
5. **错误处理**:API 调用失败时应抛出明确的错误信息。
|
||||
6. **实例化**:生产环境中应移除 `if (isDev())` 条件,确保插件在生产环境中也能被注册。
|
||||
|
||||
## 完整示例
|
||||
|
||||
### 示例:通用 DNS Provider
|
||||
|
||||
```typescript
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
import { DemoAccess } from './access.js';
|
||||
import { isDev } from '../../utils/env.js';
|
||||
|
||||
type DemoRecord = {
|
||||
// 这里定义 Record 记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到 id 就行,用于删除 txt 解析记录,清理申请痕迹
|
||||
// id:string
|
||||
// 这里定义 Record 记录的数据结构,跟对应云平台接口返回值一样即可
|
||||
id: string;
|
||||
};
|
||||
|
||||
// 这里通过 IsDnsProvider 注册一个 dnsProvider
|
||||
@@ -173,15 +114,23 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
const { fullRecord, value, type, domain } = options;
|
||||
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
|
||||
|
||||
// 调用创建 dns 解析记录的对应的云端接口,创建 txt 类型的 dns 解析记录
|
||||
// 请根据实际接口情况调用,例如:
|
||||
// const createDnsRecordUrl = "xxx"
|
||||
// const record = this.http.post(createDnsRecordUrl,{
|
||||
// // 授权参数
|
||||
// // 创建 dns 解析记录的参数
|
||||
// })
|
||||
// // 返回本次创建的 dns 解析记录,这个记录会在删除的时候用到
|
||||
// return record
|
||||
try {
|
||||
// 调用创建 dns 解析记录的对应的云端接口,创建 txt 类型的 dns 解析记录
|
||||
// 请根据实际接口情况调用,例如:
|
||||
// const createDnsRecordUrl = "xxx"
|
||||
// const record = this.http.post(createDnsRecordUrl,{
|
||||
// // 授权参数
|
||||
// // 创建 dns 解析记录的参数
|
||||
// })
|
||||
// // 返回本次创建的 dns 解析记录,这个记录会在删除的时候用到
|
||||
// return record
|
||||
|
||||
// 模拟返回
|
||||
return { id: 'demo-record-id' };
|
||||
} catch (error) {
|
||||
this.logger.error('创建DNS记录失败:', error);
|
||||
throw new Error(`创建DNS记录失败: ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -192,23 +141,302 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
const { fullRecord, value, domain } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
this.logger.info('删除域名解析:', domain, fullRecord, value, record);
|
||||
// 这里调用删除 txt dns 解析记录接口
|
||||
// 请根据实际接口情况调用,例如:
|
||||
|
||||
try {
|
||||
// 这里调用删除 txt dns 解析记录接口
|
||||
// 请根据实际接口情况调用,例如:
|
||||
// const deleteDnsRecordUrl = "xxx"
|
||||
// const res = this.http.delete(deleteDnsRecordUrl,{
|
||||
// // 授权参数
|
||||
// // 删除 dns 解析记录的参数
|
||||
// })
|
||||
|
||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||
} catch (error) {
|
||||
this.logger.error('删除DNS记录失败:', error);
|
||||
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
|
||||
}
|
||||
}
|
||||
|
||||
// const deleteDnsRecordUrl = "xxx"
|
||||
// const res = this.http.delete(deleteDnsRecordUrl,{
|
||||
// // 授权参数
|
||||
// // 删除 dns 解析记录的参数
|
||||
// })
|
||||
/**
|
||||
* 实现获取域名列表
|
||||
*/
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
try {
|
||||
const pager = new Pager(req);
|
||||
const res = await this.http.request({
|
||||
// 请求接口获取域名列表
|
||||
})
|
||||
const list = res.Domains?.map(item => ({
|
||||
id: item.Id,
|
||||
domain: item.DomainName,
|
||||
})) || []
|
||||
|
||||
|
||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||
return {
|
||||
list,
|
||||
total: res.Total,
|
||||
};
|
||||
} catch (error) {
|
||||
this.logger.error('获取域名列表失败:', error);
|
||||
return { list: [], total: 0 };
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 实例化这个 provider,将其自动注册到系统中
|
||||
if (isDev()) {
|
||||
// 你的实现 要去掉这个 if,不然生产环境将不会显示
|
||||
new DemoDnsProvider();
|
||||
new DemoDnsProvider();
|
||||
```
|
||||
|
||||
### 示例 2: 阿里云 DNS Provider 插件
|
||||
|
||||
#### 用户输入
|
||||
创建一个阿里云 DNS Provider 插件,用于在 ACME 申请证书时添加和删除 TXT 解析记录。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions, PageSearch, PageRes, DomainRecord } from '@certd/plugin-cert';
|
||||
import { AliyunAccess } from './aliyun-access.js';
|
||||
import { Pager } from '@certd/pipeline';
|
||||
|
||||
type AliyunRecord = {
|
||||
RecordId: string;
|
||||
};
|
||||
|
||||
// 阿里云 DNS Provider 插件
|
||||
@IsDnsProvider({
|
||||
name: 'aliyun',
|
||||
title: '阿里云DNS',
|
||||
desc: '阿里云DNS提供商插件',
|
||||
icon: 'clarity:plugin-line',
|
||||
accessType: 'aliyun',
|
||||
order: 10,
|
||||
})
|
||||
export class AliyunDnsProvider extends AbstractDnsProvider<AliyunRecord> {
|
||||
access!: AliyunAccess;
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as AliyunAccess;
|
||||
this.logger.debug('阿里云Access实例初始化成功');
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建 DNS 解析记录
|
||||
*/
|
||||
async createRecord(options: CreateRecordOptions): Promise<AliyunRecord> {
|
||||
const { fullRecord, value, type, domain } = options;
|
||||
this.logger.info('阿里云DNS: 添加解析记录', { fullRecord, value, type, domain });
|
||||
|
||||
try {
|
||||
// 提取主机记录
|
||||
const hostRecord = fullRecord.replace(`.${domain}`, '');
|
||||
|
||||
// 调用阿里云 API 创建解析记录
|
||||
const response = await this.access.doRequest({
|
||||
action: 'AddDomainRecord',
|
||||
data: {
|
||||
DomainName: domain,
|
||||
RR: hostRecord,
|
||||
Type: type,
|
||||
Value: value,
|
||||
TTL: 600, // 10分钟
|
||||
}
|
||||
});
|
||||
|
||||
this.logger.info('阿里云DNS: 解析记录创建成功', { RecordId: response.RecordId });
|
||||
return { RecordId: response.RecordId };
|
||||
} catch (error) {
|
||||
this.logger.error('阿里云DNS: 创建解析记录失败', error);
|
||||
throw new Error(`阿里云DNS创建解析记录失败: ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除 DNS 解析记录
|
||||
*/
|
||||
async removeRecord(options: RemoveRecordOptions<AliyunRecord>): Promise<void> {
|
||||
const { fullRecord, value, domain } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
this.logger.info('阿里云DNS: 删除解析记录', { fullRecord, value, domain, RecordId: record.RecordId });
|
||||
|
||||
try {
|
||||
// 调用阿里云 API 删除解析记录
|
||||
await this.access.doRequest({
|
||||
action: 'DeleteDomainRecord',
|
||||
data: {
|
||||
RecordId: record.RecordId,
|
||||
}
|
||||
});
|
||||
|
||||
this.logger.info('阿里云DNS: 解析记录删除成功', { RecordId: record.RecordId });
|
||||
} catch (error) {
|
||||
this.logger.error('阿里云DNS: 删除解析记录失败', error);
|
||||
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名列表
|
||||
*/
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
try {
|
||||
const pager = new Pager(req);
|
||||
const response = await this.access.doRequest({
|
||||
action: 'DescribeDomains',
|
||||
data: {
|
||||
PageNumber: pager.page,
|
||||
PageSize: pager.pageSize,
|
||||
KeyWord: req.searchKey,
|
||||
}
|
||||
});
|
||||
|
||||
const list = response.Domains.Domain.map((domain: any) => ({
|
||||
id: domain.DomainId,
|
||||
domain: domain.DomainName,
|
||||
}));
|
||||
|
||||
return {
|
||||
list,
|
||||
total: response.TotalCount,
|
||||
};
|
||||
} catch (error) {
|
||||
this.logger.error('阿里云DNS: 获取域名列表失败', error);
|
||||
return { list: [], total: 0 };
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
// 实例化插件
|
||||
new AliyunDnsProvider();
|
||||
```
|
||||
|
||||
### 示例 3: 腾讯云 DNS Provider 插件
|
||||
|
||||
#### 用户输入
|
||||
创建一个腾讯云 DNS Provider 插件,用于在 ACME 申请证书时添加和删除 TXT 解析记录。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions, PageSearch, PageRes, DomainRecord } from '@certd/plugin-cert';
|
||||
import { TencentAccess } from './tencent-access.js';
|
||||
import { Pager } from '@certd/pipeline';
|
||||
|
||||
type TencentRecord = {
|
||||
RecordId: string;
|
||||
};
|
||||
|
||||
// 腾讯云 DNS Provider 插件
|
||||
@IsDnsProvider({
|
||||
name: 'tencent',
|
||||
title: '腾讯云DNS',
|
||||
desc: '腾讯云DNS提供商插件',
|
||||
icon: 'clarity:plugin-line',
|
||||
accessType: 'tencent',
|
||||
order: 20,
|
||||
})
|
||||
export class TencentDnsProvider extends AbstractDnsProvider<TencentRecord> {
|
||||
access!: TencentAccess;
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as TencentAccess;
|
||||
this.logger.debug('腾讯云Access实例初始化成功');
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建 DNS 解析记录
|
||||
*/
|
||||
async createRecord(options: CreateRecordOptions): Promise<TencentRecord> {
|
||||
const { fullRecord, value, type, domain } = options;
|
||||
this.logger.info('腾讯云DNS: 添加解析记录', { fullRecord, value, type, domain });
|
||||
|
||||
try {
|
||||
// 提取主机记录
|
||||
const hostRecord = fullRecord.replace(`.${domain}`, '');
|
||||
|
||||
// 调用腾讯云 API 创建解析记录
|
||||
const response = await this.access.doRequest({
|
||||
action: 'CreateRecord',
|
||||
data: {
|
||||
Domain: domain,
|
||||
SubDomain: hostRecord,
|
||||
RecordType: type,
|
||||
RecordValue: value,
|
||||
TTL: 600, // 10分钟
|
||||
}
|
||||
});
|
||||
|
||||
this.logger.info('腾讯云DNS: 解析记录创建成功', { RecordId: response.RecordId });
|
||||
return { RecordId: response.RecordId };
|
||||
} catch (error) {
|
||||
this.logger.error('腾讯云DNS: 创建解析记录失败', error);
|
||||
throw new Error(`腾讯云DNS创建解析记录失败: ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除 DNS 解析记录
|
||||
*/
|
||||
async removeRecord(options: RemoveRecordOptions<TencentRecord>): Promise<void> {
|
||||
const { fullRecord, value, domain } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
this.logger.info('腾讯云DNS: 删除解析记录', { fullRecord, value, domain, RecordId: record.RecordId });
|
||||
|
||||
try {
|
||||
// 调用腾讯云 API 删除解析记录
|
||||
await this.access.doRequest({
|
||||
action: 'DeleteRecord',
|
||||
data: {
|
||||
RecordId: record.RecordId,
|
||||
}
|
||||
});
|
||||
|
||||
this.logger.info('腾讯云DNS: 解析记录删除成功', { RecordId: record.RecordId });
|
||||
} catch (error) {
|
||||
this.logger.error('腾讯云DNS: 删除解析记录失败', error);
|
||||
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名列表
|
||||
*/
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
try {
|
||||
const pager = new Pager(req);
|
||||
const response = await this.access.doRequest({
|
||||
action: 'DescribeDomains',
|
||||
data: {
|
||||
Offset: (pager.page - 1) * pager.pageSize,
|
||||
Limit: pager.pageSize,
|
||||
Keyword: req.searchKey,
|
||||
}
|
||||
});
|
||||
|
||||
const list = response.Domains.map((domain: any) => ({
|
||||
id: domain.DomainId,
|
||||
domain: domain.DomainName,
|
||||
}));
|
||||
|
||||
return {
|
||||
list,
|
||||
total: response.TotalCount,
|
||||
};
|
||||
} catch (error) {
|
||||
this.logger.error('腾讯云DNS: 获取域名列表失败', error);
|
||||
return { list: [], total: 0 };
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 实例化插件
|
||||
new TencentDnsProvider();
|
||||
```
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **插件命名**:插件名称应简洁明了,反映其功能。
|
||||
2. **accessType**:必须指定对应的云平台的 access 类型名称。
|
||||
3. **记录结构**:定义适合对应云平台的记录数据结构,至少包含 id 字段用于删除记录。
|
||||
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`。
|
||||
5. **错误处理**:API 调用失败时应抛出明确的错误信息。
|
||||
@@ -1,126 +1,90 @@
|
||||
---
|
||||
name: plugin-converter
|
||||
description: 用于将 Certd 插件转换为 YAML 配置文件的命令行工具,支持分析单个插件文件、识别插件类型并生成对应的 YAML 配置。当用户需要生成插件配置、转换插件格式、批量处理插件或修改现有插件配置时触发。
|
||||
version: 1.0.0
|
||||
---
|
||||
|
||||
# 插件转换工具技能
|
||||
|
||||
## 什么是插件转换工具
|
||||
## 角色定义
|
||||
你是一名 Certd 插件开发专家,擅长使用插件转换工具将 Certd 插件转换为 YAML 配置文件,熟悉命令行工具的使用和 Certd 插件开发规范。
|
||||
|
||||
插件转换工具是一个用于将 Certd 插件转换为 YAML 配置文件的命令行工具。它可以分析单个插件文件,识别插件类型,并生成对应的 YAML 配置,可以让插件分发和在线注册。
|
||||
## 核心指令
|
||||
请严格按照以下步骤执行任务:
|
||||
|
||||
## 工具位置
|
||||
1. **定位工具位置**
|
||||
- 工具位于 `trae/skills/convert-plugin-to-yaml.js`
|
||||
|
||||
`trae/skills/convert-plugin-to-yaml.js`
|
||||
2. **了解功能特性**
|
||||
- 单个插件转换:支持指定单个插件文件进行转换
|
||||
- 批量插件转换:支持指定目录批量转换多个插件
|
||||
- 自动类型识别:自动识别插件类型(Access、Task、DNS Provider、Notification、Addon)
|
||||
- 详细日志输出:提供详细的转换过程日志
|
||||
- YAML 配置生成:生成标准的 YAML 配置文件
|
||||
- 配置文件保存:自动将生成的配置保存到 `./metadata` 目录
|
||||
- 自定义输出目录:支持指定自定义输出目录
|
||||
- 格式化输出:支持格式化 YAML 输出
|
||||
- 可复用函数:导出了可复用的函数,便于其他模块调用
|
||||
|
||||
## 功能特性
|
||||
3. **使用工具**
|
||||
- 基本用法:`node trae/skills/convert-plugin-to-yaml.js <插件文件路径>`
|
||||
- 批量转换:`node trae/skills/convert-plugin-to-yaml.js <目录路径>`
|
||||
- 自定义输出目录:`node trae/skills/convert-plugin-to-yaml.js <插件文件路径> --output <输出目录>`
|
||||
- 格式化输出:`node trae/skills/convert-plugin-to-yaml.js <插件文件路径> --format`
|
||||
- 示例:
|
||||
- 转换 Access 插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js`
|
||||
- 转换 Task 插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js`
|
||||
- 转换 DNS Provider 插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js`
|
||||
- 批量转换插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/`
|
||||
- 自定义输出目录:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js --output ./configs`
|
||||
|
||||
- **单个插件转换**:支持指定单个插件文件进行转换,而不是扫描整个目录
|
||||
- **自动类型识别**:自动识别插件类型(Access、Task、DNS Provider、Notification、Addon)
|
||||
- **详细日志输出**:提供详细的转换过程日志,便于调试
|
||||
- **YAML 配置生成**:生成标准的 YAML 配置文件
|
||||
- **配置文件保存**:自动将生成的配置保存到 `./metadata` 目录
|
||||
- **可复用函数**:导出了可复用的函数,便于其他模块调用
|
||||
4. **理解转换过程**
|
||||
- 加载插件模块:使用 `import()` 动态加载指定的插件文件
|
||||
- 分析插件定义:检查模块导出的对象,寻找带有 `define` 属性的插件
|
||||
- 识别插件类型:根据插件的继承关系或属性识别插件类型
|
||||
- 生成 YAML 配置:基于插件定义生成标准的 YAML 配置
|
||||
- 保存配置文件:将生成的配置保存到 `./metadata` 目录
|
||||
|
||||
## 使用方法
|
||||
5. **了解输出说明**
|
||||
- 命令行输出:插件加载状态、插件导出的对象列表、插件类型识别结果、生成的 YAML 配置内容、配置文件保存路径
|
||||
- 配置文件命名规则:`<插件类型>[_<子类型>]_<插件名称>.yaml`
|
||||
|
||||
### 基本用法
|
||||
6. **理解插件类型识别逻辑**
|
||||
- DNS Provider:如果插件定义中包含 `accessType` 属性
|
||||
- Task:如果插件继承自 `AbstractTaskPlugin`
|
||||
- Notification:如果插件继承自 `BaseNotification`
|
||||
- Access:如果插件继承自 `BaseAccess`
|
||||
- Addon:如果插件继承自 `BaseAddon`
|
||||
|
||||
```bash
|
||||
node trae/skills/convert-plugin-to-yaml.js <插件文件路径>
|
||||
```
|
||||
7. **遵循注意事项**
|
||||
- 文件路径:插件文件路径可以是相对路径或绝对路径
|
||||
- 文件格式:仅支持 `.js` 文件,不支持 `.ts` 文件(需要先编译)
|
||||
- 依赖安装:执行前确保已安装所有必要的依赖
|
||||
- 配置目录:如果 `./metadata` 目录不存在,工具会自动创建
|
||||
- 错误处理:如果插件加载失败或识别失败,工具会输出错误信息但不会终止执行
|
||||
|
||||
### 示例
|
||||
## 输出规范
|
||||
- 必须包含工具的使用方法和示例
|
||||
- 必须包含转换过程的详细说明
|
||||
- 必须包含输出说明和配置文件命名规则
|
||||
- 必须包含插件类型识别逻辑
|
||||
- 必须包含注意事项和故障排除建议
|
||||
|
||||
## 示例
|
||||
|
||||
### 示例 1: 转换单个 Access 插件
|
||||
|
||||
#### 用户输入
|
||||
将 Access 插件转换为 YAML 配置文件。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```bash
|
||||
# 转换 Access 插件
|
||||
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
|
||||
# 转换 Task 插件
|
||||
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
|
||||
|
||||
# 转换 DNS Provider 插件
|
||||
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
|
||||
```
|
||||
|
||||
## 转换过程
|
||||
|
||||
1. **加载插件模块**:使用 `import()` 动态加载指定的插件文件
|
||||
2. **分析插件定义**:检查模块导出的对象,寻找带有 `define` 属性的插件
|
||||
3. **识别插件类型**:根据插件的继承关系或属性识别插件类型
|
||||
4. **生成 YAML 配置**:基于插件定义生成标准的 YAML 配置
|
||||
5. **保存配置文件**:将生成的配置保存到 `./metadata` 目录
|
||||
|
||||
## 输出说明
|
||||
|
||||
### 命令行输出
|
||||
|
||||
执行转换命令后,工具会输出以下信息:
|
||||
|
||||
- 插件加载状态
|
||||
- 插件导出的对象列表
|
||||
- 插件类型识别结果
|
||||
- 生成的 YAML 配置内容
|
||||
- 配置文件保存路径
|
||||
|
||||
### 配置文件命名规则
|
||||
|
||||
生成的配置文件命名规则为:
|
||||
|
||||
```
|
||||
<插件类型>[_<子类型>]_<插件名称>.yaml
|
||||
```
|
||||
|
||||
例如:
|
||||
- `access_demo.yaml`(Access 插件)
|
||||
- `deploy_DemoTest.yaml`(Task 插件)
|
||||
- `dnsProvider_demo.yaml`(DNS Provider 插件)
|
||||
|
||||
## 插件类型识别逻辑
|
||||
|
||||
工具通过以下逻辑识别插件类型:
|
||||
|
||||
1. **DNS Provider**:如果插件定义中包含 `accessType` 属性
|
||||
2. **Task**:如果插件继承自 `AbstractTaskPlugin`
|
||||
3. **Notification**:如果插件继承自 `BaseNotification`
|
||||
4. **Access**:如果插件继承自 `BaseAccess`
|
||||
5. **Addon**:如果插件继承自 `BaseAddon`
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **文件路径**:插件文件路径可以是相对路径或绝对路径
|
||||
2. **文件格式**:仅支持 `.js` 文件,不支持 `.ts` 文件(需要先编译)
|
||||
3. **依赖安装**:执行前确保已安装所有必要的依赖
|
||||
4. **配置目录**:如果 `./metadata` 目录不存在,工具会自动创建
|
||||
5. **错误处理**:如果插件加载失败或识别失败,工具会输出错误信息但不会终止执行
|
||||
|
||||
## 代码结构
|
||||
|
||||
### 主要函数
|
||||
|
||||
1. **isPrototypeOf(value, cls)**:检查对象是否是指定类的原型
|
||||
2. **loadSingleModule(filePath)**:加载单个插件模块
|
||||
3. **convertSinglePlugin(pluginPath)**:分析单个插件并生成 YAML 配置
|
||||
4. **main()**:主函数,处理命令行参数并执行转换
|
||||
|
||||
### 导出函数
|
||||
|
||||
工具导出了以下函数,便于其他模块调用:
|
||||
|
||||
```javascript
|
||||
export {
|
||||
convertSinglePlugin, // 转换单个插件
|
||||
loadSingleModule, // 加载单个模块
|
||||
isPrototypeOf // 检查原型关系
|
||||
};
|
||||
```
|
||||
|
||||
## 应用场景
|
||||
|
||||
1. **插件开发**:在开发新插件时,快速生成配置文件
|
||||
2. **插件调试**:查看插件的内部定义和配置
|
||||
3. **插件管理**:批量转换现有插件为标准配置格式
|
||||
4. **自动化构建**:集成到构建流程中,自动生成插件配置
|
||||
|
||||
## 示例输出
|
||||
|
||||
### 转换 Access 插件示例
|
||||
|
||||
#### 输出
|
||||
```bash
|
||||
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
@@ -142,30 +106,117 @@ YAML 配置已保存到: ./metadata/access_demo.yaml
|
||||
插件转换完成!
|
||||
```
|
||||
|
||||
### 转换 Task 插件示例
|
||||
### 示例 2: 批量转换插件
|
||||
|
||||
#### 用户输入
|
||||
批量转换目录中的所有插件为 YAML 配置文件。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```bash
|
||||
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
|
||||
# 批量转换插件
|
||||
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/
|
||||
```
|
||||
|
||||
#### 输出
|
||||
```bash
|
||||
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/
|
||||
开始转换目录: packages/ui/certd-server/src/plugins/
|
||||
|
||||
正在处理文件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
插件模块导出了 1 个对象: DemoAccess
|
||||
处理插件: DemoAccess
|
||||
插件类型: access
|
||||
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
|
||||
生成的 YAML 配置:
|
||||
name: demo
|
||||
title: 授权插件示例
|
||||
desc: 这是一个示例授权插件,用于演示如何实现一个授权插件
|
||||
icon: clarity:plugin-line
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
|
||||
YAML 配置已保存到: ./metadata/access_demo.yaml
|
||||
插件转换完成!
|
||||
|
||||
正在处理文件: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
|
||||
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
|
||||
插件模块导出了 1 个对象: DemoTest
|
||||
处理插件: DemoTest
|
||||
插件类型: deploy
|
||||
插件类型: task
|
||||
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
|
||||
|
||||
生成的 YAML 配置:
|
||||
name: DemoTest
|
||||
title: Demo-测试插件
|
||||
desc: ""
|
||||
desc: 这是一个示例任务插件,用于演示如何实现一个任务插件
|
||||
icon: clarity:plugin-line
|
||||
pluginType: task
|
||||
group: other
|
||||
default:
|
||||
strategy:
|
||||
runStrategy: SkipWhenSucceed
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
|
||||
|
||||
YAML 配置已保存到: ./metadata/deploy_DemoTest.yaml
|
||||
YAML 配置已保存到: ./metadata/task_DemoTest.yaml
|
||||
插件转换完成!
|
||||
|
||||
正在处理文件: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
|
||||
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
|
||||
插件模块导出了 1 个对象: DemoDnsProvider
|
||||
处理插件: DemoDnsProvider
|
||||
插件类型: dns-provider
|
||||
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
|
||||
|
||||
生成的 YAML 配置:
|
||||
name: demo
|
||||
title: Dns提供商Demo
|
||||
desc: dns provider示例
|
||||
icon: clarity:plugin-line
|
||||
pluginType: dns-provider
|
||||
accessType: demo
|
||||
order: 99
|
||||
type: builtIn
|
||||
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
|
||||
|
||||
YAML 配置已保存到: ./metadata/dns-provider_demo.yaml
|
||||
插件转换完成!
|
||||
|
||||
批量转换完成,共处理 3 个插件文件
|
||||
```
|
||||
|
||||
### 示例 3: 自定义输出目录
|
||||
|
||||
#### 用户输入
|
||||
将插件转换为 YAML 配置文件,并保存到自定义目录。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```bash
|
||||
# 自定义输出目录
|
||||
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js --output ./configs
|
||||
```
|
||||
|
||||
#### 输出
|
||||
```bash
|
||||
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js --output ./configs
|
||||
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
插件模块导出了 1 个对象: DemoAccess
|
||||
处理插件: DemoAccess
|
||||
插件类型: access
|
||||
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
|
||||
生成的 YAML 配置:
|
||||
name: demo
|
||||
title: 授权插件示例
|
||||
desc: 这是一个示例授权插件,用于演示如何实现一个授权插件
|
||||
icon: clarity:plugin-line
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/access.js
|
||||
|
||||
YAML 配置已保存到: ./configs/access_demo.yaml
|
||||
插件转换完成!
|
||||
```
|
||||
|
||||
@@ -196,6 +247,30 @@ YAML 配置已保存到: ./metadata/deploy_DemoTest.yaml
|
||||
- **尝试简化插件**:如果转换失败,尝试创建一个最小化的插件示例进行测试
|
||||
- **检查依赖版本**:确保使用的依赖版本与 Certd 兼容
|
||||
|
||||
## 总结
|
||||
## 代码结构
|
||||
|
||||
插件转换工具是一个方便实用的工具,它可以帮助开发者快速生成插件的 YAML 配置文件,简化插件的注册和管理过程。通过命令行参数指定单个插件文件,工具会自动完成类型识别、配置生成和保存等操作,大大提高了插件开发和管理的效率。
|
||||
### 主要函数
|
||||
|
||||
1. **isPrototypeOf(value, cls)**:检查对象是否是指定类的原型
|
||||
2. **loadSingleModule(filePath)**:加载单个插件模块
|
||||
3. **convertSinglePlugin(pluginPath)**:分析单个插件并生成 YAML 配置
|
||||
4. **main()**:主函数,处理命令行参数并执行转换
|
||||
|
||||
### 导出函数
|
||||
|
||||
工具导出了以下函数,便于其他模块调用:
|
||||
|
||||
```javascript
|
||||
export {
|
||||
convertSinglePlugin, // 转换单个插件
|
||||
loadSingleModule, // 加载单个模块
|
||||
isPrototypeOf // 检查原型关系
|
||||
};
|
||||
```
|
||||
|
||||
## 应用场景
|
||||
|
||||
1. **插件开发**:在开发新插件时,快速生成配置文件
|
||||
2. **插件调试**:查看插件的内部定义和配置
|
||||
3. **插件管理**:批量转换现有插件为标准配置格式
|
||||
4. **自动化构建**:集成到构建流程中,自动生成插件配置
|
||||
@@ -1,12 +1,73 @@
|
||||
---
|
||||
name: task-plugin-dev
|
||||
description: 用于开发 Certd 系统中的 Task 插件,继承自 AbstractTaskPlugin 类,被流水线调用 execute 方法将证书部署到对应的应用上。当用户需要创建任务插件、部署证书、自动化任务或修改现有 Task 插件时触发。
|
||||
version: 1.0.0
|
||||
---
|
||||
|
||||
# Task 插件开发技能
|
||||
|
||||
## 什么是 Task 插件
|
||||
## 角色定义
|
||||
你是一名 Certd 插件开发专家,擅长创建和实现 Task 类型的插件,熟悉 TypeScript 编程和 Certd 插件开发规范。
|
||||
|
||||
Task 插件是 Certd 系统中的部署任务插件,它继承自 `AbstractTaskPlugin` 类,被流水线调用 `execute` 方法,将证书部署到对应的应用上。
|
||||
## 核心指令
|
||||
请严格按照以下步骤执行任务:
|
||||
|
||||
## 开发步骤
|
||||
1. **导入必要的依赖**
|
||||
- 导入 `AbstractTaskPlugin`, `IsTaskPlugin`, `PageSearch`, `pluginGroups`, `RunStrategy`, `TaskInput` 等必要的类型和装饰器
|
||||
- 导入 `CertInfo`, `CertReader` 等证书相关类型
|
||||
- 导入 `createCertDomainGetterInputDefine`, `createRemoteSelectInputDefine` 等工具函数
|
||||
- 导入 `optionsUtils` 等辅助工具
|
||||
- 导入 `CertApplyPluginNames` 等常量
|
||||
|
||||
### 1. 导入必要的依赖
|
||||
2. **使用 @IsTaskPlugin 注解注册插件**
|
||||
- 配置插件的唯一标识、标题、图标
|
||||
- 设置插件分组
|
||||
- 配置默认策略(如 `SkipWhenSucceed`)
|
||||
- 确保类名与插件名称一致
|
||||
|
||||
3. **定义任务输入参数**
|
||||
- 使用 `@TaskInput` 注解定义各种输入参数
|
||||
- 必须包含证书选择参数,用于获取前置任务输出的域名证书
|
||||
- 可以添加授权选择框、文本输入、选择框等参数
|
||||
- 使用 `createCertDomainGetterInputDefine` 获取证书域名列表
|
||||
|
||||
4. **实现动态显隐配置**
|
||||
- 使用 `mergeScript` 实现根据其他输入值动态控制输入项的显隐状态
|
||||
- 利用 `ctx.compute` 函数访问表单中的其他字段值
|
||||
|
||||
5. **实现插件方法**
|
||||
- **onInstance 方法**:插件实例化时执行的初始化操作
|
||||
- **execute 方法**:插件的核心执行逻辑
|
||||
- 获取授权信息
|
||||
- 读取证书信息
|
||||
- 执行具体的部署逻辑
|
||||
- 处理错误并记录日志
|
||||
- 实现幂等性:确保重复执行不会导致问题
|
||||
- 实现超时处理:设置合理的超时时间
|
||||
- 实现回滚机制:在部署失败时能够回滚到之前的状态
|
||||
- **后端获取选项方法**:用于前端从后端获取选项的方法
|
||||
|
||||
6. **遵循开发最佳实践**
|
||||
- 插件命名:遵循命名规范,大写字母开头,驼峰命名
|
||||
- 类名规范:类名应与插件名称一致
|
||||
- 日志输出:使用 `this.logger` 输出日志
|
||||
- 错误处理:捕获并记录执行过程中的错误
|
||||
- 授权获取:使用 `this.getAccess(accessId)` 获取授权信息
|
||||
|
||||
## 输出规范
|
||||
- 必须包含完整的插件实现代码
|
||||
- 代码必须包含详细的注释说明
|
||||
- 提供完整的示例代码,展示插件的使用方法
|
||||
- 包含开发注意事项和最佳实践
|
||||
|
||||
## 示例
|
||||
|
||||
### 示例 1: 基本 Task 插件
|
||||
|
||||
#### 用户输入
|
||||
创建一个 Task 插件,用于将证书部署到对应的应用上。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
|
||||
@@ -14,230 +75,9 @@ import { CertInfo, CertReader } from '@certd/plugin-cert';
|
||||
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
|
||||
import { optionsUtils } from '@certd/basic';
|
||||
import { CertApplyPluginNames} from '@certd/plugin-cert';
|
||||
```
|
||||
|
||||
### 2. 使用 @IsTaskPlugin 注解注册插件
|
||||
|
||||
```typescript
|
||||
@IsTaskPlugin({
|
||||
// 命名规范,插件类型+功能,大写字母开头,驼峰命名
|
||||
name: 'DemoTest',
|
||||
title: 'Demo-测试插件', // 插件标题
|
||||
icon: 'clarity:plugin-line', // 插件图标
|
||||
// 插件分组
|
||||
group: pluginGroups.other.key,
|
||||
default: {
|
||||
// 默认值配置照抄即可
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
// 类名规范,跟上面插件名称(name)一致
|
||||
export class DemoTest extends AbstractTaskPlugin {
|
||||
// 插件实现...
|
||||
}
|
||||
```
|
||||
|
||||
### 3. 定义任务输入参数
|
||||
|
||||
使用 `@TaskInput` 注解定义任务输入参数:
|
||||
|
||||
```typescript
|
||||
// 测试参数
|
||||
@TaskInput({
|
||||
title: '属性示例',
|
||||
value: '默认值',
|
||||
component: {
|
||||
// 前端组件配置,具体配置见组件文档 https://www.antdv.com/components/input-cn
|
||||
name: 'a-input',
|
||||
vModel: 'value', // 双向绑定组件的 props 名称
|
||||
},
|
||||
helper: '帮助说明,[链接](https://certd.docmirror.cn)',
|
||||
required: false, // 是否必填
|
||||
})
|
||||
text!: string;
|
||||
|
||||
// 证书选择,此项必须要有
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
helper: '请选择前置任务输出的域名证书',
|
||||
component: {
|
||||
name: 'output-selector',
|
||||
from: [...CertApplyPluginNames],
|
||||
},
|
||||
// required: true, // 必填
|
||||
})
|
||||
cert!: CertInfo;
|
||||
|
||||
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
|
||||
// 前端可以展示,当前申请的证书域名列表
|
||||
certDomains!: string[];
|
||||
|
||||
// 授权选择框
|
||||
@TaskInput({
|
||||
title: 'demo授权',
|
||||
helper: 'demoAccess授权',
|
||||
component: {
|
||||
name: 'access-selector',
|
||||
vModel:"modelValue",
|
||||
type: "demo", // access类型,让用户固定选择这种类型的access
|
||||
},
|
||||
// rules: [{ required: true, message: '此项必填' }],
|
||||
// required: true, // 必填
|
||||
})
|
||||
accessId!: string;
|
||||
```
|
||||
|
||||
### 4. 动态显隐配置(mergeScript)
|
||||
|
||||
使用 `mergeScript` 可以实现根据其他输入值动态控制当前输入项的显隐状态。
|
||||
|
||||
```typescript
|
||||
@TaskInput({
|
||||
title: '匹配模式',
|
||||
component: {
|
||||
name: 'select',
|
||||
options: [
|
||||
{ label: '手动选择', value: 'manual' },
|
||||
{ label: '根据证书匹配', value: 'auto' },
|
||||
],
|
||||
},
|
||||
default: 'manual',
|
||||
})
|
||||
domainMatchMode!: 'manual' | 'auto';
|
||||
|
||||
@TaskInput(
|
||||
createRemoteSelectInputDefine({
|
||||
title: 'DCDN加速域名',
|
||||
helper: '你在阿里云上配置的DCDN加速域名',
|
||||
action: DeployCertToAliyunDCDN.prototype.onGetDomainList.name,
|
||||
watches: ['certDomains', 'accessId'],
|
||||
required: true,
|
||||
mergeScript: `
|
||||
return {
|
||||
show: ctx.compute(({form})=>{
|
||||
return domainMatchMode === "manual"
|
||||
})
|
||||
}
|
||||
`,
|
||||
})
|
||||
)
|
||||
domainName!: string | string[];
|
||||
```
|
||||
|
||||
`mergeScript` 中的 `ctx.compute` 函数接收一个回调函数,通过 `form` 参数可以访问表单中的其他字段值。
|
||||
|
||||
### 5. 实现插件方法
|
||||
|
||||
#### 5.1 插件实例化时执行的方法
|
||||
|
||||
```typescript
|
||||
// 插件实例化时执行的方法
|
||||
async onInstance() {}
|
||||
```
|
||||
|
||||
#### 5.2 插件执行方法
|
||||
|
||||
```typescript
|
||||
// 插件执行方法
|
||||
async execute(): Promise<void> {
|
||||
const { select, text, cert, accessId } = this;
|
||||
|
||||
try {
|
||||
const access = await this.getAccess(accessId);
|
||||
this.logger.debug('access', access);
|
||||
} catch (e) {
|
||||
this.logger.error('获取授权失败', e);
|
||||
}
|
||||
|
||||
try {
|
||||
const certReader = new CertReader(cert);
|
||||
this.logger.debug('certReader', certReader);
|
||||
} catch (e) {
|
||||
this.logger.error('读取crt失败', e);
|
||||
}
|
||||
|
||||
this.logger.info('DemoTestPlugin execute');
|
||||
this.logger.info('text:', text);
|
||||
this.logger.info('select:', select);
|
||||
this.logger.info('switch:', this.switch);
|
||||
this.logger.info('授权id:', accessId);
|
||||
|
||||
// 具体的部署逻辑
|
||||
// ...
|
||||
}
|
||||
```
|
||||
|
||||
#### 5.3 后端获取选项方法
|
||||
|
||||
使用 `createRemoteSelectInputDefine` 创建远程选择输入项,`action` 指向的方法接收 `PageSearch` 参数并返回 `{ list, total }` 格式。
|
||||
|
||||
```typescript
|
||||
@TaskInput(
|
||||
createRemoteSelectInputDefine({
|
||||
title: '从后端获取选项',
|
||||
helper: '选择时可以从后端获取选项',
|
||||
action: DemoTest.prototype.onGetSiteList.name,
|
||||
// 当以下参数变化时,触发获取选项
|
||||
watches: ['certDomains', 'accessId'],
|
||||
required: true,
|
||||
})
|
||||
)
|
||||
siteName!: string | string[];
|
||||
|
||||
// 从后端获取选项的方法,接收PageSearch参数
|
||||
async onGetSiteList(data: PageSearch) {
|
||||
if (!this.accessId) {
|
||||
throw new Error('请选择Access授权');
|
||||
}
|
||||
|
||||
// @ts-ignore
|
||||
const access = await this.getAccess(this.accessId);
|
||||
|
||||
// const siteRes = await access.GetDomainList(data);
|
||||
// 以下是模拟数据
|
||||
const siteRes = [
|
||||
{ id: 1, siteName: 'site1.com' },
|
||||
{ id: 2, siteName: 'site2.com' },
|
||||
{ id: 3, siteName: 'site2.com' },
|
||||
];
|
||||
// 转换为前端所需要的格式
|
||||
const options = siteRes.map((item: any) => {
|
||||
return {
|
||||
value: item.siteName,
|
||||
label: item.siteName,
|
||||
domain: item.siteName,
|
||||
};
|
||||
});
|
||||
|
||||
// 返回{list, total}格式
|
||||
return {
|
||||
list: optionsUtils.buildGroupOptions(options, this.certDomains),
|
||||
total: siteRes.length,
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **插件命名**:插件名称应遵循命名规范,大写字母开头,驼峰命名。
|
||||
2. **类名规范**:类名应与插件名称(name)一致。
|
||||
3. **证书选择**:必须包含证书选择参数,用于获取前置任务输出的域名证书。
|
||||
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`。
|
||||
5. **错误处理**:执行过程中的错误应被捕获并记录。
|
||||
6. **授权获取**:使用 `this.getAccess(accessId)` 获取授权信息。
|
||||
|
||||
## 完整示例
|
||||
|
||||
```typescript
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
|
||||
import { CertInfo, CertReader } from '@certd/plugin-cert';
|
||||
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
|
||||
import { optionsUtils } from '@certd/basic';
|
||||
import { CertApplyPluginNames} from '@certd/plugin-cert';
|
||||
@IsTaskPlugin({
|
||||
//命名规范,插件类型+功能(就是目录plugin-demo中的demo),大写字母开头,驼峰命名
|
||||
//命名规范,插件类型+功能,大写字母开头,驼峰命名
|
||||
name: 'DemoTest',
|
||||
title: 'Demo-测试插件',
|
||||
icon: 'clarity:plugin-line',
|
||||
@@ -286,7 +126,7 @@ export class DemoTest extends AbstractTaskPlugin {
|
||||
title: '动态显隐',
|
||||
helper: '我会根据选择框的值进行显隐',
|
||||
show: true, //动态计算的值会覆盖它
|
||||
//动态计算脚本, mergeScript返回的对象会合并当前配置,此处演示 show的值会被动态计算结果覆盖,show的值根据用户选择的select的值决定
|
||||
//动态计算脚本, mergeScript返回的对象会合并当前配置
|
||||
mergeScript: `
|
||||
return {
|
||||
show: ctx.compute(({form})=>{
|
||||
@@ -324,6 +164,7 @@ export class DemoTest extends AbstractTaskPlugin {
|
||||
},
|
||||
})
|
||||
switch!: boolean;
|
||||
|
||||
//证书选择,此项必须要有
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
@@ -392,6 +233,7 @@ export class DemoTest extends AbstractTaskPlugin {
|
||||
this.logger.info('switch:', this.switch);
|
||||
this.logger.info('授权id:', accessId);
|
||||
|
||||
// 具体的部署逻辑
|
||||
// const res = await this.http.request({
|
||||
// url: 'https://api.demo.com',
|
||||
// method: 'GET',
|
||||
@@ -434,4 +276,371 @@ export class DemoTest extends AbstractTaskPlugin {
|
||||
};
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### 示例 2: Nginx 部署 Task 插件
|
||||
|
||||
#### 用户输入
|
||||
创建一个 Task 插件,用于将证书部署到 Nginx 服务器上。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AbstractTaskPlugin, CertInfo, IsTaskPlugin, TaskInput, pluginGroups, RunStrategy } from '@certd/pipeline';
|
||||
import { CertReader } from '@certd/plugin-lib';
|
||||
|
||||
/**
|
||||
* Nginx 证书部署插件
|
||||
*/
|
||||
@IsTaskPlugin({
|
||||
name: 'NginxDeploy',
|
||||
title: 'Nginx 部署',
|
||||
desc: '将证书部署到 Nginx 服务器上',
|
||||
icon: 'clarity:server-line',
|
||||
group: pluginGroups.deploy.key,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class NginxDeploy extends AbstractTaskPlugin {
|
||||
/**
|
||||
* 服务器授权
|
||||
*/
|
||||
@TaskInput({
|
||||
title: '服务器授权',
|
||||
component: {
|
||||
name: 'access-selector',
|
||||
vModel: 'accessId',
|
||||
accessTypes: ['ssh'],
|
||||
placeholder: '请选择服务器授权',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
accessId = '';
|
||||
|
||||
/**
|
||||
* 域名证书
|
||||
*/
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
component: {
|
||||
name: 'output-selector',
|
||||
from: ['CertApply', 'CertApplyCloudflare'],
|
||||
field: 'cert',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo;
|
||||
|
||||
/**
|
||||
* 证书路径
|
||||
*/
|
||||
@TaskInput({
|
||||
title: '证书路径',
|
||||
value: '/etc/nginx/ssl',
|
||||
component: {
|
||||
name: 'a-input',
|
||||
placeholder: '请输入证书存储路径',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
certPath = '';
|
||||
|
||||
/**
|
||||
* Nginx 配置文件路径
|
||||
*/
|
||||
@TaskInput({
|
||||
title: 'Nginx 配置文件',
|
||||
value: '/etc/nginx/conf.d',
|
||||
component: {
|
||||
name: 'a-input',
|
||||
placeholder: '请输入 Nginx 配置文件路径',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
nginxConfPath = '';
|
||||
|
||||
/**
|
||||
* 服务名称
|
||||
*/
|
||||
@TaskInput({
|
||||
title: '服务名称',
|
||||
component: {
|
||||
name: 'a-input',
|
||||
placeholder: '请输入服务名称(用于生成配置文件)',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
serviceName = '';
|
||||
|
||||
/**
|
||||
* 执行部署
|
||||
*/
|
||||
async execute(): Promise<void> {
|
||||
this.logger.info('开始部署证书到 Nginx');
|
||||
|
||||
try {
|
||||
// 1. 获取服务器授权
|
||||
const sshAccess = await this.getAccess(this.accessId);
|
||||
this.logger.info('获取服务器授权成功');
|
||||
|
||||
// 2. 读取证书信息
|
||||
const certReader = new CertReader(this.cert);
|
||||
const cert = certReader.getCert();
|
||||
const key = certReader.getKey();
|
||||
const fullchain = certReader.getFullChain();
|
||||
this.logger.info('读取证书信息成功');
|
||||
|
||||
// 3. 准备部署路径
|
||||
const certFile = `${this.certPath}/${this.serviceName}.pem`;
|
||||
const keyFile = `${this.certPath}/${this.serviceName}.key`;
|
||||
const confFile = `${this.nginxConfPath}/${this.serviceName}.conf`;
|
||||
|
||||
// 4. 创建证书目录
|
||||
await sshAccess.exec(`mkdir -p ${this.certPath}`);
|
||||
this.logger.info('创建证书目录成功');
|
||||
|
||||
// 5. 上传证书文件
|
||||
await sshAccess.uploadContent(cert, certFile);
|
||||
await sshAccess.uploadContent(key, keyFile);
|
||||
await sshAccess.uploadContent(fullchain, `${this.certPath}/${this.serviceName}-fullchain.pem`);
|
||||
this.logger.info('上传证书文件成功');
|
||||
|
||||
// 6. 生成 Nginx 配置
|
||||
const nginxConf = `server {
|
||||
listen 443 ssl;
|
||||
server_name ${this.cert.domains.join(' ')};
|
||||
|
||||
ssl_certificate ${certFile};
|
||||
ssl_certificate_key ${keyFile};
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:80;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
`;
|
||||
|
||||
// 7. 上传 Nginx 配置
|
||||
await sshAccess.uploadContent(nginxConf, confFile);
|
||||
this.logger.info('上传 Nginx 配置成功');
|
||||
|
||||
// 8. 测试 Nginx 配置
|
||||
const testResult = await sshAccess.exec('nginx -t');
|
||||
if (testResult.includes('test is successful')) {
|
||||
this.logger.info('Nginx 配置测试成功');
|
||||
} else {
|
||||
throw new Error(`Nginx 配置测试失败: ${testResult}`);
|
||||
}
|
||||
|
||||
// 9. 重启 Nginx 服务
|
||||
await sshAccess.exec('systemctl reload nginx');
|
||||
this.logger.info('重启 Nginx 服务成功');
|
||||
|
||||
this.logger.info('证书部署到 Nginx 成功');
|
||||
} catch (error) {
|
||||
this.logger.error('部署失败:', error);
|
||||
throw new Error(`部署到 Nginx 失败: ${error.message}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 实例化插件
|
||||
new NginxDeploy();
|
||||
```
|
||||
|
||||
### 示例 3: 阿里云 OSS 部署 Task 插件
|
||||
|
||||
#### 用户输入
|
||||
创建一个 Task 插件,用于将证书部署到阿里云 OSS 上。
|
||||
|
||||
#### 你的回答
|
||||
|
||||
```typescript
|
||||
import { AbstractTaskPlugin, CertInfo, IsTaskPlugin, TaskInput, pluginGroups, RunStrategy } from '@certd/pipeline';
|
||||
import { CertReader } from '@certd/plugin-lib';
|
||||
|
||||
/**
|
||||
* 阿里云 OSS 证书部署插件
|
||||
*/
|
||||
@IsTaskPlugin({
|
||||
name: 'AliyunOSSDeploy',
|
||||
title: '阿里云 OSS 部署',
|
||||
desc: '将证书部署到阿里云 OSS 存储上',
|
||||
icon: 'clarity:cloud-line',
|
||||
group: pluginGroups.deploy.key,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class AliyunOSSDeploy extends AbstractTaskPlugin {
|
||||
/**
|
||||
* 阿里云授权
|
||||
*/
|
||||
@TaskInput({
|
||||
title: '阿里云授权',
|
||||
component: {
|
||||
name: 'access-selector',
|
||||
vModel: 'accessId',
|
||||
accessTypes: ['aliyun'],
|
||||
placeholder: '请选择阿里云授权',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
accessId = '';
|
||||
|
||||
/**
|
||||
* 域名证书
|
||||
*/
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
component: {
|
||||
name: 'output-selector',
|
||||
from: ['CertApply', 'CertApplyCloudflare'],
|
||||
field: 'cert',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo;
|
||||
|
||||
/**
|
||||
* OSS 存储桶
|
||||
*/
|
||||
@TaskInput({
|
||||
title: 'OSS 存储桶',
|
||||
component: {
|
||||
name: 'a-input',
|
||||
placeholder: '请输入 OSS 存储桶名称',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
bucketName = '';
|
||||
|
||||
/**
|
||||
* 存储路径
|
||||
*/
|
||||
@TaskInput({
|
||||
title: '存储路径',
|
||||
value: 'ssl/',
|
||||
component: {
|
||||
name: 'a-input',
|
||||
placeholder: '请输入证书存储路径',
|
||||
},
|
||||
})
|
||||
storagePath = '';
|
||||
|
||||
/**
|
||||
* 执行部署
|
||||
*/
|
||||
async execute(): Promise<void> {
|
||||
this.logger.info('开始部署证书到阿里云 OSS');
|
||||
|
||||
try {
|
||||
// 1. 获取阿里云授权
|
||||
const aliyunAccess = await this.getAccess(this.accessId);
|
||||
this.logger.info('获取阿里云授权成功');
|
||||
|
||||
// 2. 读取证书信息
|
||||
const certReader = new CertReader(this.cert);
|
||||
const cert = certReader.getCert();
|
||||
const key = certReader.getKey();
|
||||
const fullchain = certReader.getFullChain();
|
||||
this.logger.info('读取证书信息成功');
|
||||
|
||||
// 3. 准备存储路径
|
||||
const basePath = this.storagePath.endsWith('/') ? this.storagePath : `${this.storagePath}/`;
|
||||
const certFileName = `${basePath}${this.cert.domains[0]}.pem`;
|
||||
const keyFileName = `${basePath}${this.cert.domains[0]}.key`;
|
||||
const fullchainFileName = `${basePath}${this.cert.domains[0]}-fullchain.pem`;
|
||||
|
||||
// 4. 上传证书到 OSS
|
||||
await aliyunAccess.uploadToOSS({
|
||||
bucket: this.bucketName,
|
||||
key: certFileName,
|
||||
content: cert,
|
||||
});
|
||||
this.logger.info('上传证书文件成功');
|
||||
|
||||
await aliyunAccess.uploadToOSS({
|
||||
bucket: this.bucketName,
|
||||
key: keyFileName,
|
||||
content: key,
|
||||
});
|
||||
this.logger.info('上传私钥文件成功');
|
||||
|
||||
await aliyunAccess.uploadToOSS({
|
||||
bucket: this.bucketName,
|
||||
key: fullchainFileName,
|
||||
content: fullchain,
|
||||
});
|
||||
this.logger.info('上传完整证书链成功');
|
||||
|
||||
// 5. 设置文件访问权限(可选)
|
||||
await aliyunAccess.setOSSObjectAcl({
|
||||
bucket: this.bucketName,
|
||||
key: certFileName,
|
||||
acl: 'private',
|
||||
});
|
||||
|
||||
await aliyunAccess.setOSSObjectAcl({
|
||||
bucket: this.bucketName,
|
||||
key: keyFileName,
|
||||
acl: 'private',
|
||||
});
|
||||
|
||||
await aliyunAccess.setOSSObjectAcl({
|
||||
bucket: this.bucketName,
|
||||
key: fullchainFileName,
|
||||
acl: 'private',
|
||||
});
|
||||
this.logger.info('设置文件访问权限成功');
|
||||
|
||||
this.logger.info('证书部署到阿里云 OSS 成功');
|
||||
} catch (error) {
|
||||
this.logger.error('部署失败:', error);
|
||||
throw new Error(`部署到阿里云 OSS 失败: ${error.message}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 实例化插件
|
||||
new AliyunOSSDeploy();
|
||||
```
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **插件命名**:插件名称应遵循命名规范,大写字母开头,驼峰命名。
|
||||
2. **类名规范**:类名应与插件名称(name)一致。
|
||||
3. **证书选择**:必须包含证书选择参数,用于获取前置任务输出的域名证书。
|
||||
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`。
|
||||
5. **错误处理**:执行过程中的错误应被捕获并记录。
|
||||
6. **授权获取**:使用 `this.getAccess(accessId)` 获取授权信息。
|
||||
|
||||
## 部署逻辑注意事项
|
||||
|
||||
1. **部署接口逻辑**:
|
||||
- 研究应用的部署接口逻辑,一般有两种:
|
||||
a. 用户选择网站ID,给网站部署新证书
|
||||
b. 用户选择证书ID,只需要更新证书即可
|
||||
- 保证多次执行都能针对同一个对象部署证书
|
||||
- 确保出错后重新运行能够回归到正常状态
|
||||
|
||||
2. **前置证书选择**:
|
||||
- 前置证书可以是原始的 `certInfo` 类型,也可能是上传到平台之后返回的证书id
|
||||
- 根据接口要求选择合适的证书类型:
|
||||
a. 如果接口需要上传后的证书id,那么部署时要先将证书上传,再部署
|
||||
b. 如果接口需要原始的 `certInfo` 类型,那么直接使用 `certInfo` 部署证书
|
||||
c. 当两者都支持时,判断用户选择的证书类型,再考虑优先上传再部署
|
||||
|
||||
3. **证书清理**:
|
||||
- 如果是先上传再部署的,那么在部署完成后,可能需要考虑清理证书
|
||||
```
|
||||
@@ -95,7 +95,15 @@ https://certd.handfree.work/
|
||||
3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
|
||||
4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) : 首充翻倍,每月仅需2.2元
|
||||
[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
|
||||
5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
|
||||
|
||||
5. 【推荐】[一键安装脚本](https://certd.docmirror.cn/guide/install/docker/)(自动安装 Docker,Certd):
|
||||
```bash
|
||||
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
|
||||
```
|
||||
|
||||
6. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
|
||||
|
||||
|
||||
|
||||
#### Docker镜像说明:
|
||||
* 国内镜像地址:
|
||||
|
||||
@@ -0,0 +1,340 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
CERTD_VERSION="${CERTD_VERSION:-latest}"
|
||||
INSTALL_DIR="${INSTALL_DIR:-/opt/certd}"
|
||||
COMPOSE_FILE_URL="https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml"
|
||||
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
|
||||
|
||||
DOCKER_MIRROR="https://mirrors.aliyun.com"
|
||||
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m'
|
||||
|
||||
log_info() {
|
||||
echo -e "${GREEN}[INFO]${NC} $1"
|
||||
}
|
||||
|
||||
log_warn() {
|
||||
echo -e "${YELLOW}[WARN]${NC} $1"
|
||||
}
|
||||
|
||||
log_error() {
|
||||
echo -e "${RED}[ERROR]${NC} $1"
|
||||
}
|
||||
|
||||
check_command() {
|
||||
command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
get_local_ip() {
|
||||
LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | grep -oP 'src \K[^ ]+' | head -1)
|
||||
if [ -z "$LOCAL_IP" ]; then
|
||||
LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
|
||||
fi
|
||||
if [ -z "$LOCAL_IP" ]; then
|
||||
LOCAL_IP="127.0.0.1"
|
||||
fi
|
||||
echo "$LOCAL_IP"
|
||||
}
|
||||
|
||||
get_public_ip() {
|
||||
PUBLIC_IP=$(curl -s --max-time 5 https://api.ipify.org 2>/dev/null)
|
||||
if [ -z "$PUBLIC_IP" ]; then
|
||||
PUBLIC_IP=$(curl -s --max-time 5 https://checkip.amazonaws.com 2>/dev/null)
|
||||
fi
|
||||
if [ -z "$PUBLIC_IP" ]; then
|
||||
PUBLIC_IP=""
|
||||
fi
|
||||
echo "$PUBLIC_IP"
|
||||
}
|
||||
|
||||
show_access_urls() {
|
||||
LOCAL_IP=$(get_local_ip)
|
||||
PUBLIC_IP=$(get_public_ip)
|
||||
|
||||
echo ""
|
||||
echo "=========================================="
|
||||
log_info "安装完成!"
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
echo "访问地址:"
|
||||
if [ -n "$PUBLIC_IP" ]; then
|
||||
echo -e " ${GREEN}外网访问:${NC} http://$PUBLIC_IP:7001"
|
||||
fi
|
||||
echo -e " ${GREEN}局域网:${NC} http://$LOCAL_IP:7001"
|
||||
echo ""
|
||||
echo "配置文件: $COMPOSE_FILE"
|
||||
echo ""
|
||||
echo "常用命令:"
|
||||
echo " cd $INSTALL_DIR"
|
||||
echo " docker compose logs -f # 查看日志"
|
||||
echo " docker compose restart # 重启服务"
|
||||
echo " docker compose down # 停止服务"
|
||||
echo ""
|
||||
}
|
||||
|
||||
detect_os() {
|
||||
if [ -f /etc/os-release ]; then
|
||||
. /etc/os-release
|
||||
OS=$ID
|
||||
VER=$VERSION_ID
|
||||
elif [ -f /etc/centos-release ]; then
|
||||
OS="centos"
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
OS="rhel"
|
||||
else
|
||||
OS="unknown"
|
||||
fi
|
||||
}
|
||||
|
||||
check_docker() {
|
||||
if check_command docker; then
|
||||
DOCKER_VERSION=$(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',')
|
||||
log_info "Docker 已安装: $DOCKER_VERSION"
|
||||
return 0
|
||||
else
|
||||
log_warn "Docker 未安装"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
check_docker_compose() {
|
||||
if check_command docker-compose; then
|
||||
COMPOSE_VERSION=$(docker-compose --version 2>/dev/null | awk '{print $3}' | tr -d ',')
|
||||
log_info "Docker Compose 已安装: $COMPOSE_VERSION"
|
||||
return 0
|
||||
elif docker compose version >/dev/null 2>&1; then
|
||||
log_info "Docker Compose (插件版) 已安装"
|
||||
return 0
|
||||
else
|
||||
log_warn "Docker Compose 未安装"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
install_docker_ubuntu() {
|
||||
log_info "正在安装 Docker (Ubuntu/Debian)..."
|
||||
apt-get update
|
||||
apt-get install -y ca-certificates curl gnupg lsb-release
|
||||
|
||||
mkdir -p /etc/apt/keyrings
|
||||
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
|
||||
curl -fsSL https://download.docker.com/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/${OS} $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
|
||||
apt-get update
|
||||
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_docker_centos() {
|
||||
log_info "正在安装 Docker (CentOS/RHEL)..."
|
||||
yum install -y yum-utils
|
||||
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
|
||||
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_dockerrocky() {
|
||||
log_info "正在安装 Docker (Rocky Linux/AlmaLinux)..."
|
||||
dnf install -y yum-utils
|
||||
dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
|
||||
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_docker_debian() {
|
||||
log_info "正在安装 Docker (Debian)..."
|
||||
apt-get update
|
||||
apt-get install -y ca-certificates curl gnupg2
|
||||
|
||||
mkdir -p /etc/apt/keyrings
|
||||
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg
|
||||
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
|
||||
|
||||
apt-get update
|
||||
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_docker() {
|
||||
detect_os
|
||||
log_info "检测到操作系统: $OS"
|
||||
|
||||
case $OS in
|
||||
ubuntu)
|
||||
install_docker_ubuntu
|
||||
;;
|
||||
debian)
|
||||
install_docker_debian
|
||||
;;
|
||||
centos)
|
||||
install_docker_centos
|
||||
;;
|
||||
rhel|rocky|almalinux)
|
||||
install_dockerrocky
|
||||
;;
|
||||
*)
|
||||
log_error "不支持的操作系统: $OS"
|
||||
log_info "请手动安装 Docker"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
install_docker_compose_standalone() {
|
||||
log_info "正在安装 Docker Compose (独立版本)..."
|
||||
|
||||
COMPOSE_URLS=(
|
||||
"https://get.daocloud.io/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||
"https://mirror.sjtu.edu.cn/github/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||
"https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||
)
|
||||
|
||||
for url in "${COMPOSE_URLS[@]}"; do
|
||||
log_info "尝试从: $url"
|
||||
if curl -L "$url" -o /usr/local/bin/docker-compose 2>/dev/null; then
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
log_info "Docker Compose 安装完成"
|
||||
return 0
|
||||
fi
|
||||
log_warn "下载失败,尝试下一个源..."
|
||||
done
|
||||
|
||||
log_error "Docker Compose 安装失败"
|
||||
return 1
|
||||
}
|
||||
|
||||
install_docker_compose() {
|
||||
if check_command docker && docker compose version >/dev/null 2>&1; then
|
||||
log_info "Docker Compose 插件已可用"
|
||||
return 0
|
||||
fi
|
||||
|
||||
if check_command docker-compose; then
|
||||
log_info "Docker Compose 独立版本已安装"
|
||||
return 0
|
||||
fi
|
||||
|
||||
install_docker_compose_standalone
|
||||
}
|
||||
|
||||
download_compose_file() {
|
||||
log_info "正在下载 docker-compose.yaml..."
|
||||
mkdir -p "$INSTALL_DIR"
|
||||
|
||||
if curl -fsSL "$COMPOSE_FILE_URL" -o "$COMPOSE_FILE.tmp"; then
|
||||
mv "$COMPOSE_FILE.tmp" "$COMPOSE_FILE"
|
||||
log_info "docker-compose.yaml 已下载到 $COMPOSE_FILE"
|
||||
|
||||
if [ "$CERTD_VERSION" != "latest" ]; then
|
||||
sed -i "s|certd:latest|certd:$CERTD_VERSION|g" "$COMPOSE_FILE"
|
||||
log_info "已修改镜像版本为: $CERTD_VERSION"
|
||||
fi
|
||||
else
|
||||
log_error "下载失败,请检查网络连接"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
start_certd() {
|
||||
log_info "正在启动 Certd 容器..."
|
||||
cd "$INSTALL_DIR"
|
||||
|
||||
if docker compose -f "$COMPOSE_FILE" up -d 2>/dev/null; then
|
||||
log_info "Certd 启动成功!"
|
||||
elif docker-compose -f "$COMPOSE_FILE" up -d; then
|
||||
log_info "Certd 启动成功!"
|
||||
fi
|
||||
|
||||
sleep 2
|
||||
docker ps --filter "name=certd" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
|
||||
}
|
||||
|
||||
show_usage() {
|
||||
echo "用法: $0 [选项]"
|
||||
echo ""
|
||||
echo "选项:"
|
||||
echo " -v, --version VERSION 指定 Certd 版本 (默认: latest)"
|
||||
echo " -p, --path PATH 指定安装路径 (默认: /opt/certd)"
|
||||
echo " -h, --help 显示帮助信息"
|
||||
echo ""
|
||||
echo "示例:"
|
||||
echo " $0 # 使用默认配置安装"
|
||||
echo " $0 -v 1.29.0 # 安装指定版本"
|
||||
echo " $0 -p /data/certd # 安装到指定目录"
|
||||
}
|
||||
|
||||
main() {
|
||||
echo "=========================================="
|
||||
echo " Certd 一键安装脚本"
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
-v|--version)
|
||||
CERTD_VERSION="$2"
|
||||
shift 2
|
||||
;;
|
||||
-p|--path)
|
||||
INSTALL_DIR="$2"
|
||||
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
|
||||
shift 2
|
||||
;;
|
||||
-h|--help)
|
||||
show_usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
log_error "未知选项: $1"
|
||||
show_usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
log_info "Certd 版本: $CERTD_VERSION"
|
||||
log_info "安装路径: $INSTALL_DIR"
|
||||
echo ""
|
||||
|
||||
DOCKER_INSTALLED=true
|
||||
COMPOSE_INSTALLED=true
|
||||
|
||||
if ! check_docker; then
|
||||
echo ""
|
||||
log_info "正在安装 Docker..."
|
||||
install_docker
|
||||
fi
|
||||
|
||||
if ! check_docker_compose; then
|
||||
echo ""
|
||||
log_info "正在安装 Docker Compose..."
|
||||
install_docker_compose
|
||||
fi
|
||||
|
||||
download_compose_file
|
||||
start_certd
|
||||
|
||||
show_access_urls
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -114,6 +114,7 @@ export default defineConfig({
|
||||
{text: "连接windows主机", link: "/guide/use/host/windows.md"},
|
||||
{text: "Google EAB获取", link: "/guide/use/google/"},
|
||||
{text: "阿里云相关", link: "/guide/use/aliyun/"},
|
||||
{text: "Azure相关", link: "/guide/use/azure/dns.md"},
|
||||
{text: "数据备份", link: "/guide/use/backup/"},
|
||||
{text: "Certd本身的证书更新", link: "/guide/use/https/index.md"},
|
||||
{text: "js脚本插件使用", link: "/guide/use/custom-script/index.md"},
|
||||
|
||||
@@ -3,6 +3,25 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
|
||||
* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
|
||||
* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
|
||||
* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
|
||||
* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
|
||||
* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
|
||||
* 流水线修改编辑之后,增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
|
||||
* 修复检查全部某些情况下无效的bug,优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
|
||||
* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
|
||||
* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
|
||||
|
||||
## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -2,7 +2,23 @@
|
||||
|
||||
## 一、安装
|
||||
|
||||
### 1. 环境准备
|
||||
### 一键脚本安装(推荐)
|
||||
|
||||
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
|
||||
|
||||
```bash
|
||||
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
|
||||
```
|
||||
|
||||
> 支持 Ubuntu、Debian、CentOS、Rocky Linux、AlmaLinux 等主流发行版。
|
||||
> docker-compose文件目录:`/opt/certd` ,升级时需要先进入此目录
|
||||
> 运行时数据默认保存路径:`/data/certd` ,可使用参数指定:`-p /data/certd`
|
||||
|
||||
|
||||
|
||||
### 手动安装
|
||||
|
||||
#### 1. 环境准备
|
||||
|
||||
1.1 准备一台云服务器
|
||||
|
||||
@@ -19,9 +35,9 @@ https://docs.docker.com/engine/install/
|
||||
|
||||
```bash
|
||||
# 随便创建一个目录
|
||||
mkdir certd
|
||||
mkdir /opt/certd
|
||||
# 进入目录
|
||||
cd certd
|
||||
cd /opt/certd
|
||||
# 下载docker-compose.yaml文件,或者手动下载放到certd目录下
|
||||
wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
|
||||
|
||||
@@ -54,12 +70,12 @@ https://your_server_ip:7002
|
||||
记得修改密码
|
||||
|
||||
|
||||
## 二、升级
|
||||
## 二、升级Certd
|
||||
|
||||
::: warning
|
||||
如果您是第一次升级certd版本,切记切记先备份一下数据
|
||||
```
|
||||
# docker-compose.yaml配置
|
||||
# 查看/opt/certd/docker-compose.yaml配置
|
||||
- /data/certd:/app/data # 请务必确保 /app/data 这个路径没有改动,固定写死
|
||||
```
|
||||
:::
|
||||
@@ -71,6 +87,7 @@ https://your_server_ip:7002
|
||||
|
||||
### 如果使用`latest`版本
|
||||
```shell
|
||||
cd /opt/certd
|
||||
#重新拉取镜像
|
||||
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
|
||||
# 重新启动容器
|
||||
|
||||
@@ -36,45 +36,48 @@
|
||||
| 32.| **Gcore** | Gcore |
|
||||
| 33.| **Github授权** | |
|
||||
| 34.| **godaddy授权** | |
|
||||
| 35.| **金山云授权** | |
|
||||
| 36.| **FTP授权** | |
|
||||
| 37.| **七牛OSS授权** | |
|
||||
| 38.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
||||
| 39.| **s3/minio授权** | S3/minio oss授权 |
|
||||
| 40.| **namesilo授权** | |
|
||||
| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
||||
| 42.| **1panel授权** | 账号和密码 |
|
||||
| 43.| **支付宝** | |
|
||||
| 44.| **白山云授权** | |
|
||||
| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
||||
| 46.| **cdnfly授权** | |
|
||||
| 47.| **k8s授权** | |
|
||||
| 48.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 49.| **LeCDN授权** | |
|
||||
| 50.| **lucky** | |
|
||||
| 51.| **猫云授权** | |
|
||||
| 52.| **plesk授权** | |
|
||||
| 53.| **长亭雷池授权** | |
|
||||
| 54.| **群晖登录授权** | |
|
||||
| 55.| **uniCloud** | unicloud授权 |
|
||||
| 56.| **微信支付** | |
|
||||
| 57.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 58.| **易发云短信** | sms.yfyidc.cn/ |
|
||||
| 59.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
||||
| 60.| **易支付** | |
|
||||
| 61.| **proxmox** | |
|
||||
| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
||||
| 63.| **UCloud授权** | 优刻得授权 |
|
||||
| 64.| **又拍云** | |
|
||||
| 65.| **网宿授权** | |
|
||||
| 66.| **西部数码授权** | |
|
||||
| 67.| **我爱云授权** | 我爱云CDN |
|
||||
| 68.| **新网授权(代理方式)** | |
|
||||
| 69.| **新网授权** | |
|
||||
| 70.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
||||
| 71.| **Zenlayer授权** | Zenlayer授权 |
|
||||
| 72.| **GoEdge授权** | |
|
||||
| 73.| **雨云授权** | https://app.rainyun.com/ |
|
||||
| 35.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
|
||||
| 36.| **金山云授权** | |
|
||||
| 37.| **FTP授权** | |
|
||||
| 38.| **七牛OSS授权** | |
|
||||
| 39.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
||||
| 40.| **s3/minio授权** | S3/minio oss授权 |
|
||||
| 41.| **namesilo授权** | |
|
||||
| 42.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
||||
| 43.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
|
||||
| 44.| **1panel授权** | 账号和密码 |
|
||||
| 45.| **支付宝** | |
|
||||
| 46.| **白山云授权** | |
|
||||
| 47.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
||||
| 48.| **cdnfly授权** | |
|
||||
| 49.| **k8s授权** | |
|
||||
| 50.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 51.| **LeCDN授权** | |
|
||||
| 52.| **lucky** | |
|
||||
| 53.| **猫云授权** | |
|
||||
| 54.| **plesk授权** | |
|
||||
| 55.| **长亭雷池授权** | |
|
||||
| 56.| **群晖登录授权** | |
|
||||
| 57.| **uniCloud** | unicloud授权 |
|
||||
| 58.| **微信支付** | |
|
||||
| 59.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 60.| **易发云短信** | sms.yfyidc.cn/ |
|
||||
| 61.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
||||
| 62.| **易支付** | |
|
||||
| 63.| **proxmox** | |
|
||||
| 64.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
||||
| 65.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
|
||||
| 66.| **UCloud授权** | 优刻得授权 |
|
||||
| 67.| **又拍云** | |
|
||||
| 68.| **网宿授权** | |
|
||||
| 69.| **西部数码授权** | |
|
||||
| 70.| **我爱云授权** | 我爱云CDN |
|
||||
| 71.| **新网授权(代理方式)** | |
|
||||
| 72.| **新网授权** | |
|
||||
| 73.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
||||
| 74.| **Zenlayer授权** | Zenlayer授权 |
|
||||
| 75.| **GoEdge授权** | |
|
||||
| 76.| **雨云授权** | https://app.rainyun.com/ |
|
||||
|
||||
<style module>
|
||||
table th:first-of-type {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# 任务插件
|
||||
共 `129` 款任务插件
|
||||
共 `130` 款任务插件
|
||||
## 1. 证书申请
|
||||
|
||||
| 序号 | 名称 | 说明 |
|
||||
@@ -58,25 +58,26 @@
|
||||
| 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 |
|
||||
| 4.| **飞牛NAS-部署证书** | |
|
||||
| 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 |
|
||||
| 6.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
|
||||
| 7.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
|
||||
| 8.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
|
||||
| 9.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
||||
| 10.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
||||
| 11.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
||||
| 12.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
||||
| 13.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
||||
| 14.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
||||
| 15.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
||||
| 16.| **lucky-更新Lucky证书** | |
|
||||
| 17.| **Plesk-部署Plesk网站证书** | |
|
||||
| 18.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
||||
| 19.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
||||
| 20.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
||||
| 21.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
||||
| 22.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
||||
| 23.| **Proxmox-上传证书到Proxmox** | |
|
||||
| 24.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
||||
| 6.| **Nginx Proxy Manager-部署到主机** | 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。 |
|
||||
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
|
||||
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
|
||||
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
|
||||
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
||||
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
||||
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
||||
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
||||
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
||||
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
||||
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
||||
| 17.| **lucky-更新Lucky证书** | |
|
||||
| 18.| **Plesk-部署Plesk网站证书** | |
|
||||
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
||||
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
||||
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
||||
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
||||
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
||||
| 24.| **Proxmox-上传证书到Proxmox** | |
|
||||
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
||||
## 5. 阿里云
|
||||
|
||||
| 序号 | 名称 | 说明 |
|
||||
|
||||
@@ -13,17 +13,19 @@
|
||||
| 9.| **cloudflare** | cloudflare dns provider |
|
||||
| 10.| **dns.la** | dns.la |
|
||||
| 11.| **godaddy** | GoDaddy |
|
||||
| 12.| **华为云** | 华为云DNS解析提供商 |
|
||||
| 13.| **namesilo** | namesilo dns provider |
|
||||
| 14.| **雨云** | 雨云DNS解析提供商 |
|
||||
| 15.| **腾讯云** | 腾讯云域名DNS解析提供者 |
|
||||
| 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
|
||||
| 17.| **西部数码** | west dns provider |
|
||||
| 18.| **Dns提供商Demo** | dns provider示例 |
|
||||
| 19.| **彩虹DNS** | 彩虹DNS管理系统 |
|
||||
| 20.| **Spaceship** | Spaceship 域名解析 |
|
||||
| 21.| **51dns** | 51DNS |
|
||||
| 22.| **新网互联** | 新网互联 |
|
||||
| 12.| **HiPM DNSMgr** | HiPM DNSMgr DNS 解析提供商 |
|
||||
| 13.| **华为云** | 华为云DNS解析提供商 |
|
||||
| 14.| **namesilo** | namesilo dns provider |
|
||||
| 15.| **雨云** | 雨云DNS解析提供商 |
|
||||
| 16.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器 |
|
||||
| 17.| **腾讯云** | 腾讯云域名DNS解析提供者 |
|
||||
| 18.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
|
||||
| 19.| **西部数码** | west dns provider |
|
||||
| 20.| **Dns提供商Demo** | dns provider示例 |
|
||||
| 21.| **彩虹DNS** | 彩虹DNS管理系统 |
|
||||
| 22.| **Spaceship** | Spaceship 域名解析 |
|
||||
| 23.| **51dns** | 51DNS |
|
||||
| 24.| **新网互联** | 新网互联 |
|
||||
|
||||
<style module>
|
||||
table th:first-of-type {
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
# Azure 配置
|
||||
|
||||
## Access授权配置
|
||||
|
||||
1. 登录 Azure 并创建一个资源组 【可选,如果已经有了可以不用创建】
|
||||
2. 创建一个应用程序
|
||||
Microsoft Entra ID - 》 应用注册 - 》 新注册
|
||||

|
||||

|
||||
|
||||
3. 配置授权
|
||||

|
||||
|
||||
4. 点击测试
|
||||
|
||||
## Azure DNS 配置
|
||||
|
||||
1. 创建一个 DNS 区域(就是一个域名)
|
||||

|
||||

|
||||
|
||||
2. 为这个域名和上面创建的授权应用分配角色
|
||||

|
||||

|
||||

|
||||
|
||||
3. 然后就可以给dns区域去申请证书了
|
||||
|
||||
|
After Width: | Height: | Size: 107 KiB |
|
After Width: | Height: | Size: 70 KiB |
|
After Width: | Height: | Size: 108 KiB |
|
After Width: | Height: | Size: 55 KiB |
|
After Width: | Height: | Size: 62 KiB |
|
After Width: | Height: | Size: 145 KiB |
|
After Width: | Height: | Size: 93 KiB |
|
After Width: | Height: | Size: 112 KiB |
|
After Width: | Height: | Size: 161 KiB |
@@ -26,16 +26,20 @@ Created an external account key
|
||||
[b64MacKey: xxxxxxxxxxxxxxxx
|
||||
keyId: xxxxxxxxxxxxx]
|
||||
```
|
||||

|
||||
|
||||
3. 到Certd中,创建一条EAB授权记录,填写keyId(=kid) 和 b64MacKey 信息
|
||||
注意:keyId没有`]`结尾,不要把`]`也复制了
|
||||
|
||||
注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱
|
||||
注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱,所以邮箱切记不要修改
|
||||
否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation`
|
||||
|
||||
### 2.2 通过服务账号获取EAB
|
||||
4. 创建证书流水线,选择证书提供商为google,选择EAB授权,运行流水线申请证书
|
||||
|
||||
此方式可以自动EAB,需要配置代理
|
||||
|
||||
### 2.2 通过google服务账号接口获取授权
|
||||
|
||||
此方式可以自动获取EAB,需要服务端配置代理
|
||||
|
||||
1. 创建服务账号
|
||||
https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts/create?walkthrough_id=iam--create-service-account&hl=zh-cn#step_index=1
|
||||
@@ -48,9 +52,7 @@ https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts/crea
|
||||
7. 点击`添加密钥`->`创建新密钥`->`JSON`,下载密钥文件
|
||||
8. 将json文件内容粘贴到 certd中 Google服务授权输入框中
|
||||
|
||||
9. 创建证书流水线,选择证书提供商为google, 选择服务账号授权,运行流水线申请证书
|
||||
|
||||
## 3、 创建证书流水线
|
||||
选择证书提供商为google, 选择EAB授权 或 服务账号授权
|
||||
|
||||
## 4、 其他就跟正常申请证书一样了
|
||||
|
||||
|
||||
@@ -70,5 +70,5 @@
|
||||
"bugs": {
|
||||
"url": "https://github.com/publishlab/node-acme-client/issues"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -21,7 +21,8 @@ const defaultOpts = {
|
||||
},
|
||||
challengeRemoveFn: async () => {
|
||||
throw new Error("Missing challengeRemoveFn()");
|
||||
}
|
||||
},
|
||||
waitDnsDiffuseTime: 30,
|
||||
};
|
||||
|
||||
/**
|
||||
|
||||
@@ -577,7 +577,7 @@ class AcmeClient {
|
||||
|
||||
const verifyFn = async (abort) => {
|
||||
if (this.opts.signal && this.opts.signal.aborted) {
|
||||
abort();
|
||||
abort(true);
|
||||
throw new CancelError('用户取消');
|
||||
}
|
||||
|
||||
|
||||
@@ -50,15 +50,18 @@ class Backoff {
|
||||
|
||||
async function retryPromise(fn, attempts, backoff, logger = log) {
|
||||
let aborted = false;
|
||||
let abortedFromUser = false;
|
||||
|
||||
try {
|
||||
const setAbort = () => { aborted = true; }
|
||||
const setAbort = (fromUser = false) => { aborted = true; abortedFromUser = fromUser; }
|
||||
const data = await fn(setAbort);
|
||||
return data;
|
||||
}
|
||||
catch (e) {
|
||||
if (aborted){
|
||||
logger(`用户取消重试`);
|
||||
if (abortedFromUser){
|
||||
logger(`用户取消重试`);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
if ( ((backoff.attempts + 1) >= attempts)) {
|
||||
@@ -249,7 +252,7 @@ async function resolveDomainBySoaRecord(recordName, logger = log) {
|
||||
|
||||
async function getAuthoritativeDnsResolver(recordName, logger = log) {
|
||||
logger(`获取域名${recordName}的权威NS服务器: `);
|
||||
const resolver = new dns.Resolver();
|
||||
const resolver = new dns.Resolver({ timeout: 10000,maxTimeout: 60000 });
|
||||
|
||||
try {
|
||||
/* Resolve root domain by SOA */
|
||||
|
||||
@@ -92,7 +92,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns,deep = 0) {
|
||||
try {
|
||||
log(`检查域名 ${recordName} 的TXT记录`);
|
||||
const txtRecords = await resolver.resolveTxt(recordName);
|
||||
|
||||
if (txtRecords && txtRecords.length) {
|
||||
log(`找到 ${txtRecords.length} 条 TXT记录( ${recordName})`);
|
||||
log(`TXT records: ${JSON.stringify(txtRecords)}`);
|
||||
|
||||
@@ -68,6 +68,7 @@ export interface ClientAutoOptions {
|
||||
preferredChain?: string;
|
||||
signal?: AbortSignal;
|
||||
profile?:string;
|
||||
waitDnsDiffuseTime?: number;
|
||||
}
|
||||
|
||||
export class Client {
|
||||
|
||||
@@ -47,5 +47,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -45,5 +45,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -65,4 +65,8 @@ export abstract class BaseAccess implements IAccess {
|
||||
}
|
||||
throw new Error(`action ${req.action} not found`);
|
||||
}
|
||||
|
||||
normalizeEndpoint(endpoint: string) {
|
||||
return endpoint.replace(/\/$/, "");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,5 +24,5 @@
|
||||
"prettier": "^2.8.8",
|
||||
"tslib": "^2.8.1"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -31,5 +31,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -56,5 +56,5 @@
|
||||
"fetch"
|
||||
]
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -33,5 +33,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -64,5 +64,5 @@
|
||||
"typeorm": "^0.3.11",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -6,10 +6,10 @@ import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, Sy
|
||||
|
||||
import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
|
||||
import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
|
||||
import { isPlus } from '@certd/plus-core';
|
||||
import * as dns from 'node:dns';
|
||||
import { BaseService, setAdminMode } from '../../../basic/index.js';
|
||||
import { executorQueue } from '../../basic/service/executor-queue.js';
|
||||
import { isComm, isPlus } from '@certd/plus-core';
|
||||
const { merge } = mergeUtils;
|
||||
|
||||
let lastSaveEnvVars = {};
|
||||
@@ -119,11 +119,11 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
||||
}
|
||||
|
||||
async savePublicSettings(bean: SysPublicSettings) {
|
||||
if (isComm()) {
|
||||
if (bean.adminMode === 'enterprise') {
|
||||
throw new Error("商业版不支持使用企业管理模式")
|
||||
}
|
||||
}
|
||||
// if (isComm()) {
|
||||
// if (bean.adminMode === 'enterprise') {
|
||||
// throw new Error("商业版不支持使用企业管理模式")
|
||||
// }
|
||||
// }
|
||||
|
||||
await this.saveSetting(bean);
|
||||
//让设置生效
|
||||
|
||||
@@ -46,5 +46,5 @@
|
||||
"typeorm": "^0.3.11",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -38,5 +38,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -57,5 +57,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -135,7 +135,12 @@ export class CertReader {
|
||||
}
|
||||
|
||||
static readCertDetail(crt: string) {
|
||||
const detail = crypto.readCertificateInfo(crt.toString());
|
||||
let detail: CertificateInfo;
|
||||
try {
|
||||
detail = crypto.readCertificateInfo(crt.toString());
|
||||
} catch (e) {
|
||||
throw new Error("证书解析失败:" + e.message + "(请确定证书格式,是否与私钥搞反?)");
|
||||
}
|
||||
const effective = detail.notBefore;
|
||||
const expires = detail.notAfter;
|
||||
const fingerprints = CertReader.getFingerprintX509(crt);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<template>
|
||||
<a-select :value="value" @update:value="onChange">
|
||||
<a-select :value="value" :filter-option="true" @update:value="onChange">
|
||||
<a-select-option v-for="item of options" :key="item.value" :value="item.value" :label="item.label">
|
||||
<span class="flex-o">
|
||||
<fs-icon :icon="item.icon" class="fs-16 color-blue mr-5" />
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<template>
|
||||
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" @update:value="atChange"> </icon-select>
|
||||
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" :filter-option="true" @update:value="atChange"> </icon-select>
|
||||
</template>
|
||||
|
||||
<script lang="ts">
|
||||
|
||||
@@ -289,7 +289,7 @@ export const useSettingStore = defineStore({
|
||||
}
|
||||
},
|
||||
|
||||
openBindUrlModal() {
|
||||
openBindUrlModal(opts: { closable?: boolean } = { closable: false }) {
|
||||
const event: any = { ModalRef: null };
|
||||
mitter.emit("getModal", event);
|
||||
const Modal = event.ModalRef;
|
||||
@@ -302,10 +302,12 @@ export const useSettingStore = defineStore({
|
||||
modalRef.destroy();
|
||||
}
|
||||
};
|
||||
const { closable = false } = opts;
|
||||
const modalRef: any = Modal.warning({
|
||||
title: "URL地址未绑定,是否绑定此地址?",
|
||||
width: 500,
|
||||
keyboard: false,
|
||||
closable,
|
||||
content: () => {
|
||||
return (
|
||||
<div class="p-4">
|
||||
@@ -338,10 +340,10 @@ export const useSettingStore = defineStore({
|
||||
danger: true,
|
||||
},
|
||||
okText: "不,回到原来的地址",
|
||||
cancelText: "不,回到原来的地址",
|
||||
onCancel: () => {
|
||||
window.location.href = bindUrl;
|
||||
},
|
||||
// cancelText: "不,回到原来的地址",
|
||||
// onOk: () => {
|
||||
// window.location.href = bindUrl;
|
||||
// },
|
||||
});
|
||||
},
|
||||
async loadProductInfo() {
|
||||
|
||||
@@ -73,13 +73,11 @@
|
||||
margin: 20px;
|
||||
}
|
||||
|
||||
.fs-crud-table {
|
||||
.ant-table-body {
|
||||
height: 60vh;
|
||||
table {
|
||||
}
|
||||
}
|
||||
}
|
||||
// .fs-crud-table {
|
||||
// .ant-table-body {
|
||||
// height:60vh;
|
||||
// }
|
||||
// }
|
||||
|
||||
body a {
|
||||
color: #1890ff;
|
||||
@@ -142,4 +140,5 @@ button.ant-btn.ant-btn-default.isPlus{
|
||||
color: rgba(233, 233, 233, 0.25);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
import { onActivated, onMounted, ref, Ref } from "vue";
|
||||
import { useFs } from "@fast-crud/fast-crud";
|
||||
import createCrudOptions from "./crud";
|
||||
import { siteIpApi } from "./api";
|
||||
|
||||
defineOptions({
|
||||
name: "SiteIpCertMonitor",
|
||||
@@ -23,11 +22,6 @@ const { crudBinding, crudRef, crudExpose } = useFs({
|
||||
},
|
||||
});
|
||||
|
||||
const siteInfoRef: Ref<any> = ref({});
|
||||
onMounted(async () => {
|
||||
siteInfoRef.value = await siteIpApi.GetObj(props.siteId);
|
||||
});
|
||||
|
||||
// 页面打开后获取列表数据
|
||||
onMounted(() => {
|
||||
crudExpose.doRefresh();
|
||||
|
||||
@@ -13,10 +13,27 @@ import { createNotificationApi } from "/@/views/certd/notification/api";
|
||||
import GroupSelector from "../group/group-selector.vue";
|
||||
import { useI18n } from "/src/locales";
|
||||
import { useSettingStore } from "/@/store/settings";
|
||||
import dayjs from "dayjs";
|
||||
|
||||
export function fillPipelineByDefaultForm(pipeline: any, form: any) {
|
||||
const triggers = [];
|
||||
if (form.triggerCron) {
|
||||
|
||||
//根据随机时间设置触发时间
|
||||
if (form.random === true) {
|
||||
// 随机时间
|
||||
const randomRange = form.randomRange;
|
||||
const start = dayjs().format("YYYY-MM-DD") + " " + randomRange[0];
|
||||
let end = dayjs().format("YYYY-MM-DD") + " " + randomRange[1];
|
||||
if (randomRange[1] < randomRange[0]) {
|
||||
//跨天
|
||||
end = dayjs().add(1, "day").format("YYYY-MM-DD") + " " + randomRange[1];
|
||||
}
|
||||
const startTime = dayjs(start).valueOf();
|
||||
const endTime = dayjs(end).valueOf();
|
||||
const randomTime = Math.floor(Math.random() * (endTime - startTime)) + startTime;
|
||||
const time = dayjs(randomTime).format(" ss:mm:HH").replaceAll(":", " ").replaceAll(" 0", " ").trim();
|
||||
triggers.push({ title: "定时触发", type: "timer", props: { cron: `${time} * * *` } });
|
||||
} else if (form.triggerCron) {
|
||||
triggers.push({ title: "定时触发", type: "timer", props: { cron: form.triggerCron } });
|
||||
}
|
||||
if (form.webhookEnabled) {
|
||||
@@ -85,7 +102,7 @@ export function useCertPipelineCreator() {
|
||||
const settingStore = useSettingStore();
|
||||
const router = useRouter();
|
||||
|
||||
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string }): CreateCrudOptionsRet {
|
||||
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string; initialForm?: any }): CreateCrudOptionsRet {
|
||||
const inputs: any = {};
|
||||
const moreParams = [];
|
||||
const doSubmit = req.doSubmit;
|
||||
@@ -124,9 +141,11 @@ export function useCertPipelineCreator() {
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
return {
|
||||
crudOptions: {
|
||||
form: {
|
||||
initialForm: req.initialForm || {},
|
||||
doSubmit,
|
||||
wrapper: {
|
||||
wrapClassName: "cert_pipeline_create_form",
|
||||
@@ -326,6 +345,15 @@ export function useCertPipelineCreator() {
|
||||
//检查是否流水线数量超出限制
|
||||
await checkPipelineLimit();
|
||||
|
||||
//设置系统初始值
|
||||
const initialForm: any = {};
|
||||
const pluginSysConfig = await pluginStore.getPluginConfig({ name: req.pluginName, type: "builtIn" });
|
||||
if (pluginSysConfig.sysSetting?.input) {
|
||||
for (const key in pluginSysConfig.sysSetting?.input) {
|
||||
initialForm[key] = pluginSysConfig.sysSetting?.input[key];
|
||||
}
|
||||
}
|
||||
|
||||
async function doSubmit({ form }: any) {
|
||||
// const certDetail = readCertDetail(form.cert.crt);
|
||||
// 添加certd pipeline
|
||||
@@ -399,6 +427,7 @@ export function useCertPipelineCreator() {
|
||||
certPlugin,
|
||||
doSubmit,
|
||||
title: req.title,
|
||||
initialForm,
|
||||
});
|
||||
//@ts-ignore
|
||||
crudOptions.columns.groupId.form.value = req.defaultGroupId || undefined;
|
||||
|
||||
@@ -67,8 +67,8 @@ async function openFormDialog() {
|
||||
return form.clear !== true;
|
||||
}),
|
||||
component: {
|
||||
name: "fs-dict-switch",
|
||||
vModel: "checked",
|
||||
name: "fs-dict-radio",
|
||||
vModel: "value",
|
||||
dict: dict({
|
||||
data: [
|
||||
{
|
||||
|
||||
@@ -374,7 +374,7 @@ export default defineComponent({
|
||||
setup(props, ctx) {
|
||||
onBeforeRouteLeave((to, from) => {
|
||||
const newPipelineStr = JSON.stringify(pipeline.value || {});
|
||||
if (pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
|
||||
if (props.editMode && pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
|
||||
const answer = window.confirm("流水线还未保存,确定要离开吗?");
|
||||
if (!answer) {
|
||||
return false; // 返回 false 即可阻止本次路由跳转
|
||||
|
||||
@@ -182,6 +182,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
|
||||
},
|
||||
showSelect: false,
|
||||
createCrudOptions: createCrudOptionsPipeline,
|
||||
height: "60vh",
|
||||
crudOptionsOverride: {
|
||||
actionbar: {
|
||||
show: false,
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { dict, useFormWrapper } from "@fast-crud/fast-crud";
|
||||
import { compute, dict, useFormWrapper } from "@fast-crud/fast-crud";
|
||||
import { checkPipelineLimit, eachSteps } from "/@/views/certd/pipeline/utils";
|
||||
import { templateApi } from "/@/views/certd/pipeline/template/api";
|
||||
import TemplateForm from "./form.vue";
|
||||
@@ -7,6 +7,7 @@ import GroupSelector from "/@/views/certd/pipeline/group/group-selector.vue";
|
||||
import { ref } from "vue";
|
||||
import { fillPipelineByDefaultForm } from "/@/views/certd/pipeline/certd-form/use";
|
||||
import { cloneDeep } from "lodash-es";
|
||||
import { $t } from "/@/locales";
|
||||
|
||||
export function createExtraColumns() {
|
||||
const groupDictRef = dict({
|
||||
@@ -14,23 +15,93 @@ export function createExtraColumns() {
|
||||
value: "id",
|
||||
label: "name",
|
||||
});
|
||||
const t = $t;
|
||||
const randomHour = Math.floor(Math.random() * 6);
|
||||
const randomMin = Math.floor(Math.random() * 60);
|
||||
return {
|
||||
triggerCron: {
|
||||
title: "定时触发",
|
||||
type: "text",
|
||||
// triggerCron: {
|
||||
// title: "定时触发",
|
||||
// type: "text",
|
||||
// form: {
|
||||
// value: `0 ${randomMin} ${randomHour} * * *`,
|
||||
// component: {
|
||||
// name: "cron-editor",
|
||||
// vModel: "modelValue",
|
||||
// placeholder: "0 0 4 * * *",
|
||||
// },
|
||||
// col: {
|
||||
// span: 24,
|
||||
// },
|
||||
// helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
|
||||
// order: 100,
|
||||
// },
|
||||
// },
|
||||
|
||||
random: {
|
||||
title: "定时类型",
|
||||
form: {
|
||||
value: `0 ${randomMin} ${randomHour} * * *`,
|
||||
component: {
|
||||
name: "cron-editor",
|
||||
vModel: "modelValue",
|
||||
placeholder: "0 0 4 * * *",
|
||||
},
|
||||
order: 100,
|
||||
value: true,
|
||||
helper: "是否给流水线随机设置一个时间",
|
||||
show: compute(({ form }) => {
|
||||
return form.clear !== true;
|
||||
}),
|
||||
col: {
|
||||
span: 24,
|
||||
},
|
||||
helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
|
||||
component: {
|
||||
name: "fs-dict-radio",
|
||||
vModel: "value",
|
||||
dict: dict({
|
||||
data: [
|
||||
{
|
||||
label: "随机时间",
|
||||
value: true,
|
||||
},
|
||||
{
|
||||
label: "固定时间",
|
||||
value: false,
|
||||
},
|
||||
],
|
||||
}),
|
||||
},
|
||||
},
|
||||
},
|
||||
randomRange: {
|
||||
title: "随机时间范围",
|
||||
form: {
|
||||
order: 100,
|
||||
value: ["00:00:00", "08:00:00"],
|
||||
helper: "随机时间范围,单位秒",
|
||||
component: {
|
||||
// <a-time-range-picker :bordered="false" />
|
||||
name: "a-time-range-picker",
|
||||
vModel: "value",
|
||||
valueFormat: "HH:mm:ss",
|
||||
},
|
||||
show: compute(({ form }) => {
|
||||
return form.clear !== true && form.random === true;
|
||||
}),
|
||||
rules: [{ required: true, message: "请选择随机时间范围" }],
|
||||
},
|
||||
},
|
||||
triggerCron: {
|
||||
title: t("certd.schedule"),
|
||||
form: {
|
||||
order: 100,
|
||||
component: {
|
||||
name: "cron-editor",
|
||||
vModel: "modelValue",
|
||||
},
|
||||
show: compute(({ form }) => {
|
||||
return form.clear !== true && form?.random !== true;
|
||||
}),
|
||||
rules: [{ required: true, message: t("certd.selectCron") }],
|
||||
},
|
||||
},
|
||||
blank2: {
|
||||
form: {
|
||||
blank: true,
|
||||
order: 100,
|
||||
},
|
||||
},
|
||||
|
||||
@@ -135,3 +135,11 @@ export async function DoTest(req: { id: number; input: any }): Promise<void> {
|
||||
data: req,
|
||||
});
|
||||
}
|
||||
|
||||
export async function GetPluginByName(name: string): Promise<PluginConfigBean> {
|
||||
return await request({
|
||||
url: apiPrefix + "/getPluginByName",
|
||||
method: "post",
|
||||
data: { name },
|
||||
});
|
||||
}
|
||||
|
||||
@@ -36,6 +36,13 @@
|
||||
</div>
|
||||
</a-form-item>
|
||||
|
||||
<a-form-item label="其他配置">
|
||||
<a-button type="primary" @click="doPluginConfig">证书申请插件默认值设置</a-button>
|
||||
<div class="helper">
|
||||
<div>自定义证书申请插件参数</div>
|
||||
</div>
|
||||
</a-form-item>
|
||||
|
||||
<a-form-item :wrapper-col="{ offset: 8, span: 16 }">
|
||||
<a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
|
||||
</a-form-item>
|
||||
@@ -47,10 +54,10 @@
|
||||
<script lang="ts" setup>
|
||||
import AccessSelector from "/@/views/certd/access/access-selector/index.vue";
|
||||
import { reactive, ref } from "vue";
|
||||
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs } from "/@/views/sys/plugin/api";
|
||||
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs, GetPluginByName } from "/@/views/sys/plugin/api";
|
||||
import { merge } from "lodash-es";
|
||||
import { notification } from "ant-design-vue";
|
||||
|
||||
import { usePluginConfig } from "./use-config";
|
||||
defineOptions({
|
||||
name: "SysPluginConfig",
|
||||
});
|
||||
@@ -87,5 +94,12 @@ const onFinish = async (form: any) => {
|
||||
const onFinishFailed = (errorInfo: any) => {
|
||||
console.log("Failed:", errorInfo);
|
||||
};
|
||||
|
||||
const { openConfigDialog } = usePluginConfig();
|
||||
|
||||
async function doPluginConfig() {
|
||||
const certApplyInfo = await GetPluginByName("CertApply");
|
||||
await openConfigDialog({ row: certApplyInfo, crudExpose: null });
|
||||
}
|
||||
</script>
|
||||
<style lang="less"></style>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<div class="origin-metadata w-100%">
|
||||
<div class="block-title">
|
||||
自定义插件参数配置
|
||||
<div class="helper">可以设置插件选项的配置,设置配置默认值、修改帮助说明、设置是否显示该字段等</div>
|
||||
<div class="helper">可以设置插件选项的配置,设置配置默认值、修改帮助说明、设置是否显示该字段等,在用户申请证书对话框里面使用你自定义设置的展示效果</div>
|
||||
</div>
|
||||
<div class="p-10">
|
||||
<div ref="formRef" class="config-form w-full" :label-col="labelCol" :wrapper-col="wrapperCol">
|
||||
@@ -43,13 +43,12 @@
|
||||
</template>
|
||||
|
||||
<script setup lang="tsx">
|
||||
import { computed, nextTick, onMounted, reactive, ref, Ref, unref } from "vue";
|
||||
import { dict, FsRender } from "@fast-crud/fast-crud";
|
||||
import { cloneDeep, merge, unset } from "lodash-es";
|
||||
import { computed, onMounted, reactive, ref } from "vue";
|
||||
import { useRoute, useRouter } from "vue-router";
|
||||
import * as api from "./api";
|
||||
import { usePluginStore } from "/@/store/plugin";
|
||||
import { cloneDeep, get, merge, set, unset } from "lodash-es";
|
||||
import Rollbackable from "./rollbackable.vue";
|
||||
import { FsRender } from "@fast-crud/fast-crud";
|
||||
import { usePluginStore } from "/@/store/plugin";
|
||||
const route = useRoute();
|
||||
const router = useRouter();
|
||||
const pluginStore = usePluginStore();
|
||||
@@ -68,6 +67,18 @@ const labelCol = ref({
|
||||
const wrapperCol = ref({ span: 16 });
|
||||
const configForm: any = reactive({});
|
||||
|
||||
const showDict = dict({
|
||||
data: [
|
||||
{
|
||||
value: true,
|
||||
label: "显示",
|
||||
},
|
||||
{
|
||||
value: false,
|
||||
label: "不显示",
|
||||
},
|
||||
],
|
||||
});
|
||||
function getScope() {
|
||||
return {
|
||||
form: configForm,
|
||||
@@ -105,12 +116,25 @@ const editableKeys = ref([
|
||||
defaultRender(item: any) {
|
||||
return () => {
|
||||
const value = item["show"];
|
||||
return value === false ? "不显示" : "显示";
|
||||
let showType = "";
|
||||
let color = "";
|
||||
if (item.mergeScript?.indexOf("show:") >= -1) {
|
||||
showType = "条件显示";
|
||||
color = "orange";
|
||||
} else {
|
||||
showType = value === false ? "不显示" : "显示";
|
||||
color = value === false ? "red" : "green";
|
||||
}
|
||||
return (
|
||||
<a-tag color={color} size="small">
|
||||
{showType}
|
||||
</a-tag>
|
||||
);
|
||||
};
|
||||
},
|
||||
editRender(item: any) {
|
||||
return () => {
|
||||
return <a-switch vModel:checked={configForm[item.key]["show"]} />;
|
||||
return <fs-dict-switch vModel:checked={configForm[item.key]["show"]} dict={showDict} />;
|
||||
};
|
||||
},
|
||||
},
|
||||
|
||||
@@ -178,6 +178,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
|
||||
type: "dict-select",
|
||||
search: {
|
||||
show: true,
|
||||
component: {
|
||||
disabled: false,
|
||||
},
|
||||
},
|
||||
form: {
|
||||
order: 0,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<script setup lang="ts">
|
||||
import { defineProps } from "vue";
|
||||
import { dict } from "@fast-crud/fast-crud";
|
||||
|
||||
const props = defineProps<{ value: any }>();
|
||||
|
||||
@@ -10,20 +10,42 @@ function setValue() {
|
||||
function clearValue() {
|
||||
emits("clear");
|
||||
}
|
||||
|
||||
const switchDict = dict({
|
||||
data: [
|
||||
{
|
||||
value: true,
|
||||
label: "自定义",
|
||||
},
|
||||
{
|
||||
value: false,
|
||||
label: "原始值",
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
function onSwitchChange(value: boolean) {
|
||||
if (value) {
|
||||
setValue();
|
||||
} else {
|
||||
clearValue();
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
<template>
|
||||
<div class="rollbackable">
|
||||
<div class="flex">
|
||||
<div style="width: 100px">
|
||||
<a-tag v-if="value === undefined" color="green" size="small" class="pointer flex-inline items-center" @click.stop="setValue">
|
||||
<!-- <a-tag v-if="value === undefined" color="green" size="small" class="pointer flex-inline items-center" @click.stop="setValue">
|
||||
<fs-icon icon="material-symbols:edit" class="mr-5"></fs-icon>
|
||||
自定义
|
||||
</a-tag>
|
||||
<a-tag v-else color="red" size="small" class="pointer flex-inline items-center" @click.stop="clearValue">
|
||||
<fs-icon icon="material-symbols:undo" class="mr-5"></fs-icon>
|
||||
还原
|
||||
</a-tag>
|
||||
</a-tag> -->
|
||||
<fs-dict-switch :checked="value !== undefined" :dict="switchDict" @change="onSwitchChange" />
|
||||
</div>
|
||||
<div class="flex-1 overflow-hidden value-render">
|
||||
<slot v-if="value === undefined" name="default"></slot>
|
||||
|
||||
@@ -35,7 +35,9 @@ export function usePluginConfig() {
|
||||
},
|
||||
afterSubmit() {
|
||||
notification.success({ message: t("certd.operationSuccess") });
|
||||
crudExpose.doRefresh();
|
||||
if (crudExpose) {
|
||||
crudExpose.doRefresh();
|
||||
}
|
||||
},
|
||||
async doSubmit({}: any) {
|
||||
const form = configEditorRef.value.getForm();
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
<div class="helper" v-html="t('certd.sys.setting.noticeHelper')"></div>
|
||||
</a-form-item>
|
||||
|
||||
<a-form-item :label="t('certd.sys.setting.bindUrl')">
|
||||
<a-button class="ml-2" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||
</a-form-item>
|
||||
|
||||
<a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
|
||||
<a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
|
||||
</a-form-item>
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
</div>
|
||||
<pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
|
||||
<div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
|
||||
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal()">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||
</div>
|
||||
</a-form-item>
|
||||
<a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
|
||||
|
||||
@@ -17,6 +17,18 @@ input:
|
||||
apiKey
|
||||
required: true
|
||||
encrypt: true
|
||||
version:
|
||||
title: 版本
|
||||
component:
|
||||
name: a-select
|
||||
options:
|
||||
- label: v3.x
|
||||
value: '3'
|
||||
- label: v2.x
|
||||
value: '2'
|
||||
helper: apisix系统的版本
|
||||
value: '3'
|
||||
required: true
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
name: hipmdnsmgr
|
||||
title: HiPM DNSMgr
|
||||
icon: svg:icon-dns
|
||||
desc: HiPM DNSMgr API Token 授权
|
||||
input:
|
||||
endpoint:
|
||||
title: 服务器地址
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: http://localhost:3001
|
||||
required: true
|
||||
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001'
|
||||
apiToken:
|
||||
title: API Token
|
||||
required: true
|
||||
encrypt: true
|
||||
helper: 在 DNSMgr 设置 > API Token 中创建的令牌
|
||||
testRequest:
|
||||
title: 测试连接
|
||||
component:
|
||||
name: api-test
|
||||
action: TestRequest
|
||||
helper: 点击测试接口是否正常
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.js
|
||||
@@ -0,0 +1,53 @@
|
||||
name: nginxProxyManager
|
||||
title: Nginx Proxy Manager 授权
|
||||
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
|
||||
icon: logos:nginx
|
||||
input:
|
||||
endpoint:
|
||||
title: NPM 地址
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: https://npm.example.com
|
||||
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
|
||||
required: true
|
||||
email:
|
||||
title: 邮箱
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: admin@example.com
|
||||
required: true
|
||||
password:
|
||||
title: 密码
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: 请输入密码
|
||||
required: true
|
||||
encrypt: true
|
||||
totpSecret:
|
||||
title: TOTP 密钥
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: Optional base32 TOTP secret
|
||||
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
|
||||
required: false
|
||||
encrypt: true
|
||||
ignoreTls:
|
||||
title: 忽略无效 TLS
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
|
||||
required: false
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
name: api-test
|
||||
action: onTestRequest
|
||||
helper: 测试登录并拉取代理主机列表。
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-nginx-proxy-manager/access.js
|
||||
@@ -62,8 +62,8 @@ input:
|
||||
pty:
|
||||
title: 伪终端
|
||||
helper: >-
|
||||
如果登录报错:all authentication methods
|
||||
failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录
|
||||
如果登录报错:all authentication methods failed / unable to
|
||||
exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录
|
||||
|
||||
开启后对日志输出有一定的影响
|
||||
component:
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
name: technitium
|
||||
title: Technitium DNS Server
|
||||
icon: clarity:server-line
|
||||
desc: Technitium DNS Server 自建DNS服务器授权
|
||||
input:
|
||||
apiUrl:
|
||||
title: API地址
|
||||
value: http://localhost:5380
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: http://localhost:5380
|
||||
required: true
|
||||
username:
|
||||
title: 用户名
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: admin
|
||||
required: false
|
||||
password:
|
||||
title: 密码
|
||||
component:
|
||||
name: a-input
|
||||
type: password
|
||||
allowClear: true
|
||||
placeholder: 密码
|
||||
required: false
|
||||
encrypt: true
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
name: api-test
|
||||
action: TestRequest
|
||||
helper: 点击测试接口是否正常
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-technitium/access.js
|
||||
@@ -0,0 +1,71 @@
|
||||
showRunStrategy: false
|
||||
default:
|
||||
strategy:
|
||||
runStrategy: 1
|
||||
name: NginxProxyManagerDeploy
|
||||
title: Nginx Proxy Manager-部署到主机
|
||||
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
|
||||
icon: logos:nginx
|
||||
group: panel
|
||||
input:
|
||||
cert:
|
||||
title: 域名证书
|
||||
helper: 请选择前置任务产出的证书。
|
||||
component:
|
||||
name: output-selector
|
||||
from:
|
||||
- ':cert:'
|
||||
required: true
|
||||
order: 0
|
||||
certDomains:
|
||||
title: 证书域名
|
||||
component:
|
||||
name: cert-domains-getter
|
||||
required: false
|
||||
order: 0
|
||||
accessId:
|
||||
title: NPM授权
|
||||
component:
|
||||
name: access-selector
|
||||
type: nginxProxyManager
|
||||
helper: 选择用于部署的 Nginx Proxy Manager 授权。
|
||||
required: true
|
||||
order: 0
|
||||
proxyHostIds:
|
||||
title: 代理主机
|
||||
component:
|
||||
name: remote-select
|
||||
vModel: value
|
||||
mode: tags
|
||||
type: plugin
|
||||
action: onGetProxyHostOptions
|
||||
search: true
|
||||
pager: false
|
||||
multi: true
|
||||
watches:
|
||||
- certDomains
|
||||
- accessId
|
||||
helper: 选择要绑定此证书的一个或多个代理主机。
|
||||
required: true
|
||||
order: 0
|
||||
certificateLabel:
|
||||
title: 证书标识
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: certd_npm_example_com
|
||||
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>。
|
||||
required: false
|
||||
order: 0
|
||||
cleanupMatchingCertificates:
|
||||
title: 自动清理未使用证书
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
|
||||
required: false
|
||||
order: 0
|
||||
output: {}
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.js
|
||||
@@ -0,0 +1,8 @@
|
||||
name: hipmdnsmgr
|
||||
title: HiPM DNSMgr
|
||||
desc: HiPM DNSMgr DNS 解析提供商
|
||||
accessType: hipmdnsmgr
|
||||
icon: svg:icon-dns
|
||||
pluginType: dnsProvider
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.js
|
||||
@@ -0,0 +1,9 @@
|
||||
name: technitium
|
||||
title: Technitium DNS Server
|
||||
desc: Technitium DNS Server 自建DNS服务器
|
||||
icon: clarity:server-line
|
||||
accessType: technitium
|
||||
order: 10
|
||||
pluginType: dnsProvider
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-technitium/dns-provider.js
|
||||
@@ -37,6 +37,8 @@
|
||||
"pub": "echo 1"
|
||||
},
|
||||
"dependencies": {
|
||||
"@azure/arm-dns": "^5.1.0",
|
||||
"@azure/identity": "^4.13.1",
|
||||
"@alicloud/fc20230330": "^4.1.7",
|
||||
"@alicloud/openapi-client": "^0.4.12",
|
||||
"@alicloud/openapi-util": "^0.3.2",
|
||||
@@ -64,6 +66,7 @@
|
||||
"@certd/plugin-lib": "^1.39.10",
|
||||
"@certd/plugin-plus": "^1.39.10",
|
||||
"@certd/plus-core": "^1.39.10",
|
||||
"@google-cloud/dns": "^5.3.1",
|
||||
"@google-cloud/publicca": "^1.3.0",
|
||||
"@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
|
||||
"@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
|
||||
|
||||
@@ -84,6 +84,15 @@ export class PluginController extends CrudController<PluginService> {
|
||||
const res = await this.pluginConfigService.saveCommPluginConfig(body);
|
||||
return this.ok(res);
|
||||
}
|
||||
@Post('/getPluginByName', { description: 'sys:settings:view' })
|
||||
async getPluginByName(@Body('name') name: string) {
|
||||
const res = await this.pluginConfigService.getPluginConfig({
|
||||
name: name,
|
||||
type: 'builtIn'
|
||||
});
|
||||
return this.ok(res);
|
||||
}
|
||||
|
||||
@Post('/saveSetting', { description: 'sys:settings:edit' })
|
||||
async saveSetting(@Body(ALL) body: PluginConfig) {
|
||||
const res = await this.pluginConfigService.savePluginConfig(body);
|
||||
|
||||
@@ -89,24 +89,30 @@ export class SiteTester {
|
||||
// 创建 HTTPS 请求
|
||||
const requestPromise = safePromise((resolve, reject) => {
|
||||
const req = https.request(options, res => {
|
||||
// 获取证书
|
||||
// @ts-ignore
|
||||
const certificate = res.socket.getPeerCertificate();
|
||||
// logger.info('证书信息', certificate);
|
||||
if (certificate.subject == null) {
|
||||
logger.warn("证书信息为空");
|
||||
resolve({
|
||||
certificate: null
|
||||
});
|
||||
}
|
||||
resolve({
|
||||
certificate
|
||||
});
|
||||
res.socket.end();
|
||||
// 关闭响应
|
||||
res.destroy();
|
||||
});
|
||||
|
||||
// ✅ 关键:在 'socket' 事件中获取证书(握手完成后立即执行)
|
||||
req.on('socket', (socket:any) => {
|
||||
socket.on('secureConnect', () => {
|
||||
// TLS握手完成,证书已经可用
|
||||
const certificate = socket.getPeerCertificate();
|
||||
if (certificate.subject) {
|
||||
logger.info('证书获取成功', certificate.subject);
|
||||
resolve({
|
||||
certificate
|
||||
});
|
||||
}else{
|
||||
logger.warn("证书信息为空");
|
||||
resolve({
|
||||
certificate: null
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
req.on("error", e => {
|
||||
reject(e);
|
||||
});
|
||||
|
||||
@@ -45,4 +45,6 @@
|
||||
// export * from './plugin-plus/index.js'
|
||||
// export * from './plugin-cert/index.js'
|
||||
// export * from './plugin-zenlayer/index.js'
|
||||
export * from './plugin-dnsmgr/index.js'
|
||||
// export * from './plugin-dnsmgr/index.js'
|
||||
// export * from './plugin-nginx-proxy-manager/index.js'
|
||||
// export * from './plugin-hipmdnsmgr/index.js'
|
||||
|
||||
@@ -0,0 +1,323 @@
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, Pager, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
|
||||
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
|
||||
import {
|
||||
createCertDomainGetterInputDefine,
|
||||
createRemoteSelectInputDefine
|
||||
} from "@certd/plugin-lib";
|
||||
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
|
||||
import { AliyunClient, AliyunSslClient, CasCertInfo } from "../../../plugin-lib/aliyun/lib/index.js";
|
||||
|
||||
@IsTaskPlugin({
|
||||
name: 'AliyunDeployCertToWafCloud',
|
||||
title: '阿里云-部署至阿里云WAF(云产品接入)',
|
||||
icon: 'svg:icon-aliyun',
|
||||
group: pluginGroups.aliyun.key,
|
||||
desc: '部署证书到阿里云WAF(云产品接入),CNAME方式接入的请选择另外一个waf插件',
|
||||
needPlus: false,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class AliyunDeployCertToWafCloud extends AbstractTaskPlugin {
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
helper: '请选择证书申请任务输出的域名证书\n或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量',
|
||||
component: {
|
||||
name: 'output-selector',
|
||||
from: [...CertApplyPluginNames, 'uploadCertToAliyun'],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo | number | CasCertInfo;
|
||||
|
||||
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
|
||||
certDomains!: string[];
|
||||
|
||||
@TaskInput({
|
||||
title: 'WAF接入点',
|
||||
helper: '不会选就按默认',
|
||||
value: 'cn-hangzhou',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'cn-hangzhou', label: '中国内地' },
|
||||
{ value: 'ap-southeast-1', label: '非中国内地' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
regionId!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '证书接入点',
|
||||
helper: '跟上面保持一致即可',
|
||||
value: 'cas.aliyuncs.com',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'cas.aliyuncs.com', label: '中国大陆' },
|
||||
{ value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
|
||||
{ value: 'cas.eu-central-1.aliyuncs.com', label: '德国(法兰克福)' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
casEndpoint!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: 'Access授权',
|
||||
helper: '阿里云授权AccessKeyId、AccessKeySecret',
|
||||
component: {
|
||||
name: 'access-selector',
|
||||
type: 'aliyun',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
accessId!: string;
|
||||
|
||||
@TaskInput(
|
||||
createRemoteSelectInputDefine({
|
||||
title: '云产品资源',
|
||||
helper: '请选择要部署证书的云产品资源',
|
||||
action: AliyunDeployCertToWafCloud.prototype.onGetCloudResourceList.name,
|
||||
watches: ['accessId', 'regionId'],
|
||||
pager: true,
|
||||
search: true,
|
||||
})
|
||||
)
|
||||
cloudResources!: string[];
|
||||
|
||||
|
||||
|
||||
@TaskInput({
|
||||
title: '证书部署类型',
|
||||
value: 'default',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'default', label: '默认证书' },
|
||||
{ value: 'extension', label: '扩展证书' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
certType!: string;
|
||||
|
||||
async onInstance() { }
|
||||
|
||||
async getWafClient(access: AliyunAccess) {
|
||||
const client = new AliyunClient({ logger: this.logger });
|
||||
await client.init({
|
||||
accessKeyId: access.accessKeyId,
|
||||
accessKeySecret: access.accessKeySecret,
|
||||
endpoint: `https://wafopenapi.${this.regionId}.aliyuncs.com`,
|
||||
apiVersion: '2021-10-01',
|
||||
});
|
||||
return client;
|
||||
}
|
||||
|
||||
async getInstanceId(client: AliyunClient) {
|
||||
const params = {
|
||||
RegionId: this.regionId,
|
||||
};
|
||||
this.logger.info('调用DescribeInstance API', JSON.stringify(params));
|
||||
const res = await client.request('DescribeInstance', params);
|
||||
this.logger.info('获取实例ID', res.InstanceId);
|
||||
return res.InstanceId;
|
||||
}
|
||||
|
||||
async execute(): Promise<void> {
|
||||
this.logger.info('开始部署证书到阿里云WAF(云产品接入)');
|
||||
const access = await this.getAccess<AliyunAccess>(this.accessId);
|
||||
let certId: any = this.cert;
|
||||
if (typeof this.cert === 'object') {
|
||||
const sslClient = new AliyunSslClient({
|
||||
access,
|
||||
logger: this.logger,
|
||||
endpoint: this.casEndpoint,
|
||||
});
|
||||
|
||||
const cert = this.cert as CertInfo;
|
||||
const casCert = this.cert as CasCertInfo;
|
||||
if (cert.crt) {
|
||||
const certIdRes = await sslClient.uploadCertificate({
|
||||
name: this.buildCertName(CertReader.getMainDomain(cert.crt)),
|
||||
cert: cert,
|
||||
});
|
||||
certId = certIdRes.certId as any;
|
||||
} else if (casCert.certIdentifier) {
|
||||
// 使用certIdentifier,它已经包含了regionid
|
||||
certId = casCert.certIdentifier;
|
||||
} else if (casCert.certId) {
|
||||
certId = casCert.certId;
|
||||
} else {
|
||||
throw new Error('证书格式错误'+JSON.stringify(this.cert));
|
||||
}
|
||||
}
|
||||
|
||||
const client = await this.getWafClient(access);
|
||||
const instanceId = await this.getInstanceId(client);
|
||||
for (const cloudResourceId of this.cloudResources) {
|
||||
this.logger.info('开始部署', cloudResourceId);
|
||||
|
||||
if (this.certType === 'default') {
|
||||
// 部署默认证书
|
||||
const params = {
|
||||
RegionId: this.regionId,
|
||||
InstanceId: instanceId,
|
||||
CloudResourceId: cloudResourceId,
|
||||
CertId: certId,
|
||||
};
|
||||
this.logger.info('调用ModifyCloudResourceDefaultCert API', JSON.stringify(params));
|
||||
const res = await client.request('ModifyCloudResourceDefaultCert', params);
|
||||
this.logger.info('部署默认证书成功', JSON.stringify(res));
|
||||
} else if (this.certType === 'extension') {
|
||||
// 部署扩展证书
|
||||
const addCertParams = {
|
||||
RegionId: this.regionId,
|
||||
InstanceId: instanceId,
|
||||
CloudResourceId: cloudResourceId,
|
||||
CertId: certId,
|
||||
};
|
||||
this.logger.info('调用CreateCloudResourceExtensionCert API', JSON.stringify(addCertParams));
|
||||
const addCertRes = await client.request('CreateCloudResourceExtensionCert', addCertParams);
|
||||
this.logger.info('部署扩展证书成功', JSON.stringify(addCertRes));
|
||||
|
||||
// 清理过期扩展证书
|
||||
await this.cleanupExpiredExtensionCerts(client, instanceId, cloudResourceId, certId);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async cleanupExpiredExtensionCerts(client: AliyunClient, instanceId: string, cloudResourceId: string, currentCertId: string) {
|
||||
try {
|
||||
this.logger.info('开始清理过期扩展证书, cloudResourceId: ' + cloudResourceId);
|
||||
|
||||
// 解析CloudResourceId获取ResourceInstanceId
|
||||
// CloudResourceId格式:{ResourceInstanceId}-{Port}-{ResourceProduct}
|
||||
const resourceInfo = cloudResourceId.split('-');
|
||||
if (resourceInfo.length < 3) {
|
||||
this.logger.warn('CloudResourceId格式不正确: ' + cloudResourceId);
|
||||
return;
|
||||
}
|
||||
// 从后往前解析,因为ResourceInstanceId可能包含"-"
|
||||
const product = resourceInfo.pop();
|
||||
const port = resourceInfo.pop();
|
||||
const resourceInstanceId = resourceInfo.join('-');
|
||||
this.logger.info('ResourceInstanceId: ' + resourceInstanceId, 'Port: ' + port, 'Product: ' + product);
|
||||
// 查询云产品实例的证书列表
|
||||
const certsParams = {
|
||||
InstanceId: instanceId,
|
||||
RegionId: this.regionId,
|
||||
ResourceInstanceId: resourceInstanceId,
|
||||
PageSize: 100,
|
||||
};
|
||||
this.logger.info('调用DescribeResourceInstanceCerts API: ' + JSON.stringify(certsParams));
|
||||
const certsRes = await client.request('DescribeResourceInstanceCerts', certsParams);
|
||||
|
||||
if (!certsRes || !certsRes.Certs || certsRes.Certs.length === 0) {
|
||||
this.logger.info('没有找到证书, cloudResourceId: ' + cloudResourceId);
|
||||
return;
|
||||
}
|
||||
this.logger.info('查询到的证书数量: ' + certsRes.Certs.length);
|
||||
const now = Date.now();
|
||||
const expiredCerts = certsRes.Certs.filter((cert: any) => {
|
||||
// 检查证书是否有必要的属性
|
||||
if (!cert || !cert.AfterDate || !cert.CertIdentifier) {
|
||||
this.logger.warn('证书格式不正确: ' + JSON.stringify(cert));
|
||||
return false;
|
||||
}
|
||||
|
||||
// 检查是否为当前部署的证书
|
||||
if (cert.CertIdentifier === currentCertId) {
|
||||
return false;
|
||||
}
|
||||
// 确保AfterDate是数字类型
|
||||
const afterDate = cert.AfterDate;
|
||||
// 检查是否过期
|
||||
return afterDate < now;
|
||||
});
|
||||
|
||||
if (expiredCerts.length === 0) {
|
||||
this.logger.info('没有过期的扩展证书, cloudResourceId: ' + cloudResourceId);
|
||||
return;
|
||||
}
|
||||
this.logger.info('过期的扩展证书数量: ' + expiredCerts.length);
|
||||
|
||||
// 删除过期的扩展证书
|
||||
for (const expiredCert of expiredCerts) {
|
||||
const deleteParams = {
|
||||
RegionId: this.regionId,
|
||||
InstanceId: instanceId,
|
||||
CloudResourceId: cloudResourceId,
|
||||
CertId: expiredCert.CertIdentifier,
|
||||
};
|
||||
this.logger.info('调用DeleteCloudResourceExtensionCert API: ' + JSON.stringify(deleteParams));
|
||||
const deleteRes = await client.request('DeleteCloudResourceExtensionCert', deleteParams);
|
||||
this.logger.info('删除过期扩展证书成功, certId: ' + expiredCert.CertIdentifier + ', response: ' + JSON.stringify(deleteRes));
|
||||
}
|
||||
|
||||
this.logger.info('清理过期扩展证书完成, cloudResourceId: ' + cloudResourceId + ', deletedCount: ' + expiredCerts.length);
|
||||
} catch (error) {
|
||||
this.logger.error('清理过期扩展证书失败, cloudResourceId: ' + cloudResourceId + ', error: ' + JSON.stringify(error));
|
||||
// 清理失败不影响主流程
|
||||
}
|
||||
}
|
||||
|
||||
async onGetCloudResourceList(data: PageSearch) {
|
||||
if (!this.accessId) {
|
||||
throw new Error('请选择Access授权');
|
||||
}
|
||||
const access = await this.getAccess<AliyunAccess>(this.accessId);
|
||||
const client = await this.getWafClient(access);
|
||||
|
||||
const pager = new Pager(data)
|
||||
|
||||
const instanceId = await this.getInstanceId(client);
|
||||
const params: any = {
|
||||
InstanceId: instanceId,
|
||||
MaxResults: pager.pageSize,
|
||||
RegionId: this.regionId,
|
||||
};
|
||||
if (data.searchKey) {
|
||||
params.CloudResourceId = data.searchKey;
|
||||
params.ResourceInstanceId = data.searchKey;
|
||||
}
|
||||
|
||||
this.logger.info('调用DescribeCloudResourceList API', JSON.stringify(params));
|
||||
const res = await client.request('DescribeCloudResourceList', params);
|
||||
this.logger.info('DescribeCloudResourceList API返回', JSON.stringify(res));
|
||||
|
||||
if (!res || !res.CloudResourceList || res.CloudResourceList.length === 0) {
|
||||
this.logger.warn('没有找到云产品接入的资源');
|
||||
return {
|
||||
list: [],
|
||||
total: 0,
|
||||
pageNo: pager.pageNo,
|
||||
pageSize: pager.pageSize
|
||||
};
|
||||
}
|
||||
const total = res.TotalCount || 0;
|
||||
|
||||
const options = res.CloudResourceList.map((item: any) => {
|
||||
return {
|
||||
label: `${item.CloudResourceId} (${item.ResourceProduct})`,
|
||||
value: item.CloudResourceId,
|
||||
title: item.CloudResourceId,
|
||||
resourceProduct: item.ResourceProduct,
|
||||
};
|
||||
});
|
||||
const list = this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
|
||||
|
||||
return {
|
||||
list,
|
||||
total: total,
|
||||
pageNo: pager.pageNo,
|
||||
pageSize: pager.pageSize
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
new AliyunDeployCertToWafCloud();
|
||||
@@ -0,0 +1,259 @@
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, Pager, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
|
||||
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
|
||||
import {
|
||||
createCertDomainGetterInputDefine,
|
||||
createRemoteSelectInputDefine
|
||||
} from "@certd/plugin-lib";
|
||||
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
|
||||
import { AliyunClient, AliyunSslClient, CasCertInfo } from "../../../plugin-lib/aliyun/lib/index.js";
|
||||
|
||||
@IsTaskPlugin({
|
||||
name: 'AliyunDeployCertToWaf',
|
||||
title: '阿里云-部署至阿里云WAF(cname接入)',
|
||||
icon: 'svg:icon-aliyun',
|
||||
group: pluginGroups.aliyun.key,
|
||||
desc: '部署证书到阿里云WAF(cname接入),云资源的请选择另外一个waf插件',
|
||||
needPlus: false,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
helper: '请选择证书申请任务输出的域名证书\n或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量',
|
||||
component: {
|
||||
name: 'output-selector',
|
||||
from: [...CertApplyPluginNames, 'uploadCertToAliyun'],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo | number | CasCertInfo;
|
||||
|
||||
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
|
||||
certDomains!: string[];
|
||||
|
||||
@TaskInput({
|
||||
title: 'WAF接入点',
|
||||
helper: '不会选就按默认',
|
||||
value: 'cn-hangzhou',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'cn-hangzhou', label: '中国大陆-华东1(杭州)' },
|
||||
{ value: 'ap-southeast-1', label: '新加坡' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
regionId!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '证书接入点',
|
||||
helper: '跟上面保持一致即可',
|
||||
value: 'cas.aliyuncs.com',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'cas.aliyuncs.com', label: '中国大陆' },
|
||||
{ value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
|
||||
{ value: 'cas.eu-central-1.aliyuncs.com', label: '德国(法兰克福)' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
casEndpoint!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: 'Access授权',
|
||||
helper: '阿里云授权AccessKeyId、AccessKeySecret',
|
||||
component: {
|
||||
name: 'access-selector',
|
||||
type: 'aliyun',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
accessId!: string;
|
||||
|
||||
@TaskInput(
|
||||
createRemoteSelectInputDefine({
|
||||
title: 'CNAME站点',
|
||||
helper: '请选择要部署证书的CNAME站点',
|
||||
action: AliyunDeployCertToWaf.prototype.onGetCnameList.name,
|
||||
watches: ['accessId', 'regionId'],
|
||||
pager: true,
|
||||
search: true,
|
||||
})
|
||||
)
|
||||
cnameDomains!: string[];
|
||||
|
||||
|
||||
@TaskInput({
|
||||
title: 'TLS版本',
|
||||
value: 'tlsv1.2',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'tlsv1', label: 'TLSv1' },
|
||||
{ value: 'tlsv1.1', label: 'TLSv1.1' },
|
||||
{ value: 'tlsv1.2', label: 'TLSv1.2' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
tlsVersion!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '启用TLSv3',
|
||||
value: true,
|
||||
component: {
|
||||
name: 'a-switch',
|
||||
vModel: 'checked',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
enableTLSv3!: boolean;
|
||||
|
||||
|
||||
|
||||
async onInstance() { }
|
||||
|
||||
async getWafClient(access: AliyunAccess) {
|
||||
const client = new AliyunClient({ logger: this.logger });
|
||||
await client.init({
|
||||
accessKeyId: access.accessKeyId,
|
||||
accessKeySecret: access.accessKeySecret,
|
||||
//https://wafopenapi.cn-hangzhou.aliyuncs.com
|
||||
endpoint: `https://wafopenapi.${this.regionId}.aliyuncs.com`,
|
||||
apiVersion: '2021-10-01',
|
||||
});
|
||||
return client;
|
||||
}
|
||||
|
||||
async getInstanceId(client: AliyunClient) {
|
||||
const params = {
|
||||
RegionId: 'cn-hangzhou',
|
||||
};
|
||||
const res = await client.request('DescribeInstance', params);
|
||||
this.logger.info('获取实例ID', res.InstanceId);
|
||||
return res.InstanceId;
|
||||
}
|
||||
|
||||
async execute(): Promise<void> {
|
||||
this.logger.info('开始部署证书到阿里云');
|
||||
const access = await this.getAccess<AliyunAccess>(this.accessId);
|
||||
let certId: any = this.cert;
|
||||
if (typeof this.cert === 'object') {
|
||||
const sslClient = new AliyunSslClient({
|
||||
access,
|
||||
logger: this.logger,
|
||||
endpoint: this.casEndpoint,
|
||||
});
|
||||
|
||||
const cert = this.cert as CertInfo;
|
||||
const casCert = this.cert as CasCertInfo;
|
||||
if (cert.crt) {
|
||||
const certIdRes = await sslClient.uploadCertificate({
|
||||
name: this.buildCertName(CertReader.getMainDomain(cert.crt)),
|
||||
cert: cert,
|
||||
});
|
||||
certId = certIdRes.certId as any;
|
||||
} else if (casCert.certId) {
|
||||
certId = casCert.certId;
|
||||
} else {
|
||||
throw new Error('证书格式错误'+JSON.stringify(this.cert));
|
||||
}
|
||||
}
|
||||
|
||||
const client = await this.getWafClient(access);
|
||||
const instanceId = await this.getInstanceId(client);
|
||||
for (const siteDomain of this.cnameDomains) {
|
||||
this.logger.info('开始部署', siteDomain);
|
||||
const params = {
|
||||
RegionId: this.regionId,
|
||||
InstanceId: instanceId,
|
||||
Domain: siteDomain,
|
||||
};
|
||||
const siteDetail = await client.request('DescribeDomainDetail', params);
|
||||
this.logger.info('站点详情', JSON.stringify(siteDetail));
|
||||
const listen = siteDetail.Listen;
|
||||
if (!listen) {
|
||||
throw new Error(`没有找到${siteDomain}的监听器`);
|
||||
}
|
||||
/**
|
||||
* "HttpsPorts": [
|
||||
* 443
|
||||
* ],
|
||||
* "CertId": "14738336-cn-hangzhou",
|
||||
*/
|
||||
const redirect = siteDetail.Redirect;
|
||||
redirect.Backends = redirect.AllBackends;
|
||||
listen.CertId = certId + '-' + this.regionId;
|
||||
if (!listen.HttpsPorts || listen.HttpsPorts.length === 0) {
|
||||
listen.HttpsPorts = [443];
|
||||
}
|
||||
const updateParams = {
|
||||
InstanceId: instanceId,
|
||||
RegionId: this.regionId,
|
||||
Redirect: JSON.stringify(redirect),
|
||||
Listen: JSON.stringify(listen),
|
||||
Domain: siteDomain,
|
||||
TLSVersion: this.tlsVersion || 'tlsv1.2',
|
||||
EnableTLSv3: this.enableTLSv3 ?? true,
|
||||
};
|
||||
const res = await client.request('ModifyDomain', updateParams);
|
||||
this.logger.info('部署成功', JSON.stringify(res));
|
||||
}
|
||||
}
|
||||
|
||||
async onGetCnameList(data: PageSearch) {
|
||||
if (!this.accessId) {
|
||||
throw new Error('请选择Access授权');
|
||||
}
|
||||
const access = await this.getAccess<AliyunAccess>(this.accessId);
|
||||
const client = await this.getWafClient(access);
|
||||
|
||||
|
||||
const pager = new Pager(data)
|
||||
|
||||
const instanceId = await this.getInstanceId(client);
|
||||
const params: any = {
|
||||
RegionId: this.regionId,
|
||||
InstanceId: instanceId,
|
||||
PageSize: pager.pageSize,
|
||||
PageNumber: pager.pageNo,
|
||||
};
|
||||
if (data.searchKey) {
|
||||
params.Domain = data.searchKey
|
||||
}
|
||||
|
||||
const res = await client.request('DescribeDomains', params);
|
||||
if (!res?.Domains || res?.Domains.length === 0) {
|
||||
throw new Error('没有找到CNAME接入的域名站点');
|
||||
}
|
||||
const total = res.TotalCount;
|
||||
|
||||
const options = res.Domains.map((item: any) => {
|
||||
return {
|
||||
label: item.Domain,
|
||||
value: item.Domain,
|
||||
title: item.Domain,
|
||||
domain: item.Domain,
|
||||
};
|
||||
});
|
||||
const list = this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
|
||||
|
||||
// const list = [{value:"1",label:"1"},{value:"2",label:"2"}]
|
||||
// const total = 120
|
||||
return {
|
||||
list,
|
||||
total: total,
|
||||
pageNo: pager.pageNo,
|
||||
pageSize: pager.pageSize
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
new AliyunDeployCertToWaf();
|
||||
@@ -1,259 +1,2 @@
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, Pager, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
|
||||
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
|
||||
import {
|
||||
createCertDomainGetterInputDefine,
|
||||
createRemoteSelectInputDefine
|
||||
} from "@certd/plugin-lib";
|
||||
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
|
||||
import { AliyunClient, AliyunSslClient, CasCertInfo } from "../../../plugin-lib/aliyun/lib/index.js";
|
||||
|
||||
@IsTaskPlugin({
|
||||
name: 'AliyunDeployCertToWaf',
|
||||
title: '阿里云-部署至阿里云WAF',
|
||||
icon: 'svg:icon-aliyun',
|
||||
group: pluginGroups.aliyun.key,
|
||||
desc: '部署证书到阿里云WAF',
|
||||
needPlus: false,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
|
||||
@TaskInput({
|
||||
title: '域名证书',
|
||||
helper: '请选择证书申请任务输出的域名证书\n或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量',
|
||||
component: {
|
||||
name: 'output-selector',
|
||||
from: [...CertApplyPluginNames, 'uploadCertToAliyun'],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo | number | CasCertInfo;
|
||||
|
||||
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
|
||||
certDomains!: string[];
|
||||
|
||||
@TaskInput({
|
||||
title: 'WAF接入点',
|
||||
helper: '不会选就按默认',
|
||||
value: 'cn-hangzhou',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'cn-hangzhou', label: '中国大陆-华东1(杭州)' },
|
||||
{ value: 'ap-southeast-1', label: '新加坡' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
regionId!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '证书接入点',
|
||||
helper: '跟上面保持一致即可',
|
||||
value: 'cas.aliyuncs.com',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'cas.aliyuncs.com', label: '中国大陆' },
|
||||
{ value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
|
||||
{ value: 'cas.eu-central-1.aliyuncs.com', label: '德国(法兰克福)' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
casEndpoint!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: 'Access授权',
|
||||
helper: '阿里云授权AccessKeyId、AccessKeySecret',
|
||||
component: {
|
||||
name: 'access-selector',
|
||||
type: 'aliyun',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
accessId!: string;
|
||||
|
||||
@TaskInput(
|
||||
createRemoteSelectInputDefine({
|
||||
title: 'CNAME站点',
|
||||
helper: '请选择要部署证书的CNAME站点',
|
||||
action: AliyunDeployCertToWaf.prototype.onGetCnameList.name,
|
||||
watches: ['accessId', 'regionId'],
|
||||
pager: true,
|
||||
search: true,
|
||||
})
|
||||
)
|
||||
cnameDomains!: string[];
|
||||
|
||||
|
||||
@TaskInput({
|
||||
title: 'TLS版本',
|
||||
value: 'tlsv1.2',
|
||||
component: {
|
||||
name: 'a-select',
|
||||
options: [
|
||||
{ value: 'tlsv1', label: 'TLSv1' },
|
||||
{ value: 'tlsv1.1', label: 'TLSv1.1' },
|
||||
{ value: 'tlsv1.2', label: 'TLSv1.2' },
|
||||
],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
tlsVersion!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '启用TLSv3',
|
||||
value: true,
|
||||
component: {
|
||||
name: 'a-switch',
|
||||
vModel: 'checked',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
enableTLSv3!: boolean;
|
||||
|
||||
|
||||
|
||||
async onInstance() { }
|
||||
|
||||
async getWafClient(access: AliyunAccess) {
|
||||
const client = new AliyunClient({ logger: this.logger });
|
||||
await client.init({
|
||||
accessKeyId: access.accessKeyId,
|
||||
accessKeySecret: access.accessKeySecret,
|
||||
//https://wafopenapi.cn-hangzhou.aliyuncs.com
|
||||
endpoint: `https://wafopenapi.${this.regionId}.aliyuncs.com`,
|
||||
apiVersion: '2021-10-01',
|
||||
});
|
||||
return client;
|
||||
}
|
||||
|
||||
async getInstanceId(client: AliyunClient) {
|
||||
const params = {
|
||||
RegionId: 'cn-hangzhou',
|
||||
};
|
||||
const res = await client.request('DescribeInstance', params);
|
||||
this.logger.info('获取实例ID', res.InstanceId);
|
||||
return res.InstanceId;
|
||||
}
|
||||
|
||||
async execute(): Promise<void> {
|
||||
this.logger.info('开始部署证书到阿里云');
|
||||
const access = await this.getAccess<AliyunAccess>(this.accessId);
|
||||
let certId: any = this.cert;
|
||||
if (typeof this.cert === 'object') {
|
||||
const sslClient = new AliyunSslClient({
|
||||
access,
|
||||
logger: this.logger,
|
||||
endpoint: this.casEndpoint,
|
||||
});
|
||||
|
||||
const cert = this.cert as CertInfo;
|
||||
const casCert = this.cert as CasCertInfo;
|
||||
if (cert.crt) {
|
||||
const certIdRes = await sslClient.uploadCertificate({
|
||||
name: this.buildCertName(CertReader.getMainDomain(cert.crt)),
|
||||
cert: cert,
|
||||
});
|
||||
certId = certIdRes.certId as any;
|
||||
} else if (casCert.certId) {
|
||||
certId = casCert.certId;
|
||||
} else {
|
||||
throw new Error('证书格式错误'+JSON.stringify(this.cert));
|
||||
}
|
||||
}
|
||||
|
||||
const client = await this.getWafClient(access);
|
||||
const instanceId = await this.getInstanceId(client);
|
||||
for (const siteDomain of this.cnameDomains) {
|
||||
this.logger.info('开始部署', siteDomain);
|
||||
const params = {
|
||||
RegionId: this.regionId,
|
||||
InstanceId: instanceId,
|
||||
Domain: siteDomain,
|
||||
};
|
||||
const siteDetail = await client.request('DescribeDomainDetail', params);
|
||||
this.logger.info('站点详情', JSON.stringify(siteDetail));
|
||||
const listen = siteDetail.Listen;
|
||||
if (!listen) {
|
||||
throw new Error(`没有找到${siteDomain}的监听器`);
|
||||
}
|
||||
/**
|
||||
* "HttpsPorts": [
|
||||
* 443
|
||||
* ],
|
||||
* "CertId": "14738336-cn-hangzhou",
|
||||
*/
|
||||
const redirect = siteDetail.Redirect;
|
||||
redirect.Backends = redirect.AllBackends;
|
||||
listen.CertId = certId + '-' + this.regionId;
|
||||
if (!listen.HttpsPorts || listen.HttpsPorts.length === 0) {
|
||||
listen.HttpsPorts = [443];
|
||||
}
|
||||
const updateParams = {
|
||||
InstanceId: instanceId,
|
||||
RegionId: this.regionId,
|
||||
Redirect: JSON.stringify(redirect),
|
||||
Listen: JSON.stringify(listen),
|
||||
Domain: siteDomain,
|
||||
TLSVersion: this.tlsVersion || 'tlsv1.2',
|
||||
EnableTLSv3: this.enableTLSv3 ?? true,
|
||||
};
|
||||
const res = await client.request('ModifyDomain', updateParams);
|
||||
this.logger.info('部署成功', JSON.stringify(res));
|
||||
}
|
||||
}
|
||||
|
||||
async onGetCnameList(data: PageSearch) {
|
||||
if (!this.accessId) {
|
||||
throw new Error('请选择Access授权');
|
||||
}
|
||||
const access = await this.getAccess<AliyunAccess>(this.accessId);
|
||||
const client = await this.getWafClient(access);
|
||||
|
||||
|
||||
const pager = new Pager(data)
|
||||
|
||||
const instanceId = await this.getInstanceId(client);
|
||||
const params: any = {
|
||||
RegionId: this.regionId,
|
||||
InstanceId: instanceId,
|
||||
PageSize: pager.pageSize,
|
||||
PageNumber: pager.pageNo,
|
||||
};
|
||||
if (data.searchKey) {
|
||||
params.Domain = data.searchKey
|
||||
}
|
||||
|
||||
const res = await client.request('DescribeDomains', params);
|
||||
if (!res?.Domains || res?.Domains.length === 0) {
|
||||
throw new Error('没有找到CNAME接入的域名站点');
|
||||
}
|
||||
const total = res.TotalCount;
|
||||
|
||||
const options = res.Domains.map((item: any) => {
|
||||
return {
|
||||
label: item.Domain,
|
||||
value: item.Domain,
|
||||
title: item.Domain,
|
||||
domain: item.Domain,
|
||||
};
|
||||
});
|
||||
const list = this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
|
||||
|
||||
// const list = [{value:"1",label:"1"},{value:"2",label:"2"}]
|
||||
// const total = 120
|
||||
return {
|
||||
list,
|
||||
total: total,
|
||||
pageNo: pager.pageNo,
|
||||
pageSize: pager.pageSize
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
new AliyunDeployCertToWaf();
|
||||
export * from './deploy-to-waf-cname.js';
|
||||
export * from './deploy-to-waf-cloud.js';
|
||||
@@ -32,6 +32,27 @@ export class ApisixAccess extends BaseAccess {
|
||||
})
|
||||
apiKey = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '版本',
|
||||
component: {
|
||||
name:"a-select",
|
||||
options: [
|
||||
{
|
||||
label: "v3.x",
|
||||
value: "3",
|
||||
},
|
||||
{
|
||||
label: "v2.x",
|
||||
value: "2",
|
||||
},
|
||||
]
|
||||
},
|
||||
helper: "apisix系统的版本",
|
||||
value:"3",
|
||||
required: true,
|
||||
})
|
||||
version = '3';
|
||||
|
||||
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
@@ -49,17 +70,24 @@ export class ApisixAccess extends BaseAccess {
|
||||
}
|
||||
|
||||
async getCertList(){
|
||||
const sslPath = this.getSslPath();
|
||||
const req = {
|
||||
url :"/apisix/admin/ssls",
|
||||
url :`/apisix/admin/${sslPath}`,
|
||||
method: "get",
|
||||
}
|
||||
return await this.doRequest(req);
|
||||
}
|
||||
|
||||
getSslPath(){
|
||||
const sslPath = this.version === '3' ? 'ssls' : 'ssl';
|
||||
return sslPath;
|
||||
}
|
||||
|
||||
async createCert(opts:{cert:CertInfo}){
|
||||
const certReader = new CertReader(opts.cert)
|
||||
const sslPath = this.getSslPath();
|
||||
const req = {
|
||||
url :"/apisix/admin/ssls",
|
||||
url :`/apisix/admin/${sslPath}`,
|
||||
method: "post",
|
||||
data:{
|
||||
cert: opts.cert.crt,
|
||||
@@ -72,8 +100,9 @@ export class ApisixAccess extends BaseAccess {
|
||||
|
||||
async updateCert (opts:{cert:CertInfo,id:string}){
|
||||
const certReader = new CertReader(opts.cert)
|
||||
const sslPath = this.getSslPath();
|
||||
const req = {
|
||||
url :`/apisix/admin/ssls/${opts.id}`,
|
||||
url :`/apisix/admin/${sslPath}/${opts.id}`,
|
||||
method: "put",
|
||||
data:{
|
||||
cert: opts.cert.crt,
|
||||
|
||||
@@ -0,0 +1,268 @@
|
||||
import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
|
||||
import { DomainRecord } from '@certd/plugin-cert';
|
||||
import { utils } from '@certd/basic';
|
||||
import { PageRes, PageSearch } from '@certd/pipeline';
|
||||
|
||||
@IsAccess({
|
||||
name: 'azure',
|
||||
title: '微软云Azure授权',
|
||||
desc: '',
|
||||
icon: 'simple-icons:microsoftazure',
|
||||
})
|
||||
export class AzureAccess extends BaseAccess {
|
||||
@AccessInput({
|
||||
title: '订阅 ID',
|
||||
component: {
|
||||
placeholder: 'subscriptionId',
|
||||
},
|
||||
helper: 'Azure 订阅 ID',
|
||||
required: true,
|
||||
})
|
||||
subscriptionId = '';
|
||||
|
||||
|
||||
@AccessInput({
|
||||
title: '资源组',
|
||||
component: {
|
||||
placeholder: 'resourceGroupName',
|
||||
},
|
||||
helper: 'DNS 区域所在的资源组名称',
|
||||
required: true,
|
||||
})
|
||||
resourceGroupName = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '目录(租户) ID',
|
||||
component: {
|
||||
placeholder: 'tenantId',
|
||||
},
|
||||
helper: '目录(租户) ID',
|
||||
required: true,
|
||||
})
|
||||
tenantId = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '应用程序ID',
|
||||
component: {
|
||||
placeholder: 'clientId',
|
||||
},
|
||||
helper: '应用程序(客户端) ID',
|
||||
required: true,
|
||||
})
|
||||
clientId = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '客户端凭据',
|
||||
component: {
|
||||
placeholder: 'clientSecret',
|
||||
},
|
||||
required: true,
|
||||
encrypt: true,
|
||||
helper: '客户端凭据(机密)->客户端密码->新客户端密码->时间选长一点的->复制值',
|
||||
})
|
||||
clientSecret = '';
|
||||
|
||||
|
||||
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
name: "api-test",
|
||||
action: "TestRequest"
|
||||
},
|
||||
helper: "测试授权是否正确"
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
async onTestRequest() {
|
||||
this.ctx.logger.info('开始测试 Azure 认证...');
|
||||
|
||||
// 1. 先测试身份认证,获取访问令牌
|
||||
const { ClientSecretCredential } = await import('@azure/identity');
|
||||
|
||||
const credential = new ClientSecretCredential(
|
||||
this.tenantId,
|
||||
this.clientId,
|
||||
this.clientSecret
|
||||
);
|
||||
|
||||
// 获取 Azure 管理 API 的访问令牌来验证凭据
|
||||
this.ctx.logger.info('验证身份凭据...');
|
||||
const token = await credential.getToken('https://management.azure.com/.default');
|
||||
this.ctx.logger.info('身份认证成功!', token);
|
||||
|
||||
return "ok";
|
||||
}
|
||||
|
||||
async getDnsManagementClient() {
|
||||
const { DnsManagementClient } = await import('@azure/arm-dns');
|
||||
const { ClientSecretCredential } = await import('@azure/identity');
|
||||
|
||||
const credential = new ClientSecretCredential(
|
||||
this.tenantId,
|
||||
this.clientId,
|
||||
this.clientSecret
|
||||
);
|
||||
|
||||
return new DnsManagementClient(credential, this.subscriptionId);
|
||||
}
|
||||
|
||||
async listZones(): Promise<any[]> {
|
||||
const client = await this.getDnsManagementClient();
|
||||
const zones: any[] = [];
|
||||
|
||||
for await (const zone of client.zones.listByResourceGroup(this.resourceGroupName)) {
|
||||
zones.push(zone);
|
||||
}
|
||||
|
||||
return zones;
|
||||
}
|
||||
|
||||
async getZoneId(domain: string): Promise<{ id: string; name: string }> {
|
||||
const zones = await this.listZones();
|
||||
const domainSuffix = domain.endsWith('.') ? domain : domain + '.';
|
||||
|
||||
const matchingZone = zones.find((zone: any) => {
|
||||
const zoneName = zone.name.endsWith('.') ? zone.name : zone.name + '.';
|
||||
return domainSuffix.endsWith(zoneName) || domainSuffix === zoneName;
|
||||
});
|
||||
|
||||
if (!matchingZone) {
|
||||
throw new Error(`找不到匹配的 DNS 区域: ${domain}`);
|
||||
}
|
||||
|
||||
this.ctx.logger.info(`找到 DNS 区域: ${matchingZone.name}, ID: ${matchingZone.id}`);
|
||||
return {
|
||||
id: matchingZone.id.split('/').pop()!,
|
||||
name: matchingZone.name,
|
||||
};
|
||||
}
|
||||
|
||||
async listZonesPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
const zones = await this.listZones();
|
||||
let list = zones;
|
||||
|
||||
if (req.searchKey) {
|
||||
list = list.filter((zone: any) => zone.name.includes(req.searchKey));
|
||||
}
|
||||
|
||||
list = list.map((item: any) => ({
|
||||
id: item.id.split('/').pop()!,
|
||||
domain: item.name,
|
||||
}));
|
||||
|
||||
return {
|
||||
total: list.length,
|
||||
list,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
async createOrUpdateRecordSet(zoneName: string, recordType: string, relativeRecordSetName: string, value: string) {
|
||||
const client = await this.getDnsManagementClient();
|
||||
|
||||
this.ctx.logger.info(`创建/更新记录集: ${relativeRecordSetName}.${zoneName}, 类型: ${recordType}, 值: ${value}`);
|
||||
|
||||
// 获取现有记录集
|
||||
let existingRecordSet: any = null;
|
||||
try {
|
||||
existingRecordSet = await client.recordSets.get(
|
||||
this.resourceGroupName,
|
||||
zoneName,
|
||||
relativeRecordSetName,
|
||||
recordType as any
|
||||
);
|
||||
} catch (e) {
|
||||
// 记录集不存在,这是正常的
|
||||
}
|
||||
|
||||
let txtRecords: any[] = [];
|
||||
if (existingRecordSet && existingRecordSet.txtRecords) {
|
||||
txtRecords = [...existingRecordSet.txtRecords];
|
||||
// 检查是否已存在相同的记录,避免重复
|
||||
const exists = txtRecords.some(r => r.value && r.value.includes(value));
|
||||
if (exists) {
|
||||
this.ctx.logger.info(`记录值已存在,无需重复添加: ${value}`);
|
||||
return existingRecordSet;
|
||||
}
|
||||
}
|
||||
|
||||
// 添加新记录
|
||||
txtRecords.push({
|
||||
value: [value]
|
||||
});
|
||||
|
||||
const recordSet = await client.recordSets.createOrUpdate(
|
||||
this.resourceGroupName,
|
||||
zoneName,
|
||||
relativeRecordSetName,
|
||||
recordType as any,
|
||||
{
|
||||
ttl: 60,
|
||||
txtRecords: txtRecords
|
||||
}
|
||||
);
|
||||
|
||||
await utils.sleep(3000);
|
||||
return recordSet;
|
||||
}
|
||||
|
||||
async deleteRecordSet(zoneName: string, recordType: string, relativeRecordSetName: string, value: string) {
|
||||
const client = await this.getDnsManagementClient();
|
||||
|
||||
this.ctx.logger.info(`删除记录值: ${relativeRecordSetName}.${zoneName}, 类型: ${recordType}, 值: ${value}`);
|
||||
|
||||
try {
|
||||
// 获取现有记录集
|
||||
const existingRecordSet = await client.recordSets.get(
|
||||
this.resourceGroupName,
|
||||
zoneName,
|
||||
relativeRecordSetName,
|
||||
recordType as any
|
||||
);
|
||||
|
||||
if (!existingRecordSet.txtRecords || existingRecordSet.txtRecords.length === 0) {
|
||||
this.ctx.logger.info('记录集不存在或已为空,无需删除');
|
||||
return;
|
||||
}
|
||||
|
||||
// 过滤掉我们要删除的那个值
|
||||
const filteredTxtRecords = existingRecordSet.txtRecords.filter((r: any) => {
|
||||
return !(r.value && r.value.includes(value));
|
||||
});
|
||||
|
||||
if (filteredTxtRecords.length === existingRecordSet.txtRecords.length) {
|
||||
this.ctx.logger.info(`未找到要删除的记录值: ${value}`);
|
||||
return;
|
||||
}
|
||||
|
||||
if (filteredTxtRecords.length === 0) {
|
||||
// 如果没有记录了,就删除整个记录集
|
||||
this.ctx.logger.info('删除空记录集');
|
||||
await client.recordSets.delete(
|
||||
this.resourceGroupName,
|
||||
zoneName,
|
||||
relativeRecordSetName,
|
||||
recordType as any
|
||||
);
|
||||
} else {
|
||||
// 还有其他记录,只更新记录集,移除我们的值
|
||||
this.ctx.logger.info(`更新记录集,移除指定值,剩余 ${filteredTxtRecords.length} 条记录`);
|
||||
await client.recordSets.createOrUpdate(
|
||||
this.resourceGroupName,
|
||||
zoneName,
|
||||
relativeRecordSetName,
|
||||
recordType as any,
|
||||
{
|
||||
ttl: existingRecordSet.ttl,
|
||||
txtRecords: filteredTxtRecords
|
||||
}
|
||||
);
|
||||
}
|
||||
} catch (e: any) {
|
||||
this.ctx.logger.warn(`删除记录时出错: ${e.message}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
new AzureAccess();
|
||||
@@ -0,0 +1,63 @@
|
||||
import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
import { AzureAccess } from './access.js';
|
||||
import { PageRes, PageSearch } from '@certd/pipeline';
|
||||
|
||||
@IsDnsProvider({
|
||||
name: 'azure-dns',
|
||||
title: 'Azure DNS',
|
||||
desc: 'Azure DNS 解析提供商',
|
||||
accessType: 'azure',
|
||||
icon: 'simple-icons:microsoftazure',
|
||||
order: 1,
|
||||
})
|
||||
export class AzureDnsProvider extends AbstractDnsProvider {
|
||||
access: AzureAccess;
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as AzureAccess;
|
||||
}
|
||||
|
||||
async createRecord(options: CreateRecordOptions): Promise<any> {
|
||||
const { fullRecord, value, type, domain } = options;
|
||||
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
|
||||
|
||||
const zone = await this.access.getZoneId(domain);
|
||||
this.logger.info(`获取到 DNS 区域: ${zone.name}, ID: ${zone.id}`);
|
||||
|
||||
const relativeRecordSetName = fullRecord.replace(`.${zone.name}`, '').replace(`.${zone.name.replace(/\.$/, '')}`, '');
|
||||
|
||||
await this.access.createOrUpdateRecordSet(zone.name, type, relativeRecordSetName, value);
|
||||
|
||||
return {
|
||||
zoneId: zone.id,
|
||||
zoneName: zone.name,
|
||||
recordType: type,
|
||||
relativeRecordSetName,
|
||||
value: value,
|
||||
};
|
||||
}
|
||||
|
||||
async removeRecord(options: RemoveRecordOptions<any>): Promise<void> {
|
||||
const { fullRecord, value: reqValue, type } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
|
||||
if (!record) {
|
||||
this.logger.warn('记录信息为空,不执行删除');
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
const value = record.value || reqValue;
|
||||
await this.access.deleteRecordSet(record.zoneName, record.recordType, record.relativeRecordSetName, value);
|
||||
this.logger.info(`删除域名解析成功:${fullRecord} ${value} ${type}`);
|
||||
} catch (e: any) {
|
||||
this.logger.warn(`删除域名解析失败:${e.message}`, );
|
||||
}
|
||||
}
|
||||
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
return await this.access.listZonesPage(req);
|
||||
}
|
||||
}
|
||||
|
||||
new AzureDnsProvider();
|
||||
@@ -0,0 +1,2 @@
|
||||
export * from './access.js';
|
||||
export * from './azure-dns-provider.js';
|
||||
@@ -423,6 +423,7 @@ export class AcmeService {
|
||||
signal: this.options.signal,
|
||||
profile,
|
||||
preferredChain,
|
||||
waitDnsDiffuseTime: this.options.waitDnsDiffuseTime,
|
||||
});
|
||||
|
||||
const crtString = crt.toString();
|
||||
|
||||
@@ -275,6 +275,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
||||
mergeScript: `
|
||||
return {
|
||||
show: ctx.compute(({form})=>{
|
||||
console.log("show",form)
|
||||
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|
||||
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|
||||
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
|
||||
import { DemoAccess } from './access.js';
|
||||
import { PageRes, PageSearch } from '@certd/pipeline';
|
||||
import { isDev } from '../../utils/env.js';
|
||||
import { DemoAccess } from './access.js';
|
||||
|
||||
type DemoRecord = {
|
||||
// 这里定义Record记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到id就行,用于删除txt解析记录,清理申请痕迹
|
||||
@@ -16,7 +17,7 @@ type DemoRecord = {
|
||||
icon: 'clarity:plugin-line',
|
||||
// 这里是对应的云平台的access类型名称
|
||||
accessType: 'demo',
|
||||
order:99,
|
||||
order: 99,
|
||||
})
|
||||
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
access!: DemoAccess;
|
||||
@@ -74,6 +75,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
|
||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param req 实现获取域名列表
|
||||
* @returns
|
||||
*/
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
const res = await this.http.request({
|
||||
// 请求接口获取域名列表
|
||||
})
|
||||
const list = []
|
||||
// const list = res.Domains?.map(item => ({
|
||||
// id: item.Id,
|
||||
// domain: item.DomainName,
|
||||
// })) || []
|
||||
|
||||
|
||||
return {
|
||||
list,
|
||||
total: res.Total,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//TODO 实例化这个provider,将其自动注册到系统中
|
||||
|
||||
@@ -0,0 +1,281 @@
|
||||
import { Pager, PageRes, PageSearch } from "@certd/pipeline";
|
||||
import {
|
||||
AbstractDnsProvider,
|
||||
CreateRecordOptions,
|
||||
DomainRecord,
|
||||
IsDnsProvider,
|
||||
RemoveRecordOptions,
|
||||
} from "@certd/plugin-cert";
|
||||
import { GoogleAccess } from "../plugin-cert/access/index.js";
|
||||
|
||||
// TODO: 接口待明确 - 需要确认Google Cloud DNS API的具体参数和返回值格式
|
||||
|
||||
export type GoogleCloudDnsRecord = {
|
||||
name: string;
|
||||
type: string;
|
||||
ttl: number;
|
||||
rrdatas: string[];
|
||||
zoneId: string;
|
||||
projectId: string;
|
||||
};
|
||||
|
||||
@IsDnsProvider({
|
||||
name: "google-cloud-dns",
|
||||
title: "Google Cloud DNS",
|
||||
desc: "Google Cloud DNS提供商",
|
||||
icon: "flat-color-icons:google",
|
||||
accessType: "google",
|
||||
order: 50,
|
||||
})
|
||||
export class GoogleCloudDnsProvider extends AbstractDnsProvider<GoogleCloudDnsRecord> {
|
||||
access!: GoogleAccess;
|
||||
projectId!: string;
|
||||
credentials!: any;
|
||||
envHttpsProxy: string = "";
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as GoogleAccess;
|
||||
if (!this.access.serviceAccountSecret) {
|
||||
throw new Error("服务账号密钥不能为空");
|
||||
}
|
||||
this.credentials = JSON.parse(this.access.serviceAccountSecret);
|
||||
this.projectId = this.credentials.project_id;
|
||||
this.logger.debug("Google Cloud DNS Provider 初始化成功");
|
||||
}
|
||||
|
||||
private async setupProxy() {
|
||||
if (this.access.httpsProxy) {
|
||||
this.envHttpsProxy = process.env.HTTPS_PROXY || "";
|
||||
process.env.HTTPS_PROXY = this.access.httpsProxy;
|
||||
}
|
||||
}
|
||||
|
||||
private async restoreProxy() {
|
||||
if (this.envHttpsProxy) {
|
||||
process.env.HTTPS_PROXY = this.envHttpsProxy;
|
||||
this.envHttpsProxy = "";
|
||||
}
|
||||
}
|
||||
|
||||
private async getGoogleDnsClient() {
|
||||
const { DNS } = await import("@google-cloud/dns");
|
||||
return new DNS({ credentials: this.credentials });
|
||||
}
|
||||
|
||||
private async findManagedZone(domain: string): Promise<any> {
|
||||
const dns = await this.getGoogleDnsClient();
|
||||
const [zones] = await dns.getZones();
|
||||
|
||||
// 查找匹配的托管区域
|
||||
const normalizedDomain = domain.endsWith(".") ? domain : domain + ".";
|
||||
for (const zone of zones) {
|
||||
const zoneDnsName = zone.metadata.dnsName;
|
||||
if (normalizedDomain.endsWith(zoneDnsName) || zoneDnsName === normalizedDomain) {
|
||||
return zone;
|
||||
}
|
||||
}
|
||||
throw new Error(`未找到域名 ${domain} 对应的托管区域`);
|
||||
}
|
||||
|
||||
private async getExistingRecord(zone: any, recordName: string, type: string): Promise<any> {
|
||||
const [records] = await zone.getRecords({
|
||||
name: recordName,
|
||||
type: type,
|
||||
});
|
||||
return records.length > 0 ? records[0] : null;
|
||||
}
|
||||
|
||||
// 去掉引号的辅助函数
|
||||
private stripQuotes(str: string): string {
|
||||
return str.replace(/^"|"$/g, "");
|
||||
}
|
||||
|
||||
// 添加引号的辅助函数(如果没有的话)
|
||||
private addQuotes(str: string): string {
|
||||
if (str.startsWith('"') && str.endsWith('"')) {
|
||||
return str;
|
||||
}
|
||||
return `"${str}"`;
|
||||
}
|
||||
// 比较值是否相等(忽略引号)
|
||||
private valuesEqual(a: string, b: string): boolean {
|
||||
return this.stripQuotes(a) === this.stripQuotes(b);
|
||||
}
|
||||
|
||||
async createRecord(options: CreateRecordOptions): Promise<GoogleCloudDnsRecord> {
|
||||
const { fullRecord, value, type, domain } = options;
|
||||
this.logger.info("Google Cloud DNS: 添加解析记录", fullRecord, value, type, domain);
|
||||
|
||||
await this.setupProxy();
|
||||
try {
|
||||
const zone = await this.findManagedZone(domain);
|
||||
const recordName = fullRecord.endsWith(".") ? fullRecord : fullRecord + ".";
|
||||
|
||||
// 检查是否已存在该记录集
|
||||
const existingRecord = await this.getExistingRecord(zone, recordName, type);
|
||||
|
||||
let newRrdatas: string[];
|
||||
let ttl: number;
|
||||
if (existingRecord) {
|
||||
// 记录已存在,追加新值
|
||||
this.logger.info("Google Cloud DNS: 记录已存在,追加新值");
|
||||
const existingRrdatas = existingRecord.metadata.rrdatas || [];
|
||||
|
||||
// 检查值是否已存在(忽略引号)
|
||||
const valueExists = existingRrdatas.some((existing: string) =>
|
||||
this.valuesEqual(existing, value)
|
||||
);
|
||||
|
||||
if (valueExists) {
|
||||
this.logger.info("Google Cloud DNS: 值已存在,无需重复添加", fullRecord, value);
|
||||
return {
|
||||
name: recordName,
|
||||
type: type,
|
||||
ttl: existingRecord.metadata.ttl,
|
||||
rrdatas: existingRrdatas,
|
||||
zoneId: zone.metadata.name,
|
||||
projectId: this.projectId,
|
||||
};
|
||||
}
|
||||
|
||||
newRrdatas = [...existingRrdatas, this.addQuotes(value)];
|
||||
ttl = existingRecord.metadata.ttl;
|
||||
} else {
|
||||
// 创建新记录,加上引号
|
||||
newRrdatas = [this.addQuotes(value)];
|
||||
ttl = 60;
|
||||
}
|
||||
|
||||
const changeConfig: any = {};
|
||||
|
||||
// 如果存在旧记录,需要先删除
|
||||
if (existingRecord) {
|
||||
// 使用Record对象格式
|
||||
changeConfig.delete = existingRecord;
|
||||
}
|
||||
|
||||
// 创建新的Record对象
|
||||
const newRecord = zone.record(type, {
|
||||
name: recordName,
|
||||
data: newRrdatas,
|
||||
ttl: ttl,
|
||||
});
|
||||
changeConfig.add = newRecord;
|
||||
|
||||
await zone.createChange(changeConfig);
|
||||
|
||||
this.logger.info("Google Cloud DNS: 解析记录创建成功", fullRecord);
|
||||
|
||||
return {
|
||||
name: recordName,
|
||||
type: type,
|
||||
ttl: ttl,
|
||||
rrdatas: newRrdatas, // 已经包含引号了
|
||||
zoneId: zone.metadata.name,
|
||||
projectId: this.projectId,
|
||||
};
|
||||
} finally {
|
||||
await this.restoreProxy();
|
||||
}
|
||||
}
|
||||
|
||||
async removeRecord(options: RemoveRecordOptions<GoogleCloudDnsRecord>): Promise<void> {
|
||||
const { fullRecord, value } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
this.logger.info("Google Cloud DNS: 删除解析记录", fullRecord, value);
|
||||
|
||||
if (!record) {
|
||||
this.logger.info("记录为空,不执行删除");
|
||||
return;
|
||||
}
|
||||
|
||||
await this.setupProxy();
|
||||
try {
|
||||
const dns = await this.getGoogleDnsClient();
|
||||
const zone = dns.zone(record.zoneId);
|
||||
const recordName = record.name;
|
||||
|
||||
// 先获取服务器最新的记录状态
|
||||
const existingRecord = await this.getExistingRecord(zone, recordName, record.type);
|
||||
|
||||
if (!existingRecord) {
|
||||
this.logger.info("Google Cloud DNS: 记录已不存在,无需删除", fullRecord);
|
||||
return;
|
||||
}
|
||||
|
||||
const currentRrdatas = existingRecord.metadata.rrdatas || [];
|
||||
|
||||
// 检查要删除的值是否存在(忽略引号)
|
||||
const valueIndex = currentRrdatas.findIndex((existing: string) =>
|
||||
this.valuesEqual(existing, value)
|
||||
);
|
||||
|
||||
if (valueIndex === -1) {
|
||||
this.logger.info("Google Cloud DNS: 要删除的值不存在", fullRecord, value);
|
||||
return;
|
||||
}
|
||||
|
||||
// 过滤掉要删除的值(精确匹配找到的那个,保持其他记录的原样)
|
||||
const newRrdatas = currentRrdatas.filter((_: string, i: number) => i !== valueIndex);
|
||||
|
||||
const changeConfig: any = {
|
||||
delete: existingRecord,
|
||||
};
|
||||
|
||||
if (newRrdatas.length > 0) {
|
||||
// 还有剩余值,添加更新后的记录
|
||||
const newRecord = zone.record(record.type, {
|
||||
name: recordName,
|
||||
data: newRrdatas,
|
||||
ttl: existingRecord.metadata.ttl,
|
||||
});
|
||||
changeConfig.add = newRecord;
|
||||
this.logger.info("Google Cloud DNS: 记录值已移除,剩余值", fullRecord, newRrdatas);
|
||||
} else {
|
||||
this.logger.info("Google Cloud DNS: 记录集已删除(无剩余值)", fullRecord);
|
||||
}
|
||||
|
||||
await zone.createChange(changeConfig);
|
||||
} catch (error: any) {
|
||||
this.logger.error("Google Cloud DNS: 删除解析记录失败", error.message);
|
||||
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
|
||||
} finally {
|
||||
await this.restoreProxy();
|
||||
}
|
||||
}
|
||||
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
await this.setupProxy();
|
||||
try {
|
||||
const pager = new Pager(req);
|
||||
const dns = await this.getGoogleDnsClient();
|
||||
const [zones] = await dns.getZones({
|
||||
maxResults: pager.pageSize,
|
||||
pageToken: pager.pageNo > 1 ? String(pager.pageNo) : undefined,
|
||||
});
|
||||
|
||||
const list: DomainRecord[] = zones.map((zone: any) => ({
|
||||
id: zone.metadata.name,
|
||||
domain: zone.metadata.dnsName.replace(/\.$/, ""), // 去掉结尾的点
|
||||
}));
|
||||
|
||||
// 简单的搜索过滤
|
||||
let filteredList = list;
|
||||
if (req.searchKey) {
|
||||
filteredList = list.filter((item) =>
|
||||
item.domain.toLowerCase().includes(req.searchKey.toLowerCase())
|
||||
);
|
||||
}
|
||||
|
||||
return {
|
||||
list: filteredList,
|
||||
total: zones.length,
|
||||
};
|
||||
} finally {
|
||||
await this.restoreProxy();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 实例化插件
|
||||
new GoogleCloudDnsProvider();
|
||||
@@ -0,0 +1 @@
|
||||
export * from "./dns-provider.js";
|
||||
@@ -0,0 +1,172 @@
|
||||
import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
|
||||
|
||||
/**
|
||||
* HiPM DNSMgr Access
|
||||
* 使用 API Token 认证(Bearer Token)
|
||||
*/
|
||||
@IsAccess({
|
||||
name: 'hipmdnsmgr',
|
||||
title: 'HiPM DNSMgr',
|
||||
icon: 'svg:icon-dns',
|
||||
desc: 'HiPM DNSMgr API Token 授权',
|
||||
})
|
||||
export class HipmDnsmgrAccess extends BaseAccess {
|
||||
@AccessInput({
|
||||
title: '服务器地址',
|
||||
component: {
|
||||
name: 'a-input',
|
||||
allowClear: true,
|
||||
placeholder: 'http://localhost:3001',
|
||||
},
|
||||
required: true,
|
||||
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001',
|
||||
})
|
||||
endpoint = '';
|
||||
|
||||
@AccessInput({
|
||||
title: 'API Token',
|
||||
required: true,
|
||||
encrypt: true,
|
||||
helper: '在 DNSMgr 设置 > API Token 中创建的令牌',
|
||||
})
|
||||
apiToken = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '测试连接',
|
||||
component: {
|
||||
name: 'api-test',
|
||||
action: 'TestRequest',
|
||||
},
|
||||
helper: '点击测试接口是否正常',
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
async onTestRequest() {
|
||||
await this.getDomainList();
|
||||
return '连接成功';
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名列表
|
||||
*/
|
||||
async getDomainList() {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名列表`);
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'GET',
|
||||
path: '/domains',
|
||||
params: {
|
||||
page: 1,
|
||||
pageSize: 100,
|
||||
},
|
||||
});
|
||||
|
||||
// DNSMgr 返回数组格式
|
||||
return resp?.map((item: any) => ({
|
||||
id: String(item.id),
|
||||
domain: item.name,
|
||||
...item,
|
||||
})) || [];
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名记录列表
|
||||
*/
|
||||
async getDomainRecords(domainId: string, params?: { type?: string; subdomain?: string; value?: string }) {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名记录列表:domainId=${domainId}`);
|
||||
|
||||
let path = `/domains/${domainId}/records?page=1&pageSize=100`;
|
||||
if (params?.type) path += `&type=${encodeURIComponent(params.type)}`;
|
||||
if (params?.subdomain) path += `&subdomain=${encodeURIComponent(params.subdomain)}`;
|
||||
if (params?.value) path += `&value=${encodeURIComponent(params.value)}`;
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'GET',
|
||||
path,
|
||||
});
|
||||
|
||||
return resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建 DNS 记录
|
||||
*/
|
||||
async createDnsRecord(domainId: string, name: string, value: string, type: string) {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 创建DNS记录:${name} ${type} ${value}`);
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'POST',
|
||||
path: `/domains/${domainId}/records`,
|
||||
data: {
|
||||
name,
|
||||
type,
|
||||
value,
|
||||
ttl: 600,
|
||||
line: '0',
|
||||
},
|
||||
});
|
||||
|
||||
return resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除 DNS 记录
|
||||
*/
|
||||
async deleteDnsRecord(domainId: string, recordId: string) {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 删除DNS记录:domainId=${domainId}, recordId=${recordId}`);
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'DELETE',
|
||||
path: `/domains/${domainId}/records/${recordId}`,
|
||||
});
|
||||
|
||||
return resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* 发送 HTTP 请求
|
||||
*/
|
||||
async doRequest(req: { method: string; path: string; data?: any; params?: any }) {
|
||||
// 处理 URL
|
||||
let baseUrl = this.endpoint.trim();
|
||||
baseUrl = baseUrl.replace(/\/$/, '');
|
||||
baseUrl = baseUrl.replace(/\/api$/, '');
|
||||
|
||||
let url = `${baseUrl}/api${req.path}`;
|
||||
|
||||
// 添加查询参数
|
||||
if (req.params) {
|
||||
const searchParams = new URLSearchParams();
|
||||
for (const [key, value] of Object.entries(req.params)) {
|
||||
if (value !== undefined && value !== null && value !== '') {
|
||||
searchParams.append(key, String(value));
|
||||
}
|
||||
}
|
||||
const queryString = searchParams.toString();
|
||||
if (queryString) {
|
||||
url += `?${queryString}`;
|
||||
}
|
||||
}
|
||||
|
||||
this.ctx.logger.debug(`[HiPM DNSMgr] 请求: ${req.method} ${url}`);
|
||||
|
||||
const res = await this.ctx.http.request({
|
||||
url,
|
||||
method: req.method,
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Authorization': `Bearer ${this.apiToken}`,
|
||||
},
|
||||
data: req.data,
|
||||
});
|
||||
|
||||
this.ctx.logger.debug(`[HiPM DNSMgr] 响应:`, res);
|
||||
|
||||
// DNSMgr API 返回格式: { code: 0, data: ..., msg: ... }
|
||||
if (res.code !== undefined && res.code !== 0) {
|
||||
throw new Error(res.msg || '请求失败');
|
||||
}
|
||||
|
||||
return res.data;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
export * from './hipmdnsmgr-access.js';
|
||||
@@ -0,0 +1,77 @@
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
import { HipmDnsmgrAccess } from '../access/hipmdnsmgr-access.js';
|
||||
|
||||
/**
|
||||
* HiPM DNSMgr DNS Provider
|
||||
* 用于 ACME DNS-01 挑战验证
|
||||
*/
|
||||
@IsDnsProvider({
|
||||
name: 'hipmdnsmgr',
|
||||
title: 'HiPM DNSMgr',
|
||||
desc: 'HiPM DNSMgr DNS 解析提供商',
|
||||
accessType: 'hipmdnsmgr',
|
||||
icon: 'svg:icon-dns',
|
||||
})
|
||||
export class HipmDnsmgrDnsProvider extends AbstractDnsProvider<{ domainId: string; recordId: string; name: string; value: string }> {
|
||||
access!: HipmDnsmgrAccess;
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as HipmDnsmgrAccess;
|
||||
this.logger.debug('[HiPM DNSMgr] 初始化完成');
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建 DNS 记录(用于 ACME DNS-01 验证)
|
||||
*/
|
||||
async createRecord(options: CreateRecordOptions): Promise<any> {
|
||||
const { fullRecord, hostRecord, value, type, domain } = options;
|
||||
this.logger.info('[HiPM DNSMgr] 添加域名解析:', fullRecord, value, type, domain);
|
||||
|
||||
// 1. 获取域名列表,找到对应的域名 ID
|
||||
const domainList = await this.access.getDomainList();
|
||||
const domainInfo = domainList.find((item: any) => item.domain === domain);
|
||||
|
||||
if (!domainInfo) {
|
||||
throw new Error(`[HiPM DNSMgr] 未找到域名:${domain}`);
|
||||
}
|
||||
|
||||
const domainId = String(domainInfo.id);
|
||||
this.logger.debug('[HiPM DNSMgr] 找到域名:', domain, 'ID:', domainId);
|
||||
|
||||
// 2. 创建 DNS 记录
|
||||
const name = hostRecord; // 使用子域名,如 _acme-challenge
|
||||
const res = await this.access.createDnsRecord(domainId, name, value, type);
|
||||
|
||||
this.logger.info('[HiPM DNSMgr] 添加域名解析成功:', JSON.stringify(options), res?.id);
|
||||
|
||||
// 返回记录信息,用于后续删除
|
||||
return {
|
||||
domainId,
|
||||
recordId: res?.id,
|
||||
name,
|
||||
value,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除 DNS 记录(ACME 验证完成后清理)
|
||||
*/
|
||||
async removeRecord(options: RemoveRecordOptions<{ domainId: string; recordId: string; name: string; value: string }>): Promise<void> {
|
||||
const { fullRecord, value } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
|
||||
this.logger.info('[HiPM DNSMgr] 删除域名解析:', fullRecord, value, record);
|
||||
|
||||
if (record && record.domainId && record.recordId) {
|
||||
try {
|
||||
await this.access.deleteDnsRecord(record.domainId, record.recordId);
|
||||
this.logger.info('[HiPM DNSMgr] 删除域名解析成功:', fullRecord, value);
|
||||
} catch (e: any) {
|
||||
// 记录可能已经被删除,忽略错误
|
||||
this.logger.warn('[HiPM DNSMgr] 删除域名解析失败(可能已不存在):', e.message);
|
||||
}
|
||||
} else {
|
||||
this.logger.warn('[HiPM DNSMgr] 无法删除记录,缺少 domainId 或 recordId');
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
export * from './hipmdnsmgr-dns-provider.js';
|
||||
@@ -0,0 +1,2 @@
|
||||
export * from './access/index.js';
|
||||
export * from './dns-provider/index.js';
|
||||
@@ -82,7 +82,7 @@ export class SshAccess extends BaseAccess {
|
||||
|
||||
@AccessInput({
|
||||
title: "伪终端",
|
||||
helper: "如果登录报错:all authentication methods failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
|
||||
helper: "如果登录报错:all authentication methods failed / unable to exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
|
||||
@@ -208,7 +208,7 @@ export class AsyncSsh2Client {
|
||||
let hasErrorLog = false;
|
||||
stream
|
||||
.on("close", (code: any, signal: any) => {
|
||||
this.logger.info(`[${this.connConf.host}][close]:code:${code}`);
|
||||
this.logger.info(`[${this.connConf.host}][close]:code=${code}`);
|
||||
/**
|
||||
* ]pipeline 执行命令:[10.123.0.2][exec]:cd /d D:\nginx-1.27.5 && D:\nginx-1.27.5\nginx.exe -t && D:\nginx-1.27.5\nginx.exe -s reload
|
||||
* [2025-07-09T10:24:11.219] [ERROR]pipeline - [10. 123.0. 2][error]: nginx: the configuration file D: \nginx-1.27. 5/conf/nginx. conf syntax is ok
|
||||
@@ -279,7 +279,7 @@ export class AsyncSsh2Client {
|
||||
}
|
||||
stream
|
||||
.on("close", (code: any) => {
|
||||
this.logger.info("Stream :: close,code: " + code);
|
||||
this.logger.info("Stream :: close,code = " + code);
|
||||
resolve(output);
|
||||
})
|
||||
.on("data", (ret: Buffer) => {
|
||||
|
||||
@@ -126,12 +126,12 @@ export class NextTerminalAccess extends BaseAccess {
|
||||
'Content-Type': 'application/json',
|
||||
};
|
||||
|
||||
|
||||
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${this.baseUrl}${req.url}`);
|
||||
const baseUrl = this.normalizeEndpoint(this.baseUrl);
|
||||
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${baseUrl}${req.url}`);
|
||||
|
||||
const resp = await this.ctx.http.request({
|
||||
url: req.url,
|
||||
baseURL: this.baseUrl,
|
||||
baseURL: baseUrl,
|
||||
method: req.method,
|
||||
headers,
|
||||
params: req.params,
|
||||
|
||||
@@ -0,0 +1,348 @@
|
||||
name: NginxProxyManagerDeploy
|
||||
icon: logos:nginx
|
||||
title: Nginx Proxy Manager-部署到主机
|
||||
group: panel
|
||||
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
|
||||
setting: null
|
||||
sysSetting: null
|
||||
type: custom
|
||||
disabled: false
|
||||
version: 1.0.0
|
||||
pluginType: deploy
|
||||
author: samler
|
||||
input:
|
||||
cert:
|
||||
title: 域名证书
|
||||
helper: 请选择前置任务产出的证书。
|
||||
component:
|
||||
name: output-selector
|
||||
from:
|
||||
- ':cert:'
|
||||
required: true
|
||||
order: 0
|
||||
certDomains:
|
||||
title: 证书域名
|
||||
component:
|
||||
name: cert-domains-getter
|
||||
mergeScript: |
|
||||
return {
|
||||
component: {
|
||||
inputKey: ctx.compute(({ form }) => {
|
||||
return form.cert;
|
||||
}),
|
||||
},
|
||||
}
|
||||
required: false
|
||||
order: 0
|
||||
accessId:
|
||||
title: NPM授权
|
||||
component:
|
||||
name: access-selector
|
||||
type: samler/nginxProxyManager
|
||||
helper: 选择用于部署的 Nginx Proxy Manager 授权。
|
||||
required: true
|
||||
order: 0
|
||||
proxyHostIds:
|
||||
title: 代理主机
|
||||
component:
|
||||
name: remote-select
|
||||
vModel: value
|
||||
mode: tags
|
||||
type: plugin
|
||||
action: onGetProxyHostOptions
|
||||
search: true
|
||||
pager: false
|
||||
multi: true
|
||||
watches:
|
||||
- certDomains
|
||||
- accessId
|
||||
required: true
|
||||
helper: 选择要绑定此证书的一个或多个代理主机。
|
||||
mergeScript: |
|
||||
return {
|
||||
component: {
|
||||
form: ctx.compute(({ form }) => {
|
||||
return form;
|
||||
}),
|
||||
},
|
||||
}
|
||||
order: 0
|
||||
certificateLabel:
|
||||
title: 证书标识
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: certd_npm_example_com
|
||||
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>.
|
||||
required: false
|
||||
order: 0
|
||||
cleanupMatchingCertificates:
|
||||
title: 自动清理未使用证书
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
|
||||
required: false
|
||||
order: 0
|
||||
output: {}
|
||||
default:
|
||||
strategy:
|
||||
runStrategy: 1
|
||||
showRunStrategy: false
|
||||
content: |
|
||||
const { AbstractTaskPlugin } = await import("@certd/pipeline");
|
||||
const { CertReader } = await import("@certd/plugin-cert");
|
||||
|
||||
function normalizeDomain(domain) {
|
||||
return String(domain ?? "").trim().toLowerCase();
|
||||
}
|
||||
|
||||
function wildcardMatches(pattern, candidate) {
|
||||
if (!pattern.startsWith("*.")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const suffix = pattern.slice(1).toLowerCase();
|
||||
return candidate.endsWith(suffix);
|
||||
}
|
||||
|
||||
function isDomainMatch(left, right) {
|
||||
const normalizedLeft = normalizeDomain(left);
|
||||
const normalizedRight = normalizeDomain(right);
|
||||
|
||||
return (
|
||||
normalizedLeft === normalizedRight ||
|
||||
wildcardMatches(normalizedLeft, normalizedRight) ||
|
||||
wildcardMatches(normalizedRight, normalizedLeft)
|
||||
);
|
||||
}
|
||||
|
||||
function normalizeDomainIdentity(domain) {
|
||||
return normalizeDomain(domain).replace(/^\*\./, "");
|
||||
}
|
||||
|
||||
function certificateHasBindings(certificate) {
|
||||
return (
|
||||
(certificate.proxy_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.dead_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.streams?.length ?? 0) > 0
|
||||
);
|
||||
}
|
||||
|
||||
function sanitizeDomainSegment(value) {
|
||||
const sanitized = String(value ?? "")
|
||||
.trim()
|
||||
.toLowerCase()
|
||||
.replace(/[^a-z0-9]+/g, "_")
|
||||
.replace(/^_+|_+$/g, "")
|
||||
.replace(/_+/g, "_");
|
||||
|
||||
return sanitized || "unknown";
|
||||
}
|
||||
|
||||
function buildDefaultCertificateLabel(cert) {
|
||||
const mainDomain = CertReader.getMainDomain(cert.crt);
|
||||
return `certd_npm_${sanitizeDomainSegment(mainDomain)}`;
|
||||
}
|
||||
|
||||
function normalizeStringList(input) {
|
||||
if (Array.isArray(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
if (input == null || input === "") {
|
||||
return [];
|
||||
}
|
||||
|
||||
return [input];
|
||||
}
|
||||
|
||||
function resolveCertificateDomains(cert, configuredDomains) {
|
||||
const configured = normalizeStringList(configuredDomains)
|
||||
.map((value) => String(value).trim())
|
||||
.filter(Boolean);
|
||||
|
||||
if (configured.length > 0) {
|
||||
return Array.from(new Set(configured));
|
||||
}
|
||||
|
||||
return new CertReader(cert).getAllDomains();
|
||||
}
|
||||
|
||||
function buildProxyHostLabel(host) {
|
||||
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
|
||||
return `${domains} <#${host.id}>`;
|
||||
}
|
||||
|
||||
function hasAnyCertDomainMatch(host, certDomains) {
|
||||
if (!certDomains.length) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const hostDomains = host.domain_names ?? [];
|
||||
return hostDomains.some((hostDomain) => certDomains.some((certDomain) => isDomainMatch(hostDomain, certDomain)));
|
||||
}
|
||||
|
||||
function buildProxyHostOptions(hosts, certDomains) {
|
||||
const sortedHosts = [...hosts].sort((left, right) => {
|
||||
return buildProxyHostLabel(left).localeCompare(buildProxyHostLabel(right));
|
||||
});
|
||||
|
||||
const matched = [];
|
||||
const unmatched = [];
|
||||
|
||||
for (const host of sortedHosts) {
|
||||
const option = {
|
||||
label: buildProxyHostLabel(host),
|
||||
value: String(host.id),
|
||||
domain: host.domain_names?.[0] ?? "",
|
||||
};
|
||||
|
||||
if (hasAnyCertDomainMatch(host, certDomains)) {
|
||||
matched.push(option);
|
||||
} else {
|
||||
unmatched.push(option);
|
||||
}
|
||||
}
|
||||
|
||||
if (matched.length && unmatched.length) {
|
||||
return [
|
||||
{
|
||||
label: "匹配证书域名的主机",
|
||||
options: matched,
|
||||
},
|
||||
{
|
||||
label: "其他代理主机",
|
||||
options: unmatched,
|
||||
},
|
||||
];
|
||||
}
|
||||
|
||||
return matched.length ? matched : unmatched;
|
||||
}
|
||||
|
||||
function normalizeProxyHostIds(proxyHostIds) {
|
||||
return Array.from(
|
||||
new Set(
|
||||
normalizeStringList(proxyHostIds)
|
||||
.map((value) => Number.parseInt(String(value), 10))
|
||||
.filter((value) => Number.isInteger(value) && value > 0),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
return class NpmDeployToProxyHosts extends AbstractTaskPlugin {
|
||||
cert;
|
||||
certDomains;
|
||||
accessId;
|
||||
proxyHostIds;
|
||||
certificateLabel;
|
||||
cleanupMatchingCertificates = false;
|
||||
|
||||
async execute() {
|
||||
const access = await this.getAccess(this.accessId);
|
||||
const client = access.createClient();
|
||||
const proxyHostIds = normalizeProxyHostIds(this.proxyHostIds);
|
||||
|
||||
if (proxyHostIds.length === 0) {
|
||||
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
|
||||
}
|
||||
|
||||
const certificateLabel = this.certificateLabel?.trim() || buildDefaultCertificateLabel(this.cert);
|
||||
const certificateDomains = resolveCertificateDomains(this.cert, this.certDomains);
|
||||
|
||||
let certificate = await client.findCustomCertificateByNiceName(certificateLabel);
|
||||
if (!certificate) {
|
||||
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
|
||||
certificate = await client.createCustomCertificate(certificateLabel, certificateDomains);
|
||||
} else {
|
||||
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
|
||||
}
|
||||
|
||||
await client.uploadCertificate(certificate.id, {
|
||||
certificate: this.cert.crt,
|
||||
certificateKey: this.cert.key,
|
||||
intermediateCertificate: this.cert.ic,
|
||||
});
|
||||
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
|
||||
|
||||
for (const proxyHostId of proxyHostIds) {
|
||||
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
|
||||
try {
|
||||
await client.assignCertificateToProxyHost(proxyHostId, certificate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (this.cleanupMatchingCertificates === true) {
|
||||
await this.cleanupOldCertificates(client, certificate.id);
|
||||
}
|
||||
|
||||
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
|
||||
}
|
||||
|
||||
async onGetProxyHostOptions(req = {}) {
|
||||
if (!this.accessId) {
|
||||
throw new Error("请先选择 Nginx Proxy Manager 授权");
|
||||
}
|
||||
|
||||
const access = await this.getAccess(this.accessId);
|
||||
const proxyHosts = await access.getProxyHostList(req);
|
||||
return buildProxyHostOptions(proxyHosts, normalizeStringList(this.certDomains));
|
||||
}
|
||||
|
||||
async cleanupOldCertificates(client, currentCertificateId) {
|
||||
const certificates = await client.getCertificatesWithExpand(undefined, [
|
||||
"proxy_hosts",
|
||||
"redirection_hosts",
|
||||
"dead_hosts",
|
||||
"streams",
|
||||
]);
|
||||
|
||||
const candidates = certificates.filter((certificate) => {
|
||||
return certificate.id !== currentCertificateId;
|
||||
});
|
||||
|
||||
if (candidates.length === 0) {
|
||||
this.logger.info("未发现可自动清理的旧证书");
|
||||
return;
|
||||
}
|
||||
|
||||
const deletedIds = [];
|
||||
const skippedInUse = [];
|
||||
const failedDeletes = [];
|
||||
|
||||
for (const candidate of candidates) {
|
||||
if (certificateHasBindings(candidate)) {
|
||||
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
|
||||
continue;
|
||||
}
|
||||
|
||||
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
|
||||
try {
|
||||
await client.deleteCertificate(candidate.id);
|
||||
deletedIds.push(candidate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (deletedIds.length > 0) {
|
||||
this.logger.info(`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds.map((id) => `#${id}`).join(", ")}`);
|
||||
} else {
|
||||
this.logger.info("未删除任何旧证书");
|
||||
}
|
||||
|
||||
if (skippedInUse.length > 0) {
|
||||
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
|
||||
}
|
||||
|
||||
if (failedDeletes.length > 0) {
|
||||
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
|
||||
}
|
||||
}
|
||||
};
|
||||
@@ -0,0 +1,366 @@
|
||||
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
|
||||
import FormData from "form-data";
|
||||
import { authenticator } from "otplib";
|
||||
|
||||
export interface ProxyHost {
|
||||
id: number;
|
||||
domain_names?: string[];
|
||||
certificate_id?: number;
|
||||
proxy_hosts?: unknown[];
|
||||
redirection_hosts?: unknown[];
|
||||
dead_hosts?: unknown[];
|
||||
streams?: unknown[];
|
||||
}
|
||||
|
||||
export interface Certificate {
|
||||
id: number;
|
||||
nice_name: string;
|
||||
provider: string;
|
||||
domain_names?: string[];
|
||||
proxy_hosts?: unknown[];
|
||||
redirection_hosts?: unknown[];
|
||||
dead_hosts?: unknown[];
|
||||
streams?: unknown[];
|
||||
}
|
||||
|
||||
interface TokenResponse {
|
||||
token?: string;
|
||||
requires_2fa?: boolean;
|
||||
challenge_token?: string;
|
||||
}
|
||||
|
||||
@IsAccess({
|
||||
name: "nginxProxyManager",
|
||||
title: "Nginx Proxy Manager 授权",
|
||||
desc: "用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。",
|
||||
icon: "logos:nginx",
|
||||
})
|
||||
export class NginxProxyManagerAccess extends BaseAccess {
|
||||
@AccessInput({
|
||||
title: "NPM 地址",
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: "https://npm.example.com",
|
||||
},
|
||||
helper: "请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。",
|
||||
required: true,
|
||||
})
|
||||
endpoint = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "邮箱",
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: "admin@example.com",
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
email = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "密码",
|
||||
component: {
|
||||
name: "a-input-password",
|
||||
allowClear: true,
|
||||
placeholder: "请输入密码",
|
||||
},
|
||||
required: true,
|
||||
encrypt: true,
|
||||
})
|
||||
password = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "TOTP 密钥",
|
||||
component: {
|
||||
name: "a-input-password",
|
||||
allowClear: true,
|
||||
placeholder: "Optional base32 TOTP secret",
|
||||
},
|
||||
helper: "当 Nginx Proxy Manager 账号开启 2FA 时必填。",
|
||||
required: false,
|
||||
encrypt: true,
|
||||
})
|
||||
totpSecret = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "忽略无效 TLS",
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
},
|
||||
helper: "仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。",
|
||||
required: false,
|
||||
})
|
||||
ignoreTls = false;
|
||||
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
name: "api-test",
|
||||
action: "onTestRequest",
|
||||
},
|
||||
helper: "测试登录并拉取代理主机列表。",
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
private token: string | undefined;
|
||||
private tokenPromise: Promise<string> | undefined;
|
||||
|
||||
normalizeEndpoint(endpoint: string): string {
|
||||
const trimmed = String(endpoint ?? "").trim();
|
||||
if (!trimmed) {
|
||||
throw new Error("Nginx Proxy Manager 地址不能为空");
|
||||
}
|
||||
|
||||
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
|
||||
return withoutTrailingSlash.endsWith("/api")
|
||||
? withoutTrailingSlash.slice(0, -4)
|
||||
: withoutTrailingSlash;
|
||||
}
|
||||
|
||||
private describeError(error: unknown, action: string): Error {
|
||||
if (error instanceof Error) {
|
||||
return new Error(`${action} failed: ${error.message}`);
|
||||
}
|
||||
return new Error(`${action} failed`);
|
||||
}
|
||||
|
||||
private get apiBaseUrl(): string {
|
||||
const endpoint = this.normalizeEndpoint(this.endpoint);
|
||||
return `${endpoint}/api`;
|
||||
}
|
||||
|
||||
async verifyAccess(): Promise<{ proxyHostCount: number }> {
|
||||
const proxyHosts = await this.getProxyHosts();
|
||||
return {
|
||||
proxyHostCount: proxyHosts.length,
|
||||
};
|
||||
}
|
||||
|
||||
async getProxyHosts(searchQuery?: string): Promise<ProxyHost[]> {
|
||||
return await this.requestWithAuth<ProxyHost[]>({
|
||||
method: "GET",
|
||||
url: "/nginx/proxy-hosts",
|
||||
params: {
|
||||
expand: "certificate",
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificates(searchQuery?: string): Promise<Certificate[]> {
|
||||
return await this.requestWithAuth<Certificate[]>({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: searchQuery ? { query: searchQuery } : undefined,
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificatesWithExpand(
|
||||
searchQuery?: string,
|
||||
expand: string[] = []
|
||||
): Promise<Certificate[]> {
|
||||
return await this.requestWithAuth<Certificate[]>({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: {
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
...(expand.length > 0 ? { expand: expand.join(", ") } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async findCustomCertificateByNiceName(niceName: string): Promise<Certificate | undefined> {
|
||||
const certificates = await this.getCertificates(niceName);
|
||||
return certificates.find((certificate) => {
|
||||
return certificate.provider === "other" && certificate.nice_name === niceName;
|
||||
});
|
||||
}
|
||||
|
||||
async createCustomCertificate(
|
||||
niceName: string,
|
||||
domainNames: string[] = []
|
||||
): Promise<Certificate> {
|
||||
return await this.requestWithAuth<Certificate>({
|
||||
method: "POST",
|
||||
url: "/nginx/certificates",
|
||||
data: {
|
||||
provider: "other",
|
||||
nice_name: niceName,
|
||||
domain_names: domainNames,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async deleteCertificate(certificateId: number): Promise<void> {
|
||||
await this.requestWithAuth<void>({
|
||||
method: "DELETE",
|
||||
url: `/nginx/certificates/${certificateId}`,
|
||||
});
|
||||
}
|
||||
|
||||
async uploadCertificate(
|
||||
certificateId: number,
|
||||
payload: {
|
||||
certificate: string;
|
||||
certificateKey: string;
|
||||
intermediateCertificate?: string;
|
||||
}
|
||||
): Promise<void> {
|
||||
const form = new FormData();
|
||||
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
|
||||
filename: "fullchain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
|
||||
filename: "privkey.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
if (payload.intermediateCertificate) {
|
||||
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
|
||||
filename: "chain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
}
|
||||
|
||||
await this.requestWithAuth<void>({
|
||||
method: "POST",
|
||||
url: `/nginx/certificates/${certificateId}/upload`,
|
||||
data: form,
|
||||
headers: form.getHeaders(),
|
||||
});
|
||||
}
|
||||
|
||||
async assignCertificateToProxyHost(hostId: number, certificateId: number): Promise<void> {
|
||||
await this.requestWithAuth<void>({
|
||||
method: "PUT",
|
||||
url: `/nginx/proxy-hosts/${hostId}`,
|
||||
data: {
|
||||
certificate_id: certificateId,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
private async login(): Promise<string> {
|
||||
if (this.token) {
|
||||
return this.token;
|
||||
}
|
||||
|
||||
if (!this.tokenPromise) {
|
||||
this.tokenPromise = this.performLogin().finally(() => {
|
||||
this.tokenPromise = undefined;
|
||||
});
|
||||
}
|
||||
|
||||
this.token = await this.tokenPromise;
|
||||
return this.token;
|
||||
}
|
||||
|
||||
private async performLogin(): Promise<string> {
|
||||
const initialLogin = await this.request<TokenResponse>({
|
||||
method: "POST",
|
||||
url: "/tokens",
|
||||
data: {
|
||||
identity: this.email,
|
||||
secret: this.password,
|
||||
},
|
||||
});
|
||||
|
||||
if (initialLogin.token) {
|
||||
return initialLogin.token;
|
||||
}
|
||||
|
||||
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
|
||||
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
if (!this.totpSecret) {
|
||||
throw new Error(
|
||||
"登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret"
|
||||
);
|
||||
}
|
||||
|
||||
let code: string;
|
||||
try {
|
||||
code = authenticator.generate(this.totpSecret);
|
||||
} catch (error) {
|
||||
throw this.describeError(error, "Generating TOTP code");
|
||||
}
|
||||
|
||||
const completedLogin = await this.request<TokenResponse>({
|
||||
method: "POST",
|
||||
url: "/tokens/2fa",
|
||||
data: {
|
||||
challenge_token: initialLogin.challenge_token,
|
||||
code,
|
||||
},
|
||||
});
|
||||
|
||||
if (!completedLogin.token) {
|
||||
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
return completedLogin.token;
|
||||
}
|
||||
|
||||
private async requestWithAuth<T>(config: {
|
||||
method: string;
|
||||
url: string;
|
||||
params?: Record<string, unknown>;
|
||||
data?: unknown;
|
||||
headers?: Record<string, string>;
|
||||
}): Promise<T> {
|
||||
const token = await this.login();
|
||||
const headers = {
|
||||
...(config.headers ?? {}),
|
||||
Authorization: `Bearer ${token}`,
|
||||
};
|
||||
|
||||
return await this.request<T>({
|
||||
...config,
|
||||
headers,
|
||||
});
|
||||
}
|
||||
|
||||
private async request<T>(config: {
|
||||
method: string;
|
||||
url: string;
|
||||
params?: Record<string, unknown>;
|
||||
data?: unknown;
|
||||
headers?: Record<string, string>;
|
||||
}): Promise<T> {
|
||||
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
|
||||
try {
|
||||
const response = await this.ctx.http.request({
|
||||
url: `${this.apiBaseUrl}${config.url}`,
|
||||
method: config.method,
|
||||
params: config.params,
|
||||
data: config.data,
|
||||
headers: config.headers,
|
||||
timeout: 30000,
|
||||
httpsAgent: this.ignoreTls ? {
|
||||
rejectUnauthorized: false
|
||||
} : undefined,
|
||||
});
|
||||
return response;
|
||||
} catch (error) {
|
||||
throw this.describeError(error, action);
|
||||
}
|
||||
}
|
||||
|
||||
async onTestRequest(): Promise<string> {
|
||||
const result = await this.verifyAccess();
|
||||
this.ctx.logger.info(
|
||||
`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`
|
||||
);
|
||||
return `成功(${result.proxyHostCount} 个代理主机)`;
|
||||
}
|
||||
|
||||
async getProxyHostList(req: { searchKey?: string } = {}): Promise<ProxyHost[]> {
|
||||
return await this.getProxyHosts(req.searchKey);
|
||||
}
|
||||
}
|
||||
|
||||
new NginxProxyManagerAccess();
|
||||
@@ -0,0 +1,2 @@
|
||||
export * from "./plugins/index.js";
|
||||
export * from "./access.js";
|
||||
@@ -0,0 +1,344 @@
|
||||
name: nginxProxyManager
|
||||
icon: logos:nginx
|
||||
title: Nginx Proxy Manager 授权
|
||||
group: null
|
||||
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
|
||||
setting: null
|
||||
sysSetting: null
|
||||
type: custom
|
||||
disabled: false
|
||||
version: 1.0.0
|
||||
pluginType: access
|
||||
author: samler
|
||||
input:
|
||||
endpoint:
|
||||
title: NPM 地址
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: https://npm.example.com
|
||||
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
|
||||
required: true
|
||||
email:
|
||||
title: 邮箱
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: admin@example.com
|
||||
required: true
|
||||
password:
|
||||
title: 密码
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: 请输入密码
|
||||
required: true
|
||||
encrypt: true
|
||||
totpSecret:
|
||||
title: TOTP 密钥
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: Optional base32 TOTP secret
|
||||
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
|
||||
required: false
|
||||
encrypt: true
|
||||
ignoreTls:
|
||||
title: 忽略无效 TLS
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
|
||||
required: false
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
name: api-test
|
||||
action: TestRequest
|
||||
helper: 测试登录并拉取代理主机列表。
|
||||
content: |
|
||||
const { BaseAccess } = await import("@certd/pipeline");
|
||||
const httpsModule = await import("node:https");
|
||||
const { URL } = await import("node:url");
|
||||
const axiosModule = await import("axios");
|
||||
const formDataModule = await import("form-data");
|
||||
const { authenticator } = await import("otplib");
|
||||
|
||||
const https = httpsModule.default ?? httpsModule;
|
||||
const axios = axiosModule.default ?? axiosModule;
|
||||
const FormData = formDataModule.default ?? formDataModule;
|
||||
|
||||
function normalizeEndpoint(endpoint) {
|
||||
const trimmed = String(endpoint ?? "").trim();
|
||||
if (!trimmed) {
|
||||
throw new Error("Nginx Proxy Manager 地址不能为空");
|
||||
}
|
||||
|
||||
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
|
||||
return withoutTrailingSlash.endsWith("/api")
|
||||
? withoutTrailingSlash.slice(0, -4)
|
||||
: withoutTrailingSlash;
|
||||
}
|
||||
|
||||
function buildHttpsAgent(endpoint, ignoreTls) {
|
||||
const url = new URL(endpoint);
|
||||
if (url.protocol !== "https:") {
|
||||
return undefined;
|
||||
}
|
||||
|
||||
return new https.Agent({
|
||||
rejectUnauthorized: !ignoreTls,
|
||||
});
|
||||
}
|
||||
|
||||
function describeError(error, action) {
|
||||
if (axios.isAxiosError(error)) {
|
||||
const status = error.response?.status;
|
||||
const data = error.response?.data;
|
||||
const message =
|
||||
data?.error?.message ||
|
||||
data?.error ||
|
||||
data?.message ||
|
||||
(typeof data === "string" ? data : null) ||
|
||||
error.message;
|
||||
return new Error(`${action} failed${status ? ` (${status})` : ""}: ${message}`);
|
||||
}
|
||||
|
||||
if (error instanceof Error) {
|
||||
return new Error(`${action} failed: ${error.message}`);
|
||||
}
|
||||
|
||||
return new Error(`${action} failed`);
|
||||
}
|
||||
|
||||
class NginxProxyManagerClient {
|
||||
constructor(options) {
|
||||
this.options = options;
|
||||
this.endpoint = normalizeEndpoint(options.endpoint);
|
||||
this.apiBaseUrl = `${this.endpoint}/api`;
|
||||
this.token = undefined;
|
||||
this.tokenPromise = undefined;
|
||||
this.httpClient = axios.create({
|
||||
baseURL: this.apiBaseUrl,
|
||||
timeout: 30000,
|
||||
maxBodyLength: Infinity,
|
||||
maxContentLength: Infinity,
|
||||
httpsAgent: buildHttpsAgent(this.endpoint, options.ignoreTls === true),
|
||||
headers: {
|
||||
Accept: "application/json",
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async verifyAccess() {
|
||||
const proxyHosts = await this.getProxyHosts();
|
||||
return {
|
||||
proxyHostCount: proxyHosts.length,
|
||||
};
|
||||
}
|
||||
|
||||
async getProxyHosts(searchQuery) {
|
||||
return await this.requestWithAuth({
|
||||
method: "GET",
|
||||
url: "/nginx/proxy-hosts",
|
||||
params: {
|
||||
expand: "certificate",
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificates(searchQuery) {
|
||||
return await this.requestWithAuth({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: searchQuery ? { query: searchQuery } : undefined,
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificatesWithExpand(searchQuery, expand = []) {
|
||||
return await this.requestWithAuth({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: {
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
...(expand.length > 0 ? { expand: expand.join(",") } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async findCustomCertificateByNiceName(niceName) {
|
||||
const certificates = await this.getCertificates(niceName);
|
||||
return certificates.find((certificate) => {
|
||||
return certificate.provider === "other" && certificate.nice_name === niceName;
|
||||
});
|
||||
}
|
||||
|
||||
async createCustomCertificate(niceName, domainNames = []) {
|
||||
return await this.requestWithAuth({
|
||||
method: "POST",
|
||||
url: "/nginx/certificates",
|
||||
data: {
|
||||
provider: "other",
|
||||
nice_name: niceName,
|
||||
domain_names: domainNames,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async deleteCertificate(certificateId) {
|
||||
await this.requestWithAuth({
|
||||
method: "DELETE",
|
||||
url: `/nginx/certificates/${certificateId}`,
|
||||
});
|
||||
}
|
||||
|
||||
async uploadCertificate(certificateId, payload) {
|
||||
const form = new FormData();
|
||||
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
|
||||
filename: "fullchain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
|
||||
filename: "privkey.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
if (payload.intermediateCertificate) {
|
||||
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
|
||||
filename: "chain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
}
|
||||
|
||||
await this.requestWithAuth({
|
||||
method: "POST",
|
||||
url: `/nginx/certificates/${certificateId}/upload`,
|
||||
data: form,
|
||||
headers: form.getHeaders(),
|
||||
});
|
||||
}
|
||||
|
||||
async assignCertificateToProxyHost(hostId, certificateId) {
|
||||
await this.requestWithAuth({
|
||||
method: "PUT",
|
||||
url: `/nginx/proxy-hosts/${hostId}`,
|
||||
data: {
|
||||
certificate_id: certificateId,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async login() {
|
||||
if (this.token) {
|
||||
return this.token;
|
||||
}
|
||||
|
||||
if (!this.tokenPromise) {
|
||||
this.tokenPromise = this.performLogin().finally(() => {
|
||||
this.tokenPromise = undefined;
|
||||
});
|
||||
}
|
||||
|
||||
this.token = await this.tokenPromise;
|
||||
return this.token;
|
||||
}
|
||||
|
||||
async performLogin() {
|
||||
const initialLogin = await this.request({
|
||||
method: "POST",
|
||||
url: "/tokens",
|
||||
data: {
|
||||
identity: this.options.email,
|
||||
secret: this.options.password,
|
||||
},
|
||||
});
|
||||
|
||||
if (initialLogin.token) {
|
||||
return initialLogin.token;
|
||||
}
|
||||
|
||||
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
|
||||
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
if (!this.options.totpSecret) {
|
||||
throw new Error("登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret");
|
||||
}
|
||||
|
||||
let code;
|
||||
try {
|
||||
code = authenticator.generate(this.options.totpSecret);
|
||||
} catch (error) {
|
||||
throw describeError(error, "Generating TOTP code");
|
||||
}
|
||||
|
||||
const completedLogin = await this.request({
|
||||
method: "POST",
|
||||
url: "/tokens/2fa",
|
||||
data: {
|
||||
challenge_token: initialLogin.challenge_token,
|
||||
code,
|
||||
},
|
||||
});
|
||||
|
||||
if (!completedLogin.token) {
|
||||
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
return completedLogin.token;
|
||||
}
|
||||
|
||||
async requestWithAuth(config) {
|
||||
const token = await this.login();
|
||||
const headers = {
|
||||
...(config.headers ?? {}),
|
||||
Authorization: `Bearer ${token}`,
|
||||
};
|
||||
|
||||
return await this.request({
|
||||
...config,
|
||||
headers,
|
||||
});
|
||||
}
|
||||
|
||||
async request(config) {
|
||||
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
|
||||
try {
|
||||
const response = await this.httpClient.request(config);
|
||||
return response.data;
|
||||
} catch (error) {
|
||||
throw describeError(error, action);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return class NginxProxyManagerAccess extends BaseAccess {
|
||||
endpoint = "";
|
||||
email = "";
|
||||
password = "";
|
||||
totpSecret = "";
|
||||
ignoreTls = false;
|
||||
testRequest = true;
|
||||
|
||||
createClient() {
|
||||
return new NginxProxyManagerClient({
|
||||
endpoint: this.endpoint,
|
||||
email: this.email,
|
||||
password: this.password,
|
||||
totpSecret: this.totpSecret || undefined,
|
||||
ignoreTls: this.ignoreTls === true,
|
||||
});
|
||||
}
|
||||
|
||||
async onTestRequest() {
|
||||
const client = this.createClient();
|
||||
const result = await client.verifyAccess();
|
||||
this.ctx.logger.info(`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`);
|
||||
return `成功(${result.proxyHostCount} 个代理主机)`;
|
||||
}
|
||||
|
||||
async getProxyHostList(req = {}) {
|
||||
const client = this.createClient();
|
||||
return await client.getProxyHosts(req.searchKey);
|
||||
}
|
||||
};
|
||||
@@ -0,0 +1 @@
|
||||
export * from "./plugin-deploy-to-proxy-hosts.js";
|
||||
@@ -0,0 +1,343 @@
|
||||
import {
|
||||
AbstractTaskPlugin,
|
||||
IsTaskPlugin,
|
||||
pluginGroups,
|
||||
RunStrategy,
|
||||
TaskInput,
|
||||
} from "@certd/pipeline";
|
||||
import { CertInfo, CertReader, createCertDomainGetterInputDefine } from "@certd/plugin-cert";
|
||||
import { NginxProxyManagerAccess, ProxyHost } from "../access.js";
|
||||
|
||||
interface ProxyHostOption {
|
||||
label: string;
|
||||
value: string;
|
||||
domain: string;
|
||||
}
|
||||
|
||||
@IsTaskPlugin({
|
||||
name: "NginxProxyManagerDeploy",
|
||||
title: "Nginx Proxy Manager-部署到主机",
|
||||
desc: "上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。",
|
||||
icon: "logos:nginx",
|
||||
group: pluginGroups.panel.key,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
|
||||
@TaskInput({
|
||||
title: "域名证书",
|
||||
helper: "请选择前置任务产出的证书。",
|
||||
component: {
|
||||
name: "output-selector",
|
||||
from: [":cert:"],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo;
|
||||
|
||||
@TaskInput(createCertDomainGetterInputDefine())
|
||||
certDomains!: string[];
|
||||
|
||||
@TaskInput({
|
||||
title: "NPM授权",
|
||||
component: {
|
||||
name: "access-selector",
|
||||
type: "nginxProxyManager",
|
||||
},
|
||||
helper: "选择用于部署的 Nginx Proxy Manager 授权。",
|
||||
required: true,
|
||||
})
|
||||
accessId!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "代理主机",
|
||||
component: {
|
||||
name: "remote-select",
|
||||
vModel: "value",
|
||||
mode: "tags",
|
||||
type: "plugin",
|
||||
action: "onGetProxyHostOptions",
|
||||
search: true,
|
||||
pager: false,
|
||||
multi: true,
|
||||
watches: ["certDomains", "accessId"],
|
||||
},
|
||||
helper: "选择要绑定此证书的一个或多个代理主机。",
|
||||
required: true,
|
||||
})
|
||||
proxyHostIds!: string | string[];
|
||||
|
||||
@TaskInput({
|
||||
title: "证书标识",
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: "certd_npm_example_com",
|
||||
},
|
||||
helper: "可选。留空时默认使用 certd_npm_<主域名规范化>。",
|
||||
required: false,
|
||||
})
|
||||
certificateLabel?: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "自动清理未使用证书",
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
},
|
||||
helper: "部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。",
|
||||
required: false,
|
||||
})
|
||||
cleanupMatchingCertificates = false;
|
||||
|
||||
private normalizeDomain(domain: string): string {
|
||||
return String(domain ?? "").trim().toLowerCase();
|
||||
}
|
||||
|
||||
private wildcardMatches(pattern: string, candidate: string): boolean {
|
||||
if (!pattern.startsWith("*.")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const suffix = pattern.slice(1).toLowerCase();
|
||||
return candidate.endsWith(suffix);
|
||||
}
|
||||
|
||||
private isDomainMatch(left: string, right: string): boolean {
|
||||
const normalizedLeft = this.normalizeDomain(left);
|
||||
const normalizedRight = this.normalizeDomain(right);
|
||||
|
||||
return (
|
||||
normalizedLeft === normalizedRight ||
|
||||
this.wildcardMatches(normalizedLeft, normalizedRight) ||
|
||||
this.wildcardMatches(normalizedRight, normalizedLeft)
|
||||
);
|
||||
}
|
||||
|
||||
private sanitizeDomainSegment(value: string): string {
|
||||
const sanitized = String(value ?? "")
|
||||
.trim()
|
||||
.toLowerCase()
|
||||
.replace(/[^a-z0-9]+/g, "_")
|
||||
.replace(/^_+|_+$/g, "")
|
||||
.replace(/_+/g, "_");
|
||||
|
||||
return sanitized || "unknown";
|
||||
}
|
||||
|
||||
private buildDefaultCertificateLabel(cert: CertInfo): string {
|
||||
const mainDomain = CertReader.getMainDomain(cert.crt);
|
||||
return `certd_npm_${this.sanitizeDomainSegment(mainDomain)}`;
|
||||
}
|
||||
|
||||
private normalizeStringList(input: string | string[] | null | undefined): string[] {
|
||||
if (Array.isArray(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
if (input == null || input === "") {
|
||||
return [];
|
||||
}
|
||||
|
||||
return [input];
|
||||
}
|
||||
|
||||
private resolveCertificateDomains(cert: CertInfo, configuredDomains: string | string[] | null | undefined): string[] {
|
||||
const configured = this.normalizeStringList(configuredDomains)
|
||||
.map((value) => String(value).trim())
|
||||
.filter(Boolean);
|
||||
|
||||
if (configured.length > 0) {
|
||||
return Array.from(new Set(configured));
|
||||
}
|
||||
|
||||
return new CertReader(cert).getAllDomains();
|
||||
}
|
||||
|
||||
private buildProxyHostLabel(host: ProxyHost): string {
|
||||
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
|
||||
return `${domains} <#${host.id}>`;
|
||||
}
|
||||
|
||||
private hasAnyCertDomainMatch(host: ProxyHost, certDomains: string[]): boolean {
|
||||
if (!certDomains.length) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const hostDomains = host.domain_names ?? [];
|
||||
return hostDomains.some((hostDomain) =>
|
||||
certDomains.some((certDomain) => this.isDomainMatch(hostDomain, certDomain))
|
||||
);
|
||||
}
|
||||
|
||||
private buildProxyHostOptions(hosts: ProxyHost[], certDomains: string[]) {
|
||||
const sortedHosts = [...hosts].sort((left, right) => {
|
||||
return this.buildProxyHostLabel(left).localeCompare(this.buildProxyHostLabel(right));
|
||||
});
|
||||
|
||||
const matched: { label: string; value: string; domain: string }[] = [];
|
||||
const unmatched: { label: string; value: string; domain: string }[] = [];
|
||||
|
||||
for (const host of sortedHosts) {
|
||||
const option = {
|
||||
label: this.buildProxyHostLabel(host),
|
||||
value: String(host.id),
|
||||
domain: host.domain_names?.[0] ?? "",
|
||||
};
|
||||
|
||||
if (this.hasAnyCertDomainMatch(host, certDomains)) {
|
||||
matched.push(option);
|
||||
} else {
|
||||
unmatched.push(option);
|
||||
}
|
||||
}
|
||||
|
||||
if (matched.length && unmatched.length) {
|
||||
return [
|
||||
{
|
||||
label: "匹配证书域名的主机",
|
||||
options: matched,
|
||||
},
|
||||
{
|
||||
label: "其他代理主机",
|
||||
options: unmatched,
|
||||
},
|
||||
];
|
||||
}
|
||||
|
||||
return matched.length ? matched : unmatched;
|
||||
}
|
||||
|
||||
private normalizeProxyHostIds(proxyHostIds: string | string[] | number | null | undefined): number[] {
|
||||
return Array.from(
|
||||
new Set(
|
||||
this.normalizeStringList(proxyHostIds as string | string[] | null | undefined)
|
||||
.map((value) => Number.parseInt(String(value), 10))
|
||||
.filter((value) => Number.isInteger(value) && value > 0)
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
private certificateHasBindings(certificate: { proxy_hosts?: unknown[]; redirection_hosts?: unknown[]; dead_hosts?: unknown[]; streams?: unknown[] }): boolean {
|
||||
return (
|
||||
(certificate.proxy_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.dead_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.streams?.length ?? 0) > 0
|
||||
);
|
||||
}
|
||||
|
||||
async execute(): Promise<void> {
|
||||
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
|
||||
const proxyHostIds = this.normalizeProxyHostIds(this.proxyHostIds);
|
||||
|
||||
if (proxyHostIds.length === 0) {
|
||||
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
|
||||
}
|
||||
|
||||
const certificateLabel =
|
||||
this.certificateLabel?.trim() || this.buildDefaultCertificateLabel(this.cert);
|
||||
const certificateDomains = this.resolveCertificateDomains(this.cert, this.certDomains);
|
||||
|
||||
let certificate = await access.findCustomCertificateByNiceName(certificateLabel);
|
||||
if (!certificate) {
|
||||
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
|
||||
certificate = await access.createCustomCertificate(certificateLabel, certificateDomains);
|
||||
} else {
|
||||
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
|
||||
}
|
||||
|
||||
await access.uploadCertificate(certificate.id, {
|
||||
certificate: this.cert.crt,
|
||||
certificateKey: this.cert.key,
|
||||
intermediateCertificate: this.cert.ic,
|
||||
});
|
||||
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
|
||||
|
||||
for (const proxyHostId of proxyHostIds) {
|
||||
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
|
||||
try {
|
||||
await access.assignCertificateToProxyHost(proxyHostId, certificate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (this.cleanupMatchingCertificates === true) {
|
||||
await this.cleanupOldCertificates(access, certificate.id);
|
||||
}
|
||||
|
||||
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
|
||||
}
|
||||
|
||||
async onGetProxyHostOptions(req: { searchKey?: string } = {}): Promise<ProxyHostOption[] | { label: string; options: ProxyHostOption[] }[]> {
|
||||
if (!this.accessId) {
|
||||
throw new Error("请先选择 Nginx Proxy Manager 授权");
|
||||
}
|
||||
|
||||
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
|
||||
const proxyHosts = await access.getProxyHostList(req);
|
||||
return this.buildProxyHostOptions(proxyHosts, this.normalizeStringList(this.certDomains));
|
||||
}
|
||||
|
||||
private async cleanupOldCertificates(access: NginxProxyManagerAccess, currentCertificateId: number): Promise<void> {
|
||||
const certificates = await access.getCertificatesWithExpand(undefined, [
|
||||
"proxy_hosts",
|
||||
"redirection_hosts",
|
||||
"dead_hosts",
|
||||
"streams",
|
||||
]);
|
||||
const candidates = certificates.filter((certificate) => {
|
||||
return certificate.id !== currentCertificateId;
|
||||
});
|
||||
|
||||
if (candidates.length === 0) {
|
||||
this.logger.info("未发现可自动清理的旧证书");
|
||||
return;
|
||||
}
|
||||
|
||||
const deletedIds: number[] = [];
|
||||
const skippedInUse: string[] = [];
|
||||
const failedDeletes: string[] = [];
|
||||
|
||||
for (const candidate of candidates) {
|
||||
if (this.certificateHasBindings(candidate)) {
|
||||
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
|
||||
continue;
|
||||
}
|
||||
|
||||
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
|
||||
try {
|
||||
await access.deleteCertificate(candidate.id);
|
||||
deletedIds.push(candidate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (deletedIds.length > 0) {
|
||||
this.logger.info(
|
||||
`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds
|
||||
.map((id) => `#${id}`)
|
||||
.join(", ")}`
|
||||
);
|
||||
} else {
|
||||
this.logger.info("未删除任何旧证书");
|
||||
}
|
||||
|
||||
if (skippedInUse.length > 0) {
|
||||
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
|
||||
}
|
||||
|
||||
if (failedDeletes.length > 0) {
|
||||
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
new NginxProxyManagerDeploy();
|
||||
@@ -0,0 +1,182 @@
|
||||
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
|
||||
import { DomainRecord } from '@certd/plugin-lib';
|
||||
|
||||
/**
|
||||
* Technitium DNS Server 授权配置
|
||||
*/
|
||||
@IsAccess({
|
||||
name: 'technitium',
|
||||
title: 'Technitium DNS Server',
|
||||
icon: 'clarity:server-line',
|
||||
desc: 'Technitium DNS Server 自建DNS服务器授权',
|
||||
})
|
||||
export class TechnitiumAccess extends BaseAccess {
|
||||
|
||||
/**
|
||||
* API地址
|
||||
*/
|
||||
@AccessInput({
|
||||
title: 'API地址',
|
||||
value: 'http://localhost:5380',
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: 'http://localhost:5380',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
apiUrl = 'http://localhost:5380';
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* 用户名
|
||||
*/
|
||||
@AccessInput({
|
||||
title: '用户名',
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: 'admin',
|
||||
},
|
||||
required: false,
|
||||
})
|
||||
username = 'admin';
|
||||
|
||||
/**
|
||||
* 密码
|
||||
*/
|
||||
@AccessInput({
|
||||
title: '密码',
|
||||
component: {
|
||||
name: "a-input",
|
||||
type: "password",
|
||||
allowClear: true,
|
||||
placeholder: '密码',
|
||||
},
|
||||
required: false,
|
||||
encrypt: true,
|
||||
})
|
||||
password = '';
|
||||
|
||||
/**
|
||||
* 测试按钮
|
||||
*/
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
name: "api-test",
|
||||
action: "TestRequest"
|
||||
},
|
||||
helper: "点击测试接口是否正常"
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
token = '';
|
||||
|
||||
/**
|
||||
* 通用API调用方法
|
||||
*/
|
||||
async doRequest(options: { url: string; method: 'get' | 'post'; params?: URLSearchParams }) {
|
||||
// 每次请求前都获取最新的token
|
||||
if (!options.url.includes('/api/user/login')) {
|
||||
await this.getToken();
|
||||
}
|
||||
|
||||
// 复制参数并添加token
|
||||
const params = new URLSearchParams(options.params || '');
|
||||
if (this.token && !options.url.includes('/api/user/login')) {
|
||||
params.append('token', this.token);
|
||||
}
|
||||
|
||||
let fullUrl = options.url;
|
||||
if (params.toString()) {
|
||||
fullUrl = `${options.url}?${params.toString()}`;
|
||||
}
|
||||
|
||||
const response = await this.ctx.http.request({
|
||||
url: fullUrl,
|
||||
method: options.method,
|
||||
});
|
||||
|
||||
if (response.status !== 'ok') {
|
||||
throw new Error(`${response.errorMessage || 'API调用失败'}`);
|
||||
}
|
||||
|
||||
return response;
|
||||
}
|
||||
|
||||
/**
|
||||
* 测试API连接
|
||||
*/
|
||||
async onTestRequest() {
|
||||
// 测试获取区域列表
|
||||
await this.GetDomainList({});
|
||||
return "连接成功";
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名列表
|
||||
*/
|
||||
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
|
||||
const pager = new Pager(req);
|
||||
|
||||
// 规范API地址
|
||||
this.apiUrl = this.normalizeEndpoint(this.apiUrl);
|
||||
|
||||
// 构建API URL
|
||||
const apiUrl = `${this.apiUrl}/api/zones/list`;
|
||||
|
||||
// 构建查询参数
|
||||
const params = new URLSearchParams();
|
||||
|
||||
// 调用API获取区域列表
|
||||
const response = await this.doRequest({ url: apiUrl, method: 'get', params: params });
|
||||
|
||||
const zones = response.response.zones || [];
|
||||
const total = zones.length;
|
||||
|
||||
// 转换为DomainRecord格式
|
||||
let list = zones.map((zone: any) => ({
|
||||
id: zone.name,
|
||||
domain: zone.name,
|
||||
}));
|
||||
|
||||
// 应用分页
|
||||
list = list.slice(pager.getOffset(), pager.getOffset() + pager.pageSize);
|
||||
|
||||
return {
|
||||
total,
|
||||
list
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取API Token
|
||||
*/
|
||||
async getToken() {
|
||||
const apiUrl = `${this.apiUrl}/api/user/login`;
|
||||
|
||||
const params = new URLSearchParams({
|
||||
user: this.username,
|
||||
pass: this.password,
|
||||
});
|
||||
|
||||
// 直接使用ctx.http.request,避免递归调用doRequest
|
||||
const response = await this.ctx.http.request({
|
||||
url: `${apiUrl}?${params.toString()}`,
|
||||
method: 'post',
|
||||
});
|
||||
|
||||
if (response.status !== 'ok') {
|
||||
throw new Error(`登录失败: ${response.errorMessage || '未知错误'}`);
|
||||
}
|
||||
|
||||
this.token = response.token;
|
||||
return this.token;
|
||||
}
|
||||
|
||||
}
|
||||