mirror of
https://github.com/certd/certd.git
synced 2026-07-16 18:57:32 +08:00
Compare commits
26 Commits
v1.39.10
...
cc5154e04e
| Author | SHA1 | Date | |
|---|---|---|---|
| cc5154e04e | |||
| 77db5ecd12 | |||
| 7ac789c9c7 | |||
| 24dff05f64 | |||
| 64a350364d | |||
| 11b7cfe5cb | |||
| 71cfcad2a1 | |||
| ab4373b26e | |||
| d23ddc96ac | |||
| 147708e779 | |||
| dc969dd7ed | |||
| ef7d1d9327 | |||
| 2e6e9ed925 | |||
| 296dcab4c7 | |||
| f9e1c46c45 | |||
| 94fd5bd7ec | |||
| eb6ca96e85 | |||
| a2bbc7e272 | |||
| f075a991f0 | |||
| edeb817c39 | |||
| 23b4658672 | |||
| 5f95ee987f | |||
| cc73f156a7 | |||
| ee72d10718 | |||
| 831871d37f | |||
| 6072550ec1 |
@@ -145,6 +145,20 @@ async doRequest(req: { action: string, data?: any }) {
|
|||||||
utils: typeof utils;
|
utils: typeof utils;
|
||||||
accessService: IAccessService;
|
accessService: IAccessService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// this.ctx.http 只有request方法
|
||||||
|
// 方法参数
|
||||||
|
export type HttpRequestConfig<D = any> = {
|
||||||
|
skipSslVerify?: boolean;
|
||||||
|
skipCheckRes?: boolean;
|
||||||
|
logParams?: boolean;
|
||||||
|
logRes?: boolean;
|
||||||
|
logData?: boolean;
|
||||||
|
httpProxy?: string;
|
||||||
|
returnOriginRes?: boolean;
|
||||||
|
} & AxiosRequestConfig<D>;
|
||||||
|
|
||||||
|
|
||||||
*/
|
*/
|
||||||
const res = await this.ctx.http.request({
|
const res = await this.ctx.http.request({
|
||||||
url: "https://api.demo.cn/api/",
|
url: "https://api.demo.cn/api/",
|
||||||
|
|||||||
@@ -105,6 +105,28 @@ async removeRecord(options: RemoveRecordOptions<DemoRecord>): Promise<void> {
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### 6. 实现 getDomainListPage 方法
|
||||||
|
```typescript
|
||||||
|
/**
|
||||||
|
* 实现获取域名列表
|
||||||
|
*/
|
||||||
|
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||||
|
const pager = new Pager(req);
|
||||||
|
const res = await this.http.request({
|
||||||
|
// 请求接口获取域名列表
|
||||||
|
})
|
||||||
|
const list = res.Domains?.map(item => ({
|
||||||
|
id: item.Id,
|
||||||
|
domain: item.DomainName,
|
||||||
|
})) || []
|
||||||
|
|
||||||
|
return {
|
||||||
|
list,
|
||||||
|
total: res.Total,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
### 6. 实例化插件
|
### 6. 实例化插件
|
||||||
|
|
||||||
```typescript
|
```typescript
|
||||||
@@ -204,11 +226,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
|||||||
|
|
||||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 实现获取域名列表
|
||||||
|
*/
|
||||||
|
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||||
|
const pager = new Pager(req);
|
||||||
|
const res = await this.http.request({
|
||||||
|
// 请求接口获取域名列表
|
||||||
|
})
|
||||||
|
const list = res.Domains?.map(item => ({
|
||||||
|
id: item.Id,
|
||||||
|
domain: item.DomainName,
|
||||||
|
})) || []
|
||||||
|
|
||||||
|
return {
|
||||||
|
list,
|
||||||
|
total: res.Total,
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 实例化这个 provider,将其自动注册到系统中
|
// 实例化这个 provider,将其自动注册到系统中
|
||||||
if (isDev()) {
|
new DemoDnsProvider();
|
||||||
// 你的实现 要去掉这个 if,不然生产环境将不会显示
|
|
||||||
new DemoDnsProvider();
|
|
||||||
}
|
|
||||||
```
|
```
|
||||||
@@ -95,7 +95,15 @@ https://certd.handfree.work/
|
|||||||
3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
|
3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
|
||||||
4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) : 首充翻倍,每月仅需2.2元
|
4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) : 首充翻倍,每月仅需2.2元
|
||||||
[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
|
[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
|
||||||
5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
|
|
||||||
|
5. 【推荐】[一键安装脚本](https://certd.docmirror.cn/guide/install/docker/)(自动安装 Docker,Certd):
|
||||||
|
```bash
|
||||||
|
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
|
||||||
|
```
|
||||||
|
|
||||||
|
6. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#### Docker镜像说明:
|
#### Docker镜像说明:
|
||||||
* 国内镜像地址:
|
* 国内镜像地址:
|
||||||
|
|||||||
@@ -0,0 +1,340 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
CERTD_VERSION="${CERTD_VERSION:-latest}"
|
||||||
|
INSTALL_DIR="${INSTALL_DIR:-/opt/certd}"
|
||||||
|
COMPOSE_FILE_URL="https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml"
|
||||||
|
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
|
||||||
|
|
||||||
|
DOCKER_MIRROR="https://mirrors.aliyun.com"
|
||||||
|
|
||||||
|
RED='\033[0;31m'
|
||||||
|
GREEN='\033[0;32m'
|
||||||
|
YELLOW='\033[1;33m'
|
||||||
|
NC='\033[0m'
|
||||||
|
|
||||||
|
log_info() {
|
||||||
|
echo -e "${GREEN}[INFO]${NC} $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
log_warn() {
|
||||||
|
echo -e "${YELLOW}[WARN]${NC} $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
log_error() {
|
||||||
|
echo -e "${RED}[ERROR]${NC} $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
check_command() {
|
||||||
|
command -v "$1" >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
get_local_ip() {
|
||||||
|
LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | grep -oP 'src \K[^ ]+' | head -1)
|
||||||
|
if [ -z "$LOCAL_IP" ]; then
|
||||||
|
LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
|
||||||
|
fi
|
||||||
|
if [ -z "$LOCAL_IP" ]; then
|
||||||
|
LOCAL_IP="127.0.0.1"
|
||||||
|
fi
|
||||||
|
echo "$LOCAL_IP"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_public_ip() {
|
||||||
|
PUBLIC_IP=$(curl -s --max-time 5 https://api.ipify.org 2>/dev/null)
|
||||||
|
if [ -z "$PUBLIC_IP" ]; then
|
||||||
|
PUBLIC_IP=$(curl -s --max-time 5 https://checkip.amazonaws.com 2>/dev/null)
|
||||||
|
fi
|
||||||
|
if [ -z "$PUBLIC_IP" ]; then
|
||||||
|
PUBLIC_IP=""
|
||||||
|
fi
|
||||||
|
echo "$PUBLIC_IP"
|
||||||
|
}
|
||||||
|
|
||||||
|
show_access_urls() {
|
||||||
|
LOCAL_IP=$(get_local_ip)
|
||||||
|
PUBLIC_IP=$(get_public_ip)
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "=========================================="
|
||||||
|
log_info "安装完成!"
|
||||||
|
echo "=========================================="
|
||||||
|
echo ""
|
||||||
|
echo "访问地址:"
|
||||||
|
if [ -n "$PUBLIC_IP" ]; then
|
||||||
|
echo -e " ${GREEN}外网访问:${NC} http://$PUBLIC_IP:7001"
|
||||||
|
fi
|
||||||
|
echo -e " ${GREEN}局域网:${NC} http://$LOCAL_IP:7001"
|
||||||
|
echo ""
|
||||||
|
echo "配置文件: $COMPOSE_FILE"
|
||||||
|
echo ""
|
||||||
|
echo "常用命令:"
|
||||||
|
echo " cd $INSTALL_DIR"
|
||||||
|
echo " docker compose logs -f # 查看日志"
|
||||||
|
echo " docker compose restart # 重启服务"
|
||||||
|
echo " docker compose down # 停止服务"
|
||||||
|
echo ""
|
||||||
|
}
|
||||||
|
|
||||||
|
detect_os() {
|
||||||
|
if [ -f /etc/os-release ]; then
|
||||||
|
. /etc/os-release
|
||||||
|
OS=$ID
|
||||||
|
VER=$VERSION_ID
|
||||||
|
elif [ -f /etc/centos-release ]; then
|
||||||
|
OS="centos"
|
||||||
|
elif [ -f /etc/redhat-release ]; then
|
||||||
|
OS="rhel"
|
||||||
|
else
|
||||||
|
OS="unknown"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_docker() {
|
||||||
|
if check_command docker; then
|
||||||
|
DOCKER_VERSION=$(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',')
|
||||||
|
log_info "Docker 已安装: $DOCKER_VERSION"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
log_warn "Docker 未安装"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_docker_compose() {
|
||||||
|
if check_command docker-compose; then
|
||||||
|
COMPOSE_VERSION=$(docker-compose --version 2>/dev/null | awk '{print $3}' | tr -d ',')
|
||||||
|
log_info "Docker Compose 已安装: $COMPOSE_VERSION"
|
||||||
|
return 0
|
||||||
|
elif docker compose version >/dev/null 2>&1; then
|
||||||
|
log_info "Docker Compose (插件版) 已安装"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
log_warn "Docker Compose 未安装"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
install_docker_ubuntu() {
|
||||||
|
log_info "正在安装 Docker (Ubuntu/Debian)..."
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y ca-certificates curl gnupg lsb-release
|
||||||
|
|
||||||
|
mkdir -p /etc/apt/keyrings
|
||||||
|
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
|
||||||
|
curl -fsSL https://download.docker.com/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||||
|
|
||||||
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/${OS} $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||||
|
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||||
|
systemctl enable docker
|
||||||
|
systemctl start docker
|
||||||
|
|
||||||
|
log_info "Docker 安装完成"
|
||||||
|
}
|
||||||
|
|
||||||
|
install_docker_centos() {
|
||||||
|
log_info "正在安装 Docker (CentOS/RHEL)..."
|
||||||
|
yum install -y yum-utils
|
||||||
|
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
|
||||||
|
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||||
|
systemctl enable docker
|
||||||
|
systemctl start docker
|
||||||
|
|
||||||
|
log_info "Docker 安装完成"
|
||||||
|
}
|
||||||
|
|
||||||
|
install_dockerrocky() {
|
||||||
|
log_info "正在安装 Docker (Rocky Linux/AlmaLinux)..."
|
||||||
|
dnf install -y yum-utils
|
||||||
|
dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
|
||||||
|
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||||
|
systemctl enable docker
|
||||||
|
systemctl start docker
|
||||||
|
|
||||||
|
log_info "Docker 安装完成"
|
||||||
|
}
|
||||||
|
|
||||||
|
install_docker_debian() {
|
||||||
|
log_info "正在安装 Docker (Debian)..."
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y ca-certificates curl gnupg2
|
||||||
|
|
||||||
|
mkdir -p /etc/apt/keyrings
|
||||||
|
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
|
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg
|
||||||
|
|
||||||
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
|
||||||
|
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||||
|
systemctl enable docker
|
||||||
|
systemctl start docker
|
||||||
|
|
||||||
|
log_info "Docker 安装完成"
|
||||||
|
}
|
||||||
|
|
||||||
|
install_docker() {
|
||||||
|
detect_os
|
||||||
|
log_info "检测到操作系统: $OS"
|
||||||
|
|
||||||
|
case $OS in
|
||||||
|
ubuntu)
|
||||||
|
install_docker_ubuntu
|
||||||
|
;;
|
||||||
|
debian)
|
||||||
|
install_docker_debian
|
||||||
|
;;
|
||||||
|
centos)
|
||||||
|
install_docker_centos
|
||||||
|
;;
|
||||||
|
rhel|rocky|almalinux)
|
||||||
|
install_dockerrocky
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
log_error "不支持的操作系统: $OS"
|
||||||
|
log_info "请手动安装 Docker"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
install_docker_compose_standalone() {
|
||||||
|
log_info "正在安装 Docker Compose (独立版本)..."
|
||||||
|
|
||||||
|
COMPOSE_URLS=(
|
||||||
|
"https://get.daocloud.io/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||||
|
"https://mirror.sjtu.edu.cn/github/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||||
|
"https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||||
|
)
|
||||||
|
|
||||||
|
for url in "${COMPOSE_URLS[@]}"; do
|
||||||
|
log_info "尝试从: $url"
|
||||||
|
if curl -L "$url" -o /usr/local/bin/docker-compose 2>/dev/null; then
|
||||||
|
chmod +x /usr/local/bin/docker-compose
|
||||||
|
log_info "Docker Compose 安装完成"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
log_warn "下载失败,尝试下一个源..."
|
||||||
|
done
|
||||||
|
|
||||||
|
log_error "Docker Compose 安装失败"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
install_docker_compose() {
|
||||||
|
if check_command docker && docker compose version >/dev/null 2>&1; then
|
||||||
|
log_info "Docker Compose 插件已可用"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if check_command docker-compose; then
|
||||||
|
log_info "Docker Compose 独立版本已安装"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
install_docker_compose_standalone
|
||||||
|
}
|
||||||
|
|
||||||
|
download_compose_file() {
|
||||||
|
log_info "正在下载 docker-compose.yaml..."
|
||||||
|
mkdir -p "$INSTALL_DIR"
|
||||||
|
|
||||||
|
if curl -fsSL "$COMPOSE_FILE_URL" -o "$COMPOSE_FILE.tmp"; then
|
||||||
|
mv "$COMPOSE_FILE.tmp" "$COMPOSE_FILE"
|
||||||
|
log_info "docker-compose.yaml 已下载到 $COMPOSE_FILE"
|
||||||
|
|
||||||
|
if [ "$CERTD_VERSION" != "latest" ]; then
|
||||||
|
sed -i "s|certd:latest|certd:$CERTD_VERSION|g" "$COMPOSE_FILE"
|
||||||
|
log_info "已修改镜像版本为: $CERTD_VERSION"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
log_error "下载失败,请检查网络连接"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
start_certd() {
|
||||||
|
log_info "正在启动 Certd 容器..."
|
||||||
|
cd "$INSTALL_DIR"
|
||||||
|
|
||||||
|
if docker compose -f "$COMPOSE_FILE" up -d 2>/dev/null; then
|
||||||
|
log_info "Certd 启动成功!"
|
||||||
|
elif docker-compose -f "$COMPOSE_FILE" up -d; then
|
||||||
|
log_info "Certd 启动成功!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
sleep 2
|
||||||
|
docker ps --filter "name=certd" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
|
||||||
|
}
|
||||||
|
|
||||||
|
show_usage() {
|
||||||
|
echo "用法: $0 [选项]"
|
||||||
|
echo ""
|
||||||
|
echo "选项:"
|
||||||
|
echo " -v, --version VERSION 指定 Certd 版本 (默认: latest)"
|
||||||
|
echo " -p, --path PATH 指定安装路径 (默认: /opt/certd)"
|
||||||
|
echo " -h, --help 显示帮助信息"
|
||||||
|
echo ""
|
||||||
|
echo "示例:"
|
||||||
|
echo " $0 # 使用默认配置安装"
|
||||||
|
echo " $0 -v 1.29.0 # 安装指定版本"
|
||||||
|
echo " $0 -p /data/certd # 安装到指定目录"
|
||||||
|
}
|
||||||
|
|
||||||
|
main() {
|
||||||
|
echo "=========================================="
|
||||||
|
echo " Certd 一键安装脚本"
|
||||||
|
echo "=========================================="
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case $1 in
|
||||||
|
-v|--version)
|
||||||
|
CERTD_VERSION="$2"
|
||||||
|
shift 2
|
||||||
|
;;
|
||||||
|
-p|--path)
|
||||||
|
INSTALL_DIR="$2"
|
||||||
|
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
|
||||||
|
shift 2
|
||||||
|
;;
|
||||||
|
-h|--help)
|
||||||
|
show_usage
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
log_error "未知选项: $1"
|
||||||
|
show_usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
log_info "Certd 版本: $CERTD_VERSION"
|
||||||
|
log_info "安装路径: $INSTALL_DIR"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
DOCKER_INSTALLED=true
|
||||||
|
COMPOSE_INSTALLED=true
|
||||||
|
|
||||||
|
if ! check_docker; then
|
||||||
|
echo ""
|
||||||
|
log_info "正在安装 Docker..."
|
||||||
|
install_docker
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! check_docker_compose; then
|
||||||
|
echo ""
|
||||||
|
log_info "正在安装 Docker Compose..."
|
||||||
|
install_docker_compose
|
||||||
|
fi
|
||||||
|
|
||||||
|
download_compose_file
|
||||||
|
start_certd
|
||||||
|
|
||||||
|
show_access_urls
|
||||||
|
}
|
||||||
|
|
||||||
|
main "$@"
|
||||||
@@ -3,6 +3,25 @@
|
|||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this file.
|
||||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||||
|
|
||||||
|
## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
|
||||||
|
* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
|
||||||
|
* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
|
||||||
|
* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
|
||||||
|
* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
|
||||||
|
|
||||||
|
### Performance Improvements
|
||||||
|
|
||||||
|
* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
|
||||||
|
* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
|
||||||
|
* 流水线修改编辑之后,增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
|
||||||
|
* 修复检查全部某些情况下无效的bug,优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
|
||||||
|
* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
|
||||||
|
* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
|
||||||
|
|
||||||
## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
|
## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
|
||||||
|
|
||||||
### Bug Fixes
|
### Bug Fixes
|
||||||
|
|||||||
@@ -2,7 +2,23 @@
|
|||||||
|
|
||||||
## 一、安装
|
## 一、安装
|
||||||
|
|
||||||
### 1. 环境准备
|
### 一键脚本安装(推荐)
|
||||||
|
|
||||||
|
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
|
||||||
|
|
||||||
|
```bash
|
||||||
|
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
|
||||||
|
```
|
||||||
|
|
||||||
|
> 支持 Ubuntu、Debian、CentOS、Rocky Linux、AlmaLinux 等主流发行版。
|
||||||
|
> docker-compose文件目录:`/opt/certd` ,升级时需要先进入此目录
|
||||||
|
> 运行时数据默认保存路径:`/data/certd` ,可使用参数指定:`-p /data/certd`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
### 手动安装
|
||||||
|
|
||||||
|
#### 1. 环境准备
|
||||||
|
|
||||||
1.1 准备一台云服务器
|
1.1 准备一台云服务器
|
||||||
|
|
||||||
@@ -19,9 +35,9 @@ https://docs.docker.com/engine/install/
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
# 随便创建一个目录
|
# 随便创建一个目录
|
||||||
mkdir certd
|
mkdir /opt/certd
|
||||||
# 进入目录
|
# 进入目录
|
||||||
cd certd
|
cd /opt/certd
|
||||||
# 下载docker-compose.yaml文件,或者手动下载放到certd目录下
|
# 下载docker-compose.yaml文件,或者手动下载放到certd目录下
|
||||||
wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
|
wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
|
||||||
|
|
||||||
@@ -54,12 +70,12 @@ https://your_server_ip:7002
|
|||||||
记得修改密码
|
记得修改密码
|
||||||
|
|
||||||
|
|
||||||
## 二、升级
|
## 二、升级Certd
|
||||||
|
|
||||||
::: warning
|
::: warning
|
||||||
如果您是第一次升级certd版本,切记切记先备份一下数据
|
如果您是第一次升级certd版本,切记切记先备份一下数据
|
||||||
```
|
```
|
||||||
# docker-compose.yaml配置
|
# 查看/opt/certd/docker-compose.yaml配置
|
||||||
- /data/certd:/app/data # 请务必确保 /app/data 这个路径没有改动,固定写死
|
- /data/certd:/app/data # 请务必确保 /app/data 这个路径没有改动,固定写死
|
||||||
```
|
```
|
||||||
:::
|
:::
|
||||||
@@ -71,6 +87,7 @@ https://your_server_ip:7002
|
|||||||
|
|
||||||
### 如果使用`latest`版本
|
### 如果使用`latest`版本
|
||||||
```shell
|
```shell
|
||||||
|
cd /opt/certd
|
||||||
#重新拉取镜像
|
#重新拉取镜像
|
||||||
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
|
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
|
||||||
# 重新启动容器
|
# 重新启动容器
|
||||||
|
|||||||
@@ -36,45 +36,48 @@
|
|||||||
| 32.| **Gcore** | Gcore |
|
| 32.| **Gcore** | Gcore |
|
||||||
| 33.| **Github授权** | |
|
| 33.| **Github授权** | |
|
||||||
| 34.| **godaddy授权** | |
|
| 34.| **godaddy授权** | |
|
||||||
| 35.| **金山云授权** | |
|
| 35.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
|
||||||
| 36.| **FTP授权** | |
|
| 36.| **金山云授权** | |
|
||||||
| 37.| **七牛OSS授权** | |
|
| 37.| **FTP授权** | |
|
||||||
| 38.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
| 38.| **七牛OSS授权** | |
|
||||||
| 39.| **s3/minio授权** | S3/minio oss授权 |
|
| 39.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
||||||
| 40.| **namesilo授权** | |
|
| 40.| **s3/minio授权** | S3/minio oss授权 |
|
||||||
| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
| 41.| **namesilo授权** | |
|
||||||
| 42.| **1panel授权** | 账号和密码 |
|
| 42.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
||||||
| 43.| **支付宝** | |
|
| 43.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
|
||||||
| 44.| **白山云授权** | |
|
| 44.| **1panel授权** | 账号和密码 |
|
||||||
| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
| 45.| **支付宝** | |
|
||||||
| 46.| **cdnfly授权** | |
|
| 46.| **白山云授权** | |
|
||||||
| 47.| **k8s授权** | |
|
| 47.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
||||||
| 48.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
| 48.| **cdnfly授权** | |
|
||||||
| 49.| **LeCDN授权** | |
|
| 49.| **k8s授权** | |
|
||||||
| 50.| **lucky** | |
|
| 50.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||||
| 51.| **猫云授权** | |
|
| 51.| **LeCDN授权** | |
|
||||||
| 52.| **plesk授权** | |
|
| 52.| **lucky** | |
|
||||||
| 53.| **长亭雷池授权** | |
|
| 53.| **猫云授权** | |
|
||||||
| 54.| **群晖登录授权** | |
|
| 54.| **plesk授权** | |
|
||||||
| 55.| **uniCloud** | unicloud授权 |
|
| 55.| **长亭雷池授权** | |
|
||||||
| 56.| **微信支付** | |
|
| 56.| **群晖登录授权** | |
|
||||||
| 57.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
| 57.| **uniCloud** | unicloud授权 |
|
||||||
| 58.| **易发云短信** | sms.yfyidc.cn/ |
|
| 58.| **微信支付** | |
|
||||||
| 59.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
| 59.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||||
| 60.| **易支付** | |
|
| 60.| **易发云短信** | sms.yfyidc.cn/ |
|
||||||
| 61.| **proxmox** | |
|
| 61.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
||||||
| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
| 62.| **易支付** | |
|
||||||
| 63.| **UCloud授权** | 优刻得授权 |
|
| 63.| **proxmox** | |
|
||||||
| 64.| **又拍云** | |
|
| 64.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
||||||
| 65.| **网宿授权** | |
|
| 65.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
|
||||||
| 66.| **西部数码授权** | |
|
| 66.| **UCloud授权** | 优刻得授权 |
|
||||||
| 67.| **我爱云授权** | 我爱云CDN |
|
| 67.| **又拍云** | |
|
||||||
| 68.| **新网授权(代理方式)** | |
|
| 68.| **网宿授权** | |
|
||||||
| 69.| **新网授权** | |
|
| 69.| **西部数码授权** | |
|
||||||
| 70.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
| 70.| **我爱云授权** | 我爱云CDN |
|
||||||
| 71.| **Zenlayer授权** | Zenlayer授权 |
|
| 71.| **新网授权(代理方式)** | |
|
||||||
| 72.| **GoEdge授权** | |
|
| 72.| **新网授权** | |
|
||||||
| 73.| **雨云授权** | https://app.rainyun.com/ |
|
| 73.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
||||||
|
| 74.| **Zenlayer授权** | Zenlayer授权 |
|
||||||
|
| 75.| **GoEdge授权** | |
|
||||||
|
| 76.| **雨云授权** | https://app.rainyun.com/ |
|
||||||
|
|
||||||
<style module>
|
<style module>
|
||||||
table th:first-of-type {
|
table th:first-of-type {
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
# 任务插件
|
# 任务插件
|
||||||
共 `129` 款任务插件
|
共 `130` 款任务插件
|
||||||
## 1. 证书申请
|
## 1. 证书申请
|
||||||
|
|
||||||
| 序号 | 名称 | 说明 |
|
| 序号 | 名称 | 说明 |
|
||||||
@@ -58,25 +58,26 @@
|
|||||||
| 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 |
|
| 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 |
|
||||||
| 4.| **飞牛NAS-部署证书** | |
|
| 4.| **飞牛NAS-部署证书** | |
|
||||||
| 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 |
|
| 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 |
|
||||||
| 6.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
|
| 6.| **Nginx Proxy Manager-部署到主机** | 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。 |
|
||||||
| 7.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
|
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
|
||||||
| 8.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
|
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
|
||||||
| 9.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
|
||||||
| 10.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
||||||
| 11.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
||||||
| 12.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
||||||
| 13.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
||||||
| 14.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
||||||
| 15.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
||||||
| 16.| **lucky-更新Lucky证书** | |
|
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
||||||
| 17.| **Plesk-部署Plesk网站证书** | |
|
| 17.| **lucky-更新Lucky证书** | |
|
||||||
| 18.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
| 18.| **Plesk-部署Plesk网站证书** | |
|
||||||
| 19.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
||||||
| 20.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
||||||
| 21.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
||||||
| 22.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
||||||
| 23.| **Proxmox-上传证书到Proxmox** | |
|
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
||||||
| 24.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
| 24.| **Proxmox-上传证书到Proxmox** | |
|
||||||
|
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
||||||
## 5. 阿里云
|
## 5. 阿里云
|
||||||
|
|
||||||
| 序号 | 名称 | 说明 |
|
| 序号 | 名称 | 说明 |
|
||||||
|
|||||||
@@ -13,17 +13,19 @@
|
|||||||
| 9.| **cloudflare** | cloudflare dns provider |
|
| 9.| **cloudflare** | cloudflare dns provider |
|
||||||
| 10.| **dns.la** | dns.la |
|
| 10.| **dns.la** | dns.la |
|
||||||
| 11.| **godaddy** | GoDaddy |
|
| 11.| **godaddy** | GoDaddy |
|
||||||
| 12.| **华为云** | 华为云DNS解析提供商 |
|
| 12.| **HiPM DNSMgr** | HiPM DNSMgr DNS 解析提供商 |
|
||||||
| 13.| **namesilo** | namesilo dns provider |
|
| 13.| **华为云** | 华为云DNS解析提供商 |
|
||||||
| 14.| **雨云** | 雨云DNS解析提供商 |
|
| 14.| **namesilo** | namesilo dns provider |
|
||||||
| 15.| **腾讯云** | 腾讯云域名DNS解析提供者 |
|
| 15.| **雨云** | 雨云DNS解析提供商 |
|
||||||
| 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
|
| 16.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器 |
|
||||||
| 17.| **西部数码** | west dns provider |
|
| 17.| **腾讯云** | 腾讯云域名DNS解析提供者 |
|
||||||
| 18.| **Dns提供商Demo** | dns provider示例 |
|
| 18.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
|
||||||
| 19.| **彩虹DNS** | 彩虹DNS管理系统 |
|
| 19.| **西部数码** | west dns provider |
|
||||||
| 20.| **Spaceship** | Spaceship 域名解析 |
|
| 20.| **Dns提供商Demo** | dns provider示例 |
|
||||||
| 21.| **51dns** | 51DNS |
|
| 21.| **彩虹DNS** | 彩虹DNS管理系统 |
|
||||||
| 22.| **新网互联** | 新网互联 |
|
| 22.| **Spaceship** | Spaceship 域名解析 |
|
||||||
|
| 23.| **51dns** | 51DNS |
|
||||||
|
| 24.| **新网互联** | 新网互联 |
|
||||||
|
|
||||||
<style module>
|
<style module>
|
||||||
table th:first-of-type {
|
table th:first-of-type {
|
||||||
|
|||||||
@@ -70,5 +70,5 @@
|
|||||||
"bugs": {
|
"bugs": {
|
||||||
"url": "https://github.com/publishlab/node-acme-client/issues"
|
"url": "https://github.com/publishlab/node-acme-client/issues"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -21,7 +21,8 @@ const defaultOpts = {
|
|||||||
},
|
},
|
||||||
challengeRemoveFn: async () => {
|
challengeRemoveFn: async () => {
|
||||||
throw new Error("Missing challengeRemoveFn()");
|
throw new Error("Missing challengeRemoveFn()");
|
||||||
}
|
},
|
||||||
|
waitDnsDiffuseTime: 30,
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -577,7 +577,7 @@ class AcmeClient {
|
|||||||
|
|
||||||
const verifyFn = async (abort) => {
|
const verifyFn = async (abort) => {
|
||||||
if (this.opts.signal && this.opts.signal.aborted) {
|
if (this.opts.signal && this.opts.signal.aborted) {
|
||||||
abort();
|
abort(true);
|
||||||
throw new CancelError('用户取消');
|
throw new CancelError('用户取消');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -50,15 +50,18 @@ class Backoff {
|
|||||||
|
|
||||||
async function retryPromise(fn, attempts, backoff, logger = log) {
|
async function retryPromise(fn, attempts, backoff, logger = log) {
|
||||||
let aborted = false;
|
let aborted = false;
|
||||||
|
let abortedFromUser = false;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const setAbort = () => { aborted = true; }
|
const setAbort = (fromUser = false) => { aborted = true; abortedFromUser = fromUser; }
|
||||||
const data = await fn(setAbort);
|
const data = await fn(setAbort);
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
if (aborted){
|
if (aborted){
|
||||||
logger(`用户取消重试`);
|
if (abortedFromUser){
|
||||||
|
logger(`用户取消重试`);
|
||||||
|
}
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
if ( ((backoff.attempts + 1) >= attempts)) {
|
if ( ((backoff.attempts + 1) >= attempts)) {
|
||||||
@@ -249,7 +252,7 @@ async function resolveDomainBySoaRecord(recordName, logger = log) {
|
|||||||
|
|
||||||
async function getAuthoritativeDnsResolver(recordName, logger = log) {
|
async function getAuthoritativeDnsResolver(recordName, logger = log) {
|
||||||
logger(`获取域名${recordName}的权威NS服务器: `);
|
logger(`获取域名${recordName}的权威NS服务器: `);
|
||||||
const resolver = new dns.Resolver();
|
const resolver = new dns.Resolver({ timeout: 10000,maxTimeout: 60000 });
|
||||||
|
|
||||||
try {
|
try {
|
||||||
/* Resolve root domain by SOA */
|
/* Resolve root domain by SOA */
|
||||||
|
|||||||
@@ -92,7 +92,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns,deep = 0) {
|
|||||||
try {
|
try {
|
||||||
log(`检查域名 ${recordName} 的TXT记录`);
|
log(`检查域名 ${recordName} 的TXT记录`);
|
||||||
const txtRecords = await resolver.resolveTxt(recordName);
|
const txtRecords = await resolver.resolveTxt(recordName);
|
||||||
|
|
||||||
if (txtRecords && txtRecords.length) {
|
if (txtRecords && txtRecords.length) {
|
||||||
log(`找到 ${txtRecords.length} 条 TXT记录( ${recordName})`);
|
log(`找到 ${txtRecords.length} 条 TXT记录( ${recordName})`);
|
||||||
log(`TXT records: ${JSON.stringify(txtRecords)}`);
|
log(`TXT records: ${JSON.stringify(txtRecords)}`);
|
||||||
|
|||||||
+1
@@ -68,6 +68,7 @@ export interface ClientAutoOptions {
|
|||||||
preferredChain?: string;
|
preferredChain?: string;
|
||||||
signal?: AbortSignal;
|
signal?: AbortSignal;
|
||||||
profile?:string;
|
profile?:string;
|
||||||
|
waitDnsDiffuseTime?: number;
|
||||||
}
|
}
|
||||||
|
|
||||||
export class Client {
|
export class Client {
|
||||||
|
|||||||
@@ -47,5 +47,5 @@
|
|||||||
"tslib": "^2.8.1",
|
"tslib": "^2.8.1",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,5 +45,5 @@
|
|||||||
"tslib": "^2.8.1",
|
"tslib": "^2.8.1",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -65,4 +65,8 @@ export abstract class BaseAccess implements IAccess {
|
|||||||
}
|
}
|
||||||
throw new Error(`action ${req.action} not found`);
|
throw new Error(`action ${req.action} not found`);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
normalizeEndpoint(endpoint: string) {
|
||||||
|
return endpoint.replace(/\/$/, "");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -24,5 +24,5 @@
|
|||||||
"prettier": "^2.8.8",
|
"prettier": "^2.8.8",
|
||||||
"tslib": "^2.8.1"
|
"tslib": "^2.8.1"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -31,5 +31,5 @@
|
|||||||
"tslib": "^2.8.1",
|
"tslib": "^2.8.1",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -56,5 +56,5 @@
|
|||||||
"fetch"
|
"fetch"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -33,5 +33,5 @@
|
|||||||
"tslib": "^2.8.1",
|
"tslib": "^2.8.1",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -64,5 +64,5 @@
|
|||||||
"typeorm": "^0.3.11",
|
"typeorm": "^0.3.11",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,10 +6,10 @@ import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, Sy
|
|||||||
|
|
||||||
import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
|
import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
|
||||||
import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
|
import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
|
||||||
|
import { isPlus } from '@certd/plus-core';
|
||||||
import * as dns from 'node:dns';
|
import * as dns from 'node:dns';
|
||||||
import { BaseService, setAdminMode } from '../../../basic/index.js';
|
import { BaseService, setAdminMode } from '../../../basic/index.js';
|
||||||
import { executorQueue } from '../../basic/service/executor-queue.js';
|
import { executorQueue } from '../../basic/service/executor-queue.js';
|
||||||
import { isComm, isPlus } from '@certd/plus-core';
|
|
||||||
const { merge } = mergeUtils;
|
const { merge } = mergeUtils;
|
||||||
|
|
||||||
let lastSaveEnvVars = {};
|
let lastSaveEnvVars = {};
|
||||||
@@ -119,11 +119,11 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async savePublicSettings(bean: SysPublicSettings) {
|
async savePublicSettings(bean: SysPublicSettings) {
|
||||||
if (isComm()) {
|
// if (isComm()) {
|
||||||
if (bean.adminMode === 'enterprise') {
|
// if (bean.adminMode === 'enterprise') {
|
||||||
throw new Error("商业版不支持使用企业管理模式")
|
// throw new Error("商业版不支持使用企业管理模式")
|
||||||
}
|
// }
|
||||||
}
|
// }
|
||||||
|
|
||||||
await this.saveSetting(bean);
|
await this.saveSetting(bean);
|
||||||
//让设置生效
|
//让设置生效
|
||||||
|
|||||||
@@ -46,5 +46,5 @@
|
|||||||
"typeorm": "^0.3.11",
|
"typeorm": "^0.3.11",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,5 +38,5 @@
|
|||||||
"tslib": "^2.8.1",
|
"tslib": "^2.8.1",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -57,5 +57,5 @@
|
|||||||
"tslib": "^2.8.1",
|
"tslib": "^2.8.1",
|
||||||
"typescript": "^5.4.2"
|
"typescript": "^5.4.2"
|
||||||
},
|
},
|
||||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -135,7 +135,12 @@ export class CertReader {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static readCertDetail(crt: string) {
|
static readCertDetail(crt: string) {
|
||||||
const detail = crypto.readCertificateInfo(crt.toString());
|
let detail: CertificateInfo;
|
||||||
|
try {
|
||||||
|
detail = crypto.readCertificateInfo(crt.toString());
|
||||||
|
} catch (e) {
|
||||||
|
throw new Error("证书解析失败:" + e.message + "(请确定证书格式,是否与私钥搞反?)");
|
||||||
|
}
|
||||||
const effective = detail.notBefore;
|
const effective = detail.notBefore;
|
||||||
const expires = detail.notAfter;
|
const expires = detail.notAfter;
|
||||||
const fingerprints = CertReader.getFingerprintX509(crt);
|
const fingerprints = CertReader.getFingerprintX509(crt);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
<template>
|
<template>
|
||||||
<a-select :value="value" @update:value="onChange">
|
<a-select :value="value" :filter-option="true" @update:value="onChange">
|
||||||
<a-select-option v-for="item of options" :key="item.value" :value="item.value" :label="item.label">
|
<a-select-option v-for="item of options" :key="item.value" :value="item.value" :label="item.label">
|
||||||
<span class="flex-o">
|
<span class="flex-o">
|
||||||
<fs-icon :icon="item.icon" class="fs-16 color-blue mr-5" />
|
<fs-icon :icon="item.icon" class="fs-16 color-blue mr-5" />
|
||||||
|
|||||||
+1
-1
@@ -1,5 +1,5 @@
|
|||||||
<template>
|
<template>
|
||||||
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" @update:value="atChange"> </icon-select>
|
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" :filter-option="true" @update:value="atChange"> </icon-select>
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<script lang="ts">
|
<script lang="ts">
|
||||||
|
|||||||
@@ -289,7 +289,7 @@ export const useSettingStore = defineStore({
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
openBindUrlModal() {
|
openBindUrlModal(opts: { closable?: boolean } = { closable: false }) {
|
||||||
const event: any = { ModalRef: null };
|
const event: any = { ModalRef: null };
|
||||||
mitter.emit("getModal", event);
|
mitter.emit("getModal", event);
|
||||||
const Modal = event.ModalRef;
|
const Modal = event.ModalRef;
|
||||||
@@ -302,10 +302,12 @@ export const useSettingStore = defineStore({
|
|||||||
modalRef.destroy();
|
modalRef.destroy();
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
const { closable = false } = opts;
|
||||||
const modalRef: any = Modal.warning({
|
const modalRef: any = Modal.warning({
|
||||||
title: "URL地址未绑定,是否绑定此地址?",
|
title: "URL地址未绑定,是否绑定此地址?",
|
||||||
width: 500,
|
width: 500,
|
||||||
keyboard: false,
|
keyboard: false,
|
||||||
|
closable,
|
||||||
content: () => {
|
content: () => {
|
||||||
return (
|
return (
|
||||||
<div class="p-4">
|
<div class="p-4">
|
||||||
@@ -338,10 +340,10 @@ export const useSettingStore = defineStore({
|
|||||||
danger: true,
|
danger: true,
|
||||||
},
|
},
|
||||||
okText: "不,回到原来的地址",
|
okText: "不,回到原来的地址",
|
||||||
cancelText: "不,回到原来的地址",
|
// cancelText: "不,回到原来的地址",
|
||||||
onCancel: () => {
|
// onOk: () => {
|
||||||
window.location.href = bindUrl;
|
// window.location.href = bindUrl;
|
||||||
},
|
// },
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
async loadProductInfo() {
|
async loadProductInfo() {
|
||||||
|
|||||||
@@ -73,13 +73,11 @@
|
|||||||
margin: 20px;
|
margin: 20px;
|
||||||
}
|
}
|
||||||
|
|
||||||
.fs-crud-table {
|
// .fs-crud-table {
|
||||||
.ant-table-body {
|
// .ant-table-body {
|
||||||
height: 60vh;
|
// height:60vh;
|
||||||
table {
|
// }
|
||||||
}
|
// }
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
body a {
|
body a {
|
||||||
color: #1890ff;
|
color: #1890ff;
|
||||||
@@ -142,4 +140,5 @@ button.ant-btn.ant-btn-default.isPlus{
|
|||||||
color: rgba(233, 233, 233, 0.25);
|
color: rgba(233, 233, 233, 0.25);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -8,7 +8,6 @@
|
|||||||
import { onActivated, onMounted, ref, Ref } from "vue";
|
import { onActivated, onMounted, ref, Ref } from "vue";
|
||||||
import { useFs } from "@fast-crud/fast-crud";
|
import { useFs } from "@fast-crud/fast-crud";
|
||||||
import createCrudOptions from "./crud";
|
import createCrudOptions from "./crud";
|
||||||
import { siteIpApi } from "./api";
|
|
||||||
|
|
||||||
defineOptions({
|
defineOptions({
|
||||||
name: "SiteIpCertMonitor",
|
name: "SiteIpCertMonitor",
|
||||||
@@ -23,11 +22,6 @@ const { crudBinding, crudRef, crudExpose } = useFs({
|
|||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
const siteInfoRef: Ref<any> = ref({});
|
|
||||||
onMounted(async () => {
|
|
||||||
siteInfoRef.value = await siteIpApi.GetObj(props.siteId);
|
|
||||||
});
|
|
||||||
|
|
||||||
// 页面打开后获取列表数据
|
// 页面打开后获取列表数据
|
||||||
onMounted(() => {
|
onMounted(() => {
|
||||||
crudExpose.doRefresh();
|
crudExpose.doRefresh();
|
||||||
|
|||||||
@@ -85,7 +85,7 @@ export function useCertPipelineCreator() {
|
|||||||
const settingStore = useSettingStore();
|
const settingStore = useSettingStore();
|
||||||
const router = useRouter();
|
const router = useRouter();
|
||||||
|
|
||||||
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string }): CreateCrudOptionsRet {
|
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string; initialForm?: any }): CreateCrudOptionsRet {
|
||||||
const inputs: any = {};
|
const inputs: any = {};
|
||||||
const moreParams = [];
|
const moreParams = [];
|
||||||
const doSubmit = req.doSubmit;
|
const doSubmit = req.doSubmit;
|
||||||
@@ -124,9 +124,11 @@ export function useCertPipelineCreator() {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
return {
|
return {
|
||||||
crudOptions: {
|
crudOptions: {
|
||||||
form: {
|
form: {
|
||||||
|
initialForm: req.initialForm || {},
|
||||||
doSubmit,
|
doSubmit,
|
||||||
wrapper: {
|
wrapper: {
|
||||||
wrapClassName: "cert_pipeline_create_form",
|
wrapClassName: "cert_pipeline_create_form",
|
||||||
@@ -326,6 +328,15 @@ export function useCertPipelineCreator() {
|
|||||||
//检查是否流水线数量超出限制
|
//检查是否流水线数量超出限制
|
||||||
await checkPipelineLimit();
|
await checkPipelineLimit();
|
||||||
|
|
||||||
|
//设置系统初始值
|
||||||
|
const initialForm: any = {};
|
||||||
|
const pluginSysConfig = await pluginStore.getPluginConfig({ name: req.pluginName, type: "builtIn" });
|
||||||
|
if (pluginSysConfig.sysSetting?.input) {
|
||||||
|
for (const key in pluginSysConfig.sysSetting?.input) {
|
||||||
|
initialForm[key] = pluginSysConfig.sysSetting?.input[key];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async function doSubmit({ form }: any) {
|
async function doSubmit({ form }: any) {
|
||||||
// const certDetail = readCertDetail(form.cert.crt);
|
// const certDetail = readCertDetail(form.cert.crt);
|
||||||
// 添加certd pipeline
|
// 添加certd pipeline
|
||||||
@@ -399,6 +410,7 @@ export function useCertPipelineCreator() {
|
|||||||
certPlugin,
|
certPlugin,
|
||||||
doSubmit,
|
doSubmit,
|
||||||
title: req.title,
|
title: req.title,
|
||||||
|
initialForm,
|
||||||
});
|
});
|
||||||
//@ts-ignore
|
//@ts-ignore
|
||||||
crudOptions.columns.groupId.form.value = req.defaultGroupId || undefined;
|
crudOptions.columns.groupId.form.value = req.defaultGroupId || undefined;
|
||||||
|
|||||||
@@ -374,7 +374,7 @@ export default defineComponent({
|
|||||||
setup(props, ctx) {
|
setup(props, ctx) {
|
||||||
onBeforeRouteLeave((to, from) => {
|
onBeforeRouteLeave((to, from) => {
|
||||||
const newPipelineStr = JSON.stringify(pipeline.value || {});
|
const newPipelineStr = JSON.stringify(pipeline.value || {});
|
||||||
if (pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
|
if (props.editMode && pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
|
||||||
const answer = window.confirm("流水线还未保存,确定要离开吗?");
|
const answer = window.confirm("流水线还未保存,确定要离开吗?");
|
||||||
if (!answer) {
|
if (!answer) {
|
||||||
return false; // 返回 false 即可阻止本次路由跳转
|
return false; // 返回 false 即可阻止本次路由跳转
|
||||||
|
|||||||
@@ -182,6 +182,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
|
|||||||
},
|
},
|
||||||
showSelect: false,
|
showSelect: false,
|
||||||
createCrudOptions: createCrudOptionsPipeline,
|
createCrudOptions: createCrudOptionsPipeline,
|
||||||
|
height: "60vh",
|
||||||
crudOptionsOverride: {
|
crudOptionsOverride: {
|
||||||
actionbar: {
|
actionbar: {
|
||||||
show: false,
|
show: false,
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import { dict, useFormWrapper } from "@fast-crud/fast-crud";
|
import { compute, dict, useFormWrapper } from "@fast-crud/fast-crud";
|
||||||
import { checkPipelineLimit, eachSteps } from "/@/views/certd/pipeline/utils";
|
import { checkPipelineLimit, eachSteps } from "/@/views/certd/pipeline/utils";
|
||||||
import { templateApi } from "/@/views/certd/pipeline/template/api";
|
import { templateApi } from "/@/views/certd/pipeline/template/api";
|
||||||
import TemplateForm from "./form.vue";
|
import TemplateForm from "./form.vue";
|
||||||
@@ -7,6 +7,7 @@ import GroupSelector from "/@/views/certd/pipeline/group/group-selector.vue";
|
|||||||
import { ref } from "vue";
|
import { ref } from "vue";
|
||||||
import { fillPipelineByDefaultForm } from "/@/views/certd/pipeline/certd-form/use";
|
import { fillPipelineByDefaultForm } from "/@/views/certd/pipeline/certd-form/use";
|
||||||
import { cloneDeep } from "lodash-es";
|
import { cloneDeep } from "lodash-es";
|
||||||
|
import { $t } from "/@/locales";
|
||||||
|
|
||||||
export function createExtraColumns() {
|
export function createExtraColumns() {
|
||||||
const groupDictRef = dict({
|
const groupDictRef = dict({
|
||||||
@@ -14,24 +15,82 @@ export function createExtraColumns() {
|
|||||||
value: "id",
|
value: "id",
|
||||||
label: "name",
|
label: "name",
|
||||||
});
|
});
|
||||||
|
const t = $t;
|
||||||
const randomHour = Math.floor(Math.random() * 6);
|
const randomHour = Math.floor(Math.random() * 6);
|
||||||
const randomMin = Math.floor(Math.random() * 60);
|
const randomMin = Math.floor(Math.random() * 60);
|
||||||
return {
|
return {
|
||||||
triggerCron: {
|
// triggerCron: {
|
||||||
title: "定时触发",
|
// title: "定时触发",
|
||||||
type: "text",
|
// type: "text",
|
||||||
|
// form: {
|
||||||
|
// value: `0 ${randomMin} ${randomHour} * * *`,
|
||||||
|
// component: {
|
||||||
|
// name: "cron-editor",
|
||||||
|
// vModel: "modelValue",
|
||||||
|
// placeholder: "0 0 4 * * *",
|
||||||
|
// },
|
||||||
|
// col: {
|
||||||
|
// span: 24,
|
||||||
|
// },
|
||||||
|
// helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
|
||||||
|
// order: 100,
|
||||||
|
// },
|
||||||
|
// },
|
||||||
|
|
||||||
|
random: {
|
||||||
|
title: "定时类型",
|
||||||
|
form: {
|
||||||
|
value: true,
|
||||||
|
helper: "是否给流水线随机设置一个时间",
|
||||||
|
show: compute(({ form }) => {
|
||||||
|
return form.clear !== true;
|
||||||
|
}),
|
||||||
|
component: {
|
||||||
|
name: "fs-dict-switch",
|
||||||
|
vModel: "checked",
|
||||||
|
dict: dict({
|
||||||
|
data: [
|
||||||
|
{
|
||||||
|
label: "随机时间",
|
||||||
|
value: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
label: "固定时间",
|
||||||
|
value: false,
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
randomRange: {
|
||||||
|
title: "随机时间范围",
|
||||||
|
form: {
|
||||||
|
value: ["00:00:00", "08:00:00"],
|
||||||
|
helper: "随机时间范围,单位秒",
|
||||||
|
component: {
|
||||||
|
// <a-time-range-picker :bordered="false" />
|
||||||
|
name: "a-time-range-picker",
|
||||||
|
vModel: "value",
|
||||||
|
valueFormat: "HH:mm:ss",
|
||||||
|
},
|
||||||
|
show: compute(({ form }) => {
|
||||||
|
return form.clear !== true && form.random === true;
|
||||||
|
}),
|
||||||
|
rules: [{ required: true, message: "请选择随机时间范围" }],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
triggerCron: {
|
||||||
|
title: t("certd.schedule"),
|
||||||
form: {
|
form: {
|
||||||
value: `0 ${randomMin} ${randomHour} * * *`,
|
|
||||||
component: {
|
component: {
|
||||||
name: "cron-editor",
|
name: "cron-editor",
|
||||||
vModel: "modelValue",
|
vModel: "modelValue",
|
||||||
placeholder: "0 0 4 * * *",
|
|
||||||
},
|
},
|
||||||
col: {
|
show: compute(({ form }) => {
|
||||||
span: 24,
|
return form.clear !== true && form?.random !== true;
|
||||||
},
|
}),
|
||||||
helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
|
rules: [{ required: true, message: t("certd.selectCron") }],
|
||||||
order: 100,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
notification: {
|
notification: {
|
||||||
|
|||||||
@@ -135,3 +135,11 @@ export async function DoTest(req: { id: number; input: any }): Promise<void> {
|
|||||||
data: req,
|
data: req,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function GetPluginByName(name: string): Promise<PluginConfigBean> {
|
||||||
|
return await request({
|
||||||
|
url: apiPrefix + "/getPluginByName",
|
||||||
|
method: "post",
|
||||||
|
data: { name },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|||||||
@@ -36,6 +36,13 @@
|
|||||||
</div>
|
</div>
|
||||||
</a-form-item>
|
</a-form-item>
|
||||||
|
|
||||||
|
<a-form-item label="其他配置">
|
||||||
|
<a-button type="primary" @click="doPluginConfig">证书申请插件默认值设置</a-button>
|
||||||
|
<div class="helper">
|
||||||
|
<div>自定义证书申请插件参数</div>
|
||||||
|
</div>
|
||||||
|
</a-form-item>
|
||||||
|
|
||||||
<a-form-item :wrapper-col="{ offset: 8, span: 16 }">
|
<a-form-item :wrapper-col="{ offset: 8, span: 16 }">
|
||||||
<a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
|
<a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
|
||||||
</a-form-item>
|
</a-form-item>
|
||||||
@@ -47,10 +54,10 @@
|
|||||||
<script lang="ts" setup>
|
<script lang="ts" setup>
|
||||||
import AccessSelector from "/@/views/certd/access/access-selector/index.vue";
|
import AccessSelector from "/@/views/certd/access/access-selector/index.vue";
|
||||||
import { reactive, ref } from "vue";
|
import { reactive, ref } from "vue";
|
||||||
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs } from "/@/views/sys/plugin/api";
|
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs, GetPluginByName } from "/@/views/sys/plugin/api";
|
||||||
import { merge } from "lodash-es";
|
import { merge } from "lodash-es";
|
||||||
import { notification } from "ant-design-vue";
|
import { notification } from "ant-design-vue";
|
||||||
|
import { usePluginConfig } from "./use-config";
|
||||||
defineOptions({
|
defineOptions({
|
||||||
name: "SysPluginConfig",
|
name: "SysPluginConfig",
|
||||||
});
|
});
|
||||||
@@ -87,5 +94,12 @@ const onFinish = async (form: any) => {
|
|||||||
const onFinishFailed = (errorInfo: any) => {
|
const onFinishFailed = (errorInfo: any) => {
|
||||||
console.log("Failed:", errorInfo);
|
console.log("Failed:", errorInfo);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const { openConfigDialog } = usePluginConfig();
|
||||||
|
|
||||||
|
async function doPluginConfig() {
|
||||||
|
const certApplyInfo = await GetPluginByName("CertApply");
|
||||||
|
await openConfigDialog({ row: certApplyInfo, crudExpose: null });
|
||||||
|
}
|
||||||
</script>
|
</script>
|
||||||
<style lang="less"></style>
|
<style lang="less"></style>
|
||||||
|
|||||||
@@ -43,13 +43,12 @@
|
|||||||
</template>
|
</template>
|
||||||
|
|
||||||
<script setup lang="tsx">
|
<script setup lang="tsx">
|
||||||
import { computed, nextTick, onMounted, reactive, ref, Ref, unref } from "vue";
|
|
||||||
import { useRoute, useRouter } from "vue-router";
|
|
||||||
import * as api from "./api";
|
|
||||||
import { usePluginStore } from "/@/store/plugin";
|
|
||||||
import { cloneDeep, get, merge, set, unset } from "lodash-es";
|
|
||||||
import Rollbackable from "./rollbackable.vue";
|
|
||||||
import { FsRender } from "@fast-crud/fast-crud";
|
import { FsRender } from "@fast-crud/fast-crud";
|
||||||
|
import { cloneDeep, merge, unset } from "lodash-es";
|
||||||
|
import { computed, onMounted, reactive, ref } from "vue";
|
||||||
|
import { useRoute, useRouter } from "vue-router";
|
||||||
|
import Rollbackable from "./rollbackable.vue";
|
||||||
|
import { usePluginStore } from "/@/store/plugin";
|
||||||
const route = useRoute();
|
const route = useRoute();
|
||||||
const router = useRouter();
|
const router = useRouter();
|
||||||
const pluginStore = usePluginStore();
|
const pluginStore = usePluginStore();
|
||||||
|
|||||||
@@ -178,6 +178,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
|
|||||||
type: "dict-select",
|
type: "dict-select",
|
||||||
search: {
|
search: {
|
||||||
show: true,
|
show: true,
|
||||||
|
component: {
|
||||||
|
disabled: false,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
form: {
|
form: {
|
||||||
order: 0,
|
order: 0,
|
||||||
|
|||||||
@@ -35,7 +35,9 @@ export function usePluginConfig() {
|
|||||||
},
|
},
|
||||||
afterSubmit() {
|
afterSubmit() {
|
||||||
notification.success({ message: t("certd.operationSuccess") });
|
notification.success({ message: t("certd.operationSuccess") });
|
||||||
crudExpose.doRefresh();
|
if (crudExpose) {
|
||||||
|
crudExpose.doRefresh();
|
||||||
|
}
|
||||||
},
|
},
|
||||||
async doSubmit({}: any) {
|
async doSubmit({}: any) {
|
||||||
const form = configEditorRef.value.getForm();
|
const form = configEditorRef.value.getForm();
|
||||||
|
|||||||
@@ -25,6 +25,10 @@
|
|||||||
<div class="helper" v-html="t('certd.sys.setting.noticeHelper')"></div>
|
<div class="helper" v-html="t('certd.sys.setting.noticeHelper')"></div>
|
||||||
</a-form-item>
|
</a-form-item>
|
||||||
|
|
||||||
|
<a-form-item :label="t('certd.sys.setting.bindUrl')">
|
||||||
|
<a-button class="ml-2" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||||
|
</a-form-item>
|
||||||
|
|
||||||
<a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
|
<a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
|
||||||
<a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
|
<a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
|
||||||
</a-form-item>
|
</a-form-item>
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
|
<pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
|
||||||
<div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
|
<div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
|
||||||
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal()">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||||
</div>
|
</div>
|
||||||
</a-form-item>
|
</a-form-item>
|
||||||
<a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
|
<a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
|
||||||
|
|||||||
@@ -17,6 +17,18 @@ input:
|
|||||||
apiKey
|
apiKey
|
||||||
required: true
|
required: true
|
||||||
encrypt: true
|
encrypt: true
|
||||||
|
version:
|
||||||
|
title: 版本
|
||||||
|
component:
|
||||||
|
name: a-select
|
||||||
|
options:
|
||||||
|
- label: v3.x
|
||||||
|
value: '3'
|
||||||
|
- label: v2.x
|
||||||
|
value: '2'
|
||||||
|
helper: apisix系统的版本
|
||||||
|
value: '3'
|
||||||
|
required: true
|
||||||
testRequest:
|
testRequest:
|
||||||
title: 测试
|
title: 测试
|
||||||
component:
|
component:
|
||||||
|
|||||||
@@ -0,0 +1,27 @@
|
|||||||
|
name: hipmdnsmgr
|
||||||
|
title: HiPM DNSMgr
|
||||||
|
icon: svg:icon-dns
|
||||||
|
desc: HiPM DNSMgr API Token 授权
|
||||||
|
input:
|
||||||
|
endpoint:
|
||||||
|
title: 服务器地址
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: http://localhost:3001
|
||||||
|
required: true
|
||||||
|
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001'
|
||||||
|
apiToken:
|
||||||
|
title: API Token
|
||||||
|
required: true
|
||||||
|
encrypt: true
|
||||||
|
helper: 在 DNSMgr 设置 > API Token 中创建的令牌
|
||||||
|
testRequest:
|
||||||
|
title: 测试连接
|
||||||
|
component:
|
||||||
|
name: api-test
|
||||||
|
action: TestRequest
|
||||||
|
helper: 点击测试接口是否正常
|
||||||
|
pluginType: access
|
||||||
|
type: builtIn
|
||||||
|
scriptFilePath: /plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.js
|
||||||
@@ -0,0 +1,53 @@
|
|||||||
|
name: nginxProxyManager
|
||||||
|
title: Nginx Proxy Manager 授权
|
||||||
|
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
|
||||||
|
icon: logos:nginx
|
||||||
|
input:
|
||||||
|
endpoint:
|
||||||
|
title: NPM 地址
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: https://npm.example.com
|
||||||
|
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
|
||||||
|
required: true
|
||||||
|
email:
|
||||||
|
title: 邮箱
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: admin@example.com
|
||||||
|
required: true
|
||||||
|
password:
|
||||||
|
title: 密码
|
||||||
|
component:
|
||||||
|
name: a-input-password
|
||||||
|
allowClear: true
|
||||||
|
placeholder: 请输入密码
|
||||||
|
required: true
|
||||||
|
encrypt: true
|
||||||
|
totpSecret:
|
||||||
|
title: TOTP 密钥
|
||||||
|
component:
|
||||||
|
name: a-input-password
|
||||||
|
allowClear: true
|
||||||
|
placeholder: Optional base32 TOTP secret
|
||||||
|
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
|
||||||
|
required: false
|
||||||
|
encrypt: true
|
||||||
|
ignoreTls:
|
||||||
|
title: 忽略无效 TLS
|
||||||
|
component:
|
||||||
|
name: a-switch
|
||||||
|
vModel: checked
|
||||||
|
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
|
||||||
|
required: false
|
||||||
|
testRequest:
|
||||||
|
title: 测试
|
||||||
|
component:
|
||||||
|
name: api-test
|
||||||
|
action: onTestRequest
|
||||||
|
helper: 测试登录并拉取代理主机列表。
|
||||||
|
pluginType: access
|
||||||
|
type: builtIn
|
||||||
|
scriptFilePath: /plugins/plugin-nginx-proxy-manager/access.js
|
||||||
@@ -62,8 +62,8 @@ input:
|
|||||||
pty:
|
pty:
|
||||||
title: 伪终端
|
title: 伪终端
|
||||||
helper: >-
|
helper: >-
|
||||||
如果登录报错:all authentication methods
|
如果登录报错:all authentication methods failed / unable to
|
||||||
failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录
|
exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录
|
||||||
|
|
||||||
开启后对日志输出有一定的影响
|
开启后对日志输出有一定的影响
|
||||||
component:
|
component:
|
||||||
|
|||||||
@@ -0,0 +1,38 @@
|
|||||||
|
name: technitium
|
||||||
|
title: Technitium DNS Server
|
||||||
|
icon: clarity:server-line
|
||||||
|
desc: Technitium DNS Server 自建DNS服务器授权
|
||||||
|
input:
|
||||||
|
apiUrl:
|
||||||
|
title: API地址
|
||||||
|
value: http://localhost:5380
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: http://localhost:5380
|
||||||
|
required: true
|
||||||
|
username:
|
||||||
|
title: 用户名
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: admin
|
||||||
|
required: false
|
||||||
|
password:
|
||||||
|
title: 密码
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
type: password
|
||||||
|
allowClear: true
|
||||||
|
placeholder: 密码
|
||||||
|
required: false
|
||||||
|
encrypt: true
|
||||||
|
testRequest:
|
||||||
|
title: 测试
|
||||||
|
component:
|
||||||
|
name: api-test
|
||||||
|
action: TestRequest
|
||||||
|
helper: 点击测试接口是否正常
|
||||||
|
pluginType: access
|
||||||
|
type: builtIn
|
||||||
|
scriptFilePath: /plugins/plugin-technitium/access.js
|
||||||
@@ -0,0 +1,71 @@
|
|||||||
|
showRunStrategy: false
|
||||||
|
default:
|
||||||
|
strategy:
|
||||||
|
runStrategy: 1
|
||||||
|
name: NginxProxyManagerDeploy
|
||||||
|
title: Nginx Proxy Manager-部署到主机
|
||||||
|
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
|
||||||
|
icon: logos:nginx
|
||||||
|
group: panel
|
||||||
|
input:
|
||||||
|
cert:
|
||||||
|
title: 域名证书
|
||||||
|
helper: 请选择前置任务产出的证书。
|
||||||
|
component:
|
||||||
|
name: output-selector
|
||||||
|
from:
|
||||||
|
- ':cert:'
|
||||||
|
required: true
|
||||||
|
order: 0
|
||||||
|
certDomains:
|
||||||
|
title: 证书域名
|
||||||
|
component:
|
||||||
|
name: cert-domains-getter
|
||||||
|
required: false
|
||||||
|
order: 0
|
||||||
|
accessId:
|
||||||
|
title: NPM授权
|
||||||
|
component:
|
||||||
|
name: access-selector
|
||||||
|
type: nginxProxyManager
|
||||||
|
helper: 选择用于部署的 Nginx Proxy Manager 授权。
|
||||||
|
required: true
|
||||||
|
order: 0
|
||||||
|
proxyHostIds:
|
||||||
|
title: 代理主机
|
||||||
|
component:
|
||||||
|
name: remote-select
|
||||||
|
vModel: value
|
||||||
|
mode: tags
|
||||||
|
type: plugin
|
||||||
|
action: onGetProxyHostOptions
|
||||||
|
search: true
|
||||||
|
pager: false
|
||||||
|
multi: true
|
||||||
|
watches:
|
||||||
|
- certDomains
|
||||||
|
- accessId
|
||||||
|
helper: 选择要绑定此证书的一个或多个代理主机。
|
||||||
|
required: true
|
||||||
|
order: 0
|
||||||
|
certificateLabel:
|
||||||
|
title: 证书标识
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: certd_npm_example_com
|
||||||
|
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>。
|
||||||
|
required: false
|
||||||
|
order: 0
|
||||||
|
cleanupMatchingCertificates:
|
||||||
|
title: 自动清理未使用证书
|
||||||
|
component:
|
||||||
|
name: a-switch
|
||||||
|
vModel: checked
|
||||||
|
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
|
||||||
|
required: false
|
||||||
|
order: 0
|
||||||
|
output: {}
|
||||||
|
pluginType: deploy
|
||||||
|
type: builtIn
|
||||||
|
scriptFilePath: /plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.js
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
name: hipmdnsmgr
|
||||||
|
title: HiPM DNSMgr
|
||||||
|
desc: HiPM DNSMgr DNS 解析提供商
|
||||||
|
accessType: hipmdnsmgr
|
||||||
|
icon: svg:icon-dns
|
||||||
|
pluginType: dnsProvider
|
||||||
|
type: builtIn
|
||||||
|
scriptFilePath: /plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.js
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
name: technitium
|
||||||
|
title: Technitium DNS Server
|
||||||
|
desc: Technitium DNS Server 自建DNS服务器
|
||||||
|
icon: clarity:server-line
|
||||||
|
accessType: technitium
|
||||||
|
order: 10
|
||||||
|
pluginType: dnsProvider
|
||||||
|
type: builtIn
|
||||||
|
scriptFilePath: /plugins/plugin-technitium/dns-provider.js
|
||||||
@@ -84,6 +84,15 @@ export class PluginController extends CrudController<PluginService> {
|
|||||||
const res = await this.pluginConfigService.saveCommPluginConfig(body);
|
const res = await this.pluginConfigService.saveCommPluginConfig(body);
|
||||||
return this.ok(res);
|
return this.ok(res);
|
||||||
}
|
}
|
||||||
|
@Post('/getPluginByName', { description: 'sys:settings:view' })
|
||||||
|
async getPluginByName(@Body('name') name: string) {
|
||||||
|
const res = await this.pluginConfigService.getPluginConfig({
|
||||||
|
name: name,
|
||||||
|
type: 'builtIn'
|
||||||
|
});
|
||||||
|
return this.ok(res);
|
||||||
|
}
|
||||||
|
|
||||||
@Post('/saveSetting', { description: 'sys:settings:edit' })
|
@Post('/saveSetting', { description: 'sys:settings:edit' })
|
||||||
async saveSetting(@Body(ALL) body: PluginConfig) {
|
async saveSetting(@Body(ALL) body: PluginConfig) {
|
||||||
const res = await this.pluginConfigService.savePluginConfig(body);
|
const res = await this.pluginConfigService.savePluginConfig(body);
|
||||||
|
|||||||
@@ -89,24 +89,30 @@ export class SiteTester {
|
|||||||
// 创建 HTTPS 请求
|
// 创建 HTTPS 请求
|
||||||
const requestPromise = safePromise((resolve, reject) => {
|
const requestPromise = safePromise((resolve, reject) => {
|
||||||
const req = https.request(options, res => {
|
const req = https.request(options, res => {
|
||||||
// 获取证书
|
|
||||||
// @ts-ignore
|
|
||||||
const certificate = res.socket.getPeerCertificate();
|
|
||||||
// logger.info('证书信息', certificate);
|
|
||||||
if (certificate.subject == null) {
|
|
||||||
logger.warn("证书信息为空");
|
|
||||||
resolve({
|
|
||||||
certificate: null
|
|
||||||
});
|
|
||||||
}
|
|
||||||
resolve({
|
|
||||||
certificate
|
|
||||||
});
|
|
||||||
res.socket.end();
|
res.socket.end();
|
||||||
// 关闭响应
|
// 关闭响应
|
||||||
res.destroy();
|
res.destroy();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// ✅ 关键:在 'socket' 事件中获取证书(握手完成后立即执行)
|
||||||
|
req.on('socket', (socket:any) => {
|
||||||
|
socket.on('secureConnect', () => {
|
||||||
|
// TLS握手完成,证书已经可用
|
||||||
|
const certificate = socket.getPeerCertificate();
|
||||||
|
if (certificate.subject) {
|
||||||
|
logger.info('证书获取成功', certificate.subject);
|
||||||
|
resolve({
|
||||||
|
certificate
|
||||||
|
});
|
||||||
|
}else{
|
||||||
|
logger.warn("证书信息为空");
|
||||||
|
resolve({
|
||||||
|
certificate: null
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
req.on("error", e => {
|
req.on("error", e => {
|
||||||
reject(e);
|
reject(e);
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -45,4 +45,6 @@
|
|||||||
// export * from './plugin-plus/index.js'
|
// export * from './plugin-plus/index.js'
|
||||||
// export * from './plugin-cert/index.js'
|
// export * from './plugin-cert/index.js'
|
||||||
// export * from './plugin-zenlayer/index.js'
|
// export * from './plugin-zenlayer/index.js'
|
||||||
export * from './plugin-dnsmgr/index.js'
|
// export * from './plugin-dnsmgr/index.js'
|
||||||
|
// export * from './plugin-nginx-proxy-manager/index.js'
|
||||||
|
// export * from './plugin-hipmdnsmgr/index.js'
|
||||||
|
|||||||
@@ -32,6 +32,27 @@ export class ApisixAccess extends BaseAccess {
|
|||||||
})
|
})
|
||||||
apiKey = '';
|
apiKey = '';
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: '版本',
|
||||||
|
component: {
|
||||||
|
name:"a-select",
|
||||||
|
options: [
|
||||||
|
{
|
||||||
|
label: "v3.x",
|
||||||
|
value: "3",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
label: "v2.x",
|
||||||
|
value: "2",
|
||||||
|
},
|
||||||
|
]
|
||||||
|
},
|
||||||
|
helper: "apisix系统的版本",
|
||||||
|
value:"3",
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
version = '3';
|
||||||
|
|
||||||
|
|
||||||
@AccessInput({
|
@AccessInput({
|
||||||
title: "测试",
|
title: "测试",
|
||||||
@@ -49,17 +70,24 @@ export class ApisixAccess extends BaseAccess {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async getCertList(){
|
async getCertList(){
|
||||||
|
const sslPath = this.getSslPath();
|
||||||
const req = {
|
const req = {
|
||||||
url :"/apisix/admin/ssls",
|
url :`/apisix/admin/${sslPath}`,
|
||||||
method: "get",
|
method: "get",
|
||||||
}
|
}
|
||||||
return await this.doRequest(req);
|
return await this.doRequest(req);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
getSslPath(){
|
||||||
|
const sslPath = this.version === '3' ? 'ssls' : 'ssl';
|
||||||
|
return sslPath;
|
||||||
|
}
|
||||||
|
|
||||||
async createCert(opts:{cert:CertInfo}){
|
async createCert(opts:{cert:CertInfo}){
|
||||||
const certReader = new CertReader(opts.cert)
|
const certReader = new CertReader(opts.cert)
|
||||||
|
const sslPath = this.getSslPath();
|
||||||
const req = {
|
const req = {
|
||||||
url :"/apisix/admin/ssls",
|
url :`/apisix/admin/${sslPath}`,
|
||||||
method: "post",
|
method: "post",
|
||||||
data:{
|
data:{
|
||||||
cert: opts.cert.crt,
|
cert: opts.cert.crt,
|
||||||
@@ -72,8 +100,9 @@ export class ApisixAccess extends BaseAccess {
|
|||||||
|
|
||||||
async updateCert (opts:{cert:CertInfo,id:string}){
|
async updateCert (opts:{cert:CertInfo,id:string}){
|
||||||
const certReader = new CertReader(opts.cert)
|
const certReader = new CertReader(opts.cert)
|
||||||
|
const sslPath = this.getSslPath();
|
||||||
const req = {
|
const req = {
|
||||||
url :`/apisix/admin/ssls/${opts.id}`,
|
url :`/apisix/admin/${sslPath}/${opts.id}`,
|
||||||
method: "put",
|
method: "put",
|
||||||
data:{
|
data:{
|
||||||
cert: opts.cert.crt,
|
cert: opts.cert.crt,
|
||||||
|
|||||||
@@ -423,6 +423,7 @@ export class AcmeService {
|
|||||||
signal: this.options.signal,
|
signal: this.options.signal,
|
||||||
profile,
|
profile,
|
||||||
preferredChain,
|
preferredChain,
|
||||||
|
waitDnsDiffuseTime: this.options.waitDnsDiffuseTime,
|
||||||
});
|
});
|
||||||
|
|
||||||
const crtString = crt.toString();
|
const crtString = crt.toString();
|
||||||
|
|||||||
@@ -275,6 +275,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
|||||||
mergeScript: `
|
mergeScript: `
|
||||||
return {
|
return {
|
||||||
show: ctx.compute(({form})=>{
|
show: ctx.compute(({form})=>{
|
||||||
|
console.log("show",form)
|
||||||
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|
||||||
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|
||||||
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
|
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
|
||||||
|
|||||||
@@ -1,7 +1,8 @@
|
|||||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||||
|
|
||||||
import { DemoAccess } from './access.js';
|
import { PageRes, PageSearch } from '@certd/pipeline';
|
||||||
import { isDev } from '../../utils/env.js';
|
import { isDev } from '../../utils/env.js';
|
||||||
|
import { DemoAccess } from './access.js';
|
||||||
|
|
||||||
type DemoRecord = {
|
type DemoRecord = {
|
||||||
// 这里定义Record记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到id就行,用于删除txt解析记录,清理申请痕迹
|
// 这里定义Record记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到id就行,用于删除txt解析记录,清理申请痕迹
|
||||||
@@ -16,7 +17,7 @@ type DemoRecord = {
|
|||||||
icon: 'clarity:plugin-line',
|
icon: 'clarity:plugin-line',
|
||||||
// 这里是对应的云平台的access类型名称
|
// 这里是对应的云平台的access类型名称
|
||||||
accessType: 'demo',
|
accessType: 'demo',
|
||||||
order:99,
|
order: 99,
|
||||||
})
|
})
|
||||||
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||||
access!: DemoAccess;
|
access!: DemoAccess;
|
||||||
@@ -74,6 +75,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
|||||||
|
|
||||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param req 实现获取域名列表
|
||||||
|
* @returns
|
||||||
|
*/
|
||||||
|
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||||
|
const res = await this.http.request({
|
||||||
|
// 请求接口获取域名列表
|
||||||
|
})
|
||||||
|
const list = []
|
||||||
|
// const list = res.Domains?.map(item => ({
|
||||||
|
// id: item.Id,
|
||||||
|
// domain: item.DomainName,
|
||||||
|
// })) || []
|
||||||
|
|
||||||
|
|
||||||
|
return {
|
||||||
|
list,
|
||||||
|
total: res.Total,
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO 实例化这个provider,将其自动注册到系统中
|
//TODO 实例化这个provider,将其自动注册到系统中
|
||||||
|
|||||||
@@ -0,0 +1,172 @@
|
|||||||
|
import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* HiPM DNSMgr Access
|
||||||
|
* 使用 API Token 认证(Bearer Token)
|
||||||
|
*/
|
||||||
|
@IsAccess({
|
||||||
|
name: 'hipmdnsmgr',
|
||||||
|
title: 'HiPM DNSMgr',
|
||||||
|
icon: 'svg:icon-dns',
|
||||||
|
desc: 'HiPM DNSMgr API Token 授权',
|
||||||
|
})
|
||||||
|
export class HipmDnsmgrAccess extends BaseAccess {
|
||||||
|
@AccessInput({
|
||||||
|
title: '服务器地址',
|
||||||
|
component: {
|
||||||
|
name: 'a-input',
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: 'http://localhost:3001',
|
||||||
|
},
|
||||||
|
required: true,
|
||||||
|
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001',
|
||||||
|
})
|
||||||
|
endpoint = '';
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: 'API Token',
|
||||||
|
required: true,
|
||||||
|
encrypt: true,
|
||||||
|
helper: '在 DNSMgr 设置 > API Token 中创建的令牌',
|
||||||
|
})
|
||||||
|
apiToken = '';
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: '测试连接',
|
||||||
|
component: {
|
||||||
|
name: 'api-test',
|
||||||
|
action: 'TestRequest',
|
||||||
|
},
|
||||||
|
helper: '点击测试接口是否正常',
|
||||||
|
})
|
||||||
|
testRequest = true;
|
||||||
|
|
||||||
|
async onTestRequest() {
|
||||||
|
await this.getDomainList();
|
||||||
|
return '连接成功';
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获取域名列表
|
||||||
|
*/
|
||||||
|
async getDomainList() {
|
||||||
|
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名列表`);
|
||||||
|
|
||||||
|
const resp = await this.doRequest({
|
||||||
|
method: 'GET',
|
||||||
|
path: '/domains',
|
||||||
|
params: {
|
||||||
|
page: 1,
|
||||||
|
pageSize: 100,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
// DNSMgr 返回数组格式
|
||||||
|
return resp?.map((item: any) => ({
|
||||||
|
id: String(item.id),
|
||||||
|
domain: item.name,
|
||||||
|
...item,
|
||||||
|
})) || [];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获取域名记录列表
|
||||||
|
*/
|
||||||
|
async getDomainRecords(domainId: string, params?: { type?: string; subdomain?: string; value?: string }) {
|
||||||
|
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名记录列表:domainId=${domainId}`);
|
||||||
|
|
||||||
|
let path = `/domains/${domainId}/records?page=1&pageSize=100`;
|
||||||
|
if (params?.type) path += `&type=${encodeURIComponent(params.type)}`;
|
||||||
|
if (params?.subdomain) path += `&subdomain=${encodeURIComponent(params.subdomain)}`;
|
||||||
|
if (params?.value) path += `&value=${encodeURIComponent(params.value)}`;
|
||||||
|
|
||||||
|
const resp = await this.doRequest({
|
||||||
|
method: 'GET',
|
||||||
|
path,
|
||||||
|
});
|
||||||
|
|
||||||
|
return resp;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 创建 DNS 记录
|
||||||
|
*/
|
||||||
|
async createDnsRecord(domainId: string, name: string, value: string, type: string) {
|
||||||
|
this.ctx.logger.info(`[HiPM DNSMgr] 创建DNS记录:${name} ${type} ${value}`);
|
||||||
|
|
||||||
|
const resp = await this.doRequest({
|
||||||
|
method: 'POST',
|
||||||
|
path: `/domains/${domainId}/records`,
|
||||||
|
data: {
|
||||||
|
name,
|
||||||
|
type,
|
||||||
|
value,
|
||||||
|
ttl: 600,
|
||||||
|
line: '0',
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
return resp;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 删除 DNS 记录
|
||||||
|
*/
|
||||||
|
async deleteDnsRecord(domainId: string, recordId: string) {
|
||||||
|
this.ctx.logger.info(`[HiPM DNSMgr] 删除DNS记录:domainId=${domainId}, recordId=${recordId}`);
|
||||||
|
|
||||||
|
const resp = await this.doRequest({
|
||||||
|
method: 'DELETE',
|
||||||
|
path: `/domains/${domainId}/records/${recordId}`,
|
||||||
|
});
|
||||||
|
|
||||||
|
return resp;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 发送 HTTP 请求
|
||||||
|
*/
|
||||||
|
async doRequest(req: { method: string; path: string; data?: any; params?: any }) {
|
||||||
|
// 处理 URL
|
||||||
|
let baseUrl = this.endpoint.trim();
|
||||||
|
baseUrl = baseUrl.replace(/\/$/, '');
|
||||||
|
baseUrl = baseUrl.replace(/\/api$/, '');
|
||||||
|
|
||||||
|
let url = `${baseUrl}/api${req.path}`;
|
||||||
|
|
||||||
|
// 添加查询参数
|
||||||
|
if (req.params) {
|
||||||
|
const searchParams = new URLSearchParams();
|
||||||
|
for (const [key, value] of Object.entries(req.params)) {
|
||||||
|
if (value !== undefined && value !== null && value !== '') {
|
||||||
|
searchParams.append(key, String(value));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
const queryString = searchParams.toString();
|
||||||
|
if (queryString) {
|
||||||
|
url += `?${queryString}`;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
this.ctx.logger.debug(`[HiPM DNSMgr] 请求: ${req.method} ${url}`);
|
||||||
|
|
||||||
|
const res = await this.ctx.http.request({
|
||||||
|
url,
|
||||||
|
method: req.method,
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json',
|
||||||
|
'Authorization': `Bearer ${this.apiToken}`,
|
||||||
|
},
|
||||||
|
data: req.data,
|
||||||
|
});
|
||||||
|
|
||||||
|
this.ctx.logger.debug(`[HiPM DNSMgr] 响应:`, res);
|
||||||
|
|
||||||
|
// DNSMgr API 返回格式: { code: 0, data: ..., msg: ... }
|
||||||
|
if (res.code !== undefined && res.code !== 0) {
|
||||||
|
throw new Error(res.msg || '请求失败');
|
||||||
|
}
|
||||||
|
|
||||||
|
return res.data;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
export * from './hipmdnsmgr-access.js';
|
||||||
+77
@@ -0,0 +1,77 @@
|
|||||||
|
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||||
|
import { HipmDnsmgrAccess } from '../access/hipmdnsmgr-access.js';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* HiPM DNSMgr DNS Provider
|
||||||
|
* 用于 ACME DNS-01 挑战验证
|
||||||
|
*/
|
||||||
|
@IsDnsProvider({
|
||||||
|
name: 'hipmdnsmgr',
|
||||||
|
title: 'HiPM DNSMgr',
|
||||||
|
desc: 'HiPM DNSMgr DNS 解析提供商',
|
||||||
|
accessType: 'hipmdnsmgr',
|
||||||
|
icon: 'svg:icon-dns',
|
||||||
|
})
|
||||||
|
export class HipmDnsmgrDnsProvider extends AbstractDnsProvider<{ domainId: string; recordId: string; name: string; value: string }> {
|
||||||
|
access!: HipmDnsmgrAccess;
|
||||||
|
|
||||||
|
async onInstance() {
|
||||||
|
this.access = this.ctx.access as HipmDnsmgrAccess;
|
||||||
|
this.logger.debug('[HiPM DNSMgr] 初始化完成');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 创建 DNS 记录(用于 ACME DNS-01 验证)
|
||||||
|
*/
|
||||||
|
async createRecord(options: CreateRecordOptions): Promise<any> {
|
||||||
|
const { fullRecord, hostRecord, value, type, domain } = options;
|
||||||
|
this.logger.info('[HiPM DNSMgr] 添加域名解析:', fullRecord, value, type, domain);
|
||||||
|
|
||||||
|
// 1. 获取域名列表,找到对应的域名 ID
|
||||||
|
const domainList = await this.access.getDomainList();
|
||||||
|
const domainInfo = domainList.find((item: any) => item.domain === domain);
|
||||||
|
|
||||||
|
if (!domainInfo) {
|
||||||
|
throw new Error(`[HiPM DNSMgr] 未找到域名:${domain}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
const domainId = String(domainInfo.id);
|
||||||
|
this.logger.debug('[HiPM DNSMgr] 找到域名:', domain, 'ID:', domainId);
|
||||||
|
|
||||||
|
// 2. 创建 DNS 记录
|
||||||
|
const name = hostRecord; // 使用子域名,如 _acme-challenge
|
||||||
|
const res = await this.access.createDnsRecord(domainId, name, value, type);
|
||||||
|
|
||||||
|
this.logger.info('[HiPM DNSMgr] 添加域名解析成功:', JSON.stringify(options), res?.id);
|
||||||
|
|
||||||
|
// 返回记录信息,用于后续删除
|
||||||
|
return {
|
||||||
|
domainId,
|
||||||
|
recordId: res?.id,
|
||||||
|
name,
|
||||||
|
value,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 删除 DNS 记录(ACME 验证完成后清理)
|
||||||
|
*/
|
||||||
|
async removeRecord(options: RemoveRecordOptions<{ domainId: string; recordId: string; name: string; value: string }>): Promise<void> {
|
||||||
|
const { fullRecord, value } = options.recordReq;
|
||||||
|
const record = options.recordRes;
|
||||||
|
|
||||||
|
this.logger.info('[HiPM DNSMgr] 删除域名解析:', fullRecord, value, record);
|
||||||
|
|
||||||
|
if (record && record.domainId && record.recordId) {
|
||||||
|
try {
|
||||||
|
await this.access.deleteDnsRecord(record.domainId, record.recordId);
|
||||||
|
this.logger.info('[HiPM DNSMgr] 删除域名解析成功:', fullRecord, value);
|
||||||
|
} catch (e: any) {
|
||||||
|
// 记录可能已经被删除,忽略错误
|
||||||
|
this.logger.warn('[HiPM DNSMgr] 删除域名解析失败(可能已不存在):', e.message);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
this.logger.warn('[HiPM DNSMgr] 无法删除记录,缺少 domainId 或 recordId');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
export * from './hipmdnsmgr-dns-provider.js';
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
export * from './access/index.js';
|
||||||
|
export * from './dns-provider/index.js';
|
||||||
@@ -82,7 +82,7 @@ export class SshAccess extends BaseAccess {
|
|||||||
|
|
||||||
@AccessInput({
|
@AccessInput({
|
||||||
title: "伪终端",
|
title: "伪终端",
|
||||||
helper: "如果登录报错:all authentication methods failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
|
helper: "如果登录报错:all authentication methods failed / unable to exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
|
||||||
component: {
|
component: {
|
||||||
name: "a-switch",
|
name: "a-switch",
|
||||||
vModel: "checked",
|
vModel: "checked",
|
||||||
|
|||||||
@@ -208,7 +208,7 @@ export class AsyncSsh2Client {
|
|||||||
let hasErrorLog = false;
|
let hasErrorLog = false;
|
||||||
stream
|
stream
|
||||||
.on("close", (code: any, signal: any) => {
|
.on("close", (code: any, signal: any) => {
|
||||||
this.logger.info(`[${this.connConf.host}][close]:code:${code}`);
|
this.logger.info(`[${this.connConf.host}][close]:code=${code}`);
|
||||||
/**
|
/**
|
||||||
* ]pipeline 执行命令:[10.123.0.2][exec]:cd /d D:\nginx-1.27.5 && D:\nginx-1.27.5\nginx.exe -t && D:\nginx-1.27.5\nginx.exe -s reload
|
* ]pipeline 执行命令:[10.123.0.2][exec]:cd /d D:\nginx-1.27.5 && D:\nginx-1.27.5\nginx.exe -t && D:\nginx-1.27.5\nginx.exe -s reload
|
||||||
* [2025-07-09T10:24:11.219] [ERROR]pipeline - [10. 123.0. 2][error]: nginx: the configuration file D: \nginx-1.27. 5/conf/nginx. conf syntax is ok
|
* [2025-07-09T10:24:11.219] [ERROR]pipeline - [10. 123.0. 2][error]: nginx: the configuration file D: \nginx-1.27. 5/conf/nginx. conf syntax is ok
|
||||||
@@ -279,7 +279,7 @@ export class AsyncSsh2Client {
|
|||||||
}
|
}
|
||||||
stream
|
stream
|
||||||
.on("close", (code: any) => {
|
.on("close", (code: any) => {
|
||||||
this.logger.info("Stream :: close,code: " + code);
|
this.logger.info("Stream :: close,code = " + code);
|
||||||
resolve(output);
|
resolve(output);
|
||||||
})
|
})
|
||||||
.on("data", (ret: Buffer) => {
|
.on("data", (ret: Buffer) => {
|
||||||
|
|||||||
@@ -126,12 +126,12 @@ export class NextTerminalAccess extends BaseAccess {
|
|||||||
'Content-Type': 'application/json',
|
'Content-Type': 'application/json',
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const baseUrl = this.normalizeEndpoint(this.baseUrl);
|
||||||
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${this.baseUrl}${req.url}`);
|
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${baseUrl}${req.url}`);
|
||||||
|
|
||||||
const resp = await this.ctx.http.request({
|
const resp = await this.ctx.http.request({
|
||||||
url: req.url,
|
url: req.url,
|
||||||
baseURL: this.baseUrl,
|
baseURL: baseUrl,
|
||||||
method: req.method,
|
method: req.method,
|
||||||
headers,
|
headers,
|
||||||
params: req.params,
|
params: req.params,
|
||||||
|
|||||||
+348
@@ -0,0 +1,348 @@
|
|||||||
|
name: NginxProxyManagerDeploy
|
||||||
|
icon: logos:nginx
|
||||||
|
title: Nginx Proxy Manager-部署到主机
|
||||||
|
group: panel
|
||||||
|
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
|
||||||
|
setting: null
|
||||||
|
sysSetting: null
|
||||||
|
type: custom
|
||||||
|
disabled: false
|
||||||
|
version: 1.0.0
|
||||||
|
pluginType: deploy
|
||||||
|
author: samler
|
||||||
|
input:
|
||||||
|
cert:
|
||||||
|
title: 域名证书
|
||||||
|
helper: 请选择前置任务产出的证书。
|
||||||
|
component:
|
||||||
|
name: output-selector
|
||||||
|
from:
|
||||||
|
- ':cert:'
|
||||||
|
required: true
|
||||||
|
order: 0
|
||||||
|
certDomains:
|
||||||
|
title: 证书域名
|
||||||
|
component:
|
||||||
|
name: cert-domains-getter
|
||||||
|
mergeScript: |
|
||||||
|
return {
|
||||||
|
component: {
|
||||||
|
inputKey: ctx.compute(({ form }) => {
|
||||||
|
return form.cert;
|
||||||
|
}),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
required: false
|
||||||
|
order: 0
|
||||||
|
accessId:
|
||||||
|
title: NPM授权
|
||||||
|
component:
|
||||||
|
name: access-selector
|
||||||
|
type: samler/nginxProxyManager
|
||||||
|
helper: 选择用于部署的 Nginx Proxy Manager 授权。
|
||||||
|
required: true
|
||||||
|
order: 0
|
||||||
|
proxyHostIds:
|
||||||
|
title: 代理主机
|
||||||
|
component:
|
||||||
|
name: remote-select
|
||||||
|
vModel: value
|
||||||
|
mode: tags
|
||||||
|
type: plugin
|
||||||
|
action: onGetProxyHostOptions
|
||||||
|
search: true
|
||||||
|
pager: false
|
||||||
|
multi: true
|
||||||
|
watches:
|
||||||
|
- certDomains
|
||||||
|
- accessId
|
||||||
|
required: true
|
||||||
|
helper: 选择要绑定此证书的一个或多个代理主机。
|
||||||
|
mergeScript: |
|
||||||
|
return {
|
||||||
|
component: {
|
||||||
|
form: ctx.compute(({ form }) => {
|
||||||
|
return form;
|
||||||
|
}),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
order: 0
|
||||||
|
certificateLabel:
|
||||||
|
title: 证书标识
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: certd_npm_example_com
|
||||||
|
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>.
|
||||||
|
required: false
|
||||||
|
order: 0
|
||||||
|
cleanupMatchingCertificates:
|
||||||
|
title: 自动清理未使用证书
|
||||||
|
component:
|
||||||
|
name: a-switch
|
||||||
|
vModel: checked
|
||||||
|
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
|
||||||
|
required: false
|
||||||
|
order: 0
|
||||||
|
output: {}
|
||||||
|
default:
|
||||||
|
strategy:
|
||||||
|
runStrategy: 1
|
||||||
|
showRunStrategy: false
|
||||||
|
content: |
|
||||||
|
const { AbstractTaskPlugin } = await import("@certd/pipeline");
|
||||||
|
const { CertReader } = await import("@certd/plugin-cert");
|
||||||
|
|
||||||
|
function normalizeDomain(domain) {
|
||||||
|
return String(domain ?? "").trim().toLowerCase();
|
||||||
|
}
|
||||||
|
|
||||||
|
function wildcardMatches(pattern, candidate) {
|
||||||
|
if (!pattern.startsWith("*.")) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
const suffix = pattern.slice(1).toLowerCase();
|
||||||
|
return candidate.endsWith(suffix);
|
||||||
|
}
|
||||||
|
|
||||||
|
function isDomainMatch(left, right) {
|
||||||
|
const normalizedLeft = normalizeDomain(left);
|
||||||
|
const normalizedRight = normalizeDomain(right);
|
||||||
|
|
||||||
|
return (
|
||||||
|
normalizedLeft === normalizedRight ||
|
||||||
|
wildcardMatches(normalizedLeft, normalizedRight) ||
|
||||||
|
wildcardMatches(normalizedRight, normalizedLeft)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function normalizeDomainIdentity(domain) {
|
||||||
|
return normalizeDomain(domain).replace(/^\*\./, "");
|
||||||
|
}
|
||||||
|
|
||||||
|
function certificateHasBindings(certificate) {
|
||||||
|
return (
|
||||||
|
(certificate.proxy_hosts?.length ?? 0) > 0 ||
|
||||||
|
(certificate.redirection_hosts?.length ?? 0) > 0 ||
|
||||||
|
(certificate.dead_hosts?.length ?? 0) > 0 ||
|
||||||
|
(certificate.streams?.length ?? 0) > 0
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function sanitizeDomainSegment(value) {
|
||||||
|
const sanitized = String(value ?? "")
|
||||||
|
.trim()
|
||||||
|
.toLowerCase()
|
||||||
|
.replace(/[^a-z0-9]+/g, "_")
|
||||||
|
.replace(/^_+|_+$/g, "")
|
||||||
|
.replace(/_+/g, "_");
|
||||||
|
|
||||||
|
return sanitized || "unknown";
|
||||||
|
}
|
||||||
|
|
||||||
|
function buildDefaultCertificateLabel(cert) {
|
||||||
|
const mainDomain = CertReader.getMainDomain(cert.crt);
|
||||||
|
return `certd_npm_${sanitizeDomainSegment(mainDomain)}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
function normalizeStringList(input) {
|
||||||
|
if (Array.isArray(input)) {
|
||||||
|
return input;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (input == null || input === "") {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
|
||||||
|
return [input];
|
||||||
|
}
|
||||||
|
|
||||||
|
function resolveCertificateDomains(cert, configuredDomains) {
|
||||||
|
const configured = normalizeStringList(configuredDomains)
|
||||||
|
.map((value) => String(value).trim())
|
||||||
|
.filter(Boolean);
|
||||||
|
|
||||||
|
if (configured.length > 0) {
|
||||||
|
return Array.from(new Set(configured));
|
||||||
|
}
|
||||||
|
|
||||||
|
return new CertReader(cert).getAllDomains();
|
||||||
|
}
|
||||||
|
|
||||||
|
function buildProxyHostLabel(host) {
|
||||||
|
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
|
||||||
|
return `${domains} <#${host.id}>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
function hasAnyCertDomainMatch(host, certDomains) {
|
||||||
|
if (!certDomains.length) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
const hostDomains = host.domain_names ?? [];
|
||||||
|
return hostDomains.some((hostDomain) => certDomains.some((certDomain) => isDomainMatch(hostDomain, certDomain)));
|
||||||
|
}
|
||||||
|
|
||||||
|
function buildProxyHostOptions(hosts, certDomains) {
|
||||||
|
const sortedHosts = [...hosts].sort((left, right) => {
|
||||||
|
return buildProxyHostLabel(left).localeCompare(buildProxyHostLabel(right));
|
||||||
|
});
|
||||||
|
|
||||||
|
const matched = [];
|
||||||
|
const unmatched = [];
|
||||||
|
|
||||||
|
for (const host of sortedHosts) {
|
||||||
|
const option = {
|
||||||
|
label: buildProxyHostLabel(host),
|
||||||
|
value: String(host.id),
|
||||||
|
domain: host.domain_names?.[0] ?? "",
|
||||||
|
};
|
||||||
|
|
||||||
|
if (hasAnyCertDomainMatch(host, certDomains)) {
|
||||||
|
matched.push(option);
|
||||||
|
} else {
|
||||||
|
unmatched.push(option);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (matched.length && unmatched.length) {
|
||||||
|
return [
|
||||||
|
{
|
||||||
|
label: "匹配证书域名的主机",
|
||||||
|
options: matched,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
label: "其他代理主机",
|
||||||
|
options: unmatched,
|
||||||
|
},
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
return matched.length ? matched : unmatched;
|
||||||
|
}
|
||||||
|
|
||||||
|
function normalizeProxyHostIds(proxyHostIds) {
|
||||||
|
return Array.from(
|
||||||
|
new Set(
|
||||||
|
normalizeStringList(proxyHostIds)
|
||||||
|
.map((value) => Number.parseInt(String(value), 10))
|
||||||
|
.filter((value) => Number.isInteger(value) && value > 0),
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
return class NpmDeployToProxyHosts extends AbstractTaskPlugin {
|
||||||
|
cert;
|
||||||
|
certDomains;
|
||||||
|
accessId;
|
||||||
|
proxyHostIds;
|
||||||
|
certificateLabel;
|
||||||
|
cleanupMatchingCertificates = false;
|
||||||
|
|
||||||
|
async execute() {
|
||||||
|
const access = await this.getAccess(this.accessId);
|
||||||
|
const client = access.createClient();
|
||||||
|
const proxyHostIds = normalizeProxyHostIds(this.proxyHostIds);
|
||||||
|
|
||||||
|
if (proxyHostIds.length === 0) {
|
||||||
|
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
|
||||||
|
}
|
||||||
|
|
||||||
|
const certificateLabel = this.certificateLabel?.trim() || buildDefaultCertificateLabel(this.cert);
|
||||||
|
const certificateDomains = resolveCertificateDomains(this.cert, this.certDomains);
|
||||||
|
|
||||||
|
let certificate = await client.findCustomCertificateByNiceName(certificateLabel);
|
||||||
|
if (!certificate) {
|
||||||
|
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
|
||||||
|
certificate = await client.createCustomCertificate(certificateLabel, certificateDomains);
|
||||||
|
} else {
|
||||||
|
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
|
||||||
|
}
|
||||||
|
|
||||||
|
await client.uploadCertificate(certificate.id, {
|
||||||
|
certificate: this.cert.crt,
|
||||||
|
certificateKey: this.cert.key,
|
||||||
|
intermediateCertificate: this.cert.ic,
|
||||||
|
});
|
||||||
|
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
|
||||||
|
|
||||||
|
for (const proxyHostId of proxyHostIds) {
|
||||||
|
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
|
||||||
|
try {
|
||||||
|
await client.assignCertificateToProxyHost(proxyHostId, certificate.id);
|
||||||
|
} catch (error) {
|
||||||
|
const message = error instanceof Error ? error.message : String(error);
|
||||||
|
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.cleanupMatchingCertificates === true) {
|
||||||
|
await this.cleanupOldCertificates(client, certificate.id);
|
||||||
|
}
|
||||||
|
|
||||||
|
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
|
||||||
|
}
|
||||||
|
|
||||||
|
async onGetProxyHostOptions(req = {}) {
|
||||||
|
if (!this.accessId) {
|
||||||
|
throw new Error("请先选择 Nginx Proxy Manager 授权");
|
||||||
|
}
|
||||||
|
|
||||||
|
const access = await this.getAccess(this.accessId);
|
||||||
|
const proxyHosts = await access.getProxyHostList(req);
|
||||||
|
return buildProxyHostOptions(proxyHosts, normalizeStringList(this.certDomains));
|
||||||
|
}
|
||||||
|
|
||||||
|
async cleanupOldCertificates(client, currentCertificateId) {
|
||||||
|
const certificates = await client.getCertificatesWithExpand(undefined, [
|
||||||
|
"proxy_hosts",
|
||||||
|
"redirection_hosts",
|
||||||
|
"dead_hosts",
|
||||||
|
"streams",
|
||||||
|
]);
|
||||||
|
|
||||||
|
const candidates = certificates.filter((certificate) => {
|
||||||
|
return certificate.id !== currentCertificateId;
|
||||||
|
});
|
||||||
|
|
||||||
|
if (candidates.length === 0) {
|
||||||
|
this.logger.info("未发现可自动清理的旧证书");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const deletedIds = [];
|
||||||
|
const skippedInUse = [];
|
||||||
|
const failedDeletes = [];
|
||||||
|
|
||||||
|
for (const candidate of candidates) {
|
||||||
|
if (certificateHasBindings(candidate)) {
|
||||||
|
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
|
||||||
|
try {
|
||||||
|
await client.deleteCertificate(candidate.id);
|
||||||
|
deletedIds.push(candidate.id);
|
||||||
|
} catch (error) {
|
||||||
|
const message = error instanceof Error ? error.message : String(error);
|
||||||
|
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (deletedIds.length > 0) {
|
||||||
|
this.logger.info(`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds.map((id) => `#${id}`).join(", ")}`);
|
||||||
|
} else {
|
||||||
|
this.logger.info("未删除任何旧证书");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (skippedInUse.length > 0) {
|
||||||
|
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (failedDeletes.length > 0) {
|
||||||
|
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
@@ -0,0 +1,366 @@
|
|||||||
|
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
|
||||||
|
import FormData from "form-data";
|
||||||
|
import { authenticator } from "otplib";
|
||||||
|
|
||||||
|
export interface ProxyHost {
|
||||||
|
id: number;
|
||||||
|
domain_names?: string[];
|
||||||
|
certificate_id?: number;
|
||||||
|
proxy_hosts?: unknown[];
|
||||||
|
redirection_hosts?: unknown[];
|
||||||
|
dead_hosts?: unknown[];
|
||||||
|
streams?: unknown[];
|
||||||
|
}
|
||||||
|
|
||||||
|
export interface Certificate {
|
||||||
|
id: number;
|
||||||
|
nice_name: string;
|
||||||
|
provider: string;
|
||||||
|
domain_names?: string[];
|
||||||
|
proxy_hosts?: unknown[];
|
||||||
|
redirection_hosts?: unknown[];
|
||||||
|
dead_hosts?: unknown[];
|
||||||
|
streams?: unknown[];
|
||||||
|
}
|
||||||
|
|
||||||
|
interface TokenResponse {
|
||||||
|
token?: string;
|
||||||
|
requires_2fa?: boolean;
|
||||||
|
challenge_token?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
@IsAccess({
|
||||||
|
name: "nginxProxyManager",
|
||||||
|
title: "Nginx Proxy Manager 授权",
|
||||||
|
desc: "用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。",
|
||||||
|
icon: "logos:nginx",
|
||||||
|
})
|
||||||
|
export class NginxProxyManagerAccess extends BaseAccess {
|
||||||
|
@AccessInput({
|
||||||
|
title: "NPM 地址",
|
||||||
|
component: {
|
||||||
|
name: "a-input",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: "https://npm.example.com",
|
||||||
|
},
|
||||||
|
helper: "请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。",
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
endpoint = "";
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: "邮箱",
|
||||||
|
component: {
|
||||||
|
name: "a-input",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: "admin@example.com",
|
||||||
|
},
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
email = "";
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: "密码",
|
||||||
|
component: {
|
||||||
|
name: "a-input-password",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: "请输入密码",
|
||||||
|
},
|
||||||
|
required: true,
|
||||||
|
encrypt: true,
|
||||||
|
})
|
||||||
|
password = "";
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: "TOTP 密钥",
|
||||||
|
component: {
|
||||||
|
name: "a-input-password",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: "Optional base32 TOTP secret",
|
||||||
|
},
|
||||||
|
helper: "当 Nginx Proxy Manager 账号开启 2FA 时必填。",
|
||||||
|
required: false,
|
||||||
|
encrypt: true,
|
||||||
|
})
|
||||||
|
totpSecret = "";
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: "忽略无效 TLS",
|
||||||
|
component: {
|
||||||
|
name: "a-switch",
|
||||||
|
vModel: "checked",
|
||||||
|
},
|
||||||
|
helper: "仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。",
|
||||||
|
required: false,
|
||||||
|
})
|
||||||
|
ignoreTls = false;
|
||||||
|
|
||||||
|
@AccessInput({
|
||||||
|
title: "测试",
|
||||||
|
component: {
|
||||||
|
name: "api-test",
|
||||||
|
action: "onTestRequest",
|
||||||
|
},
|
||||||
|
helper: "测试登录并拉取代理主机列表。",
|
||||||
|
})
|
||||||
|
testRequest = true;
|
||||||
|
|
||||||
|
private token: string | undefined;
|
||||||
|
private tokenPromise: Promise<string> | undefined;
|
||||||
|
|
||||||
|
normalizeEndpoint(endpoint: string): string {
|
||||||
|
const trimmed = String(endpoint ?? "").trim();
|
||||||
|
if (!trimmed) {
|
||||||
|
throw new Error("Nginx Proxy Manager 地址不能为空");
|
||||||
|
}
|
||||||
|
|
||||||
|
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
|
||||||
|
return withoutTrailingSlash.endsWith("/api")
|
||||||
|
? withoutTrailingSlash.slice(0, -4)
|
||||||
|
: withoutTrailingSlash;
|
||||||
|
}
|
||||||
|
|
||||||
|
private describeError(error: unknown, action: string): Error {
|
||||||
|
if (error instanceof Error) {
|
||||||
|
return new Error(`${action} failed: ${error.message}`);
|
||||||
|
}
|
||||||
|
return new Error(`${action} failed`);
|
||||||
|
}
|
||||||
|
|
||||||
|
private get apiBaseUrl(): string {
|
||||||
|
const endpoint = this.normalizeEndpoint(this.endpoint);
|
||||||
|
return `${endpoint}/api`;
|
||||||
|
}
|
||||||
|
|
||||||
|
async verifyAccess(): Promise<{ proxyHostCount: number }> {
|
||||||
|
const proxyHosts = await this.getProxyHosts();
|
||||||
|
return {
|
||||||
|
proxyHostCount: proxyHosts.length,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
async getProxyHosts(searchQuery?: string): Promise<ProxyHost[]> {
|
||||||
|
return await this.requestWithAuth<ProxyHost[]>({
|
||||||
|
method: "GET",
|
||||||
|
url: "/nginx/proxy-hosts",
|
||||||
|
params: {
|
||||||
|
expand: "certificate",
|
||||||
|
...(searchQuery ? { query: searchQuery } : {}),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async getCertificates(searchQuery?: string): Promise<Certificate[]> {
|
||||||
|
return await this.requestWithAuth<Certificate[]>({
|
||||||
|
method: "GET",
|
||||||
|
url: "/nginx/certificates",
|
||||||
|
params: searchQuery ? { query: searchQuery } : undefined,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async getCertificatesWithExpand(
|
||||||
|
searchQuery?: string,
|
||||||
|
expand: string[] = []
|
||||||
|
): Promise<Certificate[]> {
|
||||||
|
return await this.requestWithAuth<Certificate[]>({
|
||||||
|
method: "GET",
|
||||||
|
url: "/nginx/certificates",
|
||||||
|
params: {
|
||||||
|
...(searchQuery ? { query: searchQuery } : {}),
|
||||||
|
...(expand.length > 0 ? { expand: expand.join(", ") } : {}),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async findCustomCertificateByNiceName(niceName: string): Promise<Certificate | undefined> {
|
||||||
|
const certificates = await this.getCertificates(niceName);
|
||||||
|
return certificates.find((certificate) => {
|
||||||
|
return certificate.provider === "other" && certificate.nice_name === niceName;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async createCustomCertificate(
|
||||||
|
niceName: string,
|
||||||
|
domainNames: string[] = []
|
||||||
|
): Promise<Certificate> {
|
||||||
|
return await this.requestWithAuth<Certificate>({
|
||||||
|
method: "POST",
|
||||||
|
url: "/nginx/certificates",
|
||||||
|
data: {
|
||||||
|
provider: "other",
|
||||||
|
nice_name: niceName,
|
||||||
|
domain_names: domainNames,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async deleteCertificate(certificateId: number): Promise<void> {
|
||||||
|
await this.requestWithAuth<void>({
|
||||||
|
method: "DELETE",
|
||||||
|
url: `/nginx/certificates/${certificateId}`,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async uploadCertificate(
|
||||||
|
certificateId: number,
|
||||||
|
payload: {
|
||||||
|
certificate: string;
|
||||||
|
certificateKey: string;
|
||||||
|
intermediateCertificate?: string;
|
||||||
|
}
|
||||||
|
): Promise<void> {
|
||||||
|
const form = new FormData();
|
||||||
|
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
|
||||||
|
filename: "fullchain.pem",
|
||||||
|
contentType: "application/x-pem-file",
|
||||||
|
});
|
||||||
|
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
|
||||||
|
filename: "privkey.pem",
|
||||||
|
contentType: "application/x-pem-file",
|
||||||
|
});
|
||||||
|
if (payload.intermediateCertificate) {
|
||||||
|
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
|
||||||
|
filename: "chain.pem",
|
||||||
|
contentType: "application/x-pem-file",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
await this.requestWithAuth<void>({
|
||||||
|
method: "POST",
|
||||||
|
url: `/nginx/certificates/${certificateId}/upload`,
|
||||||
|
data: form,
|
||||||
|
headers: form.getHeaders(),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async assignCertificateToProxyHost(hostId: number, certificateId: number): Promise<void> {
|
||||||
|
await this.requestWithAuth<void>({
|
||||||
|
method: "PUT",
|
||||||
|
url: `/nginx/proxy-hosts/${hostId}`,
|
||||||
|
data: {
|
||||||
|
certificate_id: certificateId,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
private async login(): Promise<string> {
|
||||||
|
if (this.token) {
|
||||||
|
return this.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!this.tokenPromise) {
|
||||||
|
this.tokenPromise = this.performLogin().finally(() => {
|
||||||
|
this.tokenPromise = undefined;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
this.token = await this.tokenPromise;
|
||||||
|
return this.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async performLogin(): Promise<string> {
|
||||||
|
const initialLogin = await this.request<TokenResponse>({
|
||||||
|
method: "POST",
|
||||||
|
url: "/tokens",
|
||||||
|
data: {
|
||||||
|
identity: this.email,
|
||||||
|
secret: this.password,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (initialLogin.token) {
|
||||||
|
return initialLogin.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
|
||||||
|
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!this.totpSecret) {
|
||||||
|
throw new Error(
|
||||||
|
"登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
let code: string;
|
||||||
|
try {
|
||||||
|
code = authenticator.generate(this.totpSecret);
|
||||||
|
} catch (error) {
|
||||||
|
throw this.describeError(error, "Generating TOTP code");
|
||||||
|
}
|
||||||
|
|
||||||
|
const completedLogin = await this.request<TokenResponse>({
|
||||||
|
method: "POST",
|
||||||
|
url: "/tokens/2fa",
|
||||||
|
data: {
|
||||||
|
challenge_token: initialLogin.challenge_token,
|
||||||
|
code,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!completedLogin.token) {
|
||||||
|
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||||
|
}
|
||||||
|
|
||||||
|
return completedLogin.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async requestWithAuth<T>(config: {
|
||||||
|
method: string;
|
||||||
|
url: string;
|
||||||
|
params?: Record<string, unknown>;
|
||||||
|
data?: unknown;
|
||||||
|
headers?: Record<string, string>;
|
||||||
|
}): Promise<T> {
|
||||||
|
const token = await this.login();
|
||||||
|
const headers = {
|
||||||
|
...(config.headers ?? {}),
|
||||||
|
Authorization: `Bearer ${token}`,
|
||||||
|
};
|
||||||
|
|
||||||
|
return await this.request<T>({
|
||||||
|
...config,
|
||||||
|
headers,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
private async request<T>(config: {
|
||||||
|
method: string;
|
||||||
|
url: string;
|
||||||
|
params?: Record<string, unknown>;
|
||||||
|
data?: unknown;
|
||||||
|
headers?: Record<string, string>;
|
||||||
|
}): Promise<T> {
|
||||||
|
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
|
||||||
|
try {
|
||||||
|
const response = await this.ctx.http.request({
|
||||||
|
url: `${this.apiBaseUrl}${config.url}`,
|
||||||
|
method: config.method,
|
||||||
|
params: config.params,
|
||||||
|
data: config.data,
|
||||||
|
headers: config.headers,
|
||||||
|
timeout: 30000,
|
||||||
|
httpsAgent: this.ignoreTls ? {
|
||||||
|
rejectUnauthorized: false
|
||||||
|
} : undefined,
|
||||||
|
});
|
||||||
|
return response;
|
||||||
|
} catch (error) {
|
||||||
|
throw this.describeError(error, action);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async onTestRequest(): Promise<string> {
|
||||||
|
const result = await this.verifyAccess();
|
||||||
|
this.ctx.logger.info(
|
||||||
|
`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`
|
||||||
|
);
|
||||||
|
return `成功(${result.proxyHostCount} 个代理主机)`;
|
||||||
|
}
|
||||||
|
|
||||||
|
async getProxyHostList(req: { searchKey?: string } = {}): Promise<ProxyHost[]> {
|
||||||
|
return await this.getProxyHosts(req.searchKey);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
new NginxProxyManagerAccess();
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
export * from "./plugins/index.js";
|
||||||
|
export * from "./access.js";
|
||||||
+344
@@ -0,0 +1,344 @@
|
|||||||
|
name: nginxProxyManager
|
||||||
|
icon: logos:nginx
|
||||||
|
title: Nginx Proxy Manager 授权
|
||||||
|
group: null
|
||||||
|
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
|
||||||
|
setting: null
|
||||||
|
sysSetting: null
|
||||||
|
type: custom
|
||||||
|
disabled: false
|
||||||
|
version: 1.0.0
|
||||||
|
pluginType: access
|
||||||
|
author: samler
|
||||||
|
input:
|
||||||
|
endpoint:
|
||||||
|
title: NPM 地址
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: https://npm.example.com
|
||||||
|
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
|
||||||
|
required: true
|
||||||
|
email:
|
||||||
|
title: 邮箱
|
||||||
|
component:
|
||||||
|
name: a-input
|
||||||
|
allowClear: true
|
||||||
|
placeholder: admin@example.com
|
||||||
|
required: true
|
||||||
|
password:
|
||||||
|
title: 密码
|
||||||
|
component:
|
||||||
|
name: a-input-password
|
||||||
|
allowClear: true
|
||||||
|
placeholder: 请输入密码
|
||||||
|
required: true
|
||||||
|
encrypt: true
|
||||||
|
totpSecret:
|
||||||
|
title: TOTP 密钥
|
||||||
|
component:
|
||||||
|
name: a-input-password
|
||||||
|
allowClear: true
|
||||||
|
placeholder: Optional base32 TOTP secret
|
||||||
|
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
|
||||||
|
required: false
|
||||||
|
encrypt: true
|
||||||
|
ignoreTls:
|
||||||
|
title: 忽略无效 TLS
|
||||||
|
component:
|
||||||
|
name: a-switch
|
||||||
|
vModel: checked
|
||||||
|
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
|
||||||
|
required: false
|
||||||
|
testRequest:
|
||||||
|
title: 测试
|
||||||
|
component:
|
||||||
|
name: api-test
|
||||||
|
action: TestRequest
|
||||||
|
helper: 测试登录并拉取代理主机列表。
|
||||||
|
content: |
|
||||||
|
const { BaseAccess } = await import("@certd/pipeline");
|
||||||
|
const httpsModule = await import("node:https");
|
||||||
|
const { URL } = await import("node:url");
|
||||||
|
const axiosModule = await import("axios");
|
||||||
|
const formDataModule = await import("form-data");
|
||||||
|
const { authenticator } = await import("otplib");
|
||||||
|
|
||||||
|
const https = httpsModule.default ?? httpsModule;
|
||||||
|
const axios = axiosModule.default ?? axiosModule;
|
||||||
|
const FormData = formDataModule.default ?? formDataModule;
|
||||||
|
|
||||||
|
function normalizeEndpoint(endpoint) {
|
||||||
|
const trimmed = String(endpoint ?? "").trim();
|
||||||
|
if (!trimmed) {
|
||||||
|
throw new Error("Nginx Proxy Manager 地址不能为空");
|
||||||
|
}
|
||||||
|
|
||||||
|
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
|
||||||
|
return withoutTrailingSlash.endsWith("/api")
|
||||||
|
? withoutTrailingSlash.slice(0, -4)
|
||||||
|
: withoutTrailingSlash;
|
||||||
|
}
|
||||||
|
|
||||||
|
function buildHttpsAgent(endpoint, ignoreTls) {
|
||||||
|
const url = new URL(endpoint);
|
||||||
|
if (url.protocol !== "https:") {
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
|
|
||||||
|
return new https.Agent({
|
||||||
|
rejectUnauthorized: !ignoreTls,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function describeError(error, action) {
|
||||||
|
if (axios.isAxiosError(error)) {
|
||||||
|
const status = error.response?.status;
|
||||||
|
const data = error.response?.data;
|
||||||
|
const message =
|
||||||
|
data?.error?.message ||
|
||||||
|
data?.error ||
|
||||||
|
data?.message ||
|
||||||
|
(typeof data === "string" ? data : null) ||
|
||||||
|
error.message;
|
||||||
|
return new Error(`${action} failed${status ? ` (${status})` : ""}: ${message}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (error instanceof Error) {
|
||||||
|
return new Error(`${action} failed: ${error.message}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new Error(`${action} failed`);
|
||||||
|
}
|
||||||
|
|
||||||
|
class NginxProxyManagerClient {
|
||||||
|
constructor(options) {
|
||||||
|
this.options = options;
|
||||||
|
this.endpoint = normalizeEndpoint(options.endpoint);
|
||||||
|
this.apiBaseUrl = `${this.endpoint}/api`;
|
||||||
|
this.token = undefined;
|
||||||
|
this.tokenPromise = undefined;
|
||||||
|
this.httpClient = axios.create({
|
||||||
|
baseURL: this.apiBaseUrl,
|
||||||
|
timeout: 30000,
|
||||||
|
maxBodyLength: Infinity,
|
||||||
|
maxContentLength: Infinity,
|
||||||
|
httpsAgent: buildHttpsAgent(this.endpoint, options.ignoreTls === true),
|
||||||
|
headers: {
|
||||||
|
Accept: "application/json",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async verifyAccess() {
|
||||||
|
const proxyHosts = await this.getProxyHosts();
|
||||||
|
return {
|
||||||
|
proxyHostCount: proxyHosts.length,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
async getProxyHosts(searchQuery) {
|
||||||
|
return await this.requestWithAuth({
|
||||||
|
method: "GET",
|
||||||
|
url: "/nginx/proxy-hosts",
|
||||||
|
params: {
|
||||||
|
expand: "certificate",
|
||||||
|
...(searchQuery ? { query: searchQuery } : {}),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async getCertificates(searchQuery) {
|
||||||
|
return await this.requestWithAuth({
|
||||||
|
method: "GET",
|
||||||
|
url: "/nginx/certificates",
|
||||||
|
params: searchQuery ? { query: searchQuery } : undefined,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async getCertificatesWithExpand(searchQuery, expand = []) {
|
||||||
|
return await this.requestWithAuth({
|
||||||
|
method: "GET",
|
||||||
|
url: "/nginx/certificates",
|
||||||
|
params: {
|
||||||
|
...(searchQuery ? { query: searchQuery } : {}),
|
||||||
|
...(expand.length > 0 ? { expand: expand.join(",") } : {}),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async findCustomCertificateByNiceName(niceName) {
|
||||||
|
const certificates = await this.getCertificates(niceName);
|
||||||
|
return certificates.find((certificate) => {
|
||||||
|
return certificate.provider === "other" && certificate.nice_name === niceName;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async createCustomCertificate(niceName, domainNames = []) {
|
||||||
|
return await this.requestWithAuth({
|
||||||
|
method: "POST",
|
||||||
|
url: "/nginx/certificates",
|
||||||
|
data: {
|
||||||
|
provider: "other",
|
||||||
|
nice_name: niceName,
|
||||||
|
domain_names: domainNames,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async deleteCertificate(certificateId) {
|
||||||
|
await this.requestWithAuth({
|
||||||
|
method: "DELETE",
|
||||||
|
url: `/nginx/certificates/${certificateId}`,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async uploadCertificate(certificateId, payload) {
|
||||||
|
const form = new FormData();
|
||||||
|
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
|
||||||
|
filename: "fullchain.pem",
|
||||||
|
contentType: "application/x-pem-file",
|
||||||
|
});
|
||||||
|
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
|
||||||
|
filename: "privkey.pem",
|
||||||
|
contentType: "application/x-pem-file",
|
||||||
|
});
|
||||||
|
if (payload.intermediateCertificate) {
|
||||||
|
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
|
||||||
|
filename: "chain.pem",
|
||||||
|
contentType: "application/x-pem-file",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
await this.requestWithAuth({
|
||||||
|
method: "POST",
|
||||||
|
url: `/nginx/certificates/${certificateId}/upload`,
|
||||||
|
data: form,
|
||||||
|
headers: form.getHeaders(),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async assignCertificateToProxyHost(hostId, certificateId) {
|
||||||
|
await this.requestWithAuth({
|
||||||
|
method: "PUT",
|
||||||
|
url: `/nginx/proxy-hosts/${hostId}`,
|
||||||
|
data: {
|
||||||
|
certificate_id: certificateId,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async login() {
|
||||||
|
if (this.token) {
|
||||||
|
return this.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!this.tokenPromise) {
|
||||||
|
this.tokenPromise = this.performLogin().finally(() => {
|
||||||
|
this.tokenPromise = undefined;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
this.token = await this.tokenPromise;
|
||||||
|
return this.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
async performLogin() {
|
||||||
|
const initialLogin = await this.request({
|
||||||
|
method: "POST",
|
||||||
|
url: "/tokens",
|
||||||
|
data: {
|
||||||
|
identity: this.options.email,
|
||||||
|
secret: this.options.password,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (initialLogin.token) {
|
||||||
|
return initialLogin.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
|
||||||
|
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!this.options.totpSecret) {
|
||||||
|
throw new Error("登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret");
|
||||||
|
}
|
||||||
|
|
||||||
|
let code;
|
||||||
|
try {
|
||||||
|
code = authenticator.generate(this.options.totpSecret);
|
||||||
|
} catch (error) {
|
||||||
|
throw describeError(error, "Generating TOTP code");
|
||||||
|
}
|
||||||
|
|
||||||
|
const completedLogin = await this.request({
|
||||||
|
method: "POST",
|
||||||
|
url: "/tokens/2fa",
|
||||||
|
data: {
|
||||||
|
challenge_token: initialLogin.challenge_token,
|
||||||
|
code,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!completedLogin.token) {
|
||||||
|
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||||
|
}
|
||||||
|
|
||||||
|
return completedLogin.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
async requestWithAuth(config) {
|
||||||
|
const token = await this.login();
|
||||||
|
const headers = {
|
||||||
|
...(config.headers ?? {}),
|
||||||
|
Authorization: `Bearer ${token}`,
|
||||||
|
};
|
||||||
|
|
||||||
|
return await this.request({
|
||||||
|
...config,
|
||||||
|
headers,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async request(config) {
|
||||||
|
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
|
||||||
|
try {
|
||||||
|
const response = await this.httpClient.request(config);
|
||||||
|
return response.data;
|
||||||
|
} catch (error) {
|
||||||
|
throw describeError(error, action);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return class NginxProxyManagerAccess extends BaseAccess {
|
||||||
|
endpoint = "";
|
||||||
|
email = "";
|
||||||
|
password = "";
|
||||||
|
totpSecret = "";
|
||||||
|
ignoreTls = false;
|
||||||
|
testRequest = true;
|
||||||
|
|
||||||
|
createClient() {
|
||||||
|
return new NginxProxyManagerClient({
|
||||||
|
endpoint: this.endpoint,
|
||||||
|
email: this.email,
|
||||||
|
password: this.password,
|
||||||
|
totpSecret: this.totpSecret || undefined,
|
||||||
|
ignoreTls: this.ignoreTls === true,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async onTestRequest() {
|
||||||
|
const client = this.createClient();
|
||||||
|
const result = await client.verifyAccess();
|
||||||
|
this.ctx.logger.info(`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`);
|
||||||
|
return `成功(${result.proxyHostCount} 个代理主机)`;
|
||||||
|
}
|
||||||
|
|
||||||
|
async getProxyHostList(req = {}) {
|
||||||
|
const client = this.createClient();
|
||||||
|
return await client.getProxyHosts(req.searchKey);
|
||||||
|
}
|
||||||
|
};
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
export * from "./plugin-deploy-to-proxy-hosts.js";
|
||||||
+343
@@ -0,0 +1,343 @@
|
|||||||
|
import {
|
||||||
|
AbstractTaskPlugin,
|
||||||
|
IsTaskPlugin,
|
||||||
|
pluginGroups,
|
||||||
|
RunStrategy,
|
||||||
|
TaskInput,
|
||||||
|
} from "@certd/pipeline";
|
||||||
|
import { CertInfo, CertReader, createCertDomainGetterInputDefine } from "@certd/plugin-cert";
|
||||||
|
import { NginxProxyManagerAccess, ProxyHost } from "../access.js";
|
||||||
|
|
||||||
|
interface ProxyHostOption {
|
||||||
|
label: string;
|
||||||
|
value: string;
|
||||||
|
domain: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
@IsTaskPlugin({
|
||||||
|
name: "NginxProxyManagerDeploy",
|
||||||
|
title: "Nginx Proxy Manager-部署到主机",
|
||||||
|
desc: "上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。",
|
||||||
|
icon: "logos:nginx",
|
||||||
|
group: pluginGroups.panel.key,
|
||||||
|
default: {
|
||||||
|
strategy: {
|
||||||
|
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
|
||||||
|
@TaskInput({
|
||||||
|
title: "域名证书",
|
||||||
|
helper: "请选择前置任务产出的证书。",
|
||||||
|
component: {
|
||||||
|
name: "output-selector",
|
||||||
|
from: [":cert:"],
|
||||||
|
},
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
cert!: CertInfo;
|
||||||
|
|
||||||
|
@TaskInput(createCertDomainGetterInputDefine())
|
||||||
|
certDomains!: string[];
|
||||||
|
|
||||||
|
@TaskInput({
|
||||||
|
title: "NPM授权",
|
||||||
|
component: {
|
||||||
|
name: "access-selector",
|
||||||
|
type: "nginxProxyManager",
|
||||||
|
},
|
||||||
|
helper: "选择用于部署的 Nginx Proxy Manager 授权。",
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
accessId!: string;
|
||||||
|
|
||||||
|
@TaskInput({
|
||||||
|
title: "代理主机",
|
||||||
|
component: {
|
||||||
|
name: "remote-select",
|
||||||
|
vModel: "value",
|
||||||
|
mode: "tags",
|
||||||
|
type: "plugin",
|
||||||
|
action: "onGetProxyHostOptions",
|
||||||
|
search: true,
|
||||||
|
pager: false,
|
||||||
|
multi: true,
|
||||||
|
watches: ["certDomains", "accessId"],
|
||||||
|
},
|
||||||
|
helper: "选择要绑定此证书的一个或多个代理主机。",
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
proxyHostIds!: string | string[];
|
||||||
|
|
||||||
|
@TaskInput({
|
||||||
|
title: "证书标识",
|
||||||
|
component: {
|
||||||
|
name: "a-input",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: "certd_npm_example_com",
|
||||||
|
},
|
||||||
|
helper: "可选。留空时默认使用 certd_npm_<主域名规范化>。",
|
||||||
|
required: false,
|
||||||
|
})
|
||||||
|
certificateLabel?: string;
|
||||||
|
|
||||||
|
@TaskInput({
|
||||||
|
title: "自动清理未使用证书",
|
||||||
|
component: {
|
||||||
|
name: "a-switch",
|
||||||
|
vModel: "checked",
|
||||||
|
},
|
||||||
|
helper: "部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。",
|
||||||
|
required: false,
|
||||||
|
})
|
||||||
|
cleanupMatchingCertificates = false;
|
||||||
|
|
||||||
|
private normalizeDomain(domain: string): string {
|
||||||
|
return String(domain ?? "").trim().toLowerCase();
|
||||||
|
}
|
||||||
|
|
||||||
|
private wildcardMatches(pattern: string, candidate: string): boolean {
|
||||||
|
if (!pattern.startsWith("*.")) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
const suffix = pattern.slice(1).toLowerCase();
|
||||||
|
return candidate.endsWith(suffix);
|
||||||
|
}
|
||||||
|
|
||||||
|
private isDomainMatch(left: string, right: string): boolean {
|
||||||
|
const normalizedLeft = this.normalizeDomain(left);
|
||||||
|
const normalizedRight = this.normalizeDomain(right);
|
||||||
|
|
||||||
|
return (
|
||||||
|
normalizedLeft === normalizedRight ||
|
||||||
|
this.wildcardMatches(normalizedLeft, normalizedRight) ||
|
||||||
|
this.wildcardMatches(normalizedRight, normalizedLeft)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
private sanitizeDomainSegment(value: string): string {
|
||||||
|
const sanitized = String(value ?? "")
|
||||||
|
.trim()
|
||||||
|
.toLowerCase()
|
||||||
|
.replace(/[^a-z0-9]+/g, "_")
|
||||||
|
.replace(/^_+|_+$/g, "")
|
||||||
|
.replace(/_+/g, "_");
|
||||||
|
|
||||||
|
return sanitized || "unknown";
|
||||||
|
}
|
||||||
|
|
||||||
|
private buildDefaultCertificateLabel(cert: CertInfo): string {
|
||||||
|
const mainDomain = CertReader.getMainDomain(cert.crt);
|
||||||
|
return `certd_npm_${this.sanitizeDomainSegment(mainDomain)}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
private normalizeStringList(input: string | string[] | null | undefined): string[] {
|
||||||
|
if (Array.isArray(input)) {
|
||||||
|
return input;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (input == null || input === "") {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
|
||||||
|
return [input];
|
||||||
|
}
|
||||||
|
|
||||||
|
private resolveCertificateDomains(cert: CertInfo, configuredDomains: string | string[] | null | undefined): string[] {
|
||||||
|
const configured = this.normalizeStringList(configuredDomains)
|
||||||
|
.map((value) => String(value).trim())
|
||||||
|
.filter(Boolean);
|
||||||
|
|
||||||
|
if (configured.length > 0) {
|
||||||
|
return Array.from(new Set(configured));
|
||||||
|
}
|
||||||
|
|
||||||
|
return new CertReader(cert).getAllDomains();
|
||||||
|
}
|
||||||
|
|
||||||
|
private buildProxyHostLabel(host: ProxyHost): string {
|
||||||
|
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
|
||||||
|
return `${domains} <#${host.id}>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
private hasAnyCertDomainMatch(host: ProxyHost, certDomains: string[]): boolean {
|
||||||
|
if (!certDomains.length) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
const hostDomains = host.domain_names ?? [];
|
||||||
|
return hostDomains.some((hostDomain) =>
|
||||||
|
certDomains.some((certDomain) => this.isDomainMatch(hostDomain, certDomain))
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
private buildProxyHostOptions(hosts: ProxyHost[], certDomains: string[]) {
|
||||||
|
const sortedHosts = [...hosts].sort((left, right) => {
|
||||||
|
return this.buildProxyHostLabel(left).localeCompare(this.buildProxyHostLabel(right));
|
||||||
|
});
|
||||||
|
|
||||||
|
const matched: { label: string; value: string; domain: string }[] = [];
|
||||||
|
const unmatched: { label: string; value: string; domain: string }[] = [];
|
||||||
|
|
||||||
|
for (const host of sortedHosts) {
|
||||||
|
const option = {
|
||||||
|
label: this.buildProxyHostLabel(host),
|
||||||
|
value: String(host.id),
|
||||||
|
domain: host.domain_names?.[0] ?? "",
|
||||||
|
};
|
||||||
|
|
||||||
|
if (this.hasAnyCertDomainMatch(host, certDomains)) {
|
||||||
|
matched.push(option);
|
||||||
|
} else {
|
||||||
|
unmatched.push(option);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (matched.length && unmatched.length) {
|
||||||
|
return [
|
||||||
|
{
|
||||||
|
label: "匹配证书域名的主机",
|
||||||
|
options: matched,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
label: "其他代理主机",
|
||||||
|
options: unmatched,
|
||||||
|
},
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
return matched.length ? matched : unmatched;
|
||||||
|
}
|
||||||
|
|
||||||
|
private normalizeProxyHostIds(proxyHostIds: string | string[] | number | null | undefined): number[] {
|
||||||
|
return Array.from(
|
||||||
|
new Set(
|
||||||
|
this.normalizeStringList(proxyHostIds as string | string[] | null | undefined)
|
||||||
|
.map((value) => Number.parseInt(String(value), 10))
|
||||||
|
.filter((value) => Number.isInteger(value) && value > 0)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
private certificateHasBindings(certificate: { proxy_hosts?: unknown[]; redirection_hosts?: unknown[]; dead_hosts?: unknown[]; streams?: unknown[] }): boolean {
|
||||||
|
return (
|
||||||
|
(certificate.proxy_hosts?.length ?? 0) > 0 ||
|
||||||
|
(certificate.redirection_hosts?.length ?? 0) > 0 ||
|
||||||
|
(certificate.dead_hosts?.length ?? 0) > 0 ||
|
||||||
|
(certificate.streams?.length ?? 0) > 0
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
async execute(): Promise<void> {
|
||||||
|
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
|
||||||
|
const proxyHostIds = this.normalizeProxyHostIds(this.proxyHostIds);
|
||||||
|
|
||||||
|
if (proxyHostIds.length === 0) {
|
||||||
|
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
|
||||||
|
}
|
||||||
|
|
||||||
|
const certificateLabel =
|
||||||
|
this.certificateLabel?.trim() || this.buildDefaultCertificateLabel(this.cert);
|
||||||
|
const certificateDomains = this.resolveCertificateDomains(this.cert, this.certDomains);
|
||||||
|
|
||||||
|
let certificate = await access.findCustomCertificateByNiceName(certificateLabel);
|
||||||
|
if (!certificate) {
|
||||||
|
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
|
||||||
|
certificate = await access.createCustomCertificate(certificateLabel, certificateDomains);
|
||||||
|
} else {
|
||||||
|
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
|
||||||
|
}
|
||||||
|
|
||||||
|
await access.uploadCertificate(certificate.id, {
|
||||||
|
certificate: this.cert.crt,
|
||||||
|
certificateKey: this.cert.key,
|
||||||
|
intermediateCertificate: this.cert.ic,
|
||||||
|
});
|
||||||
|
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
|
||||||
|
|
||||||
|
for (const proxyHostId of proxyHostIds) {
|
||||||
|
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
|
||||||
|
try {
|
||||||
|
await access.assignCertificateToProxyHost(proxyHostId, certificate.id);
|
||||||
|
} catch (error) {
|
||||||
|
const message = error instanceof Error ? error.message : String(error);
|
||||||
|
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.cleanupMatchingCertificates === true) {
|
||||||
|
await this.cleanupOldCertificates(access, certificate.id);
|
||||||
|
}
|
||||||
|
|
||||||
|
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
|
||||||
|
}
|
||||||
|
|
||||||
|
async onGetProxyHostOptions(req: { searchKey?: string } = {}): Promise<ProxyHostOption[] | { label: string; options: ProxyHostOption[] }[]> {
|
||||||
|
if (!this.accessId) {
|
||||||
|
throw new Error("请先选择 Nginx Proxy Manager 授权");
|
||||||
|
}
|
||||||
|
|
||||||
|
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
|
||||||
|
const proxyHosts = await access.getProxyHostList(req);
|
||||||
|
return this.buildProxyHostOptions(proxyHosts, this.normalizeStringList(this.certDomains));
|
||||||
|
}
|
||||||
|
|
||||||
|
private async cleanupOldCertificates(access: NginxProxyManagerAccess, currentCertificateId: number): Promise<void> {
|
||||||
|
const certificates = await access.getCertificatesWithExpand(undefined, [
|
||||||
|
"proxy_hosts",
|
||||||
|
"redirection_hosts",
|
||||||
|
"dead_hosts",
|
||||||
|
"streams",
|
||||||
|
]);
|
||||||
|
const candidates = certificates.filter((certificate) => {
|
||||||
|
return certificate.id !== currentCertificateId;
|
||||||
|
});
|
||||||
|
|
||||||
|
if (candidates.length === 0) {
|
||||||
|
this.logger.info("未发现可自动清理的旧证书");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const deletedIds: number[] = [];
|
||||||
|
const skippedInUse: string[] = [];
|
||||||
|
const failedDeletes: string[] = [];
|
||||||
|
|
||||||
|
for (const candidate of candidates) {
|
||||||
|
if (this.certificateHasBindings(candidate)) {
|
||||||
|
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
|
||||||
|
try {
|
||||||
|
await access.deleteCertificate(candidate.id);
|
||||||
|
deletedIds.push(candidate.id);
|
||||||
|
} catch (error) {
|
||||||
|
const message = error instanceof Error ? error.message : String(error);
|
||||||
|
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (deletedIds.length > 0) {
|
||||||
|
this.logger.info(
|
||||||
|
`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds
|
||||||
|
.map((id) => `#${id}`)
|
||||||
|
.join(", ")}`
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
this.logger.info("未删除任何旧证书");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (skippedInUse.length > 0) {
|
||||||
|
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (failedDeletes.length > 0) {
|
||||||
|
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
new NginxProxyManagerDeploy();
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,182 @@
|
|||||||
|
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
|
||||||
|
import { DomainRecord } from '@certd/plugin-lib';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Technitium DNS Server 授权配置
|
||||||
|
*/
|
||||||
|
@IsAccess({
|
||||||
|
name: 'technitium',
|
||||||
|
title: 'Technitium DNS Server',
|
||||||
|
icon: 'clarity:server-line',
|
||||||
|
desc: 'Technitium DNS Server 自建DNS服务器授权',
|
||||||
|
})
|
||||||
|
export class TechnitiumAccess extends BaseAccess {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* API地址
|
||||||
|
*/
|
||||||
|
@AccessInput({
|
||||||
|
title: 'API地址',
|
||||||
|
value: 'http://localhost:5380',
|
||||||
|
component: {
|
||||||
|
name: "a-input",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: 'http://localhost:5380',
|
||||||
|
},
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
apiUrl = 'http://localhost:5380';
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 用户名
|
||||||
|
*/
|
||||||
|
@AccessInput({
|
||||||
|
title: '用户名',
|
||||||
|
component: {
|
||||||
|
name: "a-input",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: 'admin',
|
||||||
|
},
|
||||||
|
required: false,
|
||||||
|
})
|
||||||
|
username = 'admin';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 密码
|
||||||
|
*/
|
||||||
|
@AccessInput({
|
||||||
|
title: '密码',
|
||||||
|
component: {
|
||||||
|
name: "a-input",
|
||||||
|
type: "password",
|
||||||
|
allowClear: true,
|
||||||
|
placeholder: '密码',
|
||||||
|
},
|
||||||
|
required: false,
|
||||||
|
encrypt: true,
|
||||||
|
})
|
||||||
|
password = '';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 测试按钮
|
||||||
|
*/
|
||||||
|
@AccessInput({
|
||||||
|
title: "测试",
|
||||||
|
component: {
|
||||||
|
name: "api-test",
|
||||||
|
action: "TestRequest"
|
||||||
|
},
|
||||||
|
helper: "点击测试接口是否正常"
|
||||||
|
})
|
||||||
|
testRequest = true;
|
||||||
|
|
||||||
|
token = '';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 通用API调用方法
|
||||||
|
*/
|
||||||
|
async doRequest(options: { url: string; method: 'get' | 'post'; params?: URLSearchParams }) {
|
||||||
|
// 每次请求前都获取最新的token
|
||||||
|
if (!options.url.includes('/api/user/login')) {
|
||||||
|
await this.getToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
// 复制参数并添加token
|
||||||
|
const params = new URLSearchParams(options.params || '');
|
||||||
|
if (this.token && !options.url.includes('/api/user/login')) {
|
||||||
|
params.append('token', this.token);
|
||||||
|
}
|
||||||
|
|
||||||
|
let fullUrl = options.url;
|
||||||
|
if (params.toString()) {
|
||||||
|
fullUrl = `${options.url}?${params.toString()}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
const response = await this.ctx.http.request({
|
||||||
|
url: fullUrl,
|
||||||
|
method: options.method,
|
||||||
|
});
|
||||||
|
|
||||||
|
if (response.status !== 'ok') {
|
||||||
|
throw new Error(`${response.errorMessage || 'API调用失败'}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 测试API连接
|
||||||
|
*/
|
||||||
|
async onTestRequest() {
|
||||||
|
// 测试获取区域列表
|
||||||
|
await this.GetDomainList({});
|
||||||
|
return "连接成功";
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获取域名列表
|
||||||
|
*/
|
||||||
|
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||||
|
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
|
||||||
|
const pager = new Pager(req);
|
||||||
|
|
||||||
|
// 规范API地址
|
||||||
|
this.apiUrl = this.normalizeEndpoint(this.apiUrl);
|
||||||
|
|
||||||
|
// 构建API URL
|
||||||
|
const apiUrl = `${this.apiUrl}/api/zones/list`;
|
||||||
|
|
||||||
|
// 构建查询参数
|
||||||
|
const params = new URLSearchParams();
|
||||||
|
|
||||||
|
// 调用API获取区域列表
|
||||||
|
const response = await this.doRequest({ url: apiUrl, method: 'get', params: params });
|
||||||
|
|
||||||
|
const zones = response.response.zones || [];
|
||||||
|
const total = zones.length;
|
||||||
|
|
||||||
|
// 转换为DomainRecord格式
|
||||||
|
let list = zones.map((zone: any) => ({
|
||||||
|
id: zone.name,
|
||||||
|
domain: zone.name,
|
||||||
|
}));
|
||||||
|
|
||||||
|
// 应用分页
|
||||||
|
list = list.slice(pager.getOffset(), pager.getOffset() + pager.pageSize);
|
||||||
|
|
||||||
|
return {
|
||||||
|
total,
|
||||||
|
list
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获取API Token
|
||||||
|
*/
|
||||||
|
async getToken() {
|
||||||
|
const apiUrl = `${this.apiUrl}/api/user/login`;
|
||||||
|
|
||||||
|
const params = new URLSearchParams({
|
||||||
|
user: this.username,
|
||||||
|
pass: this.password,
|
||||||
|
});
|
||||||
|
|
||||||
|
// 直接使用ctx.http.request,避免递归调用doRequest
|
||||||
|
const response = await this.ctx.http.request({
|
||||||
|
url: `${apiUrl}?${params.toString()}`,
|
||||||
|
method: 'post',
|
||||||
|
});
|
||||||
|
|
||||||
|
if (response.status !== 'ok') {
|
||||||
|
throw new Error(`登录失败: ${response.errorMessage || '未知错误'}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
this.token = response.token;
|
||||||
|
return this.token;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@@ -0,0 +1,97 @@
|
|||||||
|
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||||
|
|
||||||
|
import { TechnitiumAccess } from "./access.js"
|
||||||
|
|
||||||
|
type TechnitiumRecord = {
|
||||||
|
// 记录创建时返回的数据结构
|
||||||
|
zone: {
|
||||||
|
name: string;
|
||||||
|
type: string;
|
||||||
|
internal: boolean;
|
||||||
|
dnssecStatus: string;
|
||||||
|
disabled: boolean;
|
||||||
|
};
|
||||||
|
addedRecord: {
|
||||||
|
disabled: boolean;
|
||||||
|
name: string;
|
||||||
|
type: string;
|
||||||
|
ttl: number;
|
||||||
|
rData: {
|
||||||
|
text: string;
|
||||||
|
};
|
||||||
|
dnssecStatus: string;
|
||||||
|
lastUsedOn: string;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
// 注册Technitium DNS Server的DNS提供商
|
||||||
|
@IsDnsProvider({
|
||||||
|
name: 'technitium',
|
||||||
|
title: 'Technitium DNS Server',
|
||||||
|
desc: 'Technitium DNS Server 自建DNS服务器',
|
||||||
|
icon: 'clarity:server-line',
|
||||||
|
accessType: 'technitium',
|
||||||
|
order: 10,
|
||||||
|
})
|
||||||
|
export class TechnitiumDnsProvider extends AbstractDnsProvider<TechnitiumRecord> {
|
||||||
|
access!: TechnitiumAccess;
|
||||||
|
|
||||||
|
async onInstance() {
|
||||||
|
this.access = this.ctx.access as TechnitiumAccess;
|
||||||
|
this.logger.debug('access', this.access);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 创建DNS解析记录,用于验证域名所有权
|
||||||
|
*/
|
||||||
|
async createRecord(options: CreateRecordOptions): Promise<TechnitiumRecord> {
|
||||||
|
const { fullRecord, value, type, domain } = options;
|
||||||
|
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
|
||||||
|
|
||||||
|
// 构建API URL
|
||||||
|
const apiUrl = `${this.access.apiUrl}/api/zones/records/add`;
|
||||||
|
|
||||||
|
// 构建查询参数
|
||||||
|
const params = new URLSearchParams({
|
||||||
|
zone: domain,
|
||||||
|
domain: fullRecord,
|
||||||
|
type: type,
|
||||||
|
text: value,
|
||||||
|
ttl: "60",
|
||||||
|
});
|
||||||
|
|
||||||
|
// 调用Technitium API创建TXT记录
|
||||||
|
const response = await this.access.doRequest({ url: apiUrl, method: 'post', params: params });
|
||||||
|
|
||||||
|
this.logger.info('创建域名解析成功:', fullRecord, value);
|
||||||
|
return response as TechnitiumRecord;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 删除DNS解析记录,清理申请痕迹
|
||||||
|
*/
|
||||||
|
async removeRecord(options: RemoveRecordOptions<TechnitiumRecord>): Promise<void> {
|
||||||
|
const { fullRecord, value, domain } = options.recordReq;
|
||||||
|
const record = options.recordRes;
|
||||||
|
this.logger.info('删除域名解析:', domain, fullRecord, value, record);
|
||||||
|
|
||||||
|
// 构建API URL
|
||||||
|
const apiUrl = `${this.access.apiUrl}/api/zones/records/delete`;
|
||||||
|
|
||||||
|
// 构建查询参数
|
||||||
|
const params = new URLSearchParams({
|
||||||
|
zone: domain,
|
||||||
|
domain: fullRecord,
|
||||||
|
type: 'TXT',
|
||||||
|
text: value,
|
||||||
|
});
|
||||||
|
|
||||||
|
// 调用Technitium API删除TXT记录
|
||||||
|
await this.access.doRequest({ url: apiUrl, method: 'post', params: params });
|
||||||
|
|
||||||
|
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// 实例化这个provider,将其自动注册到系统中
|
||||||
|
new TechnitiumDnsProvider();
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
export * from './dns-provider.js';
|
||||||
|
export * from './access.js';
|
||||||
@@ -1 +1 @@
|
|||||||
01:26
|
23:47
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
01:53
|
00:29
|
||||||
|
|||||||
Reference in New Issue
Block a user