mirror of
https://github.com/certd/certd.git
synced 2026-07-06 12:07:32 +08:00
Compare commits
21 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 11b7cfe5cb | |||
| 71cfcad2a1 | |||
| ab4373b26e | |||
| d23ddc96ac | |||
| 147708e779 | |||
| dc969dd7ed | |||
| ef7d1d9327 | |||
| 2e6e9ed925 | |||
| 296dcab4c7 | |||
| f9e1c46c45 | |||
| 94fd5bd7ec | |||
| eb6ca96e85 | |||
| a2bbc7e272 | |||
| f075a991f0 | |||
| edeb817c39 | |||
| 23b4658672 | |||
| 5f95ee987f | |||
| cc73f156a7 | |||
| ee72d10718 | |||
| 831871d37f | |||
| 6072550ec1 |
@@ -145,6 +145,20 @@ async doRequest(req: { action: string, data?: any }) {
|
||||
utils: typeof utils;
|
||||
accessService: IAccessService;
|
||||
}
|
||||
|
||||
// this.ctx.http 只有request方法
|
||||
// 方法参数
|
||||
export type HttpRequestConfig<D = any> = {
|
||||
skipSslVerify?: boolean;
|
||||
skipCheckRes?: boolean;
|
||||
logParams?: boolean;
|
||||
logRes?: boolean;
|
||||
logData?: boolean;
|
||||
httpProxy?: string;
|
||||
returnOriginRes?: boolean;
|
||||
} & AxiosRequestConfig<D>;
|
||||
|
||||
|
||||
*/
|
||||
const res = await this.ctx.http.request({
|
||||
url: "https://api.demo.cn/api/",
|
||||
|
||||
@@ -105,6 +105,28 @@ async removeRecord(options: RemoveRecordOptions<DemoRecord>): Promise<void> {
|
||||
}
|
||||
```
|
||||
|
||||
### 6. 实现 getDomainListPage 方法
|
||||
```typescript
|
||||
/**
|
||||
* 实现获取域名列表
|
||||
*/
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
const pager = new Pager(req);
|
||||
const res = await this.http.request({
|
||||
// 请求接口获取域名列表
|
||||
})
|
||||
const list = res.Domains?.map(item => ({
|
||||
id: item.Id,
|
||||
domain: item.DomainName,
|
||||
})) || []
|
||||
|
||||
return {
|
||||
list,
|
||||
total: res.Total,
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### 6. 实例化插件
|
||||
|
||||
```typescript
|
||||
@@ -204,11 +226,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
|
||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||
}
|
||||
|
||||
/**
|
||||
* 实现获取域名列表
|
||||
*/
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
const pager = new Pager(req);
|
||||
const res = await this.http.request({
|
||||
// 请求接口获取域名列表
|
||||
})
|
||||
const list = res.Domains?.map(item => ({
|
||||
id: item.Id,
|
||||
domain: item.DomainName,
|
||||
})) || []
|
||||
|
||||
return {
|
||||
list,
|
||||
total: res.Total,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 实例化这个 provider,将其自动注册到系统中
|
||||
if (isDev()) {
|
||||
// 你的实现 要去掉这个 if,不然生产环境将不会显示
|
||||
new DemoDnsProvider();
|
||||
}
|
||||
new DemoDnsProvider();
|
||||
|
||||
```
|
||||
@@ -95,7 +95,15 @@ https://certd.handfree.work/
|
||||
3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
|
||||
4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) : 首充翻倍,每月仅需2.2元
|
||||
[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
|
||||
5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
|
||||
|
||||
5. 【推荐】[一键安装脚本](https://certd.docmirror.cn/guide/install/docker/)(自动安装 Docker,Certd):
|
||||
```bash
|
||||
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
|
||||
```
|
||||
|
||||
6. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
|
||||
|
||||
|
||||
|
||||
#### Docker镜像说明:
|
||||
* 国内镜像地址:
|
||||
|
||||
@@ -0,0 +1,340 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
CERTD_VERSION="${CERTD_VERSION:-latest}"
|
||||
INSTALL_DIR="${INSTALL_DIR:-/opt/certd}"
|
||||
COMPOSE_FILE_URL="https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml"
|
||||
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
|
||||
|
||||
DOCKER_MIRROR="https://mirrors.aliyun.com"
|
||||
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m'
|
||||
|
||||
log_info() {
|
||||
echo -e "${GREEN}[INFO]${NC} $1"
|
||||
}
|
||||
|
||||
log_warn() {
|
||||
echo -e "${YELLOW}[WARN]${NC} $1"
|
||||
}
|
||||
|
||||
log_error() {
|
||||
echo -e "${RED}[ERROR]${NC} $1"
|
||||
}
|
||||
|
||||
check_command() {
|
||||
command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
get_local_ip() {
|
||||
LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | grep -oP 'src \K[^ ]+' | head -1)
|
||||
if [ -z "$LOCAL_IP" ]; then
|
||||
LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
|
||||
fi
|
||||
if [ -z "$LOCAL_IP" ]; then
|
||||
LOCAL_IP="127.0.0.1"
|
||||
fi
|
||||
echo "$LOCAL_IP"
|
||||
}
|
||||
|
||||
get_public_ip() {
|
||||
PUBLIC_IP=$(curl -s --max-time 5 https://api.ipify.org 2>/dev/null)
|
||||
if [ -z "$PUBLIC_IP" ]; then
|
||||
PUBLIC_IP=$(curl -s --max-time 5 https://checkip.amazonaws.com 2>/dev/null)
|
||||
fi
|
||||
if [ -z "$PUBLIC_IP" ]; then
|
||||
PUBLIC_IP=""
|
||||
fi
|
||||
echo "$PUBLIC_IP"
|
||||
}
|
||||
|
||||
show_access_urls() {
|
||||
LOCAL_IP=$(get_local_ip)
|
||||
PUBLIC_IP=$(get_public_ip)
|
||||
|
||||
echo ""
|
||||
echo "=========================================="
|
||||
log_info "安装完成!"
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
echo "访问地址:"
|
||||
if [ -n "$PUBLIC_IP" ]; then
|
||||
echo -e " ${GREEN}外网访问:${NC} http://$PUBLIC_IP:7001"
|
||||
fi
|
||||
echo -e " ${GREEN}局域网:${NC} http://$LOCAL_IP:7001"
|
||||
echo ""
|
||||
echo "配置文件: $COMPOSE_FILE"
|
||||
echo ""
|
||||
echo "常用命令:"
|
||||
echo " cd $INSTALL_DIR"
|
||||
echo " docker compose logs -f # 查看日志"
|
||||
echo " docker compose restart # 重启服务"
|
||||
echo " docker compose down # 停止服务"
|
||||
echo ""
|
||||
}
|
||||
|
||||
detect_os() {
|
||||
if [ -f /etc/os-release ]; then
|
||||
. /etc/os-release
|
||||
OS=$ID
|
||||
VER=$VERSION_ID
|
||||
elif [ -f /etc/centos-release ]; then
|
||||
OS="centos"
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
OS="rhel"
|
||||
else
|
||||
OS="unknown"
|
||||
fi
|
||||
}
|
||||
|
||||
check_docker() {
|
||||
if check_command docker; then
|
||||
DOCKER_VERSION=$(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',')
|
||||
log_info "Docker 已安装: $DOCKER_VERSION"
|
||||
return 0
|
||||
else
|
||||
log_warn "Docker 未安装"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
check_docker_compose() {
|
||||
if check_command docker-compose; then
|
||||
COMPOSE_VERSION=$(docker-compose --version 2>/dev/null | awk '{print $3}' | tr -d ',')
|
||||
log_info "Docker Compose 已安装: $COMPOSE_VERSION"
|
||||
return 0
|
||||
elif docker compose version >/dev/null 2>&1; then
|
||||
log_info "Docker Compose (插件版) 已安装"
|
||||
return 0
|
||||
else
|
||||
log_warn "Docker Compose 未安装"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
install_docker_ubuntu() {
|
||||
log_info "正在安装 Docker (Ubuntu/Debian)..."
|
||||
apt-get update
|
||||
apt-get install -y ca-certificates curl gnupg lsb-release
|
||||
|
||||
mkdir -p /etc/apt/keyrings
|
||||
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
|
||||
curl -fsSL https://download.docker.com/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/${OS} $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
|
||||
apt-get update
|
||||
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_docker_centos() {
|
||||
log_info "正在安装 Docker (CentOS/RHEL)..."
|
||||
yum install -y yum-utils
|
||||
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
|
||||
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_dockerrocky() {
|
||||
log_info "正在安装 Docker (Rocky Linux/AlmaLinux)..."
|
||||
dnf install -y yum-utils
|
||||
dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
|
||||
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_docker_debian() {
|
||||
log_info "正在安装 Docker (Debian)..."
|
||||
apt-get update
|
||||
apt-get install -y ca-certificates curl gnupg2
|
||||
|
||||
mkdir -p /etc/apt/keyrings
|
||||
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg
|
||||
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
|
||||
|
||||
apt-get update
|
||||
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
||||
systemctl enable docker
|
||||
systemctl start docker
|
||||
|
||||
log_info "Docker 安装完成"
|
||||
}
|
||||
|
||||
install_docker() {
|
||||
detect_os
|
||||
log_info "检测到操作系统: $OS"
|
||||
|
||||
case $OS in
|
||||
ubuntu)
|
||||
install_docker_ubuntu
|
||||
;;
|
||||
debian)
|
||||
install_docker_debian
|
||||
;;
|
||||
centos)
|
||||
install_docker_centos
|
||||
;;
|
||||
rhel|rocky|almalinux)
|
||||
install_dockerrocky
|
||||
;;
|
||||
*)
|
||||
log_error "不支持的操作系统: $OS"
|
||||
log_info "请手动安装 Docker"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
install_docker_compose_standalone() {
|
||||
log_info "正在安装 Docker Compose (独立版本)..."
|
||||
|
||||
COMPOSE_URLS=(
|
||||
"https://get.daocloud.io/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||
"https://mirror.sjtu.edu.cn/github/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||
"https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
|
||||
)
|
||||
|
||||
for url in "${COMPOSE_URLS[@]}"; do
|
||||
log_info "尝试从: $url"
|
||||
if curl -L "$url" -o /usr/local/bin/docker-compose 2>/dev/null; then
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
log_info "Docker Compose 安装完成"
|
||||
return 0
|
||||
fi
|
||||
log_warn "下载失败,尝试下一个源..."
|
||||
done
|
||||
|
||||
log_error "Docker Compose 安装失败"
|
||||
return 1
|
||||
}
|
||||
|
||||
install_docker_compose() {
|
||||
if check_command docker && docker compose version >/dev/null 2>&1; then
|
||||
log_info "Docker Compose 插件已可用"
|
||||
return 0
|
||||
fi
|
||||
|
||||
if check_command docker-compose; then
|
||||
log_info "Docker Compose 独立版本已安装"
|
||||
return 0
|
||||
fi
|
||||
|
||||
install_docker_compose_standalone
|
||||
}
|
||||
|
||||
download_compose_file() {
|
||||
log_info "正在下载 docker-compose.yaml..."
|
||||
mkdir -p "$INSTALL_DIR"
|
||||
|
||||
if curl -fsSL "$COMPOSE_FILE_URL" -o "$COMPOSE_FILE.tmp"; then
|
||||
mv "$COMPOSE_FILE.tmp" "$COMPOSE_FILE"
|
||||
log_info "docker-compose.yaml 已下载到 $COMPOSE_FILE"
|
||||
|
||||
if [ "$CERTD_VERSION" != "latest" ]; then
|
||||
sed -i "s|certd:latest|certd:$CERTD_VERSION|g" "$COMPOSE_FILE"
|
||||
log_info "已修改镜像版本为: $CERTD_VERSION"
|
||||
fi
|
||||
else
|
||||
log_error "下载失败,请检查网络连接"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
start_certd() {
|
||||
log_info "正在启动 Certd 容器..."
|
||||
cd "$INSTALL_DIR"
|
||||
|
||||
if docker compose -f "$COMPOSE_FILE" up -d 2>/dev/null; then
|
||||
log_info "Certd 启动成功!"
|
||||
elif docker-compose -f "$COMPOSE_FILE" up -d; then
|
||||
log_info "Certd 启动成功!"
|
||||
fi
|
||||
|
||||
sleep 2
|
||||
docker ps --filter "name=certd" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
|
||||
}
|
||||
|
||||
show_usage() {
|
||||
echo "用法: $0 [选项]"
|
||||
echo ""
|
||||
echo "选项:"
|
||||
echo " -v, --version VERSION 指定 Certd 版本 (默认: latest)"
|
||||
echo " -p, --path PATH 指定安装路径 (默认: /opt/certd)"
|
||||
echo " -h, --help 显示帮助信息"
|
||||
echo ""
|
||||
echo "示例:"
|
||||
echo " $0 # 使用默认配置安装"
|
||||
echo " $0 -v 1.29.0 # 安装指定版本"
|
||||
echo " $0 -p /data/certd # 安装到指定目录"
|
||||
}
|
||||
|
||||
main() {
|
||||
echo "=========================================="
|
||||
echo " Certd 一键安装脚本"
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
-v|--version)
|
||||
CERTD_VERSION="$2"
|
||||
shift 2
|
||||
;;
|
||||
-p|--path)
|
||||
INSTALL_DIR="$2"
|
||||
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
|
||||
shift 2
|
||||
;;
|
||||
-h|--help)
|
||||
show_usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
log_error "未知选项: $1"
|
||||
show_usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
log_info "Certd 版本: $CERTD_VERSION"
|
||||
log_info "安装路径: $INSTALL_DIR"
|
||||
echo ""
|
||||
|
||||
DOCKER_INSTALLED=true
|
||||
COMPOSE_INSTALLED=true
|
||||
|
||||
if ! check_docker; then
|
||||
echo ""
|
||||
log_info "正在安装 Docker..."
|
||||
install_docker
|
||||
fi
|
||||
|
||||
if ! check_docker_compose; then
|
||||
echo ""
|
||||
log_info "正在安装 Docker Compose..."
|
||||
install_docker_compose
|
||||
fi
|
||||
|
||||
download_compose_file
|
||||
start_certd
|
||||
|
||||
show_access_urls
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -3,6 +3,25 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
|
||||
* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
|
||||
* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
|
||||
* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
|
||||
* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
|
||||
* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
|
||||
* 流水线修改编辑之后,增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
|
||||
* 修复检查全部某些情况下无效的bug,优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
|
||||
* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
|
||||
* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
|
||||
|
||||
## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -2,7 +2,23 @@
|
||||
|
||||
## 一、安装
|
||||
|
||||
### 1. 环境准备
|
||||
### 一键脚本安装(推荐)
|
||||
|
||||
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
|
||||
|
||||
```bash
|
||||
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
|
||||
```
|
||||
|
||||
> 支持 Ubuntu、Debian、CentOS、Rocky Linux、AlmaLinux 等主流发行版。
|
||||
> docker-compose文件目录:`/opt/certd` ,升级时需要先进入此目录
|
||||
> 运行时数据默认保存路径:`/data/certd` ,可使用参数指定:`-p /data/certd`
|
||||
|
||||
|
||||
|
||||
### 手动安装
|
||||
|
||||
#### 1. 环境准备
|
||||
|
||||
1.1 准备一台云服务器
|
||||
|
||||
@@ -19,9 +35,9 @@ https://docs.docker.com/engine/install/
|
||||
|
||||
```bash
|
||||
# 随便创建一个目录
|
||||
mkdir certd
|
||||
mkdir /opt/certd
|
||||
# 进入目录
|
||||
cd certd
|
||||
cd /opt/certd
|
||||
# 下载docker-compose.yaml文件,或者手动下载放到certd目录下
|
||||
wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
|
||||
|
||||
@@ -54,12 +70,12 @@ https://your_server_ip:7002
|
||||
记得修改密码
|
||||
|
||||
|
||||
## 二、升级
|
||||
## 二、升级Certd
|
||||
|
||||
::: warning
|
||||
如果您是第一次升级certd版本,切记切记先备份一下数据
|
||||
```
|
||||
# docker-compose.yaml配置
|
||||
# 查看/opt/certd/docker-compose.yaml配置
|
||||
- /data/certd:/app/data # 请务必确保 /app/data 这个路径没有改动,固定写死
|
||||
```
|
||||
:::
|
||||
@@ -71,6 +87,7 @@ https://your_server_ip:7002
|
||||
|
||||
### 如果使用`latest`版本
|
||||
```shell
|
||||
cd /opt/certd
|
||||
#重新拉取镜像
|
||||
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
|
||||
# 重新启动容器
|
||||
|
||||
@@ -36,45 +36,48 @@
|
||||
| 32.| **Gcore** | Gcore |
|
||||
| 33.| **Github授权** | |
|
||||
| 34.| **godaddy授权** | |
|
||||
| 35.| **金山云授权** | |
|
||||
| 36.| **FTP授权** | |
|
||||
| 37.| **七牛OSS授权** | |
|
||||
| 38.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
||||
| 39.| **s3/minio授权** | S3/minio oss授权 |
|
||||
| 40.| **namesilo授权** | |
|
||||
| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
||||
| 42.| **1panel授权** | 账号和密码 |
|
||||
| 43.| **支付宝** | |
|
||||
| 44.| **白山云授权** | |
|
||||
| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
||||
| 46.| **cdnfly授权** | |
|
||||
| 47.| **k8s授权** | |
|
||||
| 48.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 49.| **LeCDN授权** | |
|
||||
| 50.| **lucky** | |
|
||||
| 51.| **猫云授权** | |
|
||||
| 52.| **plesk授权** | |
|
||||
| 53.| **长亭雷池授权** | |
|
||||
| 54.| **群晖登录授权** | |
|
||||
| 55.| **uniCloud** | unicloud授权 |
|
||||
| 56.| **微信支付** | |
|
||||
| 57.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 58.| **易发云短信** | sms.yfyidc.cn/ |
|
||||
| 59.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
||||
| 60.| **易支付** | |
|
||||
| 61.| **proxmox** | |
|
||||
| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
||||
| 63.| **UCloud授权** | 优刻得授权 |
|
||||
| 64.| **又拍云** | |
|
||||
| 65.| **网宿授权** | |
|
||||
| 66.| **西部数码授权** | |
|
||||
| 67.| **我爱云授权** | 我爱云CDN |
|
||||
| 68.| **新网授权(代理方式)** | |
|
||||
| 69.| **新网授权** | |
|
||||
| 70.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
||||
| 71.| **Zenlayer授权** | Zenlayer授权 |
|
||||
| 72.| **GoEdge授权** | |
|
||||
| 73.| **雨云授权** | https://app.rainyun.com/ |
|
||||
| 35.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
|
||||
| 36.| **金山云授权** | |
|
||||
| 37.| **FTP授权** | |
|
||||
| 38.| **七牛OSS授权** | |
|
||||
| 39.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
||||
| 40.| **s3/minio授权** | S3/minio oss授权 |
|
||||
| 41.| **namesilo授权** | |
|
||||
| 42.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
||||
| 43.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
|
||||
| 44.| **1panel授权** | 账号和密码 |
|
||||
| 45.| **支付宝** | |
|
||||
| 46.| **白山云授权** | |
|
||||
| 47.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
||||
| 48.| **cdnfly授权** | |
|
||||
| 49.| **k8s授权** | |
|
||||
| 50.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 51.| **LeCDN授权** | |
|
||||
| 52.| **lucky** | |
|
||||
| 53.| **猫云授权** | |
|
||||
| 54.| **plesk授权** | |
|
||||
| 55.| **长亭雷池授权** | |
|
||||
| 56.| **群晖登录授权** | |
|
||||
| 57.| **uniCloud** | unicloud授权 |
|
||||
| 58.| **微信支付** | |
|
||||
| 59.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 60.| **易发云短信** | sms.yfyidc.cn/ |
|
||||
| 61.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
||||
| 62.| **易支付** | |
|
||||
| 63.| **proxmox** | |
|
||||
| 64.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
||||
| 65.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
|
||||
| 66.| **UCloud授权** | 优刻得授权 |
|
||||
| 67.| **又拍云** | |
|
||||
| 68.| **网宿授权** | |
|
||||
| 69.| **西部数码授权** | |
|
||||
| 70.| **我爱云授权** | 我爱云CDN |
|
||||
| 71.| **新网授权(代理方式)** | |
|
||||
| 72.| **新网授权** | |
|
||||
| 73.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
||||
| 74.| **Zenlayer授权** | Zenlayer授权 |
|
||||
| 75.| **GoEdge授权** | |
|
||||
| 76.| **雨云授权** | https://app.rainyun.com/ |
|
||||
|
||||
<style module>
|
||||
table th:first-of-type {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# 任务插件
|
||||
共 `129` 款任务插件
|
||||
共 `130` 款任务插件
|
||||
## 1. 证书申请
|
||||
|
||||
| 序号 | 名称 | 说明 |
|
||||
@@ -58,25 +58,26 @@
|
||||
| 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 |
|
||||
| 4.| **飞牛NAS-部署证书** | |
|
||||
| 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 |
|
||||
| 6.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
|
||||
| 7.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
|
||||
| 8.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
|
||||
| 9.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
||||
| 10.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
||||
| 11.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
||||
| 12.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
||||
| 13.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
||||
| 14.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
||||
| 15.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
||||
| 16.| **lucky-更新Lucky证书** | |
|
||||
| 17.| **Plesk-部署Plesk网站证书** | |
|
||||
| 18.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
||||
| 19.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
||||
| 20.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
||||
| 21.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
||||
| 22.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
||||
| 23.| **Proxmox-上传证书到Proxmox** | |
|
||||
| 24.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
||||
| 6.| **Nginx Proxy Manager-部署到主机** | 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。 |
|
||||
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
|
||||
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
|
||||
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
|
||||
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
||||
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
||||
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
||||
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
||||
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
||||
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
||||
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
||||
| 17.| **lucky-更新Lucky证书** | |
|
||||
| 18.| **Plesk-部署Plesk网站证书** | |
|
||||
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
||||
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
||||
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
||||
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
||||
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
||||
| 24.| **Proxmox-上传证书到Proxmox** | |
|
||||
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
||||
## 5. 阿里云
|
||||
|
||||
| 序号 | 名称 | 说明 |
|
||||
|
||||
@@ -13,17 +13,19 @@
|
||||
| 9.| **cloudflare** | cloudflare dns provider |
|
||||
| 10.| **dns.la** | dns.la |
|
||||
| 11.| **godaddy** | GoDaddy |
|
||||
| 12.| **华为云** | 华为云DNS解析提供商 |
|
||||
| 13.| **namesilo** | namesilo dns provider |
|
||||
| 14.| **雨云** | 雨云DNS解析提供商 |
|
||||
| 15.| **腾讯云** | 腾讯云域名DNS解析提供者 |
|
||||
| 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
|
||||
| 17.| **西部数码** | west dns provider |
|
||||
| 18.| **Dns提供商Demo** | dns provider示例 |
|
||||
| 19.| **彩虹DNS** | 彩虹DNS管理系统 |
|
||||
| 20.| **Spaceship** | Spaceship 域名解析 |
|
||||
| 21.| **51dns** | 51DNS |
|
||||
| 22.| **新网互联** | 新网互联 |
|
||||
| 12.| **HiPM DNSMgr** | HiPM DNSMgr DNS 解析提供商 |
|
||||
| 13.| **华为云** | 华为云DNS解析提供商 |
|
||||
| 14.| **namesilo** | namesilo dns provider |
|
||||
| 15.| **雨云** | 雨云DNS解析提供商 |
|
||||
| 16.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器 |
|
||||
| 17.| **腾讯云** | 腾讯云域名DNS解析提供者 |
|
||||
| 18.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
|
||||
| 19.| **西部数码** | west dns provider |
|
||||
| 20.| **Dns提供商Demo** | dns provider示例 |
|
||||
| 21.| **彩虹DNS** | 彩虹DNS管理系统 |
|
||||
| 22.| **Spaceship** | Spaceship 域名解析 |
|
||||
| 23.| **51dns** | 51DNS |
|
||||
| 24.| **新网互联** | 新网互联 |
|
||||
|
||||
<style module>
|
||||
table th:first-of-type {
|
||||
|
||||
@@ -70,5 +70,5 @@
|
||||
"bugs": {
|
||||
"url": "https://github.com/publishlab/node-acme-client/issues"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -21,7 +21,8 @@ const defaultOpts = {
|
||||
},
|
||||
challengeRemoveFn: async () => {
|
||||
throw new Error("Missing challengeRemoveFn()");
|
||||
}
|
||||
},
|
||||
waitDnsDiffuseTime: 30,
|
||||
};
|
||||
|
||||
/**
|
||||
|
||||
@@ -577,7 +577,7 @@ class AcmeClient {
|
||||
|
||||
const verifyFn = async (abort) => {
|
||||
if (this.opts.signal && this.opts.signal.aborted) {
|
||||
abort();
|
||||
abort(true);
|
||||
throw new CancelError('用户取消');
|
||||
}
|
||||
|
||||
|
||||
@@ -50,15 +50,18 @@ class Backoff {
|
||||
|
||||
async function retryPromise(fn, attempts, backoff, logger = log) {
|
||||
let aborted = false;
|
||||
let abortedFromUser = false;
|
||||
|
||||
try {
|
||||
const setAbort = () => { aborted = true; }
|
||||
const setAbort = (fromUser = false) => { aborted = true; abortedFromUser = fromUser; }
|
||||
const data = await fn(setAbort);
|
||||
return data;
|
||||
}
|
||||
catch (e) {
|
||||
if (aborted){
|
||||
logger(`用户取消重试`);
|
||||
if (abortedFromUser){
|
||||
logger(`用户取消重试`);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
if ( ((backoff.attempts + 1) >= attempts)) {
|
||||
|
||||
+1
@@ -68,6 +68,7 @@ export interface ClientAutoOptions {
|
||||
preferredChain?: string;
|
||||
signal?: AbortSignal;
|
||||
profile?:string;
|
||||
waitDnsDiffuseTime?: number;
|
||||
}
|
||||
|
||||
export class Client {
|
||||
|
||||
@@ -47,5 +47,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -45,5 +45,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -65,4 +65,8 @@ export abstract class BaseAccess implements IAccess {
|
||||
}
|
||||
throw new Error(`action ${req.action} not found`);
|
||||
}
|
||||
|
||||
normalizeEndpoint(endpoint: string) {
|
||||
return endpoint.replace(/\/$/, "");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,5 +24,5 @@
|
||||
"prettier": "^2.8.8",
|
||||
"tslib": "^2.8.1"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -31,5 +31,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -56,5 +56,5 @@
|
||||
"fetch"
|
||||
]
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -33,5 +33,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -64,5 +64,5 @@
|
||||
"typeorm": "^0.3.11",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -6,10 +6,10 @@ import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, Sy
|
||||
|
||||
import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
|
||||
import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
|
||||
import { isPlus } from '@certd/plus-core';
|
||||
import * as dns from 'node:dns';
|
||||
import { BaseService, setAdminMode } from '../../../basic/index.js';
|
||||
import { executorQueue } from '../../basic/service/executor-queue.js';
|
||||
import { isComm, isPlus } from '@certd/plus-core';
|
||||
const { merge } = mergeUtils;
|
||||
|
||||
let lastSaveEnvVars = {};
|
||||
@@ -119,11 +119,11 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
||||
}
|
||||
|
||||
async savePublicSettings(bean: SysPublicSettings) {
|
||||
if (isComm()) {
|
||||
if (bean.adminMode === 'enterprise') {
|
||||
throw new Error("商业版不支持使用企业管理模式")
|
||||
}
|
||||
}
|
||||
// if (isComm()) {
|
||||
// if (bean.adminMode === 'enterprise') {
|
||||
// throw new Error("商业版不支持使用企业管理模式")
|
||||
// }
|
||||
// }
|
||||
|
||||
await this.saveSetting(bean);
|
||||
//让设置生效
|
||||
|
||||
@@ -46,5 +46,5 @@
|
||||
"typeorm": "^0.3.11",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -38,5 +38,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -57,5 +57,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
|
||||
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
|
||||
}
|
||||
|
||||
@@ -135,7 +135,12 @@ export class CertReader {
|
||||
}
|
||||
|
||||
static readCertDetail(crt: string) {
|
||||
const detail = crypto.readCertificateInfo(crt.toString());
|
||||
let detail: CertificateInfo;
|
||||
try {
|
||||
detail = crypto.readCertificateInfo(crt.toString());
|
||||
} catch (e) {
|
||||
throw new Error("证书解析失败:" + e.message + "(请确定证书格式,是否与私钥搞反?)");
|
||||
}
|
||||
const effective = detail.notBefore;
|
||||
const expires = detail.notAfter;
|
||||
const fingerprints = CertReader.getFingerprintX509(crt);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<template>
|
||||
<a-select :value="value" @update:value="onChange">
|
||||
<a-select :value="value" :filter-option="true" @update:value="onChange">
|
||||
<a-select-option v-for="item of options" :key="item.value" :value="item.value" :label="item.label">
|
||||
<span class="flex-o">
|
||||
<fs-icon :icon="item.icon" class="fs-16 color-blue mr-5" />
|
||||
|
||||
+1
-1
@@ -1,5 +1,5 @@
|
||||
<template>
|
||||
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" @update:value="atChange"> </icon-select>
|
||||
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" :filter-option="true" @update:value="atChange"> </icon-select>
|
||||
</template>
|
||||
|
||||
<script lang="ts">
|
||||
|
||||
@@ -289,7 +289,7 @@ export const useSettingStore = defineStore({
|
||||
}
|
||||
},
|
||||
|
||||
openBindUrlModal() {
|
||||
openBindUrlModal(opts: { closable?: boolean } = { closable: false }) {
|
||||
const event: any = { ModalRef: null };
|
||||
mitter.emit("getModal", event);
|
||||
const Modal = event.ModalRef;
|
||||
@@ -302,10 +302,12 @@ export const useSettingStore = defineStore({
|
||||
modalRef.destroy();
|
||||
}
|
||||
};
|
||||
const { closable = false } = opts;
|
||||
const modalRef: any = Modal.warning({
|
||||
title: "URL地址未绑定,是否绑定此地址?",
|
||||
width: 500,
|
||||
keyboard: false,
|
||||
closable,
|
||||
content: () => {
|
||||
return (
|
||||
<div class="p-4">
|
||||
@@ -338,10 +340,10 @@ export const useSettingStore = defineStore({
|
||||
danger: true,
|
||||
},
|
||||
okText: "不,回到原来的地址",
|
||||
cancelText: "不,回到原来的地址",
|
||||
onCancel: () => {
|
||||
window.location.href = bindUrl;
|
||||
},
|
||||
// cancelText: "不,回到原来的地址",
|
||||
// onOk: () => {
|
||||
// window.location.href = bindUrl;
|
||||
// },
|
||||
});
|
||||
},
|
||||
async loadProductInfo() {
|
||||
|
||||
@@ -73,13 +73,11 @@
|
||||
margin: 20px;
|
||||
}
|
||||
|
||||
.fs-crud-table {
|
||||
.ant-table-body {
|
||||
height: 60vh;
|
||||
table {
|
||||
}
|
||||
}
|
||||
}
|
||||
// .fs-crud-table {
|
||||
// .ant-table-body {
|
||||
// height:60vh;
|
||||
// }
|
||||
// }
|
||||
|
||||
body a {
|
||||
color: #1890ff;
|
||||
@@ -142,4 +140,5 @@ button.ant-btn.ant-btn-default.isPlus{
|
||||
color: rgba(233, 233, 233, 0.25);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
import { onActivated, onMounted, ref, Ref } from "vue";
|
||||
import { useFs } from "@fast-crud/fast-crud";
|
||||
import createCrudOptions from "./crud";
|
||||
import { siteIpApi } from "./api";
|
||||
|
||||
defineOptions({
|
||||
name: "SiteIpCertMonitor",
|
||||
@@ -23,11 +22,6 @@ const { crudBinding, crudRef, crudExpose } = useFs({
|
||||
},
|
||||
});
|
||||
|
||||
const siteInfoRef: Ref<any> = ref({});
|
||||
onMounted(async () => {
|
||||
siteInfoRef.value = await siteIpApi.GetObj(props.siteId);
|
||||
});
|
||||
|
||||
// 页面打开后获取列表数据
|
||||
onMounted(() => {
|
||||
crudExpose.doRefresh();
|
||||
|
||||
@@ -182,6 +182,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
|
||||
},
|
||||
showSelect: false,
|
||||
createCrudOptions: createCrudOptionsPipeline,
|
||||
height: "60vh",
|
||||
crudOptionsOverride: {
|
||||
actionbar: {
|
||||
show: false,
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
<div class="helper" v-html="t('certd.sys.setting.noticeHelper')"></div>
|
||||
</a-form-item>
|
||||
|
||||
<a-form-item :label="t('certd.sys.setting.bindUrl')">
|
||||
<a-button class="ml-2" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||
</a-form-item>
|
||||
|
||||
<a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
|
||||
<a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
|
||||
</a-form-item>
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
</div>
|
||||
<pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
|
||||
<div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
|
||||
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal()">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
|
||||
</div>
|
||||
</a-form-item>
|
||||
<a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
|
||||
|
||||
@@ -17,6 +17,18 @@ input:
|
||||
apiKey
|
||||
required: true
|
||||
encrypt: true
|
||||
version:
|
||||
title: 版本
|
||||
component:
|
||||
name: a-select
|
||||
options:
|
||||
- label: v3.x
|
||||
value: '3'
|
||||
- label: v2.x
|
||||
value: '2'
|
||||
helper: apisix系统的版本
|
||||
value: '3'
|
||||
required: true
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
name: hipmdnsmgr
|
||||
title: HiPM DNSMgr
|
||||
icon: svg:icon-dns
|
||||
desc: HiPM DNSMgr API Token 授权
|
||||
input:
|
||||
endpoint:
|
||||
title: 服务器地址
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: http://localhost:3001
|
||||
required: true
|
||||
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001'
|
||||
apiToken:
|
||||
title: API Token
|
||||
required: true
|
||||
encrypt: true
|
||||
helper: 在 DNSMgr 设置 > API Token 中创建的令牌
|
||||
testRequest:
|
||||
title: 测试连接
|
||||
component:
|
||||
name: api-test
|
||||
action: TestRequest
|
||||
helper: 点击测试接口是否正常
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.js
|
||||
@@ -0,0 +1,53 @@
|
||||
name: nginxProxyManager
|
||||
title: Nginx Proxy Manager 授权
|
||||
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
|
||||
icon: logos:nginx
|
||||
input:
|
||||
endpoint:
|
||||
title: NPM 地址
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: https://npm.example.com
|
||||
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
|
||||
required: true
|
||||
email:
|
||||
title: 邮箱
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: admin@example.com
|
||||
required: true
|
||||
password:
|
||||
title: 密码
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: 请输入密码
|
||||
required: true
|
||||
encrypt: true
|
||||
totpSecret:
|
||||
title: TOTP 密钥
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: Optional base32 TOTP secret
|
||||
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
|
||||
required: false
|
||||
encrypt: true
|
||||
ignoreTls:
|
||||
title: 忽略无效 TLS
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
|
||||
required: false
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
name: api-test
|
||||
action: onTestRequest
|
||||
helper: 测试登录并拉取代理主机列表。
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-nginx-proxy-manager/access.js
|
||||
@@ -62,8 +62,8 @@ input:
|
||||
pty:
|
||||
title: 伪终端
|
||||
helper: >-
|
||||
如果登录报错:all authentication methods
|
||||
failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录
|
||||
如果登录报错:all authentication methods failed / unable to
|
||||
exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录
|
||||
|
||||
开启后对日志输出有一定的影响
|
||||
component:
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
name: technitium
|
||||
title: Technitium DNS Server
|
||||
icon: clarity:server-line
|
||||
desc: Technitium DNS Server 自建DNS服务器授权
|
||||
input:
|
||||
apiUrl:
|
||||
title: API地址
|
||||
value: http://localhost:5380
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: http://localhost:5380
|
||||
required: true
|
||||
username:
|
||||
title: 用户名
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: admin
|
||||
required: false
|
||||
password:
|
||||
title: 密码
|
||||
component:
|
||||
name: a-input
|
||||
type: password
|
||||
allowClear: true
|
||||
placeholder: 密码
|
||||
required: false
|
||||
encrypt: true
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
name: api-test
|
||||
action: TestRequest
|
||||
helper: 点击测试接口是否正常
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-technitium/access.js
|
||||
@@ -0,0 +1,71 @@
|
||||
showRunStrategy: false
|
||||
default:
|
||||
strategy:
|
||||
runStrategy: 1
|
||||
name: NginxProxyManagerDeploy
|
||||
title: Nginx Proxy Manager-部署到主机
|
||||
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
|
||||
icon: logos:nginx
|
||||
group: panel
|
||||
input:
|
||||
cert:
|
||||
title: 域名证书
|
||||
helper: 请选择前置任务产出的证书。
|
||||
component:
|
||||
name: output-selector
|
||||
from:
|
||||
- ':cert:'
|
||||
required: true
|
||||
order: 0
|
||||
certDomains:
|
||||
title: 证书域名
|
||||
component:
|
||||
name: cert-domains-getter
|
||||
required: false
|
||||
order: 0
|
||||
accessId:
|
||||
title: NPM授权
|
||||
component:
|
||||
name: access-selector
|
||||
type: nginxProxyManager
|
||||
helper: 选择用于部署的 Nginx Proxy Manager 授权。
|
||||
required: true
|
||||
order: 0
|
||||
proxyHostIds:
|
||||
title: 代理主机
|
||||
component:
|
||||
name: remote-select
|
||||
vModel: value
|
||||
mode: tags
|
||||
type: plugin
|
||||
action: onGetProxyHostOptions
|
||||
search: true
|
||||
pager: false
|
||||
multi: true
|
||||
watches:
|
||||
- certDomains
|
||||
- accessId
|
||||
helper: 选择要绑定此证书的一个或多个代理主机。
|
||||
required: true
|
||||
order: 0
|
||||
certificateLabel:
|
||||
title: 证书标识
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: certd_npm_example_com
|
||||
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>。
|
||||
required: false
|
||||
order: 0
|
||||
cleanupMatchingCertificates:
|
||||
title: 自动清理未使用证书
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
|
||||
required: false
|
||||
order: 0
|
||||
output: {}
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.js
|
||||
@@ -0,0 +1,8 @@
|
||||
name: hipmdnsmgr
|
||||
title: HiPM DNSMgr
|
||||
desc: HiPM DNSMgr DNS 解析提供商
|
||||
accessType: hipmdnsmgr
|
||||
icon: svg:icon-dns
|
||||
pluginType: dnsProvider
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.js
|
||||
@@ -0,0 +1,9 @@
|
||||
name: technitium
|
||||
title: Technitium DNS Server
|
||||
desc: Technitium DNS Server 自建DNS服务器
|
||||
icon: clarity:server-line
|
||||
accessType: technitium
|
||||
order: 10
|
||||
pluginType: dnsProvider
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-technitium/dns-provider.js
|
||||
@@ -89,24 +89,30 @@ export class SiteTester {
|
||||
// 创建 HTTPS 请求
|
||||
const requestPromise = safePromise((resolve, reject) => {
|
||||
const req = https.request(options, res => {
|
||||
// 获取证书
|
||||
// @ts-ignore
|
||||
const certificate = res.socket.getPeerCertificate();
|
||||
// logger.info('证书信息', certificate);
|
||||
if (certificate.subject == null) {
|
||||
logger.warn("证书信息为空");
|
||||
resolve({
|
||||
certificate: null
|
||||
});
|
||||
}
|
||||
resolve({
|
||||
certificate
|
||||
});
|
||||
res.socket.end();
|
||||
// 关闭响应
|
||||
res.destroy();
|
||||
});
|
||||
|
||||
// ✅ 关键:在 'socket' 事件中获取证书(握手完成后立即执行)
|
||||
req.on('socket', (socket:any) => {
|
||||
socket.on('secureConnect', () => {
|
||||
// TLS握手完成,证书已经可用
|
||||
const certificate = socket.getPeerCertificate();
|
||||
if (certificate.subject) {
|
||||
logger.info('证书获取成功', certificate.subject);
|
||||
resolve({
|
||||
certificate
|
||||
});
|
||||
}else{
|
||||
logger.warn("证书信息为空");
|
||||
resolve({
|
||||
certificate: null
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
req.on("error", e => {
|
||||
reject(e);
|
||||
});
|
||||
|
||||
@@ -45,4 +45,6 @@
|
||||
// export * from './plugin-plus/index.js'
|
||||
// export * from './plugin-cert/index.js'
|
||||
// export * from './plugin-zenlayer/index.js'
|
||||
export * from './plugin-dnsmgr/index.js'
|
||||
// export * from './plugin-dnsmgr/index.js'
|
||||
// export * from './plugin-nginx-proxy-manager/index.js'
|
||||
// export * from './plugin-hipmdnsmgr/index.js'
|
||||
|
||||
@@ -32,6 +32,27 @@ export class ApisixAccess extends BaseAccess {
|
||||
})
|
||||
apiKey = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '版本',
|
||||
component: {
|
||||
name:"a-select",
|
||||
options: [
|
||||
{
|
||||
label: "v3.x",
|
||||
value: "3",
|
||||
},
|
||||
{
|
||||
label: "v2.x",
|
||||
value: "2",
|
||||
},
|
||||
]
|
||||
},
|
||||
helper: "apisix系统的版本",
|
||||
value:"3",
|
||||
required: true,
|
||||
})
|
||||
version = '3';
|
||||
|
||||
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
@@ -49,17 +70,24 @@ export class ApisixAccess extends BaseAccess {
|
||||
}
|
||||
|
||||
async getCertList(){
|
||||
const sslPath = this.getSslPath();
|
||||
const req = {
|
||||
url :"/apisix/admin/ssls",
|
||||
url :`/apisix/admin/${sslPath}`,
|
||||
method: "get",
|
||||
}
|
||||
return await this.doRequest(req);
|
||||
}
|
||||
|
||||
getSslPath(){
|
||||
const sslPath = this.version === '3' ? 'ssls' : 'ssl';
|
||||
return sslPath;
|
||||
}
|
||||
|
||||
async createCert(opts:{cert:CertInfo}){
|
||||
const certReader = new CertReader(opts.cert)
|
||||
const sslPath = this.getSslPath();
|
||||
const req = {
|
||||
url :"/apisix/admin/ssls",
|
||||
url :`/apisix/admin/${sslPath}`,
|
||||
method: "post",
|
||||
data:{
|
||||
cert: opts.cert.crt,
|
||||
@@ -72,8 +100,9 @@ export class ApisixAccess extends BaseAccess {
|
||||
|
||||
async updateCert (opts:{cert:CertInfo,id:string}){
|
||||
const certReader = new CertReader(opts.cert)
|
||||
const sslPath = this.getSslPath();
|
||||
const req = {
|
||||
url :`/apisix/admin/ssls/${opts.id}`,
|
||||
url :`/apisix/admin/${sslPath}/${opts.id}`,
|
||||
method: "put",
|
||||
data:{
|
||||
cert: opts.cert.crt,
|
||||
|
||||
@@ -423,6 +423,7 @@ export class AcmeService {
|
||||
signal: this.options.signal,
|
||||
profile,
|
||||
preferredChain,
|
||||
waitDnsDiffuseTime: this.options.waitDnsDiffuseTime,
|
||||
});
|
||||
|
||||
const crtString = crt.toString();
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
|
||||
import { DemoAccess } from './access.js';
|
||||
import { PageRes, PageSearch } from '@certd/pipeline';
|
||||
import { isDev } from '../../utils/env.js';
|
||||
import { DemoAccess } from './access.js';
|
||||
|
||||
type DemoRecord = {
|
||||
// 这里定义Record记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到id就行,用于删除txt解析记录,清理申请痕迹
|
||||
@@ -16,7 +17,7 @@ type DemoRecord = {
|
||||
icon: 'clarity:plugin-line',
|
||||
// 这里是对应的云平台的access类型名称
|
||||
accessType: 'demo',
|
||||
order:99,
|
||||
order: 99,
|
||||
})
|
||||
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
access!: DemoAccess;
|
||||
@@ -74,6 +75,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
|
||||
|
||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param req 实现获取域名列表
|
||||
* @returns
|
||||
*/
|
||||
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
const res = await this.http.request({
|
||||
// 请求接口获取域名列表
|
||||
})
|
||||
const list = []
|
||||
// const list = res.Domains?.map(item => ({
|
||||
// id: item.Id,
|
||||
// domain: item.DomainName,
|
||||
// })) || []
|
||||
|
||||
|
||||
return {
|
||||
list,
|
||||
total: res.Total,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//TODO 实例化这个provider,将其自动注册到系统中
|
||||
|
||||
@@ -0,0 +1,172 @@
|
||||
import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
|
||||
|
||||
/**
|
||||
* HiPM DNSMgr Access
|
||||
* 使用 API Token 认证(Bearer Token)
|
||||
*/
|
||||
@IsAccess({
|
||||
name: 'hipmdnsmgr',
|
||||
title: 'HiPM DNSMgr',
|
||||
icon: 'svg:icon-dns',
|
||||
desc: 'HiPM DNSMgr API Token 授权',
|
||||
})
|
||||
export class HipmDnsmgrAccess extends BaseAccess {
|
||||
@AccessInput({
|
||||
title: '服务器地址',
|
||||
component: {
|
||||
name: 'a-input',
|
||||
allowClear: true,
|
||||
placeholder: 'http://localhost:3001',
|
||||
},
|
||||
required: true,
|
||||
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001',
|
||||
})
|
||||
endpoint = '';
|
||||
|
||||
@AccessInput({
|
||||
title: 'API Token',
|
||||
required: true,
|
||||
encrypt: true,
|
||||
helper: '在 DNSMgr 设置 > API Token 中创建的令牌',
|
||||
})
|
||||
apiToken = '';
|
||||
|
||||
@AccessInput({
|
||||
title: '测试连接',
|
||||
component: {
|
||||
name: 'api-test',
|
||||
action: 'TestRequest',
|
||||
},
|
||||
helper: '点击测试接口是否正常',
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
async onTestRequest() {
|
||||
await this.getDomainList();
|
||||
return '连接成功';
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名列表
|
||||
*/
|
||||
async getDomainList() {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名列表`);
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'GET',
|
||||
path: '/domains',
|
||||
params: {
|
||||
page: 1,
|
||||
pageSize: 100,
|
||||
},
|
||||
});
|
||||
|
||||
// DNSMgr 返回数组格式
|
||||
return resp?.map((item: any) => ({
|
||||
id: String(item.id),
|
||||
domain: item.name,
|
||||
...item,
|
||||
})) || [];
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名记录列表
|
||||
*/
|
||||
async getDomainRecords(domainId: string, params?: { type?: string; subdomain?: string; value?: string }) {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名记录列表:domainId=${domainId}`);
|
||||
|
||||
let path = `/domains/${domainId}/records?page=1&pageSize=100`;
|
||||
if (params?.type) path += `&type=${encodeURIComponent(params.type)}`;
|
||||
if (params?.subdomain) path += `&subdomain=${encodeURIComponent(params.subdomain)}`;
|
||||
if (params?.value) path += `&value=${encodeURIComponent(params.value)}`;
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'GET',
|
||||
path,
|
||||
});
|
||||
|
||||
return resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建 DNS 记录
|
||||
*/
|
||||
async createDnsRecord(domainId: string, name: string, value: string, type: string) {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 创建DNS记录:${name} ${type} ${value}`);
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'POST',
|
||||
path: `/domains/${domainId}/records`,
|
||||
data: {
|
||||
name,
|
||||
type,
|
||||
value,
|
||||
ttl: 600,
|
||||
line: '0',
|
||||
},
|
||||
});
|
||||
|
||||
return resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除 DNS 记录
|
||||
*/
|
||||
async deleteDnsRecord(domainId: string, recordId: string) {
|
||||
this.ctx.logger.info(`[HiPM DNSMgr] 删除DNS记录:domainId=${domainId}, recordId=${recordId}`);
|
||||
|
||||
const resp = await this.doRequest({
|
||||
method: 'DELETE',
|
||||
path: `/domains/${domainId}/records/${recordId}`,
|
||||
});
|
||||
|
||||
return resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* 发送 HTTP 请求
|
||||
*/
|
||||
async doRequest(req: { method: string; path: string; data?: any; params?: any }) {
|
||||
// 处理 URL
|
||||
let baseUrl = this.endpoint.trim();
|
||||
baseUrl = baseUrl.replace(/\/$/, '');
|
||||
baseUrl = baseUrl.replace(/\/api$/, '');
|
||||
|
||||
let url = `${baseUrl}/api${req.path}`;
|
||||
|
||||
// 添加查询参数
|
||||
if (req.params) {
|
||||
const searchParams = new URLSearchParams();
|
||||
for (const [key, value] of Object.entries(req.params)) {
|
||||
if (value !== undefined && value !== null && value !== '') {
|
||||
searchParams.append(key, String(value));
|
||||
}
|
||||
}
|
||||
const queryString = searchParams.toString();
|
||||
if (queryString) {
|
||||
url += `?${queryString}`;
|
||||
}
|
||||
}
|
||||
|
||||
this.ctx.logger.debug(`[HiPM DNSMgr] 请求: ${req.method} ${url}`);
|
||||
|
||||
const res = await this.ctx.http.request({
|
||||
url,
|
||||
method: req.method,
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Authorization': `Bearer ${this.apiToken}`,
|
||||
},
|
||||
data: req.data,
|
||||
});
|
||||
|
||||
this.ctx.logger.debug(`[HiPM DNSMgr] 响应:`, res);
|
||||
|
||||
// DNSMgr API 返回格式: { code: 0, data: ..., msg: ... }
|
||||
if (res.code !== undefined && res.code !== 0) {
|
||||
throw new Error(res.msg || '请求失败');
|
||||
}
|
||||
|
||||
return res.data;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
export * from './hipmdnsmgr-access.js';
|
||||
+77
@@ -0,0 +1,77 @@
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
import { HipmDnsmgrAccess } from '../access/hipmdnsmgr-access.js';
|
||||
|
||||
/**
|
||||
* HiPM DNSMgr DNS Provider
|
||||
* 用于 ACME DNS-01 挑战验证
|
||||
*/
|
||||
@IsDnsProvider({
|
||||
name: 'hipmdnsmgr',
|
||||
title: 'HiPM DNSMgr',
|
||||
desc: 'HiPM DNSMgr DNS 解析提供商',
|
||||
accessType: 'hipmdnsmgr',
|
||||
icon: 'svg:icon-dns',
|
||||
})
|
||||
export class HipmDnsmgrDnsProvider extends AbstractDnsProvider<{ domainId: string; recordId: string; name: string; value: string }> {
|
||||
access!: HipmDnsmgrAccess;
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as HipmDnsmgrAccess;
|
||||
this.logger.debug('[HiPM DNSMgr] 初始化完成');
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建 DNS 记录(用于 ACME DNS-01 验证)
|
||||
*/
|
||||
async createRecord(options: CreateRecordOptions): Promise<any> {
|
||||
const { fullRecord, hostRecord, value, type, domain } = options;
|
||||
this.logger.info('[HiPM DNSMgr] 添加域名解析:', fullRecord, value, type, domain);
|
||||
|
||||
// 1. 获取域名列表,找到对应的域名 ID
|
||||
const domainList = await this.access.getDomainList();
|
||||
const domainInfo = domainList.find((item: any) => item.domain === domain);
|
||||
|
||||
if (!domainInfo) {
|
||||
throw new Error(`[HiPM DNSMgr] 未找到域名:${domain}`);
|
||||
}
|
||||
|
||||
const domainId = String(domainInfo.id);
|
||||
this.logger.debug('[HiPM DNSMgr] 找到域名:', domain, 'ID:', domainId);
|
||||
|
||||
// 2. 创建 DNS 记录
|
||||
const name = hostRecord; // 使用子域名,如 _acme-challenge
|
||||
const res = await this.access.createDnsRecord(domainId, name, value, type);
|
||||
|
||||
this.logger.info('[HiPM DNSMgr] 添加域名解析成功:', JSON.stringify(options), res?.id);
|
||||
|
||||
// 返回记录信息,用于后续删除
|
||||
return {
|
||||
domainId,
|
||||
recordId: res?.id,
|
||||
name,
|
||||
value,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除 DNS 记录(ACME 验证完成后清理)
|
||||
*/
|
||||
async removeRecord(options: RemoveRecordOptions<{ domainId: string; recordId: string; name: string; value: string }>): Promise<void> {
|
||||
const { fullRecord, value } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
|
||||
this.logger.info('[HiPM DNSMgr] 删除域名解析:', fullRecord, value, record);
|
||||
|
||||
if (record && record.domainId && record.recordId) {
|
||||
try {
|
||||
await this.access.deleteDnsRecord(record.domainId, record.recordId);
|
||||
this.logger.info('[HiPM DNSMgr] 删除域名解析成功:', fullRecord, value);
|
||||
} catch (e: any) {
|
||||
// 记录可能已经被删除,忽略错误
|
||||
this.logger.warn('[HiPM DNSMgr] 删除域名解析失败(可能已不存在):', e.message);
|
||||
}
|
||||
} else {
|
||||
this.logger.warn('[HiPM DNSMgr] 无法删除记录,缺少 domainId 或 recordId');
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
export * from './hipmdnsmgr-dns-provider.js';
|
||||
@@ -0,0 +1,2 @@
|
||||
export * from './access/index.js';
|
||||
export * from './dns-provider/index.js';
|
||||
@@ -82,7 +82,7 @@ export class SshAccess extends BaseAccess {
|
||||
|
||||
@AccessInput({
|
||||
title: "伪终端",
|
||||
helper: "如果登录报错:all authentication methods failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
|
||||
helper: "如果登录报错:all authentication methods failed / unable to exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
|
||||
@@ -208,7 +208,7 @@ export class AsyncSsh2Client {
|
||||
let hasErrorLog = false;
|
||||
stream
|
||||
.on("close", (code: any, signal: any) => {
|
||||
this.logger.info(`[${this.connConf.host}][close]:code:${code}`);
|
||||
this.logger.info(`[${this.connConf.host}][close]:code=${code}`);
|
||||
/**
|
||||
* ]pipeline 执行命令:[10.123.0.2][exec]:cd /d D:\nginx-1.27.5 && D:\nginx-1.27.5\nginx.exe -t && D:\nginx-1.27.5\nginx.exe -s reload
|
||||
* [2025-07-09T10:24:11.219] [ERROR]pipeline - [10. 123.0. 2][error]: nginx: the configuration file D: \nginx-1.27. 5/conf/nginx. conf syntax is ok
|
||||
@@ -279,7 +279,7 @@ export class AsyncSsh2Client {
|
||||
}
|
||||
stream
|
||||
.on("close", (code: any) => {
|
||||
this.logger.info("Stream :: close,code: " + code);
|
||||
this.logger.info("Stream :: close,code = " + code);
|
||||
resolve(output);
|
||||
})
|
||||
.on("data", (ret: Buffer) => {
|
||||
|
||||
@@ -126,12 +126,12 @@ export class NextTerminalAccess extends BaseAccess {
|
||||
'Content-Type': 'application/json',
|
||||
};
|
||||
|
||||
|
||||
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${this.baseUrl}${req.url}`);
|
||||
const baseUrl = this.normalizeEndpoint(this.baseUrl);
|
||||
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${baseUrl}${req.url}`);
|
||||
|
||||
const resp = await this.ctx.http.request({
|
||||
url: req.url,
|
||||
baseURL: this.baseUrl,
|
||||
baseURL: baseUrl,
|
||||
method: req.method,
|
||||
headers,
|
||||
params: req.params,
|
||||
|
||||
+348
@@ -0,0 +1,348 @@
|
||||
name: NginxProxyManagerDeploy
|
||||
icon: logos:nginx
|
||||
title: Nginx Proxy Manager-部署到主机
|
||||
group: panel
|
||||
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
|
||||
setting: null
|
||||
sysSetting: null
|
||||
type: custom
|
||||
disabled: false
|
||||
version: 1.0.0
|
||||
pluginType: deploy
|
||||
author: samler
|
||||
input:
|
||||
cert:
|
||||
title: 域名证书
|
||||
helper: 请选择前置任务产出的证书。
|
||||
component:
|
||||
name: output-selector
|
||||
from:
|
||||
- ':cert:'
|
||||
required: true
|
||||
order: 0
|
||||
certDomains:
|
||||
title: 证书域名
|
||||
component:
|
||||
name: cert-domains-getter
|
||||
mergeScript: |
|
||||
return {
|
||||
component: {
|
||||
inputKey: ctx.compute(({ form }) => {
|
||||
return form.cert;
|
||||
}),
|
||||
},
|
||||
}
|
||||
required: false
|
||||
order: 0
|
||||
accessId:
|
||||
title: NPM授权
|
||||
component:
|
||||
name: access-selector
|
||||
type: samler/nginxProxyManager
|
||||
helper: 选择用于部署的 Nginx Proxy Manager 授权。
|
||||
required: true
|
||||
order: 0
|
||||
proxyHostIds:
|
||||
title: 代理主机
|
||||
component:
|
||||
name: remote-select
|
||||
vModel: value
|
||||
mode: tags
|
||||
type: plugin
|
||||
action: onGetProxyHostOptions
|
||||
search: true
|
||||
pager: false
|
||||
multi: true
|
||||
watches:
|
||||
- certDomains
|
||||
- accessId
|
||||
required: true
|
||||
helper: 选择要绑定此证书的一个或多个代理主机。
|
||||
mergeScript: |
|
||||
return {
|
||||
component: {
|
||||
form: ctx.compute(({ form }) => {
|
||||
return form;
|
||||
}),
|
||||
},
|
||||
}
|
||||
order: 0
|
||||
certificateLabel:
|
||||
title: 证书标识
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: certd_npm_example_com
|
||||
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>.
|
||||
required: false
|
||||
order: 0
|
||||
cleanupMatchingCertificates:
|
||||
title: 自动清理未使用证书
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
|
||||
required: false
|
||||
order: 0
|
||||
output: {}
|
||||
default:
|
||||
strategy:
|
||||
runStrategy: 1
|
||||
showRunStrategy: false
|
||||
content: |
|
||||
const { AbstractTaskPlugin } = await import("@certd/pipeline");
|
||||
const { CertReader } = await import("@certd/plugin-cert");
|
||||
|
||||
function normalizeDomain(domain) {
|
||||
return String(domain ?? "").trim().toLowerCase();
|
||||
}
|
||||
|
||||
function wildcardMatches(pattern, candidate) {
|
||||
if (!pattern.startsWith("*.")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const suffix = pattern.slice(1).toLowerCase();
|
||||
return candidate.endsWith(suffix);
|
||||
}
|
||||
|
||||
function isDomainMatch(left, right) {
|
||||
const normalizedLeft = normalizeDomain(left);
|
||||
const normalizedRight = normalizeDomain(right);
|
||||
|
||||
return (
|
||||
normalizedLeft === normalizedRight ||
|
||||
wildcardMatches(normalizedLeft, normalizedRight) ||
|
||||
wildcardMatches(normalizedRight, normalizedLeft)
|
||||
);
|
||||
}
|
||||
|
||||
function normalizeDomainIdentity(domain) {
|
||||
return normalizeDomain(domain).replace(/^\*\./, "");
|
||||
}
|
||||
|
||||
function certificateHasBindings(certificate) {
|
||||
return (
|
||||
(certificate.proxy_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.dead_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.streams?.length ?? 0) > 0
|
||||
);
|
||||
}
|
||||
|
||||
function sanitizeDomainSegment(value) {
|
||||
const sanitized = String(value ?? "")
|
||||
.trim()
|
||||
.toLowerCase()
|
||||
.replace(/[^a-z0-9]+/g, "_")
|
||||
.replace(/^_+|_+$/g, "")
|
||||
.replace(/_+/g, "_");
|
||||
|
||||
return sanitized || "unknown";
|
||||
}
|
||||
|
||||
function buildDefaultCertificateLabel(cert) {
|
||||
const mainDomain = CertReader.getMainDomain(cert.crt);
|
||||
return `certd_npm_${sanitizeDomainSegment(mainDomain)}`;
|
||||
}
|
||||
|
||||
function normalizeStringList(input) {
|
||||
if (Array.isArray(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
if (input == null || input === "") {
|
||||
return [];
|
||||
}
|
||||
|
||||
return [input];
|
||||
}
|
||||
|
||||
function resolveCertificateDomains(cert, configuredDomains) {
|
||||
const configured = normalizeStringList(configuredDomains)
|
||||
.map((value) => String(value).trim())
|
||||
.filter(Boolean);
|
||||
|
||||
if (configured.length > 0) {
|
||||
return Array.from(new Set(configured));
|
||||
}
|
||||
|
||||
return new CertReader(cert).getAllDomains();
|
||||
}
|
||||
|
||||
function buildProxyHostLabel(host) {
|
||||
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
|
||||
return `${domains} <#${host.id}>`;
|
||||
}
|
||||
|
||||
function hasAnyCertDomainMatch(host, certDomains) {
|
||||
if (!certDomains.length) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const hostDomains = host.domain_names ?? [];
|
||||
return hostDomains.some((hostDomain) => certDomains.some((certDomain) => isDomainMatch(hostDomain, certDomain)));
|
||||
}
|
||||
|
||||
function buildProxyHostOptions(hosts, certDomains) {
|
||||
const sortedHosts = [...hosts].sort((left, right) => {
|
||||
return buildProxyHostLabel(left).localeCompare(buildProxyHostLabel(right));
|
||||
});
|
||||
|
||||
const matched = [];
|
||||
const unmatched = [];
|
||||
|
||||
for (const host of sortedHosts) {
|
||||
const option = {
|
||||
label: buildProxyHostLabel(host),
|
||||
value: String(host.id),
|
||||
domain: host.domain_names?.[0] ?? "",
|
||||
};
|
||||
|
||||
if (hasAnyCertDomainMatch(host, certDomains)) {
|
||||
matched.push(option);
|
||||
} else {
|
||||
unmatched.push(option);
|
||||
}
|
||||
}
|
||||
|
||||
if (matched.length && unmatched.length) {
|
||||
return [
|
||||
{
|
||||
label: "匹配证书域名的主机",
|
||||
options: matched,
|
||||
},
|
||||
{
|
||||
label: "其他代理主机",
|
||||
options: unmatched,
|
||||
},
|
||||
];
|
||||
}
|
||||
|
||||
return matched.length ? matched : unmatched;
|
||||
}
|
||||
|
||||
function normalizeProxyHostIds(proxyHostIds) {
|
||||
return Array.from(
|
||||
new Set(
|
||||
normalizeStringList(proxyHostIds)
|
||||
.map((value) => Number.parseInt(String(value), 10))
|
||||
.filter((value) => Number.isInteger(value) && value > 0),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
return class NpmDeployToProxyHosts extends AbstractTaskPlugin {
|
||||
cert;
|
||||
certDomains;
|
||||
accessId;
|
||||
proxyHostIds;
|
||||
certificateLabel;
|
||||
cleanupMatchingCertificates = false;
|
||||
|
||||
async execute() {
|
||||
const access = await this.getAccess(this.accessId);
|
||||
const client = access.createClient();
|
||||
const proxyHostIds = normalizeProxyHostIds(this.proxyHostIds);
|
||||
|
||||
if (proxyHostIds.length === 0) {
|
||||
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
|
||||
}
|
||||
|
||||
const certificateLabel = this.certificateLabel?.trim() || buildDefaultCertificateLabel(this.cert);
|
||||
const certificateDomains = resolveCertificateDomains(this.cert, this.certDomains);
|
||||
|
||||
let certificate = await client.findCustomCertificateByNiceName(certificateLabel);
|
||||
if (!certificate) {
|
||||
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
|
||||
certificate = await client.createCustomCertificate(certificateLabel, certificateDomains);
|
||||
} else {
|
||||
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
|
||||
}
|
||||
|
||||
await client.uploadCertificate(certificate.id, {
|
||||
certificate: this.cert.crt,
|
||||
certificateKey: this.cert.key,
|
||||
intermediateCertificate: this.cert.ic,
|
||||
});
|
||||
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
|
||||
|
||||
for (const proxyHostId of proxyHostIds) {
|
||||
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
|
||||
try {
|
||||
await client.assignCertificateToProxyHost(proxyHostId, certificate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (this.cleanupMatchingCertificates === true) {
|
||||
await this.cleanupOldCertificates(client, certificate.id);
|
||||
}
|
||||
|
||||
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
|
||||
}
|
||||
|
||||
async onGetProxyHostOptions(req = {}) {
|
||||
if (!this.accessId) {
|
||||
throw new Error("请先选择 Nginx Proxy Manager 授权");
|
||||
}
|
||||
|
||||
const access = await this.getAccess(this.accessId);
|
||||
const proxyHosts = await access.getProxyHostList(req);
|
||||
return buildProxyHostOptions(proxyHosts, normalizeStringList(this.certDomains));
|
||||
}
|
||||
|
||||
async cleanupOldCertificates(client, currentCertificateId) {
|
||||
const certificates = await client.getCertificatesWithExpand(undefined, [
|
||||
"proxy_hosts",
|
||||
"redirection_hosts",
|
||||
"dead_hosts",
|
||||
"streams",
|
||||
]);
|
||||
|
||||
const candidates = certificates.filter((certificate) => {
|
||||
return certificate.id !== currentCertificateId;
|
||||
});
|
||||
|
||||
if (candidates.length === 0) {
|
||||
this.logger.info("未发现可自动清理的旧证书");
|
||||
return;
|
||||
}
|
||||
|
||||
const deletedIds = [];
|
||||
const skippedInUse = [];
|
||||
const failedDeletes = [];
|
||||
|
||||
for (const candidate of candidates) {
|
||||
if (certificateHasBindings(candidate)) {
|
||||
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
|
||||
continue;
|
||||
}
|
||||
|
||||
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
|
||||
try {
|
||||
await client.deleteCertificate(candidate.id);
|
||||
deletedIds.push(candidate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (deletedIds.length > 0) {
|
||||
this.logger.info(`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds.map((id) => `#${id}`).join(", ")}`);
|
||||
} else {
|
||||
this.logger.info("未删除任何旧证书");
|
||||
}
|
||||
|
||||
if (skippedInUse.length > 0) {
|
||||
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
|
||||
}
|
||||
|
||||
if (failedDeletes.length > 0) {
|
||||
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
|
||||
}
|
||||
}
|
||||
};
|
||||
@@ -0,0 +1,366 @@
|
||||
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
|
||||
import FormData from "form-data";
|
||||
import { authenticator } from "otplib";
|
||||
|
||||
export interface ProxyHost {
|
||||
id: number;
|
||||
domain_names?: string[];
|
||||
certificate_id?: number;
|
||||
proxy_hosts?: unknown[];
|
||||
redirection_hosts?: unknown[];
|
||||
dead_hosts?: unknown[];
|
||||
streams?: unknown[];
|
||||
}
|
||||
|
||||
export interface Certificate {
|
||||
id: number;
|
||||
nice_name: string;
|
||||
provider: string;
|
||||
domain_names?: string[];
|
||||
proxy_hosts?: unknown[];
|
||||
redirection_hosts?: unknown[];
|
||||
dead_hosts?: unknown[];
|
||||
streams?: unknown[];
|
||||
}
|
||||
|
||||
interface TokenResponse {
|
||||
token?: string;
|
||||
requires_2fa?: boolean;
|
||||
challenge_token?: string;
|
||||
}
|
||||
|
||||
@IsAccess({
|
||||
name: "nginxProxyManager",
|
||||
title: "Nginx Proxy Manager 授权",
|
||||
desc: "用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。",
|
||||
icon: "logos:nginx",
|
||||
})
|
||||
export class NginxProxyManagerAccess extends BaseAccess {
|
||||
@AccessInput({
|
||||
title: "NPM 地址",
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: "https://npm.example.com",
|
||||
},
|
||||
helper: "请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。",
|
||||
required: true,
|
||||
})
|
||||
endpoint = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "邮箱",
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: "admin@example.com",
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
email = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "密码",
|
||||
component: {
|
||||
name: "a-input-password",
|
||||
allowClear: true,
|
||||
placeholder: "请输入密码",
|
||||
},
|
||||
required: true,
|
||||
encrypt: true,
|
||||
})
|
||||
password = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "TOTP 密钥",
|
||||
component: {
|
||||
name: "a-input-password",
|
||||
allowClear: true,
|
||||
placeholder: "Optional base32 TOTP secret",
|
||||
},
|
||||
helper: "当 Nginx Proxy Manager 账号开启 2FA 时必填。",
|
||||
required: false,
|
||||
encrypt: true,
|
||||
})
|
||||
totpSecret = "";
|
||||
|
||||
@AccessInput({
|
||||
title: "忽略无效 TLS",
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
},
|
||||
helper: "仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。",
|
||||
required: false,
|
||||
})
|
||||
ignoreTls = false;
|
||||
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
name: "api-test",
|
||||
action: "onTestRequest",
|
||||
},
|
||||
helper: "测试登录并拉取代理主机列表。",
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
private token: string | undefined;
|
||||
private tokenPromise: Promise<string> | undefined;
|
||||
|
||||
normalizeEndpoint(endpoint: string): string {
|
||||
const trimmed = String(endpoint ?? "").trim();
|
||||
if (!trimmed) {
|
||||
throw new Error("Nginx Proxy Manager 地址不能为空");
|
||||
}
|
||||
|
||||
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
|
||||
return withoutTrailingSlash.endsWith("/api")
|
||||
? withoutTrailingSlash.slice(0, -4)
|
||||
: withoutTrailingSlash;
|
||||
}
|
||||
|
||||
private describeError(error: unknown, action: string): Error {
|
||||
if (error instanceof Error) {
|
||||
return new Error(`${action} failed: ${error.message}`);
|
||||
}
|
||||
return new Error(`${action} failed`);
|
||||
}
|
||||
|
||||
private get apiBaseUrl(): string {
|
||||
const endpoint = this.normalizeEndpoint(this.endpoint);
|
||||
return `${endpoint}/api`;
|
||||
}
|
||||
|
||||
async verifyAccess(): Promise<{ proxyHostCount: number }> {
|
||||
const proxyHosts = await this.getProxyHosts();
|
||||
return {
|
||||
proxyHostCount: proxyHosts.length,
|
||||
};
|
||||
}
|
||||
|
||||
async getProxyHosts(searchQuery?: string): Promise<ProxyHost[]> {
|
||||
return await this.requestWithAuth<ProxyHost[]>({
|
||||
method: "GET",
|
||||
url: "/nginx/proxy-hosts",
|
||||
params: {
|
||||
expand: "certificate",
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificates(searchQuery?: string): Promise<Certificate[]> {
|
||||
return await this.requestWithAuth<Certificate[]>({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: searchQuery ? { query: searchQuery } : undefined,
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificatesWithExpand(
|
||||
searchQuery?: string,
|
||||
expand: string[] = []
|
||||
): Promise<Certificate[]> {
|
||||
return await this.requestWithAuth<Certificate[]>({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: {
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
...(expand.length > 0 ? { expand: expand.join(", ") } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async findCustomCertificateByNiceName(niceName: string): Promise<Certificate | undefined> {
|
||||
const certificates = await this.getCertificates(niceName);
|
||||
return certificates.find((certificate) => {
|
||||
return certificate.provider === "other" && certificate.nice_name === niceName;
|
||||
});
|
||||
}
|
||||
|
||||
async createCustomCertificate(
|
||||
niceName: string,
|
||||
domainNames: string[] = []
|
||||
): Promise<Certificate> {
|
||||
return await this.requestWithAuth<Certificate>({
|
||||
method: "POST",
|
||||
url: "/nginx/certificates",
|
||||
data: {
|
||||
provider: "other",
|
||||
nice_name: niceName,
|
||||
domain_names: domainNames,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async deleteCertificate(certificateId: number): Promise<void> {
|
||||
await this.requestWithAuth<void>({
|
||||
method: "DELETE",
|
||||
url: `/nginx/certificates/${certificateId}`,
|
||||
});
|
||||
}
|
||||
|
||||
async uploadCertificate(
|
||||
certificateId: number,
|
||||
payload: {
|
||||
certificate: string;
|
||||
certificateKey: string;
|
||||
intermediateCertificate?: string;
|
||||
}
|
||||
): Promise<void> {
|
||||
const form = new FormData();
|
||||
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
|
||||
filename: "fullchain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
|
||||
filename: "privkey.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
if (payload.intermediateCertificate) {
|
||||
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
|
||||
filename: "chain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
}
|
||||
|
||||
await this.requestWithAuth<void>({
|
||||
method: "POST",
|
||||
url: `/nginx/certificates/${certificateId}/upload`,
|
||||
data: form,
|
||||
headers: form.getHeaders(),
|
||||
});
|
||||
}
|
||||
|
||||
async assignCertificateToProxyHost(hostId: number, certificateId: number): Promise<void> {
|
||||
await this.requestWithAuth<void>({
|
||||
method: "PUT",
|
||||
url: `/nginx/proxy-hosts/${hostId}`,
|
||||
data: {
|
||||
certificate_id: certificateId,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
private async login(): Promise<string> {
|
||||
if (this.token) {
|
||||
return this.token;
|
||||
}
|
||||
|
||||
if (!this.tokenPromise) {
|
||||
this.tokenPromise = this.performLogin().finally(() => {
|
||||
this.tokenPromise = undefined;
|
||||
});
|
||||
}
|
||||
|
||||
this.token = await this.tokenPromise;
|
||||
return this.token;
|
||||
}
|
||||
|
||||
private async performLogin(): Promise<string> {
|
||||
const initialLogin = await this.request<TokenResponse>({
|
||||
method: "POST",
|
||||
url: "/tokens",
|
||||
data: {
|
||||
identity: this.email,
|
||||
secret: this.password,
|
||||
},
|
||||
});
|
||||
|
||||
if (initialLogin.token) {
|
||||
return initialLogin.token;
|
||||
}
|
||||
|
||||
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
|
||||
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
if (!this.totpSecret) {
|
||||
throw new Error(
|
||||
"登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret"
|
||||
);
|
||||
}
|
||||
|
||||
let code: string;
|
||||
try {
|
||||
code = authenticator.generate(this.totpSecret);
|
||||
} catch (error) {
|
||||
throw this.describeError(error, "Generating TOTP code");
|
||||
}
|
||||
|
||||
const completedLogin = await this.request<TokenResponse>({
|
||||
method: "POST",
|
||||
url: "/tokens/2fa",
|
||||
data: {
|
||||
challenge_token: initialLogin.challenge_token,
|
||||
code,
|
||||
},
|
||||
});
|
||||
|
||||
if (!completedLogin.token) {
|
||||
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
return completedLogin.token;
|
||||
}
|
||||
|
||||
private async requestWithAuth<T>(config: {
|
||||
method: string;
|
||||
url: string;
|
||||
params?: Record<string, unknown>;
|
||||
data?: unknown;
|
||||
headers?: Record<string, string>;
|
||||
}): Promise<T> {
|
||||
const token = await this.login();
|
||||
const headers = {
|
||||
...(config.headers ?? {}),
|
||||
Authorization: `Bearer ${token}`,
|
||||
};
|
||||
|
||||
return await this.request<T>({
|
||||
...config,
|
||||
headers,
|
||||
});
|
||||
}
|
||||
|
||||
private async request<T>(config: {
|
||||
method: string;
|
||||
url: string;
|
||||
params?: Record<string, unknown>;
|
||||
data?: unknown;
|
||||
headers?: Record<string, string>;
|
||||
}): Promise<T> {
|
||||
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
|
||||
try {
|
||||
const response = await this.ctx.http.request({
|
||||
url: `${this.apiBaseUrl}${config.url}`,
|
||||
method: config.method,
|
||||
params: config.params,
|
||||
data: config.data,
|
||||
headers: config.headers,
|
||||
timeout: 30000,
|
||||
httpsAgent: this.ignoreTls ? {
|
||||
rejectUnauthorized: false
|
||||
} : undefined,
|
||||
});
|
||||
return response;
|
||||
} catch (error) {
|
||||
throw this.describeError(error, action);
|
||||
}
|
||||
}
|
||||
|
||||
async onTestRequest(): Promise<string> {
|
||||
const result = await this.verifyAccess();
|
||||
this.ctx.logger.info(
|
||||
`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`
|
||||
);
|
||||
return `成功(${result.proxyHostCount} 个代理主机)`;
|
||||
}
|
||||
|
||||
async getProxyHostList(req: { searchKey?: string } = {}): Promise<ProxyHost[]> {
|
||||
return await this.getProxyHosts(req.searchKey);
|
||||
}
|
||||
}
|
||||
|
||||
new NginxProxyManagerAccess();
|
||||
@@ -0,0 +1,2 @@
|
||||
export * from "./plugins/index.js";
|
||||
export * from "./access.js";
|
||||
+344
@@ -0,0 +1,344 @@
|
||||
name: nginxProxyManager
|
||||
icon: logos:nginx
|
||||
title: Nginx Proxy Manager 授权
|
||||
group: null
|
||||
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
|
||||
setting: null
|
||||
sysSetting: null
|
||||
type: custom
|
||||
disabled: false
|
||||
version: 1.0.0
|
||||
pluginType: access
|
||||
author: samler
|
||||
input:
|
||||
endpoint:
|
||||
title: NPM 地址
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: https://npm.example.com
|
||||
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
|
||||
required: true
|
||||
email:
|
||||
title: 邮箱
|
||||
component:
|
||||
name: a-input
|
||||
allowClear: true
|
||||
placeholder: admin@example.com
|
||||
required: true
|
||||
password:
|
||||
title: 密码
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: 请输入密码
|
||||
required: true
|
||||
encrypt: true
|
||||
totpSecret:
|
||||
title: TOTP 密钥
|
||||
component:
|
||||
name: a-input-password
|
||||
allowClear: true
|
||||
placeholder: Optional base32 TOTP secret
|
||||
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
|
||||
required: false
|
||||
encrypt: true
|
||||
ignoreTls:
|
||||
title: 忽略无效 TLS
|
||||
component:
|
||||
name: a-switch
|
||||
vModel: checked
|
||||
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
|
||||
required: false
|
||||
testRequest:
|
||||
title: 测试
|
||||
component:
|
||||
name: api-test
|
||||
action: TestRequest
|
||||
helper: 测试登录并拉取代理主机列表。
|
||||
content: |
|
||||
const { BaseAccess } = await import("@certd/pipeline");
|
||||
const httpsModule = await import("node:https");
|
||||
const { URL } = await import("node:url");
|
||||
const axiosModule = await import("axios");
|
||||
const formDataModule = await import("form-data");
|
||||
const { authenticator } = await import("otplib");
|
||||
|
||||
const https = httpsModule.default ?? httpsModule;
|
||||
const axios = axiosModule.default ?? axiosModule;
|
||||
const FormData = formDataModule.default ?? formDataModule;
|
||||
|
||||
function normalizeEndpoint(endpoint) {
|
||||
const trimmed = String(endpoint ?? "").trim();
|
||||
if (!trimmed) {
|
||||
throw new Error("Nginx Proxy Manager 地址不能为空");
|
||||
}
|
||||
|
||||
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
|
||||
return withoutTrailingSlash.endsWith("/api")
|
||||
? withoutTrailingSlash.slice(0, -4)
|
||||
: withoutTrailingSlash;
|
||||
}
|
||||
|
||||
function buildHttpsAgent(endpoint, ignoreTls) {
|
||||
const url = new URL(endpoint);
|
||||
if (url.protocol !== "https:") {
|
||||
return undefined;
|
||||
}
|
||||
|
||||
return new https.Agent({
|
||||
rejectUnauthorized: !ignoreTls,
|
||||
});
|
||||
}
|
||||
|
||||
function describeError(error, action) {
|
||||
if (axios.isAxiosError(error)) {
|
||||
const status = error.response?.status;
|
||||
const data = error.response?.data;
|
||||
const message =
|
||||
data?.error?.message ||
|
||||
data?.error ||
|
||||
data?.message ||
|
||||
(typeof data === "string" ? data : null) ||
|
||||
error.message;
|
||||
return new Error(`${action} failed${status ? ` (${status})` : ""}: ${message}`);
|
||||
}
|
||||
|
||||
if (error instanceof Error) {
|
||||
return new Error(`${action} failed: ${error.message}`);
|
||||
}
|
||||
|
||||
return new Error(`${action} failed`);
|
||||
}
|
||||
|
||||
class NginxProxyManagerClient {
|
||||
constructor(options) {
|
||||
this.options = options;
|
||||
this.endpoint = normalizeEndpoint(options.endpoint);
|
||||
this.apiBaseUrl = `${this.endpoint}/api`;
|
||||
this.token = undefined;
|
||||
this.tokenPromise = undefined;
|
||||
this.httpClient = axios.create({
|
||||
baseURL: this.apiBaseUrl,
|
||||
timeout: 30000,
|
||||
maxBodyLength: Infinity,
|
||||
maxContentLength: Infinity,
|
||||
httpsAgent: buildHttpsAgent(this.endpoint, options.ignoreTls === true),
|
||||
headers: {
|
||||
Accept: "application/json",
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async verifyAccess() {
|
||||
const proxyHosts = await this.getProxyHosts();
|
||||
return {
|
||||
proxyHostCount: proxyHosts.length,
|
||||
};
|
||||
}
|
||||
|
||||
async getProxyHosts(searchQuery) {
|
||||
return await this.requestWithAuth({
|
||||
method: "GET",
|
||||
url: "/nginx/proxy-hosts",
|
||||
params: {
|
||||
expand: "certificate",
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificates(searchQuery) {
|
||||
return await this.requestWithAuth({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: searchQuery ? { query: searchQuery } : undefined,
|
||||
});
|
||||
}
|
||||
|
||||
async getCertificatesWithExpand(searchQuery, expand = []) {
|
||||
return await this.requestWithAuth({
|
||||
method: "GET",
|
||||
url: "/nginx/certificates",
|
||||
params: {
|
||||
...(searchQuery ? { query: searchQuery } : {}),
|
||||
...(expand.length > 0 ? { expand: expand.join(",") } : {}),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async findCustomCertificateByNiceName(niceName) {
|
||||
const certificates = await this.getCertificates(niceName);
|
||||
return certificates.find((certificate) => {
|
||||
return certificate.provider === "other" && certificate.nice_name === niceName;
|
||||
});
|
||||
}
|
||||
|
||||
async createCustomCertificate(niceName, domainNames = []) {
|
||||
return await this.requestWithAuth({
|
||||
method: "POST",
|
||||
url: "/nginx/certificates",
|
||||
data: {
|
||||
provider: "other",
|
||||
nice_name: niceName,
|
||||
domain_names: domainNames,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async deleteCertificate(certificateId) {
|
||||
await this.requestWithAuth({
|
||||
method: "DELETE",
|
||||
url: `/nginx/certificates/${certificateId}`,
|
||||
});
|
||||
}
|
||||
|
||||
async uploadCertificate(certificateId, payload) {
|
||||
const form = new FormData();
|
||||
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
|
||||
filename: "fullchain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
|
||||
filename: "privkey.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
if (payload.intermediateCertificate) {
|
||||
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
|
||||
filename: "chain.pem",
|
||||
contentType: "application/x-pem-file",
|
||||
});
|
||||
}
|
||||
|
||||
await this.requestWithAuth({
|
||||
method: "POST",
|
||||
url: `/nginx/certificates/${certificateId}/upload`,
|
||||
data: form,
|
||||
headers: form.getHeaders(),
|
||||
});
|
||||
}
|
||||
|
||||
async assignCertificateToProxyHost(hostId, certificateId) {
|
||||
await this.requestWithAuth({
|
||||
method: "PUT",
|
||||
url: `/nginx/proxy-hosts/${hostId}`,
|
||||
data: {
|
||||
certificate_id: certificateId,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
async login() {
|
||||
if (this.token) {
|
||||
return this.token;
|
||||
}
|
||||
|
||||
if (!this.tokenPromise) {
|
||||
this.tokenPromise = this.performLogin().finally(() => {
|
||||
this.tokenPromise = undefined;
|
||||
});
|
||||
}
|
||||
|
||||
this.token = await this.tokenPromise;
|
||||
return this.token;
|
||||
}
|
||||
|
||||
async performLogin() {
|
||||
const initialLogin = await this.request({
|
||||
method: "POST",
|
||||
url: "/tokens",
|
||||
data: {
|
||||
identity: this.options.email,
|
||||
secret: this.options.password,
|
||||
},
|
||||
});
|
||||
|
||||
if (initialLogin.token) {
|
||||
return initialLogin.token;
|
||||
}
|
||||
|
||||
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
|
||||
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
if (!this.options.totpSecret) {
|
||||
throw new Error("登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret");
|
||||
}
|
||||
|
||||
let code;
|
||||
try {
|
||||
code = authenticator.generate(this.options.totpSecret);
|
||||
} catch (error) {
|
||||
throw describeError(error, "Generating TOTP code");
|
||||
}
|
||||
|
||||
const completedLogin = await this.request({
|
||||
method: "POST",
|
||||
url: "/tokens/2fa",
|
||||
data: {
|
||||
challenge_token: initialLogin.challenge_token,
|
||||
code,
|
||||
},
|
||||
});
|
||||
|
||||
if (!completedLogin.token) {
|
||||
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
|
||||
}
|
||||
|
||||
return completedLogin.token;
|
||||
}
|
||||
|
||||
async requestWithAuth(config) {
|
||||
const token = await this.login();
|
||||
const headers = {
|
||||
...(config.headers ?? {}),
|
||||
Authorization: `Bearer ${token}`,
|
||||
};
|
||||
|
||||
return await this.request({
|
||||
...config,
|
||||
headers,
|
||||
});
|
||||
}
|
||||
|
||||
async request(config) {
|
||||
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
|
||||
try {
|
||||
const response = await this.httpClient.request(config);
|
||||
return response.data;
|
||||
} catch (error) {
|
||||
throw describeError(error, action);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return class NginxProxyManagerAccess extends BaseAccess {
|
||||
endpoint = "";
|
||||
email = "";
|
||||
password = "";
|
||||
totpSecret = "";
|
||||
ignoreTls = false;
|
||||
testRequest = true;
|
||||
|
||||
createClient() {
|
||||
return new NginxProxyManagerClient({
|
||||
endpoint: this.endpoint,
|
||||
email: this.email,
|
||||
password: this.password,
|
||||
totpSecret: this.totpSecret || undefined,
|
||||
ignoreTls: this.ignoreTls === true,
|
||||
});
|
||||
}
|
||||
|
||||
async onTestRequest() {
|
||||
const client = this.createClient();
|
||||
const result = await client.verifyAccess();
|
||||
this.ctx.logger.info(`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`);
|
||||
return `成功(${result.proxyHostCount} 个代理主机)`;
|
||||
}
|
||||
|
||||
async getProxyHostList(req = {}) {
|
||||
const client = this.createClient();
|
||||
return await client.getProxyHosts(req.searchKey);
|
||||
}
|
||||
};
|
||||
@@ -0,0 +1 @@
|
||||
export * from "./plugin-deploy-to-proxy-hosts.js";
|
||||
+343
@@ -0,0 +1,343 @@
|
||||
import {
|
||||
AbstractTaskPlugin,
|
||||
IsTaskPlugin,
|
||||
pluginGroups,
|
||||
RunStrategy,
|
||||
TaskInput,
|
||||
} from "@certd/pipeline";
|
||||
import { CertInfo, CertReader, createCertDomainGetterInputDefine } from "@certd/plugin-cert";
|
||||
import { NginxProxyManagerAccess, ProxyHost } from "../access.js";
|
||||
|
||||
interface ProxyHostOption {
|
||||
label: string;
|
||||
value: string;
|
||||
domain: string;
|
||||
}
|
||||
|
||||
@IsTaskPlugin({
|
||||
name: "NginxProxyManagerDeploy",
|
||||
title: "Nginx Proxy Manager-部署到主机",
|
||||
desc: "上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。",
|
||||
icon: "logos:nginx",
|
||||
group: pluginGroups.panel.key,
|
||||
default: {
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
|
||||
@TaskInput({
|
||||
title: "域名证书",
|
||||
helper: "请选择前置任务产出的证书。",
|
||||
component: {
|
||||
name: "output-selector",
|
||||
from: [":cert:"],
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo;
|
||||
|
||||
@TaskInput(createCertDomainGetterInputDefine())
|
||||
certDomains!: string[];
|
||||
|
||||
@TaskInput({
|
||||
title: "NPM授权",
|
||||
component: {
|
||||
name: "access-selector",
|
||||
type: "nginxProxyManager",
|
||||
},
|
||||
helper: "选择用于部署的 Nginx Proxy Manager 授权。",
|
||||
required: true,
|
||||
})
|
||||
accessId!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "代理主机",
|
||||
component: {
|
||||
name: "remote-select",
|
||||
vModel: "value",
|
||||
mode: "tags",
|
||||
type: "plugin",
|
||||
action: "onGetProxyHostOptions",
|
||||
search: true,
|
||||
pager: false,
|
||||
multi: true,
|
||||
watches: ["certDomains", "accessId"],
|
||||
},
|
||||
helper: "选择要绑定此证书的一个或多个代理主机。",
|
||||
required: true,
|
||||
})
|
||||
proxyHostIds!: string | string[];
|
||||
|
||||
@TaskInput({
|
||||
title: "证书标识",
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: "certd_npm_example_com",
|
||||
},
|
||||
helper: "可选。留空时默认使用 certd_npm_<主域名规范化>。",
|
||||
required: false,
|
||||
})
|
||||
certificateLabel?: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "自动清理未使用证书",
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
},
|
||||
helper: "部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。",
|
||||
required: false,
|
||||
})
|
||||
cleanupMatchingCertificates = false;
|
||||
|
||||
private normalizeDomain(domain: string): string {
|
||||
return String(domain ?? "").trim().toLowerCase();
|
||||
}
|
||||
|
||||
private wildcardMatches(pattern: string, candidate: string): boolean {
|
||||
if (!pattern.startsWith("*.")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const suffix = pattern.slice(1).toLowerCase();
|
||||
return candidate.endsWith(suffix);
|
||||
}
|
||||
|
||||
private isDomainMatch(left: string, right: string): boolean {
|
||||
const normalizedLeft = this.normalizeDomain(left);
|
||||
const normalizedRight = this.normalizeDomain(right);
|
||||
|
||||
return (
|
||||
normalizedLeft === normalizedRight ||
|
||||
this.wildcardMatches(normalizedLeft, normalizedRight) ||
|
||||
this.wildcardMatches(normalizedRight, normalizedLeft)
|
||||
);
|
||||
}
|
||||
|
||||
private sanitizeDomainSegment(value: string): string {
|
||||
const sanitized = String(value ?? "")
|
||||
.trim()
|
||||
.toLowerCase()
|
||||
.replace(/[^a-z0-9]+/g, "_")
|
||||
.replace(/^_+|_+$/g, "")
|
||||
.replace(/_+/g, "_");
|
||||
|
||||
return sanitized || "unknown";
|
||||
}
|
||||
|
||||
private buildDefaultCertificateLabel(cert: CertInfo): string {
|
||||
const mainDomain = CertReader.getMainDomain(cert.crt);
|
||||
return `certd_npm_${this.sanitizeDomainSegment(mainDomain)}`;
|
||||
}
|
||||
|
||||
private normalizeStringList(input: string | string[] | null | undefined): string[] {
|
||||
if (Array.isArray(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
if (input == null || input === "") {
|
||||
return [];
|
||||
}
|
||||
|
||||
return [input];
|
||||
}
|
||||
|
||||
private resolveCertificateDomains(cert: CertInfo, configuredDomains: string | string[] | null | undefined): string[] {
|
||||
const configured = this.normalizeStringList(configuredDomains)
|
||||
.map((value) => String(value).trim())
|
||||
.filter(Boolean);
|
||||
|
||||
if (configured.length > 0) {
|
||||
return Array.from(new Set(configured));
|
||||
}
|
||||
|
||||
return new CertReader(cert).getAllDomains();
|
||||
}
|
||||
|
||||
private buildProxyHostLabel(host: ProxyHost): string {
|
||||
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
|
||||
return `${domains} <#${host.id}>`;
|
||||
}
|
||||
|
||||
private hasAnyCertDomainMatch(host: ProxyHost, certDomains: string[]): boolean {
|
||||
if (!certDomains.length) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const hostDomains = host.domain_names ?? [];
|
||||
return hostDomains.some((hostDomain) =>
|
||||
certDomains.some((certDomain) => this.isDomainMatch(hostDomain, certDomain))
|
||||
);
|
||||
}
|
||||
|
||||
private buildProxyHostOptions(hosts: ProxyHost[], certDomains: string[]) {
|
||||
const sortedHosts = [...hosts].sort((left, right) => {
|
||||
return this.buildProxyHostLabel(left).localeCompare(this.buildProxyHostLabel(right));
|
||||
});
|
||||
|
||||
const matched: { label: string; value: string; domain: string }[] = [];
|
||||
const unmatched: { label: string; value: string; domain: string }[] = [];
|
||||
|
||||
for (const host of sortedHosts) {
|
||||
const option = {
|
||||
label: this.buildProxyHostLabel(host),
|
||||
value: String(host.id),
|
||||
domain: host.domain_names?.[0] ?? "",
|
||||
};
|
||||
|
||||
if (this.hasAnyCertDomainMatch(host, certDomains)) {
|
||||
matched.push(option);
|
||||
} else {
|
||||
unmatched.push(option);
|
||||
}
|
||||
}
|
||||
|
||||
if (matched.length && unmatched.length) {
|
||||
return [
|
||||
{
|
||||
label: "匹配证书域名的主机",
|
||||
options: matched,
|
||||
},
|
||||
{
|
||||
label: "其他代理主机",
|
||||
options: unmatched,
|
||||
},
|
||||
];
|
||||
}
|
||||
|
||||
return matched.length ? matched : unmatched;
|
||||
}
|
||||
|
||||
private normalizeProxyHostIds(proxyHostIds: string | string[] | number | null | undefined): number[] {
|
||||
return Array.from(
|
||||
new Set(
|
||||
this.normalizeStringList(proxyHostIds as string | string[] | null | undefined)
|
||||
.map((value) => Number.parseInt(String(value), 10))
|
||||
.filter((value) => Number.isInteger(value) && value > 0)
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
private certificateHasBindings(certificate: { proxy_hosts?: unknown[]; redirection_hosts?: unknown[]; dead_hosts?: unknown[]; streams?: unknown[] }): boolean {
|
||||
return (
|
||||
(certificate.proxy_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.dead_hosts?.length ?? 0) > 0 ||
|
||||
(certificate.streams?.length ?? 0) > 0
|
||||
);
|
||||
}
|
||||
|
||||
async execute(): Promise<void> {
|
||||
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
|
||||
const proxyHostIds = this.normalizeProxyHostIds(this.proxyHostIds);
|
||||
|
||||
if (proxyHostIds.length === 0) {
|
||||
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
|
||||
}
|
||||
|
||||
const certificateLabel =
|
||||
this.certificateLabel?.trim() || this.buildDefaultCertificateLabel(this.cert);
|
||||
const certificateDomains = this.resolveCertificateDomains(this.cert, this.certDomains);
|
||||
|
||||
let certificate = await access.findCustomCertificateByNiceName(certificateLabel);
|
||||
if (!certificate) {
|
||||
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
|
||||
certificate = await access.createCustomCertificate(certificateLabel, certificateDomains);
|
||||
} else {
|
||||
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
|
||||
}
|
||||
|
||||
await access.uploadCertificate(certificate.id, {
|
||||
certificate: this.cert.crt,
|
||||
certificateKey: this.cert.key,
|
||||
intermediateCertificate: this.cert.ic,
|
||||
});
|
||||
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
|
||||
|
||||
for (const proxyHostId of proxyHostIds) {
|
||||
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
|
||||
try {
|
||||
await access.assignCertificateToProxyHost(proxyHostId, certificate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (this.cleanupMatchingCertificates === true) {
|
||||
await this.cleanupOldCertificates(access, certificate.id);
|
||||
}
|
||||
|
||||
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
|
||||
}
|
||||
|
||||
async onGetProxyHostOptions(req: { searchKey?: string } = {}): Promise<ProxyHostOption[] | { label: string; options: ProxyHostOption[] }[]> {
|
||||
if (!this.accessId) {
|
||||
throw new Error("请先选择 Nginx Proxy Manager 授权");
|
||||
}
|
||||
|
||||
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
|
||||
const proxyHosts = await access.getProxyHostList(req);
|
||||
return this.buildProxyHostOptions(proxyHosts, this.normalizeStringList(this.certDomains));
|
||||
}
|
||||
|
||||
private async cleanupOldCertificates(access: NginxProxyManagerAccess, currentCertificateId: number): Promise<void> {
|
||||
const certificates = await access.getCertificatesWithExpand(undefined, [
|
||||
"proxy_hosts",
|
||||
"redirection_hosts",
|
||||
"dead_hosts",
|
||||
"streams",
|
||||
]);
|
||||
const candidates = certificates.filter((certificate) => {
|
||||
return certificate.id !== currentCertificateId;
|
||||
});
|
||||
|
||||
if (candidates.length === 0) {
|
||||
this.logger.info("未发现可自动清理的旧证书");
|
||||
return;
|
||||
}
|
||||
|
||||
const deletedIds: number[] = [];
|
||||
const skippedInUse: string[] = [];
|
||||
const failedDeletes: string[] = [];
|
||||
|
||||
for (const candidate of candidates) {
|
||||
if (this.certificateHasBindings(candidate)) {
|
||||
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
|
||||
continue;
|
||||
}
|
||||
|
||||
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
|
||||
try {
|
||||
await access.deleteCertificate(candidate.id);
|
||||
deletedIds.push(candidate.id);
|
||||
} catch (error) {
|
||||
const message = error instanceof Error ? error.message : String(error);
|
||||
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (deletedIds.length > 0) {
|
||||
this.logger.info(
|
||||
`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds
|
||||
.map((id) => `#${id}`)
|
||||
.join(", ")}`
|
||||
);
|
||||
} else {
|
||||
this.logger.info("未删除任何旧证书");
|
||||
}
|
||||
|
||||
if (skippedInUse.length > 0) {
|
||||
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
|
||||
}
|
||||
|
||||
if (failedDeletes.length > 0) {
|
||||
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
new NginxProxyManagerDeploy();
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,182 @@
|
||||
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
|
||||
import { DomainRecord } from '@certd/plugin-lib';
|
||||
|
||||
/**
|
||||
* Technitium DNS Server 授权配置
|
||||
*/
|
||||
@IsAccess({
|
||||
name: 'technitium',
|
||||
title: 'Technitium DNS Server',
|
||||
icon: 'clarity:server-line',
|
||||
desc: 'Technitium DNS Server 自建DNS服务器授权',
|
||||
})
|
||||
export class TechnitiumAccess extends BaseAccess {
|
||||
|
||||
/**
|
||||
* API地址
|
||||
*/
|
||||
@AccessInput({
|
||||
title: 'API地址',
|
||||
value: 'http://localhost:5380',
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: 'http://localhost:5380',
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
apiUrl = 'http://localhost:5380';
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* 用户名
|
||||
*/
|
||||
@AccessInput({
|
||||
title: '用户名',
|
||||
component: {
|
||||
name: "a-input",
|
||||
allowClear: true,
|
||||
placeholder: 'admin',
|
||||
},
|
||||
required: false,
|
||||
})
|
||||
username = 'admin';
|
||||
|
||||
/**
|
||||
* 密码
|
||||
*/
|
||||
@AccessInput({
|
||||
title: '密码',
|
||||
component: {
|
||||
name: "a-input",
|
||||
type: "password",
|
||||
allowClear: true,
|
||||
placeholder: '密码',
|
||||
},
|
||||
required: false,
|
||||
encrypt: true,
|
||||
})
|
||||
password = '';
|
||||
|
||||
/**
|
||||
* 测试按钮
|
||||
*/
|
||||
@AccessInput({
|
||||
title: "测试",
|
||||
component: {
|
||||
name: "api-test",
|
||||
action: "TestRequest"
|
||||
},
|
||||
helper: "点击测试接口是否正常"
|
||||
})
|
||||
testRequest = true;
|
||||
|
||||
token = '';
|
||||
|
||||
/**
|
||||
* 通用API调用方法
|
||||
*/
|
||||
async doRequest(options: { url: string; method: 'get' | 'post'; params?: URLSearchParams }) {
|
||||
// 每次请求前都获取最新的token
|
||||
if (!options.url.includes('/api/user/login')) {
|
||||
await this.getToken();
|
||||
}
|
||||
|
||||
// 复制参数并添加token
|
||||
const params = new URLSearchParams(options.params || '');
|
||||
if (this.token && !options.url.includes('/api/user/login')) {
|
||||
params.append('token', this.token);
|
||||
}
|
||||
|
||||
let fullUrl = options.url;
|
||||
if (params.toString()) {
|
||||
fullUrl = `${options.url}?${params.toString()}`;
|
||||
}
|
||||
|
||||
const response = await this.ctx.http.request({
|
||||
url: fullUrl,
|
||||
method: options.method,
|
||||
});
|
||||
|
||||
if (response.status !== 'ok') {
|
||||
throw new Error(`${response.errorMessage || 'API调用失败'}`);
|
||||
}
|
||||
|
||||
return response;
|
||||
}
|
||||
|
||||
/**
|
||||
* 测试API连接
|
||||
*/
|
||||
async onTestRequest() {
|
||||
// 测试获取区域列表
|
||||
await this.GetDomainList({});
|
||||
return "连接成功";
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取域名列表
|
||||
*/
|
||||
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
|
||||
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
|
||||
const pager = new Pager(req);
|
||||
|
||||
// 规范API地址
|
||||
this.apiUrl = this.normalizeEndpoint(this.apiUrl);
|
||||
|
||||
// 构建API URL
|
||||
const apiUrl = `${this.apiUrl}/api/zones/list`;
|
||||
|
||||
// 构建查询参数
|
||||
const params = new URLSearchParams();
|
||||
|
||||
// 调用API获取区域列表
|
||||
const response = await this.doRequest({ url: apiUrl, method: 'get', params: params });
|
||||
|
||||
const zones = response.response.zones || [];
|
||||
const total = zones.length;
|
||||
|
||||
// 转换为DomainRecord格式
|
||||
let list = zones.map((zone: any) => ({
|
||||
id: zone.name,
|
||||
domain: zone.name,
|
||||
}));
|
||||
|
||||
// 应用分页
|
||||
list = list.slice(pager.getOffset(), pager.getOffset() + pager.pageSize);
|
||||
|
||||
return {
|
||||
total,
|
||||
list
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取API Token
|
||||
*/
|
||||
async getToken() {
|
||||
const apiUrl = `${this.apiUrl}/api/user/login`;
|
||||
|
||||
const params = new URLSearchParams({
|
||||
user: this.username,
|
||||
pass: this.password,
|
||||
});
|
||||
|
||||
// 直接使用ctx.http.request,避免递归调用doRequest
|
||||
const response = await this.ctx.http.request({
|
||||
url: `${apiUrl}?${params.toString()}`,
|
||||
method: 'post',
|
||||
});
|
||||
|
||||
if (response.status !== 'ok') {
|
||||
throw new Error(`登录失败: ${response.errorMessage || '未知错误'}`);
|
||||
}
|
||||
|
||||
this.token = response.token;
|
||||
return this.token;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,97 @@
|
||||
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
|
||||
|
||||
import { TechnitiumAccess } from "./access.js"
|
||||
|
||||
type TechnitiumRecord = {
|
||||
// 记录创建时返回的数据结构
|
||||
zone: {
|
||||
name: string;
|
||||
type: string;
|
||||
internal: boolean;
|
||||
dnssecStatus: string;
|
||||
disabled: boolean;
|
||||
};
|
||||
addedRecord: {
|
||||
disabled: boolean;
|
||||
name: string;
|
||||
type: string;
|
||||
ttl: number;
|
||||
rData: {
|
||||
text: string;
|
||||
};
|
||||
dnssecStatus: string;
|
||||
lastUsedOn: string;
|
||||
};
|
||||
};
|
||||
|
||||
// 注册Technitium DNS Server的DNS提供商
|
||||
@IsDnsProvider({
|
||||
name: 'technitium',
|
||||
title: 'Technitium DNS Server',
|
||||
desc: 'Technitium DNS Server 自建DNS服务器',
|
||||
icon: 'clarity:server-line',
|
||||
accessType: 'technitium',
|
||||
order: 10,
|
||||
})
|
||||
export class TechnitiumDnsProvider extends AbstractDnsProvider<TechnitiumRecord> {
|
||||
access!: TechnitiumAccess;
|
||||
|
||||
async onInstance() {
|
||||
this.access = this.ctx.access as TechnitiumAccess;
|
||||
this.logger.debug('access', this.access);
|
||||
}
|
||||
|
||||
/**
|
||||
* 创建DNS解析记录,用于验证域名所有权
|
||||
*/
|
||||
async createRecord(options: CreateRecordOptions): Promise<TechnitiumRecord> {
|
||||
const { fullRecord, value, type, domain } = options;
|
||||
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
|
||||
|
||||
// 构建API URL
|
||||
const apiUrl = `${this.access.apiUrl}/api/zones/records/add`;
|
||||
|
||||
// 构建查询参数
|
||||
const params = new URLSearchParams({
|
||||
zone: domain,
|
||||
domain: fullRecord,
|
||||
type: type,
|
||||
text: value,
|
||||
ttl: "60",
|
||||
});
|
||||
|
||||
// 调用Technitium API创建TXT记录
|
||||
const response = await this.access.doRequest({ url: apiUrl, method: 'post', params: params });
|
||||
|
||||
this.logger.info('创建域名解析成功:', fullRecord, value);
|
||||
return response as TechnitiumRecord;
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除DNS解析记录,清理申请痕迹
|
||||
*/
|
||||
async removeRecord(options: RemoveRecordOptions<TechnitiumRecord>): Promise<void> {
|
||||
const { fullRecord, value, domain } = options.recordReq;
|
||||
const record = options.recordRes;
|
||||
this.logger.info('删除域名解析:', domain, fullRecord, value, record);
|
||||
|
||||
// 构建API URL
|
||||
const apiUrl = `${this.access.apiUrl}/api/zones/records/delete`;
|
||||
|
||||
// 构建查询参数
|
||||
const params = new URLSearchParams({
|
||||
zone: domain,
|
||||
domain: fullRecord,
|
||||
type: 'TXT',
|
||||
text: value,
|
||||
});
|
||||
|
||||
// 调用Technitium API删除TXT记录
|
||||
await this.access.doRequest({ url: apiUrl, method: 'post', params: params });
|
||||
|
||||
this.logger.info('删除域名解析成功:', fullRecord, value);
|
||||
}
|
||||
}
|
||||
|
||||
// 实例化这个provider,将其自动注册到系统中
|
||||
new TechnitiumDnsProvider();
|
||||
@@ -0,0 +1,2 @@
|
||||
export * from './dns-provider.js';
|
||||
export * from './access.js';
|
||||
@@ -1 +1 @@
|
||||
01:26
|
||||
23:47
|
||||
|
||||
@@ -1 +1 @@
|
||||
01:53
|
||||
00:29
|
||||
|
||||
Reference in New Issue
Block a user