Compare commits

..

33 Commits

Author SHA1 Message Date
xiaojunnuo 1f1d687317 perf: 添加Azure DNS插件支持及文档
添加Azure DNS插件实现,包括DNS记录管理和授权配置
新增Azure使用文档和配置截图
更新依赖添加@azure/arm-dns和@azure/identity包
2026-04-26 03:36:33 +08:00
xiaojunnuo edc7bfc230 perf: 支持google dns插件 2026-04-26 01:56:08 +08:00
xiaojunnuo 7b6b3aa293 chore: skill 优化 2026-04-26 00:51:05 +08:00
xiaojunnuo 2f7514a2e7 perf: 阿里云waf支持云产品接入方式应用的证书部署 2026-04-26 00:12:37 +08:00
xiaojunnuo 575415b93a perf: 模版创建流水线支持随机时间 2026-04-25 19:01:06 +08:00
xiaojunnuo c28dfa8aca chore: 1 2026-04-25 17:39:34 +08:00
xiaojunnuo 91141922ee chore: 优化插件默认设置 2026-04-25 11:43:17 +08:00
xiaojunnuo cc5154e04e perf: 为DNS解析器添加超时配置,避免查询时间过长
在util.js中为dns.Resolver添加超时配置,确保DNS查询在合理时间内完成
2026-04-25 04:45:39 +08:00
xiaojunnuo 77db5ecd12 perf: 优化权威域名服务器查询超时时长 2026-04-25 04:30:48 +08:00
xiaojunnuo 7ac789c9c7 perf: 商业版支持配置证书申请插件参数 2026-04-25 04:12:26 +08:00
xiaojunnuo 24dff05f64 fix: 修复商业版设置了公共eab,创建流水线仍然会显示需要配置eab的bug 2026-04-25 03:32:45 +08:00
xiaojunnuo 64a350364d fix: 修复流水线未编辑模式下也提示未保存的bug 2026-04-25 02:29:25 +08:00
xiaojunnuo 11b7cfe5cb perf: 支持主动修改绑定url地址 2026-04-24 00:11:55 +08:00
xiaojunnuo 71cfcad2a1 fix: 修复列表页面底部滚动条与表格之间有空白间隙的bug 2026-04-24 00:04:42 +08:00
xiaojunnuo ab4373b26e chore: 商业版放开限制,可以切换为企业模式 2026-04-23 23:30:52 +08:00
xiaojunnuo d23ddc96ac chore: 优化安装脚本 2026-04-23 01:24:49 +08:00
xiaojunnuo 147708e779 chore: 1 2026-04-23 01:17:15 +08:00
xiaojunnuo dc969dd7ed perf: 支持一键安装脚本 2026-04-23 01:03:54 +08:00
xiaojunnuo ef7d1d9327 perf: 支持hipm dns mgr 2026-04-22 23:48:12 +08:00
xiaojunnuo 2e6e9ed925 perf: 支持部署到nginx-proxy-manager 2026-04-22 23:47:02 +08:00
HINS 296dcab4c7 perf: 添加HiPMDnsmgr DNS提供商的支持 @WUHINS
* feat: add HiPM DNSMgr DNS provider plugin

- Create plugin-hipmdnsmgr for HiPM DNSMgr integration
- Support API Token authentication (Bearer token)
- Implement createRecord and removeRecord for ACME DNS-01 challenge
- Add getDomainListPage for domain selection
- Register plugin in plugins/index.ts

Features:
- RESTful API integration with DNSMgr
- Automatic domain ID resolution
- Full TypeScript type support

* refactor: reorganize plugin-hipmdnsmgr directory structure

- Move access.ts to access/hipmdnsmgr-access.ts
- Move dns-provider.ts to dns-provider/hipmdnsmgr-dns-provider.ts
- Add index.ts files for proper module exports
- Align with plugin-huawei and plugin-tencent structure

Structure:
  plugin-hipmdnsmgr/
     access/
        hipmdnsmgr-access.ts
        index.ts
     dns-provider/
        hipmdnsmgr-dns-provider.ts
        index.ts
     index.ts
2026-04-22 00:10:13 +08:00
xiaojunnuo f9e1c46c45 chore: 1 2026-04-19 12:26:05 +08:00
xiaojunnuo 94fd5bd7ec chore: 1 2026-04-19 12:25:28 +08:00
xiaojunnuo eb6ca96e85 Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev 2026-04-19 12:24:06 +08:00
xiaojunnuo a2bbc7e272 fix: 修复站点监控某些情况下获取不到证书的bug 2026-04-19 12:23:41 +08:00
xiaojunnuo f075a991f0 chore: 1 2026-04-17 19:34:01 +08:00
xiaojunnuo edeb817c39 perf(technitium): 添加Technitium DNS Server插件支持
- 新增Technitium DNS Server插件,包含DNS提供商和授权配置
- 实现DNS记录创建、删除和域名列表获取功能
- 添加默认DNS传播等待时间配置
- 优化用户取消操作时的错误处理
- 为图标选择组件添加过滤功能
- 更新DNS提供商开发文档
2026-04-17 19:22:10 +08:00
xiaojunnuo 23b4658672 perf: apisix支持v2 2026-04-17 17:04:29 +08:00
ahe 5f95ee987f fix 站点IP监控提示权限不足 (#714) 2026-04-17 16:46:44 +08:00
xiaojunnuo cc73f156a7 chore: 1 2026-04-17 00:56:21 +08:00
xiaojunnuo ee72d10718 build: release 2026-04-12 00:29:18 +08:00
xiaojunnuo 831871d37f build: publish 2026-04-11 23:48:07 +08:00
xiaojunnuo 6072550ec1 build: trigger build image 2026-04-11 23:47:55 +08:00
105 changed files with 13523 additions and 1238 deletions
+265 -188
View File
@@ -1,190 +1,59 @@
---
name: access-plugin-dev
description: 用于开发 Certd 系统中的 Access 插件,存储用户第三方应用授权数据并对接实现第三方 API 接口。当用户需要创建授权插件、实现第三方API接口、添加新的授权方式或修改现有 Access 插件时触发。
version: 1.0.0
---
# Access 插件开发技能
## 什么是 Access 插件
## 角色定义
你是一名 Certd 插件开发专家,擅长创建和实现 Access 类型的插件,熟悉 TypeScript 编程和 Certd 插件开发规范。
Access 插件是 Certd 系统中用于存储用户第三方应用授权数据的插件,例如用户名密码、accessSecret 或 accessToken 等。同时,它还负责对接实现第三方的 API 接口,供其他插件调用使用。
## 核心指令
请严格按照以下步骤执行任务:
## 开发步骤
1. **导入必要的依赖**
- 导入 `AccessInput`, `BaseAccess`, `IsAccess`, `Pager`, `PageRes`, `PageSearch` 等必要的类型和装饰器
- 导入 `DomainRecord` 等相关类型
### 1. 导入必要的依赖
2. **使用 @IsAccess 注解注册插件**
- 配置插件的唯一标识、标题、图标和描述
- 继承 `BaseAccess`
```typescript
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
import { DomainRecord } from '@certd/plugin-lib';
```
3. **定义授权属性**
- 使用 `@AccessInput` 注解定义授权属性
- 配置属性的标题、默认值、组件类型和验证规则
- 对于敏感信息,设置 `encrypt: true` 进行加密
### 2. 使用 @IsAccess 注解注册插件
4. **实现测试方法**
- 添加测试按钮配置
- 实现 `onTestRequest` 方法,用于测试接口调用是否正常
```typescript
@IsAccess({
name: 'demo', // 插件唯一标识
title: '授权插件示例', // 插件标题
icon: 'clarity:plugin-line', // 插件图标
desc: '这是一个示例授权插件,用于演示如何实现一个授权插件', // 插件描述
})
export class DemoAccess extends BaseAccess {
// 插件实现...
}
```
5. **实现 API 方法**
- 实现必要的 API 方法,如 `GetDomainList`
- 封装统一的 API 请求方法 `doRequest`,处理错误和日志
### 3. 定义授权属性
6. **遵循开发最佳实践**
- 使用 `this.ctx.logger` 输出日志
- 统一处理错误,抛出明确的错误信息
- 实现代码复用,避免重复逻辑
使用 `@AccessInput` 注解定义授权属性:
## 输出规范
- 必须包含完整的插件实现代码,包括所有必要的导入语句
- 代码必须包含详细的注释说明,解释每个步骤的目的和实现细节
- 提供完整的示例代码,展示插件的使用方法,包括不同类型的授权方式
- 代码块必须使用正确的语法高亮,确保代码可读性
- 包含开发技巧和注意事项,帮助开发者避免常见错误
- 输出内容必须结构清晰,使用适当的标题和列表格式
```typescript
@AccessInput({
title: '授权方式',
value: 'apiKey', // 默认值
component: {
name: "a-select", // 基于 antdv 的输入组件
vModel: "value", // v-model 绑定的属性名
options: [ // 组件参数
{ label: "API密钥(推荐)", value: "apiKey" },
{ label: "账号密码", value: "account" },
],
placeholder: 'demoKeyId',
},
required: true,
})
apiType = '';
## 示例
@AccessInput({
title: '密钥Id',
component: {
name:"a-input",
allowClear: true,
placeholder: 'demoKeyId',
},
required: true,
})
demoKeyId = '';
### 示例 1: 基本 Access 插件
@AccessInput({
title: '密钥',//标题
required: true, //text组件可以省略
encrypt: true, //该属性是否需要加密
})
demoKeySecret = '';
#### 用户输入
创建一个 Access 插件,用于存储第三方应用的授权信息并提供 API 接口。
@AccessInput({
title: '另外一个授权Id',//标题
component: {
name:"access-selector", //access选择组件
vModel:"modelValue",
type: "ssh", // access类型,让用户固定选择这种类型的access
},
required: true, //text组件可以省略
})
otherAccessId;
```
### 4. 实现测试方法
```typescript
@AccessInput({
title: "测试",
component: {
name: "api-test",
action: "TestRequest"
},
helper: "点击测试接口是否正常"
})
testRequest = true;
/**
* 会通过上面的testRequest参数在ui界面上生成测试按钮,供用户测试接口调用是否正常
*/
async onTestRequest() {
await this.GetDomainList({});
return "ok"
}
```
### 5. 实现 API 方法
```typescript
/**
* api接口示例 获取域名列表,
*/
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
//输出日志必须使用ctx.logger
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
const pager = new Pager(req);
const resp = await this.doRequest({
action: "ListDomains",
data: {
domain: req.searchKey,
offset: pager.getOffset(),
limit: pager.pageSize,
}
});
const total = resp?.TotalCount || 0;
let list = resp?.DomainList?.map((item) => {
item.domain = item.Domain;
item.id = item.DomainId;
return item;
})
return {
total,
list
};
}
/**
* 通用api调用方法, 具体如何构造请求体,需参考对应应用的API文档
*/
async doRequest(req: { action: string, data?: any }) {
/**
this.ctx中包含很多有用的工具类
type AccessContext = {
http: HttpClient;
logger: ILogger;
utils: typeof utils;
accessService: IAccessService;
}
*/
const res = await this.ctx.http.request({
url: "https://api.demo.cn/api/",
method: "POST",
data: {
Action: req.action,
Body: req.data
}
});
if (res.Code !== 0) {
//异常处理
throw new Error(res.Message || "请求失败");
}
return res.Resp;
}
```
--- 开发技巧:实现统一的 API 请求封装
**好处:**
- **代码复用**:避免在每个 API 方法中重复编写相同的 header 设置和错误处理逻辑
- **错误处理一致**:统一捕获和处理各种错误情况,确保错误信息格式统一
- **日志记录完善**:集中记录详细的错误信息,便于调试和问题排查
- **接口调用简化**:调用方只需关注业务逻辑,无需关心底层请求细节
- **易于维护**:统一修改 API 调用方式时,只需修改一处代码
## 注意事项
1. **插件命名**:插件名称应简洁明了,反映其功能。
2. **属性加密**:对于敏感信息(如密钥),应设置 `encrypt: true`
3. **日志输出**:必须使用 `this.ctx.logger` 输出日志,而不是 `console`
4. **错误处理**:API 调用失败时应抛出明确的错误信息。
5. **测试方法**:实现 `onTestRequest` 方法,以便用户可以测试授权是否正常。
6. **统一接口调用方法**:封装统一的 API 请求方法,避免在每个 API 方法调用中重复编写错误处理逻辑。
## 完整示例
### 示例 1: 通用授权插件
#### 你的回答
```typescript
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
@@ -202,7 +71,7 @@ import { DomainRecord } from '@certd/plugin-lib';
})
export class DemoAccess extends BaseAccess {
/**
/**
* 授权属性配置
*/
@AccessInput({
@@ -248,7 +117,6 @@ export class DemoAccess extends BaseAccess {
})
demoKeySecret = '';
@AccessInput({
title: "测试",
component: {
@@ -268,7 +136,7 @@ export class DemoAccess extends BaseAccess {
}
/**
* api接口示例 取域名列表
* api接口示例 取域名列表
*/
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
//输出日志必须使用ctx.logger
@@ -294,21 +162,10 @@ export class DemoAccess extends BaseAccess {
};
}
// 还可以继续编写API
/**
* 通用api调用方法, 具体如何构造请求体,需参考对应应用的API文档
* 通用api调用方法, 具体如何构造请求体,需参考对应应用的API文档
*/
async doRequest(req: { action: string, data?: any }) {
/**
this.ctx中包含很多有用的工具类
type AccessContext = {
http: HttpClient;
logger: ILogger;
utils: typeof utils;
accessService: IAccessService;
}
*/
const res = await this.ctx.http.request({
url: "https://api.demo.cn/api/",
method: "POST",
@@ -325,4 +182,224 @@ export class DemoAccess extends BaseAccess {
return res.Resp;
}
}
```
### 示例 2: 支持 OAuth 授权的 Access 插件
#### 用户输入
创建一个支持 OAuth 授权方式的 Access 插件。
#### 你的回答
```typescript
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
import { DomainRecord } from '@certd/plugin-lib';
/**
* OAuth 授权插件示例
*/
@IsAccess({
name: 'oauth-demo',
title: 'OAuth授权插件示例',
icon: 'clarity:plugin-line',
desc: '这是一个支持OAuth授权的插件示例',
})
export class OAuthDemoAccess extends BaseAccess {
@AccessInput({
title: '授权方式',
value: 'oauth',
component: {
name: "a-select",
vModel: "value",
options: [
{
label: "OAuth授权",
value: "oauth"
},
{
label: "API密钥",
value: "apiKey"
},
],
},
required: true,
})
authType = '';
@AccessInput({
title: '客户端ID',
component: {
name:"a-input",
placeholder: 'Client ID',
},
required: true,
})
clientId = '';
@AccessInput({
title: '客户端密钥',
required: true,
encrypt: true,
})
clientSecret = '';
@AccessInput({
title: '授权回调地址',
component: {
name:"a-input",
placeholder: 'https://your-domain.com/callback',
},
required: true,
})
redirectUri = '';
@AccessInput({
title: 'AccessToken',
required: true,
encrypt: true,
})
accessToken = '';
@AccessInput({
title: 'RefreshToken',
encrypt: true,
})
refreshToken = '';
@AccessInput({
title: "测试",
component: {
name: "api-test",
action: "TestOAuth"
},
helper: "点击测试OAuth授权是否正常"
})
testOAuth = true;
/**
* 测试OAuth授权
*/
async onTestOAuth() {
try {
// 测试AccessToken是否有效
const result = await this.doOAuthRequest('GET', '/api/user/profile');
this.ctx.logger.info('OAuth测试成功:', result);
return "OAuth授权测试成功";
} catch (error) {
this.ctx.logger.error('OAuth测试失败:', error);
throw new Error('OAuth授权测试失败');
}
}
/**
* OAuth API请求方法
*/
async doOAuthRequest(method: string, endpoint: string, data?: any) {
const res = await this.ctx.http.request({
url: `https://api.oauth-demo.com${endpoint}`,
method,
headers: {
'Authorization': `Bearer ${this.accessToken}`,
'Content-Type': 'application/json'
},
data
});
if (res.status !== 200) {
throw new Error(`API请求失败: ${res.status} ${res.statusText}`);
}
return res.data;
}
/**
* 刷新AccessToken
*/
async refreshAccessToken() {
if (!this.refreshToken) {
throw new Error('没有提供RefreshToken');
}
const res = await this.ctx.http.request({
url: 'https://api.oauth-demo.com/oauth/token',
method: 'POST',
data: {
grant_type: 'refresh_token',
refresh_token: this.refreshToken,
client_id: this.clientId,
client_secret: this.clientSecret
}
});
if (res.status === 200 && res.data.access_token) {
this.accessToken = res.data.access_token;
if (res.data.refresh_token) {
this.refreshToken = res.data.refresh_token;
}
return true;
}
throw new Error('刷新AccessToken失败');
}
/**
* 获取域名列表
*/
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
try {
const res = await this.doOAuthRequest('GET', '/api/domains', {
search: req.searchKey,
page: req.page,
pageSize: req.pageSize
});
return {
total: res.total,
list: res.items.map((item: any) => ({
id: item.id,
domain: item.domain
}))
};
} catch (error) {
// 尝试刷新AccessToken并重试
if (error.message.includes('401')) {
await this.refreshAccessToken();
const res = await this.doOAuthRequest('GET', '/api/domains', {
search: req.searchKey,
page: req.page,
pageSize: req.pageSize
});
return {
total: res.total,
list: res.items.map((item: any) => ({
id: item.id,
domain: item.domain
}))
};
}
throw error;
}
}
}
```
## 注意事项
1. **插件命名**:插件名称应简洁明了,反映其功能。
2. **属性加密**:对于敏感信息(如密钥),应设置 `encrypt: true`
3. **日志输出**:必须使用 `this.ctx.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`
4. **错误处理**:API 调用失败时应抛出明确的错误信息。
5. **测试方法**:实现 `onTestRequest` 方法,以便用户可以测试授权是否正常。
6. **统一接口调用**:封装统一的 API 请求方法,避免重复编写错误处理逻辑。
## 开发技巧
### 实现统一的 API 请求封装
**好处:**
- **代码复用**:避免在每个 API 方法中重复编写相同的 header 设置和错误处理逻辑
- **错误处理一致**:统一捕获和处理各种错误情况,确保错误信息格式统一
- **日志记录完善**:集中记录详细的错误信息,便于调试和问题排查
- **接口调用简化**:调用方只需关注业务逻辑,无需关心底层请求细节
- **易于维护**:统一修改 API 调用方式时,只需修改一处代码
```
+378 -150
View File
@@ -1,141 +1,82 @@
---
name: dns-provider-dev
description: 用于开发 Certd 系统中的 DNS Provider 插件,在 ACME 申请证书时给域名添加 TXT 解析记录以验证域名所有权。当用户需要创建DNS提供商插件、实现DNS解析、ACME证书验证或修改现有 DNS Provider 插件时触发。
version: 1.0.0
---
# DNS Provider 插件开发技能
## 什么是 DNS Provider 插件
## 角色定义
你是一名 Certd 插件开发专家,擅长创建和实现 DNS Provider 类型的插件,熟悉 TypeScript 编程和 Certd 插件开发规范。
DNS Provider 插件是 Certd 系统中的 DNS 提供商插件,它用于在 ACME 申请证书时给域名添加 TXT 解析记录,以验证域名所有权。
## 核心指令
请严格按照以下步骤执行任务:
## 开发步骤
1. **导入必要的依赖**
- 导入 `AbstractDnsProvider`, `CreateRecordOptions`, `IsDnsProvider`, `RemoveRecordOptions` 等必要的类型和装饰器
- 导入对应的 Access 插件类型
### 1. 导入必要的依赖
2. **定义记录数据结构**
- 定义适合对应云平台的记录数据结构
- 至少包含 id 字段,用于后续删除记录
3. **使用 @IsDnsProvider 注解注册插件**
- 配置插件的唯一标识、标题、描述、图标
- 指定对应的云平台的 access 类型名称
- 设置排序值(可选)
- 继承 `AbstractDnsProvider`
4. **实现 onInstance 方法**
- 获取并保存对应的 Access 实例
- 执行初始化操作
5. **实现 createRecord 方法**
- 解析传入的参数(fullRecord, value, type, domain
- 记录操作开始日志
- 调用云平台 API 创建 TXT 类型的 DNS 解析记录
- 处理可能的错误:网络错误、API调用失败、授权失败等
- 记录操作结果日志
- 返回创建的记录信息,用于后续删除操作
6. **实现 removeRecord 方法**
- 解析传入的参数和之前创建的记录信息
- 记录操作开始日志
- 调用云平台 API 删除 TXT 类型的 DNS 解析记录
- 处理可能的错误:网络错误、API调用失败、记录不存在等
- 记录操作结果日志
7. **实现 getDomainListPage 方法**
- 实现获取域名列表的方法
- 支持分页查询
- 处理可能的错误:网络错误、API调用失败、授权失败等
- 返回标准化的域名列表格式
8. **实例化插件**
- 实例化插件,确保插件被注册
## 输出规范
- 必须包含完整的插件实现代码
- 代码必须包含详细的注释说明
- 提供完整的示例代码,展示插件的使用方法
- 包含开发注意事项
## 示例
### 示例 1: 基本 DNS Provider 插件
#### 用户输入
创建一个 DNS Provider 插件,用于在 ACME 申请证书时添加和删除 TXT 解析记录。
#### 你的回答
```typescript
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { Pager, PageRes, PageSearch } from "@certd/pipeline";
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions, DomainRecord } from '@certd/plugin-cert';
import { DemoAccess } from './access.js';
import { isDev } from '../../utils/env.js';
```
### 2. 定义记录数据结构
```typescript
type DemoRecord = {
// 这里定义 Record 记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到 id 就行,用于删除 txt 解析记录,清理申请痕迹
// id:string
};
```
### 3. 使用 @IsDnsProvider 注解注册插件
```typescript
// 这里通过 IsDnsProvider 注册一个 dnsProvider
@IsDnsProvider({
name: 'demo', // 插件唯一标识
title: 'Dns提供商Demo', // 插件标题
desc: 'dns provider示例', // 插件描述
icon: 'clarity:plugin-line', // 插件图标
// 这里是对应的云平台的 access 类型名称
accessType: 'demo',
order: 99, // 排序
})
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
access!: DemoAccess;
async onInstance() {
this.access = this.ctx.access as DemoAccess;
// 也可以通过 ctx 成员变量传递 context
this.logger.debug('access', this.access);
// 初始化的操作
// ...
}
// 插件实现...
}
```
### 4. 实现 createRecord 方法
```typescript
/**
* 创建 dns 解析记录,用于验证域名所有权
*/
async createRecord(options: CreateRecordOptions): Promise<any> {
/**
* options 参数说明
* fullRecord: '_acme-challenge.example.com',
* value: 一串 uuid
* type: 'TXT',
* domain: 'example.com'
*/
const { fullRecord, value, type, domain } = options;
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
// 调用创建 dns 解析记录的对应的云端接口,创建 txt 类型的 dns 解析记录
// 请根据实际接口情况调用,例如:
// const createDnsRecordUrl = "xxx"
// const record = this.http.post(createDnsRecordUrl,{
// // 授权参数
// // 创建 dns 解析记录的参数
// })
// // 返回本次创建的 dns 解析记录,这个记录会在删除的时候用到
// return record
}
```
### 5. 实现 removeRecord 方法
```typescript
/**
* 删除 dns 解析记录,清理申请痕迹
* @param options
*/
async removeRecord(options: RemoveRecordOptions<DemoRecord>): Promise<void> {
const { fullRecord, value, domain } = options.recordReq;
const record = options.recordRes;
this.logger.info('删除域名解析:', domain, fullRecord, value, record);
// 这里调用删除 txt dns 解析记录接口
// 请根据实际接口情况调用,例如:
// const deleteDnsRecordUrl = "xxx"
// const res = this.http.delete(deleteDnsRecordUrl,{
// // 授权参数
// // 删除 dns 解析记录的参数
// })
this.logger.info('删除域名解析成功:', fullRecord, value);
}
```
### 6. 实例化插件
```typescript
// 实例化这个 provider,将其自动注册到系统中
if (isDev()) {
// 你的实现 要去掉这个 if,不然生产环境将不会显示
new DemoDnsProvider();
}
```
## 注意事项
1. **插件命名**:插件名称应简洁明了,反映其功能。
2. **accessType**:必须指定对应的云平台的 access 类型名称。
3. **记录结构**:定义适合对应云平台的记录数据结构,至少包含 id 字段用于删除记录。
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`
5. **错误处理**:API 调用失败时应抛出明确的错误信息。
6. **实例化**:生产环境中应移除 `if (isDev())` 条件,确保插件在生产环境中也能被注册。
## 完整示例
### 示例:通用 DNS Provider
```typescript
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { DemoAccess } from './access.js';
import { isDev } from '../../utils/env.js';
type DemoRecord = {
// 这里定义 Record 记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到 id 就行,用于删除 txt 解析记录,清理申请痕迹
// id:string
// 这里定义 Record 记录的数据结构,跟对应云平台接口返回值一样即可
id: string;
};
// 这里通过 IsDnsProvider 注册一个 dnsProvider
@@ -173,15 +114,23 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
const { fullRecord, value, type, domain } = options;
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
// 调用创建 dns 解析记录的对应的云端接口,创建 txt 类型的 dns 解析记录
// 请根据实际接口情况调用,例如:
// const createDnsRecordUrl = "xxx"
// const record = this.http.post(createDnsRecordUrl,{
// // 授权参数
// // 创建 dns 解析记录的参数
// })
// // 返回本次创建的 dns 解析记录,这个记录会在删除的时候用到
// return record
try {
// 调用创建 dns 解析记录的对应的云端接口,创建 txt 类型的 dns 解析记录
// 请根据实际接口情况调用,例如:
// const createDnsRecordUrl = "xxx"
// const record = this.http.post(createDnsRecordUrl,{
// // 授权参数
// // 创建 dns 解析记录的参数
// })
// // 返回本次创建的 dns 解析记录,这个记录会在删除的时候用到
// return record
// 模拟返回
return { id: 'demo-record-id' };
} catch (error) {
this.logger.error('创建DNS记录失败:', error);
throw new Error(`创建DNS记录失败: ${error.message}`);
}
}
/**
@@ -192,23 +141,302 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
const { fullRecord, value, domain } = options.recordReq;
const record = options.recordRes;
this.logger.info('删除域名解析:', domain, fullRecord, value, record);
// 这里调用删除 txt dns 解析记录接口
// 请根据实际接口情况调用,例如:
try {
// 这里调用删除 txt dns 解析记录接口
// 请根据实际接口情况调用,例如:
// const deleteDnsRecordUrl = "xxx"
// const res = this.http.delete(deleteDnsRecordUrl,{
// // 授权参数
// // 删除 dns 解析记录的参数
// })
this.logger.info('删除域名解析成功:', fullRecord, value);
} catch (error) {
this.logger.error('删除DNS记录失败:', error);
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
}
}
// const deleteDnsRecordUrl = "xxx"
// const res = this.http.delete(deleteDnsRecordUrl,{
// // 授权参数
// // 删除 dns 解析记录的参数
// })
/**
* 实现获取域名列表
*/
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
try {
const pager = new Pager(req);
const res = await this.http.request({
// 请求接口获取域名列表
})
const list = res.Domains?.map(item => ({
id: item.Id,
domain: item.DomainName,
})) || []
this.logger.info('删除域名解析成功:', fullRecord, value);
return {
list,
total: res.Total,
};
} catch (error) {
this.logger.error('获取域名列表失败:', error);
return { list: [], total: 0 };
}
}
}
// 实例化这个 provider,将其自动注册到系统中
if (isDev()) {
// 你的实现 要去掉这个 if,不然生产环境将不会显示
new DemoDnsProvider();
new DemoDnsProvider();
```
### 示例 2: 阿里云 DNS Provider 插件
#### 用户输入
创建一个阿里云 DNS Provider 插件,用于在 ACME 申请证书时添加和删除 TXT 解析记录。
#### 你的回答
```typescript
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions, PageSearch, PageRes, DomainRecord } from '@certd/plugin-cert';
import { AliyunAccess } from './aliyun-access.js';
import { Pager } from '@certd/pipeline';
type AliyunRecord = {
RecordId: string;
};
// 阿里云 DNS Provider 插件
@IsDnsProvider({
name: 'aliyun',
title: '阿里云DNS',
desc: '阿里云DNS提供商插件',
icon: 'clarity:plugin-line',
accessType: 'aliyun',
order: 10,
})
export class AliyunDnsProvider extends AbstractDnsProvider<AliyunRecord> {
access!: AliyunAccess;
async onInstance() {
this.access = this.ctx.access as AliyunAccess;
this.logger.debug('阿里云Access实例初始化成功');
}
/**
* 创建 DNS 解析记录
*/
async createRecord(options: CreateRecordOptions): Promise<AliyunRecord> {
const { fullRecord, value, type, domain } = options;
this.logger.info('阿里云DNS: 添加解析记录', { fullRecord, value, type, domain });
try {
// 提取主机记录
const hostRecord = fullRecord.replace(`.${domain}`, '');
// 调用阿里云 API 创建解析记录
const response = await this.access.doRequest({
action: 'AddDomainRecord',
data: {
DomainName: domain,
RR: hostRecord,
Type: type,
Value: value,
TTL: 600, // 10分钟
}
});
this.logger.info('阿里云DNS: 解析记录创建成功', { RecordId: response.RecordId });
return { RecordId: response.RecordId };
} catch (error) {
this.logger.error('阿里云DNS: 创建解析记录失败', error);
throw new Error(`阿里云DNS创建解析记录失败: ${error.message}`);
}
}
/**
* 删除 DNS 解析记录
*/
async removeRecord(options: RemoveRecordOptions<AliyunRecord>): Promise<void> {
const { fullRecord, value, domain } = options.recordReq;
const record = options.recordRes;
this.logger.info('阿里云DNS: 删除解析记录', { fullRecord, value, domain, RecordId: record.RecordId });
try {
// 调用阿里云 API 删除解析记录
await this.access.doRequest({
action: 'DeleteDomainRecord',
data: {
RecordId: record.RecordId,
}
});
this.logger.info('阿里云DNS: 解析记录删除成功', { RecordId: record.RecordId });
} catch (error) {
this.logger.error('阿里云DNS: 删除解析记录失败', error);
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
}
}
/**
* 获取域名列表
*/
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
try {
const pager = new Pager(req);
const response = await this.access.doRequest({
action: 'DescribeDomains',
data: {
PageNumber: pager.page,
PageSize: pager.pageSize,
KeyWord: req.searchKey,
}
});
const list = response.Domains.Domain.map((domain: any) => ({
id: domain.DomainId,
domain: domain.DomainName,
}));
return {
list,
total: response.TotalCount,
};
} catch (error) {
this.logger.error('阿里云DNS: 获取域名列表失败', error);
return { list: [], total: 0 };
}
}
}
```
// 实例化插件
new AliyunDnsProvider();
```
### 示例 3: 腾讯云 DNS Provider 插件
#### 用户输入
创建一个腾讯云 DNS Provider 插件,用于在 ACME 申请证书时添加和删除 TXT 解析记录。
#### 你的回答
```typescript
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions, PageSearch, PageRes, DomainRecord } from '@certd/plugin-cert';
import { TencentAccess } from './tencent-access.js';
import { Pager } from '@certd/pipeline';
type TencentRecord = {
RecordId: string;
};
// 腾讯云 DNS Provider 插件
@IsDnsProvider({
name: 'tencent',
title: '腾讯云DNS',
desc: '腾讯云DNS提供商插件',
icon: 'clarity:plugin-line',
accessType: 'tencent',
order: 20,
})
export class TencentDnsProvider extends AbstractDnsProvider<TencentRecord> {
access!: TencentAccess;
async onInstance() {
this.access = this.ctx.access as TencentAccess;
this.logger.debug('腾讯云Access实例初始化成功');
}
/**
* 创建 DNS 解析记录
*/
async createRecord(options: CreateRecordOptions): Promise<TencentRecord> {
const { fullRecord, value, type, domain } = options;
this.logger.info('腾讯云DNS: 添加解析记录', { fullRecord, value, type, domain });
try {
// 提取主机记录
const hostRecord = fullRecord.replace(`.${domain}`, '');
// 调用腾讯云 API 创建解析记录
const response = await this.access.doRequest({
action: 'CreateRecord',
data: {
Domain: domain,
SubDomain: hostRecord,
RecordType: type,
RecordValue: value,
TTL: 600, // 10分钟
}
});
this.logger.info('腾讯云DNS: 解析记录创建成功', { RecordId: response.RecordId });
return { RecordId: response.RecordId };
} catch (error) {
this.logger.error('腾讯云DNS: 创建解析记录失败', error);
throw new Error(`腾讯云DNS创建解析记录失败: ${error.message}`);
}
}
/**
* 删除 DNS 解析记录
*/
async removeRecord(options: RemoveRecordOptions<TencentRecord>): Promise<void> {
const { fullRecord, value, domain } = options.recordReq;
const record = options.recordRes;
this.logger.info('腾讯云DNS: 删除解析记录', { fullRecord, value, domain, RecordId: record.RecordId });
try {
// 调用腾讯云 API 删除解析记录
await this.access.doRequest({
action: 'DeleteRecord',
data: {
RecordId: record.RecordId,
}
});
this.logger.info('腾讯云DNS: 解析记录删除成功', { RecordId: record.RecordId });
} catch (error) {
this.logger.error('腾讯云DNS: 删除解析记录失败', error);
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
}
}
/**
* 获取域名列表
*/
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
try {
const pager = new Pager(req);
const response = await this.access.doRequest({
action: 'DescribeDomains',
data: {
Offset: (pager.page - 1) * pager.pageSize,
Limit: pager.pageSize,
Keyword: req.searchKey,
}
});
const list = response.Domains.map((domain: any) => ({
id: domain.DomainId,
domain: domain.DomainName,
}));
return {
list,
total: response.TotalCount,
};
} catch (error) {
this.logger.error('腾讯云DNS: 获取域名列表失败', error);
return { list: [], total: 0 };
}
}
}
// 实例化插件
new TencentDnsProvider();
```
## 注意事项
1. **插件命名**:插件名称应简洁明了,反映其功能。
2. **accessType**:必须指定对应的云平台的 access 类型名称。
3. **记录结构**:定义适合对应云平台的记录数据结构,至少包含 id 字段用于删除记录。
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`
5. **错误处理**:API 调用失败时应抛出明确的错误信息。
+192 -117
View File
@@ -1,126 +1,90 @@
---
name: plugin-converter
description: 用于将 Certd 插件转换为 YAML 配置文件的命令行工具,支持分析单个插件文件、识别插件类型并生成对应的 YAML 配置。当用户需要生成插件配置、转换插件格式、批量处理插件或修改现有插件配置时触发。
version: 1.0.0
---
# 插件转换工具技能
## 什么是插件转换工具
## 角色定义
你是一名 Certd 插件开发专家,擅长使用插件转换工具将 Certd 插件转换为 YAML 配置文件,熟悉命令行工具的使用和 Certd 插件开发规范。
插件转换工具是一个用于将 Certd 插件转换为 YAML 配置文件的命令行工具。它可以分析单个插件文件,识别插件类型,并生成对应的 YAML 配置,可以让插件分发和在线注册。
## 核心指令
请严格按照以下步骤执行任务:
## 工具位置
1. **定位工具位置**
- 工具位于 `trae/skills/convert-plugin-to-yaml.js`
`trae/skills/convert-plugin-to-yaml.js`
2. **了解功能特性**
- 单个插件转换:支持指定单个插件文件进行转换
- 批量插件转换:支持指定目录批量转换多个插件
- 自动类型识别:自动识别插件类型(Access、Task、DNS Provider、Notification、Addon
- 详细日志输出:提供详细的转换过程日志
- YAML 配置生成:生成标准的 YAML 配置文件
- 配置文件保存:自动将生成的配置保存到 `./metadata` 目录
- 自定义输出目录:支持指定自定义输出目录
- 格式化输出:支持格式化 YAML 输出
- 可复用函数:导出了可复用的函数,便于其他模块调用
## 功能特性
3. **使用工具**
- 基本用法:`node trae/skills/convert-plugin-to-yaml.js <插件文件路径>`
- 批量转换:`node trae/skills/convert-plugin-to-yaml.js <目录路径>`
- 自定义输出目录:`node trae/skills/convert-plugin-to-yaml.js <插件文件路径> --output <输出目录>`
- 格式化输出:`node trae/skills/convert-plugin-to-yaml.js <插件文件路径> --format`
- 示例:
- 转换 Access 插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js`
- 转换 Task 插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js`
- 转换 DNS Provider 插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js`
- 批量转换插件:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/`
- 自定义输出目录:`node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js --output ./configs`
- **单个插件转换**:支持指定单个插件文件进行转换,而不是扫描整个目录
- **自动类型识别**:自动识别插件类型(Access、Task、DNS Provider、Notification、Addon
- **详细日志输出**:提供详细的转换过程日志,便于调试
- **YAML 配置生成**:生成标准的 YAML 配置文件
- **配置文件保存**:自动将生成的配置保存到 `./metadata` 目录
- **可复用函数**:导出了可复用的函数,便于其他模块调用
4. **理解转换过程**
- 加载插件模块:使用 `import()` 动态加载指定的插件文件
- 分析插件定义:检查模块导出的对象,寻找带有 `define` 属性的插件
- 识别插件类型:根据插件的继承关系或属性识别插件类型
- 生成 YAML 配置:基于插件定义生成标准的 YAML 配置
- 保存配置文件:将生成的配置保存到 `./metadata` 目录
## 使用方法
5. **了解输出说明**
- 命令行输出:插件加载状态、插件导出的对象列表、插件类型识别结果、生成的 YAML 配置内容、配置文件保存路径
- 配置文件命名规则:`<插件类型>[_<子类型>]_<插件名称>.yaml`
### 基本用法
6. **理解插件类型识别逻辑**
- DNS Provider:如果插件定义中包含 `accessType` 属性
- Task:如果插件继承自 `AbstractTaskPlugin`
- Notification:如果插件继承自 `BaseNotification`
- Access:如果插件继承自 `BaseAccess`
- Addon:如果插件继承自 `BaseAddon`
```bash
node trae/skills/convert-plugin-to-yaml.js <插件文件路径>
```
7. **遵循注意事项**
- 文件路径:插件文件路径可以是相对路径或绝对路径
- 文件格式:仅支持 `.js` 文件,不支持 `.ts` 文件(需要先编译)
- 依赖安装:执行前确保已安装所有必要的依赖
- 配置目录:如果 `./metadata` 目录不存在,工具会自动创建
- 错误处理:如果插件加载失败或识别失败,工具会输出错误信息但不会终止执行
### 示例
## 输出规范
- 必须包含工具的使用方法和示例
- 必须包含转换过程的详细说明
- 必须包含输出说明和配置文件命名规则
- 必须包含插件类型识别逻辑
- 必须包含注意事项和故障排除建议
## 示例
### 示例 1: 转换单个 Access 插件
#### 用户输入
将 Access 插件转换为 YAML 配置文件。
#### 你的回答
```bash
# 转换 Access 插件
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js
# 转换 Task 插件
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
# 转换 DNS Provider 插件
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
```
## 转换过程
1. **加载插件模块**:使用 `import()` 动态加载指定的插件文件
2. **分析插件定义**:检查模块导出的对象,寻找带有 `define` 属性的插件
3. **识别插件类型**:根据插件的继承关系或属性识别插件类型
4. **生成 YAML 配置**:基于插件定义生成标准的 YAML 配置
5. **保存配置文件**:将生成的配置保存到 `./metadata` 目录
## 输出说明
### 命令行输出
执行转换命令后,工具会输出以下信息:
- 插件加载状态
- 插件导出的对象列表
- 插件类型识别结果
- 生成的 YAML 配置内容
- 配置文件保存路径
### 配置文件命名规则
生成的配置文件命名规则为:
```
<插件类型>[_<子类型>]_<插件名称>.yaml
```
例如:
- `access_demo.yaml`Access 插件)
- `deploy_DemoTest.yaml`Task 插件)
- `dnsProvider_demo.yaml`DNS Provider 插件)
## 插件类型识别逻辑
工具通过以下逻辑识别插件类型:
1. **DNS Provider**:如果插件定义中包含 `accessType` 属性
2. **Task**:如果插件继承自 `AbstractTaskPlugin`
3. **Notification**:如果插件继承自 `BaseNotification`
4. **Access**:如果插件继承自 `BaseAccess`
5. **Addon**:如果插件继承自 `BaseAddon`
## 注意事项
1. **文件路径**:插件文件路径可以是相对路径或绝对路径
2. **文件格式**:仅支持 `.js` 文件,不支持 `.ts` 文件(需要先编译)
3. **依赖安装**:执行前确保已安装所有必要的依赖
4. **配置目录**:如果 `./metadata` 目录不存在,工具会自动创建
5. **错误处理**:如果插件加载失败或识别失败,工具会输出错误信息但不会终止执行
## 代码结构
### 主要函数
1. **isPrototypeOf(value, cls)**:检查对象是否是指定类的原型
2. **loadSingleModule(filePath)**:加载单个插件模块
3. **convertSinglePlugin(pluginPath)**:分析单个插件并生成 YAML 配置
4. **main()**:主函数,处理命令行参数并执行转换
### 导出函数
工具导出了以下函数,便于其他模块调用:
```javascript
export {
convertSinglePlugin, // 转换单个插件
loadSingleModule, // 加载单个模块
isPrototypeOf // 检查原型关系
};
```
## 应用场景
1. **插件开发**:在开发新插件时,快速生成配置文件
2. **插件调试**:查看插件的内部定义和配置
3. **插件管理**:批量转换现有插件为标准配置格式
4. **自动化构建**:集成到构建流程中,自动生成插件配置
## 示例输出
### 转换 Access 插件示例
#### 输出
```bash
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
@@ -142,30 +106,117 @@ YAML 配置已保存到: ./metadata/access_demo.yaml
插件转换完成!
```
### 转换 Task 插件示例
### 示例 2: 批量转换插件
#### 用户输入
批量转换目录中的所有插件为 YAML 配置文件。
#### 你的回答
```bash
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
# 批量转换插件
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/
```
#### 输出
```bash
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/
开始转换目录: packages/ui/certd-server/src/plugins/
正在处理文件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
插件模块导出了 1 个对象: DemoAccess
处理插件: DemoAccess
插件类型: access
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/access.js
生成的 YAML 配置:
name: demo
title: 授权插件示例
desc: 这是一个示例授权插件,用于演示如何实现一个授权插件
icon: clarity:plugin-line
pluginType: access
type: builtIn
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/access.js
YAML 配置已保存到: ./metadata/access_demo.yaml
插件转换完成!
正在处理文件: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
插件模块导出了 1 个对象: DemoTest
处理插件: DemoTest
插件类型: deploy
插件类型: task
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
生成的 YAML 配置:
name: DemoTest
title: Demo-测试插件
desc: ""
desc: 这是一个示例任务插件,用于演示如何实现一个任务插件
icon: clarity:plugin-line
pluginType: task
group: other
default:
strategy:
runStrategy: SkipWhenSucceed
pluginType: deploy
type: builtIn
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/plugins/plugin-test.js
YAML 配置已保存到: ./metadata/deploy_DemoTest.yaml
YAML 配置已保存到: ./metadata/task_DemoTest.yaml
插件转换完成!
正在处理文件: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
插件模块导出了 1 个对象: DemoDnsProvider
处理插件: DemoDnsProvider
插件类型: dns-provider
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
生成的 YAML 配置:
name: demo
title: Dns提供商Demo
desc: dns provider示例
icon: clarity:plugin-line
pluginType: dns-provider
accessType: demo
order: 99
type: builtIn
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/dns-provider.js
YAML 配置已保存到: ./metadata/dns-provider_demo.yaml
插件转换完成!
批量转换完成,共处理 3 个插件文件
```
### 示例 3: 自定义输出目录
#### 用户输入
将插件转换为 YAML 配置文件,并保存到自定义目录。
#### 你的回答
```bash
# 自定义输出目录
node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js --output ./configs
```
#### 输出
```bash
$ node trae/skills/convert-plugin-to-yaml.js packages/ui/certd-server/src/plugins/plugin-demo/access.js --output ./configs
开始转换插件: packages/ui/certd-server/src/plugins/plugin-demo/access.js
插件模块导出了 1 个对象: DemoAccess
处理插件: DemoAccess
插件类型: access
脚本路径: packages/ui/certd-server/src/plugins/plugin-demo/access.js
生成的 YAML 配置:
name: demo
title: 授权插件示例
desc: 这是一个示例授权插件,用于演示如何实现一个授权插件
icon: clarity:plugin-line
pluginType: access
type: builtIn
scriptFilePath: packages/ui/certd-server/src/plugins/plugin-demo/access.js
YAML 配置已保存到: ./configs/access_demo.yaml
插件转换完成!
```
@@ -196,6 +247,30 @@ YAML 配置已保存到: ./metadata/deploy_DemoTest.yaml
- **尝试简化插件**:如果转换失败,尝试创建一个最小化的插件示例进行测试
- **检查依赖版本**:确保使用的依赖版本与 Certd 兼容
## 总结
## 代码结构
插件转换工具是一个方便实用的工具,它可以帮助开发者快速生成插件的 YAML 配置文件,简化插件的注册和管理过程。通过命令行参数指定单个插件文件,工具会自动完成类型识别、配置生成和保存等操作,大大提高了插件开发和管理的效率。
### 主要函数
1. **isPrototypeOf(value, cls)**:检查对象是否是指定类的原型
2. **loadSingleModule(filePath)**:加载单个插件模块
3. **convertSinglePlugin(pluginPath)**:分析单个插件并生成 YAML 配置
4. **main()**:主函数,处理命令行参数并执行转换
### 导出函数
工具导出了以下函数,便于其他模块调用:
```javascript
export {
convertSinglePlugin, // 转换单个插件
loadSingleModule, // 加载单个模块
isPrototypeOf // 检查原型关系
};
```
## 应用场景
1. **插件开发**:在开发新插件时,快速生成配置文件
2. **插件调试**:查看插件的内部定义和配置
3. **插件管理**:批量转换现有插件为标准配置格式
4. **自动化构建**:集成到构建流程中,自动生成插件配置
+436 -227
View File
@@ -1,12 +1,73 @@
---
name: task-plugin-dev
description: 用于开发 Certd 系统中的 Task 插件,继承自 AbstractTaskPlugin 类,被流水线调用 execute 方法将证书部署到对应的应用上。当用户需要创建任务插件、部署证书、自动化任务或修改现有 Task 插件时触发。
version: 1.0.0
---
# Task 插件开发技能
## 什么是 Task 插件
## 角色定义
你是一名 Certd 插件开发专家,擅长创建和实现 Task 类型的插件,熟悉 TypeScript 编程和 Certd 插件开发规范。
Task 插件是 Certd 系统中的部署任务插件,它继承自 `AbstractTaskPlugin` 类,被流水线调用 `execute` 方法,将证书部署到对应的应用上。
## 核心指令
请严格按照以下步骤执行任务:
## 开发步骤
1. **导入必要的依赖**
- 导入 `AbstractTaskPlugin`, `IsTaskPlugin`, `PageSearch`, `pluginGroups`, `RunStrategy`, `TaskInput` 等必要的类型和装饰器
- 导入 `CertInfo`, `CertReader` 等证书相关类型
- 导入 `createCertDomainGetterInputDefine`, `createRemoteSelectInputDefine` 等工具函数
- 导入 `optionsUtils` 等辅助工具
- 导入 `CertApplyPluginNames` 等常量
### 1. 导入必要的依赖
2. **使用 @IsTaskPlugin 注解注册插件**
- 配置插件的唯一标识、标题、图标
- 设置插件分组
- 配置默认策略(如 `SkipWhenSucceed`
- 确保类名与插件名称一致
3. **定义任务输入参数**
- 使用 `@TaskInput` 注解定义各种输入参数
- 必须包含证书选择参数,用于获取前置任务输出的域名证书
- 可以添加授权选择框、文本输入、选择框等参数
- 使用 `createCertDomainGetterInputDefine` 获取证书域名列表
4. **实现动态显隐配置**
- 使用 `mergeScript` 实现根据其他输入值动态控制输入项的显隐状态
- 利用 `ctx.compute` 函数访问表单中的其他字段值
5. **实现插件方法**
- **onInstance 方法**:插件实例化时执行的初始化操作
- **execute 方法**:插件的核心执行逻辑
- 获取授权信息
- 读取证书信息
- 执行具体的部署逻辑
- 处理错误并记录日志
- 实现幂等性:确保重复执行不会导致问题
- 实现超时处理:设置合理的超时时间
- 实现回滚机制:在部署失败时能够回滚到之前的状态
- **后端获取选项方法**:用于前端从后端获取选项的方法
6. **遵循开发最佳实践**
- 插件命名:遵循命名规范,大写字母开头,驼峰命名
- 类名规范:类名应与插件名称一致
- 日志输出:使用 `this.logger` 输出日志
- 错误处理:捕获并记录执行过程中的错误
- 授权获取:使用 `this.getAccess(accessId)` 获取授权信息
## 输出规范
- 必须包含完整的插件实现代码
- 代码必须包含详细的注释说明
- 提供完整的示例代码,展示插件的使用方法
- 包含开发注意事项和最佳实践
## 示例
### 示例 1: 基本 Task 插件
#### 用户输入
创建一个 Task 插件,用于将证书部署到对应的应用上。
#### 你的回答
```typescript
import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
@@ -14,230 +75,9 @@ import { CertInfo, CertReader } from '@certd/plugin-cert';
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
import { optionsUtils } from '@certd/basic';
import { CertApplyPluginNames} from '@certd/plugin-cert';
```
### 2. 使用 @IsTaskPlugin 注解注册插件
```typescript
@IsTaskPlugin({
// 命名规范,插件类型+功能,大写字母开头,驼峰命名
name: 'DemoTest',
title: 'Demo-测试插件', // 插件标题
icon: 'clarity:plugin-line', // 插件图标
// 插件分组
group: pluginGroups.other.key,
default: {
// 默认值配置照抄即可
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
// 类名规范,跟上面插件名称(name)一致
export class DemoTest extends AbstractTaskPlugin {
// 插件实现...
}
```
### 3. 定义任务输入参数
使用 `@TaskInput` 注解定义任务输入参数:
```typescript
// 测试参数
@TaskInput({
title: '属性示例',
value: '默认值',
component: {
// 前端组件配置,具体配置见组件文档 https://www.antdv.com/components/input-cn
name: 'a-input',
vModel: 'value', // 双向绑定组件的 props 名称
},
helper: '帮助说明,[链接](https://certd.docmirror.cn)',
required: false, // 是否必填
})
text!: string;
// 证书选择,此项必须要有
@TaskInput({
title: '域名证书',
helper: '请选择前置任务输出的域名证书',
component: {
name: 'output-selector',
from: [...CertApplyPluginNames],
},
// required: true, // 必填
})
cert!: CertInfo;
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
// 前端可以展示,当前申请的证书域名列表
certDomains!: string[];
// 授权选择框
@TaskInput({
title: 'demo授权',
helper: 'demoAccess授权',
component: {
name: 'access-selector',
vModel:"modelValue",
type: "demo", // access类型,让用户固定选择这种类型的access
},
// rules: [{ required: true, message: '此项必填' }],
// required: true, // 必填
})
accessId!: string;
```
### 4. 动态显隐配置(mergeScript
使用 `mergeScript` 可以实现根据其他输入值动态控制当前输入项的显隐状态。
```typescript
@TaskInput({
title: '匹配模式',
component: {
name: 'select',
options: [
{ label: '手动选择', value: 'manual' },
{ label: '根据证书匹配', value: 'auto' },
],
},
default: 'manual',
})
domainMatchMode!: 'manual' | 'auto';
@TaskInput(
createRemoteSelectInputDefine({
title: 'DCDN加速域名',
helper: '你在阿里云上配置的DCDN加速域名',
action: DeployCertToAliyunDCDN.prototype.onGetDomainList.name,
watches: ['certDomains', 'accessId'],
required: true,
mergeScript: `
return {
show: ctx.compute(({form})=>{
return domainMatchMode === "manual"
})
}
`,
})
)
domainName!: string | string[];
```
`mergeScript` 中的 `ctx.compute` 函数接收一个回调函数,通过 `form` 参数可以访问表单中的其他字段值。
### 5. 实现插件方法
#### 5.1 插件实例化时执行的方法
```typescript
// 插件实例化时执行的方法
async onInstance() {}
```
#### 5.2 插件执行方法
```typescript
// 插件执行方法
async execute(): Promise<void> {
const { select, text, cert, accessId } = this;
try {
const access = await this.getAccess(accessId);
this.logger.debug('access', access);
} catch (e) {
this.logger.error('获取授权失败', e);
}
try {
const certReader = new CertReader(cert);
this.logger.debug('certReader', certReader);
} catch (e) {
this.logger.error('读取crt失败', e);
}
this.logger.info('DemoTestPlugin execute');
this.logger.info('text:', text);
this.logger.info('select:', select);
this.logger.info('switch:', this.switch);
this.logger.info('授权id:', accessId);
// 具体的部署逻辑
// ...
}
```
#### 5.3 后端获取选项方法
使用 `createRemoteSelectInputDefine` 创建远程选择输入项,`action` 指向的方法接收 `PageSearch` 参数并返回 `{ list, total }` 格式。
```typescript
@TaskInput(
createRemoteSelectInputDefine({
title: '从后端获取选项',
helper: '选择时可以从后端获取选项',
action: DemoTest.prototype.onGetSiteList.name,
// 当以下参数变化时,触发获取选项
watches: ['certDomains', 'accessId'],
required: true,
})
)
siteName!: string | string[];
// 从后端获取选项的方法,接收PageSearch参数
async onGetSiteList(data: PageSearch) {
if (!this.accessId) {
throw new Error('请选择Access授权');
}
// @ts-ignore
const access = await this.getAccess(this.accessId);
// const siteRes = await access.GetDomainList(data);
// 以下是模拟数据
const siteRes = [
{ id: 1, siteName: 'site1.com' },
{ id: 2, siteName: 'site2.com' },
{ id: 3, siteName: 'site2.com' },
];
// 转换为前端所需要的格式
const options = siteRes.map((item: any) => {
return {
value: item.siteName,
label: item.siteName,
domain: item.siteName,
};
});
// 返回{list, total}格式
return {
list: optionsUtils.buildGroupOptions(options, this.certDomains),
total: siteRes.length,
};
}
```
## 注意事项
1. **插件命名**:插件名称应遵循命名规范,大写字母开头,驼峰命名。
2. **类名规范**:类名应与插件名称(name)一致。
3. **证书选择**:必须包含证书选择参数,用于获取前置任务输出的域名证书。
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`
5. **错误处理**:执行过程中的错误应被捕获并记录。
6. **授权获取**:使用 `this.getAccess(accessId)` 获取授权信息。
## 完整示例
```typescript
import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { CertInfo, CertReader } from '@certd/plugin-cert';
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
import { optionsUtils } from '@certd/basic';
import { CertApplyPluginNames} from '@certd/plugin-cert';
@IsTaskPlugin({
//命名规范,插件类型+功能(就是目录plugin-demo中的demo),大写字母开头,驼峰命名
//命名规范,插件类型+功能,大写字母开头,驼峰命名
name: 'DemoTest',
title: 'Demo-测试插件',
icon: 'clarity:plugin-line',
@@ -286,7 +126,7 @@ export class DemoTest extends AbstractTaskPlugin {
title: '动态显隐',
helper: '我会根据选择框的值进行显隐',
show: true, //动态计算的值会覆盖它
//动态计算脚本, mergeScript返回的对象会合并当前配置,此处演示 show的值会被动态计算结果覆盖,show的值根据用户选择的select的值决定
//动态计算脚本, mergeScript返回的对象会合并当前配置
mergeScript: `
return {
show: ctx.compute(({form})=>{
@@ -324,6 +164,7 @@ export class DemoTest extends AbstractTaskPlugin {
},
})
switch!: boolean;
//证书选择,此项必须要有
@TaskInput({
title: '域名证书',
@@ -392,6 +233,7 @@ export class DemoTest extends AbstractTaskPlugin {
this.logger.info('switch:', this.switch);
this.logger.info('授权id:', accessId);
// 具体的部署逻辑
// const res = await this.http.request({
// url: 'https://api.demo.com',
// method: 'GET',
@@ -434,4 +276,371 @@ export class DemoTest extends AbstractTaskPlugin {
};
}
}
```
### 示例 2: Nginx 部署 Task 插件
#### 用户输入
创建一个 Task 插件,用于将证书部署到 Nginx 服务器上。
#### 你的回答
```typescript
import { AbstractTaskPlugin, CertInfo, IsTaskPlugin, TaskInput, pluginGroups, RunStrategy } from '@certd/pipeline';
import { CertReader } from '@certd/plugin-lib';
/**
* Nginx 证书部署插件
*/
@IsTaskPlugin({
name: 'NginxDeploy',
title: 'Nginx 部署',
desc: '将证书部署到 Nginx 服务器上',
icon: 'clarity:server-line',
group: pluginGroups.deploy.key,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class NginxDeploy extends AbstractTaskPlugin {
/**
* 服务器授权
*/
@TaskInput({
title: '服务器授权',
component: {
name: 'access-selector',
vModel: 'accessId',
accessTypes: ['ssh'],
placeholder: '请选择服务器授权',
},
required: true,
})
accessId = '';
/**
* 域名证书
*/
@TaskInput({
title: '域名证书',
component: {
name: 'output-selector',
from: ['CertApply', 'CertApplyCloudflare'],
field: 'cert',
},
required: true,
})
cert!: CertInfo;
/**
* 证书路径
*/
@TaskInput({
title: '证书路径',
value: '/etc/nginx/ssl',
component: {
name: 'a-input',
placeholder: '请输入证书存储路径',
},
required: true,
})
certPath = '';
/**
* Nginx 配置文件路径
*/
@TaskInput({
title: 'Nginx 配置文件',
value: '/etc/nginx/conf.d',
component: {
name: 'a-input',
placeholder: '请输入 Nginx 配置文件路径',
},
required: true,
})
nginxConfPath = '';
/**
* 服务名称
*/
@TaskInput({
title: '服务名称',
component: {
name: 'a-input',
placeholder: '请输入服务名称(用于生成配置文件)',
},
required: true,
})
serviceName = '';
/**
* 执行部署
*/
async execute(): Promise<void> {
this.logger.info('开始部署证书到 Nginx');
try {
// 1. 获取服务器授权
const sshAccess = await this.getAccess(this.accessId);
this.logger.info('获取服务器授权成功');
// 2. 读取证书信息
const certReader = new CertReader(this.cert);
const cert = certReader.getCert();
const key = certReader.getKey();
const fullchain = certReader.getFullChain();
this.logger.info('读取证书信息成功');
// 3. 准备部署路径
const certFile = `${this.certPath}/${this.serviceName}.pem`;
const keyFile = `${this.certPath}/${this.serviceName}.key`;
const confFile = `${this.nginxConfPath}/${this.serviceName}.conf`;
// 4. 创建证书目录
await sshAccess.exec(`mkdir -p ${this.certPath}`);
this.logger.info('创建证书目录成功');
// 5. 上传证书文件
await sshAccess.uploadContent(cert, certFile);
await sshAccess.uploadContent(key, keyFile);
await sshAccess.uploadContent(fullchain, `${this.certPath}/${this.serviceName}-fullchain.pem`);
this.logger.info('上传证书文件成功');
// 6. 生成 Nginx 配置
const nginxConf = `server {
listen 443 ssl;
server_name ${this.cert.domains.join(' ')};
ssl_certificate ${certFile};
ssl_certificate_key ${keyFile};
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
`;
// 7. 上传 Nginx 配置
await sshAccess.uploadContent(nginxConf, confFile);
this.logger.info('上传 Nginx 配置成功');
// 8. 测试 Nginx 配置
const testResult = await sshAccess.exec('nginx -t');
if (testResult.includes('test is successful')) {
this.logger.info('Nginx 配置测试成功');
} else {
throw new Error(`Nginx 配置测试失败: ${testResult}`);
}
// 9. 重启 Nginx 服务
await sshAccess.exec('systemctl reload nginx');
this.logger.info('重启 Nginx 服务成功');
this.logger.info('证书部署到 Nginx 成功');
} catch (error) {
this.logger.error('部署失败:', error);
throw new Error(`部署到 Nginx 失败: ${error.message}`);
}
}
}
// 实例化插件
new NginxDeploy();
```
### 示例 3: 阿里云 OSS 部署 Task 插件
#### 用户输入
创建一个 Task 插件,用于将证书部署到阿里云 OSS 上。
#### 你的回答
```typescript
import { AbstractTaskPlugin, CertInfo, IsTaskPlugin, TaskInput, pluginGroups, RunStrategy } from '@certd/pipeline';
import { CertReader } from '@certd/plugin-lib';
/**
* 阿里云 OSS 证书部署插件
*/
@IsTaskPlugin({
name: 'AliyunOSSDeploy',
title: '阿里云 OSS 部署',
desc: '将证书部署到阿里云 OSS 存储上',
icon: 'clarity:cloud-line',
group: pluginGroups.deploy.key,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class AliyunOSSDeploy extends AbstractTaskPlugin {
/**
* 阿里云授权
*/
@TaskInput({
title: '阿里云授权',
component: {
name: 'access-selector',
vModel: 'accessId',
accessTypes: ['aliyun'],
placeholder: '请选择阿里云授权',
},
required: true,
})
accessId = '';
/**
* 域名证书
*/
@TaskInput({
title: '域名证书',
component: {
name: 'output-selector',
from: ['CertApply', 'CertApplyCloudflare'],
field: 'cert',
},
required: true,
})
cert!: CertInfo;
/**
* OSS 存储桶
*/
@TaskInput({
title: 'OSS 存储桶',
component: {
name: 'a-input',
placeholder: '请输入 OSS 存储桶名称',
},
required: true,
})
bucketName = '';
/**
* 存储路径
*/
@TaskInput({
title: '存储路径',
value: 'ssl/',
component: {
name: 'a-input',
placeholder: '请输入证书存储路径',
},
})
storagePath = '';
/**
* 执行部署
*/
async execute(): Promise<void> {
this.logger.info('开始部署证书到阿里云 OSS');
try {
// 1. 获取阿里云授权
const aliyunAccess = await this.getAccess(this.accessId);
this.logger.info('获取阿里云授权成功');
// 2. 读取证书信息
const certReader = new CertReader(this.cert);
const cert = certReader.getCert();
const key = certReader.getKey();
const fullchain = certReader.getFullChain();
this.logger.info('读取证书信息成功');
// 3. 准备存储路径
const basePath = this.storagePath.endsWith('/') ? this.storagePath : `${this.storagePath}/`;
const certFileName = `${basePath}${this.cert.domains[0]}.pem`;
const keyFileName = `${basePath}${this.cert.domains[0]}.key`;
const fullchainFileName = `${basePath}${this.cert.domains[0]}-fullchain.pem`;
// 4. 上传证书到 OSS
await aliyunAccess.uploadToOSS({
bucket: this.bucketName,
key: certFileName,
content: cert,
});
this.logger.info('上传证书文件成功');
await aliyunAccess.uploadToOSS({
bucket: this.bucketName,
key: keyFileName,
content: key,
});
this.logger.info('上传私钥文件成功');
await aliyunAccess.uploadToOSS({
bucket: this.bucketName,
key: fullchainFileName,
content: fullchain,
});
this.logger.info('上传完整证书链成功');
// 5. 设置文件访问权限(可选)
await aliyunAccess.setOSSObjectAcl({
bucket: this.bucketName,
key: certFileName,
acl: 'private',
});
await aliyunAccess.setOSSObjectAcl({
bucket: this.bucketName,
key: keyFileName,
acl: 'private',
});
await aliyunAccess.setOSSObjectAcl({
bucket: this.bucketName,
key: fullchainFileName,
acl: 'private',
});
this.logger.info('设置文件访问权限成功');
this.logger.info('证书部署到阿里云 OSS 成功');
} catch (error) {
this.logger.error('部署失败:', error);
throw new Error(`部署到阿里云 OSS 失败: ${error.message}`);
}
}
}
// 实例化插件
new AliyunOSSDeploy();
```
## 注意事项
1. **插件命名**:插件名称应遵循命名规范,大写字母开头,驼峰命名。
2. **类名规范**:类名应与插件名称(name)一致。
3. **证书选择**:必须包含证书选择参数,用于获取前置任务输出的域名证书。
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`
5. **错误处理**:执行过程中的错误应被捕获并记录。
6. **授权获取**:使用 `this.getAccess(accessId)` 获取授权信息。
## 部署逻辑注意事项
1. **部署接口逻辑**
- 研究应用的部署接口逻辑,一般有两种:
a. 用户选择网站ID,给网站部署新证书
b. 用户选择证书ID,只需要更新证书即可
- 保证多次执行都能针对同一个对象部署证书
- 确保出错后重新运行能够回归到正常状态
2. **前置证书选择**
- 前置证书可以是原始的 `certInfo` 类型,也可能是上传到平台之后返回的证书id
- 根据接口要求选择合适的证书类型:
a. 如果接口需要上传后的证书id,那么部署时要先将证书上传,再部署
b. 如果接口需要原始的 `certInfo` 类型,那么直接使用 `certInfo` 部署证书
c. 当两者都支持时,判断用户选择的证书类型,再考虑优先上传再部署
3. **证书清理**
- 如果是先上传再部署的,那么在部署完成后,可能需要考虑清理证书
```
+9 -1
View File
@@ -95,7 +95,15 @@ https://certd.handfree.work/
3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) : 首充翻倍,每月仅需2.2元
[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
5. 【推荐】[一键安装脚本](https://certd.docmirror.cn/guide/install/docker/)(自动安装 DockerCertd):
```bash
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
```
6. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
#### Docker镜像说明:
* 国内镜像地址:
+340
View File
@@ -0,0 +1,340 @@
#!/bin/bash
set -e
CERTD_VERSION="${CERTD_VERSION:-latest}"
INSTALL_DIR="${INSTALL_DIR:-/opt/certd}"
COMPOSE_FILE_URL="https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml"
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
DOCKER_MIRROR="https://mirrors.aliyun.com"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
check_command() {
command -v "$1" >/dev/null 2>&1
}
get_local_ip() {
LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | grep -oP 'src \K[^ ]+' | head -1)
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
fi
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP="127.0.0.1"
fi
echo "$LOCAL_IP"
}
get_public_ip() {
PUBLIC_IP=$(curl -s --max-time 5 https://api.ipify.org 2>/dev/null)
if [ -z "$PUBLIC_IP" ]; then
PUBLIC_IP=$(curl -s --max-time 5 https://checkip.amazonaws.com 2>/dev/null)
fi
if [ -z "$PUBLIC_IP" ]; then
PUBLIC_IP=""
fi
echo "$PUBLIC_IP"
}
show_access_urls() {
LOCAL_IP=$(get_local_ip)
PUBLIC_IP=$(get_public_ip)
echo ""
echo "=========================================="
log_info "安装完成!"
echo "=========================================="
echo ""
echo "访问地址:"
if [ -n "$PUBLIC_IP" ]; then
echo -e " ${GREEN}外网访问:${NC} http://$PUBLIC_IP:7001"
fi
echo -e " ${GREEN}局域网:${NC} http://$LOCAL_IP:7001"
echo ""
echo "配置文件: $COMPOSE_FILE"
echo ""
echo "常用命令:"
echo " cd $INSTALL_DIR"
echo " docker compose logs -f # 查看日志"
echo " docker compose restart # 重启服务"
echo " docker compose down # 停止服务"
echo ""
}
detect_os() {
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
VER=$VERSION_ID
elif [ -f /etc/centos-release ]; then
OS="centos"
elif [ -f /etc/redhat-release ]; then
OS="rhel"
else
OS="unknown"
fi
}
check_docker() {
if check_command docker; then
DOCKER_VERSION=$(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',')
log_info "Docker 已安装: $DOCKER_VERSION"
return 0
else
log_warn "Docker 未安装"
return 1
fi
}
check_docker_compose() {
if check_command docker-compose; then
COMPOSE_VERSION=$(docker-compose --version 2>/dev/null | awk '{print $3}' | tr -d ',')
log_info "Docker Compose 已安装: $COMPOSE_VERSION"
return 0
elif docker compose version >/dev/null 2>&1; then
log_info "Docker Compose (插件版) 已安装"
return 0
else
log_warn "Docker Compose 未安装"
return 1
fi
}
install_docker_ubuntu() {
log_info "正在安装 Docker (Ubuntu/Debian)..."
apt-get update
apt-get install -y ca-certificates curl gnupg lsb-release
mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
curl -fsSL https://download.docker.com/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/${OS} $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker_centos() {
log_info "正在安装 Docker (CentOS/RHEL)..."
yum install -y yum-utils
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_dockerrocky() {
log_info "正在安装 Docker (Rocky Linux/AlmaLinux)..."
dnf install -y yum-utils
dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker_debian() {
log_info "正在安装 Docker (Debian)..."
apt-get update
apt-get install -y ca-certificates curl gnupg2
mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker() {
detect_os
log_info "检测到操作系统: $OS"
case $OS in
ubuntu)
install_docker_ubuntu
;;
debian)
install_docker_debian
;;
centos)
install_docker_centos
;;
rhel|rocky|almalinux)
install_dockerrocky
;;
*)
log_error "不支持的操作系统: $OS"
log_info "请手动安装 Docker"
exit 1
;;
esac
}
install_docker_compose_standalone() {
log_info "正在安装 Docker Compose (独立版本)..."
COMPOSE_URLS=(
"https://get.daocloud.io/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
"https://mirror.sjtu.edu.cn/github/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
"https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
)
for url in "${COMPOSE_URLS[@]}"; do
log_info "尝试从: $url"
if curl -L "$url" -o /usr/local/bin/docker-compose 2>/dev/null; then
chmod +x /usr/local/bin/docker-compose
log_info "Docker Compose 安装完成"
return 0
fi
log_warn "下载失败,尝试下一个源..."
done
log_error "Docker Compose 安装失败"
return 1
}
install_docker_compose() {
if check_command docker && docker compose version >/dev/null 2>&1; then
log_info "Docker Compose 插件已可用"
return 0
fi
if check_command docker-compose; then
log_info "Docker Compose 独立版本已安装"
return 0
fi
install_docker_compose_standalone
}
download_compose_file() {
log_info "正在下载 docker-compose.yaml..."
mkdir -p "$INSTALL_DIR"
if curl -fsSL "$COMPOSE_FILE_URL" -o "$COMPOSE_FILE.tmp"; then
mv "$COMPOSE_FILE.tmp" "$COMPOSE_FILE"
log_info "docker-compose.yaml 已下载到 $COMPOSE_FILE"
if [ "$CERTD_VERSION" != "latest" ]; then
sed -i "s|certd:latest|certd:$CERTD_VERSION|g" "$COMPOSE_FILE"
log_info "已修改镜像版本为: $CERTD_VERSION"
fi
else
log_error "下载失败,请检查网络连接"
exit 1
fi
}
start_certd() {
log_info "正在启动 Certd 容器..."
cd "$INSTALL_DIR"
if docker compose -f "$COMPOSE_FILE" up -d 2>/dev/null; then
log_info "Certd 启动成功!"
elif docker-compose -f "$COMPOSE_FILE" up -d; then
log_info "Certd 启动成功!"
fi
sleep 2
docker ps --filter "name=certd" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
}
show_usage() {
echo "用法: $0 [选项]"
echo ""
echo "选项:"
echo " -v, --version VERSION 指定 Certd 版本 (默认: latest)"
echo " -p, --path PATH 指定安装路径 (默认: /opt/certd)"
echo " -h, --help 显示帮助信息"
echo ""
echo "示例:"
echo " $0 # 使用默认配置安装"
echo " $0 -v 1.29.0 # 安装指定版本"
echo " $0 -p /data/certd # 安装到指定目录"
}
main() {
echo "=========================================="
echo " Certd 一键安装脚本"
echo "=========================================="
echo ""
while [[ $# -gt 0 ]]; do
case $1 in
-v|--version)
CERTD_VERSION="$2"
shift 2
;;
-p|--path)
INSTALL_DIR="$2"
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
shift 2
;;
-h|--help)
show_usage
exit 0
;;
*)
log_error "未知选项: $1"
show_usage
exit 1
;;
esac
done
log_info "Certd 版本: $CERTD_VERSION"
log_info "安装路径: $INSTALL_DIR"
echo ""
DOCKER_INSTALLED=true
COMPOSE_INSTALLED=true
if ! check_docker; then
echo ""
log_info "正在安装 Docker..."
install_docker
fi
if ! check_docker_compose; then
echo ""
log_info "正在安装 Docker Compose..."
install_docker_compose
fi
download_compose_file
start_certd
show_access_urls
}
main "$@"
+1
View File
@@ -114,6 +114,7 @@ export default defineConfig({
{text: "连接windows主机", link: "/guide/use/host/windows.md"},
{text: "Google EAB获取", link: "/guide/use/google/"},
{text: "阿里云相关", link: "/guide/use/aliyun/"},
{text: "Azure相关", link: "/guide/use/azure/dns.md"},
{text: "数据备份", link: "/guide/use/backup/"},
{text: "Certd本身的证书更新", link: "/guide/use/https/index.md"},
{text: "js脚本插件使用", link: "/guide/use/custom-script/index.md"},
+19
View File
@@ -3,6 +3,25 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
### Bug Fixes
* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
### Performance Improvements
* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
* 流水线修改编辑之后,增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
* 修复检查全部某些情况下无效的bug,优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
### Bug Fixes
+22 -5
View File
@@ -2,7 +2,23 @@
## 一、安装
### 1. 环境准备
### 一键脚本安装(推荐)
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
```bash
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
```
> 支持 Ubuntu、Debian、CentOS、Rocky Linux、AlmaLinux 等主流发行版。
> docker-compose文件目录:`/opt/certd` ,升级时需要先进入此目录
> 运行时数据默认保存路径:`/data/certd` ,可使用参数指定:`-p /data/certd`
### 手动安装
#### 1. 环境准备
1.1 准备一台云服务器
@@ -19,9 +35,9 @@ https://docs.docker.com/engine/install/
```bash
# 随便创建一个目录
mkdir certd
mkdir /opt/certd
# 进入目录
cd certd
cd /opt/certd
# 下载docker-compose.yaml文件,或者手动下载放到certd目录下
wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
@@ -54,12 +70,12 @@ https://your_server_ip:7002
记得修改密码
## 二、升级
## 二、升级Certd
::: warning
如果您是第一次升级certd版本,切记切记先备份一下数据
```
# docker-compose.yaml配置
# 查看/opt/certd/docker-compose.yaml配置
- /data/certd:/app/data # 请务必确保 /app/data 这个路径没有改动,固定写死
```
:::
@@ -71,6 +87,7 @@ https://your_server_ip:7002
### 如果使用`latest`版本
```shell
cd /opt/certd
#重新拉取镜像
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
# 重新启动容器
+42 -39
View File
@@ -36,45 +36,48 @@
| 32.| **Gcore** | Gcore |
| 33.| **Github授权** | |
| 34.| **godaddy授权** | |
| 35.| **金山云授权** | |
| 36.| **FTP授权** | |
| 37.| **七牛OSS授权** | |
| 38.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
| 39.| **s3/minio授权** | S3/minio oss授权 |
| 40.| **namesilo授权** | |
| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
| 42.| **1panel授权** | 账号和密码 |
| 43.| **支付宝** | |
| 44.| **白山云授权** | |
| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
| 46.| **cdnfly授权** | |
| 47.| **k8s授权** | |
| 48.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 49.| **LeCDN授权** | |
| 50.| **lucky** | |
| 51.| **猫云授权** | |
| 52.| **plesk授权** | |
| 53.| **长亭雷池授权** | |
| 54.| **群晖登录授权** | |
| 55.| **uniCloud** | unicloud授权 |
| 56.| **微信支付** | |
| 57.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 58.| **易发云短信** | sms.yfyidc.cn/ |
| 59.| **易盾DCDN授权** | https://user.yiduncdn.com |
| 60.| **易支付** | |
| 61.| **proxmox** | |
| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
| 63.| **UCloud授权** | 优刻得授权 |
| 64.| **又拍云** | |
| 65.| **网宿授权** | |
| 66.| **西部数码授权** | |
| 67.| **我爱云授权** | 我爱云CDN |
| 68.| **新网授权(代理方式)** | |
| 69.| **新网授权** | |
| 70.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
| 71.| **Zenlayer授权** | Zenlayer授权 |
| 72.| **GoEdge授权** | |
| 73.| **雨云授权** | https://app.rainyun.com/ |
| 35.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
| 36.| **金山云授权** | |
| 37.| **FTP授权** | |
| 38.| **七牛OSS授权** | |
| 39.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
| 40.| **s3/minio授权** | S3/minio oss授权 |
| 41.| **namesilo授权** | |
| 42.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
| 43.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
| 44.| **1panel授权** | 账号和密码 |
| 45.| **支付宝** | |
| 46.| **白山云授权** | |
| 47.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
| 48.| **cdnfly授权** | |
| 49.| **k8s授权** | |
| 50.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 51.| **LeCDN授权** | |
| 52.| **lucky** | |
| 53.| **猫云授权** | |
| 54.| **plesk授权** | |
| 55.| **长亭雷池授权** | |
| 56.| **群晖登录授权** | |
| 57.| **uniCloud** | unicloud授权 |
| 58.| **微信支付** | |
| 59.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 60.| **易发云短信** | sms.yfyidc.cn/ |
| 61.| **易盾DCDN授权** | https://user.yiduncdn.com |
| 62.| **易支付** | |
| 63.| **proxmox** | |
| 64.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
| 65.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
| 66.| **UCloud授权** | 优刻得授权 |
| 67.| **又拍云** | |
| 68.| **网宿授权** | |
| 69.| **西部数码授权** | |
| 70.| **我爱云授权** | 我爱云CDN |
| 71.| **新网授权(代理方式)** | |
| 72.| **新网授权** | |
| 73.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
| 74.| **Zenlayer授权** | Zenlayer授权 |
| 75.| **GoEdge授权** | |
| 76.| **雨云授权** | https://app.rainyun.com/ |
<style module>
table th:first-of-type {
+21 -20
View File
@@ -1,5 +1,5 @@
# 任务插件
`129` 款任务插件
`130` 款任务插件
## 1. 证书申请
| 序号 | 名称 | 说明 |
@@ -58,25 +58,26 @@
| 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 |
| 4.| **飞牛NAS-部署证书** | |
| 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 |
| 6.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
| 7.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
| 8.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
| 9.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
| 10.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
| 11.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
| 12.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
| 13.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
| 14.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
| 15.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
| 16.| **lucky-更新Lucky证书** | |
| 17.| **Plesk-部署Plesk网站证书** | |
| 18.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
| 19.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书 |
| 20.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
| 21.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
| 22.| **uniCloud-部署到服务空间** | 部署到服务空间 |
| 23.| **Proxmox-上传证书到Proxmox** | |
| 24.| **威联通-部署证书到威联通** | 部署证书到qnap |
| 6.| **Nginx Proxy Manager-部署到主机** | 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。 |
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
| 17.| **lucky-更新Lucky证书** | |
| 18.| **Plesk-部署Plesk网站证书** | |
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 |
| 24.| **Proxmox-上传证书到Proxmox** | |
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap |
## 5. 阿里云
| 序号 | 名称 | 说明 |
+13 -11
View File
@@ -13,17 +13,19 @@
| 9.| **cloudflare** | cloudflare dns provider |
| 10.| **dns.la** | dns.la |
| 11.| **godaddy** | GoDaddy |
| 12.| **华为云** | 华为云DNS解析提供商 |
| 13.| **namesilo** | namesilo dns provider |
| 14.| **雨云** | 雨云DNS解析提供商 |
| 15.| **腾讯** | 腾讯云域名DNS解析提供 |
| 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
| 17.| **西部数码** | west dns provider |
| 18.| **Dns提供商Demo** | dns provider示例 |
| 19.| **彩虹DNS** | 彩虹DNS管理系统 |
| 20.| **Spaceship** | Spaceship 域名解析 |
| 21.| **51dns** | 51DNS |
| 22.| **新网互联** | 新网互联 |
| 12.| **HiPM DNSMgr** | HiPM DNSMgr DNS 解析提供商 |
| 13.| **华为云** | 华为云DNS解析提供商 |
| 14.| **namesilo** | namesilo dns provider |
| 15.| **** | 雨云DNS解析提供 |
| 16.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器 |
| 17.| **腾讯云** | 腾讯云域名DNS解析提供者 |
| 18.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
| 19.| **西部数码** | west dns provider |
| 20.| **Dns提供商Demo** | dns provider示例 |
| 21.| **彩虹DNS** | 彩虹DNS管理系统 |
| 22.| **Spaceship** | Spaceship 域名解析 |
| 23.| **51dns** | 51DNS |
| 24.| **新网互联** | 新网互联 |
<style module>
table th:first-of-type {
+28
View File
@@ -0,0 +1,28 @@
# Azure 配置
## Access授权配置
1. 登录 Azure 并创建一个资源组 【可选,如果已经有了可以不用创建】
2. 创建一个应用程序
Microsoft Entra ID - 》 应用注册 - 》 新注册
![](./images/access-1.png)
![](./images/access-2.png)
3. 配置授权
![](./images/access-3.png)
4. 点击测试
## Azure DNS 配置
1. 创建一个 DNS 区域(就是一个域名)
![](./images/dns-1.png)
![](./images/dns-2.png)
2. 为这个域名和上面创建的授权应用分配角色
![](./images/dns-3.png)
![](./images/dns-4.png)
![](./images/dns-5.png)
3. 然后就可以给dns区域去申请证书了
Binary file not shown.

After

Width:  |  Height:  |  Size: 107 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 70 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 108 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 55 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 62 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 145 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 93 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 112 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 161 KiB

+8 -6
View File
@@ -26,16 +26,20 @@ Created an external account key
[b64MacKey: xxxxxxxxxxxxxxxx
keyId: xxxxxxxxxxxxx]
```
![](./images/google-eab.png)
3. 到Certd中,创建一条EAB授权记录,填写keyId(=kid) 和 b64MacKey 信息
注意:keyId没有`]`结尾,不要把`]`也复制了
注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱
注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱,所以邮箱切记不要修改
否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation`
### 2.2 通过服务账号获取EAB
4. 创建证书流水线,选择证书提供商为google,选择EAB授权,运行流水线申请证书
此方式可以自动EAB,需要配置代理
### 2.2 通过google服务账号接口获取授权
此方式可以自动获取EAB,需要服务端配置代理
1. 创建服务账号
https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts/create?walkthrough_id=iam--create-service-account&hl=zh-cn#step_index=1
@@ -48,9 +52,7 @@ https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts/crea
7. 点击`添加密钥`->`创建新密钥`->`JSON`,下载密钥文件
8. 将json文件内容粘贴到 certd中 Google服务授权输入框中
9. 创建证书流水线,选择证书提供商为google, 选择服务账号授权,运行流水线申请证书
## 3、 创建证书流水线
选择证书提供商为google, 选择EAB授权 或 服务账号授权
## 4、 其他就跟正常申请证书一样了
+1 -1
View File
@@ -70,5 +70,5 @@
"bugs": {
"url": "https://github.com/publishlab/node-acme-client/issues"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+2 -1
View File
@@ -21,7 +21,8 @@ const defaultOpts = {
},
challengeRemoveFn: async () => {
throw new Error("Missing challengeRemoveFn()");
}
},
waitDnsDiffuseTime: 30,
};
/**
+1 -1
View File
@@ -577,7 +577,7 @@ class AcmeClient {
const verifyFn = async (abort) => {
if (this.opts.signal && this.opts.signal.aborted) {
abort();
abort(true);
throw new CancelError('用户取消');
}
+6 -3
View File
@@ -50,15 +50,18 @@ class Backoff {
async function retryPromise(fn, attempts, backoff, logger = log) {
let aborted = false;
let abortedFromUser = false;
try {
const setAbort = () => { aborted = true; }
const setAbort = (fromUser = false) => { aborted = true; abortedFromUser = fromUser; }
const data = await fn(setAbort);
return data;
}
catch (e) {
if (aborted){
logger(`用户取消重试`);
if (abortedFromUser){
logger(`用户取消重试`);
}
throw e;
}
if ( ((backoff.attempts + 1) >= attempts)) {
@@ -249,7 +252,7 @@ async function resolveDomainBySoaRecord(recordName, logger = log) {
async function getAuthoritativeDnsResolver(recordName, logger = log) {
logger(`获取域名${recordName}的权威NS服务器: `);
const resolver = new dns.Resolver();
const resolver = new dns.Resolver({ timeout: 10000,maxTimeout: 60000 });
try {
/* Resolve root domain by SOA */
-1
View File
@@ -92,7 +92,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns,deep = 0) {
try {
log(`检查域名 ${recordName} 的TXT记录`);
const txtRecords = await resolver.resolveTxt(recordName);
if (txtRecords && txtRecords.length) {
log(`找到 ${txtRecords.length} 条 TXT记录( ${recordName}`);
log(`TXT records: ${JSON.stringify(txtRecords)}`);
+1
View File
@@ -68,6 +68,7 @@ export interface ClientAutoOptions {
preferredChain?: string;
signal?: AbortSignal;
profile?:string;
waitDnsDiffuseTime?: number;
}
export class Client {
+1 -1
View File
@@ -47,5 +47,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -45,5 +45,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+4
View File
@@ -65,4 +65,8 @@ export abstract class BaseAccess implements IAccess {
}
throw new Error(`action ${req.action} not found`);
}
normalizeEndpoint(endpoint: string) {
return endpoint.replace(/\/$/, "");
}
}
+1 -1
View File
@@ -24,5 +24,5 @@
"prettier": "^2.8.8",
"tslib": "^2.8.1"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -31,5 +31,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -56,5 +56,5 @@
"fetch"
]
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -33,5 +33,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -64,5 +64,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
@@ -6,10 +6,10 @@ import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, Sy
import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
import { isPlus } from '@certd/plus-core';
import * as dns from 'node:dns';
import { BaseService, setAdminMode } from '../../../basic/index.js';
import { executorQueue } from '../../basic/service/executor-queue.js';
import { isComm, isPlus } from '@certd/plus-core';
const { merge } = mergeUtils;
let lastSaveEnvVars = {};
@@ -119,11 +119,11 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
}
async savePublicSettings(bean: SysPublicSettings) {
if (isComm()) {
if (bean.adminMode === 'enterprise') {
throw new Error("商业版不支持使用企业管理模式")
}
}
// if (isComm()) {
// if (bean.adminMode === 'enterprise') {
// throw new Error("商业版不支持使用企业管理模式")
// }
// }
await this.saveSetting(bean);
//让设置生效
+1 -1
View File
@@ -46,5 +46,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -38,5 +38,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -57,5 +57,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
@@ -135,7 +135,12 @@ export class CertReader {
}
static readCertDetail(crt: string) {
const detail = crypto.readCertificateInfo(crt.toString());
let detail: CertificateInfo;
try {
detail = crypto.readCertificateInfo(crt.toString());
} catch (e) {
throw new Error("证书解析失败:" + e.message + "(请确定证书格式,是否与私钥搞反?)");
}
const effective = detail.notBefore;
const expires = detail.notAfter;
const fingerprints = CertReader.getFingerprintX509(crt);
@@ -1,5 +1,5 @@
<template>
<a-select :value="value" @update:value="onChange">
<a-select :value="value" :filter-option="true" @update:value="onChange">
<a-select-option v-for="item of options" :key="item.value" :value="item.value" :label="item.label">
<span class="flex-o">
<fs-icon :icon="item.icon" class="fs-16 color-blue mr-5" />
@@ -1,5 +1,5 @@
<template>
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" @update:value="atChange"> </icon-select>
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" :filter-option="true" @update:value="atChange"> </icon-select>
</template>
<script lang="ts">
@@ -289,7 +289,7 @@ export const useSettingStore = defineStore({
}
},
openBindUrlModal() {
openBindUrlModal(opts: { closable?: boolean } = { closable: false }) {
const event: any = { ModalRef: null };
mitter.emit("getModal", event);
const Modal = event.ModalRef;
@@ -302,10 +302,12 @@ export const useSettingStore = defineStore({
modalRef.destroy();
}
};
const { closable = false } = opts;
const modalRef: any = Modal.warning({
title: "URL地址未绑定,是否绑定此地址?",
width: 500,
keyboard: false,
closable,
content: () => {
return (
<div class="p-4">
@@ -338,10 +340,10 @@ export const useSettingStore = defineStore({
danger: true,
},
okText: "不,回到原来的地址",
cancelText: "不,回到原来的地址",
onCancel: () => {
window.location.href = bindUrl;
},
// cancelText: "不,回到原来的地址",
// onOk: () => {
// window.location.href = bindUrl;
// },
});
},
async loadProductInfo() {
@@ -73,13 +73,11 @@
margin: 20px;
}
.fs-crud-table {
.ant-table-body {
height: 60vh;
table {
}
}
}
// .fs-crud-table {
// .ant-table-body {
// height:60vh;
// }
// }
body a {
color: #1890ff;
@@ -142,4 +140,5 @@ button.ant-btn.ant-btn-default.isPlus{
color: rgba(233, 233, 233, 0.25);
}
}
}
}
@@ -8,7 +8,6 @@
import { onActivated, onMounted, ref, Ref } from "vue";
import { useFs } from "@fast-crud/fast-crud";
import createCrudOptions from "./crud";
import { siteIpApi } from "./api";
defineOptions({
name: "SiteIpCertMonitor",
@@ -23,11 +22,6 @@ const { crudBinding, crudRef, crudExpose } = useFs({
},
});
const siteInfoRef: Ref<any> = ref({});
onMounted(async () => {
siteInfoRef.value = await siteIpApi.GetObj(props.siteId);
});
//
onMounted(() => {
crudExpose.doRefresh();
@@ -13,10 +13,27 @@ import { createNotificationApi } from "/@/views/certd/notification/api";
import GroupSelector from "../group/group-selector.vue";
import { useI18n } from "/src/locales";
import { useSettingStore } from "/@/store/settings";
import dayjs from "dayjs";
export function fillPipelineByDefaultForm(pipeline: any, form: any) {
const triggers = [];
if (form.triggerCron) {
//根据随机时间设置触发时间
if (form.random === true) {
// 随机时间
const randomRange = form.randomRange;
const start = dayjs().format("YYYY-MM-DD") + " " + randomRange[0];
let end = dayjs().format("YYYY-MM-DD") + " " + randomRange[1];
if (randomRange[1] < randomRange[0]) {
//跨天
end = dayjs().add(1, "day").format("YYYY-MM-DD") + " " + randomRange[1];
}
const startTime = dayjs(start).valueOf();
const endTime = dayjs(end).valueOf();
const randomTime = Math.floor(Math.random() * (endTime - startTime)) + startTime;
const time = dayjs(randomTime).format(" ss:mm:HH").replaceAll(":", " ").replaceAll(" 0", " ").trim();
triggers.push({ title: "定时触发", type: "timer", props: { cron: `${time} * * *` } });
} else if (form.triggerCron) {
triggers.push({ title: "定时触发", type: "timer", props: { cron: form.triggerCron } });
}
if (form.webhookEnabled) {
@@ -85,7 +102,7 @@ export function useCertPipelineCreator() {
const settingStore = useSettingStore();
const router = useRouter();
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string }): CreateCrudOptionsRet {
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string; initialForm?: any }): CreateCrudOptionsRet {
const inputs: any = {};
const moreParams = [];
const doSubmit = req.doSubmit;
@@ -124,9 +141,11 @@ export function useCertPipelineCreator() {
},
},
});
return {
crudOptions: {
form: {
initialForm: req.initialForm || {},
doSubmit,
wrapper: {
wrapClassName: "cert_pipeline_create_form",
@@ -326,6 +345,15 @@ export function useCertPipelineCreator() {
//检查是否流水线数量超出限制
await checkPipelineLimit();
//设置系统初始值
const initialForm: any = {};
const pluginSysConfig = await pluginStore.getPluginConfig({ name: req.pluginName, type: "builtIn" });
if (pluginSysConfig.sysSetting?.input) {
for (const key in pluginSysConfig.sysSetting?.input) {
initialForm[key] = pluginSysConfig.sysSetting?.input[key];
}
}
async function doSubmit({ form }: any) {
// const certDetail = readCertDetail(form.cert.crt);
// 添加certd pipeline
@@ -399,6 +427,7 @@ export function useCertPipelineCreator() {
certPlugin,
doSubmit,
title: req.title,
initialForm,
});
//@ts-ignore
crudOptions.columns.groupId.form.value = req.defaultGroupId || undefined;
@@ -67,8 +67,8 @@ async function openFormDialog() {
return form.clear !== true;
}),
component: {
name: "fs-dict-switch",
vModel: "checked",
name: "fs-dict-radio",
vModel: "value",
dict: dict({
data: [
{
@@ -374,7 +374,7 @@ export default defineComponent({
setup(props, ctx) {
onBeforeRouteLeave((to, from) => {
const newPipelineStr = JSON.stringify(pipeline.value || {});
if (pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
if (props.editMode && pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
const answer = window.confirm("流水线还未保存,确定要离开吗?");
if (!answer) {
return false; // false
@@ -182,6 +182,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
},
showSelect: false,
createCrudOptions: createCrudOptionsPipeline,
height: "60vh",
crudOptionsOverride: {
actionbar: {
show: false,
@@ -1,4 +1,4 @@
import { dict, useFormWrapper } from "@fast-crud/fast-crud";
import { compute, dict, useFormWrapper } from "@fast-crud/fast-crud";
import { checkPipelineLimit, eachSteps } from "/@/views/certd/pipeline/utils";
import { templateApi } from "/@/views/certd/pipeline/template/api";
import TemplateForm from "./form.vue";
@@ -7,6 +7,7 @@ import GroupSelector from "/@/views/certd/pipeline/group/group-selector.vue";
import { ref } from "vue";
import { fillPipelineByDefaultForm } from "/@/views/certd/pipeline/certd-form/use";
import { cloneDeep } from "lodash-es";
import { $t } from "/@/locales";
export function createExtraColumns() {
const groupDictRef = dict({
@@ -14,23 +15,93 @@ export function createExtraColumns() {
value: "id",
label: "name",
});
const t = $t;
const randomHour = Math.floor(Math.random() * 6);
const randomMin = Math.floor(Math.random() * 60);
return {
triggerCron: {
title: "定时触发",
type: "text",
// triggerCron: {
// title: "定时触发",
// type: "text",
// form: {
// value: `0 ${randomMin} ${randomHour} * * *`,
// component: {
// name: "cron-editor",
// vModel: "modelValue",
// placeholder: "0 0 4 * * *",
// },
// col: {
// span: 24,
// },
// helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
// order: 100,
// },
// },
random: {
title: "定时类型",
form: {
value: `0 ${randomMin} ${randomHour} * * *`,
component: {
name: "cron-editor",
vModel: "modelValue",
placeholder: "0 0 4 * * *",
},
order: 100,
value: true,
helper: "是否给流水线随机设置一个时间",
show: compute(({ form }) => {
return form.clear !== true;
}),
col: {
span: 24,
},
helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
component: {
name: "fs-dict-radio",
vModel: "value",
dict: dict({
data: [
{
label: "随机时间",
value: true,
},
{
label: "固定时间",
value: false,
},
],
}),
},
},
},
randomRange: {
title: "随机时间范围",
form: {
order: 100,
value: ["00:00:00", "08:00:00"],
helper: "随机时间范围,单位秒",
component: {
// <a-time-range-picker :bordered="false" />
name: "a-time-range-picker",
vModel: "value",
valueFormat: "HH:mm:ss",
},
show: compute(({ form }) => {
return form.clear !== true && form.random === true;
}),
rules: [{ required: true, message: "请选择随机时间范围" }],
},
},
triggerCron: {
title: t("certd.schedule"),
form: {
order: 100,
component: {
name: "cron-editor",
vModel: "modelValue",
},
show: compute(({ form }) => {
return form.clear !== true && form?.random !== true;
}),
rules: [{ required: true, message: t("certd.selectCron") }],
},
},
blank2: {
form: {
blank: true,
order: 100,
},
},
@@ -135,3 +135,11 @@ export async function DoTest(req: { id: number; input: any }): Promise<void> {
data: req,
});
}
export async function GetPluginByName(name: string): Promise<PluginConfigBean> {
return await request({
url: apiPrefix + "/getPluginByName",
method: "post",
data: { name },
});
}
@@ -36,6 +36,13 @@
</div>
</a-form-item>
<a-form-item label="其他配置">
<a-button type="primary" @click="doPluginConfig">证书申请插件默认值设置</a-button>
<div class="helper">
<div>自定义证书申请插件参数</div>
</div>
</a-form-item>
<a-form-item :wrapper-col="{ offset: 8, span: 16 }">
<a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
</a-form-item>
@@ -47,10 +54,10 @@
<script lang="ts" setup>
import AccessSelector from "/@/views/certd/access/access-selector/index.vue";
import { reactive, ref } from "vue";
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs } from "/@/views/sys/plugin/api";
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs, GetPluginByName } from "/@/views/sys/plugin/api";
import { merge } from "lodash-es";
import { notification } from "ant-design-vue";
import { usePluginConfig } from "./use-config";
defineOptions({
name: "SysPluginConfig",
});
@@ -87,5 +94,12 @@ const onFinish = async (form: any) => {
const onFinishFailed = (errorInfo: any) => {
console.log("Failed:", errorInfo);
};
const { openConfigDialog } = usePluginConfig();
async function doPluginConfig() {
const certApplyInfo = await GetPluginByName("CertApply");
await openConfigDialog({ row: certApplyInfo, crudExpose: null });
}
</script>
<style lang="less"></style>
@@ -3,7 +3,7 @@
<div class="origin-metadata w-100%">
<div class="block-title">
自定义插件参数配置
<div class="helper">可以设置插件选项的配置设置配置默认值修改帮助说明设置是否显示该字段等</div>
<div class="helper">可以设置插件选项的配置设置配置默认值修改帮助说明设置是否显示该字段等在用户申请证书对话框里面使用你自定义设置的展示效果</div>
</div>
<div class="p-10">
<div ref="formRef" class="config-form w-full" :label-col="labelCol" :wrapper-col="wrapperCol">
@@ -43,13 +43,12 @@
</template>
<script setup lang="tsx">
import { computed, nextTick, onMounted, reactive, ref, Ref, unref } from "vue";
import { dict, FsRender } from "@fast-crud/fast-crud";
import { cloneDeep, merge, unset } from "lodash-es";
import { computed, onMounted, reactive, ref } from "vue";
import { useRoute, useRouter } from "vue-router";
import * as api from "./api";
import { usePluginStore } from "/@/store/plugin";
import { cloneDeep, get, merge, set, unset } from "lodash-es";
import Rollbackable from "./rollbackable.vue";
import { FsRender } from "@fast-crud/fast-crud";
import { usePluginStore } from "/@/store/plugin";
const route = useRoute();
const router = useRouter();
const pluginStore = usePluginStore();
@@ -68,6 +67,18 @@ const labelCol = ref({
const wrapperCol = ref({ span: 16 });
const configForm: any = reactive({});
const showDict = dict({
data: [
{
value: true,
label: "显示",
},
{
value: false,
label: "不显示",
},
],
});
function getScope() {
return {
form: configForm,
@@ -105,12 +116,25 @@ const editableKeys = ref([
defaultRender(item: any) {
return () => {
const value = item["show"];
return value === false ? "不显示" : "显示";
let showType = "";
let color = "";
if (item.mergeScript?.indexOf("show:") >= -1) {
showType = "条件显示";
color = "orange";
} else {
showType = value === false ? "不显示" : "显示";
color = value === false ? "red" : "green";
}
return (
<a-tag color={color} size="small">
{showType}
</a-tag>
);
};
},
editRender(item: any) {
return () => {
return <a-switch vModel:checked={configForm[item.key]["show"]} />;
return <fs-dict-switch vModel:checked={configForm[item.key]["show"]} dict={showDict} />;
};
},
},
@@ -178,6 +178,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
type: "dict-select",
search: {
show: true,
component: {
disabled: false,
},
},
form: {
order: 0,
@@ -1,5 +1,5 @@
<script setup lang="ts">
import { defineProps } from "vue";
import { dict } from "@fast-crud/fast-crud";
const props = defineProps<{ value: any }>();
@@ -10,20 +10,42 @@ function setValue() {
function clearValue() {
emits("clear");
}
const switchDict = dict({
data: [
{
value: true,
label: "自定义",
},
{
value: false,
label: "原始值",
},
],
});
function onSwitchChange(value: boolean) {
if (value) {
setValue();
} else {
clearValue();
}
}
</script>
<template>
<div class="rollbackable">
<div class="flex">
<div style="width: 100px">
<a-tag v-if="value === undefined" color="green" size="small" class="pointer flex-inline items-center" @click.stop="setValue">
<!-- <a-tag v-if="value === undefined" color="green" size="small" class="pointer flex-inline items-center" @click.stop="setValue">
<fs-icon icon="material-symbols:edit" class="mr-5"></fs-icon>
自定义
</a-tag>
<a-tag v-else color="red" size="small" class="pointer flex-inline items-center" @click.stop="clearValue">
<fs-icon icon="material-symbols:undo" class="mr-5"></fs-icon>
还原
</a-tag>
</a-tag> -->
<fs-dict-switch :checked="value !== undefined" :dict="switchDict" @change="onSwitchChange" />
</div>
<div class="flex-1 overflow-hidden value-render">
<slot v-if="value === undefined" name="default"></slot>
@@ -35,7 +35,9 @@ export function usePluginConfig() {
},
afterSubmit() {
notification.success({ message: t("certd.operationSuccess") });
crudExpose.doRefresh();
if (crudExpose) {
crudExpose.doRefresh();
}
},
async doSubmit({}: any) {
const form = configEditorRef.value.getForm();
@@ -25,6 +25,10 @@
<div class="helper" v-html="t('certd.sys.setting.noticeHelper')"></div>
</a-form-item>
<a-form-item :label="t('certd.sys.setting.bindUrl')">
<a-button class="ml-2" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
</a-form-item>
<a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
<a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
</a-form-item>
@@ -8,7 +8,7 @@
</div>
<pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
<div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal()">{{ t("certd.sys.setting.bindUrl") }}</a-button>
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
</div>
</a-form-item>
<a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
@@ -17,6 +17,18 @@ input:
apiKey
required: true
encrypt: true
version:
title: 版本
component:
name: a-select
options:
- label: v3.x
value: '3'
- label: v2.x
value: '2'
helper: apisix系统的版本
value: '3'
required: true
testRequest:
title: 测试
component:
@@ -0,0 +1,27 @@
name: hipmdnsmgr
title: HiPM DNSMgr
icon: svg:icon-dns
desc: HiPM DNSMgr API Token 授权
input:
endpoint:
title: 服务器地址
component:
name: a-input
allowClear: true
placeholder: http://localhost:3001
required: true
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001'
apiToken:
title: API Token
required: true
encrypt: true
helper: 在 DNSMgr 设置 > API Token 中创建的令牌
testRequest:
title: 测试连接
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.js
@@ -0,0 +1,53 @@
name: nginxProxyManager
title: Nginx Proxy Manager 授权
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
icon: logos:nginx
input:
endpoint:
title: NPM 地址
component:
name: a-input
allowClear: true
placeholder: https://npm.example.com
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
required: true
email:
title: 邮箱
component:
name: a-input
allowClear: true
placeholder: admin@example.com
required: true
password:
title: 密码
component:
name: a-input-password
allowClear: true
placeholder: 请输入密码
required: true
encrypt: true
totpSecret:
title: TOTP 密钥
component:
name: a-input-password
allowClear: true
placeholder: Optional base32 TOTP secret
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
required: false
encrypt: true
ignoreTls:
title: 忽略无效 TLS
component:
name: a-switch
vModel: checked
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
required: false
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: 测试登录并拉取代理主机列表。
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-nginx-proxy-manager/access.js
@@ -62,8 +62,8 @@ input:
pty:
title: 伪终端
helper: >-
如果登录报错:all authentication methods
failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录
如果登录报错:all authentication methods failed / unable to
exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录
开启后对日志输出有一定的影响
component:
@@ -0,0 +1,38 @@
name: technitium
title: Technitium DNS Server
icon: clarity:server-line
desc: Technitium DNS Server 自建DNS服务器授权
input:
apiUrl:
title: API地址
value: http://localhost:5380
component:
name: a-input
allowClear: true
placeholder: http://localhost:5380
required: true
username:
title: 用户名
component:
name: a-input
allowClear: true
placeholder: admin
required: false
password:
title: 密码
component:
name: a-input
type: password
allowClear: true
placeholder: 密码
required: false
encrypt: true
testRequest:
title: 测试
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-technitium/access.js
@@ -0,0 +1,71 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: NginxProxyManagerDeploy
title: Nginx Proxy Manager-部署到主机
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
icon: logos:nginx
group: panel
input:
cert:
title: 域名证书
helper: 请选择前置任务产出的证书。
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 证书域名
component:
name: cert-domains-getter
required: false
order: 0
accessId:
title: NPM授权
component:
name: access-selector
type: nginxProxyManager
helper: 选择用于部署的 Nginx Proxy Manager 授权。
required: true
order: 0
proxyHostIds:
title: 代理主机
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetProxyHostOptions
search: true
pager: false
multi: true
watches:
- certDomains
- accessId
helper: 选择要绑定此证书的一个或多个代理主机。
required: true
order: 0
certificateLabel:
title: 证书标识
component:
name: a-input
allowClear: true
placeholder: certd_npm_example_com
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>。
required: false
order: 0
cleanupMatchingCertificates:
title: 自动清理未使用证书
component:
name: a-switch
vModel: checked
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
required: false
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: /plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.js
@@ -0,0 +1,8 @@
name: hipmdnsmgr
title: HiPM DNSMgr
desc: HiPM DNSMgr DNS 解析提供商
accessType: hipmdnsmgr
icon: svg:icon-dns
pluginType: dnsProvider
type: builtIn
scriptFilePath: /plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.js
@@ -0,0 +1,9 @@
name: technitium
title: Technitium DNS Server
desc: Technitium DNS Server 自建DNS服务器
icon: clarity:server-line
accessType: technitium
order: 10
pluginType: dnsProvider
type: builtIn
scriptFilePath: /plugins/plugin-technitium/dns-provider.js
+3
View File
@@ -37,6 +37,8 @@
"pub": "echo 1"
},
"dependencies": {
"@azure/arm-dns": "^5.1.0",
"@azure/identity": "^4.13.1",
"@alicloud/fc20230330": "^4.1.7",
"@alicloud/openapi-client": "^0.4.12",
"@alicloud/openapi-util": "^0.3.2",
@@ -64,6 +66,7 @@
"@certd/plugin-lib": "^1.39.10",
"@certd/plugin-plus": "^1.39.10",
"@certd/plus-core": "^1.39.10",
"@google-cloud/dns": "^5.3.1",
"@google-cloud/publicca": "^1.3.0",
"@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
"@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -84,6 +84,15 @@ export class PluginController extends CrudController<PluginService> {
const res = await this.pluginConfigService.saveCommPluginConfig(body);
return this.ok(res);
}
@Post('/getPluginByName', { description: 'sys:settings:view' })
async getPluginByName(@Body('name') name: string) {
const res = await this.pluginConfigService.getPluginConfig({
name: name,
type: 'builtIn'
});
return this.ok(res);
}
@Post('/saveSetting', { description: 'sys:settings:edit' })
async saveSetting(@Body(ALL) body: PluginConfig) {
const res = await this.pluginConfigService.savePluginConfig(body);
@@ -89,24 +89,30 @@ export class SiteTester {
// 创建 HTTPS 请求
const requestPromise = safePromise((resolve, reject) => {
const req = https.request(options, res => {
// 获取证书
// @ts-ignore
const certificate = res.socket.getPeerCertificate();
// logger.info('证书信息', certificate);
if (certificate.subject == null) {
logger.warn("证书信息为空");
resolve({
certificate: null
});
}
resolve({
certificate
});
res.socket.end();
// 关闭响应
res.destroy();
});
// ✅ 关键:在 'socket' 事件中获取证书(握手完成后立即执行)
req.on('socket', (socket:any) => {
socket.on('secureConnect', () => {
// TLS握手完成,证书已经可用
const certificate = socket.getPeerCertificate();
if (certificate.subject) {
logger.info('证书获取成功', certificate.subject);
resolve({
certificate
});
}else{
logger.warn("证书信息为空");
resolve({
certificate: null
});
}
});
});
req.on("error", e => {
reject(e);
});
@@ -45,4 +45,6 @@
// export * from './plugin-plus/index.js'
// export * from './plugin-cert/index.js'
// export * from './plugin-zenlayer/index.js'
export * from './plugin-dnsmgr/index.js'
// export * from './plugin-dnsmgr/index.js'
// export * from './plugin-nginx-proxy-manager/index.js'
// export * from './plugin-hipmdnsmgr/index.js'
@@ -0,0 +1,323 @@
import { AbstractTaskPlugin, IsTaskPlugin, Pager, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import {
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunClient, AliyunSslClient, CasCertInfo } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'AliyunDeployCertToWafCloud',
title: '阿里云-部署至阿里云WAF(云产品接入)',
icon: 'svg:icon-aliyun',
group: pluginGroups.aliyun.key,
desc: '部署证书到阿里云WAF(云产品接入),CNAME方式接入的请选择另外一个waf插件',
needPlus: false,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class AliyunDeployCertToWafCloud extends AbstractTaskPlugin {
@TaskInput({
title: '域名证书',
helper: '请选择证书申请任务输出的域名证书\n或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量',
component: {
name: 'output-selector',
from: [...CertApplyPluginNames, 'uploadCertToAliyun'],
},
required: true,
})
cert!: CertInfo | number | CasCertInfo;
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
certDomains!: string[];
@TaskInput({
title: 'WAF接入点',
helper: '不会选就按默认',
value: 'cn-hangzhou',
component: {
name: 'a-select',
options: [
{ value: 'cn-hangzhou', label: '中国内地' },
{ value: 'ap-southeast-1', label: '非中国内地' },
],
},
required: true,
})
regionId!: string;
@TaskInput({
title: '证书接入点',
helper: '跟上面保持一致即可',
value: 'cas.aliyuncs.com',
component: {
name: 'a-select',
options: [
{ value: 'cas.aliyuncs.com', label: '中国大陆' },
{ value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
{ value: 'cas.eu-central-1.aliyuncs.com', label: '德国(法兰克福)' },
],
},
required: true,
})
casEndpoint!: string;
@TaskInput({
title: 'Access授权',
helper: '阿里云授权AccessKeyId、AccessKeySecret',
component: {
name: 'access-selector',
type: 'aliyun',
},
required: true,
})
accessId!: string;
@TaskInput(
createRemoteSelectInputDefine({
title: '云产品资源',
helper: '请选择要部署证书的云产品资源',
action: AliyunDeployCertToWafCloud.prototype.onGetCloudResourceList.name,
watches: ['accessId', 'regionId'],
pager: true,
search: true,
})
)
cloudResources!: string[];
@TaskInput({
title: '证书部署类型',
value: 'default',
component: {
name: 'a-select',
options: [
{ value: 'default', label: '默认证书' },
{ value: 'extension', label: '扩展证书' },
],
},
required: true,
})
certType!: string;
async onInstance() { }
async getWafClient(access: AliyunAccess) {
const client = new AliyunClient({ logger: this.logger });
await client.init({
accessKeyId: access.accessKeyId,
accessKeySecret: access.accessKeySecret,
endpoint: `https://wafopenapi.${this.regionId}.aliyuncs.com`,
apiVersion: '2021-10-01',
});
return client;
}
async getInstanceId(client: AliyunClient) {
const params = {
RegionId: this.regionId,
};
this.logger.info('调用DescribeInstance API', JSON.stringify(params));
const res = await client.request('DescribeInstance', params);
this.logger.info('获取实例ID', res.InstanceId);
return res.InstanceId;
}
async execute(): Promise<void> {
this.logger.info('开始部署证书到阿里云WAF(云产品接入)');
const access = await this.getAccess<AliyunAccess>(this.accessId);
let certId: any = this.cert;
if (typeof this.cert === 'object') {
const sslClient = new AliyunSslClient({
access,
logger: this.logger,
endpoint: this.casEndpoint,
});
const cert = this.cert as CertInfo;
const casCert = this.cert as CasCertInfo;
if (cert.crt) {
const certIdRes = await sslClient.uploadCertificate({
name: this.buildCertName(CertReader.getMainDomain(cert.crt)),
cert: cert,
});
certId = certIdRes.certId as any;
} else if (casCert.certIdentifier) {
// 使用certIdentifier,它已经包含了regionid
certId = casCert.certIdentifier;
} else if (casCert.certId) {
certId = casCert.certId;
} else {
throw new Error('证书格式错误'+JSON.stringify(this.cert));
}
}
const client = await this.getWafClient(access);
const instanceId = await this.getInstanceId(client);
for (const cloudResourceId of this.cloudResources) {
this.logger.info('开始部署', cloudResourceId);
if (this.certType === 'default') {
// 部署默认证书
const params = {
RegionId: this.regionId,
InstanceId: instanceId,
CloudResourceId: cloudResourceId,
CertId: certId,
};
this.logger.info('调用ModifyCloudResourceDefaultCert API', JSON.stringify(params));
const res = await client.request('ModifyCloudResourceDefaultCert', params);
this.logger.info('部署默认证书成功', JSON.stringify(res));
} else if (this.certType === 'extension') {
// 部署扩展证书
const addCertParams = {
RegionId: this.regionId,
InstanceId: instanceId,
CloudResourceId: cloudResourceId,
CertId: certId,
};
this.logger.info('调用CreateCloudResourceExtensionCert API', JSON.stringify(addCertParams));
const addCertRes = await client.request('CreateCloudResourceExtensionCert', addCertParams);
this.logger.info('部署扩展证书成功', JSON.stringify(addCertRes));
// 清理过期扩展证书
await this.cleanupExpiredExtensionCerts(client, instanceId, cloudResourceId, certId);
}
}
}
async cleanupExpiredExtensionCerts(client: AliyunClient, instanceId: string, cloudResourceId: string, currentCertId: string) {
try {
this.logger.info('开始清理过期扩展证书, cloudResourceId: ' + cloudResourceId);
// 解析CloudResourceId获取ResourceInstanceId
// CloudResourceId格式:{ResourceInstanceId}-{Port}-{ResourceProduct}
const resourceInfo = cloudResourceId.split('-');
if (resourceInfo.length < 3) {
this.logger.warn('CloudResourceId格式不正确: ' + cloudResourceId);
return;
}
// 从后往前解析,因为ResourceInstanceId可能包含"-"
const product = resourceInfo.pop();
const port = resourceInfo.pop();
const resourceInstanceId = resourceInfo.join('-');
this.logger.info('ResourceInstanceId: ' + resourceInstanceId, 'Port: ' + port, 'Product: ' + product);
// 查询云产品实例的证书列表
const certsParams = {
InstanceId: instanceId,
RegionId: this.regionId,
ResourceInstanceId: resourceInstanceId,
PageSize: 100,
};
this.logger.info('调用DescribeResourceInstanceCerts API: ' + JSON.stringify(certsParams));
const certsRes = await client.request('DescribeResourceInstanceCerts', certsParams);
if (!certsRes || !certsRes.Certs || certsRes.Certs.length === 0) {
this.logger.info('没有找到证书, cloudResourceId: ' + cloudResourceId);
return;
}
this.logger.info('查询到的证书数量: ' + certsRes.Certs.length);
const now = Date.now();
const expiredCerts = certsRes.Certs.filter((cert: any) => {
// 检查证书是否有必要的属性
if (!cert || !cert.AfterDate || !cert.CertIdentifier) {
this.logger.warn('证书格式不正确: ' + JSON.stringify(cert));
return false;
}
// 检查是否为当前部署的证书
if (cert.CertIdentifier === currentCertId) {
return false;
}
// 确保AfterDate是数字类型
const afterDate = cert.AfterDate;
// 检查是否过期
return afterDate < now;
});
if (expiredCerts.length === 0) {
this.logger.info('没有过期的扩展证书, cloudResourceId: ' + cloudResourceId);
return;
}
this.logger.info('过期的扩展证书数量: ' + expiredCerts.length);
// 删除过期的扩展证书
for (const expiredCert of expiredCerts) {
const deleteParams = {
RegionId: this.regionId,
InstanceId: instanceId,
CloudResourceId: cloudResourceId,
CertId: expiredCert.CertIdentifier,
};
this.logger.info('调用DeleteCloudResourceExtensionCert API: ' + JSON.stringify(deleteParams));
const deleteRes = await client.request('DeleteCloudResourceExtensionCert', deleteParams);
this.logger.info('删除过期扩展证书成功, certId: ' + expiredCert.CertIdentifier + ', response: ' + JSON.stringify(deleteRes));
}
this.logger.info('清理过期扩展证书完成, cloudResourceId: ' + cloudResourceId + ', deletedCount: ' + expiredCerts.length);
} catch (error) {
this.logger.error('清理过期扩展证书失败, cloudResourceId: ' + cloudResourceId + ', error: ' + JSON.stringify(error));
// 清理失败不影响主流程
}
}
async onGetCloudResourceList(data: PageSearch) {
if (!this.accessId) {
throw new Error('请选择Access授权');
}
const access = await this.getAccess<AliyunAccess>(this.accessId);
const client = await this.getWafClient(access);
const pager = new Pager(data)
const instanceId = await this.getInstanceId(client);
const params: any = {
InstanceId: instanceId,
MaxResults: pager.pageSize,
RegionId: this.regionId,
};
if (data.searchKey) {
params.CloudResourceId = data.searchKey;
params.ResourceInstanceId = data.searchKey;
}
this.logger.info('调用DescribeCloudResourceList API', JSON.stringify(params));
const res = await client.request('DescribeCloudResourceList', params);
this.logger.info('DescribeCloudResourceList API返回', JSON.stringify(res));
if (!res || !res.CloudResourceList || res.CloudResourceList.length === 0) {
this.logger.warn('没有找到云产品接入的资源');
return {
list: [],
total: 0,
pageNo: pager.pageNo,
pageSize: pager.pageSize
};
}
const total = res.TotalCount || 0;
const options = res.CloudResourceList.map((item: any) => {
return {
label: `${item.CloudResourceId} (${item.ResourceProduct})`,
value: item.CloudResourceId,
title: item.CloudResourceId,
resourceProduct: item.ResourceProduct,
};
});
const list = this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
return {
list,
total: total,
pageNo: pager.pageNo,
pageSize: pager.pageSize
};
}
}
new AliyunDeployCertToWafCloud();
@@ -0,0 +1,259 @@
import { AbstractTaskPlugin, IsTaskPlugin, Pager, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import {
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunClient, AliyunSslClient, CasCertInfo } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'AliyunDeployCertToWaf',
title: '阿里云-部署至阿里云WAF(cname接入)',
icon: 'svg:icon-aliyun',
group: pluginGroups.aliyun.key,
desc: '部署证书到阿里云WAF(cname接入),云资源的请选择另外一个waf插件',
needPlus: false,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
@TaskInput({
title: '域名证书',
helper: '请选择证书申请任务输出的域名证书\n或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量',
component: {
name: 'output-selector',
from: [...CertApplyPluginNames, 'uploadCertToAliyun'],
},
required: true,
})
cert!: CertInfo | number | CasCertInfo;
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
certDomains!: string[];
@TaskInput({
title: 'WAF接入点',
helper: '不会选就按默认',
value: 'cn-hangzhou',
component: {
name: 'a-select',
options: [
{ value: 'cn-hangzhou', label: '中国大陆-华东1(杭州)' },
{ value: 'ap-southeast-1', label: '新加坡' },
],
},
required: true,
})
regionId!: string;
@TaskInput({
title: '证书接入点',
helper: '跟上面保持一致即可',
value: 'cas.aliyuncs.com',
component: {
name: 'a-select',
options: [
{ value: 'cas.aliyuncs.com', label: '中国大陆' },
{ value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
{ value: 'cas.eu-central-1.aliyuncs.com', label: '德国(法兰克福)' },
],
},
required: true,
})
casEndpoint!: string;
@TaskInput({
title: 'Access授权',
helper: '阿里云授权AccessKeyId、AccessKeySecret',
component: {
name: 'access-selector',
type: 'aliyun',
},
required: true,
})
accessId!: string;
@TaskInput(
createRemoteSelectInputDefine({
title: 'CNAME站点',
helper: '请选择要部署证书的CNAME站点',
action: AliyunDeployCertToWaf.prototype.onGetCnameList.name,
watches: ['accessId', 'regionId'],
pager: true,
search: true,
})
)
cnameDomains!: string[];
@TaskInput({
title: 'TLS版本',
value: 'tlsv1.2',
component: {
name: 'a-select',
options: [
{ value: 'tlsv1', label: 'TLSv1' },
{ value: 'tlsv1.1', label: 'TLSv1.1' },
{ value: 'tlsv1.2', label: 'TLSv1.2' },
],
},
required: true,
})
tlsVersion!: string;
@TaskInput({
title: '启用TLSv3',
value: true,
component: {
name: 'a-switch',
vModel: 'checked',
},
required: true,
})
enableTLSv3!: boolean;
async onInstance() { }
async getWafClient(access: AliyunAccess) {
const client = new AliyunClient({ logger: this.logger });
await client.init({
accessKeyId: access.accessKeyId,
accessKeySecret: access.accessKeySecret,
//https://wafopenapi.cn-hangzhou.aliyuncs.com
endpoint: `https://wafopenapi.${this.regionId}.aliyuncs.com`,
apiVersion: '2021-10-01',
});
return client;
}
async getInstanceId(client: AliyunClient) {
const params = {
RegionId: 'cn-hangzhou',
};
const res = await client.request('DescribeInstance', params);
this.logger.info('获取实例ID', res.InstanceId);
return res.InstanceId;
}
async execute(): Promise<void> {
this.logger.info('开始部署证书到阿里云');
const access = await this.getAccess<AliyunAccess>(this.accessId);
let certId: any = this.cert;
if (typeof this.cert === 'object') {
const sslClient = new AliyunSslClient({
access,
logger: this.logger,
endpoint: this.casEndpoint,
});
const cert = this.cert as CertInfo;
const casCert = this.cert as CasCertInfo;
if (cert.crt) {
const certIdRes = await sslClient.uploadCertificate({
name: this.buildCertName(CertReader.getMainDomain(cert.crt)),
cert: cert,
});
certId = certIdRes.certId as any;
} else if (casCert.certId) {
certId = casCert.certId;
} else {
throw new Error('证书格式错误'+JSON.stringify(this.cert));
}
}
const client = await this.getWafClient(access);
const instanceId = await this.getInstanceId(client);
for (const siteDomain of this.cnameDomains) {
this.logger.info('开始部署', siteDomain);
const params = {
RegionId: this.regionId,
InstanceId: instanceId,
Domain: siteDomain,
};
const siteDetail = await client.request('DescribeDomainDetail', params);
this.logger.info('站点详情', JSON.stringify(siteDetail));
const listen = siteDetail.Listen;
if (!listen) {
throw new Error(`没有找到${siteDomain}的监听器`);
}
/**
* "HttpsPorts": [
* 443
* ],
* "CertId": "14738336-cn-hangzhou",
*/
const redirect = siteDetail.Redirect;
redirect.Backends = redirect.AllBackends;
listen.CertId = certId + '-' + this.regionId;
if (!listen.HttpsPorts || listen.HttpsPorts.length === 0) {
listen.HttpsPorts = [443];
}
const updateParams = {
InstanceId: instanceId,
RegionId: this.regionId,
Redirect: JSON.stringify(redirect),
Listen: JSON.stringify(listen),
Domain: siteDomain,
TLSVersion: this.tlsVersion || 'tlsv1.2',
EnableTLSv3: this.enableTLSv3 ?? true,
};
const res = await client.request('ModifyDomain', updateParams);
this.logger.info('部署成功', JSON.stringify(res));
}
}
async onGetCnameList(data: PageSearch) {
if (!this.accessId) {
throw new Error('请选择Access授权');
}
const access = await this.getAccess<AliyunAccess>(this.accessId);
const client = await this.getWafClient(access);
const pager = new Pager(data)
const instanceId = await this.getInstanceId(client);
const params: any = {
RegionId: this.regionId,
InstanceId: instanceId,
PageSize: pager.pageSize,
PageNumber: pager.pageNo,
};
if (data.searchKey) {
params.Domain = data.searchKey
}
const res = await client.request('DescribeDomains', params);
if (!res?.Domains || res?.Domains.length === 0) {
throw new Error('没有找到CNAME接入的域名站点');
}
const total = res.TotalCount;
const options = res.Domains.map((item: any) => {
return {
label: item.Domain,
value: item.Domain,
title: item.Domain,
domain: item.Domain,
};
});
const list = this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
// const list = [{value:"1",label:"1"},{value:"2",label:"2"}]
// const total = 120
return {
list,
total: total,
pageNo: pager.pageNo,
pageSize: pager.pageSize
};
}
}
new AliyunDeployCertToWaf();
@@ -1,259 +1,2 @@
import { AbstractTaskPlugin, IsTaskPlugin, Pager, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import {
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunClient, AliyunSslClient, CasCertInfo } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'AliyunDeployCertToWaf',
title: '阿里云-部署至阿里云WAF',
icon: 'svg:icon-aliyun',
group: pluginGroups.aliyun.key,
desc: '部署证书到阿里云WAF',
needPlus: false,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
@TaskInput({
title: '域名证书',
helper: '请选择证书申请任务输出的域名证书\n或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量',
component: {
name: 'output-selector',
from: [...CertApplyPluginNames, 'uploadCertToAliyun'],
},
required: true,
})
cert!: CertInfo | number | CasCertInfo;
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
certDomains!: string[];
@TaskInput({
title: 'WAF接入点',
helper: '不会选就按默认',
value: 'cn-hangzhou',
component: {
name: 'a-select',
options: [
{ value: 'cn-hangzhou', label: '中国大陆-华东1(杭州)' },
{ value: 'ap-southeast-1', label: '新加坡' },
],
},
required: true,
})
regionId!: string;
@TaskInput({
title: '证书接入点',
helper: '跟上面保持一致即可',
value: 'cas.aliyuncs.com',
component: {
name: 'a-select',
options: [
{ value: 'cas.aliyuncs.com', label: '中国大陆' },
{ value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
{ value: 'cas.eu-central-1.aliyuncs.com', label: '德国(法兰克福)' },
],
},
required: true,
})
casEndpoint!: string;
@TaskInput({
title: 'Access授权',
helper: '阿里云授权AccessKeyId、AccessKeySecret',
component: {
name: 'access-selector',
type: 'aliyun',
},
required: true,
})
accessId!: string;
@TaskInput(
createRemoteSelectInputDefine({
title: 'CNAME站点',
helper: '请选择要部署证书的CNAME站点',
action: AliyunDeployCertToWaf.prototype.onGetCnameList.name,
watches: ['accessId', 'regionId'],
pager: true,
search: true,
})
)
cnameDomains!: string[];
@TaskInput({
title: 'TLS版本',
value: 'tlsv1.2',
component: {
name: 'a-select',
options: [
{ value: 'tlsv1', label: 'TLSv1' },
{ value: 'tlsv1.1', label: 'TLSv1.1' },
{ value: 'tlsv1.2', label: 'TLSv1.2' },
],
},
required: true,
})
tlsVersion!: string;
@TaskInput({
title: '启用TLSv3',
value: true,
component: {
name: 'a-switch',
vModel: 'checked',
},
required: true,
})
enableTLSv3!: boolean;
async onInstance() { }
async getWafClient(access: AliyunAccess) {
const client = new AliyunClient({ logger: this.logger });
await client.init({
accessKeyId: access.accessKeyId,
accessKeySecret: access.accessKeySecret,
//https://wafopenapi.cn-hangzhou.aliyuncs.com
endpoint: `https://wafopenapi.${this.regionId}.aliyuncs.com`,
apiVersion: '2021-10-01',
});
return client;
}
async getInstanceId(client: AliyunClient) {
const params = {
RegionId: 'cn-hangzhou',
};
const res = await client.request('DescribeInstance', params);
this.logger.info('获取实例ID', res.InstanceId);
return res.InstanceId;
}
async execute(): Promise<void> {
this.logger.info('开始部署证书到阿里云');
const access = await this.getAccess<AliyunAccess>(this.accessId);
let certId: any = this.cert;
if (typeof this.cert === 'object') {
const sslClient = new AliyunSslClient({
access,
logger: this.logger,
endpoint: this.casEndpoint,
});
const cert = this.cert as CertInfo;
const casCert = this.cert as CasCertInfo;
if (cert.crt) {
const certIdRes = await sslClient.uploadCertificate({
name: this.buildCertName(CertReader.getMainDomain(cert.crt)),
cert: cert,
});
certId = certIdRes.certId as any;
} else if (casCert.certId) {
certId = casCert.certId;
} else {
throw new Error('证书格式错误'+JSON.stringify(this.cert));
}
}
const client = await this.getWafClient(access);
const instanceId = await this.getInstanceId(client);
for (const siteDomain of this.cnameDomains) {
this.logger.info('开始部署', siteDomain);
const params = {
RegionId: this.regionId,
InstanceId: instanceId,
Domain: siteDomain,
};
const siteDetail = await client.request('DescribeDomainDetail', params);
this.logger.info('站点详情', JSON.stringify(siteDetail));
const listen = siteDetail.Listen;
if (!listen) {
throw new Error(`没有找到${siteDomain}的监听器`);
}
/**
* "HttpsPorts": [
* 443
* ],
* "CertId": "14738336-cn-hangzhou",
*/
const redirect = siteDetail.Redirect;
redirect.Backends = redirect.AllBackends;
listen.CertId = certId + '-' + this.regionId;
if (!listen.HttpsPorts || listen.HttpsPorts.length === 0) {
listen.HttpsPorts = [443];
}
const updateParams = {
InstanceId: instanceId,
RegionId: this.regionId,
Redirect: JSON.stringify(redirect),
Listen: JSON.stringify(listen),
Domain: siteDomain,
TLSVersion: this.tlsVersion || 'tlsv1.2',
EnableTLSv3: this.enableTLSv3 ?? true,
};
const res = await client.request('ModifyDomain', updateParams);
this.logger.info('部署成功', JSON.stringify(res));
}
}
async onGetCnameList(data: PageSearch) {
if (!this.accessId) {
throw new Error('请选择Access授权');
}
const access = await this.getAccess<AliyunAccess>(this.accessId);
const client = await this.getWafClient(access);
const pager = new Pager(data)
const instanceId = await this.getInstanceId(client);
const params: any = {
RegionId: this.regionId,
InstanceId: instanceId,
PageSize: pager.pageSize,
PageNumber: pager.pageNo,
};
if (data.searchKey) {
params.Domain = data.searchKey
}
const res = await client.request('DescribeDomains', params);
if (!res?.Domains || res?.Domains.length === 0) {
throw new Error('没有找到CNAME接入的域名站点');
}
const total = res.TotalCount;
const options = res.Domains.map((item: any) => {
return {
label: item.Domain,
value: item.Domain,
title: item.Domain,
domain: item.Domain,
};
});
const list = this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
// const list = [{value:"1",label:"1"},{value:"2",label:"2"}]
// const total = 120
return {
list,
total: total,
pageNo: pager.pageNo,
pageSize: pager.pageSize
};
}
}
new AliyunDeployCertToWaf();
export * from './deploy-to-waf-cname.js';
export * from './deploy-to-waf-cloud.js';
@@ -32,6 +32,27 @@ export class ApisixAccess extends BaseAccess {
})
apiKey = '';
@AccessInput({
title: '版本',
component: {
name:"a-select",
options: [
{
label: "v3.x",
value: "3",
},
{
label: "v2.x",
value: "2",
},
]
},
helper: "apisix系统的版本",
value:"3",
required: true,
})
version = '3';
@AccessInput({
title: "测试",
@@ -49,17 +70,24 @@ export class ApisixAccess extends BaseAccess {
}
async getCertList(){
const sslPath = this.getSslPath();
const req = {
url :"/apisix/admin/ssls",
url :`/apisix/admin/${sslPath}`,
method: "get",
}
return await this.doRequest(req);
}
getSslPath(){
const sslPath = this.version === '3' ? 'ssls' : 'ssl';
return sslPath;
}
async createCert(opts:{cert:CertInfo}){
const certReader = new CertReader(opts.cert)
const sslPath = this.getSslPath();
const req = {
url :"/apisix/admin/ssls",
url :`/apisix/admin/${sslPath}`,
method: "post",
data:{
cert: opts.cert.crt,
@@ -72,8 +100,9 @@ export class ApisixAccess extends BaseAccess {
async updateCert (opts:{cert:CertInfo,id:string}){
const certReader = new CertReader(opts.cert)
const sslPath = this.getSslPath();
const req = {
url :`/apisix/admin/ssls/${opts.id}`,
url :`/apisix/admin/${sslPath}/${opts.id}`,
method: "put",
data:{
cert: opts.cert.crt,
@@ -0,0 +1,268 @@
import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
import { DomainRecord } from '@certd/plugin-cert';
import { utils } from '@certd/basic';
import { PageRes, PageSearch } from '@certd/pipeline';
@IsAccess({
name: 'azure',
title: '微软云Azure授权',
desc: '',
icon: 'simple-icons:microsoftazure',
})
export class AzureAccess extends BaseAccess {
@AccessInput({
title: '订阅 ID',
component: {
placeholder: 'subscriptionId',
},
helper: 'Azure 订阅 ID',
required: true,
})
subscriptionId = '';
@AccessInput({
title: '资源组',
component: {
placeholder: 'resourceGroupName',
},
helper: 'DNS 区域所在的资源组名称',
required: true,
})
resourceGroupName = '';
@AccessInput({
title: '目录(租户) ID',
component: {
placeholder: 'tenantId',
},
helper: '目录(租户) ID',
required: true,
})
tenantId = '';
@AccessInput({
title: '应用程序ID',
component: {
placeholder: 'clientId',
},
helper: '应用程序(客户端) ID',
required: true,
})
clientId = '';
@AccessInput({
title: '客户端凭据',
component: {
placeholder: 'clientSecret',
},
required: true,
encrypt: true,
helper: '客户端凭据(机密)->客户端密码->新客户端密码->时间选长一点的->复制值',
})
clientSecret = '';
@AccessInput({
title: "测试",
component: {
name: "api-test",
action: "TestRequest"
},
helper: "测试授权是否正确"
})
testRequest = true;
async onTestRequest() {
this.ctx.logger.info('开始测试 Azure 认证...');
// 1. 先测试身份认证,获取访问令牌
const { ClientSecretCredential } = await import('@azure/identity');
const credential = new ClientSecretCredential(
this.tenantId,
this.clientId,
this.clientSecret
);
// 获取 Azure 管理 API 的访问令牌来验证凭据
this.ctx.logger.info('验证身份凭据...');
const token = await credential.getToken('https://management.azure.com/.default');
this.ctx.logger.info('身份认证成功!', token);
return "ok";
}
async getDnsManagementClient() {
const { DnsManagementClient } = await import('@azure/arm-dns');
const { ClientSecretCredential } = await import('@azure/identity');
const credential = new ClientSecretCredential(
this.tenantId,
this.clientId,
this.clientSecret
);
return new DnsManagementClient(credential, this.subscriptionId);
}
async listZones(): Promise<any[]> {
const client = await this.getDnsManagementClient();
const zones: any[] = [];
for await (const zone of client.zones.listByResourceGroup(this.resourceGroupName)) {
zones.push(zone);
}
return zones;
}
async getZoneId(domain: string): Promise<{ id: string; name: string }> {
const zones = await this.listZones();
const domainSuffix = domain.endsWith('.') ? domain : domain + '.';
const matchingZone = zones.find((zone: any) => {
const zoneName = zone.name.endsWith('.') ? zone.name : zone.name + '.';
return domainSuffix.endsWith(zoneName) || domainSuffix === zoneName;
});
if (!matchingZone) {
throw new Error(`找不到匹配的 DNS 区域: ${domain}`);
}
this.ctx.logger.info(`找到 DNS 区域: ${matchingZone.name}, ID: ${matchingZone.id}`);
return {
id: matchingZone.id.split('/').pop()!,
name: matchingZone.name,
};
}
async listZonesPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
const zones = await this.listZones();
let list = zones;
if (req.searchKey) {
list = list.filter((zone: any) => zone.name.includes(req.searchKey));
}
list = list.map((item: any) => ({
id: item.id.split('/').pop()!,
domain: item.name,
}));
return {
total: list.length,
list,
};
}
async createOrUpdateRecordSet(zoneName: string, recordType: string, relativeRecordSetName: string, value: string) {
const client = await this.getDnsManagementClient();
this.ctx.logger.info(`创建/更新记录集: ${relativeRecordSetName}.${zoneName}, 类型: ${recordType}, 值: ${value}`);
// 获取现有记录集
let existingRecordSet: any = null;
try {
existingRecordSet = await client.recordSets.get(
this.resourceGroupName,
zoneName,
relativeRecordSetName,
recordType as any
);
} catch (e) {
// 记录集不存在,这是正常的
}
let txtRecords: any[] = [];
if (existingRecordSet && existingRecordSet.txtRecords) {
txtRecords = [...existingRecordSet.txtRecords];
// 检查是否已存在相同的记录,避免重复
const exists = txtRecords.some(r => r.value && r.value.includes(value));
if (exists) {
this.ctx.logger.info(`记录值已存在,无需重复添加: ${value}`);
return existingRecordSet;
}
}
// 添加新记录
txtRecords.push({
value: [value]
});
const recordSet = await client.recordSets.createOrUpdate(
this.resourceGroupName,
zoneName,
relativeRecordSetName,
recordType as any,
{
ttl: 60,
txtRecords: txtRecords
}
);
await utils.sleep(3000);
return recordSet;
}
async deleteRecordSet(zoneName: string, recordType: string, relativeRecordSetName: string, value: string) {
const client = await this.getDnsManagementClient();
this.ctx.logger.info(`删除记录值: ${relativeRecordSetName}.${zoneName}, 类型: ${recordType}, 值: ${value}`);
try {
// 获取现有记录集
const existingRecordSet = await client.recordSets.get(
this.resourceGroupName,
zoneName,
relativeRecordSetName,
recordType as any
);
if (!existingRecordSet.txtRecords || existingRecordSet.txtRecords.length === 0) {
this.ctx.logger.info('记录集不存在或已为空,无需删除');
return;
}
// 过滤掉我们要删除的那个值
const filteredTxtRecords = existingRecordSet.txtRecords.filter((r: any) => {
return !(r.value && r.value.includes(value));
});
if (filteredTxtRecords.length === existingRecordSet.txtRecords.length) {
this.ctx.logger.info(`未找到要删除的记录值: ${value}`);
return;
}
if (filteredTxtRecords.length === 0) {
// 如果没有记录了,就删除整个记录集
this.ctx.logger.info('删除空记录集');
await client.recordSets.delete(
this.resourceGroupName,
zoneName,
relativeRecordSetName,
recordType as any
);
} else {
// 还有其他记录,只更新记录集,移除我们的值
this.ctx.logger.info(`更新记录集,移除指定值,剩余 ${filteredTxtRecords.length} 条记录`);
await client.recordSets.createOrUpdate(
this.resourceGroupName,
zoneName,
relativeRecordSetName,
recordType as any,
{
ttl: existingRecordSet.ttl,
txtRecords: filteredTxtRecords
}
);
}
} catch (e: any) {
this.ctx.logger.warn(`删除记录时出错: ${e.message}`);
}
}
}
new AzureAccess();
@@ -0,0 +1,63 @@
import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { AzureAccess } from './access.js';
import { PageRes, PageSearch } from '@certd/pipeline';
@IsDnsProvider({
name: 'azure-dns',
title: 'Azure DNS',
desc: 'Azure DNS 解析提供商',
accessType: 'azure',
icon: 'simple-icons:microsoftazure',
order: 1,
})
export class AzureDnsProvider extends AbstractDnsProvider {
access: AzureAccess;
async onInstance() {
this.access = this.ctx.access as AzureAccess;
}
async createRecord(options: CreateRecordOptions): Promise<any> {
const { fullRecord, value, type, domain } = options;
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
const zone = await this.access.getZoneId(domain);
this.logger.info(`获取到 DNS 区域: ${zone.name}, ID: ${zone.id}`);
const relativeRecordSetName = fullRecord.replace(`.${zone.name}`, '').replace(`.${zone.name.replace(/\.$/, '')}`, '');
await this.access.createOrUpdateRecordSet(zone.name, type, relativeRecordSetName, value);
return {
zoneId: zone.id,
zoneName: zone.name,
recordType: type,
relativeRecordSetName,
value: value,
};
}
async removeRecord(options: RemoveRecordOptions<any>): Promise<void> {
const { fullRecord, value: reqValue, type } = options.recordReq;
const record = options.recordRes;
if (!record) {
this.logger.warn('记录信息为空,不执行删除');
return;
}
try {
const value = record.value || reqValue;
await this.access.deleteRecordSet(record.zoneName, record.recordType, record.relativeRecordSetName, value);
this.logger.info(`删除域名解析成功:${fullRecord} ${value} ${type}`);
} catch (e: any) {
this.logger.warn(`删除域名解析失败:${e.message}`, );
}
}
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
return await this.access.listZonesPage(req);
}
}
new AzureDnsProvider();
@@ -0,0 +1,2 @@
export * from './access.js';
export * from './azure-dns-provider.js';
@@ -423,6 +423,7 @@ export class AcmeService {
signal: this.options.signal,
profile,
preferredChain,
waitDnsDiffuseTime: this.options.waitDnsDiffuseTime,
});
const crtString = crt.toString();
@@ -275,6 +275,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
mergeScript: `
return {
show: ctx.compute(({form})=>{
console.log("show",form)
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
@@ -1,7 +1,8 @@
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { DemoAccess } from './access.js';
import { PageRes, PageSearch } from '@certd/pipeline';
import { isDev } from '../../utils/env.js';
import { DemoAccess } from './access.js';
type DemoRecord = {
// 这里定义Record记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到id就行,用于删除txt解析记录,清理申请痕迹
@@ -16,7 +17,7 @@ type DemoRecord = {
icon: 'clarity:plugin-line',
// 这里是对应的云平台的access类型名称
accessType: 'demo',
order:99,
order: 99,
})
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
access!: DemoAccess;
@@ -74,6 +75,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
this.logger.info('删除域名解析成功:', fullRecord, value);
}
/**
*
* @param req
* @returns
*/
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
const res = await this.http.request({
// 请求接口获取域名列表
})
const list = []
// const list = res.Domains?.map(item => ({
// id: item.Id,
// domain: item.DomainName,
// })) || []
return {
list,
total: res.Total,
}
}
}
//TODO 实例化这个provider,将其自动注册到系统中
@@ -0,0 +1,281 @@
import { Pager, PageRes, PageSearch } from "@certd/pipeline";
import {
AbstractDnsProvider,
CreateRecordOptions,
DomainRecord,
IsDnsProvider,
RemoveRecordOptions,
} from "@certd/plugin-cert";
import { GoogleAccess } from "../plugin-cert/access/index.js";
// TODO: 接口待明确 - 需要确认Google Cloud DNS API的具体参数和返回值格式
export type GoogleCloudDnsRecord = {
name: string;
type: string;
ttl: number;
rrdatas: string[];
zoneId: string;
projectId: string;
};
@IsDnsProvider({
name: "google-cloud-dns",
title: "Google Cloud DNS",
desc: "Google Cloud DNS提供商",
icon: "flat-color-icons:google",
accessType: "google",
order: 50,
})
export class GoogleCloudDnsProvider extends AbstractDnsProvider<GoogleCloudDnsRecord> {
access!: GoogleAccess;
projectId!: string;
credentials!: any;
envHttpsProxy: string = "";
async onInstance() {
this.access = this.ctx.access as GoogleAccess;
if (!this.access.serviceAccountSecret) {
throw new Error("服务账号密钥不能为空");
}
this.credentials = JSON.parse(this.access.serviceAccountSecret);
this.projectId = this.credentials.project_id;
this.logger.debug("Google Cloud DNS Provider 初始化成功");
}
private async setupProxy() {
if (this.access.httpsProxy) {
this.envHttpsProxy = process.env.HTTPS_PROXY || "";
process.env.HTTPS_PROXY = this.access.httpsProxy;
}
}
private async restoreProxy() {
if (this.envHttpsProxy) {
process.env.HTTPS_PROXY = this.envHttpsProxy;
this.envHttpsProxy = "";
}
}
private async getGoogleDnsClient() {
const { DNS } = await import("@google-cloud/dns");
return new DNS({ credentials: this.credentials });
}
private async findManagedZone(domain: string): Promise<any> {
const dns = await this.getGoogleDnsClient();
const [zones] = await dns.getZones();
// 查找匹配的托管区域
const normalizedDomain = domain.endsWith(".") ? domain : domain + ".";
for (const zone of zones) {
const zoneDnsName = zone.metadata.dnsName;
if (normalizedDomain.endsWith(zoneDnsName) || zoneDnsName === normalizedDomain) {
return zone;
}
}
throw new Error(`未找到域名 ${domain} 对应的托管区域`);
}
private async getExistingRecord(zone: any, recordName: string, type: string): Promise<any> {
const [records] = await zone.getRecords({
name: recordName,
type: type,
});
return records.length > 0 ? records[0] : null;
}
// 去掉引号的辅助函数
private stripQuotes(str: string): string {
return str.replace(/^"|"$/g, "");
}
// 添加引号的辅助函数(如果没有的话)
private addQuotes(str: string): string {
if (str.startsWith('"') && str.endsWith('"')) {
return str;
}
return `"${str}"`;
}
// 比较值是否相等(忽略引号)
private valuesEqual(a: string, b: string): boolean {
return this.stripQuotes(a) === this.stripQuotes(b);
}
async createRecord(options: CreateRecordOptions): Promise<GoogleCloudDnsRecord> {
const { fullRecord, value, type, domain } = options;
this.logger.info("Google Cloud DNS: 添加解析记录", fullRecord, value, type, domain);
await this.setupProxy();
try {
const zone = await this.findManagedZone(domain);
const recordName = fullRecord.endsWith(".") ? fullRecord : fullRecord + ".";
// 检查是否已存在该记录集
const existingRecord = await this.getExistingRecord(zone, recordName, type);
let newRrdatas: string[];
let ttl: number;
if (existingRecord) {
// 记录已存在,追加新值
this.logger.info("Google Cloud DNS: 记录已存在,追加新值");
const existingRrdatas = existingRecord.metadata.rrdatas || [];
// 检查值是否已存在(忽略引号)
const valueExists = existingRrdatas.some((existing: string) =>
this.valuesEqual(existing, value)
);
if (valueExists) {
this.logger.info("Google Cloud DNS: 值已存在,无需重复添加", fullRecord, value);
return {
name: recordName,
type: type,
ttl: existingRecord.metadata.ttl,
rrdatas: existingRrdatas,
zoneId: zone.metadata.name,
projectId: this.projectId,
};
}
newRrdatas = [...existingRrdatas, this.addQuotes(value)];
ttl = existingRecord.metadata.ttl;
} else {
// 创建新记录,加上引号
newRrdatas = [this.addQuotes(value)];
ttl = 60;
}
const changeConfig: any = {};
// 如果存在旧记录,需要先删除
if (existingRecord) {
// 使用Record对象格式
changeConfig.delete = existingRecord;
}
// 创建新的Record对象
const newRecord = zone.record(type, {
name: recordName,
data: newRrdatas,
ttl: ttl,
});
changeConfig.add = newRecord;
await zone.createChange(changeConfig);
this.logger.info("Google Cloud DNS: 解析记录创建成功", fullRecord);
return {
name: recordName,
type: type,
ttl: ttl,
rrdatas: newRrdatas, // 已经包含引号了
zoneId: zone.metadata.name,
projectId: this.projectId,
};
} finally {
await this.restoreProxy();
}
}
async removeRecord(options: RemoveRecordOptions<GoogleCloudDnsRecord>): Promise<void> {
const { fullRecord, value } = options.recordReq;
const record = options.recordRes;
this.logger.info("Google Cloud DNS: 删除解析记录", fullRecord, value);
if (!record) {
this.logger.info("记录为空,不执行删除");
return;
}
await this.setupProxy();
try {
const dns = await this.getGoogleDnsClient();
const zone = dns.zone(record.zoneId);
const recordName = record.name;
// 先获取服务器最新的记录状态
const existingRecord = await this.getExistingRecord(zone, recordName, record.type);
if (!existingRecord) {
this.logger.info("Google Cloud DNS: 记录已不存在,无需删除", fullRecord);
return;
}
const currentRrdatas = existingRecord.metadata.rrdatas || [];
// 检查要删除的值是否存在(忽略引号)
const valueIndex = currentRrdatas.findIndex((existing: string) =>
this.valuesEqual(existing, value)
);
if (valueIndex === -1) {
this.logger.info("Google Cloud DNS: 要删除的值不存在", fullRecord, value);
return;
}
// 过滤掉要删除的值(精确匹配找到的那个,保持其他记录的原样)
const newRrdatas = currentRrdatas.filter((_: string, i: number) => i !== valueIndex);
const changeConfig: any = {
delete: existingRecord,
};
if (newRrdatas.length > 0) {
// 还有剩余值,添加更新后的记录
const newRecord = zone.record(record.type, {
name: recordName,
data: newRrdatas,
ttl: existingRecord.metadata.ttl,
});
changeConfig.add = newRecord;
this.logger.info("Google Cloud DNS: 记录值已移除,剩余值", fullRecord, newRrdatas);
} else {
this.logger.info("Google Cloud DNS: 记录集已删除(无剩余值)", fullRecord);
}
await zone.createChange(changeConfig);
} catch (error: any) {
this.logger.error("Google Cloud DNS: 删除解析记录失败", error.message);
// 即使删除失败也不抛出异常,避免影响整个证书申请流程
} finally {
await this.restoreProxy();
}
}
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
await this.setupProxy();
try {
const pager = new Pager(req);
const dns = await this.getGoogleDnsClient();
const [zones] = await dns.getZones({
maxResults: pager.pageSize,
pageToken: pager.pageNo > 1 ? String(pager.pageNo) : undefined,
});
const list: DomainRecord[] = zones.map((zone: any) => ({
id: zone.metadata.name,
domain: zone.metadata.dnsName.replace(/\.$/, ""), // 去掉结尾的点
}));
// 简单的搜索过滤
let filteredList = list;
if (req.searchKey) {
filteredList = list.filter((item) =>
item.domain.toLowerCase().includes(req.searchKey.toLowerCase())
);
}
return {
list: filteredList,
total: zones.length,
};
} finally {
await this.restoreProxy();
}
}
}
// 实例化插件
new GoogleCloudDnsProvider();
@@ -0,0 +1 @@
export * from "./dns-provider.js";
@@ -0,0 +1,172 @@
import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
/**
* HiPM DNSMgr Access
* 使 API Token Bearer Token
*/
@IsAccess({
name: 'hipmdnsmgr',
title: 'HiPM DNSMgr',
icon: 'svg:icon-dns',
desc: 'HiPM DNSMgr API Token 授权',
})
export class HipmDnsmgrAccess extends BaseAccess {
@AccessInput({
title: '服务器地址',
component: {
name: 'a-input',
allowClear: true,
placeholder: 'http://localhost:3001',
},
required: true,
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001',
})
endpoint = '';
@AccessInput({
title: 'API Token',
required: true,
encrypt: true,
helper: '在 DNSMgr 设置 > API Token 中创建的令牌',
})
apiToken = '';
@AccessInput({
title: '测试连接',
component: {
name: 'api-test',
action: 'TestRequest',
},
helper: '点击测试接口是否正常',
})
testRequest = true;
async onTestRequest() {
await this.getDomainList();
return '连接成功';
}
/**
*
*/
async getDomainList() {
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名列表`);
const resp = await this.doRequest({
method: 'GET',
path: '/domains',
params: {
page: 1,
pageSize: 100,
},
});
// DNSMgr 返回数组格式
return resp?.map((item: any) => ({
id: String(item.id),
domain: item.name,
...item,
})) || [];
}
/**
*
*/
async getDomainRecords(domainId: string, params?: { type?: string; subdomain?: string; value?: string }) {
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名记录列表:domainId=${domainId}`);
let path = `/domains/${domainId}/records?page=1&pageSize=100`;
if (params?.type) path += `&type=${encodeURIComponent(params.type)}`;
if (params?.subdomain) path += `&subdomain=${encodeURIComponent(params.subdomain)}`;
if (params?.value) path += `&value=${encodeURIComponent(params.value)}`;
const resp = await this.doRequest({
method: 'GET',
path,
});
return resp;
}
/**
* DNS
*/
async createDnsRecord(domainId: string, name: string, value: string, type: string) {
this.ctx.logger.info(`[HiPM DNSMgr] 创建DNS记录:${name} ${type} ${value}`);
const resp = await this.doRequest({
method: 'POST',
path: `/domains/${domainId}/records`,
data: {
name,
type,
value,
ttl: 600,
line: '0',
},
});
return resp;
}
/**
* DNS
*/
async deleteDnsRecord(domainId: string, recordId: string) {
this.ctx.logger.info(`[HiPM DNSMgr] 删除DNS记录:domainId=${domainId}, recordId=${recordId}`);
const resp = await this.doRequest({
method: 'DELETE',
path: `/domains/${domainId}/records/${recordId}`,
});
return resp;
}
/**
* HTTP
*/
async doRequest(req: { method: string; path: string; data?: any; params?: any }) {
// 处理 URL
let baseUrl = this.endpoint.trim();
baseUrl = baseUrl.replace(/\/$/, '');
baseUrl = baseUrl.replace(/\/api$/, '');
let url = `${baseUrl}/api${req.path}`;
// 添加查询参数
if (req.params) {
const searchParams = new URLSearchParams();
for (const [key, value] of Object.entries(req.params)) {
if (value !== undefined && value !== null && value !== '') {
searchParams.append(key, String(value));
}
}
const queryString = searchParams.toString();
if (queryString) {
url += `?${queryString}`;
}
}
this.ctx.logger.debug(`[HiPM DNSMgr] 请求: ${req.method} ${url}`);
const res = await this.ctx.http.request({
url,
method: req.method,
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${this.apiToken}`,
},
data: req.data,
});
this.ctx.logger.debug(`[HiPM DNSMgr] 响应:`, res);
// DNSMgr API 返回格式: { code: 0, data: ..., msg: ... }
if (res.code !== undefined && res.code !== 0) {
throw new Error(res.msg || '请求失败');
}
return res.data;
}
}
@@ -0,0 +1 @@
export * from './hipmdnsmgr-access.js';
@@ -0,0 +1,77 @@
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { HipmDnsmgrAccess } from '../access/hipmdnsmgr-access.js';
/**
* HiPM DNSMgr DNS Provider
* ACME DNS-01
*/
@IsDnsProvider({
name: 'hipmdnsmgr',
title: 'HiPM DNSMgr',
desc: 'HiPM DNSMgr DNS 解析提供商',
accessType: 'hipmdnsmgr',
icon: 'svg:icon-dns',
})
export class HipmDnsmgrDnsProvider extends AbstractDnsProvider<{ domainId: string; recordId: string; name: string; value: string }> {
access!: HipmDnsmgrAccess;
async onInstance() {
this.access = this.ctx.access as HipmDnsmgrAccess;
this.logger.debug('[HiPM DNSMgr] 初始化完成');
}
/**
* DNS ACME DNS-01
*/
async createRecord(options: CreateRecordOptions): Promise<any> {
const { fullRecord, hostRecord, value, type, domain } = options;
this.logger.info('[HiPM DNSMgr] 添加域名解析:', fullRecord, value, type, domain);
// 1. 获取域名列表,找到对应的域名 ID
const domainList = await this.access.getDomainList();
const domainInfo = domainList.find((item: any) => item.domain === domain);
if (!domainInfo) {
throw new Error(`[HiPM DNSMgr] 未找到域名:${domain}`);
}
const domainId = String(domainInfo.id);
this.logger.debug('[HiPM DNSMgr] 找到域名:', domain, 'ID:', domainId);
// 2. 创建 DNS 记录
const name = hostRecord; // 使用子域名,如 _acme-challenge
const res = await this.access.createDnsRecord(domainId, name, value, type);
this.logger.info('[HiPM DNSMgr] 添加域名解析成功:', JSON.stringify(options), res?.id);
// 返回记录信息,用于后续删除
return {
domainId,
recordId: res?.id,
name,
value,
};
}
/**
* DNS ACME
*/
async removeRecord(options: RemoveRecordOptions<{ domainId: string; recordId: string; name: string; value: string }>): Promise<void> {
const { fullRecord, value } = options.recordReq;
const record = options.recordRes;
this.logger.info('[HiPM DNSMgr] 删除域名解析:', fullRecord, value, record);
if (record && record.domainId && record.recordId) {
try {
await this.access.deleteDnsRecord(record.domainId, record.recordId);
this.logger.info('[HiPM DNSMgr] 删除域名解析成功:', fullRecord, value);
} catch (e: any) {
// 记录可能已经被删除,忽略错误
this.logger.warn('[HiPM DNSMgr] 删除域名解析失败(可能已不存在):', e.message);
}
} else {
this.logger.warn('[HiPM DNSMgr] 无法删除记录,缺少 domainId 或 recordId');
}
}
}
@@ -0,0 +1 @@
export * from './hipmdnsmgr-dns-provider.js';
@@ -0,0 +1,2 @@
export * from './access/index.js';
export * from './dns-provider/index.js';
@@ -82,7 +82,7 @@ export class SshAccess extends BaseAccess {
@AccessInput({
title: "伪终端",
helper: "如果登录报错:all authentication methods failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
helper: "如果登录报错:all authentication methods failed / unable to exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
component: {
name: "a-switch",
vModel: "checked",
@@ -208,7 +208,7 @@ export class AsyncSsh2Client {
let hasErrorLog = false;
stream
.on("close", (code: any, signal: any) => {
this.logger.info(`[${this.connConf.host}][close]:code:${code}`);
this.logger.info(`[${this.connConf.host}][close]:code=${code}`);
/**
* ]pipeline :[10.123.0.2][exec]:cd /d D:\nginx-1.27.5 && D:\nginx-1.27.5\nginx.exe -t && D:\nginx-1.27.5\nginx.exe -s reload
* [2025-07-09T10:24:11.219] [ERROR]pipeline - [10. 123.0. 2][error]: nginx: the configuration file D: \nginx-1.27. 5/conf/nginx. conf syntax is ok
@@ -279,7 +279,7 @@ export class AsyncSsh2Client {
}
stream
.on("close", (code: any) => {
this.logger.info("Stream :: close,code: " + code);
this.logger.info("Stream :: close,code = " + code);
resolve(output);
})
.on("data", (ret: Buffer) => {
@@ -126,12 +126,12 @@ export class NextTerminalAccess extends BaseAccess {
'Content-Type': 'application/json',
};
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${this.baseUrl}${req.url}`);
const baseUrl = this.normalizeEndpoint(this.baseUrl);
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${baseUrl}${req.url}`);
const resp = await this.ctx.http.request({
url: req.url,
baseURL: this.baseUrl,
baseURL: baseUrl,
method: req.method,
headers,
params: req.params,
@@ -0,0 +1,348 @@
name: NginxProxyManagerDeploy
icon: logos:nginx
title: Nginx Proxy Manager-部署到主机
group: panel
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
setting: null
sysSetting: null
type: custom
disabled: false
version: 1.0.0
pluginType: deploy
author: samler
input:
cert:
title: 域名证书
helper: 请选择前置任务产出的证书。
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 证书域名
component:
name: cert-domains-getter
mergeScript: |
return {
component: {
inputKey: ctx.compute(({ form }) => {
return form.cert;
}),
},
}
required: false
order: 0
accessId:
title: NPM授权
component:
name: access-selector
type: samler/nginxProxyManager
helper: 选择用于部署的 Nginx Proxy Manager 授权。
required: true
order: 0
proxyHostIds:
title: 代理主机
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetProxyHostOptions
search: true
pager: false
multi: true
watches:
- certDomains
- accessId
required: true
helper: 选择要绑定此证书的一个或多个代理主机。
mergeScript: |
return {
component: {
form: ctx.compute(({ form }) => {
return form;
}),
},
}
order: 0
certificateLabel:
title: 证书标识
component:
name: a-input
allowClear: true
placeholder: certd_npm_example_com
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>.
required: false
order: 0
cleanupMatchingCertificates:
title: 自动清理未使用证书
component:
name: a-switch
vModel: checked
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
required: false
order: 0
output: {}
default:
strategy:
runStrategy: 1
showRunStrategy: false
content: |
const { AbstractTaskPlugin } = await import("@certd/pipeline");
const { CertReader } = await import("@certd/plugin-cert");
function normalizeDomain(domain) {
return String(domain ?? "").trim().toLowerCase();
}
function wildcardMatches(pattern, candidate) {
if (!pattern.startsWith("*.")) {
return false;
}
const suffix = pattern.slice(1).toLowerCase();
return candidate.endsWith(suffix);
}
function isDomainMatch(left, right) {
const normalizedLeft = normalizeDomain(left);
const normalizedRight = normalizeDomain(right);
return (
normalizedLeft === normalizedRight ||
wildcardMatches(normalizedLeft, normalizedRight) ||
wildcardMatches(normalizedRight, normalizedLeft)
);
}
function normalizeDomainIdentity(domain) {
return normalizeDomain(domain).replace(/^\*\./, "");
}
function certificateHasBindings(certificate) {
return (
(certificate.proxy_hosts?.length ?? 0) > 0 ||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
(certificate.dead_hosts?.length ?? 0) > 0 ||
(certificate.streams?.length ?? 0) > 0
);
}
function sanitizeDomainSegment(value) {
const sanitized = String(value ?? "")
.trim()
.toLowerCase()
.replace(/[^a-z0-9]+/g, "_")
.replace(/^_+|_+$/g, "")
.replace(/_+/g, "_");
return sanitized || "unknown";
}
function buildDefaultCertificateLabel(cert) {
const mainDomain = CertReader.getMainDomain(cert.crt);
return `certd_npm_${sanitizeDomainSegment(mainDomain)}`;
}
function normalizeStringList(input) {
if (Array.isArray(input)) {
return input;
}
if (input == null || input === "") {
return [];
}
return [input];
}
function resolveCertificateDomains(cert, configuredDomains) {
const configured = normalizeStringList(configuredDomains)
.map((value) => String(value).trim())
.filter(Boolean);
if (configured.length > 0) {
return Array.from(new Set(configured));
}
return new CertReader(cert).getAllDomains();
}
function buildProxyHostLabel(host) {
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
return `${domains} <#${host.id}>`;
}
function hasAnyCertDomainMatch(host, certDomains) {
if (!certDomains.length) {
return false;
}
const hostDomains = host.domain_names ?? [];
return hostDomains.some((hostDomain) => certDomains.some((certDomain) => isDomainMatch(hostDomain, certDomain)));
}
function buildProxyHostOptions(hosts, certDomains) {
const sortedHosts = [...hosts].sort((left, right) => {
return buildProxyHostLabel(left).localeCompare(buildProxyHostLabel(right));
});
const matched = [];
const unmatched = [];
for (const host of sortedHosts) {
const option = {
label: buildProxyHostLabel(host),
value: String(host.id),
domain: host.domain_names?.[0] ?? "",
};
if (hasAnyCertDomainMatch(host, certDomains)) {
matched.push(option);
} else {
unmatched.push(option);
}
}
if (matched.length && unmatched.length) {
return [
{
label: "匹配证书域名的主机",
options: matched,
},
{
label: "其他代理主机",
options: unmatched,
},
];
}
return matched.length ? matched : unmatched;
}
function normalizeProxyHostIds(proxyHostIds) {
return Array.from(
new Set(
normalizeStringList(proxyHostIds)
.map((value) => Number.parseInt(String(value), 10))
.filter((value) => Number.isInteger(value) && value > 0),
),
);
}
return class NpmDeployToProxyHosts extends AbstractTaskPlugin {
cert;
certDomains;
accessId;
proxyHostIds;
certificateLabel;
cleanupMatchingCertificates = false;
async execute() {
const access = await this.getAccess(this.accessId);
const client = access.createClient();
const proxyHostIds = normalizeProxyHostIds(this.proxyHostIds);
if (proxyHostIds.length === 0) {
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
}
const certificateLabel = this.certificateLabel?.trim() || buildDefaultCertificateLabel(this.cert);
const certificateDomains = resolveCertificateDomains(this.cert, this.certDomains);
let certificate = await client.findCustomCertificateByNiceName(certificateLabel);
if (!certificate) {
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
certificate = await client.createCustomCertificate(certificateLabel, certificateDomains);
} else {
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
}
await client.uploadCertificate(certificate.id, {
certificate: this.cert.crt,
certificateKey: this.cert.key,
intermediateCertificate: this.cert.ic,
});
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
for (const proxyHostId of proxyHostIds) {
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
try {
await client.assignCertificateToProxyHost(proxyHostId, certificate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
}
}
if (this.cleanupMatchingCertificates === true) {
await this.cleanupOldCertificates(client, certificate.id);
}
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
}
async onGetProxyHostOptions(req = {}) {
if (!this.accessId) {
throw new Error("请先选择 Nginx Proxy Manager 授权");
}
const access = await this.getAccess(this.accessId);
const proxyHosts = await access.getProxyHostList(req);
return buildProxyHostOptions(proxyHosts, normalizeStringList(this.certDomains));
}
async cleanupOldCertificates(client, currentCertificateId) {
const certificates = await client.getCertificatesWithExpand(undefined, [
"proxy_hosts",
"redirection_hosts",
"dead_hosts",
"streams",
]);
const candidates = certificates.filter((certificate) => {
return certificate.id !== currentCertificateId;
});
if (candidates.length === 0) {
this.logger.info("未发现可自动清理的旧证书");
return;
}
const deletedIds = [];
const skippedInUse = [];
const failedDeletes = [];
for (const candidate of candidates) {
if (certificateHasBindings(candidate)) {
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
continue;
}
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
try {
await client.deleteCertificate(candidate.id);
deletedIds.push(candidate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
}
}
if (deletedIds.length > 0) {
this.logger.info(`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds.map((id) => `#${id}`).join(", ")}`);
} else {
this.logger.info("未删除任何旧证书");
}
if (skippedInUse.length > 0) {
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
}
if (failedDeletes.length > 0) {
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
}
}
};
@@ -0,0 +1,366 @@
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
import FormData from "form-data";
import { authenticator } from "otplib";
export interface ProxyHost {
id: number;
domain_names?: string[];
certificate_id?: number;
proxy_hosts?: unknown[];
redirection_hosts?: unknown[];
dead_hosts?: unknown[];
streams?: unknown[];
}
export interface Certificate {
id: number;
nice_name: string;
provider: string;
domain_names?: string[];
proxy_hosts?: unknown[];
redirection_hosts?: unknown[];
dead_hosts?: unknown[];
streams?: unknown[];
}
interface TokenResponse {
token?: string;
requires_2fa?: boolean;
challenge_token?: string;
}
@IsAccess({
name: "nginxProxyManager",
title: "Nginx Proxy Manager 授权",
desc: "用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。",
icon: "logos:nginx",
})
export class NginxProxyManagerAccess extends BaseAccess {
@AccessInput({
title: "NPM 地址",
component: {
name: "a-input",
allowClear: true,
placeholder: "https://npm.example.com",
},
helper: "请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。",
required: true,
})
endpoint = "";
@AccessInput({
title: "邮箱",
component: {
name: "a-input",
allowClear: true,
placeholder: "admin@example.com",
},
required: true,
})
email = "";
@AccessInput({
title: "密码",
component: {
name: "a-input-password",
allowClear: true,
placeholder: "请输入密码",
},
required: true,
encrypt: true,
})
password = "";
@AccessInput({
title: "TOTP 密钥",
component: {
name: "a-input-password",
allowClear: true,
placeholder: "Optional base32 TOTP secret",
},
helper: "当 Nginx Proxy Manager 账号开启 2FA 时必填。",
required: false,
encrypt: true,
})
totpSecret = "";
@AccessInput({
title: "忽略无效 TLS",
component: {
name: "a-switch",
vModel: "checked",
},
helper: "仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。",
required: false,
})
ignoreTls = false;
@AccessInput({
title: "测试",
component: {
name: "api-test",
action: "onTestRequest",
},
helper: "测试登录并拉取代理主机列表。",
})
testRequest = true;
private token: string | undefined;
private tokenPromise: Promise<string> | undefined;
normalizeEndpoint(endpoint: string): string {
const trimmed = String(endpoint ?? "").trim();
if (!trimmed) {
throw new Error("Nginx Proxy Manager 地址不能为空");
}
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
return withoutTrailingSlash.endsWith("/api")
? withoutTrailingSlash.slice(0, -4)
: withoutTrailingSlash;
}
private describeError(error: unknown, action: string): Error {
if (error instanceof Error) {
return new Error(`${action} failed: ${error.message}`);
}
return new Error(`${action} failed`);
}
private get apiBaseUrl(): string {
const endpoint = this.normalizeEndpoint(this.endpoint);
return `${endpoint}/api`;
}
async verifyAccess(): Promise<{ proxyHostCount: number }> {
const proxyHosts = await this.getProxyHosts();
return {
proxyHostCount: proxyHosts.length,
};
}
async getProxyHosts(searchQuery?: string): Promise<ProxyHost[]> {
return await this.requestWithAuth<ProxyHost[]>({
method: "GET",
url: "/nginx/proxy-hosts",
params: {
expand: "certificate",
...(searchQuery ? { query: searchQuery } : {}),
},
});
}
async getCertificates(searchQuery?: string): Promise<Certificate[]> {
return await this.requestWithAuth<Certificate[]>({
method: "GET",
url: "/nginx/certificates",
params: searchQuery ? { query: searchQuery } : undefined,
});
}
async getCertificatesWithExpand(
searchQuery?: string,
expand: string[] = []
): Promise<Certificate[]> {
return await this.requestWithAuth<Certificate[]>({
method: "GET",
url: "/nginx/certificates",
params: {
...(searchQuery ? { query: searchQuery } : {}),
...(expand.length > 0 ? { expand: expand.join(", ") } : {}),
},
});
}
async findCustomCertificateByNiceName(niceName: string): Promise<Certificate | undefined> {
const certificates = await this.getCertificates(niceName);
return certificates.find((certificate) => {
return certificate.provider === "other" && certificate.nice_name === niceName;
});
}
async createCustomCertificate(
niceName: string,
domainNames: string[] = []
): Promise<Certificate> {
return await this.requestWithAuth<Certificate>({
method: "POST",
url: "/nginx/certificates",
data: {
provider: "other",
nice_name: niceName,
domain_names: domainNames,
},
});
}
async deleteCertificate(certificateId: number): Promise<void> {
await this.requestWithAuth<void>({
method: "DELETE",
url: `/nginx/certificates/${certificateId}`,
});
}
async uploadCertificate(
certificateId: number,
payload: {
certificate: string;
certificateKey: string;
intermediateCertificate?: string;
}
): Promise<void> {
const form = new FormData();
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
filename: "fullchain.pem",
contentType: "application/x-pem-file",
});
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
filename: "privkey.pem",
contentType: "application/x-pem-file",
});
if (payload.intermediateCertificate) {
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
filename: "chain.pem",
contentType: "application/x-pem-file",
});
}
await this.requestWithAuth<void>({
method: "POST",
url: `/nginx/certificates/${certificateId}/upload`,
data: form,
headers: form.getHeaders(),
});
}
async assignCertificateToProxyHost(hostId: number, certificateId: number): Promise<void> {
await this.requestWithAuth<void>({
method: "PUT",
url: `/nginx/proxy-hosts/${hostId}`,
data: {
certificate_id: certificateId,
},
});
}
private async login(): Promise<string> {
if (this.token) {
return this.token;
}
if (!this.tokenPromise) {
this.tokenPromise = this.performLogin().finally(() => {
this.tokenPromise = undefined;
});
}
this.token = await this.tokenPromise;
return this.token;
}
private async performLogin(): Promise<string> {
const initialLogin = await this.request<TokenResponse>({
method: "POST",
url: "/tokens",
data: {
identity: this.email,
secret: this.password,
},
});
if (initialLogin.token) {
return initialLogin.token;
}
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
}
if (!this.totpSecret) {
throw new Error(
"登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret"
);
}
let code: string;
try {
code = authenticator.generate(this.totpSecret);
} catch (error) {
throw this.describeError(error, "Generating TOTP code");
}
const completedLogin = await this.request<TokenResponse>({
method: "POST",
url: "/tokens/2fa",
data: {
challenge_token: initialLogin.challenge_token,
code,
},
});
if (!completedLogin.token) {
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
}
return completedLogin.token;
}
private async requestWithAuth<T>(config: {
method: string;
url: string;
params?: Record<string, unknown>;
data?: unknown;
headers?: Record<string, string>;
}): Promise<T> {
const token = await this.login();
const headers = {
...(config.headers ?? {}),
Authorization: `Bearer ${token}`,
};
return await this.request<T>({
...config,
headers,
});
}
private async request<T>(config: {
method: string;
url: string;
params?: Record<string, unknown>;
data?: unknown;
headers?: Record<string, string>;
}): Promise<T> {
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
try {
const response = await this.ctx.http.request({
url: `${this.apiBaseUrl}${config.url}`,
method: config.method,
params: config.params,
data: config.data,
headers: config.headers,
timeout: 30000,
httpsAgent: this.ignoreTls ? {
rejectUnauthorized: false
} : undefined,
});
return response;
} catch (error) {
throw this.describeError(error, action);
}
}
async onTestRequest(): Promise<string> {
const result = await this.verifyAccess();
this.ctx.logger.info(
`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`
);
return `成功(${result.proxyHostCount} 个代理主机)`;
}
async getProxyHostList(req: { searchKey?: string } = {}): Promise<ProxyHost[]> {
return await this.getProxyHosts(req.searchKey);
}
}
new NginxProxyManagerAccess();
@@ -0,0 +1,2 @@
export * from "./plugins/index.js";
export * from "./access.js";
@@ -0,0 +1,344 @@
name: nginxProxyManager
icon: logos:nginx
title: Nginx Proxy Manager 授权
group: null
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
setting: null
sysSetting: null
type: custom
disabled: false
version: 1.0.0
pluginType: access
author: samler
input:
endpoint:
title: NPM 地址
component:
name: a-input
allowClear: true
placeholder: https://npm.example.com
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
required: true
email:
title: 邮箱
component:
name: a-input
allowClear: true
placeholder: admin@example.com
required: true
password:
title: 密码
component:
name: a-input-password
allowClear: true
placeholder: 请输入密码
required: true
encrypt: true
totpSecret:
title: TOTP 密钥
component:
name: a-input-password
allowClear: true
placeholder: Optional base32 TOTP secret
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
required: false
encrypt: true
ignoreTls:
title: 忽略无效 TLS
component:
name: a-switch
vModel: checked
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
required: false
testRequest:
title: 测试
component:
name: api-test
action: TestRequest
helper: 测试登录并拉取代理主机列表。
content: |
const { BaseAccess } = await import("@certd/pipeline");
const httpsModule = await import("node:https");
const { URL } = await import("node:url");
const axiosModule = await import("axios");
const formDataModule = await import("form-data");
const { authenticator } = await import("otplib");
const https = httpsModule.default ?? httpsModule;
const axios = axiosModule.default ?? axiosModule;
const FormData = formDataModule.default ?? formDataModule;
function normalizeEndpoint(endpoint) {
const trimmed = String(endpoint ?? "").trim();
if (!trimmed) {
throw new Error("Nginx Proxy Manager 地址不能为空");
}
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
return withoutTrailingSlash.endsWith("/api")
? withoutTrailingSlash.slice(0, -4)
: withoutTrailingSlash;
}
function buildHttpsAgent(endpoint, ignoreTls) {
const url = new URL(endpoint);
if (url.protocol !== "https:") {
return undefined;
}
return new https.Agent({
rejectUnauthorized: !ignoreTls,
});
}
function describeError(error, action) {
if (axios.isAxiosError(error)) {
const status = error.response?.status;
const data = error.response?.data;
const message =
data?.error?.message ||
data?.error ||
data?.message ||
(typeof data === "string" ? data : null) ||
error.message;
return new Error(`${action} failed${status ? ` (${status})` : ""}: ${message}`);
}
if (error instanceof Error) {
return new Error(`${action} failed: ${error.message}`);
}
return new Error(`${action} failed`);
}
class NginxProxyManagerClient {
constructor(options) {
this.options = options;
this.endpoint = normalizeEndpoint(options.endpoint);
this.apiBaseUrl = `${this.endpoint}/api`;
this.token = undefined;
this.tokenPromise = undefined;
this.httpClient = axios.create({
baseURL: this.apiBaseUrl,
timeout: 30000,
maxBodyLength: Infinity,
maxContentLength: Infinity,
httpsAgent: buildHttpsAgent(this.endpoint, options.ignoreTls === true),
headers: {
Accept: "application/json",
},
});
}
async verifyAccess() {
const proxyHosts = await this.getProxyHosts();
return {
proxyHostCount: proxyHosts.length,
};
}
async getProxyHosts(searchQuery) {
return await this.requestWithAuth({
method: "GET",
url: "/nginx/proxy-hosts",
params: {
expand: "certificate",
...(searchQuery ? { query: searchQuery } : {}),
},
});
}
async getCertificates(searchQuery) {
return await this.requestWithAuth({
method: "GET",
url: "/nginx/certificates",
params: searchQuery ? { query: searchQuery } : undefined,
});
}
async getCertificatesWithExpand(searchQuery, expand = []) {
return await this.requestWithAuth({
method: "GET",
url: "/nginx/certificates",
params: {
...(searchQuery ? { query: searchQuery } : {}),
...(expand.length > 0 ? { expand: expand.join(",") } : {}),
},
});
}
async findCustomCertificateByNiceName(niceName) {
const certificates = await this.getCertificates(niceName);
return certificates.find((certificate) => {
return certificate.provider === "other" && certificate.nice_name === niceName;
});
}
async createCustomCertificate(niceName, domainNames = []) {
return await this.requestWithAuth({
method: "POST",
url: "/nginx/certificates",
data: {
provider: "other",
nice_name: niceName,
domain_names: domainNames,
},
});
}
async deleteCertificate(certificateId) {
await this.requestWithAuth({
method: "DELETE",
url: `/nginx/certificates/${certificateId}`,
});
}
async uploadCertificate(certificateId, payload) {
const form = new FormData();
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
filename: "fullchain.pem",
contentType: "application/x-pem-file",
});
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
filename: "privkey.pem",
contentType: "application/x-pem-file",
});
if (payload.intermediateCertificate) {
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
filename: "chain.pem",
contentType: "application/x-pem-file",
});
}
await this.requestWithAuth({
method: "POST",
url: `/nginx/certificates/${certificateId}/upload`,
data: form,
headers: form.getHeaders(),
});
}
async assignCertificateToProxyHost(hostId, certificateId) {
await this.requestWithAuth({
method: "PUT",
url: `/nginx/proxy-hosts/${hostId}`,
data: {
certificate_id: certificateId,
},
});
}
async login() {
if (this.token) {
return this.token;
}
if (!this.tokenPromise) {
this.tokenPromise = this.performLogin().finally(() => {
this.tokenPromise = undefined;
});
}
this.token = await this.tokenPromise;
return this.token;
}
async performLogin() {
const initialLogin = await this.request({
method: "POST",
url: "/tokens",
data: {
identity: this.options.email,
secret: this.options.password,
},
});
if (initialLogin.token) {
return initialLogin.token;
}
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
}
if (!this.options.totpSecret) {
throw new Error("登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret");
}
let code;
try {
code = authenticator.generate(this.options.totpSecret);
} catch (error) {
throw describeError(error, "Generating TOTP code");
}
const completedLogin = await this.request({
method: "POST",
url: "/tokens/2fa",
data: {
challenge_token: initialLogin.challenge_token,
code,
},
});
if (!completedLogin.token) {
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
}
return completedLogin.token;
}
async requestWithAuth(config) {
const token = await this.login();
const headers = {
...(config.headers ?? {}),
Authorization: `Bearer ${token}`,
};
return await this.request({
...config,
headers,
});
}
async request(config) {
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
try {
const response = await this.httpClient.request(config);
return response.data;
} catch (error) {
throw describeError(error, action);
}
}
}
return class NginxProxyManagerAccess extends BaseAccess {
endpoint = "";
email = "";
password = "";
totpSecret = "";
ignoreTls = false;
testRequest = true;
createClient() {
return new NginxProxyManagerClient({
endpoint: this.endpoint,
email: this.email,
password: this.password,
totpSecret: this.totpSecret || undefined,
ignoreTls: this.ignoreTls === true,
});
}
async onTestRequest() {
const client = this.createClient();
const result = await client.verifyAccess();
this.ctx.logger.info(`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`);
return `成功(${result.proxyHostCount} 个代理主机)`;
}
async getProxyHostList(req = {}) {
const client = this.createClient();
return await client.getProxyHosts(req.searchKey);
}
};
@@ -0,0 +1 @@
export * from "./plugin-deploy-to-proxy-hosts.js";
@@ -0,0 +1,343 @@
import {
AbstractTaskPlugin,
IsTaskPlugin,
pluginGroups,
RunStrategy,
TaskInput,
} from "@certd/pipeline";
import { CertInfo, CertReader, createCertDomainGetterInputDefine } from "@certd/plugin-cert";
import { NginxProxyManagerAccess, ProxyHost } from "../access.js";
interface ProxyHostOption {
label: string;
value: string;
domain: string;
}
@IsTaskPlugin({
name: "NginxProxyManagerDeploy",
title: "Nginx Proxy Manager-部署到主机",
desc: "上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。",
icon: "logos:nginx",
group: pluginGroups.panel.key,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
@TaskInput({
title: "域名证书",
helper: "请选择前置任务产出的证书。",
component: {
name: "output-selector",
from: [":cert:"],
},
required: true,
})
cert!: CertInfo;
@TaskInput(createCertDomainGetterInputDefine())
certDomains!: string[];
@TaskInput({
title: "NPM授权",
component: {
name: "access-selector",
type: "nginxProxyManager",
},
helper: "选择用于部署的 Nginx Proxy Manager 授权。",
required: true,
})
accessId!: string;
@TaskInput({
title: "代理主机",
component: {
name: "remote-select",
vModel: "value",
mode: "tags",
type: "plugin",
action: "onGetProxyHostOptions",
search: true,
pager: false,
multi: true,
watches: ["certDomains", "accessId"],
},
helper: "选择要绑定此证书的一个或多个代理主机。",
required: true,
})
proxyHostIds!: string | string[];
@TaskInput({
title: "证书标识",
component: {
name: "a-input",
allowClear: true,
placeholder: "certd_npm_example_com",
},
helper: "可选。留空时默认使用 certd_npm_<主域名规范化>。",
required: false,
})
certificateLabel?: string;
@TaskInput({
title: "自动清理未使用证书",
component: {
name: "a-switch",
vModel: "checked",
},
helper: "部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。",
required: false,
})
cleanupMatchingCertificates = false;
private normalizeDomain(domain: string): string {
return String(domain ?? "").trim().toLowerCase();
}
private wildcardMatches(pattern: string, candidate: string): boolean {
if (!pattern.startsWith("*.")) {
return false;
}
const suffix = pattern.slice(1).toLowerCase();
return candidate.endsWith(suffix);
}
private isDomainMatch(left: string, right: string): boolean {
const normalizedLeft = this.normalizeDomain(left);
const normalizedRight = this.normalizeDomain(right);
return (
normalizedLeft === normalizedRight ||
this.wildcardMatches(normalizedLeft, normalizedRight) ||
this.wildcardMatches(normalizedRight, normalizedLeft)
);
}
private sanitizeDomainSegment(value: string): string {
const sanitized = String(value ?? "")
.trim()
.toLowerCase()
.replace(/[^a-z0-9]+/g, "_")
.replace(/^_+|_+$/g, "")
.replace(/_+/g, "_");
return sanitized || "unknown";
}
private buildDefaultCertificateLabel(cert: CertInfo): string {
const mainDomain = CertReader.getMainDomain(cert.crt);
return `certd_npm_${this.sanitizeDomainSegment(mainDomain)}`;
}
private normalizeStringList(input: string | string[] | null | undefined): string[] {
if (Array.isArray(input)) {
return input;
}
if (input == null || input === "") {
return [];
}
return [input];
}
private resolveCertificateDomains(cert: CertInfo, configuredDomains: string | string[] | null | undefined): string[] {
const configured = this.normalizeStringList(configuredDomains)
.map((value) => String(value).trim())
.filter(Boolean);
if (configured.length > 0) {
return Array.from(new Set(configured));
}
return new CertReader(cert).getAllDomains();
}
private buildProxyHostLabel(host: ProxyHost): string {
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
return `${domains} <#${host.id}>`;
}
private hasAnyCertDomainMatch(host: ProxyHost, certDomains: string[]): boolean {
if (!certDomains.length) {
return false;
}
const hostDomains = host.domain_names ?? [];
return hostDomains.some((hostDomain) =>
certDomains.some((certDomain) => this.isDomainMatch(hostDomain, certDomain))
);
}
private buildProxyHostOptions(hosts: ProxyHost[], certDomains: string[]) {
const sortedHosts = [...hosts].sort((left, right) => {
return this.buildProxyHostLabel(left).localeCompare(this.buildProxyHostLabel(right));
});
const matched: { label: string; value: string; domain: string }[] = [];
const unmatched: { label: string; value: string; domain: string }[] = [];
for (const host of sortedHosts) {
const option = {
label: this.buildProxyHostLabel(host),
value: String(host.id),
domain: host.domain_names?.[0] ?? "",
};
if (this.hasAnyCertDomainMatch(host, certDomains)) {
matched.push(option);
} else {
unmatched.push(option);
}
}
if (matched.length && unmatched.length) {
return [
{
label: "匹配证书域名的主机",
options: matched,
},
{
label: "其他代理主机",
options: unmatched,
},
];
}
return matched.length ? matched : unmatched;
}
private normalizeProxyHostIds(proxyHostIds: string | string[] | number | null | undefined): number[] {
return Array.from(
new Set(
this.normalizeStringList(proxyHostIds as string | string[] | null | undefined)
.map((value) => Number.parseInt(String(value), 10))
.filter((value) => Number.isInteger(value) && value > 0)
)
);
}
private certificateHasBindings(certificate: { proxy_hosts?: unknown[]; redirection_hosts?: unknown[]; dead_hosts?: unknown[]; streams?: unknown[] }): boolean {
return (
(certificate.proxy_hosts?.length ?? 0) > 0 ||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
(certificate.dead_hosts?.length ?? 0) > 0 ||
(certificate.streams?.length ?? 0) > 0
);
}
async execute(): Promise<void> {
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
const proxyHostIds = this.normalizeProxyHostIds(this.proxyHostIds);
if (proxyHostIds.length === 0) {
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
}
const certificateLabel =
this.certificateLabel?.trim() || this.buildDefaultCertificateLabel(this.cert);
const certificateDomains = this.resolveCertificateDomains(this.cert, this.certDomains);
let certificate = await access.findCustomCertificateByNiceName(certificateLabel);
if (!certificate) {
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
certificate = await access.createCustomCertificate(certificateLabel, certificateDomains);
} else {
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
}
await access.uploadCertificate(certificate.id, {
certificate: this.cert.crt,
certificateKey: this.cert.key,
intermediateCertificate: this.cert.ic,
});
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
for (const proxyHostId of proxyHostIds) {
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
try {
await access.assignCertificateToProxyHost(proxyHostId, certificate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
}
}
if (this.cleanupMatchingCertificates === true) {
await this.cleanupOldCertificates(access, certificate.id);
}
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
}
async onGetProxyHostOptions(req: { searchKey?: string } = {}): Promise<ProxyHostOption[] | { label: string; options: ProxyHostOption[] }[]> {
if (!this.accessId) {
throw new Error("请先选择 Nginx Proxy Manager 授权");
}
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
const proxyHosts = await access.getProxyHostList(req);
return this.buildProxyHostOptions(proxyHosts, this.normalizeStringList(this.certDomains));
}
private async cleanupOldCertificates(access: NginxProxyManagerAccess, currentCertificateId: number): Promise<void> {
const certificates = await access.getCertificatesWithExpand(undefined, [
"proxy_hosts",
"redirection_hosts",
"dead_hosts",
"streams",
]);
const candidates = certificates.filter((certificate) => {
return certificate.id !== currentCertificateId;
});
if (candidates.length === 0) {
this.logger.info("未发现可自动清理的旧证书");
return;
}
const deletedIds: number[] = [];
const skippedInUse: string[] = [];
const failedDeletes: string[] = [];
for (const candidate of candidates) {
if (this.certificateHasBindings(candidate)) {
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
continue;
}
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
try {
await access.deleteCertificate(candidate.id);
deletedIds.push(candidate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
}
}
if (deletedIds.length > 0) {
this.logger.info(
`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds
.map((id) => `#${id}`)
.join(", ")}`
);
} else {
this.logger.info("未删除任何旧证书");
}
if (skippedInUse.length > 0) {
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
}
if (failedDeletes.length > 0) {
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
}
}
}
new NginxProxyManagerDeploy();
File diff suppressed because it is too large Load Diff
@@ -0,0 +1,182 @@
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
import { DomainRecord } from '@certd/plugin-lib';
/**
* Technitium DNS Server
*/
@IsAccess({
name: 'technitium',
title: 'Technitium DNS Server',
icon: 'clarity:server-line',
desc: 'Technitium DNS Server 自建DNS服务器授权',
})
export class TechnitiumAccess extends BaseAccess {
/**
* API地址
*/
@AccessInput({
title: 'API地址',
value: 'http://localhost:5380',
component: {
name: "a-input",
allowClear: true,
placeholder: 'http://localhost:5380',
},
required: true,
})
apiUrl = 'http://localhost:5380';
/**
*
*/
@AccessInput({
title: '用户名',
component: {
name: "a-input",
allowClear: true,
placeholder: 'admin',
},
required: false,
})
username = 'admin';
/**
*
*/
@AccessInput({
title: '密码',
component: {
name: "a-input",
type: "password",
allowClear: true,
placeholder: '密码',
},
required: false,
encrypt: true,
})
password = '';
/**
*
*/
@AccessInput({
title: "测试",
component: {
name: "api-test",
action: "TestRequest"
},
helper: "点击测试接口是否正常"
})
testRequest = true;
token = '';
/**
* API调用方法
*/
async doRequest(options: { url: string; method: 'get' | 'post'; params?: URLSearchParams }) {
// 每次请求前都获取最新的token
if (!options.url.includes('/api/user/login')) {
await this.getToken();
}
// 复制参数并添加token
const params = new URLSearchParams(options.params || '');
if (this.token && !options.url.includes('/api/user/login')) {
params.append('token', this.token);
}
let fullUrl = options.url;
if (params.toString()) {
fullUrl = `${options.url}?${params.toString()}`;
}
const response = await this.ctx.http.request({
url: fullUrl,
method: options.method,
});
if (response.status !== 'ok') {
throw new Error(`${response.errorMessage || 'API调用失败'}`);
}
return response;
}
/**
* API连接
*/
async onTestRequest() {
// 测试获取区域列表
await this.GetDomainList({});
return "连接成功";
}
/**
*
*/
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
const pager = new Pager(req);
// 规范API地址
this.apiUrl = this.normalizeEndpoint(this.apiUrl);
// 构建API URL
const apiUrl = `${this.apiUrl}/api/zones/list`;
// 构建查询参数
const params = new URLSearchParams();
// 调用API获取区域列表
const response = await this.doRequest({ url: apiUrl, method: 'get', params: params });
const zones = response.response.zones || [];
const total = zones.length;
// 转换为DomainRecord格式
let list = zones.map((zone: any) => ({
id: zone.name,
domain: zone.name,
}));
// 应用分页
list = list.slice(pager.getOffset(), pager.getOffset() + pager.pageSize);
return {
total,
list
};
}
/**
* API Token
*/
async getToken() {
const apiUrl = `${this.apiUrl}/api/user/login`;
const params = new URLSearchParams({
user: this.username,
pass: this.password,
});
// 直接使用ctx.http.request,避免递归调用doRequest
const response = await this.ctx.http.request({
url: `${apiUrl}?${params.toString()}`,
method: 'post',
});
if (response.status !== 'ok') {
throw new Error(`登录失败: ${response.errorMessage || '未知错误'}`);
}
this.token = response.token;
return this.token;
}
}

Some files were not shown because too many files have changed in this diff Show More