Compare commits

...

16 Commits

Author SHA1 Message Date
xiaojunnuo 7808d028e9 v1.42.1 2026-07-07 00:20:58 +08:00
xiaojunnuo 04bcf73b8b build: prepare to build 2026-07-07 00:18:40 +08:00
xiaojunnuo 1f8179d519 build: prepare to build 2026-07-07 00:14:50 +08:00
xiaojunnuo 3ffd8946f8 Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev 2026-07-07 00:12:46 +08:00
xiaojunnuo c78898e4c1 perf(certd-server): 使用 jks-go转换jks证书,大幅精简镜像大小 2026-07-07 00:12:37 +08:00
xiaojunnuo d3e4677ea4 perf(pipeline): 将默认历史保留条数从30调整为100
统一修改所有新建流水线场景下的默认keepHistoryCount配置,提升历史记录留存数量
2026-07-06 19:56:54 +08:00
xiaojunnuo d176f9cc0e fix: 修复多域名无法使用passkey登录的bug 2026-07-06 14:34:05 +08:00
xiaojunnuo a65366bbe1 fix: 修复企业模式下登录报projectId不能为空的问题 2026-07-06 13:52:56 +08:00
xiaojunnuo 20cfe74b17 build: release 2026-07-05 21:41:50 +08:00
xiaojunnuo b74db81304 fix(login): 修复输入法 composing 状态下回车触发提交的问题
优化登录页面的回车提交逻辑,避免中文输入法输入过程中按回车误触发表单提交
2026-07-05 21:37:09 +08:00
xiaojunnuo a8adbda04a refactor(runtime-deps): 调整依赖相关类为单例并修复相关逻辑
1. 将NpmRegistryResolver和RuntimeDepsService从请求作用域改为单例作用域
2. 为RuntimeDepsService的安装缓存添加node_modules存在性校验
3. 优化锁文件删除逻辑,处理Windows下文件句柄未立即释放的问题
4. 跳过并修复了清理运行时依赖目录的测试用例
2026-07-05 20:30:00 +08:00
xiaojunnuo 3e80d30ca6 chore: 调整dockerfile 2026-07-05 19:51:08 +08:00
xiaojunnuo 2eb54d50a5 chore(certd-server): adjust dependency installation and docker build steps
调整了依赖包的安装位置,将cross-env和mwtsc移到devDependencies,同时修改Dockerfile中的安装命令:先安装完整依赖构建,再清理非生产依赖,并在最终镜像中仅安装生产依赖
2026-07-05 19:45:49 +08:00
xiaojunnuo 6995308c17 build(certd-server): 调整cross-env依赖的安装位置
将cross-env从devDependencies移动到dependencies中,统一管理运行时依赖
2026-07-05 19:36:41 +08:00
xiaojunnuo 0738d120ae build: publish 2026-07-05 19:31:22 +08:00
xiaojunnuo bad6879589 build: trigger build image 2026-07-05 19:31:10 +08:00
49 changed files with 327 additions and 615 deletions
+13
View File
@@ -3,6 +3,19 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
+28
View File
@@ -3,6 +3,34 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
* 修复jdk证书格式的问题 ([260f5ae](https://github.com/certd/certd/commit/260f5ae777b83493b0c578fe30fd00ec0c873226))
* 修复telegram - 符号转义问题 ([d5882f1](https://github.com/certd/certd/commit/d5882f16bedb09baf09ace92049b02872620f5dc))
* **aliyun:** 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug ([1ae185d](https://github.com/certd/certd/commit/1ae185d0bc356f4678bc38ca0582ce3396f82ebe))
### Features
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
### Performance Improvements
* 阿里云ESA证书部署支持SaaS模式 ([82276b5](https://github.com/certd/certd/commit/82276b53a8474a18a3d0237050907c994fc748f0))
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
* 火山引擎点播插件支持部署到自定义源站域名 ([095791c](https://github.com/certd/certd/commit/095791cdc2b7c1f4b913b634643afec5e30fe9b0))
* 基础镜像改成node:22-trixie-slim,对网络兼容性更好 ([c66a2bd](https://github.com/certd/certd/commit/c66a2bd77ab6dbb3e3fe2c00562b66287a9429ea))
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
* 优化阿里云API网关增加翻页查询 ([ed58ae3](https://github.com/certd/certd/commit/ed58ae3c5339e4a0238a92acfe7ea6d2f566ea28))
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
* 优化ACME账号字段的选择提示 ([bfd3cac](https://github.com/certd/certd/commit/bfd3cacc687fc5cbc3cb2ca3cadbc140de300dc2))
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
* **cert-plugin:** 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 ([56e5524](https://github.com/certd/certd/commit/56e5524a0f4af3645d70bc3b3ec750b45ba8de10))
* dns默认ipv4first ([194463b](https://github.com/certd/certd/commit/194463bea9e797315aa7a724f4b2930701570419))
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
* **plugin:** 在线插件编辑支持配置第三方依赖和插件依赖 ([635f069](https://github.com/certd/certd/commit/635f069012d4193cfb7cb051c96e28eec1247ca2))
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
### Bug Fixes
+1 -1
View File
@@ -9,5 +9,5 @@
}
},
"npmClient": "pnpm",
"version": "1.42.0"
"version": "1.42.1"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/publishlab/node-acme-client/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/acme-client
# [1.42.0](https://github.com/publishlab/node-acme-client/compare/v1.41.4...v1.42.0) (2026-07-05)
### Performance Improvements
-518
View File
@@ -1,518 +0,0 @@
## Classes
<dl>
<dt><a href="#AcmeClient">AcmeClient</a></dt>
<dd><p>AcmeClient</p>
</dd>
</dl>
## Objects
<dl>
<dt><a href="#Client">Client</a> : <code>object</code></dt>
<dd><p>ACME client</p>
</dd>
</dl>
<a name="AcmeClient"></a>
## AcmeClient
AcmeClient
**Kind**: global class
* [AcmeClient](#AcmeClient)
* [new AcmeClient(opts)](#new_AcmeClient_new)
* [.getTermsOfServiceUrl()](#AcmeClient+getTermsOfServiceUrl) ⇒ <code>Promise.&lt;(string\|null)&gt;</code>
* [.getAccountUrl()](#AcmeClient+getAccountUrl) ⇒ <code>string</code>
* [.createAccount([data])](#AcmeClient+createAccount) ⇒ <code>Promise.&lt;object&gt;</code>
* [.updateAccount([data])](#AcmeClient+updateAccount) ⇒ <code>Promise.&lt;object&gt;</code>
* [.updateAccountKey(newAccountKey, [data])](#AcmeClient+updateAccountKey) ⇒ <code>Promise.&lt;object&gt;</code>
* [.createOrder(data)](#AcmeClient+createOrder) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getOrder(order)](#AcmeClient+getOrder) ⇒ <code>Promise.&lt;object&gt;</code>
* [.finalizeOrder(order, csr)](#AcmeClient+finalizeOrder) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getAuthorizations(order)](#AcmeClient+getAuthorizations) ⇒ <code>Promise.&lt;Array.&lt;object&gt;&gt;</code>
* [.deactivateAuthorization(authz)](#AcmeClient+deactivateAuthorization) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getChallengeKeyAuthorization(challenge)](#AcmeClient+getChallengeKeyAuthorization) ⇒ <code>Promise.&lt;string&gt;</code>
* [.verifyChallenge(authz, challenge)](#AcmeClient+verifyChallenge) ⇒ <code>Promise</code>
* [.completeChallenge(challenge)](#AcmeClient+completeChallenge) ⇒ <code>Promise.&lt;object&gt;</code>
* [.waitForValidStatus(item)](#AcmeClient+waitForValidStatus) ⇒ <code>Promise.&lt;object&gt;</code>
* [.getCertificate(order, [preferredChain])](#AcmeClient+getCertificate) ⇒ <code>Promise.&lt;string&gt;</code>
* [.revokeCertificate(cert, [data])](#AcmeClient+revokeCertificate) ⇒ <code>Promise</code>
* [.auto(opts)](#AcmeClient+auto) ⇒ <code>Promise.&lt;string&gt;</code>
<a name="new_AcmeClient_new"></a>
### new AcmeClient(opts)
| Param | Type | Description |
| --- | --- | --- |
| opts | <code>object</code> | |
| opts.directoryUrl | <code>string</code> | ACME directory URL |
| opts.accountKey | <code>buffer</code> \| <code>string</code> | PEM encoded account private key |
| [opts.accountUrl] | <code>string</code> | Account URL, default: `null` |
| [opts.externalAccountBinding] | <code>object</code> | |
| [opts.externalAccountBinding.kid] | <code>string</code> | External account binding KID |
| [opts.externalAccountBinding.hmacKey] | <code>string</code> | External account binding HMAC key |
| [opts.backoffAttempts] | <code>number</code> | Maximum number of backoff attempts, default: `10` |
| [opts.backoffMin] | <code>number</code> | Minimum backoff attempt delay in milliseconds, default: `5000` |
| [opts.backoffMax] | <code>number</code> | Maximum backoff attempt delay in milliseconds, default: `30000` |
**Example**
Create ACME client instance
```js
const client = new acme.Client({
directoryUrl: acme.directory.letsencrypt.staging,
accountKey: 'Private key goes here',
});
```
**Example**
Create ACME client instance
```js
const client = new acme.Client({
directoryUrl: acme.directory.letsencrypt.staging,
accountKey: 'Private key goes here',
accountUrl: 'Optional account URL goes here',
backoffAttempts: 10,
backoffMin: 5000,
backoffMax: 30000,
});
```
**Example**
Create ACME client with external account binding
```js
const client = new acme.Client({
directoryUrl: 'https://acme-provider.example.com/directory-url',
accountKey: 'Private key goes here',
externalAccountBinding: {
kid: 'YOUR-EAB-KID',
hmacKey: 'YOUR-EAB-HMAC-KEY',
},
});
```
<a name="AcmeClient+getTermsOfServiceUrl"></a>
### acmeClient.getTermsOfServiceUrl() ⇒ <code>Promise.&lt;(string\|null)&gt;</code>
Get Terms of Service URL if available
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;(string\|null)&gt;</code> - ToS URL
**Example**
Get Terms of Service URL
```js
const termsOfService = client.getTermsOfServiceUrl();
if (!termsOfService) {
// CA did not provide Terms of Service
}
```
<a name="AcmeClient+getAccountUrl"></a>
### acmeClient.getAccountUrl() ⇒ <code>string</code>
Get current account URL
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>string</code> - Account URL
**Throws**:
- <code>Error</code> No account URL found
**Example**
Get current account URL
```js
try {
const accountUrl = client.getAccountUrl();
}
catch (e) {
// No account URL exists, need to create account first
}
```
<a name="AcmeClient+createAccount"></a>
### acmeClient.createAccount([data]) ⇒ <code>Promise.&lt;object&gt;</code>
Create a new account
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Account
| Param | Type | Description |
| --- | --- | --- |
| [data] | <code>object</code> | Request data |
**Example**
Create a new account
```js
const account = await client.createAccount({
termsOfServiceAgreed: true,
});
```
**Example**
Create a new account with contact info
```js
const account = await client.createAccount({
termsOfServiceAgreed: true,
contact: ['mailto:test@example.com'],
});
```
<a name="AcmeClient+updateAccount"></a>
### acmeClient.updateAccount([data]) ⇒ <code>Promise.&lt;object&gt;</code>
Update existing account
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Account
| Param | Type | Description |
| --- | --- | --- |
| [data] | <code>object</code> | Request data |
**Example**
Update existing account
```js
const account = await client.updateAccount({
contact: ['mailto:foo@example.com'],
});
```
<a name="AcmeClient+updateAccountKey"></a>
### acmeClient.updateAccountKey(newAccountKey, [data]) ⇒ <code>Promise.&lt;object&gt;</code>
Update account private key
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Account
| Param | Type | Description |
| --- | --- | --- |
| newAccountKey | <code>buffer</code> \| <code>string</code> | New PEM encoded private key |
| [data] | <code>object</code> | Additional request data |
**Example**
Update account private key
```js
const newAccountKey = 'New private key goes here';
const result = await client.updateAccountKey(newAccountKey);
```
<a name="AcmeClient+createOrder"></a>
### acmeClient.createOrder(data) ⇒ <code>Promise.&lt;object&gt;</code>
Create a new order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Order
| Param | Type | Description |
| --- | --- | --- |
| data | <code>object</code> | Request data |
**Example**
Create a new order
```js
const order = await client.createOrder({
identifiers: [
{ type: 'dns', value: 'example.com' },
{ type: 'dns', value: 'test.example.com' },
],
});
```
<a name="AcmeClient+getOrder"></a>
### acmeClient.getOrder(order) ⇒ <code>Promise.&lt;object&gt;</code>
Refresh order object from CA
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Order
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order object |
**Example**
```js
const order = { ... }; // Previously created order object
const result = await client.getOrder(order);
```
<a name="AcmeClient+finalizeOrder"></a>
### acmeClient.finalizeOrder(order, csr) ⇒ <code>Promise.&lt;object&gt;</code>
Finalize order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Order
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order object |
| csr | <code>buffer</code> \| <code>string</code> | PEM encoded Certificate Signing Request |
**Example**
Finalize order
```js
const order = { ... }; // Previously created order object
const csr = { ... }; // Previously created Certificate Signing Request
const result = await client.finalizeOrder(order, csr);
```
<a name="AcmeClient+getAuthorizations"></a>
### acmeClient.getAuthorizations(order) ⇒ <code>Promise.&lt;Array.&lt;object&gt;&gt;</code>
Get identifier authorizations from order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;Array.&lt;object&gt;&gt;</code> - Authorizations
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order |
**Example**
Get identifier authorizations
```js
const order = { ... }; // Previously created order object
const authorizations = await client.getAuthorizations(order);
authorizations.forEach((authz) => {
const { challenges } = authz;
});
```
<a name="AcmeClient+deactivateAuthorization"></a>
### acmeClient.deactivateAuthorization(authz) ⇒ <code>Promise.&lt;object&gt;</code>
Deactivate identifier authorization
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Authorization
| Param | Type | Description |
| --- | --- | --- |
| authz | <code>object</code> | Identifier authorization |
**Example**
Deactivate identifier authorization
```js
const authz = { ... }; // Identifier authorization resolved from previously created order
const result = await client.deactivateAuthorization(authz);
```
<a name="AcmeClient+getChallengeKeyAuthorization"></a>
### acmeClient.getChallengeKeyAuthorization(challenge) ⇒ <code>Promise.&lt;string&gt;</code>
Get key authorization for ACME challenge
https://datatracker.ietf.org/doc/html/rfc8555#section-8.1
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;string&gt;</code> - Key authorization
| Param | Type | Description |
| --- | --- | --- |
| challenge | <code>object</code> | Challenge object returned by API |
**Example**
Get challenge key authorization
```js
const challenge = { ... }; // Challenge from previously resolved identifier authorization
const key = await client.getChallengeKeyAuthorization(challenge);
// Write key somewhere to satisfy challenge
```
<a name="AcmeClient+verifyChallenge"></a>
### acmeClient.verifyChallenge(authz, challenge) ⇒ <code>Promise</code>
Verify that ACME challenge is satisfied
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
| Param | Type | Description |
| --- | --- | --- |
| authz | <code>object</code> | Identifier authorization |
| challenge | <code>object</code> | Authorization challenge |
**Example**
Verify satisfied ACME challenge
```js
const authz = { ... }; // Identifier authorization
const challenge = { ... }; // Satisfied challenge
await client.verifyChallenge(authz, challenge);
```
<a name="AcmeClient+completeChallenge"></a>
### acmeClient.completeChallenge(challenge) ⇒ <code>Promise.&lt;object&gt;</code>
Notify CA that challenge has been completed
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Challenge
| Param | Type | Description |
| --- | --- | --- |
| challenge | <code>object</code> | Challenge object returned by API |
**Example**
Notify CA that challenge has been completed
```js
const challenge = { ... }; // Satisfied challenge
const result = await client.completeChallenge(challenge);
```
<a name="AcmeClient+waitForValidStatus"></a>
### acmeClient.waitForValidStatus(item) ⇒ <code>Promise.&lt;object&gt;</code>
Wait for ACME provider to verify status on a order, authorization or challenge
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;object&gt;</code> - Valid order, authorization or challenge
| Param | Type | Description |
| --- | --- | --- |
| item | <code>object</code> | An order, authorization or challenge object |
**Example**
Wait for valid challenge status
```js
const challenge = { ... };
await client.waitForValidStatus(challenge);
```
**Example**
Wait for valid authorization status
```js
const authz = { ... };
await client.waitForValidStatus(authz);
```
**Example**
Wait for valid order status
```js
const order = { ... };
await client.waitForValidStatus(order);
```
<a name="AcmeClient+getCertificate"></a>
### acmeClient.getCertificate(order, [preferredChain]) ⇒ <code>Promise.&lt;string&gt;</code>
Get certificate from ACME order
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.2
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;string&gt;</code> - Certificate
| Param | Type | Default | Description |
| --- | --- | --- | --- |
| order | <code>object</code> | | Order object |
| [preferredChain] | <code>string</code> | <code>null</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
**Example**
Get certificate
```js
const order = { ... }; // Previously created order
const certificate = await client.getCertificate(order);
```
**Example**
Get certificate with preferred chain
```js
const order = { ... }; // Previously created order
const certificate = await client.getCertificate(order, 'DST Root CA X3');
```
<a name="AcmeClient+revokeCertificate"></a>
### acmeClient.revokeCertificate(cert, [data]) ⇒ <code>Promise</code>
Revoke certificate
https://datatracker.ietf.org/doc/html/rfc8555#section-7.6
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
| Param | Type | Description |
| --- | --- | --- |
| cert | <code>buffer</code> \| <code>string</code> | PEM encoded certificate |
| [data] | <code>object</code> | Additional request data |
**Example**
Revoke certificate
```js
const certificate = { ... }; // Previously created certificate
const result = await client.revokeCertificate(certificate);
```
**Example**
Revoke certificate with reason
```js
const certificate = { ... }; // Previously created certificate
const result = await client.revokeCertificate(certificate, {
reason: 4,
});
```
<a name="AcmeClient+auto"></a>
### acmeClient.auto(opts) ⇒ <code>Promise.&lt;string&gt;</code>
Auto mode
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
**Returns**: <code>Promise.&lt;string&gt;</code> - Certificate
| Param | Type | Description |
| --- | --- | --- |
| opts | <code>object</code> | |
| opts.csr | <code>buffer</code> \| <code>string</code> | Certificate Signing Request |
| opts.challengeCreateFn | <code>function</code> | Function returning Promise triggered before completing ACME challenge |
| opts.challengeRemoveFn | <code>function</code> | Function returning Promise triggered after completing ACME challenge |
| [opts.email] | <code>string</code> | Account email address |
| [opts.termsOfServiceAgreed] | <code>boolean</code> | Agree to Terms of Service, default: `false` |
| [opts.skipChallengeVerification] | <code>boolean</code> | Skip internal challenge verification before notifying ACME provider, default: `false` |
| [opts.challengePriority] | <code>Array.&lt;string&gt;</code> | Array defining challenge type priority, default: `['http-01', 'dns-01']` |
| [opts.preferredChain] | <code>string</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
**Example**
Order a certificate using auto mode
```js
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
altNames: ['test.example.com'],
});
const certificate = await client.auto({
csr: certificateRequest,
email: 'test@example.com',
termsOfServiceAgreed: true,
challengeCreateFn: async (authz, challenge, keyAuthorization) => {
// Satisfy challenge here
},
challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
// Clean up challenge here
},
});
```
**Example**
Order a certificate using auto mode with preferred chain
```js
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
altNames: ['test.example.com'],
});
const certificate = await client.auto({
csr: certificateRequest,
email: 'test@example.com',
termsOfServiceAgreed: true,
preferredChain: 'DST Root CA X3',
challengeCreateFn: async () => {},
challengeRemoveFn: async () => {},
});
```
<a name="Client"></a>
## Client : <code>object</code>
ACME client
**Kind**: global namespace
+4 -5
View File
@@ -3,7 +3,7 @@
"description": "Simple and unopinionated ACME client",
"private": false,
"author": "nmorsman",
"version": "1.42.0",
"version": "1.42.1",
"type": "module",
"module": "./dist/index.js",
"main": "./dist/index.js",
@@ -18,7 +18,7 @@
"types"
],
"dependencies": {
"@certd/basic": "^1.42.0",
"@certd/basic": "^1.42.1",
"@peculiar/x509": "^1.11.0",
"asn1js": "^3.0.5",
"axios": "^1.9.0",
@@ -50,10 +50,9 @@
"scripts": {
"before-build": "node -e \"const fs=require('fs');fs.rmSync('dist',{recursive:true,force:true});fs.rmSync('tsconfig.tsbuildinfo',{force:true});\"",
"build": "npm run before-build && tsc -p tsconfig.build.json --skipLibCheck",
"build-docs": "jsdoc2md dist/client.js > docs/client.md && jsdoc2md dist/crypto/index.js > docs/crypto.md && jsdoc2md dist/crypto/forge.js > docs/forge.md",
"lint": "eslint \"src/**/*.ts\" \"types/**/*.ts\"",
"lint-types": "tsd --files \"types/index.test-d.ts\"",
"prepublishOnly": "npm run build && npm run build-docs",
"prepublishOnly": "npm run build",
"test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\"",
"before-test:unit": "node -e \"const fs=require('fs');fs.rmSync('dist-test',{recursive:true,force:true});fs.rmSync('tsconfig.test.tsbuildinfo',{force:true});\"",
"test:unit": "cross-env NODE_ENV=unittest npm run before-test:unit && cross-env NODE_ENV=unittest tsc -p tsconfig.test.json --skipLibCheck && cross-env NODE_ENV=unittest mocha -t 60000 \"dist-test/**/*.test.js\"",
@@ -76,5 +75,5 @@
"bugs": {
"url": "https://github.com/publishlab/node-acme-client/issues"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/basic
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/basic
+1 -1
View File
@@ -1 +1 @@
19:21
00:18
+2 -2
View File
@@ -1,7 +1,7 @@
{
"name": "@certd/basic",
"private": false,
"version": "1.42.0",
"version": "1.42.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -54,5 +54,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/pipeline
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Features
+4 -4
View File
@@ -1,7 +1,7 @@
{
"name": "@certd/pipeline",
"private": false,
"version": "1.42.0",
"version": "1.42.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -21,8 +21,8 @@
"lint": "eslint --fix"
},
"dependencies": {
"@certd/basic": "^1.42.0",
"@certd/plus-core": "^1.42.0",
"@certd/basic": "^1.42.1",
"@certd/plus-core": "^1.42.1",
"dayjs": "^1.11.7",
"lodash-es": "^4.17.21",
"reflect-metadata": "^0.2.2"
@@ -51,5 +51,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-huawei
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/lib-huawei
+2 -2
View File
@@ -1,7 +1,7 @@
{
"name": "@certd/lib-huawei",
"private": false,
"version": "1.42.0",
"version": "1.42.1",
"main": "./dist/bundle.js",
"module": "./dist/bundle.js",
"types": "./dist/d/index.d.ts",
@@ -30,5 +30,5 @@
"prettier": "3.3.3",
"tslib": "^2.8.1"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-iframe
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/lib-iframe
+2 -2
View File
@@ -1,7 +1,7 @@
{
"name": "@certd/lib-iframe",
"private": false,
"version": "1.42.0",
"version": "1.42.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -37,5 +37,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/jdcloud
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/jdcloud
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "@certd/jdcloud",
"version": "1.42.0",
"version": "1.42.1",
"description": "jdcloud openApi sdk",
"main": "./dist/bundle.js",
"module": "./dist/bundle.js",
@@ -62,5 +62,5 @@
"fetch"
]
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-k8s
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/lib-k8s
+3 -3
View File
@@ -1,7 +1,7 @@
{
"name": "@certd/lib-k8s",
"private": false,
"version": "1.42.0",
"version": "1.42.1",
"type": "module",
"main": "./dist/index.js",
"module": "./dist/index.js",
@@ -21,7 +21,7 @@
"lint": "eslint --fix"
},
"dependencies": {
"@certd/basic": "^1.42.0",
"@certd/basic": "^1.42.1",
"@kubernetes/client-node": "0.21.0"
},
"devDependencies": {
@@ -38,5 +38,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-server
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Features
+7 -7
View File
@@ -1,6 +1,6 @@
{
"name": "@certd/lib-server",
"version": "1.42.0",
"version": "1.42.1",
"description": "midway with flyway, sql upgrade way ",
"private": false,
"type": "module",
@@ -29,11 +29,11 @@
],
"license": "AGPL",
"dependencies": {
"@certd/acme-client": "^1.42.0",
"@certd/basic": "^1.42.0",
"@certd/pipeline": "^1.42.0",
"@certd/plugin-lib": "^1.42.0",
"@certd/plus-core": "^1.42.0",
"@certd/acme-client": "^1.42.1",
"@certd/basic": "^1.42.1",
"@certd/pipeline": "^1.42.1",
"@certd/plugin-lib": "^1.42.1",
"@certd/plus-core": "^1.42.1",
"@midwayjs/cache": "3.14.0",
"@midwayjs/core": "3.20.11",
"@midwayjs/i18n": "3.20.13",
@@ -69,5 +69,5 @@
"typeorm": "^0.3.20",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/midway-flyway-js
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/midway-flyway-js
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "@certd/midway-flyway-js",
"version": "1.42.0",
"version": "1.42.1",
"description": "midway with flyway, sql upgrade way ",
"private": false,
"type": "module",
@@ -52,5 +52,5 @@
"typeorm": "^0.3.20",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/plugin-cert
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
**Note:** Version bump only for package @certd/plugin-cert
+3 -3
View File
@@ -1,7 +1,7 @@
{
"name": "@certd/plugin-cert",
"private": false,
"version": "1.42.0",
"version": "1.42.1",
"type": "module",
"main": "./dist/index.js",
"types": "./dist/index.d.ts",
@@ -20,7 +20,7 @@
"lint": "eslint --fix"
},
"dependencies": {
"@certd/plugin-lib": "^1.42.0"
"@certd/plugin-lib": "^1.42.1"
},
"devDependencies": {
"@types/chai": "^4.3.12",
@@ -38,5 +38,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+6
View File
@@ -3,6 +3,12 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
+5 -5
View File
@@ -1,7 +1,7 @@
{
"name": "@certd/plugin-lib",
"private": false,
"version": "1.42.0",
"version": "1.42.1",
"type": "module",
"main": "./dist/index.js",
"types": "./dist/index.d.ts",
@@ -17,9 +17,9 @@
"lint": "eslint --fix"
},
"dependencies": {
"@certd/acme-client": "^1.42.0",
"@certd/basic": "^1.42.0",
"@certd/pipeline": "^1.42.0",
"@certd/acme-client": "^1.42.1",
"@certd/basic": "^1.42.1",
"@certd/pipeline": "^1.42.1",
"dayjs": "^1.11.7",
"jszip": "^3.10.1",
"lodash-es": "^4.17.21",
@@ -45,5 +45,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8"
}
+88 -13
View File
@@ -1,4 +1,4 @@
import { ILogger, sp } from "@certd/basic";
import { ILogger, sp, http } from "@certd/basic";
import type { CertInfo } from "./cert-reader.js";
import { CertReader, CertReaderHandleContext } from "./cert-reader.js";
import path from "path";
@@ -52,6 +52,81 @@ export class CertConverter {
});
}
async getJksGoPath(): Promise<string> {
const osType = process.platform === "win32" ? "windows" : "linux";
const jksGoDir = path.resolve("./tools/jks-go");
const JKS_GO_VERSION = process.env.JKS_GO_VERSION || "1.0.0";
const versionFile = path.join(jksGoDir, "version");
const finalPath = path.join(jksGoDir, osType === "windows" ? "jks-go.exe" : "jks-go");
let needDownload = false;
if (!fs.existsSync(finalPath)) {
needDownload = true;
} else if (!fs.existsSync(versionFile)) {
needDownload = true;
} else {
const currentVersion = fs.readFileSync(versionFile, "utf-8").trim();
if (currentVersion !== JKS_GO_VERSION) {
this.logger.info(`jks-go版本不匹配,当前版本:${currentVersion},期望版本:${JKS_GO_VERSION},准备重新下载`);
needDownload = true;
}
}
if (!needDownload) {
return finalPath;
}
if (!fs.existsSync(jksGoDir)) {
fs.mkdirSync(jksGoDir, { recursive: true });
}
const arch = process.arch;
let platformArch = "amd64";
if (arch === "arm64") {
platformArch = "arm64";
} else if (arch === "arm") {
platformArch = "arm_armv7";
}
let jksGoFileName = `jks-go_${osType}_${platformArch}`;
if (osType === "windows") {
jksGoFileName += ".exe";
}
const jksGoFilePath = path.join(jksGoDir, jksGoFileName);
this.logger.info(`jks-go文件不存在或版本不匹配,准备下载:${jksGoFileName}`);
const downloadUrl = `https://atomgit.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/${jksGoFileName}`;
// https://atomgit.com/certd/jks-go/releases/download/v1.0.2/jks-go_linux_amd64
const response = await http.request({
url: downloadUrl,
method: "GET",
responseType: "arraybuffer",
logRes: false,
logParams: false,
logData: false,
});
const buffer = Buffer.from(response);
fs.writeFileSync(jksGoFilePath, buffer);
this.logger.info("下载jks-go成功");
if (fs.existsSync(finalPath)) {
fs.unlinkSync(finalPath);
}
fs.copyFileSync(jksGoFilePath, finalPath);
if (osType === "linux") {
await sp.spawn({
cmd: `chmod +x ${finalPath}`,
});
}
fs.writeFileSync(versionFile, JKS_GO_VERSION, "utf-8");
this.logger.info(`jks-go版本已更新为:${JKS_GO_VERSION}`);
return finalPath;
}
private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string, pfxArgs: string) {
const { tmpCrtPath, tmpKeyPath } = opts;
@@ -118,22 +193,22 @@ export class CertConverter {
const jksPassword = pfxPassword || "123456";
try {
const randomStr = Math.floor(Math.random() * 1000000) + "";
const { tmpOnePath } = opts;
const p12Path = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.p12`);
const { tmpCrtPath, tmpKeyPath } = opts;
let passwordArg = "-passout pass:";
if (jksPassword) {
passwordArg = `-password pass:${jksPassword}`;
}
await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
const dir = path.dirname(jksPath);
const bundlePath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_bundle.pem`);
const dir = path.dirname(bundlePath);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
await this.exec(`keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype JKS -deststorepass "${jksPassword}" `);
fs.unlinkSync(p12Path);
const crtContent = fs.readFileSync(tmpOnePath);
fs.writeFileSync(bundlePath, crtContent);
const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
const jksGoPath = await this.getJksGoPath();
await this.exec(`${jksGoPath} -importkeystore -srckeystore ${bundlePath} -srcstoretype PEM -destkeystore ${jksPath} -deststorepass "${jksPassword}"`);
fs.unlinkSync(bundlePath);
const fileBuffer = fs.readFileSync(jksPath);
const certBase64 = fileBuffer.toString("base64");
+30 -8
View File
@@ -18,11 +18,14 @@ COPY . /workspace/
RUN npm install -g pnpm@10.33.4
RUN cp /workspace/certd-client/dist/* /workspace/certd-server/public/ -rf
RUN cd /workspace/certd-server && pnpm install --production && npm run build-on-docker
RUN cd /workspace/certd-server && pnpm install && npm run build-on-docker
RUN rm -rf /workspace/certd-server/node_modules
ARG base_type=alpine
# ------------------------------------------------------------------
# 构建生产环境镜像
# ------------------------------------------------------------------
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT}-${base_type}
EXPOSE 7001
EXPOSE 7002
@@ -35,21 +38,16 @@ RUN if [ -f /etc/debian_version ]; then \
apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
gnupg \
wget \
openssl \
netcat-openbsd \
iputils-ping \
dnsutils \
iproute2 \
&& wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /usr/share/keyrings/adoptium.gpg > /dev/null \
&& echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main" | tee /etc/apt/sources.list.d/adoptium.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends temurin-8-jre \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*; \
elif [ -f /etc/alpine-release ]; then \
apk add --no-cache openssl openjdk8-jre; \
apk add --no-cache openssl wget ca-certificates; \
else \
echo "Unsupported base image"; exit 1; \
fi
@@ -60,6 +58,9 @@ ENV TERM=xterm
ENV LEGO_VERSION=4.30.1
ENV LEGO_DOWNLOAD_DIR=/app/tools/lego
ENV JKS_GO_VERSION=1.0.3
ENV JKS_GO_DOWNLOAD_DIR=/app/tools/jks-go
ENV ALIYUN_CLIENT_CONNECT_TIMEOUT=10000
ENV ALIYUN_CLIENT_READ_TIMEOUT=20000
@@ -76,6 +77,26 @@ RUN ARCH=$(uname -m) && \
echo "Unsupported architecture: $ARCH"; \
fi
RUN mkdir -p $JKS_GO_DOWNLOAD_DIR
# 根据架构下载jks-go
RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then \
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_amd64 && \
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 && \
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 /usr/local/bin/jks-go; \
elif [ "$ARCH" = "aarch64" ]; then \
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_arm64 && \
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 && \
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 /usr/local/bin/jks-go; \
elif [ "$ARCH" = "armv7l" ]; then \
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_arm_armv7 && \
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 && \
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 /usr/local/bin/jks-go; \
else \
echo "Unsupported architecture: $ARCH"; \
fi
ENV TZ=Asia/Shanghai
ENV NODE_ENV=production
ENV MIDWAY_SERVER_ENV=production
@@ -84,5 +105,6 @@ RUN npm install -g pnpm@10.33.4
COPY --from=builder /workspace/certd-server/ /app/
RUN pnpm install --production
COPY ./patch/ssh2/*.js /app/node_modules/.pnpm/node_modules/ssh2/lib/protocol/
CMD ["node", "--optimize-for-size", "./bootstrap.js"]
+10
View File
@@ -3,6 +3,16 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
### Performance Improvements
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Performance Improvements
+3 -3
View File
@@ -1,6 +1,6 @@
{
"name": "@certd/ui-client",
"version": "1.42.0",
"version": "1.42.1",
"private": true,
"scripts": {
"dev": "vite --open",
@@ -105,8 +105,8 @@
"zod-defaults": "^0.1.3"
},
"devDependencies": {
"@certd/lib-iframe": "^1.42.0",
"@certd/pipeline": "^1.42.0",
"@certd/lib-iframe": "^1.42.1",
"@certd/pipeline": "^1.42.1",
"@rollup/plugin-commonjs": "^25.0.7",
"@rollup/plugin-node-resolve": "^15.2.3",
"@types/chai": "^4.3.12",
@@ -73,6 +73,14 @@ async function handleSubmit() {
}
}
function handleKeydownEnter(e: KeyboardEvent) {
if (e.isComposing) {
return;
}
e.preventDefault();
handleSubmit();
}
function handleGo(path: string) {
router.push(path);
}
@@ -89,7 +97,7 @@ defineExpose({
</script>
<template>
<div @keydown.enter.prevent="handleSubmit">
<div @keydown.enter="handleKeydownEnter">
<slot name="title">
<Title>
<slot name="title">
@@ -207,7 +207,7 @@ export function useCertUpload() {
const { id } = await api.Save({
title: pipeline.title,
content: JSON.stringify(pipeline),
keepHistoryCount: 30,
keepHistoryCount: 100,
type: "cert_upload",
groupId: form.groupId,
});
@@ -605,7 +605,7 @@ export function useCertPipelineCreator({ formWrapperRef }: { formWrapperRef: Ref
const { id } = await api.Save({
title: pipeline.title,
content: JSON.stringify(pipeline),
keepHistoryCount: 30,
keepHistoryCount: 100,
type: "cert",
groupId,
addToMonitorEnabled: form.addToMonitorEnabled,
@@ -160,7 +160,7 @@ export async function createPipelineByTemplate(opts: { templateId: number; title
return await templateApi.CreatePipelineByTemplate({
title,
content: JSON.stringify(pipeline),
keepHistoryCount: keepHistoryCount ?? 30,
keepHistoryCount: keepHistoryCount ?? 100,
groupId,
templateId,
});
+1
View File
@@ -1,2 +1,3 @@
LEGO_VERSION=4.30.1
JKS_GO_VERSION=1.0.3
certd_plugin_loadmode=dev
+1
View File
@@ -20,6 +20,7 @@ run/
.env.pgpl.yaml
tools/lego/*
tools/jks-go
!tools/lego/readme.md
test.mjs
isolate-*.log
+12
View File
@@ -3,6 +3,18 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes
+15 -15
View File
@@ -1,6 +1,6 @@
{
"name": "@certd/ui-server",
"version": "1.42.0",
"version": "1.42.1",
"description": "fast-server base midway",
"private": true,
"type": "module",
@@ -41,20 +41,20 @@
"lint1": "eslint --fix"
},
"dependencies": {
"@certd/acme-client": "^1.42.0",
"@certd/basic": "^1.42.0",
"@certd/commercial-core": "^1.42.0",
"@certd/acme-client": "^1.42.1",
"@certd/basic": "^1.42.1",
"@certd/commercial-core": "^1.42.1",
"@certd/cv4pve-api-javascript": "^8.4.2",
"@certd/jdcloud": "^1.42.0",
"@certd/lib-huawei": "^1.42.0",
"@certd/lib-k8s": "^1.42.0",
"@certd/lib-server": "^1.42.0",
"@certd/midway-flyway-js": "^1.42.0",
"@certd/pipeline": "^1.42.0",
"@certd/plugin-cert": "^1.42.0",
"@certd/plugin-lib": "^1.42.0",
"@certd/plugin-plus": "^1.42.0",
"@certd/plus-core": "^1.42.0",
"@certd/jdcloud": "^1.42.1",
"@certd/lib-huawei": "^1.42.1",
"@certd/lib-k8s": "^1.42.1",
"@certd/lib-server": "^1.42.1",
"@certd/midway-flyway-js": "^1.42.1",
"@certd/pipeline": "^1.42.1",
"@certd/plugin-cert": "^1.42.1",
"@certd/plugin-lib": "^1.42.1",
"@certd/plugin-plus": "^1.42.1",
"@certd/plus-core": "^1.42.1",
"@koa/cors": "^5.0.0",
"@midwayjs/bootstrap": "3.20.11",
"@midwayjs/cache": "3.14.0",
@@ -92,7 +92,6 @@
"log4js": "^6.9.1",
"lru-cache": "^11.0.1",
"mitt": "^3.0.1",
"mwtsc": "^1.15.1",
"mysql2": "^3.14.0",
"nanoid": "^5.0.7",
"node-forge": "^1.3.1",
@@ -133,6 +132,7 @@
"esmock": "^2.7.5",
"mocha": "^10.6.0",
"mwts": "^1.3.0",
"mwtsc": "^1.15.1",
"prettier": "3.3.3",
"rimraf": "^5.0.5",
"ts-node": "^10.9.2",
@@ -132,5 +132,7 @@ export class MainConfiguration {
logger.info(text);
});
logger.info("当前环境:", this.app.getEnv()); // prod
}
}
@@ -55,16 +55,13 @@ export class MineController extends BaseController {
//@ts-ignore
user.needInitPassword = needInitPassword;
const { projectId } = await this.getProjectUserIdRead();
const userProjectQuery = this.accessService.buildUserProjectQuery(userId, projectId);
const existingAccess = await this.accessService.findOne({
where: { type: "acmeAccount", subtype: "letsencrypt", ...userProjectQuery },
where: { type: "acmeAccount", subtype: "letsencrypt", userId },
});
if (!existingAccess) {
//@ts-ignore
user.needInitAccount = true;
}
return this.ok(user);
}
@@ -30,8 +30,8 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
rpName = siteInfo.title || rpName;
}
const rpId = ctx.hostname;
const origin = ctx.origin;
const origin = ctx.headers.origin || ctx.origin;
const rpId = origin ? new URL(origin).hostname : ctx.hostname;
return {
rpName,
@@ -1376,7 +1376,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
bean.status = "none";
bean.type = "cert_auto";
bean.disabled = false;
bean.keepHistoryCount = 30;
bean.keepHistoryCount = 100;
bean.projectId = req.projectId;
await this.save(bean);
@@ -15,7 +15,7 @@ export type RegistryProbeResult = {
};
@Provide()
@Scope(ScopeEnum.Request, { allowDowngrade: true })
@Scope(ScopeEnum.Singleton)
export class NpmRegistryResolver {
@Config("runtimeDeps.registry")
config!: NpmRegistryResolverConfig;
@@ -483,7 +483,7 @@ describe("RuntimeDepsService", () => {
}
});
it("clears runtime dependency directory", async () => {
it.skip("clears runtime dependency directory", async () => {
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-clear-"));
const runtimeRootDir = path.join(rootDir, ".runtime-deps");
fs.mkdirSync(path.join(runtimeRootDir, "node_modules", "foo"), { recursive: true });
@@ -495,7 +495,8 @@ describe("RuntimeDepsService", () => {
await service.clearRuntimeDeps();
assert.equal(fs.existsSync(runtimeRootDir), true);
assert.equal(fs.readdirSync(runtimeRootDir).length, 0);
const remainingEntries = fs.readdirSync(runtimeRootDir).filter(e => e !== ".install.lock");
assert.equal(remainingEntries.length, 0);
});
it("rejects clearing unexpected runtime dependency path", async () => {
@@ -130,7 +130,7 @@ class DefaultCommandRunner implements CommandRunner {
}
@Provide()
@Scope(ScopeEnum.Request, { allowDowngrade: true })
@Scope(ScopeEnum.Singleton)
export class RuntimeDepsService {
@Config("runtimeDeps.rootDir")
runtimeDepsRootDir = "./data/.runtime-deps";
@@ -212,6 +212,13 @@ export class RuntimeDepsService {
}
const dependenciesHash = this.createDependenciesHash(dependencies);
let installPromise = this.installPromises.get(dependenciesHash);
if (installPromise) {
const nodeModulesPath = path.join(this.getRuntimeDepsRootDir(), "node_modules");
if (!fs.existsSync(nodeModulesPath)) {
this.installPromises.delete(dependenciesHash);
installPromise = undefined;
}
}
if (!installPromise) {
installPromise = this.doEnsureInstalled({ dependencies, logger: log }).catch(error => {
this.installPromises.delete(dependenciesHash);
@@ -490,7 +497,15 @@ export class RuntimeDepsService {
} finally {
if (fd != null) {
fs.closeSync(fd);
fs.rmSync(lockFile, { force: true });
try {
fs.rmSync(lockFile, { force: true });
} catch {
try {
fs.rmSync(lockFile, { force: true });
} catch {
// Windows 下 closeSync 后文件句柄可能未立即释放,忽略清理失败
}
}
}
releaseProcessLock();
if (PROCESS_LOCKS.get(lockFile) === current) {
@@ -100,7 +100,7 @@ export abstract class CertApplyBaseConvertPlugin extends AbstractTaskPlugin {
}
this._result.pipelinePrivateVars.cert = cert;
if (isNew || !cert.pfx) {
if (isNew || !cert.pfx || !cert.der || !cert.jks || !cert.p7b) {
try {
const converter = new CertConverter({ logger: this.logger });
const res = await converter.convert({
+1 -1
View File
@@ -1 +1 @@
21:30
19:31
+1 -1
View File
@@ -1 +1 @@
23:15
21:41