Compare commits

..

15 Commits

Author SHA1 Message Date
xiaojunnuo a545a28dfb Merge branch 'v2' of https://github.com/certd/certd into v2 2026-07-07 21:18:51 +08:00
xiaojunnuo ac876a980c build: release 2026-07-07 21:15:16 +08:00
xiaojunnuo 4b555e8a56 build: publish 2026-07-07 20:04:20 +08:00
xiaojunnuo 1a8d14dc44 build: trigger build image 2026-07-07 20:04:08 +08:00
xiaojunnuo 83263a72d2 v1.42.2 2026-07-07 19:59:41 +08:00
xiaojunnuo 76f3ba8691 build: prepare to build 2026-07-07 19:56:46 +08:00
xiaojunnuo 072edd7aff fix: 修复cname用阿里云校验时报找不到runtimeDepsService的错误 2026-07-07 19:51:23 +08:00
猫爪子 c0be4d702c fix(certd-server): 修复 AWS 中国区 CloudFront 证书部署问题 (#764) @yw-mao
- 修复证书链拆分,保留 END CERTIFICATE 结尾标记,避免 MalformedCertificate
- 更新 CloudFront 时构造干净的 IAM ViewerCertificate,强制 sni-only,
  解决 InvalidViewerCertificate 及中国区不支持 vip 的报错
- 部署完成后清理被替换掉的旧 IAM 证书,避免续期堆积
- IAM/CloudFront 权限不足时抛出可读中文提示,便于运维排查

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-07 16:20:07 +08:00
xiaojunnuo c3d6db3f1e fix: 修复AsiaIsp CDN证书重复情况下部署失败的问题 2026-07-07 14:15:09 +08:00
xiaojunnuo e05ec53eb5 chore: 1 2026-07-07 10:21:01 +08:00
xiaojunnuo 8d9dad9c82 fix: 修复企业模式下弹出邮箱绑定提醒的问题 2026-07-07 09:43:10 +08:00
xiaojunnuo 0071bcb0e4 fix: 修复火山视频点播源站选择不到自定义源站的bug 2026-07-07 09:42:41 +08:00
xiaojunnuo dbdc1ccd1b build: release 2026-07-07 00:35:25 +08:00
xiaojunnuo 2a606fdb1d build: publish 2026-07-07 00:22:06 +08:00
xiaojunnuo 3b86f30bcf build: trigger build image 2026-07-07 00:21:54 +08:00
42 changed files with 435 additions and 115 deletions
+9
View File
@@ -3,6 +3,15 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes ### Bug Fixes
+22
View File
@@ -3,6 +3,28 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
### Performance Improvements
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05) # [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
### Bug Fixes ### Bug Fixes
+1 -1
View File
@@ -9,5 +9,5 @@
} }
}, },
"npmClient": "pnpm", "npmClient": "pnpm",
"version": "1.42.1" "version": "1.42.2"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/publishlab/node-acme-client/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/acme-client
## [1.42.1](https://github.com/publishlab/node-acme-client/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/publishlab/node-acme-client/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/acme-client **Note:** Version bump only for package @certd/acme-client
+3 -3
View File
@@ -3,7 +3,7 @@
"description": "Simple and unopinionated ACME client", "description": "Simple and unopinionated ACME client",
"private": false, "private": false,
"author": "nmorsman", "author": "nmorsman",
"version": "1.42.1", "version": "1.42.2",
"type": "module", "type": "module",
"module": "./dist/index.js", "module": "./dist/index.js",
"main": "./dist/index.js", "main": "./dist/index.js",
@@ -18,7 +18,7 @@
"types" "types"
], ],
"dependencies": { "dependencies": {
"@certd/basic": "^1.42.1", "@certd/basic": "^1.42.2",
"@peculiar/x509": "^1.11.0", "@peculiar/x509": "^1.11.0",
"asn1js": "^3.0.5", "asn1js": "^3.0.5",
"axios": "^1.9.0", "axios": "^1.9.0",
@@ -75,5 +75,5 @@
"bugs": { "bugs": {
"url": "https://github.com/publishlab/node-acme-client/issues" "url": "https://github.com/publishlab/node-acme-client/issues"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/basic
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/basic **Note:** Version bump only for package @certd/basic
+1 -1
View File
@@ -1 +1 @@
00:18 19:56
+2 -2
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/basic", "name": "@certd/basic",
"private": false, "private": false,
"version": "1.42.1", "version": "1.42.2",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -54,5 +54,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/pipeline
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/pipeline **Note:** Version bump only for package @certd/pipeline
+4 -4
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/pipeline", "name": "@certd/pipeline",
"private": false, "private": false,
"version": "1.42.1", "version": "1.42.2",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -21,8 +21,8 @@
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/basic": "^1.42.1", "@certd/basic": "^1.42.2",
"@certd/plus-core": "^1.42.1", "@certd/plus-core": "^1.42.2",
"dayjs": "^1.11.7", "dayjs": "^1.11.7",
"lodash-es": "^4.17.21", "lodash-es": "^4.17.21",
"reflect-metadata": "^0.2.2" "reflect-metadata": "^0.2.2"
@@ -51,5 +51,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-huawei
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-huawei **Note:** Version bump only for package @certd/lib-huawei
+2 -2
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/lib-huawei", "name": "@certd/lib-huawei",
"private": false, "private": false,
"version": "1.42.1", "version": "1.42.2",
"main": "./dist/bundle.js", "main": "./dist/bundle.js",
"module": "./dist/bundle.js", "module": "./dist/bundle.js",
"types": "./dist/d/index.d.ts", "types": "./dist/d/index.d.ts",
@@ -30,5 +30,5 @@
"prettier": "3.3.3", "prettier": "3.3.3",
"tslib": "^2.8.1" "tslib": "^2.8.1"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-iframe
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-iframe **Note:** Version bump only for package @certd/lib-iframe
+2 -2
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/lib-iframe", "name": "@certd/lib-iframe",
"private": false, "private": false,
"version": "1.42.1", "version": "1.42.2",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -37,5 +37,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/jdcloud
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/jdcloud **Note:** Version bump only for package @certd/jdcloud
+2 -2
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/jdcloud", "name": "@certd/jdcloud",
"version": "1.42.1", "version": "1.42.2",
"description": "jdcloud openApi sdk", "description": "jdcloud openApi sdk",
"main": "./dist/bundle.js", "main": "./dist/bundle.js",
"module": "./dist/bundle.js", "module": "./dist/bundle.js",
@@ -62,5 +62,5 @@
"fetch" "fetch"
] ]
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-k8s
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-k8s **Note:** Version bump only for package @certd/lib-k8s
+3 -3
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/lib-k8s", "name": "@certd/lib-k8s",
"private": false, "private": false,
"version": "1.42.1", "version": "1.42.2",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"module": "./dist/index.js", "module": "./dist/index.js",
@@ -21,7 +21,7 @@
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/basic": "^1.42.1", "@certd/basic": "^1.42.2",
"@kubernetes/client-node": "0.21.0" "@kubernetes/client-node": "0.21.0"
}, },
"devDependencies": { "devDependencies": {
@@ -38,5 +38,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/lib-server
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/lib-server **Note:** Version bump only for package @certd/lib-server
+7 -7
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/lib-server", "name": "@certd/lib-server",
"version": "1.42.1", "version": "1.42.2",
"description": "midway with flyway, sql upgrade way ", "description": "midway with flyway, sql upgrade way ",
"private": false, "private": false,
"type": "module", "type": "module",
@@ -29,11 +29,11 @@
], ],
"license": "AGPL", "license": "AGPL",
"dependencies": { "dependencies": {
"@certd/acme-client": "^1.42.1", "@certd/acme-client": "^1.42.2",
"@certd/basic": "^1.42.1", "@certd/basic": "^1.42.2",
"@certd/pipeline": "^1.42.1", "@certd/pipeline": "^1.42.2",
"@certd/plugin-lib": "^1.42.1", "@certd/plugin-lib": "^1.42.2",
"@certd/plus-core": "^1.42.1", "@certd/plus-core": "^1.42.2",
"@midwayjs/cache": "3.14.0", "@midwayjs/cache": "3.14.0",
"@midwayjs/core": "3.20.11", "@midwayjs/core": "3.20.11",
"@midwayjs/i18n": "3.20.13", "@midwayjs/i18n": "3.20.13",
@@ -69,5 +69,5 @@
"typeorm": "^0.3.20", "typeorm": "^0.3.20",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/midway-flyway-js
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/midway-flyway-js **Note:** Version bump only for package @certd/midway-flyway-js
+2 -2
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/midway-flyway-js", "name": "@certd/midway-flyway-js",
"version": "1.42.1", "version": "1.42.2",
"description": "midway with flyway, sql upgrade way ", "description": "midway with flyway, sql upgrade way ",
"private": false, "private": false,
"type": "module", "type": "module",
@@ -52,5 +52,5 @@
"typeorm": "^0.3.20", "typeorm": "^0.3.20",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/plugin-cert
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
**Note:** Version bump only for package @certd/plugin-cert **Note:** Version bump only for package @certd/plugin-cert
+3 -3
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/plugin-cert", "name": "@certd/plugin-cert",
"private": false, "private": false,
"version": "1.42.1", "version": "1.42.2",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"types": "./dist/index.d.ts", "types": "./dist/index.d.ts",
@@ -20,7 +20,7 @@
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/plugin-lib": "^1.42.1" "@certd/plugin-lib": "^1.42.2"
}, },
"devDependencies": { "devDependencies": {
"@types/chai": "^4.3.12", "@types/chai": "^4.3.12",
@@ -38,5 +38,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+4
View File
@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
**Note:** Version bump only for package @certd/plugin-lib
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Performance Improvements ### Performance Improvements
+5 -5
View File
@@ -1,7 +1,7 @@
{ {
"name": "@certd/plugin-lib", "name": "@certd/plugin-lib",
"private": false, "private": false,
"version": "1.42.1", "version": "1.42.2",
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"types": "./dist/index.d.ts", "types": "./dist/index.d.ts",
@@ -17,9 +17,9 @@
"lint": "eslint --fix" "lint": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/acme-client": "^1.42.1", "@certd/acme-client": "^1.42.2",
"@certd/basic": "^1.42.1", "@certd/basic": "^1.42.2",
"@certd/pipeline": "^1.42.1", "@certd/pipeline": "^1.42.2",
"dayjs": "^1.11.7", "dayjs": "^1.11.7",
"jszip": "^3.10.1", "jszip": "^3.10.1",
"lodash-es": "^4.17.21", "lodash-es": "^4.17.21",
@@ -45,5 +45,5 @@
"tslib": "^2.8.1", "tslib": "^2.8.1",
"typescript": "^5.4.2" "typescript": "^5.4.2"
}, },
"gitHead": "b46948c0ba67069ebcd2bb71b21b6c289d99f1b8" "gitHead": "7808d028e9c7e1b1e3ebc41f12b023d7b553300b"
} }
+6
View File
@@ -3,6 +3,12 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes ### Bug Fixes
+3 -3
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/ui-client", "name": "@certd/ui-client",
"version": "1.42.1", "version": "1.42.2",
"private": true, "private": true,
"scripts": { "scripts": {
"dev": "vite --open", "dev": "vite --open",
@@ -105,8 +105,8 @@
"zod-defaults": "^0.1.3" "zod-defaults": "^0.1.3"
}, },
"devDependencies": { "devDependencies": {
"@certd/lib-iframe": "^1.42.1", "@certd/lib-iframe": "^1.42.2",
"@certd/pipeline": "^1.42.1", "@certd/pipeline": "^1.42.2",
"@rollup/plugin-commonjs": "^25.0.7", "@rollup/plugin-commonjs": "^25.0.7",
"@rollup/plugin-node-resolve": "^15.2.3", "@rollup/plugin-node-resolve": "^15.2.3",
"@types/chai": "^4.3.12", "@types/chai": "^4.3.12",
@@ -15,11 +15,14 @@ import { Modal, notification } from "ant-design-vue";
import { useI18n } from "/src/locales"; import { useI18n } from "/src/locales";
import { request } from "/@/api/service"; import { request } from "/@/api/service";
import { useFormDialog } from "/@/use/use-dialog"; import { useFormDialog } from "/@/use/use-dialog";
import { useSettingStore } from "/@/store/settings/index.jsx";
const { t } = useI18n(); const { t } = useI18n();
const { openFormDialog } = useFormDialog(); const { openFormDialog } = useFormDialog();
const userStore = useUserStore(); const userStore = useUserStore();
const settingStore = useSettingStore();
const changePasswordButtonRef = ref(); const changePasswordButtonRef = ref();
const emailFormWrapperRef = ref<any>(); const emailFormWrapperRef = ref<any>();
@@ -34,6 +37,9 @@ const validateEmailConfirm = async (_rule: any, value: string) => {
}; };
async function checkAndSetupAccount() { async function checkAndSetupAccount() {
if (settingStore.isEnterprise) {
return;
}
try { try {
const userInfo = userStore.getUserInfo as any; const userInfo = userStore.getUserInfo as any;
if (!userInfo.needInitAccount) { if (!userInfo.needInitAccount) {
+9
View File
@@ -3,6 +3,15 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
### Bug Fixes
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06) ## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
### Bug Fixes ### Bug Fixes
@@ -102,6 +102,7 @@ input:
sourceStationType: sourceStationType:
title: 源站类型 title: 源站类型
helper: 选择源站类型 helper: 选择源站类型
value: 1
component: component:
name: a-select name: a-select
vModel: value vModel: value
@@ -110,7 +111,6 @@ input:
label: 点播源站 label: 点播源站
- value: 2 - value: 2
label: 自定义源站 label: 自定义源站
value: 1
helper: 注意:封面加速域名不支持自定义源站 helper: 注意:封面加速域名不支持自定义源站
required: false required: false
order: 0 order: 0
+14 -14
View File
@@ -1,6 +1,6 @@
{ {
"name": "@certd/ui-server", "name": "@certd/ui-server",
"version": "1.42.1", "version": "1.42.2",
"description": "fast-server base midway", "description": "fast-server base midway",
"private": true, "private": true,
"type": "module", "type": "module",
@@ -41,20 +41,20 @@
"lint1": "eslint --fix" "lint1": "eslint --fix"
}, },
"dependencies": { "dependencies": {
"@certd/acme-client": "^1.42.1", "@certd/acme-client": "^1.42.2",
"@certd/basic": "^1.42.1", "@certd/basic": "^1.42.2",
"@certd/commercial-core": "^1.42.1", "@certd/commercial-core": "^1.42.2",
"@certd/cv4pve-api-javascript": "^8.4.2", "@certd/cv4pve-api-javascript": "^8.4.2",
"@certd/jdcloud": "^1.42.1", "@certd/jdcloud": "^1.42.2",
"@certd/lib-huawei": "^1.42.1", "@certd/lib-huawei": "^1.42.2",
"@certd/lib-k8s": "^1.42.1", "@certd/lib-k8s": "^1.42.2",
"@certd/lib-server": "^1.42.1", "@certd/lib-server": "^1.42.2",
"@certd/midway-flyway-js": "^1.42.1", "@certd/midway-flyway-js": "^1.42.2",
"@certd/pipeline": "^1.42.1", "@certd/pipeline": "^1.42.2",
"@certd/plugin-cert": "^1.42.1", "@certd/plugin-cert": "^1.42.2",
"@certd/plugin-lib": "^1.42.1", "@certd/plugin-lib": "^1.42.2",
"@certd/plugin-plus": "^1.42.1", "@certd/plugin-plus": "^1.42.2",
"@certd/plus-core": "^1.42.1", "@certd/plus-core": "^1.42.2",
"@koa/cors": "^5.0.0", "@koa/cors": "^5.0.0",
"@midwayjs/bootstrap": "3.20.11", "@midwayjs/bootstrap": "3.20.11",
"@midwayjs/cache": "3.14.0", "@midwayjs/cache": "3.14.0",
@@ -133,6 +133,5 @@ export class MainConfiguration {
}); });
logger.info("当前环境:", this.app.getEnv()); // prod logger.info("当前环境:", this.app.getEnv()); // prod
} }
} }
@@ -1,4 +1,4 @@
import { AccessGetter, AccessService, BaseController, Constants, SysSettingsService } from "@certd/lib-server"; import { AccessGetter, AccessService, BaseController, Constants, isEnterprise, SysSettingsService } from "@certd/lib-server";
import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core"; import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
import { PasskeyService } from "../../../modules/login/service/passkey-service.js"; import { PasskeyService } from "../../../modules/login/service/passkey-service.js";
import { RoleService } from "../../../modules/sys/authority/service/role-service.js"; import { RoleService } from "../../../modules/sys/authority/service/role-service.js";
@@ -54,7 +54,9 @@ export class MineController extends BaseController {
delete user.password; delete user.password;
//@ts-ignore //@ts-ignore
user.needInitPassword = needInitPassword; user.needInitPassword = needInitPassword;
//@ts-ignore
user.needInitAccount = false;
if (!isEnterprise()) {
const existingAccess = await this.accessService.findOne({ const existingAccess = await this.accessService.findOne({
where: { type: "acmeAccount", subtype: "letsencrypt", userId }, where: { type: "acmeAccount", subtype: "letsencrypt", userId },
}); });
@@ -62,6 +64,8 @@ export class MineController extends BaseController {
//@ts-ignore //@ts-ignore
user.needInitAccount = true; user.needInitAccount = true;
} }
}
return this.ok(user); return this.ok(user);
} }
@@ -146,8 +150,7 @@ export class MineController extends BaseController {
@Post("/accountInit", { description: Constants.per.authOnly, summary: "初始化Let's Encrypt ACME账号和邮件通知" }) @Post("/accountInit", { description: Constants.per.authOnly, summary: "初始化Let's Encrypt ACME账号和邮件通知" })
public async accountInit(@Body("email") email?: string) { public async accountInit(@Body("email") email?: string) {
const { projectId, userId } = await this.getProjectUserIdWrite(); let userId = this.getUserId();
let userEmail = email; let userEmail = email;
let user: any = null; let user: any = null;
if (!userEmail) { if (!userEmail) {
@@ -169,10 +172,10 @@ export class MineController extends BaseController {
await this.emailService.add(userId, userEmail); await this.emailService.add(userId, userEmail);
await this.notificationService.getOrCreateDefault(userEmail, userId, projectId); await this.notificationService.getOrCreateDefault(userEmail, userId);
const getAccessById = this.accessService.getById.bind(this.accessService); const getAccessById = this.accessService.getById.bind(this.accessService);
const accessGetter = new AccessGetter(userId, projectId, getAccessById); const accessGetter = new AccessGetter(userId, undefined, getAccessById);
const accessContext = { const accessContext = {
http, http,
logger, logger,
@@ -187,7 +190,7 @@ export class MineController extends BaseController {
type: "acmeAccount", type: "acmeAccount",
name: "Let's Encrypt", name: "Let's Encrypt",
userId, userId,
projectId, projectId:undefined,
setting: JSON.stringify({ setting: JSON.stringify({
caType: "letsencrypt", caType: "letsencrypt",
email: userEmail, email: userEmail,
@@ -16,7 +16,7 @@ export class AliyunDnsProvider extends AbstractDnsProvider {
async onInstance() { async onInstance() {
const access: AliyunAccess = this.ctx.access as AliyunAccess; const access: AliyunAccess = this.ctx.access as AliyunAccess;
this.client = new AliyunClient({ logger: this.logger, importRuntime: access.importRuntime.bind(access) }); this.client = new AliyunClient({ logger: this.logger, importRuntime: this.importRuntime.bind(this) });
await this.client.init({ await this.client.init({
accessKeyId: access.accessKeyId, accessKeyId: access.accessKeyId,
accessKeySecret: access.accessKeySecret, accessKeySecret: access.accessKeySecret,
@@ -114,14 +114,20 @@ export class AsiaIspClient {
if (response.code !== "0") { if (response.code !== "0") {
this.logger.error(`接口请求失败: code=${response.code}, msg=${response.msg}`); this.logger.error(`接口请求失败: code=${response.code}, msg=${response.msg}`);
throw new Error(response.msg || "接口请求失败"); const e= new Error(response.msg || "接口请求失败");
// @ts-ignore
e.errorCode = response.code;
throw e;
} }
return response; return response;
} catch (error: any) { } catch (error: any) {
if (error.message && !error.message.includes("接口请求失败")) { const response = error.response
this.logger.error(`接口请求异常: ${error.message}`); if (response && response.data) {
throw new Error(`接口请求异常: ${error.message}`); const e = new Error(response.data.msg || error.message || "接口请求失败");
// @ts-ignore
e.errorCode = response.data.code;
throw e;
} }
throw error; throw error;
} }
@@ -189,7 +195,7 @@ export class AsiaIspClient {
return certId; return certId;
} catch (e: any) { } catch (e: any) {
const msg = e.message || ""; const msg = e.message || "";
const isExists = msg.includes("Certificate already exists") || e.code === "80003" || msg.includes("Certificate note name already exists") || e.code === "80010"; const isExists = msg.includes("Certificate already exists") || e.errorCode === "80003" || msg.includes("Certificate note name already exists") || e.errorCode === "80010";
//返回数据: {"code":"80010","msg":"Certificate note name already exists","data":null} //返回数据: {"code":"80010","msg":"Certificate note name already exists","data":null}
if (!isExists) { if (!isExists) {
throw e; throw e;
@@ -199,7 +205,7 @@ export class AsiaIspClient {
const list = await this.getCertList(); const list = await this.getCertList();
const found = list.find((item: any) => item.name === certName); const found = list.find((item: any) => item.name === certName);
if (!found) { if (!found) {
throw new Error(`证书已存在但无法查询到: ${certName}`); throw new Error(`证书已存在但无法查询到: 请重新申请一份证书,或者将已有证书名称修改为:${certName}`);
} }
const certId = Number(found.certId); const certId = Number(found.certId);
this.logger.info(`复用已有证书,证书ID: ${certId}`); this.logger.info(`复用已有证书,证书ID: ${certId}`);
@@ -224,6 +230,7 @@ export class AsiaIspClient {
* PUT /openapi/v3/stat?action=domainModify * PUT /openapi/v3/stat?action=domainModify
*/ */
async deployCertToDomain(req: { domain: string; certId: number; protocol: string }): Promise<void> { async deployCertToDomain(req: { domain: string; certId: number; protocol: string }): Promise<void> {
try {
await this.doRequest({ await this.doRequest({
method: "PUT", method: "PUT",
action: "domainModify", action: "domainModify",
@@ -233,6 +240,13 @@ export class AsiaIspClient {
protocol: req.protocol || "https", protocol: req.protocol || "https",
}, },
}); });
} catch (e: any) {
if (e.errorCode === "50024") {
this.logger.info(`域名 ${req.domain} 已绑定该证书 ${req.certId},无需重复绑定`);
return;
}
throw e
}
this.logger.info(`部署证书到域名成功: ${req.domain}, certId=${req.certId}`); this.logger.info(`部署证书到域名成功: ${req.domain}, certId=${req.certId}`);
} }
} }
@@ -1,21 +1,107 @@
// 导入所需的 SDK 模块 // 导入所需的 SDK 模块
import { AwsCNAccess } from "../access.js"; import { AwsCNAccess } from "../access.js";
import { CertInfo } from "@certd/plugin-cert"; import { CertInfo } from "@certd/plugin-cert";
import { ILogger } from "@certd/basic";
type AwsIAMClientOptions = { access: AwsCNAccess; region: string }; type AwsIAMClientOptions = { access: AwsCNAccess; region: string; logger?: ILogger };
// IAM ListServerCertificates 返回的证书元信息(仅保留本插件用到的字段)
export type ServerCertificateMetadata = {
ServerCertificateName?: string;
ServerCertificateId?: string;
Expiration?: Date | string;
};
/**
* PEM
* 使 lookbehind -----END CERTIFICATE-----
* PEMAWS MalformedCertificate
*/
export function splitCertAndChain(crt: string): { cert: string; chain: string } {
const pemBlocks = crt.split(/(?<=-----END CERTIFICATE-----)/);
const cert = pemBlocks[0].trim();
const chain = pemBlocks.slice(1).join("").trim();
return { cert, chain };
}
/**
* IAM "本次被替换掉"
* distribution
* / IAM
*
* - ServerCertificateId targetCertIds CloudFront
* - excludeCertId
* ServerCertificateName
*/
export function pickReplacedCertNames(params: { metadataList: ServerCertificateMetadata[]; targetCertIds: Set<string> | string[]; excludeCertId?: string }): string[] {
const { metadataList, targetCertIds, excludeCertId } = params;
const targetIdSet = targetCertIds instanceof Set ? targetCertIds : new Set(targetCertIds);
const names = new Set<string>();
for (const metadata of metadataList) {
const certId = metadata.ServerCertificateId;
const certName = metadata.ServerCertificateName;
if (!certId || !certName) {
continue;
}
if (!targetIdSet.has(certId)) {
continue;
}
if (excludeCertId && certId === excludeCertId) {
continue;
}
names.add(certName);
}
return [...names];
}
// CloudFront ViewerCertificate 字段(仅保留本插件用到的字段)
export type ViewerCertificate = {
CloudFrontDefaultCertificate?: boolean;
ACMCertificateArn?: string;
IAMCertificateId?: string;
Certificate?: string;
CertificateSource?: string;
SSLSupportMethod?: string;
MinimumProtocolVersion?: string;
};
/**
* ViewerCertificate 使 IAM
* - CloudFront ACMCertificateArnIAMCertificateIdCloudFrontDefaultCertificate
* IAM CloudFrontDefaultCertificate false ACMCertificateArn
* - Certificate/CertificateSource AWS ACM
* - SSLSupportMethod sni-onlyAWS CloudFront SNI vipIP
* 沿 vip "The parameter ViewerCertificate with the specified SSL support method isn't available in this region"
* - MinimumProtocolVersion 沿
*/
export function buildIamViewerCertificate(params: { oldViewerCertificate?: ViewerCertificate; certId: string }): ViewerCertificate {
const { oldViewerCertificate, certId } = params;
const old = oldViewerCertificate || {};
return {
CloudFrontDefaultCertificate: false,
IAMCertificateId: certId,
SSLSupportMethod: "sni-only",
MinimumProtocolVersion: old.MinimumProtocolVersion || "TLSv1.2_2021",
};
}
export class AwsIAMClient { export class AwsIAMClient {
options: AwsIAMClientOptions; options: AwsIAMClientOptions;
access: AwsCNAccess; access: AwsCNAccess;
region: string; region: string;
logger?: ILogger;
constructor(options: AwsIAMClientOptions) { constructor(options: AwsIAMClientOptions) {
this.options = options; this.options = options;
this.access = options.access; this.access = options.access;
this.region = options.region; this.region = options.region;
this.logger = options.logger;
} }
async importCertificate(certInfo: CertInfo, certName: string) {
// 创建 IAM 客户端 // 统一创建 IAM 客户端,供上传/查询/删除复用
const { IAMClient, UploadServerCertificateCommand } = await this.access.importRuntime("@aws-sdk/client-iam"); private async createIamClient() {
const iamModule = await this.access.importRuntime("@aws-sdk/client-iam");
const { IAMClient } = iamModule;
const iamClient = new IAMClient({ const iamClient = new IAMClient({
region: this.region, // 替换为您的 AWS 区域 region: this.region, // 替换为您的 AWS 区域
credentials: { credentials: {
@@ -23,20 +109,99 @@ export class AwsIAMClient {
secretAccessKey: this.access.secretAccessKey, secretAccessKey: this.access.secretAccessKey,
}, },
}); });
return { iamClient, iamModule };
}
const cert = certInfo.crt.split("-----END CERTIFICATE-----")[0] + "-----END CERTIFICATE-----"; async importCertificate(certInfo: CertInfo, certName: string) {
const chain = certInfo.crt.split("-----END CERTIFICATE-----\n")[1]; const { iamClient, iamModule } = await this.createIamClient();
const { UploadServerCertificateCommand } = iamModule;
const { cert, chain } = splitCertAndChain(certInfo.crt);
// 构建上传参数 // 构建上传参数
const command = new UploadServerCertificateCommand({ const command = new UploadServerCertificateCommand({
Path: "/cloudfront/", Path: "/cloudfront/",
ServerCertificateName: certName, ServerCertificateName: certName,
CertificateBody: cert, CertificateBody: cert,
PrivateKey: certInfo.key, PrivateKey: certInfo.key,
CertificateChain: chain, CertificateChain: chain || undefined,
}); });
try {
const data = await iamClient.send(command); const data = await iamClient.send(command);
console.log("Upload successful:", data);
// 返回证书 ID // 返回证书 ID
return data.ServerCertificateMetadata.ServerCertificateId; return data.ServerCertificateMetadata.ServerCertificateId;
} catch (err) {
const message = err.message || String(err);
const requestId = err.$metadata?.requestId || err.requestId;
console.error(`IAM 调用失败: ${message}, requestId: ${requestId}`);
throw err;
}
}
// 拉取 /cloudfront/ path 下的全部 server certificate 元信息(处理分页)
async listCloudFrontServerCertificates(): Promise<ServerCertificateMetadata[]> {
const { iamClient, iamModule } = await this.createIamClient();
const { ListServerCertificatesCommand } = iamModule;
const metadataList: ServerCertificateMetadata[] = [];
let marker: string | undefined = undefined;
do {
const command = new ListServerCertificatesCommand({
PathPrefix: "/cloudfront/",
Marker: marker,
});
const data: any = await iamClient.send(command);
const pageList: ServerCertificateMetadata[] = data.ServerCertificateMetadataList || [];
metadataList.push(...pageList);
marker = data.IsTruncated ? data.Marker : undefined;
} while (marker);
return metadataList;
}
// 按名称删除 IAM server certificate
async deleteServerCertificate(serverCertificateName: string) {
const { iamClient, iamModule } = await this.createIamClient();
const { DeleteServerCertificateCommand } = iamModule;
const command = new DeleteServerCertificateCommand({
ServerCertificateName: serverCertificateName,
});
await iamClient.send(command);
}
/**
*
* distribution IAM
* CloudFront DeleteConflict
*
*/
async deleteReplacedCerts(params: { oldCertIds: Set<string> | string[]; newCertId?: string }) {
const { oldCertIds, newCertId } = params;
const targetIdSet = oldCertIds instanceof Set ? oldCertIds : new Set(oldCertIds);
if (targetIdSet.size === 0) {
return;
}
const metadataList = await this.listCloudFrontServerCertificates();
const replacedCertNames = pickReplacedCertNames({
metadataList,
targetCertIds: targetIdSet,
excludeCertId: newCertId,
});
if (replacedCertNames.length === 0) {
this.logger?.info("没有需要清理的旧证书");
return;
}
for (const certName of replacedCertNames) {
try {
await this.deleteServerCertificate(certName);
this.logger?.info(`已删除被替换的旧证书: ${certName}`);
} catch (err: any) {
const message = err?.message || String(err);
this.logger?.warn(`删除旧证书失败(可能仍被其他分配引用),已跳过: ${certName}, 原因: ${message}`);
}
}
} }
} }
@@ -1,7 +1,7 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline"; import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert"; import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
import { AwsCNAccess } from "../access.js"; import { AwsCNAccess } from "../access.js";
import { AwsIAMClient } from "../libs/aws-iam-client.js"; import { AwsIAMClient, buildIamViewerCertificate } from "../libs/aws-iam-client.js";
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib"; import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import { AwsCNRegions } from "../constants.js"; import { AwsCNRegions } from "../constants.js";
@@ -77,10 +77,19 @@ export class AwsCNDeployToCloudFront extends AbstractTaskPlugin {
async execute(): Promise<void> { async execute(): Promise<void> {
const access = await this.getAccess<AwsCNAccess>(this.accessId); const access = await this.getAccess<AwsCNAccess>(this.accessId);
const iamClient = new AwsIAMClient({
access,
region: this.region,
logger: this.logger,
});
// 本次是否真正上传了新证书(cert 为字符串时表示直接使用已有证书ID,不涉及替换过期旧证书)
const uploadedNewCert = typeof this.cert !== "string";
let certId = this.cert as string; let certId = this.cert as string;
if (typeof this.cert !== "string") { if (uploadedNewCert) {
//先上传 //先上传
certId = await this.uploadToIAM(access, this.cert); certId = await this.uploadToIAM(iamClient, this.cert as CertInfo);
} }
//部署到CloudFront //部署到CloudFront
@@ -93,6 +102,9 @@ export class AwsCNDeployToCloudFront extends AbstractTaskPlugin {
}, },
}); });
// 记录每个分配部署前引用的旧 IAM 证书ID,部署完成后清理其中已过期的
const oldCertIds = new Set<string>();
// update-distribution // update-distribution
for (const distributionId of this.distributionIds) { for (const distributionId of this.distributionIds) {
// get-distribution-config // get-distribution-config
@@ -100,30 +112,61 @@ export class AwsCNDeployToCloudFront extends AbstractTaskPlugin {
Id: distributionId, Id: distributionId,
}); });
const configData = await cloudFrontClient.send(getDistributionConfigCommand); const configData: any = await this.sendCloudFrontCommand(() => cloudFrontClient.send(getDistributionConfigCommand), `获取CloudFront配置(${distributionId})`);
const oldViewerCertificate = configData.DistributionConfig?.ViewerCertificate;
const oldCertId = oldViewerCertificate?.IAMCertificateId;
if (oldCertId) {
oldCertIds.add(oldCertId);
}
// 使用干净的 IAM ViewerCertificate,避免与旧的 ACM/默认证书字段冲突导致 InvalidViewerCertificate
const viewerCertificate = buildIamViewerCertificate({ oldViewerCertificate, certId });
const updateDistributionCommand = new UpdateDistributionCommand({ const updateDistributionCommand = new UpdateDistributionCommand({
DistributionConfig: { DistributionConfig: {
...configData.DistributionConfig, ...configData.DistributionConfig,
ViewerCertificate: { ViewerCertificate: viewerCertificate,
...configData.DistributionConfig.ViewerCertificate,
IAMCertificateId: certId,
},
}, },
Id: distributionId, Id: distributionId,
IfMatch: configData.ETag, IfMatch: configData.ETag,
}); });
await cloudFrontClient.send(updateDistributionCommand); await this.sendCloudFrontCommand(() => cloudFrontClient.send(updateDistributionCommand), `更新CloudFront证书(${distributionId})`);
this.logger.info(`部署${distributionId}完成:`); this.logger.info(`部署${distributionId}完成:`);
} }
this.logger.info("部署完成"); this.logger.info("部署完成");
// 仅当本次上传了新证书时,清理被替换掉的旧证书(无论是否过期);清理失败不影响部署结果
if (uploadedNewCert) {
try {
await iamClient.deleteReplacedCerts({ oldCertIds, newCertId: certId });
} catch (err: any) {
this.logger.warn(`清理旧证书失败,已忽略: ${err?.message || err}`);
}
}
} }
private async uploadToIAM(access: AwsCNAccess, cert: CertInfo) { /**
const acmClient = new AwsIAMClient({ * CloudFront
access, * AWS AccessDenied / not authorized
region: this.region, * IAM CloudFront IAM 便 AWS
}); */
const awsCertID = await acmClient.importCertificate(cert, this.appendTimeSuffix(this.certName)); private async sendCloudFrontCommand<T>(action: () => Promise<T>, actionDesc: string): Promise<T> {
try {
return await action();
} catch (err: any) {
const message = err?.message || String(err);
const isAuthError = err?.name === "AccessDenied" || /not authorized to perform|no identity-based policy/i.test(message);
if (isAuthError) {
const requiredPermissions = ["cloudfront:ListDistributions", "cloudfront:GetDistributionConfig", "cloudfront:UpdateDistribution", "iam:UploadServerCertificate"].join("、");
throw new Error(`${actionDesc}失败:AWS 账号权限不足,请为该 IAM 用户附加 CloudFront 部署所需权限(${requiredPermissions})。原始错误:${message}`);
}
throw err;
}
}
private async uploadToIAM(iamClient: AwsIAMClient, cert: CertInfo) {
const awsCertID = await iamClient.importCertificate(cert, this.appendTimeSuffix(this.certName));
this.logger.info("证书上传成功,id=", awsCertID); this.logger.info("证书上传成功,id=", awsCertID);
return awsCertID; return awsCertID;
} }
@@ -100,7 +100,7 @@ export abstract class CertApplyBaseConvertPlugin extends AbstractTaskPlugin {
} }
this._result.pipelinePrivateVars.cert = cert; this._result.pipelinePrivateVars.cert = cert;
if (isNew || !cert.pfx || !cert.der || !cert.jks || !cert.p7b) { if (isNew || !cert.pfx) {
try { try {
const converter = new CertConverter({ logger: this.logger }); const converter = new CertConverter({ logger: this.logger });
const res = await converter.convert({ const res = await converter.convert({
@@ -88,6 +88,7 @@ export class VolcengineDeployToVOD extends AbstractTaskPlugin {
@TaskInput({ @TaskInput({
title: "源站类型", title: "源站类型",
helper: "选择源站类型", helper: "选择源站类型",
value: 1,
component: { component: {
name: "a-select", name: "a-select",
vModel: "value", vModel: "value",
@@ -95,7 +96,6 @@ export class VolcengineDeployToVOD extends AbstractTaskPlugin {
{ value: 1, label: "点播源站" }, { value: 1, label: "点播源站" },
{ value: 2, label: "自定义源站" }, { value: 2, label: "自定义源站" },
], ],
value: 1,
helper: "注意:封面加速域名不支持自定义源站", helper: "注意:封面加速域名不支持自定义源站",
}, },
required: false, required: false,
+1 -1
View File
@@ -1 +1 @@
19:31 20:04
+1 -1
View File
@@ -1 +1 @@
21:41 21:15