v1.39.0

build: prepare to build
fix: 修复京东云域名申请证书报错的bug
2026-04-07 08:20:54 +08:00 · 2026-03-08 01:17:39 +08:00 · 2026-03-08 01:15:23 +08:00 · 2026-03-08 01:14:33 +08:00 · 2026-03-08 00:48:29 +08:00 · 2026-03-05 00:11:08 +08:00
76 changed files with 587 additions and 191 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+* AI开发插件 skills 定义初步 ([1f68fad](https://github.com/certd/certd/commit/1f68faddb97a978c5a5e731a8895b4bb0587ad83))
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 ### Bug Fixes
--- a/lerna.json
+++ b/lerna.json
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.38.12"
+  "version": "1.39.0"
 }
--- a/packages/core/acme-client/CHANGELOG.md
+++ b/packages/core/acme-client/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/publishlab/node-acme-client/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.38.12](https://github.com/publishlab/node-acme-client/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/acme-client
--- a/packages/core/acme-client/package.json
+++ b/packages/core/acme-client/package.json
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.38.12",
+    "version": "1.39.0",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.38.12",
+        "@certd/basic": "^1.39.0",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
--- a/packages/core/basic/CHANGELOG.md
+++ b/packages/core/basic/CHANGELOG.md
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Performance Improvements
+
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/basic
--- a/packages/core/basic/build.md
+++ b/packages/core/basic/build.md
@@ -1 +1 @@
-23:18
+01:15
--- a/packages/core/basic/package.json
+++ b/packages/core/basic/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
--- a/packages/core/pipeline/CHANGELOG.md
+++ b/packages/core/pipeline/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/pipeline
--- a/packages/core/pipeline/package.json
+++ b/packages/core/pipeline/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/basic": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
--- a/packages/core/pipeline/src/plugin/api.ts
+++ b/packages/core/pipeline/src/plugin/api.ts
@@ -170,9 +170,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
    }

    if (this.ctx?.define?.onlyAdmin) {
-      if (!this.isAdmin()) {
-        throw new Error("只有管理员才能运行此任务");
-      }
+      this.checkAdmin();
    }
  }

@@ -284,6 +282,12 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
    return this.ctx.user.role === "admin";
  }

+  checkAdmin() {
+    if (!this.isAdmin()) {
+      throw new Error("只有“管理员”或“系统级项目”才有权限运行此插件任务");
+    }
+  }
+
  getStepFromPipeline(stepId: string) {
    let found: any = null;
    RunnableCollection.each(this.ctx.pipeline.stages, step => {
--- a/packages/libs/lib-huawei/CHANGELOG.md
+++ b/packages/libs/lib-huawei/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-huawei
--- a/packages/libs/lib-huawei/package.json
+++ b/packages/libs/lib-huawei/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
--- a/packages/libs/lib-iframe/CHANGELOG.md
+++ b/packages/libs/lib-iframe/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-iframe
--- a/packages/libs/lib-iframe/package.json
+++ b/packages/libs/lib-iframe/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
--- a/packages/libs/lib-jdcloud/CHANGELOG.md
+++ b/packages/libs/lib-jdcloud/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/jdcloud
--- a/packages/libs/lib-jdcloud/package.json
+++ b/packages/libs/lib-jdcloud/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
--- a/packages/libs/lib-k8s/CHANGELOG.md
+++ b/packages/libs/lib-k8s/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-k8s
--- a/packages/libs/lib-k8s/package.json
+++ b/packages/libs/lib-k8s/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
--- a/packages/libs/lib-server/CHANGELOG.md
+++ b/packages/libs/lib-server/CHANGELOG.md
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-server
--- a/packages/libs/lib-server/package.json
+++ b/packages/libs/lib-server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
--- a/packages/libs/lib-server/src/basic/base-controller.ts
+++ b/packages/libs/lib-server/src/basic/base-controller.ts
@@ -83,7 +83,7 @@ export abstract class BaseController {
    let userId = this.getUserId()
    const projectId = await this.getProjectId(permission)
    if(projectId){
-      userId = 0
+      userId = -1 // 企业管理模式下，用户id固定-1
    }
    return {
      projectId,userId
@@ -118,7 +118,7 @@ export abstract class BaseController {
      if(allowAdmin){
        await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
      }else{
-        await authService.checkUserId(this.ctx, service, id);
+        await authService.checkUserId( service, id, userId);
      }
    }
    return {projectId,userId}
--- a/packages/libs/lib-server/src/basic/base-service.ts
+++ b/packages/libs/lib-server/src/basic/base-service.ts
@@ -258,12 +258,12 @@ export abstract class BaseService<T> {

 export function checkUserProjectParam(userId: number, projectId: number) {
  if (projectId != null ){
-    if( userId !==0) {
+    if( userId !==-1) {
      throw new ValidateException('userId projectId 错误');
    }
    return true
  }else{
-    if( userId > 0) {
+    if( userId != null) {
      return true
    }
     throw new ValidateException('userId不能为空');
--- a/packages/libs/lib-server/src/user/access/entity/access.ts
+++ b/packages/libs/lib-server/src/user/access/entity/access.ts
@@ -8,7 +8,7 @@ export class AccessEntity {
  @PrimaryGeneratedColumn()
  id: number;
  @Column({ name: 'user_id', comment: '用户id' })
-  userId: number;
+  userId: number; // 0为系统级别, -1为企业，大于1为用户
  @Column({ comment: '名称', length: 100 })
  name: string;

@@ -24,9 +24,6 @@ export class AccessEntity {
  @Column({ name: 'project_id', comment: '项目id' })
  projectId: number;

-  @Column({ comment: '权限等级', length: 100 })
-  level: string; // user common system
-
  @Column({
    name: 'create_time',
    comment: '创建时间',
--- a/packages/libs/midway-flyway-js/CHANGELOG.md
+++ b/packages/libs/midway-flyway-js/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/midway-flyway-js
--- a/packages/libs/midway-flyway-js/package.json
+++ b/packages/libs/midway-flyway-js/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
--- a/packages/plugins/plugin-cert/CHANGELOG.md
+++ b/packages/plugins/plugin-cert/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/plugin-cert
--- a/packages/plugins/plugin-cert/package.json
+++ b/packages/plugins/plugin-cert/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
--- a/packages/plugins/plugin-lib/CHANGELOG.md
+++ b/packages/plugins/plugin-lib/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/plugin-lib
--- a/packages/plugins/plugin-lib/package.json
+++ b/packages/plugins/plugin-lib/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
--- a/packages/ui/certd-client/CHANGELOG.md
+++ b/packages/ui/certd-client/CHANGELOG.md
@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 ### Bug Fixes
--- a/packages/ui/certd-client/package.json
+++ b/packages/ui/certd-client/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/lib-iframe": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
--- a/packages/ui/certd-client/src/locales/langs/en-US/certd.ts
+++ b/packages/ui/certd-client/src/locales/langs/en-US/certd.ts
@@ -220,6 +220,7 @@ export default {
    myProjectDetail: "Project Detail",
    projectJoin: "Join Project",
    currentProject: "Current Project",
+    projectMemberManager: "Project Member",
  },
  certificateRepo: {
    title: "Certificate Repository",
@@ -822,6 +823,9 @@ export default {
      admin: "Admin",
    },
    projectMemberStatus: "Member Status",
+
+    isSystem: "Is System Project",
+    isSystemHelper: "System-level projects allow running admin plugins",
  },
  project: {
    noProjectJoined: "You haven't joined any projects yet",
@@ -839,6 +843,7 @@ export default {
    applyJoinConfirm: "Are you sure you want to apply to join this project?",
    leaveConfirm: "Are you sure you want to leave this project?",
    viewDetail: "View Detail",
+    projectManage: "Project Manage",
  },
  addonSelector: {
    select: "Select",
--- a/packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts
+++ b/packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts
@@ -220,12 +220,12 @@ export default {
    netTest: "网络测试",
    enterpriseManager: "企业管理设置",
    projectManager: "项目管理",
-    projectDetail: "项目详情",
    enterpriseSetting: "企业设置",
    myProjectManager: "我的项目",
    myProjectDetail: "项目详情",
    projectJoin: "加入项目",
    currentProject: "当前项目",
+    projectMemberManager: "项目成员管理",
  },
  certificateRepo: {
    title: "证书仓库",
@@ -838,6 +838,9 @@ export default {
      admin: "管理员",
    },
    projectMemberStatus: "成员状态",
+
+    isSystem: "是否系统项目",
+    isSystemHelper: "系统级项目允许运行管理员插件",
  },
  project: {
    noProjectJoined: "您还没有加入任何项目",
@@ -855,5 +858,6 @@ export default {
    applyJoinConfirm: "确认加入项目？",
    leaveConfirm: "确认退出项目？",
    viewDetail: "查看详情",
+    projectManage: "项目管理",
  },
 };
--- a/packages/ui/certd-client/src/router/source/modules/certd.ts
+++ b/packages/ui/certd-client/src/router/source/modules/certd.ts
@@ -29,21 +29,6 @@ export const certdResources = [
          auth: true,
        },
      },
-      {
-        title: "certd.sysResources.currentProject",
-        name: "CurrentProject",
-        path: "/certd/project/detail",
-        component: "/certd/project/detail/index.vue",
-        meta: {
-          show: () => {
-            const projectStore = useProjectStore();
-            return projectStore.isEnterprise;
-          },
-          isMenu: true,
-          icon: "ion:apps",
-          auth: true,
-        },
-      },
      {
        title: "certd.sysResources.projectJoin",
        name: "ProjectJoin",
@@ -278,6 +263,21 @@ export const certdResources = [
              isMenu: false,
            },
          },
+          {
+            title: "certd.sysResources.projectMemberManager",
+            name: "ProjectMemberManager",
+            path: "/certd/project/detail",
+            component: "/certd/project/detail/index.vue",
+            meta: {
+              show: () => {
+                const projectStore = useProjectStore();
+                return projectStore.isEnterprise;
+              },
+              isMenu: true,
+              icon: "ion:apps",
+              auth: true,
+            },
+          },
        ],
      },
      {
--- a/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx
@@ -143,7 +143,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            order: 10,
          },
          valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
          },
        },
        ...commonColumnsDefine,
--- a/packages/ui/certd-client/src/views/certd/access/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/access/crud.tsx
@@ -121,7 +121,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            order: 10,
          },
          valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
          },
        },
        ...commonColumnsDefine,
--- a/packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx
@@ -734,7 +734,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            }),
          },
          column: {
-            width: 100,
+            width: 140,
            sorter: true,
            align: "center",
          },
@@ -757,7 +757,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            helper: t("monitor.ipSyncModeHelper"),
          },
          column: {
-            width: 100,
+            width: 140,
            sorter: true,
            align: "center",
          },
@@ -779,7 +779,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            helper: t("monitor.ipIgnoreCoherenceHelper"),
          },
          column: {
-            width: 100,
+            width: 180,
            sorter: true,
            align: "center",
          },
--- a/packages/ui/certd-client/src/views/certd/pipeline/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/pipeline/crud.tsx
@@ -16,13 +16,16 @@ import { useCertViewer } from "/@/views/certd/pipeline/use";
 import { useI18n } from "/src/locales";
 import { useDicts } from "../dicts";
 import { useProjectStore } from "/@/store/project";
+import { useCrudPermission } from "/@/plugin/permission";

-export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, hasActionPermission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
+export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, permission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
  const lastResRef = ref();

  const { t } = useI18n();

+  const { hasActionPermission } = useCrudPermission({ permission });
+
  const { openUploadCreateDialog } = useCertUpload();

  const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
--- a/packages/ui/certd-client/src/views/certd/project/join.vue
+++ b/packages/ui/certd-client/src/views/certd/project/join.vue
@@ -7,7 +7,7 @@
      </div>

      <div class="more">
-        <a-button v-if="userStore.isAdmin" @click="goProjectManager">{{ t("certd.project.projectManager") }}</a-button>
+        <a-button v-if="userStore.isAdmin" type="primary" @click="goProjectManager">{{ t("certd.project.projectManage") }}</a-button>
      </div>
    </template>
    <div class="project-container">
--- a/packages/ui/certd-client/src/views/sys/enterprise/project/crud.tsx
+++ b/packages/ui/certd-client/src/views/sys/enterprise/project/crud.tsx
@@ -90,35 +90,21 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            },
          },
        },
-        disabled: {
-          title: t("certd.disabled"),
+        isSystem: {
+          title: t("certd.ent.isSystem"),
          type: "dict-switch",
          dict: dict({
            data: [
-              { label: t("certd.enabled"), value: false, color: "success" },
-              { label: t("certd.disabledLabel"), value: true, color: "error" },
+              { label: t("common.yes"), value: true, color: "success" },
+              { label: t("common.no"), value: false, color: "error" },
            ],
          }),
          form: {
-            value: false,
+            value: true,
+            helper: t("certd.ent.isSystemHelper"),
          },
          column: {
-            width: 100,
-            component: {
-              title: t("certd.clickToToggle"),
-              on: {
-                async click({ value, row }) {
-                  Modal.confirm({
-                    title: t("certd.prompt"),
-                    content: t("certd.confirmToggleStatus", { action: !value ? t("certd.disable") : t("certd.enable") }),
-                    onOk: async () => {
-                      await api.SetDisabled(row.id, !value);
-                      await crudExpose.doRefresh();
-                    },
-                  });
-                },
-              },
-            },
+            width: 150,
          },
        },
        adminId: {
--- a/packages/ui/certd-client/src/views/sys/settings/tabs/mode.vue
+++ b/packages/ui/certd-client/src/views/sys/settings/tabs/mode.vue
@@ -9,6 +9,7 @@
        <div class="helper">SaaS模式：每个用户管理自己的流水线和授权资源，独立使用。</div>
        <div class="helper">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
        <div class="helper text-red-500">建议在开始使用时固定一个合适的模式，之后就不要随意切换了。</div>
+        <div v-if="settingsStore.isComm" class="helper text-red-500">商业版不建议设置为企业模式，除非你确定要转成企业内部使用</div>
        <div><a @click="adminModeIntroOpen = true"> 更多管理模式介绍</a></div>
      </a-form-item>

--- a/packages/ui/certd-server/.env.dev-mysql.yaml
+++ b/packages/ui/certd-server/.env.dev-mysql.yaml
@@ -6,7 +6,7 @@ typeorm:
    default:
      type: mysql # mariadb
      host: localhost
-      port: 3309
+      port: 3308
      username: root
      password: root
      database: certd
--- a/packages/ui/certd-server/CHANGELOG.md
+++ b/packages/ui/certd-server/CHANGELOG.md
@@ -3,6 +3,27 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/ui-server
--- a/packages/ui/certd-server/db/migration-mysql/v10038__admin_mode.sql
+++ b/packages/ui/certd-server/db/migration-mysql/v10038__admin_mode.sql
@@ -0,0 +1,118 @@
+
+CREATE TABLE `cd_project`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `name`        varchar(512) NOT NULL,
+  `admin_id`    bigint      NOT NULL,
+  `disabled`    boolean      NOT NULL DEFAULT false,
+  `is_system`   boolean      NOT NULL DEFAULT false,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_project_user_id` ON `cd_project` (`user_id`);
+CREATE INDEX `index_project_admin_id` ON `cd_project` (`admin_id`);
+INSERT INTO cd_project (id, user_id, `admin_id`, `name`, `disabled`, `is_system`) VALUES (1, -1, 1,'default', false,false);
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cert_project_id` ON `cd_cert_info` (`project_id`);
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_project_id` ON `cd_site_info` (`project_id`);
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_ip_project_id` ON `cd_site_ip` (`project_id`);
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX `index_open_key_project_id` ON `cd_open_key` (`project_id`);
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX `index_access_project_id` ON `cd_access` (`project_id`);
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX `index_addon_project_id` ON `cd_addon` (`project_id`);
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_project_id` ON `pi_pipeline` (`project_id`);
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_group_project_id` ON `pi_pipeline_group` (`project_id`);
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX `index_storage_project_id` ON `pi_storage` (`project_id`);
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX `index_notification_project_id` ON `pi_notification` (`project_id`);
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_project_id` ON `pi_history` (`project_id`);
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_log_project_id` ON `pi_history_log` (`project_id`);
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX `index_template_project_id` ON `pi_template` (`project_id`);
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_sub_domain_project_id` ON `pi_sub_domain` (`project_id`);
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cname_record_project_id` ON `cd_cname_record` (`project_id`);
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_domain_project_id` ON `cd_domain` (`project_id`);
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX `index_user_settings_project_id` ON `user_settings` (`project_id`);
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_group_project_id` ON `cd_group` (`project_id`);
+
+
+
+
+CREATE TABLE `cd_project_member`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `permission`  varchar(128) NOT NULL DEFAULT 'read',
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX `index_project_member_user_id` ON `cd_project_member` (`user_id`);
+CREATE INDEX `index_project_member_project_id` ON `cd_project_member` (`project_id`);
+
+
+CREATE TABLE `cd_audit_log`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `username`    varchar(128) NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `project_name` varchar(512) NOT NULL,
+  `type`        varchar(128) NOT NULL,
+  `action`      varchar(128) NOT NULL DEFAULT 'read',
+  `content`     longtext         NOT NULL,
+  `ip_address`  varchar(128) NOT NULL,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_audit_log_user_id` ON `cd_audit_log` (`user_id`);
+CREATE INDEX `index_audit_log_project_id` ON `cd_audit_log` (`project_id`);
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+
+
+ALTER TABLE `cd_project` ENGINE = InnoDB;
+ALTER TABLE `cd_project_member` ENGINE = InnoDB;
+ALTER TABLE `cd_audit_log` ENGINE = InnoDB;
--- a/packages/ui/certd-server/db/migration-pg/v10038__admin_mode.sql
+++ b/packages/ui/certd-server/db/migration-pg/v10038__admin_mode.sql
@@ -0,0 +1,116 @@
+
+CREATE TABLE "cd_project"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "name"        varchar(512) NOT NULL,
+  "admin_id"    bigint      NOT NULL,
+  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
+CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);
+select setval('cd_project_id_seq', 1);
+
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_project_id" ON "cd_site_info" ("project_id");
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_ip_project_id" ON "cd_site_ip" ("project_id");
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX "index_open_key_project_id" ON "cd_open_key" ("project_id");
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX "index_access_project_id" ON "cd_access" ("project_id");
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX "index_addon_project_id" ON "cd_addon" ("project_id");
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_project_id" ON "pi_pipeline" ("project_id");
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_group_project_id" ON "pi_pipeline_group" ("project_id");
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX "index_storage_project_id" ON "pi_storage" ("project_id");
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX "index_notification_project_id" ON "pi_notification" ("project_id");
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_project_id" ON "pi_history" ("project_id");
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_log_project_id" ON "pi_history_log" ("project_id");
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX "index_template_project_id" ON "pi_template" ("project_id");
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_sub_domain_project_id" ON "pi_sub_domain" ("project_id");
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cname_record_project_id" ON "cd_cname_record" ("project_id");
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_domain_project_id" ON "cd_domain" ("project_id");
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX "index_user_settings_project_id" ON "user_settings" ("project_id");
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_group_project_id" ON "cd_group" ("project_id");
+
+
+
+
+CREATE TABLE "cd_project_member"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "permission"  varchar(128) NOT NULL DEFAULT ('read'),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX "index_project_member_user_id" ON "cd_project_member" ("user_id");
+CREATE INDEX "index_project_member_project_id" ON "cd_project_member" ("project_id");
+
+
+CREATE TABLE "cd_audit_log"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "username"    varchar(128) NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "project_name" varchar(512) NOT NULL,
+  "type"        varchar(128) NOT NULL,
+  "action"      varchar(128) NOT NULL DEFAULT ('read'),
+  "content"     text         NOT NULL,
+  "ip_address"  varchar(128) NOT NULL,
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_audit_log_user_id" ON "cd_audit_log" ("user_id");
+CREATE INDEX "index_audit_log_project_id" ON "cd_audit_log" ("project_id");
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+
--- a/packages/ui/certd-server/db/migration/v10038__admin_mode.sql
+++ b/packages/ui/certd-server/db/migration/v10038__admin_mode.sql
@@ -6,6 +6,7 @@ CREATE TABLE "cd_project"
  "name"        varchar(512) NOT NULL,
  "admin_id"    integer      NOT NULL,
  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
  "create_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
 );
@@ -13,7 +14,7 @@ CREATE TABLE "cd_project"

 CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
 CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
-INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled") VALUES (1, 0, 1,'default', false);
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);

 ALTER TABLE cd_cert_info ADD COLUMN  project_id integer;
 CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
--- a/packages/ui/certd-server/metadata/addon_oauth_microsoft.yaml
+++ b/packages/ui/certd-server/metadata/addon_oauth_microsoft.yaml
@@ -7,18 +7,23 @@ showTest: false
 input:
  clientId:
    title: ClientId
-    helper: '[Azure Portal](https://portal.azure.com/)创建应用后获取'
+    helper: >-
+      [Microsoft Entra
+      ID](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)创建应用后获取
    required: true
  clientSecretKey:
    title: ClientSecretKey
    component:
      placeholder: ClientSecretKey / appSecretKey
+    helper: 客户端凭据->证书与机密->客户端密码->新客户端密码
    required: true
  tenantId:
    title: TenantId
-    helper: 租户ID，留空使用/common端点（需要应用配置为多租户）
    component:
      placeholder: common 或 租户ID
+    helper: |-
+      根据受支持的账户类型填写 common 或 租户ID，默认为common(Microsoft个人账户)。 
+      租户ID获取: 概述 -> 目录(租户) ID 
    value: common
    required: false
 pluginType: addon
--- a/packages/ui/certd-server/metadata/deploy_CertApply.yaml
+++ b/packages/ui/certd-server/metadata/deploy_CertApply.yaml
@@ -37,7 +37,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
--- a/packages/ui/certd-server/metadata/deploy_CertApplyGetFormAliyun.yaml
+++ b/packages/ui/certd-server/metadata/deploy_CertApplyGetFormAliyun.yaml
@@ -34,7 +34,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
--- a/packages/ui/certd-server/metadata/deploy_CertApplyLego.yaml
+++ b/packages/ui/certd-server/metadata/deploy_CertApplyLego.yaml
@@ -3,7 +3,7 @@ default:
  strategy:
    runStrategy: 0
  input:
-    renewDays: 35
+    renewDays: 15
    forceUpdate: false
 name: CertApplyLego
 icon: ph:certificate
@@ -37,7 +37,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
--- a/packages/ui/certd-server/metadata/deploy_CertApplyUpload.yaml
+++ b/packages/ui/certd-server/metadata/deploy_CertApplyUpload.yaml
@@ -99,7 +99,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  pfxPassword:
--- a/packages/ui/certd-server/package.json
+++ b/packages/ui/certd-server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -50,20 +50,20 @@
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
    "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/commercial-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/commercial-core": "^1.39.0",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.12",
-    "@certd/lib-huawei": "^1.38.12",
-    "@certd/lib-k8s": "^1.38.12",
-    "@certd/lib-server": "^1.38.12",
-    "@certd/midway-flyway-js": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-cert": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
-    "@certd/plugin-plus": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/jdcloud": "^1.39.0",
+    "@certd/lib-huawei": "^1.39.0",
+    "@certd/lib-k8s": "^1.39.0",
+    "@certd/lib-server": "^1.39.0",
+    "@certd/midway-flyway-js": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-cert": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
+    "@certd/plugin-plus": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
--- a/packages/ui/certd-server/src/config/config.default.ts
+++ b/packages/ui/certd-server/src/config/config.default.ts
@@ -80,7 +80,7 @@ const development = {
        type: 'better-sqlite3',
        database: './data/db.sqlite',
        synchronize: false, // 如果第一次使用，不存在表，有同步的需求可以写 true
-        logging: false,
+        logging: true,
        highlightSql: false,

        // 配置实体模型 或者 entities: '/entity',
--- a/packages/ui/certd-server/src/controller/sys/account/account-controller.ts
+++ b/packages/ui/certd-server/src/controller/sys/account/account-controller.ts
@@ -21,12 +21,18 @@ export class BasicController extends BaseController {
  @Post('/preBindUser', { summary: 'sys:settings:edit' })
  public async preBindUser(@Body(ALL) body: PreBindUserReq) {
    // 设置缓存内容
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
    await this.plusService.userPreBind(body.userId);
    return this.ok({});
  }

  @Post('/bindUser', { summary: 'sys:settings:edit' })
  public async bindUser(@Body(ALL) body: BindUserReq) {
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
    const installInfo: SysInstallInfo = await this.sysSettingsService.getSetting(SysInstallInfo);
    installInfo.bindUserId = body.userId;
    await this.sysSettingsService.saveSetting(installInfo);
--- a/packages/ui/certd-server/src/controller/sys/addon/addon-controller.ts
+++ b/packages/ui/certd-server/src/controller/sys/addon/addon-controller.ts
@@ -14,7 +14,7 @@ export class SysAddonController extends AddonController {

  async getProjectUserId(permission:string){
    return {
-      projectId:null,userId:0
+      projectId:null,userId:0 //0为系统级别
    }
  }
  getUserId() {
--- a/packages/ui/certd-server/src/controller/sys/enterprise/project-controller.ts
+++ b/packages/ui/certd-server/src/controller/sys/enterprise/project-controller.ts
@@ -40,7 +40,7 @@ export class SysProjectController extends CrudController<ProjectEntity> {
    bean.userId = this.getUserId();
    return super.add({
      ...bean,
-      userId:0,
+      userId:-1, //企业用户id固定为-1
      adminId: bean.userId,
    });
  }
--- a/packages/ui/certd-server/src/controller/user/cname/cname-provider-controller.ts
+++ b/packages/ui/certd-server/src/controller/user/cname/cname-provider-controller.ts
@@ -20,8 +20,6 @@ export class CnameProviderController extends BaseController {

  @Post('/list', { summary: Constants.per.authOnly })
  async list(@Body(ALL) body: any) {
-    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
    const res = await this.providerService.list({});
    return this.ok(res);
  }
--- a/packages/ui/certd-server/src/controller/user/cname/cname-record-controller.ts
+++ b/packages/ui/certd-server/src/controller/user/cname/cname-record-controller.ts
@@ -67,50 +67,51 @@ export class CnameRecordController extends CrudController<CnameRecordService> {

  @Post('/info', { summary: Constants.per.authOnly })
  async info(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.getService(), id, "read");
    return super.info(id);
  }

  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.getService(), id, "write");
    return super.delete(id);
  }

  @Post('/deleteByIds', { summary: Constants.per.authOnly })
  async deleteByIds(@Body(ALL) body: any) {
+    const {userId,projectId} = await this.getProjectUserIdWrite();
    await this.service.delete(body.ids, {
-      userId: this.getUserId(),
+      userId,
+      projectId,
    });
    return this.ok();
  }
  @Post('/getByDomain', { summary: Constants.per.authOnly })
  async getByDomain(@Body(ALL) body: { domain: string; createOnNotFound: boolean }) {
-    const userId = this.getUserId();
-    const res = await this.service.getByDomain(body.domain, userId, body.createOnNotFound);
+    const {userId,projectId} = await this.getProjectUserIdRead();
+    const res = await this.service.getByDomain(body.domain, userId,projectId, body.createOnNotFound);
    return this.ok(res);
  }

  @Post('/verify', { summary: Constants.per.authOnly })
  async verify(@Body(ALL) body: { id: number }) {
-    const userId = this.getUserId();
-    await this.service.checkUserId(body.id, userId);
+    await this.checkOwner(this.getService(), body.id, "read");
    const res = await this.service.verify(body.id);
    return this.ok(res);
  }

  @Post('/resetStatus', { summary: Constants.per.authOnly })
  async resetStatus(@Body(ALL) body: { id: number }) {
-    const userId = this.getUserId();
-    await this.service.checkUserId(body.id, userId);
+    await this.checkOwner(this.getService(), body.id, "read");
    const res = await this.service.resetStatus(body.id);
    return this.ok(res);
  }
 @Post('/import', { summary: Constants.per.authOnly })
  async import(@Body(ALL) body: { domainList: string; cnameProviderId: any }) {
-    const userId = this.getUserId();
+    const {userId,projectId} = await this.getProjectUserIdWrite();
    const res = await this.service.doImport({
      userId,
+      projectId,
      domainList: body.domainList,
      cnameProviderId: body.cnameProviderId,
    });
--- a/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts
+++ b/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts
@@ -164,8 +164,8 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
  //   // 3.  检查原域名是否有cname记录
  // }

-  async getWithAccessByDomain(domain: string, userId: number) {
-    const record: CnameRecord = await this.getByDomain(domain, userId);
+  async getWithAccessByDomain(domain: string, userId: number,projectId?:number) {
+    const record: CnameRecord = await this.getByDomain(domain, userId,projectId);
    if (record.cnameProvider.id > 0) {
      //自定义cname服务
      record.cnameProvider.access = await this.accessService.getAccessById(record.cnameProvider.accessId, false);
@@ -179,17 +179,17 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
    return record;
  }

-  async getByDomain(domain: string, userId: number, createOnNotFound = true) {
+  async getByDomain(domain: string, userId: number,projectId?:number, createOnNotFound = true) {
    if (!domain) {
      throw new ValidateException("domain不能为空");
    }
    if (userId == null) {
      throw new ValidateException("userId不能为空");
    }
-    let record = await this.getRepository().findOne({ where: { domain, userId } });
+    let record = await this.getRepository().findOne({ where: { domain, userId,projectId } });
    if (record == null) {
      if (createOnNotFound) {
-        record = await this.add({ domain, userId });
+        record = await this.add({ domain, userId,projectId });
      } else {
        throw new ValidateException(`找不到${domain}的CNAME记录`);
      }
@@ -489,8 +489,8 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
    await this.getRepository().update(id, { status: "cname", mainDomain: "" });
  }

-  async doImport(req:{ userId: number; domainList: string; cnameProviderId: any }) {
-    const {userId,cnameProviderId,domainList} = req;
+  async doImport(req:{ userId: number; projectId: number; domainList: string; cnameProviderId: any }) {
+    const {userId,projectId,cnameProviderId,domainList} = req;
    const domains = domainList.split("\n").map(item => item.trim()).filter(item => item.length > 0);
    if (domains.length === 0) {
      throw new ValidateException("域名列表不能为空");
@@ -504,18 +504,19 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
      key: "user_"+userId,
      title: "导入CNAME记录",
      run: async (task) => {
-        await this._import({ userId, domains, cnameProviderId },task);
+        await this._import({ userId,projectId, domains, cnameProviderId },task);
      }
    }));
  }

-  async _import(req :{ userId: number; domains: string[]; cnameProviderId: any },task:BackTask) {
+  async _import(req :{ userId: number; projectId: number; domains: string[]; cnameProviderId: any },task:BackTask) {
    const userId = req.userId;
    for (const domain of req.domains) {
      const old = await this.getRepository().findOne({
        where: {
          userId: req.userId,
          domain,
+          projectId: req.projectId,
        },
      });
      if (old) {
@@ -526,6 +527,7 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
          await this.add({
            userId,
            domain: domain,
+            projectId: req.projectId,
            cnameProviderId: req.cnameProviderId,
          });
      }catch(e){
--- a/packages/ui/certd-server/src/modules/mine/service/two-factor-service.ts
+++ b/packages/ui/certd-server/src/modules/mine/service/two-factor-service.ts
@@ -63,7 +63,7 @@ export class TwoFactorService {
  }

  async offAuthenticator(userId:number) {
-    if (!userId) {
+    if (!userId || userId <= 0) {
      throw new Error("userId is required");
    }

--- a/packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts
+++ b/packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts
@@ -358,7 +358,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  async checkList(sites: SiteInfoEntity[],isCommon: boolean) {
    const cache = {}
    const getFromCache = async (userId: number,projectId?: number) =>{
-      const key = `${userId}-${projectId??""}`
+      const key = `${userId}_${projectId??""}`
      if (cache[key]) {
        return cache[key];
      }
@@ -424,7 +424,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
    if (!req.text) {
      throw new Error("text is required");
    }
-    if (!req.userId) {
+    if (req.userId == null) {
      throw new Error("userId is required");
    }

@@ -479,7 +479,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  }

  clearSiteMonitorJob(userId: number,projectId?: number) {
-    this.cron.remove(`siteMonitor-${userId}-${projectId||""}`);
+    this.cron.remove(`siteMonitor_${userId}_${projectId||""}`);
  }

  async registerSiteMonitorJob(userId?: number,projectId?: number) {
@@ -502,7 +502,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
      }
      //注册个人的 或项目的
      this.cron.register({
-        name: `siteMonitor-${userId}-${projectId||""}`,
+        name: `siteMonitor_${userId}_${projectId||""}`,
        cron: setting.cron,
        job: () => this.triggerJobOnce(userId,projectId),
      });
@@ -511,9 +511,9 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  }

  async triggerJobOnce(userId?:number,projectId?:number) {
-    logger.info(`站点证书检查开始执行[${userId??'所有用户'}-${projectId??'所有项目'}]`);
+    logger.info(`站点证书检查开始执行[${userId??'所有用户'}_${projectId??'所有项目'}]`);
    const query:any = { disabled: false };
-    if(userId){
+    if(userId!=null){
      query.userId = userId;
      if(projectId){
        query.projectId = projectId;
@@ -541,7 +541,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
      await this.checkList(records,isCommon);
    }

-    logger.info(`站点证书检查完成[${userId??'所有用户'}-${projectId??'所有项目'}]`);
+    logger.info(`站点证书检查完成[${userId??'所有用户'}_${projectId??'所有项目'}]`);
  }

  async batchDelete(ids: number[], userId: number,projectId?:number): Promise<void> {
--- a/packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts
+++ b/packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts
@@ -43,7 +43,7 @@ export class SiteIpService extends BaseService<SiteIpEntity> {
  }

  async add(data: SiteIpEntity) {
-    if (!data.userId) {
+    if (data.userId == null) {
      throw new Error("userId is required");
    }
    data.disabled = false;
--- a/packages/ui/certd-server/src/modules/pipeline/service/getter/cname-proxy-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/getter/cname-proxy-service.ts
@@ -2,13 +2,15 @@ import { CnameRecord, ICnameProxyService } from '@certd/pipeline';

 export class CnameProxyService implements ICnameProxyService {
  userId: number;
-  getter: <T>(domain: string, userId?: number) => Promise<T>;
-  constructor(userId: number, getter: (domain: string, userId: number) => Promise<any>) {
+  projectId: number;
+  getter: <T>(domain: string, userId?: number, projectId?: number) => Promise<T>;
+  constructor(userId: number, projectId: number, getter: (domain: string, userId: number, projectId: number) => Promise<any>) {
    this.userId = userId;
+    this.projectId = projectId;
    this.getter = getter;
  }

  async getByDomain(domain: string): Promise<CnameRecord> {
-    return await this.getter<CnameRecord>(domain, this.userId);
+    return await this.getter<CnameRecord>(domain, this.userId, this.projectId);
  }
 }
--- a/packages/ui/certd-server/src/modules/pipeline/service/getter/task-service-getter.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/getter/task-service-getter.ts
@@ -59,7 +59,7 @@ export class TaskServiceGetter implements IServiceGetter{

  async getCnameProxyService(): Promise<CnameProxyService> {
    const cnameRecordService:CnameRecordService = await  this.appCtx.getAsync("cnameRecordService")
-    return new CnameProxyService(this.userId, cnameRecordService.getWithAccessByDomain.bind(cnameRecordService));
+    return new CnameProxyService(this.userId, this.projectId, cnameRecordService.getWithAccessByDomain.bind(cnameRecordService));
  }

  async getNotificationService(): Promise<NotificationGetter> {
--- a/packages/ui/certd-server/src/modules/pipeline/service/history-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/history-service.ts
@@ -188,11 +188,11 @@ export class HistoryService extends BaseService<HistoryEntity> {
    const where: any = {
      createTime: MoreThan(todayEnd.add(-param.days, 'day').toDate()),
    };
-    if (param.userId > 0) {
-      where.userId = param.userId;
-    }
+    
    if (param.projectId > 0) {
      where.projectId = param.projectId;
+    }else if (param.userId > 0) {
+      where.userId = param.userId;
    }
    const result = await this.getRepository()
      .createQueryBuilder('main')
--- a/packages/ui/certd-server/src/modules/pipeline/service/notification-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/notification-service.ts
@@ -138,21 +138,21 @@ export class NotificationService extends BaseService<NotificationEntity> {
    if (userId==null) {
      throw new ValidateException('userId不能为空');
    }
+    const query:any = {
+       userId,
+    }
+    if (projectId){
+      query.projectId = projectId
+    }
    await this.repository.update(
-      {
-        userId,
-        projectId,
-      },
+      query,
      {
        isDefault: false,
      }
    );
+    query.id = id
    await this.repository.update(
-      {
-        id,
-        userId,
-        projectId,
-      },
+     query,
      {
        isDefault: true,
      }
--- a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
@@ -50,6 +50,7 @@ import { nanoid } from "nanoid";
 import { set } from "lodash-es";
 import { executorQueue } from "@certd/lib-server";
 import parser from "cron-parser";
+import { ProjectService } from "../../sys/enterprise/service/project-service.js";
 const runningTasks: Map<string | number, Executor> = new Map();


@@ -107,6 +108,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
  @Inject()
  certInfoService: CertInfoService;

+  @Inject()
+  projectService: ProjectService;
+
  //@ts-ignore
  getRepository() {
    return this.repository;
@@ -252,6 +256,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
      //修改
      old = await this.info(bean.id);
      bean.order = old.order;
+      bean.userId = old.userId;
+      bean.projectId = old.projectId;
    }
    if (!old || !old.webhookKey) {
      bean.webhookKey = await this.genWebhookKey();
@@ -262,6 +268,8 @@ export class PipelineService extends BaseService<PipelineEntity> {

    const pipeline = JSON.parse(bean.content || "{}");
    RunnableCollection.initPipelineRunnableType(pipeline);
+    pipeline.userId = bean.userId;
+    pipeline.projectId = bean.projectId;
    let domains = [];
    if (pipeline.stages) {
      RunnableCollection.each(pipeline.stages, (runnable: any) => {
@@ -295,8 +303,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
    } else if (bean.type === "cert_auto") {
      fromType = "auto";
    }
-    const userId = pipeline.userId || bean.userId;
-    const projectId = pipeline.projectId ?? bean.projectId ??null;
+    const userId = bean.userId;
+    const projectId = bean.projectId ??null;
    await this.certInfoService.updateDomains(pipeline.id, userId, projectId ,  domains, fromType);
    return {
      ...bean,
@@ -672,9 +680,12 @@ export class PipelineService extends BaseService<PipelineEntity> {
    };

    const userId = entity.userId;
-    const historyId = await this.historyService.start(entity, triggerType);
+    const projectId = entity.projectId;
    let userIsAdmin = false
-    if(userId){
+
+    if (projectId && projectId>0) {
+      userIsAdmin = await this.projectService.isAdmin(projectId);
+    }else if(userId>0){
      userIsAdmin = await this.userService.isAdmin(userId);
    }
    const user: UserInfo = {
@@ -682,7 +693,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
      role: userIsAdmin ? "admin" : "user"
    };

-
+     const historyId = await this.historyService.start(entity, triggerType);
    const sysInfo: SysInfo = {};
    if (isComm()) {
      const siteInfo = await this.sysSettingsService.getSetting<SysSiteInfo>(SysSiteInfo);
@@ -690,7 +701,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
    }

    const taskServiceGetter = this.taskServiceBuilder.create({
-      userId
+      userId,
+      projectId
    });
    const accessGetter = await taskServiceGetter.get<IAccessService>("accessService");
    const notificationGetter = await taskServiceGetter.get<INotificationService>("notificationService");
@@ -920,7 +932,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
      throw new NeedVIPException("此功能需要升级专业版");
    }
    for (const id of ids) {
-      if (userId) {
+      if (userId && userId > 0) {
        await this.checkUserId(id, userId);
      }
      if(projectId){
@@ -1104,6 +1116,10 @@ export class PipelineService extends BaseService<PipelineEntity> {


  private async checkUserStatus(userId: number) {
+    if(isEnterprise()){
+      //企业模式不检查用户状态，都允许运行流水线
+      return 
+    }
    const userEntity = await this.userService.info(userId);
    if (userEntity == null) {
      throw new Error("用户不存在");
--- a/packages/ui/certd-server/src/modules/sys/enterprise/entity/project.ts
+++ b/packages/ui/certd-server/src/modules/sys/enterprise/entity/project.ts
@@ -19,6 +19,10 @@ export class ProjectEntity {
  @Column({ name: 'disabled', comment: '禁用' })
  disabled: boolean;

+  @Column({ name: 'is_system', comment: '是否系统项目' })
+  isSystem: boolean; //系统项目内的流水线允许运行管理员级别的插件
+
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
--- a/packages/ui/certd-server/src/modules/sys/enterprise/service/project-member-service.ts
+++ b/packages/ui/certd-server/src/modules/sys/enterprise/service/project-member-service.ts
@@ -23,7 +23,7 @@ export class ProjectMemberService extends BaseService<ProjectMemberEntity> {
    if (!projectId) {
      throw new Error('项目ID不能为空');
    }
-    if (!userId) {
+    if (!userId || userId <= 0) {
      throw new Error('用户ID不能为空');
    }
    const exist = await this.repository.findOne({
--- a/packages/ui/certd-server/src/modules/sys/enterprise/service/project-service.ts
+++ b/packages/ui/certd-server/src/modules/sys/enterprise/service/project-service.ts
@@ -11,9 +11,12 @@ const projectCache = new LRUCache<string, any>({
  ttl: 1000 * 60 * 10,
 });

+const ENTERPRISE_USER_ID = -1 //企业模式下 企业userId 固定为-1
+
@Provide()
@Scope(ScopeEnum.Request, { allowDowngrade: true })
 export class ProjectService extends BaseService<ProjectEntity> {
+ 
  @InjectEntityModel(ProjectEntity)
  repository: Repository<ProjectEntity>;

@@ -36,7 +39,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
    const exist = await this.repository.findOne({
      where: {
        name,
-        userId: 0,
+        userId: ENTERPRISE_USER_ID,
      },
    });
    if (exist) {
@@ -57,7 +60,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
  async setDisabled(id: number, disabled: boolean) {
    await this.repository.update({
      id,
-      userId: 0,
+      userId: ENTERPRISE_USER_ID,
    }, {
      disabled,
    });
@@ -66,10 +69,13 @@ export class ProjectService extends BaseService<ProjectEntity> {
  async getUserProjects(userId: number) {

    const memberList = await this.projectMemberService.getByUserId(userId, 'approved');
-    const projectIds = memberList.map(item => item.projectId);
+    let projectIds = memberList.map(item => item.projectId); 
+    if (!projectIds || projectIds.length === 0) {
+      projectIds = [0]
+    }
    const projectList = await this.repository.createQueryBuilder('project')
      .where(' project.disabled = false')
-      .where(' project.userId = :userId', { userId: 0 })
+      .where(' project.userId = :userId', { userId: ENTERPRISE_USER_ID })
      .where(' project.id IN (:...projectIds) or project.adminId = :userId', { projectIds, userId })
      .getMany();

@@ -93,7 +99,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
    let projectList: any = await this.find({
      where: {
        disabled: false,
-        userId: 0,
+        userId: ENTERPRISE_USER_ID,
      },
    })
    const projectMemberItemList: ProjectMemberItem[] = projectList
@@ -269,4 +275,9 @@ export class ProjectService extends BaseService<ProjectEntity> {
    })
  }

+   async isAdmin(projectId: number): Promise<boolean> {
+    const project = await this.info(projectId);
+    return project?.isSystem ?? false;
+  }
+
 }
--- a/packages/ui/certd-server/src/plugins/plugin-admin/plugin-db-backup.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-admin/plugin-db-backup.ts
@@ -157,9 +157,7 @@ export class DBBackupPlugin extends AbstractPlusTaskPlugin {
  async onInstance() {}

  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error("只有管理员才能运行此任务");
-    }
+    this.checkAdmin();

    this.logger.info("开始备份数据库");

--- a/packages/ui/certd-server/src/plugins/plugin-admin/plugin-deploy-to-certd.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-admin/plugin-deploy-to-certd.ts
@@ -32,9 +32,7 @@ export class DeployToCertdPlugin extends AbstractTaskPlugin {
  cert!: CertInfo;
  async onInstance() { }
  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error('只有管理员才能运行此任务');
-    }
+    this.checkAdmin();

    //部署证书
    let crtPath = "ssl/cert.crt";
--- a/packages/ui/certd-server/src/plugins/plugin-admin/plugin-restart.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-admin/plugin-restart.ts
@@ -17,9 +17,7 @@ import { httpsServer } from '../../modules/auto/https/server.js';
 export class RestartCertdPlugin extends AbstractTaskPlugin {
  async onInstance() {}
  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error('只有管理员才能运行此任务');
-    }
+    this.checkAdmin();
    this.logger.info('Certd https server 将在 3 秒后重启');
    await this.ctx.utils.sleep(3000);
    await httpsServer.restart();
--- a/packages/ui/certd-server/src/plugins/plugin-admin/plugin-script.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-admin/plugin-script.ts
@@ -47,9 +47,7 @@ export class CustomScriptPlugin extends AbstractTaskPlugin {

  async onInstance() {}
  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error('只有管理员才能运行此任务');
-    }
+    this.checkAdmin();
    this.logger.info('执行自定义脚本:\n', this.script);
    const ctx: CustomScriptContext = {
      CertReader,
--- a/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts
@@ -198,9 +198,7 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
    fs.copyFileSync(srcFile, destFile);
  }
  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error('只有管理员才能运行此任务');
-    }
+    this.checkAdmin();

    let { crtPath, keyPath, icPath, pfxPath, derPath, jksPath } = this;
    const certReader = new CertReader(this.cert);
--- a/packages/ui/certd-server/src/plugins/plugin-jdcloud/dns-provider.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-jdcloud/dns-provider.ts
@@ -34,8 +34,14 @@ export class JDCloudDnsProvider extends AbstractDnsProvider {
    if (!domainRes.result?.dataList?.length) {
      throw new Error(`域名${domain}在此京东云账号中不存在`)
    }
+    const list = domainRes.result.dataList

-    const domainId = domainRes.result.dataList[0].id
+    const found =  list.find((item) => item.domainName === domain)
+    if (!found){
+      throw new Error(`域名${domain}在此京东云账号中不存在`)
+    }
+
+    const domainId = found.id
    this.logger.info("域名ID：", domainId)
    /**
     * hostRecord	String	True		主机记录
@@ -55,11 +61,12 @@ export class JDCloudDnsProvider extends AbstractDnsProvider {
          hostRecord: hostRecord,
          hostValue: value,
          type: type,
-          ttl: 100,
+          ttl: 200,
+          viewValue:-1,
        }
      })
      return {
-        recordId: res.result.dataList[0].id,
+        recordId: res.result.dataList.id,
        domainId: domainId
      };
    }catch (e) {
Author	SHA1	Message	Date
xiaojunnuo	3bb29abe32	v1.39.0	2026-03-08 01:17:39 +08:00
xiaojunnuo	ac42d38b7a	build: prepare to build	2026-03-08 01:15:23 +08:00
xiaojunnuo	d9c0130b59	fix: 修复京东云域名申请证书报错的bug	2026-03-08 01:14:33 +08:00
xiaojunnuo	4925d5a5e7	chore: project prerelease	2026-03-08 00:48:29 +08:00
xiaojunnuo	dd9a7cf5d7	chore: project fix	2026-03-05 00:11:08 +08:00
xiaojunnuo	5ee3874b7e	chore: project fix	2026-03-04 23:53:19 +08:00
xiaojunnuo	17dd77cc96	chore: project userid fixed -1	2026-03-04 23:15:48 +08:00
@@ -1 +1 @@
 :18
 :15