v1.39.0

CHANGELOG.md

@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+* AI开发插件 skills 定义初步 ([1f68fad](https://github.com/certd/certd/commit/1f68faddb97a978c5a5e731a8895b4bb0587ad83))
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 ### Bug Fixes

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.38.12"
+  "version": "1.39.0"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/publishlab/node-acme-client/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.38.12](https://github.com/publishlab/node-acme-client/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.38.12",
+    "version": "1.39.0",
     "type": "module",
     "module": "scr/index.js",
     "main": "src/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.38.12",
+        "@certd/basic": "^1.39.0",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.9.0",

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Performance Improvements
+
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-23:18
+01:15

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,8 +18,8 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/plus-core": "^1.39.0",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"

packages/core/pipeline/src/plugin/api.ts

@@ -170,9 +170,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
     }
 
     if (this.ctx?.define?.onlyAdmin) {
-      if (!this.isAdmin()) {
+      this.checkAdmin();
-        throw new Error("只有管理员才能运行此任务");
-      }
     }
   }
 
@@ -284,6 +282,12 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
     return this.ctx.user.role === "admin";
   }
 
+  checkAdmin() {
+    if (!this.isAdmin()) {
+      throw new Error("只有“管理员”或“系统级项目”才有权限运行此插件任务");
+    }
+  }
+
   getStepFromPipeline(stepId: string) {
     let found: any = null;
     RunnableCollection.each(this.ctx.pipeline.stages, step => {

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.38.12",
+  "version": "1.39.0",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,7 +17,7 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/lib-server

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -28,11 +28,11 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/pipeline": "^1.39.0",
-    "@certd/plugin-lib": "^1.38.12",
+    "@certd/plugin-lib": "^1.39.0",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/plus-core": "^1.39.0",
     "@midwayjs/cache": "3.14.0",
     "@midwayjs/core": "3.20.11",
     "@midwayjs/i18n": "3.20.13",

packages/libs/lib-server/src/basic/base-controller.ts

@@ -83,7 +83,7 @@ export abstract class BaseController {
     let userId = this.getUserId()
     const projectId = await this.getProjectId(permission)
     if(projectId){
-      userId = 0
+      userId = -1 // 企业管理模式下，用户id固定-1
     }
     return {
       projectId,userId
@@ -118,7 +118,7 @@ export abstract class BaseController {
       if(allowAdmin){
         await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
       }else{
-        await authService.checkUserId(this.ctx, service, id);
+        await authService.checkUserId( service, id, userId);
       }
     }
     return {projectId,userId}

packages/libs/lib-server/src/basic/base-service.ts

@@ -258,12 +258,12 @@ export abstract class BaseService<T> {
 
 export function checkUserProjectParam(userId: number, projectId: number) {
   if (projectId != null ){
-    if( userId !==0) {
+    if( userId !==-1) {
       throw new ValidateException('userId projectId 错误');
     }
     return true
   }else{
-    if( userId > 0) {
+    if( userId != null) {
       return true
     }
      throw new ValidateException('userId不能为空');

packages/libs/lib-server/src/user/access/entity/access.ts

@@ -8,7 +8,7 @@ export class AccessEntity {
   @PrimaryGeneratedColumn()
   id: number;
   @Column({ name: 'user_id', comment: '用户id' })
-  userId: number;
+  userId: number; // 0为系统级别, -1为企业，大于1为用户
   @Column({ comment: '名称', length: 100 })
   name: string;
 
@@ -24,9 +24,6 @@ export class AccessEntity {
   @Column({ name: 'project_id', comment: '项目id' })
   projectId: number;
 
-  @Column({ comment: '权限等级', length: 100 })
-  level: string; // user common system
-
   @Column({
     name: 'create_time',
     comment: '创建时间',

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.38.12",
+  "version": "1.39.0",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/plugin-cert

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/pipeline": "^1.39.0",
-    "@certd/plugin-lib": "^1.38.12",
+    "@certd/plugin-lib": "^1.39.0",
     "psl": "^1.9.0",
     "punycode.js": "^2.3.1"
   },

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/plugin-lib

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.11",
     "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/pipeline": "^1.39.0",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/plus-core": "^1.39.0",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 ### Bug Fixes

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.38.12",
+  "version": "1.39.0",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.38.12",
+    "@certd/lib-iframe": "^1.39.0",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/pipeline": "^1.39.0",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/locales/langs/en-US/certd.ts

@@ -220,6 +220,7 @@ export default {
     myProjectDetail: "Project Detail",
     projectJoin: "Join Project",
     currentProject: "Current Project",
+    projectMemberManager: "Project Member",
   },
   certificateRepo: {
     title: "Certificate Repository",
@@ -822,6 +823,9 @@ export default {
       admin: "Admin",
     },
     projectMemberStatus: "Member Status",
+
+    isSystem: "Is System Project",
+    isSystemHelper: "System-level projects allow running admin plugins",
   },
   project: {
     noProjectJoined: "You haven't joined any projects yet",
@@ -839,6 +843,7 @@ export default {
     applyJoinConfirm: "Are you sure you want to apply to join this project?",
     leaveConfirm: "Are you sure you want to leave this project?",
     viewDetail: "View Detail",
+    projectManage: "Project Manage",
   },
   addonSelector: {
     select: "Select",

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -220,12 +220,12 @@ export default {
     netTest: "网络测试",
     enterpriseManager: "企业管理设置",
     projectManager: "项目管理",
-    projectDetail: "项目详情",
     enterpriseSetting: "企业设置",
     myProjectManager: "我的项目",
     myProjectDetail: "项目详情",
     projectJoin: "加入项目",
     currentProject: "当前项目",
+    projectMemberManager: "项目成员管理",
   },
   certificateRepo: {
     title: "证书仓库",
@@ -838,6 +838,9 @@ export default {
       admin: "管理员",
     },
     projectMemberStatus: "成员状态",
+
+    isSystem: "是否系统项目",
+    isSystemHelper: "系统级项目允许运行管理员插件",
   },
   project: {
     noProjectJoined: "您还没有加入任何项目",
@@ -855,5 +858,6 @@ export default {
     applyJoinConfirm: "确认加入项目？",
     leaveConfirm: "确认退出项目？",
     viewDetail: "查看详情",
+    projectManage: "项目管理",
   },
 };

packages/ui/certd-client/src/router/source/modules/certd.ts

@@ -29,21 +29,6 @@ export const certdResources = [
           auth: true,
         },
       },
-      {
-        title: "certd.sysResources.currentProject",
-        name: "CurrentProject",
-        path: "/certd/project/detail",
-        component: "/certd/project/detail/index.vue",
-        meta: {
-          show: () => {
-            const projectStore = useProjectStore();
-            return projectStore.isEnterprise;
-          },
-          isMenu: true,
-          icon: "ion:apps",
-          auth: true,
-        },
-      },
       {
         title: "certd.sysResources.projectJoin",
         name: "ProjectJoin",
@@ -278,6 +263,21 @@ export const certdResources = [
               isMenu: false,
             },
           },
+          {
+            title: "certd.sysResources.projectMemberManager",
+            name: "ProjectMemberManager",
+            path: "/certd/project/detail",
+            component: "/certd/project/detail/index.vue",
+            meta: {
+              show: () => {
+                const projectStore = useProjectStore();
+                return projectStore.isEnterprise;
+              },
+              isMenu: true,
+              icon: "ion:apps",
+              auth: true,
+            },
+          },
         ],
       },
       {

packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx

@@ -143,7 +143,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             order: 10,
           },
           valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
           },
         },
         ...commonColumnsDefine,

packages/ui/certd-client/src/views/certd/access/crud.tsx

@@ -121,7 +121,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             order: 10,
           },
           valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
           },
         },
         ...commonColumnsDefine,

packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx

@@ -734,7 +734,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             }),
           },
           column: {
-            width: 100,
+            width: 140,
             sorter: true,
             align: "center",
           },
@@ -757,7 +757,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             helper: t("monitor.ipSyncModeHelper"),
           },
           column: {
-            width: 100,
+            width: 140,
             sorter: true,
             align: "center",
           },
@@ -779,7 +779,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             helper: t("monitor.ipIgnoreCoherenceHelper"),
           },
           column: {
-            width: 100,
+            width: 180,
             sorter: true,
             align: "center",
           },

packages/ui/certd-client/src/views/certd/pipeline/crud.tsx

@@ -16,13 +16,16 @@ import { useCertViewer } from "/@/views/certd/pipeline/use";
 import { useI18n } from "/src/locales";
 import { useDicts } from "../dicts";
 import { useProjectStore } from "/@/store/project";
+import { useCrudPermission } from "/@/plugin/permission";
 
-export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, hasActionPermission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
+export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, permission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
   const router = useRouter();
   const lastResRef = ref();
 
   const { t } = useI18n();
 
+  const { hasActionPermission } = useCrudPermission({ permission });
+
   const { openUploadCreateDialog } = useCertUpload();
 
   const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {

packages/ui/certd-client/src/views/certd/project/join.vue

@@ -7,7 +7,7 @@
       </div>
 
       <div class="more">
-        <a-button v-if="userStore.isAdmin" @click="goProjectManager">{{ t("certd.project.projectManager") }}</a-button>
+        <a-button v-if="userStore.isAdmin" type="primary" @click="goProjectManager">{{ t("certd.project.projectManage") }}</a-button>
       </div>
     </template>
     <div class="project-container">

packages/ui/certd-client/src/views/sys/enterprise/project/crud.tsx

@@ -90,35 +90,21 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             },
           },
         },
-        disabled: {
+        isSystem: {
-          title: t("certd.disabled"),
+          title: t("certd.ent.isSystem"),
           type: "dict-switch",
           dict: dict({
             data: [
-              { label: t("certd.enabled"), value: false, color: "success" },
+              { label: t("common.yes"), value: true, color: "success" },
-              { label: t("certd.disabledLabel"), value: true, color: "error" },
+              { label: t("common.no"), value: false, color: "error" },
             ],
           }),
           form: {
-            value: false,
+            value: true,
+            helper: t("certd.ent.isSystemHelper"),
           },
           column: {
-            width: 100,
+            width: 150,
-            component: {
-              title: t("certd.clickToToggle"),
-              on: {
-                async click({ value, row }) {
-                  Modal.confirm({
-                    title: t("certd.prompt"),
-                    content: t("certd.confirmToggleStatus", { action: !value ? t("certd.disable") : t("certd.enable") }),
-                    onOk: async () => {
-                      await api.SetDisabled(row.id, !value);
-                      await crudExpose.doRefresh();
-                    },
-                  });
-                },
-              },
-            },
           },
         },
         adminId: {

packages/ui/certd-client/src/views/sys/settings/tabs/mode.vue

@@ -9,6 +9,7 @@
         <div class="helper">SaaS模式：每个用户管理自己的流水线和授权资源，独立使用。</div>
         <div class="helper">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
         <div class="helper text-red-500">建议在开始使用时固定一个合适的模式，之后就不要随意切换了。</div>
+        <div v-if="settingsStore.isComm" class="helper text-red-500">商业版不建议设置为企业模式，除非你确定要转成企业内部使用</div>
         <div><a @click="adminModeIntroOpen = true"> 更多管理模式介绍</a></div>
       </a-form-item>
 

packages/ui/certd-server/.env.dev-mysql.yaml

@@ -6,7 +6,7 @@ typeorm:
     default:
       type: mysql # mariadb
       host: localhost
-      port: 3309
+      port: 3308
       username: root
       password: root
       database: certd

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,27 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)
 
 **Note:** Version bump only for package @certd/ui-server

packages/ui/certd-server/db/migration-mysql/v10038__admin_mode.sql

@@ -0,0 +1,118 @@
+
+CREATE TABLE `cd_project`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `name`        varchar(512) NOT NULL,
+  `admin_id`    bigint      NOT NULL,
+  `disabled`    boolean      NOT NULL DEFAULT false,
+  `is_system`   boolean      NOT NULL DEFAULT false,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_project_user_id` ON `cd_project` (`user_id`);
+CREATE INDEX `index_project_admin_id` ON `cd_project` (`admin_id`);
+INSERT INTO cd_project (id, user_id, `admin_id`, `name`, `disabled`, `is_system`) VALUES (1, -1, 1,'default', false,false);
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cert_project_id` ON `cd_cert_info` (`project_id`);
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_project_id` ON `cd_site_info` (`project_id`);
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_ip_project_id` ON `cd_site_ip` (`project_id`);
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX `index_open_key_project_id` ON `cd_open_key` (`project_id`);
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX `index_access_project_id` ON `cd_access` (`project_id`);
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX `index_addon_project_id` ON `cd_addon` (`project_id`);
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_project_id` ON `pi_pipeline` (`project_id`);
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_group_project_id` ON `pi_pipeline_group` (`project_id`);
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX `index_storage_project_id` ON `pi_storage` (`project_id`);
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX `index_notification_project_id` ON `pi_notification` (`project_id`);
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_project_id` ON `pi_history` (`project_id`);
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_log_project_id` ON `pi_history_log` (`project_id`);
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX `index_template_project_id` ON `pi_template` (`project_id`);
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_sub_domain_project_id` ON `pi_sub_domain` (`project_id`);
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cname_record_project_id` ON `cd_cname_record` (`project_id`);
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_domain_project_id` ON `cd_domain` (`project_id`);
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX `index_user_settings_project_id` ON `user_settings` (`project_id`);
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_group_project_id` ON `cd_group` (`project_id`);
+
+
+
+
+CREATE TABLE `cd_project_member`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `permission`  varchar(128) NOT NULL DEFAULT 'read',
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX `index_project_member_user_id` ON `cd_project_member` (`user_id`);
+CREATE INDEX `index_project_member_project_id` ON `cd_project_member` (`project_id`);
+
+
+CREATE TABLE `cd_audit_log`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `username`    varchar(128) NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `project_name` varchar(512) NOT NULL,
+  `type`        varchar(128) NOT NULL,
+  `action`      varchar(128) NOT NULL DEFAULT 'read',
+  `content`     longtext         NOT NULL,
+  `ip_address`  varchar(128) NOT NULL,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_audit_log_user_id` ON `cd_audit_log` (`user_id`);
+CREATE INDEX `index_audit_log_project_id` ON `cd_audit_log` (`project_id`);
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+
+
+ALTER TABLE `cd_project` ENGINE = InnoDB;
+ALTER TABLE `cd_project_member` ENGINE = InnoDB;
+ALTER TABLE `cd_audit_log` ENGINE = InnoDB;

packages/ui/certd-server/db/migration-pg/v10038__admin_mode.sql

@@ -0,0 +1,116 @@
+
+CREATE TABLE "cd_project"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "name"        varchar(512) NOT NULL,
+  "admin_id"    bigint      NOT NULL,
+  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
+CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);
+select setval('cd_project_id_seq', 1);
+
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_project_id" ON "cd_site_info" ("project_id");
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_ip_project_id" ON "cd_site_ip" ("project_id");
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX "index_open_key_project_id" ON "cd_open_key" ("project_id");
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX "index_access_project_id" ON "cd_access" ("project_id");
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX "index_addon_project_id" ON "cd_addon" ("project_id");
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_project_id" ON "pi_pipeline" ("project_id");
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_group_project_id" ON "pi_pipeline_group" ("project_id");
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX "index_storage_project_id" ON "pi_storage" ("project_id");
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX "index_notification_project_id" ON "pi_notification" ("project_id");
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_project_id" ON "pi_history" ("project_id");
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_log_project_id" ON "pi_history_log" ("project_id");
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX "index_template_project_id" ON "pi_template" ("project_id");
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_sub_domain_project_id" ON "pi_sub_domain" ("project_id");
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cname_record_project_id" ON "cd_cname_record" ("project_id");
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_domain_project_id" ON "cd_domain" ("project_id");
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX "index_user_settings_project_id" ON "user_settings" ("project_id");
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_group_project_id" ON "cd_group" ("project_id");
+
+
+
+
+CREATE TABLE "cd_project_member"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "permission"  varchar(128) NOT NULL DEFAULT ('read'),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX "index_project_member_user_id" ON "cd_project_member" ("user_id");
+CREATE INDEX "index_project_member_project_id" ON "cd_project_member" ("project_id");
+
+
+CREATE TABLE "cd_audit_log"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "username"    varchar(128) NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "project_name" varchar(512) NOT NULL,
+  "type"        varchar(128) NOT NULL,
+  "action"      varchar(128) NOT NULL DEFAULT ('read'),
+  "content"     text         NOT NULL,
+  "ip_address"  varchar(128) NOT NULL,
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_audit_log_user_id" ON "cd_audit_log" ("user_id");
+CREATE INDEX "index_audit_log_project_id" ON "cd_audit_log" ("project_id");
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+

packages/ui/certd-server/db/migration/v10038__admin_mode.sql

@@ -6,6 +6,7 @@ CREATE TABLE "cd_project"
   "name"        varchar(512) NOT NULL,
   "admin_id"    integer      NOT NULL,
   "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
   "create_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
   "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
 );
@@ -13,7 +14,7 @@ CREATE TABLE "cd_project"
 
 CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
 CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
-INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled") VALUES (1, 0, 1,'default', false);
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);
 
 ALTER TABLE cd_cert_info ADD COLUMN  project_id integer;
 CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");

packages/ui/certd-server/metadata/addon_oauth_microsoft.yaml

@@ -7,18 +7,23 @@ showTest: false
 input:
   clientId:
     title: ClientId
-    helper: '[Azure Portal](https://portal.azure.com/)创建应用后获取'
+    helper: >-
+      [Microsoft Entra
+      ID](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)创建应用后获取
     required: true
   clientSecretKey:
     title: ClientSecretKey
     component:
       placeholder: ClientSecretKey / appSecretKey
+    helper: 客户端凭据->证书与机密->客户端密码->新客户端密码
     required: true
   tenantId:
     title: TenantId
-    helper: 租户ID，留空使用/common端点（需要应用配置为多租户）
     component:
       placeholder: common 或 租户ID
+    helper: |-
+      根据受支持的账户类型填写 common 或 租户ID，默认为common(Microsoft个人账户)。 
+      租户ID获取: 概述 -> 目录(租户) ID 
     value: common
     required: false
 pluginType: addon

packages/ui/certd-server/metadata/deploy_CertApply.yaml

@@ -37,7 +37,7 @@ input:
     helper: |-
       1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
       2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
       4、输入一个，空格之后，再输入下一个 
       5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
   email:

packages/ui/certd-server/metadata/deploy_CertApplyGetFormAliyun.yaml

@@ -34,7 +34,7 @@ input:
     helper: |-
       1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
       2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
       4、输入一个，空格之后，再输入下一个 
       5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
   email:

packages/ui/certd-server/metadata/deploy_CertApplyLego.yaml

@@ -3,7 +3,7 @@ default:
   strategy:
     runStrategy: 0
   input:
-    renewDays: 35
+    renewDays: 15
     forceUpdate: false
 name: CertApplyLego
 icon: ph:certificate
@@ -37,7 +37,7 @@ input:
     helper: |-
       1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
       2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
       4、输入一个，空格之后，再输入下一个 
       5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
   email:

packages/ui/certd-server/metadata/deploy_CertApplyUpload.yaml

@@ -99,7 +99,7 @@ input:
     helper: |-
       1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
       2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
       4、输入一个，空格之后，再输入下一个 
       5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
   pfxPassword:

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -50,20 +50,20 @@
     "@aws-sdk/client-route-53": "^3.964.0",
     "@aws-sdk/client-s3": "^3.964.0",
     "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
-    "@certd/commercial-core": "^1.38.12",
+    "@certd/commercial-core": "^1.39.0",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.12",
+    "@certd/jdcloud": "^1.39.0",
-    "@certd/lib-huawei": "^1.38.12",
+    "@certd/lib-huawei": "^1.39.0",
-    "@certd/lib-k8s": "^1.38.12",
+    "@certd/lib-k8s": "^1.39.0",
-    "@certd/lib-server": "^1.38.12",
+    "@certd/lib-server": "^1.39.0",
-    "@certd/midway-flyway-js": "^1.38.12",
+    "@certd/midway-flyway-js": "^1.39.0",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/pipeline": "^1.39.0",
-    "@certd/plugin-cert": "^1.38.12",
+    "@certd/plugin-cert": "^1.39.0",
-    "@certd/plugin-lib": "^1.38.12",
+    "@certd/plugin-lib": "^1.39.0",
-    "@certd/plugin-plus": "^1.38.12",
+    "@certd/plugin-plus": "^1.39.0",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/plus-core": "^1.39.0",
     "@google-cloud/publicca": "^1.3.0",
     "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
     "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",

packages/ui/certd-server/src/config/config.default.ts

@@ -80,7 +80,7 @@ const development = {
         type: 'better-sqlite3',
         database: './data/db.sqlite',
         synchronize: false, // 如果第一次使用，不存在表，有同步的需求可以写 true
-        logging: false,
+        logging: true,
         highlightSql: false,
 
         // 配置实体模型 或者 entities: '/entity',

packages/ui/certd-server/src/controller/sys/account/account-controller.ts

@@ -21,12 +21,18 @@ export class BasicController extends BaseController {
   @Post('/preBindUser', { summary: 'sys:settings:edit' })
   public async preBindUser(@Body(ALL) body: PreBindUserReq) {
     // 设置缓存内容
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
     await this.plusService.userPreBind(body.userId);
     return this.ok({});
   }
 
   @Post('/bindUser', { summary: 'sys:settings:edit' })
   public async bindUser(@Body(ALL) body: BindUserReq) {
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
     const installInfo: SysInstallInfo = await this.sysSettingsService.getSetting(SysInstallInfo);
     installInfo.bindUserId = body.userId;
     await this.sysSettingsService.saveSetting(installInfo);

packages/ui/certd-server/src/controller/sys/addon/addon-controller.ts

@@ -14,7 +14,7 @@ export class SysAddonController extends AddonController {
 
   async getProjectUserId(permission:string){
     return {
-      projectId:null,userId:0
+      projectId:null,userId:0 //0为系统级别
     }
   }
   getUserId() {

packages/ui/certd-server/src/controller/sys/enterprise/project-controller.ts

@@ -40,7 +40,7 @@ export class SysProjectController extends CrudController<ProjectEntity> {
     bean.userId = this.getUserId();
     return super.add({
       ...bean,
-      userId:0,
+      userId:-1, //企业用户id固定为-1
       adminId: bean.userId,
     });
   }

packages/ui/certd-server/src/controller/user/cname/cname-provider-controller.ts

@@ -20,8 +20,6 @@ export class CnameProviderController extends BaseController {
 
   @Post('/list', { summary: Constants.per.authOnly })
   async list(@Body(ALL) body: any) {
-    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
     const res = await this.providerService.list({});
     return this.ok(res);
   }

packages/ui/certd-server/src/controller/user/cname/cname-record-controller.ts

@@ -67,50 +67,51 @@ export class CnameRecordController extends CrudController<CnameRecordService> {
 
   @Post('/info', { summary: Constants.per.authOnly })
   async info(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.getService(), id, "read");
     return super.info(id);
   }
 
   @Post('/delete', { summary: Constants.per.authOnly })
   async delete(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.getService(), id, "write");
     return super.delete(id);
   }
 
   @Post('/deleteByIds', { summary: Constants.per.authOnly })
   async deleteByIds(@Body(ALL) body: any) {
+    const {userId,projectId} = await this.getProjectUserIdWrite();
     await this.service.delete(body.ids, {
-      userId: this.getUserId(),
+      userId,
+      projectId,
     });
     return this.ok();
   }
   @Post('/getByDomain', { summary: Constants.per.authOnly })
   async getByDomain(@Body(ALL) body: { domain: string; createOnNotFound: boolean }) {
-    const userId = this.getUserId();
+    const {userId,projectId} = await this.getProjectUserIdRead();
-    const res = await this.service.getByDomain(body.domain, userId, body.createOnNotFound);
+    const res = await this.service.getByDomain(body.domain, userId,projectId, body.createOnNotFound);
     return this.ok(res);
   }
 
   @Post('/verify', { summary: Constants.per.authOnly })
   async verify(@Body(ALL) body: { id: number }) {
-    const userId = this.getUserId();
+    await this.checkOwner(this.getService(), body.id, "read");
-    await this.service.checkUserId(body.id, userId);
     const res = await this.service.verify(body.id);
     return this.ok(res);
   }
 
   @Post('/resetStatus', { summary: Constants.per.authOnly })
   async resetStatus(@Body(ALL) body: { id: number }) {
-    const userId = this.getUserId();
+    await this.checkOwner(this.getService(), body.id, "read");
-    await this.service.checkUserId(body.id, userId);
     const res = await this.service.resetStatus(body.id);
     return this.ok(res);
   }
  @Post('/import', { summary: Constants.per.authOnly })
   async import(@Body(ALL) body: { domainList: string; cnameProviderId: any }) {
-    const userId = this.getUserId();
+    const {userId,projectId} = await this.getProjectUserIdWrite();
     const res = await this.service.doImport({
       userId,
+      projectId,
       domainList: body.domainList,
       cnameProviderId: body.cnameProviderId,
     });

packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts

@@ -164,8 +164,8 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
   //   // 3.  检查原域名是否有cname记录
   // }
 
-  async getWithAccessByDomain(domain: string, userId: number) {
+  async getWithAccessByDomain(domain: string, userId: number,projectId?:number) {
-    const record: CnameRecord = await this.getByDomain(domain, userId);
+    const record: CnameRecord = await this.getByDomain(domain, userId,projectId);
     if (record.cnameProvider.id > 0) {
       //自定义cname服务
       record.cnameProvider.access = await this.accessService.getAccessById(record.cnameProvider.accessId, false);
@@ -179,17 +179,17 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
     return record;
   }
 
-  async getByDomain(domain: string, userId: number, createOnNotFound = true) {
+  async getByDomain(domain: string, userId: number,projectId?:number, createOnNotFound = true) {
     if (!domain) {
       throw new ValidateException("domain不能为空");
     }
     if (userId == null) {
       throw new ValidateException("userId不能为空");
     }
-    let record = await this.getRepository().findOne({ where: { domain, userId } });
+    let record = await this.getRepository().findOne({ where: { domain, userId,projectId } });
     if (record == null) {
       if (createOnNotFound) {
-        record = await this.add({ domain, userId });
+        record = await this.add({ domain, userId,projectId });
       } else {
         throw new ValidateException(`找不到${domain}的CNAME记录`);
       }
@@ -489,8 +489,8 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
     await this.getRepository().update(id, { status: "cname", mainDomain: "" });
   }
 
-  async doImport(req:{ userId: number; domainList: string; cnameProviderId: any }) {
+  async doImport(req:{ userId: number; projectId: number; domainList: string; cnameProviderId: any }) {
-    const {userId,cnameProviderId,domainList} = req;
+    const {userId,projectId,cnameProviderId,domainList} = req;
     const domains = domainList.split("\n").map(item => item.trim()).filter(item => item.length > 0);
     if (domains.length === 0) {
       throw new ValidateException("域名列表不能为空");
@@ -504,18 +504,19 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
       key: "user_"+userId,
       title: "导入CNAME记录",
       run: async (task) => {
-        await this._import({ userId, domains, cnameProviderId },task);
+        await this._import({ userId,projectId, domains, cnameProviderId },task);
       }
     }));
   }
 
-  async _import(req :{ userId: number; domains: string[]; cnameProviderId: any },task:BackTask) {
+  async _import(req :{ userId: number; projectId: number; domains: string[]; cnameProviderId: any },task:BackTask) {
     const userId = req.userId;
     for (const domain of req.domains) {
       const old = await this.getRepository().findOne({
         where: {
           userId: req.userId,
           domain,
+          projectId: req.projectId,
         },
       });
       if (old) {
@@ -526,6 +527,7 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
           await this.add({
             userId,
             domain: domain,
+            projectId: req.projectId,
             cnameProviderId: req.cnameProviderId,
           });
       }catch(e){

packages/ui/certd-server/src/modules/mine/service/two-factor-service.ts

@@ -63,7 +63,7 @@ export class TwoFactorService {
   }
 
   async offAuthenticator(userId:number) {
-    if (!userId) {
+    if (!userId || userId <= 0) {
       throw new Error("userId is required");
     }
 

packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts

@@ -358,7 +358,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
   async checkList(sites: SiteInfoEntity[],isCommon: boolean) {
     const cache = {}
     const getFromCache = async (userId: number,projectId?: number) =>{
-      const key = `${userId}-${projectId??""}`
+      const key = `${userId}_${projectId??""}`
       if (cache[key]) {
         return cache[key];
       }
@@ -424,7 +424,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
     if (!req.text) {
       throw new Error("text is required");
     }
-    if (!req.userId) {
+    if (req.userId == null) {
       throw new Error("userId is required");
     }
 
@@ -479,7 +479,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
   }
 
   clearSiteMonitorJob(userId: number,projectId?: number) {
-    this.cron.remove(`siteMonitor-${userId}-${projectId||""}`);
+    this.cron.remove(`siteMonitor_${userId}_${projectId||""}`);
   }
 
   async registerSiteMonitorJob(userId?: number,projectId?: number) {
@@ -502,7 +502,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
       }
       //注册个人的 或项目的
       this.cron.register({
-        name: `siteMonitor-${userId}-${projectId||""}`,
+        name: `siteMonitor_${userId}_${projectId||""}`,
         cron: setting.cron,
         job: () => this.triggerJobOnce(userId,projectId),
       });
@@ -511,9 +511,9 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
   }
 
   async triggerJobOnce(userId?:number,projectId?:number) {
-    logger.info(`站点证书检查开始执行[${userId??'所有用户'}-${projectId??'所有项目'}]`);
+    logger.info(`站点证书检查开始执行[${userId??'所有用户'}_${projectId??'所有项目'}]`);
     const query:any = { disabled: false };
-    if(userId){
+    if(userId!=null){
       query.userId = userId;
       if(projectId){
         query.projectId = projectId;
@@ -541,7 +541,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
       await this.checkList(records,isCommon);
     }
 
-    logger.info(`站点证书检查完成[${userId??'所有用户'}-${projectId??'所有项目'}]`);
+    logger.info(`站点证书检查完成[${userId??'所有用户'}_${projectId??'所有项目'}]`);
   }
 
   async batchDelete(ids: number[], userId: number,projectId?:number): Promise<void> {

packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts

@@ -43,7 +43,7 @@ export class SiteIpService extends BaseService<SiteIpEntity> {
   }
 
   async add(data: SiteIpEntity) {
-    if (!data.userId) {
+    if (data.userId == null) {
       throw new Error("userId is required");
     }
     data.disabled = false;

packages/ui/certd-server/src/modules/pipeline/service/getter/cname-proxy-service.ts

@@ -2,13 +2,15 @@ import { CnameRecord, ICnameProxyService } from '@certd/pipeline';
 
 export class CnameProxyService implements ICnameProxyService {
   userId: number;
-  getter: <T>(domain: string, userId?: number) => Promise<T>;
+  projectId: number;
-  constructor(userId: number, getter: (domain: string, userId: number) => Promise<any>) {
+  getter: <T>(domain: string, userId?: number, projectId?: number) => Promise<T>;
+  constructor(userId: number, projectId: number, getter: (domain: string, userId: number, projectId: number) => Promise<any>) {
     this.userId = userId;
+    this.projectId = projectId;
     this.getter = getter;
   }
 
   async getByDomain(domain: string): Promise<CnameRecord> {
-    return await this.getter<CnameRecord>(domain, this.userId);
+    return await this.getter<CnameRecord>(domain, this.userId, this.projectId);
   }
 }

packages/ui/certd-server/src/modules/pipeline/service/getter/task-service-getter.ts

@@ -59,7 +59,7 @@ export class TaskServiceGetter implements IServiceGetter{
 
   async getCnameProxyService(): Promise<CnameProxyService> {
     const cnameRecordService:CnameRecordService = await  this.appCtx.getAsync("cnameRecordService")
-    return new CnameProxyService(this.userId, cnameRecordService.getWithAccessByDomain.bind(cnameRecordService));
+    return new CnameProxyService(this.userId, this.projectId, cnameRecordService.getWithAccessByDomain.bind(cnameRecordService));
   }
 
   async getNotificationService(): Promise<NotificationGetter> {

packages/ui/certd-server/src/modules/pipeline/service/history-service.ts

@@ -188,11 +188,11 @@ export class HistoryService extends BaseService<HistoryEntity> {
     const where: any = {
       createTime: MoreThan(todayEnd.add(-param.days, 'day').toDate()),
     };
-    if (param.userId > 0) {
+    
-      where.userId = param.userId;
-    }
     if (param.projectId > 0) {
       where.projectId = param.projectId;
+    }else if (param.userId > 0) {
+      where.userId = param.userId;
     }
     const result = await this.getRepository()
       .createQueryBuilder('main')

packages/ui/certd-server/src/modules/pipeline/service/notification-service.ts

@@ -138,21 +138,21 @@ export class NotificationService extends BaseService<NotificationEntity> {
     if (userId==null) {
       throw new ValidateException('userId不能为空');
     }
+    const query:any = {
+       userId,
+    }
+    if (projectId){
+      query.projectId = projectId
+    }
     await this.repository.update(
-      {
+      query,
-        userId,
-        projectId,
-      },
       {
         isDefault: false,
       }
     );
+    query.id = id
     await this.repository.update(
-      {
+     query,
-        id,
-        userId,
-        projectId,
-      },
       {
         isDefault: true,
       }

packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts

@@ -50,6 +50,7 @@ import { nanoid } from "nanoid";
 import { set } from "lodash-es";
 import { executorQueue } from "@certd/lib-server";
 import parser from "cron-parser";
+import { ProjectService } from "../../sys/enterprise/service/project-service.js";
 const runningTasks: Map<string | number, Executor> = new Map();
 
 
@@ -107,6 +108,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
   @Inject()
   certInfoService: CertInfoService;
 
+  @Inject()
+  projectService: ProjectService;
+
   //@ts-ignore
   getRepository() {
     return this.repository;
@@ -252,6 +256,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
       //修改
       old = await this.info(bean.id);
       bean.order = old.order;
+      bean.userId = old.userId;
+      bean.projectId = old.projectId;
     }
     if (!old || !old.webhookKey) {
       bean.webhookKey = await this.genWebhookKey();
@@ -262,6 +268,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
 
     const pipeline = JSON.parse(bean.content || "{}");
     RunnableCollection.initPipelineRunnableType(pipeline);
+    pipeline.userId = bean.userId;
+    pipeline.projectId = bean.projectId;
     let domains = [];
     if (pipeline.stages) {
       RunnableCollection.each(pipeline.stages, (runnable: any) => {
@@ -295,8 +303,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
     } else if (bean.type === "cert_auto") {
       fromType = "auto";
     }
-    const userId = pipeline.userId || bean.userId;
+    const userId = bean.userId;
-    const projectId = pipeline.projectId ?? bean.projectId ??null;
+    const projectId = bean.projectId ??null;
     await this.certInfoService.updateDomains(pipeline.id, userId, projectId ,  domains, fromType);
     return {
       ...bean,
@@ -672,9 +680,12 @@ export class PipelineService extends BaseService<PipelineEntity> {
     };
 
     const userId = entity.userId;
-    const historyId = await this.historyService.start(entity, triggerType);
+    const projectId = entity.projectId;
     let userIsAdmin = false
-    if(userId){
+
+    if (projectId && projectId>0) {
+      userIsAdmin = await this.projectService.isAdmin(projectId);
+    }else if(userId>0){
       userIsAdmin = await this.userService.isAdmin(userId);
     }
     const user: UserInfo = {
@@ -682,7 +693,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
       role: userIsAdmin ? "admin" : "user"
     };
 
-
+     const historyId = await this.historyService.start(entity, triggerType);
     const sysInfo: SysInfo = {};
     if (isComm()) {
       const siteInfo = await this.sysSettingsService.getSetting<SysSiteInfo>(SysSiteInfo);
@@ -690,7 +701,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
     }
 
     const taskServiceGetter = this.taskServiceBuilder.create({
-      userId
+      userId,
+      projectId
     });
     const accessGetter = await taskServiceGetter.get<IAccessService>("accessService");
     const notificationGetter = await taskServiceGetter.get<INotificationService>("notificationService");
@@ -920,7 +932,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
       throw new NeedVIPException("此功能需要升级专业版");
     }
     for (const id of ids) {
-      if (userId) {
+      if (userId && userId > 0) {
         await this.checkUserId(id, userId);
       }
       if(projectId){
@@ -1104,6 +1116,10 @@ export class PipelineService extends BaseService<PipelineEntity> {
 
 
   private async checkUserStatus(userId: number) {
+    if(isEnterprise()){
+      //企业模式不检查用户状态，都允许运行流水线
+      return 
+    }
     const userEntity = await this.userService.info(userId);
     if (userEntity == null) {
       throw new Error("用户不存在");

packages/ui/certd-server/src/modules/sys/enterprise/entity/project.ts

@@ -19,6 +19,10 @@ export class ProjectEntity {
   @Column({ name: 'disabled', comment: '禁用' })
   disabled: boolean;
 
+  @Column({ name: 'is_system', comment: '是否系统项目' })
+  isSystem: boolean; //系统项目内的流水线允许运行管理员级别的插件
+
+
   @Column({
     name: 'create_time',
     comment: '创建时间',

packages/ui/certd-server/src/modules/sys/enterprise/service/project-member-service.ts

@@ -23,7 +23,7 @@ export class ProjectMemberService extends BaseService<ProjectMemberEntity> {
     if (!projectId) {
       throw new Error('项目ID不能为空');
     }
-    if (!userId) {
+    if (!userId || userId <= 0) {
       throw new Error('用户ID不能为空');
     }
     const exist = await this.repository.findOne({

packages/ui/certd-server/src/modules/sys/enterprise/service/project-service.ts

@@ -11,9 +11,12 @@ const projectCache = new LRUCache<string, any>({
   ttl: 1000 * 60 * 10,
 });
 
+const ENTERPRISE_USER_ID = -1 //企业模式下 企业userId 固定为-1
+
 @Provide()
 @Scope(ScopeEnum.Request, { allowDowngrade: true })
 export class ProjectService extends BaseService<ProjectEntity> {
+ 
   @InjectEntityModel(ProjectEntity)
   repository: Repository<ProjectEntity>;
 
@@ -36,7 +39,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
     const exist = await this.repository.findOne({
       where: {
         name,
-        userId: 0,
+        userId: ENTERPRISE_USER_ID,
       },
     });
     if (exist) {
@@ -57,7 +60,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
   async setDisabled(id: number, disabled: boolean) {
     await this.repository.update({
       id,
-      userId: 0,
+      userId: ENTERPRISE_USER_ID,
     }, {
       disabled,
     });
@@ -66,10 +69,13 @@ export class ProjectService extends BaseService<ProjectEntity> {
   async getUserProjects(userId: number) {
 
     const memberList = await this.projectMemberService.getByUserId(userId, 'approved');
-    const projectIds = memberList.map(item => item.projectId);
+    let projectIds = memberList.map(item => item.projectId); 
+    if (!projectIds || projectIds.length === 0) {
+      projectIds = [0]
+    }
     const projectList = await this.repository.createQueryBuilder('project')
       .where(' project.disabled = false')
-      .where(' project.userId = :userId', { userId: 0 })
+      .where(' project.userId = :userId', { userId: ENTERPRISE_USER_ID })
       .where(' project.id IN (:...projectIds) or project.adminId = :userId', { projectIds, userId })
       .getMany();
 
@@ -93,7 +99,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
     let projectList: any = await this.find({
       where: {
         disabled: false,
-        userId: 0,
+        userId: ENTERPRISE_USER_ID,
       },
     })
     const projectMemberItemList: ProjectMemberItem[] = projectList
@@ -269,4 +275,9 @@ export class ProjectService extends BaseService<ProjectEntity> {
     })
   }
 
+   async isAdmin(projectId: number): Promise<boolean> {
+    const project = await this.info(projectId);
+    return project?.isSystem ?? false;
+  }
+
 }

packages/ui/certd-server/src/plugins/plugin-admin/plugin-db-backup.ts

@@ -157,9 +157,7 @@ export class DBBackupPlugin extends AbstractPlusTaskPlugin {
   async onInstance() {}
 
   async execute(): Promise<void> {
-    if (!this.isAdmin()) {
+    this.checkAdmin();
-      throw new Error("只有管理员才能运行此任务");
-    }
 
     this.logger.info("开始备份数据库");
 

packages/ui/certd-server/src/plugins/plugin-admin/plugin-deploy-to-certd.ts

@@ -32,9 +32,7 @@ export class DeployToCertdPlugin extends AbstractTaskPlugin {
   cert!: CertInfo;
   async onInstance() { }
   async execute(): Promise<void> {
-    if (!this.isAdmin()) {
+    this.checkAdmin();
-      throw new Error('只有管理员才能运行此任务');
-    }
 
     //部署证书
     let crtPath = "ssl/cert.crt";

packages/ui/certd-server/src/plugins/plugin-admin/plugin-restart.ts

@@ -17,9 +17,7 @@ import { httpsServer } from '../../modules/auto/https/server.js';
 export class RestartCertdPlugin extends AbstractTaskPlugin {
   async onInstance() {}
   async execute(): Promise<void> {
-    if (!this.isAdmin()) {
+    this.checkAdmin();
-      throw new Error('只有管理员才能运行此任务');
-    }
     this.logger.info('Certd https server 将在 3 秒后重启');
     await this.ctx.utils.sleep(3000);
     await httpsServer.restart();

packages/ui/certd-server/src/plugins/plugin-admin/plugin-script.ts

@@ -47,9 +47,7 @@ export class CustomScriptPlugin extends AbstractTaskPlugin {
 
   async onInstance() {}
   async execute(): Promise<void> {
-    if (!this.isAdmin()) {
+    this.checkAdmin();
-      throw new Error('只有管理员才能运行此任务');
-    }
     this.logger.info('执行自定义脚本:\n', this.script);
     const ctx: CustomScriptContext = {
       CertReader,

packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts

@@ -198,9 +198,7 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
     fs.copyFileSync(srcFile, destFile);
   }
   async execute(): Promise<void> {
-    if (!this.isAdmin()) {
+    this.checkAdmin();
-      throw new Error('只有管理员才能运行此任务');
-    }
 
     let { crtPath, keyPath, icPath, pfxPath, derPath, jksPath } = this;
     const certReader = new CertReader(this.cert);

packages/ui/certd-server/src/plugins/plugin-jdcloud/dns-provider.ts

@@ -34,8 +34,14 @@ export class JDCloudDnsProvider extends AbstractDnsProvider {
     if (!domainRes.result?.dataList?.length) {
       throw new Error(`域名${domain}在此京东云账号中不存在`)
     }
+    const list = domainRes.result.dataList
 
-    const domainId = domainRes.result.dataList[0].id
+    const found =  list.find((item) => item.domainName === domain)
+    if (!found){
+      throw new Error(`域名${domain}在此京东云账号中不存在`)
+    }
+
+    const domainId = found.id
     this.logger.info("域名ID：", domainId)
     /**
      * hostRecord	String	True		主机记录
@@ -55,11 +61,12 @@ export class JDCloudDnsProvider extends AbstractDnsProvider {
           hostRecord: hostRecord,
           hostValue: value,
           type: type,
-          ttl: 100,
+          ttl: 200,
+          viewValue:-1,
         }
       })
       return {
-        recordId: res.result.dataList[0].id,
+        recordId: res.result.dataList.id,
         domainId: domainId
       };
     }catch (e) {