github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'v2-dev' into v2-plugin

pull/370/head
xiaojunnuo 2025-04-05 00:48:23 +08:00
parent 545aa50898 9339b78f80
commit 021dc5b82c
8 changed files with 379 additions and 287 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
packages/core/acme-client/src/auto.js
View File

@ -1,10 +1,10 @@
/**
* ACME auto helper
*/
import { readCsrDomains } from './crypto/index.js';
import { log } from './logger.js';
import { wait } from './wait.js';
import { CancelError } from './error.js';
import { readCsrDomains } from "./crypto/index.js";
import { log } from "./logger.js";
import { wait } from "./wait.js";
import { CancelError } from "./error.js";
const defaultOpts = {
@ -13,13 +13,13 @@ const defaultOpts = {
preferredChain: null,
termsOfServiceAgreed: false,
skipChallengeVerification: false,
challengePriority: ['http-01', 'dns-01'],
challengePriority: ["http-01", "dns-01"],
challengeCreateFn: async () => {
throw new Error('Missing challengeCreateFn()');
throw new Error("Missing challengeCreateFn()");
},
challengeRemoveFn: async () => {
throw new Error('Missing challengeRemoveFn()');
},
throw new Error("Missing challengeRemoveFn()");
}
};
/**
@ -30,7 +30,7 @@ const defaultOpts = {
* @returns {Promise<buffer>} Certificate
*/
export default async (client, userOpts) => {
export default async (client, userOpts) => {
const opts = { ...defaultOpts, ...userOpts };
const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed };
@ -49,14 +49,13 @@ export default async (client, userOpts) => {
* Register account
*/
log('[auto] Checking account');
log("[auto] Checking account");
try {
client.getAccountUrl();
log('[auto] Account URL already exists, skipping account registration 证书申请账户已存在,跳过注册 ');
}
catch (e) {
log('[auto] Registering account (注册证书申请账户)');
log("[auto] Account URL already exists, skipping account registration 证书申请账户已存在,跳过注册 ");
} catch (e) {
log("[auto] Registering account (注册证书申请账户)");
await client.createAccount(accountPayload);
}
@ -64,7 +63,7 @@ export default async (client, userOpts) => {
* Parse domains from CSR
*/
log('[auto] Parsing domains from Certificate Signing Request ');
log("[auto] Parsing domains from Certificate Signing Request ");
const { commonName, altNames } = readCsrDomains(opts.csr);
const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));
@ -74,8 +73,8 @@ export default async (client, userOpts) => {
* Place order
*/
log('[auto] Placing new certificate order with ACME provider');
const orderPayload = { identifiers: uniqueDomains.map((d) => ({ type: 'dns', value: d })) };
log("[auto] Placing new certificate order with ACME provider");
const orderPayload = { identifiers: uniqueDomains.map((d) => ({ type: "dns", value: d })) };
const order = await client.createOrder(orderPayload);
const authorizations = await client.getAuthorizations(order);
@ -85,82 +84,81 @@ export default async (client, userOpts) => {
* Resolve and satisfy challenges
*/
log('[auto] Resolving and satisfying authorization challenges');
log("[auto] Resolving and satisfying authorization challenges");
const clearTasks = [];
const localVerifyTasks = [];
const completeChallengeTasks = [];
const challengeFunc = async (authz) => {
const d = authz.identifier.value;
let challengeCompleted = false;
/* Skip authz that already has valid status */
if (authz.status === 'valid') {
if (authz.status === "valid") {
log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
return;
}
const keyAuthorizationGetter = async (challenge) => {
return await client.getChallengeKeyAuthorization(challenge);
}
};
try {
log(`[auto] [${d}] Trigger challengeCreateFn()`);
async function deactivateAuth(e) {
log(`[auto] [${d}] Unable to complete challenge: ${e.message}`);
try {
const { recordReq, recordRes, dnsProvider,challenge ,keyAuthorization} = await opts.challengeCreateFn(authz, keyAuthorizationGetter);
clearTasks.push(async () => {
/* Trigger challengeRemoveFn(), suppress errors */
log(`[auto] [${d}] Trigger challengeRemoveFn()`);
try {
await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
}
catch (e) {
log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
}
});
// throw new Error('测试异常');
/* Challenge verification */
if (opts.skipChallengeVerification === true) {
log(`[auto] [${d}] 跳过本地验证skipChallengeVerification=true等待 60s`);
await wait(60 * 1000);
}
else {
log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`);
try {
await client.verifyChallenge(authz, challenge);
}
catch (e) {
log(`[auto] [${d}] 本地验证失败尝试请求ACME提供商获取状态: ${e.message}`);
}
}
/* Complete challenge and wait for valid status */
log(`[auto] [${d}] 请求ACME提供商完成验证等待返回valid状态`);
await client.completeChallenge(challenge);
challengeCompleted = true;
await client.waitForValidStatus(challenge);
}
catch (e) {
log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
throw e;
log(`[auto] [${d}] Deactivating failed authorization`);
await client.deactivateAuthorization(authz);
} catch (f) {
/* Suppress deactivateAuthorization() errors */
log(`[auto] [${d}] Authorization deactivation threw error: ${f.message}`);
}
}
catch (e) {
/* Deactivate pending authz when unable to complete challenge */
if (!challengeCompleted) {
log(`[auto] [${d}] Unable to complete challenge: ${e.message}`);
log(`[auto] [${d}] Trigger challengeCreateFn()`);
try {
const { recordReq, recordRes, dnsProvider, challenge, keyAuthorization } = await opts.challengeCreateFn(authz, keyAuthorizationGetter);
clearTasks.push(async () => {
/* Trigger challengeRemoveFn(), suppress errors */
log(`[auto] [${d}] Trigger challengeRemoveFn()`);
try {
log(`[auto] [${d}] Deactivating failed authorization`);
await client.deactivateAuthorization(authz);
await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
} catch (e) {
log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
}
catch (f) {
/* Suppress deactivateAuthorization() errors */
log(`[auto] [${d}] Authorization deactivation threw error: ${f.message}`);
}
}
});
localVerifyTasks.push(async () => {
/* Challenge verification */
log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`);
try {
await client.verifyChallenge(authz, challenge);
} catch (e) {
log(`[auto] [${d}] 本地验证失败尝试请求ACME提供商获取状态: ${e.message}`);
}
});
completeChallengeTasks.push(async () => {
/* Complete challenge and wait for valid status */
log(`[auto] [${d}] 请求ACME提供商完成验证`);
try{
await client.completeChallenge(challenge);
}catch (e) {
await deactivateAuth(e);
throw e;
}
challengeCompleted = true;
log(`[auto] [${d}] 等待返回valid状态`);
await client.waitForValidStatus(challenge,d);
});
} catch (e) {
log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
await deactivateAuth(e);
throw e;
}
};
const domainSets = [];
@ -168,7 +166,7 @@ export default async (client, userOpts) => {
const d = authz.identifier.value;
log(`authorization:domain = ${d}, value = ${JSON.stringify(authz)}`);
if (authz.status === 'valid') {
if (authz.status === "valid") {
log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
return;
}
@ -192,8 +190,9 @@ export default async (client, userOpts) => {
const allChallengePromises = [];
// eslint-disable-next-line no-restricted-syntax
const challengePromises = [];
allChallengePromises.push(challengePromises);
for (const domainSet of domainSets) {
const challengePromises = [];
// eslint-disable-next-line guard-for-in,no-restricted-syntax
for (const domain in domainSet) {
const authz = domainSet[domain];
@ -202,12 +201,11 @@ export default async (client, userOpts) => {
await challengeFunc(authz);
});
}
allChallengePromises.push(challengePromises);
}
log(`[auto] challengeGroups:${allChallengePromises.length}`);
function runAllPromise(tasks) {
async function runAllPromise(tasks) {
let promise = Promise.resolve();
tasks.forEach((task) => {
promise = promise.then(task);
@ -215,73 +213,60 @@ export default async (client, userOpts) => {
return promise;
}
async function runPromisePa(tasks) {
async function runPromisePa(tasks, waitTime = 5000) {
const results = [];
// eslint-disable-next-line no-await-in-loop,no-restricted-syntax
for (const task of tasks) {
results.push(task());
// eslint-disable-next-line no-await-in-loop
await wait(10000);
await wait(waitTime);
}
return Promise.all(results);
}
try {
log(`开始challenge${allChallengePromises.length}`);
let i = 0;
// eslint-disable-next-line no-restricted-syntax
for (const challengePromises of allChallengePromises) {
i += 1;
log(`开始第${i}`);
if (opts.signal && opts.signal.aborted) {
throw new CancelError('用户取消');
log(`开始challenge${allChallengePromises.length}`);
let i = 0;
// eslint-disable-next-line no-restricted-syntax
for (const challengePromises of allChallengePromises) {
i += 1;
log(`开始第${i}`);
if (opts.signal && opts.signal.aborted) {
throw new CancelError("用户取消");
}
try {
// eslint-disable-next-line no-await-in-loop
await runPromisePa(challengePromises);
if (opts.skipChallengeVerification === true) {
log(`跳过本地验证skipChallengeVerification=true等待 60s`);
await wait(60 * 1000);
} else {
await runPromisePa(localVerifyTasks, 1000);
log("本地校验完成等待30s")
await wait(30 * 1000)
}
try {
// eslint-disable-next-line no-await-in-loop
await runPromisePa(challengePromises);
}
catch (e) {
log(`证书申请失败${e.message}`);
throw e;
}
finally {
if (client.opts.sslProvider !== 'google') {
// letsencrypt 如果同时检出两个TXT记录会以第一个为准就会校验失败所以需要提前删除
// zerossl 此方式测试无问题
log(`清理challenge痕迹length:${clearTasks.length}`);
try {
// eslint-disable-next-line no-await-in-loop
await runAllPromise(clearTasks);
}
catch (e) {
log('清理challenge失败');
log(e);
}
}
}
}
}
finally {
if (client.opts.sslProvider === 'google') {
// google 相同的域名txt记录是一样的不能提前删除否则校验失败报错如下
// Error: The TXT record retrieved from _acme-challenge.bbc.handsfree.work.
// at the time the challenge was validated did not contain JshHVu7dt_DT6uYILWhokHefFVad2Q6Mw1L-fNZFcq8
// (the base64url-encoded SHA-256 digest of RlJZNBR0LWnxNK_xd2zqtYVvCiNJOKJ3J1NmCjU_9BjaUJgL3k-qSpIhQ-uF4FBS.NRyqT8fRiq6THzzrvkgzgR5Xai2LsA2SyGLAq_wT3qc).
// See https://tools.ietf.org/html/rfc8555#section-8.4 for more information.
log("开始向提供商请求挑战验证");
await runPromisePa(completeChallengeTasks, 1000);
} catch (e) {
log(`证书申请失败${e.message}`);
throw e;
} finally {
// letsencrypt 如果同时检出两个TXT记录会以第一个为准就会校验失败所以需要提前删除
// zerossl 此方式测试无问题
log(`清理challenge痕迹length:${clearTasks.length}`);
try {
// eslint-disable-next-line no-await-in-loop
// eslint-disable-next-line no-await-in-loop
await runAllPromise(clearTasks);
}
catch (e) {
log('清理challenge失败');
} catch (e) {
log("清理challenge失败");
log(e);
}
}
}
log('challenge结束');
log("challenge结束");
// log('[auto] Waiting for challenge valid status');
// await Promise.all(challengePromises);
@ -289,7 +274,7 @@ export default async (client, userOpts) => {
* Finalize order and download certificate
*/
log('[auto] Finalizing order and downloading certificate');
log("[auto] Finalizing order and downloading certificate");
const finalized = await client.finalizeOrder(order, opts.csr);
const res = await client.getCertificate(finalized, opts.preferredChain);
return res;

12
packages/core/acme-client/src/client.js
View File

@ -554,9 +554,9 @@ class AcmeClient {
* ```
*/
async waitForValidStatus(item) {
async waitForValidStatus(item,d) {
if (!item.url) {
throw new Error('Unable to verify status of item, URL not found');
throw new Error(`[${d}] Unable to verify status of item, URL not found`);
}
const verifyFn = async (abort) => {
@ -568,23 +568,23 @@ class AcmeClient {
const resp = await this.api.apiRequest(item.url, null, [200]);
/* Verify status */
log(`Item has status挑战状态: ${resp.data.status}`);
log(`[${d}] Item has status挑战状态: ${resp.data.status}`);
if (invalidStates.includes(resp.data.status)) {
abort();
throw new Error(util.formatResponseError(resp));
}
else if (pendingStates.includes(resp.data.status)) {
throw new Error('Operation is pending or processing当前仍然在等待状态');
throw new Error(`[${d}] Operation is pending or processing当前仍然在等待状态`);
}
else if (validStates.includes(resp.data.status)) {
return resp.data;
}
throw new Error(`Unexpected item status: ${resp.data.status}`);
throw new Error(`[${d}] Unexpected item status: ${resp.data.status}`);
};
log(`Waiting for valid status 等待valid状态: ${item.url}`, this.backoffOpts);
log(`[${d}] Waiting for valid status 等待valid状态: ${item.url}`, this.backoffOpts);
return util.retry(verifyFn, this.backoffOpts);
}

6
packages/core/acme-client/src/verify.js
View File

@ -98,7 +98,7 @@ export async function walkTxtRecord(recordName,deep = 0) {
try {
/* Default DNS resolver first */
log('从本地DNS服务器获取TXT解析记录');
const res = await walkDnsChallengeRecord(recordName,null,deep);
const res = await walkDnsChallengeRecord(recordName,dns,deep);
if (res && res.length > 0) {
for (const item of res) {
txtRecords.push(item)
@ -147,12 +147,12 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '
let recordValues = await walkTxtRecord(recordName);
//去重
recordValues = [...new Set(recordValues)];
log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录`);
log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录${recordValues}`);
if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
throw new Error(`没有找到需要的DNS TXT记录: ${recordName},期望:${keyAuthorization},结果:${recordValues}`);
}
log(`关键授权匹配成功(${challenge.type}/${recordName},校验成功, ACME challenge verified`);
log(`关键授权匹配成功(${challenge.type}/${recordName}:${keyAuthorization},校验成功, ACME challenge verified`);
return true;
}

6
packages/ui/certd-client/src/style/antdv4.less
View File

@ -60,3 +60,9 @@
footer{
background-color: hsl(var(--card)) !important;
}
.ant-select-multiple .ant-select-selection-item-remove{
display: flex;
align-items: center;
}

152
packages/ui/certd-server/src/plugins/plugin-huawei/dns-provider/huawei-dns-provider.ts
View File

@ -1,37 +1,38 @@
import * as _ from 'lodash-es';
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { Autowire } from '@certd/pipeline';
import * as _ from "lodash-es";
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
import { Autowire } from "@certd/pipeline";
import { HuaweiAccess } from '../access/index.js';
import { ApiRequestOptions, HuaweiYunClient } from '@certd/lib-huawei';
import { HuaweiAccess } from "../access/index.js";
import { ApiRequestOptions, HuaweiYunClient } from "@certd/lib-huawei";
export type SearchRecordOptions = {
zoneId: string;
} & CreateRecordOptions;
@IsDnsProvider({
name: 'huawei',
title: '华为云',
desc: '华为云DNS解析提供商',
accessType: 'huawei',
icon: 'svg:icon-huawei',
name: "huawei",
title: "华为云",
desc: "华为云DNS解析提供商",
accessType: "huawei",
icon: "svg:icon-huawei"
})
export class HuaweiDnsProvider extends AbstractDnsProvider {
client!: HuaweiYunClient;
@Autowire()
access!: HuaweiAccess;
domainEndpoint = 'https://domains-external.myhuaweicloud.com';
dnsEndpoint = 'https://dns.cn-south-1.myhuaweicloud.com';
domainEndpoint = "https://domains-external.myhuaweicloud.com";
dnsEndpoint = "https://dns.cn-south-1.myhuaweicloud.com";
async onInstance() {
const access: any = this.access;
this.client = new HuaweiYunClient(access,this.logger);
this.client = new HuaweiYunClient(access, this.logger);
}
async getDomainList() {
const url = `${this.dnsEndpoint}/v2/zones`;
const ret = await this.client.request({
url,
method: 'GET',
method: "GET"
});
return ret.zones;
}
@ -40,21 +41,21 @@ export class HuaweiDnsProvider extends AbstractDnsProvider {
const zoneList = await this.getDomainList();
let zoneRecord = null;
for (const item of zoneList) {
if (_.endsWith(dnsRecord + '.', item.name)) {
if (_.endsWith(dnsRecord + ".", item.name)) {
zoneRecord = item;
break;
}
}
if (!zoneRecord) {
throw new Error('can not find Domain ,' + dnsRecord);
throw new Error("can not find Domain ," + dnsRecord);
}
return zoneRecord;
}
async searchRecord(options: SearchRecordOptions): Promise<any> {
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${options.zoneId}/recordsets?name=${options.fullRecord}.`,
method: 'GET',
url: `${this.dnsEndpoint}/v2/zones/${options.zoneId}/recordsets?search_mode=equal&name=${options.fullRecord}.&type=${options.type}`,
method: "GET"
};
const ret = await this.client.request(req);
return ret.recordsets;
@ -62,59 +63,120 @@ export class HuaweiDnsProvider extends AbstractDnsProvider {
async createRecord(options: CreateRecordOptions): Promise<any> {
const { fullRecord, value, type } = options;
this.logger.info('添加域名解析:', fullRecord, value);
this.logger.info("添加域名解析:", fullRecord, value);
this.logger.info("查询是否有重复记录");
const zoneRecord = await this.matchDomain(fullRecord);
const zoneId = zoneRecord.id;
const records: any = await this.searchRecord({
zoneId,
...options,
...options
});
this.logger.info(`查询${options.type}数量:${records.length}`);
let found = null;
const hwRecordValue = `"${value}"`;
if (records && records.length > 0) {
for (const record of records) {
await this.removeRecord({
recordRes: record,
recordReq: options,
});
found = records[0];
this.logger.info(`记录:${found.id},${found.records}`);
if (found.records.includes(hwRecordValue)) {
// this.logger.info(`删除重复记录:${record.id}`)
// await this.removeRecord({
// recordRes: record,
// recordReq: options,
// });
this.logger.info(`无需重复添加:${found.records}`);
return found;
}
}
try {
if (found) {
//修改
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets`,
method: 'POST',
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "PUT",
data: {
name: fullRecord + '.',
name: fullRecord + ".",
type,
records: [`"${value}"`],
},
records: [hwRecordValue, ...found.records]
}
};
const ret = await this.client.request(req);
this.logger.info('添加域名解析成功:', value, ret);
this.logger.info("添加域名解析成功:", value, ret);
return ret;
} catch (e: any) {
if (e.code === 'DNS.0312') {
return;
} else {
//创建
try {
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets`,
method: "POST",
data: {
name: fullRecord + ".",
type,
records: [hwRecordValue]
}
};
const ret = await this.client.request(req);
this.logger.info("添加域名解析成功:", value, ret);
return ret;
} catch (e: any) {
if (e.code === "DNS.0312") {
return;
}
this.logger.info("添加域名解析出错", e);
throw e;
}
this.logger.info('添加域名解析出错', e);
throw e;
}
}
async removeRecord(options: RemoveRecordOptions<any>): Promise<any> {
const { fullRecord, value } = options.recordReq;
const record = options.recordRes;
if (!record) {
this.logger.info('解析记录recordId为空不执行删除', fullRecord, value);
this.logger.info("解析记录recordId为空不执行删除", fullRecord, value);
return;
}
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${record.zone_id}/recordsets/${record.id}`,
method: 'DELETE',
};
const zoneId = record.zone_id;
const ret = await this.client.request(req);
this.logger.info('删除域名解析成功:', fullRecord, value, ret.RecordId);
return ret.RecordId;
//查询原来的记录
const records: any = await this.searchRecord({
zoneId,
...options.recordReq
});
const hwRecordValue = `"${value}"`;
if (records && records.length > 0) {
//找到记录
const found = records[0];
if (found.records.includes(hwRecordValue)) {
if (found.records.length > 1) {
//修改
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "PUT",
data: {
name: fullRecord + ".",
type: found.type,
records: found.records.filter((item: string) => item !== hwRecordValue)
}
};
const ret = await this.client.request(req);
this.logger.info("修改域名解析成功[put]:", value, ret);
} else {
//删除
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "DELETE"
};
const ret = await this.client.request(req);
this.logger.info("删除域名解析成功[delete]:", fullRecord, value, ret.RecordId);
}
}else{
this.logger.info("没有找到records无需删除", fullRecord, value,found);
}
}else{
this.logger.info("删除域名解析失败,没有找到解析记录", fullRecord, value);
}
}
}

77
packages/ui/certd-server/src/plugins/plugin-upyun/client.ts Normal file
View File

@ -0,0 +1,77 @@
import { UpyunAccess } from "./access.js";
import { HttpClient, ILogger } from "@certd/basic";
import { CertInfo } from "@certd/plugin-cert";
export type UpyunClientOptions = {
access: UpyunAccess
logger: ILogger;
http: HttpClient
}
export class UpyunClient {
opts: UpyunClientOptions;
constructor(opts: UpyunClientOptions) {
this.opts = opts;
}
async uploadCert(cookie: string,cert:CertInfo) {
// https://console.upyun.com/api/https/certificate/
const res = await this.doRequest({
cookie: cookie,
url: "https://console.upyun.com/api/https/certificate/",
method: "POST",
data: {
certificate: cert.crt,
private_key: cert.key
}
});
return res.data.result.certificate_id;
}
async getLoginToken() {
const access = this.opts.access
const http = this.opts.http;
const res = await http.request({
url: "https://console.upyun.com/accounts/signin/",
method: "POST",
data: {
username: access.username,
password: access.password
},
logRes: false,
returnResponse: true
});
if (res.data?.errors?.length > 0) {
throw new Error(JSON.stringify(res.data.msg));
}
const cookie = res.headers["set-cookie"];
return cookie;
}
async doRequest(req: {
cookie: string,
url: string,
method: string,
data: any
}) {
const res = await this.opts.http.request({
url: req.url,
method: req.method,
data: req.data,
headers: {
Cookie: req.cookie
}
});
if (res.msg.errors.length > 0) {
throw new Error(JSON.stringify(res.msg));
}
if(res.data?.error_code){
throw new Error(res.data?.message);
}
return res;
}
}

1
packages/ui/certd-server/src/plugins/plugin-upyun/index.ts
View File

@ -1,2 +1,3 @@
export * from './plugins/index.js';
export * from './access.js';
export * from './client.js';

183
packages/ui/certd-server/src/plugins/plugin-upyun/plugins/plugin-depoy-to-cdn.ts
View File

@ -1,35 +1,38 @@
import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { CertInfo } from '@certd/plugin-cert';
import { AbstractPlusTaskPlugin } from '@certd/plugin-plus';
import { UpyunAccess } from '../access.js';
import {createCertDomainGetterInputDefine, createRemoteSelectInputDefine} from '@certd/plugin-lib';
import { CertApplyPluginNames} from '@certd/plugin-cert';
import {optionsUtils} from "@certd/basic/dist/utils/util.options.js";
import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertInfo } from "@certd/plugin-cert";
import { AbstractPlusTaskPlugin } from "@certd/plugin-plus";
import { UpyunAccess } from "../access.js";
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import { CertApplyPluginNames } from "@certd/plugin-cert";
import { optionsUtils } from "@certd/basic/dist/utils/util.options.js";
import { UpyunClient } from "../client.js";
@IsTaskPlugin({
//命名规范,插件名称+功能就是目录plugin-demo中的demo大写字母开头驼峰命名
name: 'UpyunDeployToCdn',
title: '又拍云-部署证书到CDN',
icon: 'svg:icon-upyun',
name: "UpyunDeployToCdn",
title: "又拍云-部署证书到CDN/USS",
icon: "svg:icon-upyun",
desc:"支持又拍云CDN又拍云云存储USS",
//插件分组
group: pluginGroups.cdn.key,
needPlus: true,
default: {
//默认值配置照抄即可
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
runStrategy: RunStrategy.SkipWhenSucceed
}
}
})
//类名规范跟上面插件名称name一致
export class UpyunDeployToCdn extends AbstractPlusTaskPlugin {
//证书选择,此项必须要有
@TaskInput({
title: '域名证书',
helper: '请选择前置任务输出的域名证书',
title: "域名证书",
helper: "请选择前置任务输出的域名证书",
component: {
name: 'output-selector',
from: [...CertApplyPluginNames],
},
name: "output-selector",
from: [...CertApplyPluginNames]
}
// required: true, // 必填
})
cert!: CertInfo;
@ -38,142 +41,99 @@ export class UpyunDeployToCdn extends AbstractPlusTaskPlugin {
certDomains!: string[];
//授权选择框
@TaskInput({
title: 'Upyun授权',
title: "Upyun授权",
component: {
name: 'access-selector',
type: 'upyun', //固定授权类型
name: "access-selector",
type: "upyun" //固定授权类型
},
required: true, //必填
required: true //必填
})
accessId!: string;
//
@TaskInput(
createRemoteSelectInputDefine({
title: 'CDN加速域名',
helper: '选择CDN加速域名可以手动输入',
typeName: 'UpyunDeployToCdn',
title: "加速域名",
helper: "选择加速域名,可以手动输入",
typeName: "UpyunDeployToCdn",
action: UpyunDeployToCdn.prototype.onGetCdnList.name,
watches: ['accessId'],
watches: ["accessId"]
})
)
cdnList!: string[];
//插件实例化时执行的方法
async onInstance() {}
async onInstance() {
}
//插件执行方法
async execute(): Promise<void> {
const access = await this.accessService.getById<UpyunAccess>(this.accessId);
const cookie = await this.getLoginToken();
const upyunClient = new UpyunClient({
access,
logger: this.logger,
http: this.ctx.http
});
const cookie = await upyunClient.getLoginToken();
this.logger.info(`登录成功`);
const certId = await this.uploadCert(cookie);
const certId = await upyunClient.uploadCert(cookie, this.cert);
this.logger.info(`上传证书成功:${certId}`);
for (const item of this.cdnList) {
this.logger.info(`开始部署证书:${item}`);
const res = await this.doRequest({
cookie:cookie,
url: 'https://console.upyun.com/api/https/migrate/domain',
method: 'POST',
data:{
const res = await upyunClient.doRequest({
cookie: cookie,
url: "https://console.upyun.com/api/https/migrate/domain",
method: "POST",
data: {
crt_id: certId,
domain_name : item
domain_name: item
}
})
});
this.logger.info(`部署成功:${JSON.stringify(res)}`);
}
this.logger.info('部署成功');
this.logger.info("部署成功");
}
async uploadCert(cookie:string){
// https://console.upyun.com/api/https/certificate/
const res = await this.doRequest({
cookie:cookie,
url: 'https://console.upyun.com/api/https/certificate/',
method: 'POST',
data:{
certificate: this.cert.crt,
private_key: this.cert.key
}
})
return res.data.result.certificate_id
}
async getLoginToken(){
const access = await this.accessService.getById<UpyunAccess>(this.accessId)
const res = await this.http.request({
url: 'https://console.upyun.com/accounts/signin/',
method: 'POST',
data:{
username: access.username,
password: access.password
},
logRes:false,
returnResponse:true
});
if (res.data?.errors?.length>0) {
throw new Error(JSON.stringify(res.data.msg));
}
const cookie = res.headers['set-cookie'];
return cookie;
}
async doRequest(req:{
cookie:string,
url:string,
method:string,
data:any
}){
const res = await this.http.request({
url: req.url,
method: req.method,
data:req.data,
headers:{
Cookie: req.cookie
}
})
if (res.msg.errors.length>0) {
throw new Error(JSON.stringify(res.msg));
}
return res
}
async onGetCdnList() {
if(!this.accessId){
throw new Error('accessId不能为空');
if (!this.accessId) {
throw new Error("accessId不能为空");
}
const access = await this.accessService.getById<UpyunAccess>(this.accessId);
const cookie = await this.getLoginToken();
const upyunClient = new UpyunClient({
access,
logger: this.logger,
http: this.ctx.http
});
const cookie = await upyunClient.getLoginToken();
const req = {
cookie,
url: 'https://console.upyun.com/api/v2/buckets/?bucket_name=&with_domains=true&business_type=file&perPage=100&page=1&tag=all&state=all&type=ucdn&security_cdn=false',
method: 'GET',
data:{}
}
const res = await this.doRequest(req);
url: "https://console.upyun.com/api/account/domains/?limit=15&business_type=file&security_cdn=false&websocket=false&key=&domain=",
method: "GET",
data: {}
};
const res = await upyunClient.doRequest(req);
const buckets = res.data?.buckets;
if(!buckets || buckets.length === 0){
throw new Error('没有找到CDN加速域名');
const domains = res.data?.domains;
if (!domains || domains.length === 0) {
throw new Error("没有找到加速域名");
}
const list= []
for (const item of buckets) {
for (const domain of item.domains) {
list.push({
domain:domain.domain,
bucket:item.bucket_name
});
}
const list = [];
for (const domain of domains) {
list.push({
domain: domain.domain,
bucket: domain.bucket_name
});
}
const options = list.map((item: any) => {
return {
value: item.domain,
label: `${item.domain}<${item.bucket}>`,
domain: item.domain,
domain: item.domain
};
});
return optionsUtils.buildGroupOptions(options, this.certDomains);
@ -181,5 +141,6 @@ export class UpyunDeployToCdn extends AbstractPlusTaskPlugin {
}
}
//实例化一下,注册插件
new UpyunDeployToCdn();