github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'v2-dev' into v2-plugin

pull/370/head
xiaojunnuo 2025-04-05 00:48:23 +08:00
parent 545aa50898 9339b78f80
commit 021dc5b82c
8 changed files with 379 additions and 287 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
packages/core/acme-client/src/auto.js
View File

@ -1,10 +1,10 @@
/** /**
* ACME auto helper * ACME auto helper
*/ */
import { readCsrDomains } from './crypto/index.js'; import { readCsrDomains } from "./crypto/index.js";
import { log } from './logger.js'; import { log } from "./logger.js";
import { wait } from './wait.js'; import { wait } from "./wait.js";
import { CancelError } from './error.js'; import { CancelError } from "./error.js";
const defaultOpts = { const defaultOpts = {
@ -13,13 +13,13 @@ const defaultOpts = {
preferredChain: null, preferredChain: null,
termsOfServiceAgreed: false, termsOfServiceAgreed: false,
skipChallengeVerification: false, skipChallengeVerification: false,
challengePriority: ['http-01', 'dns-01'], challengePriority: ["http-01", "dns-01"],
challengeCreateFn: async () => { challengeCreateFn: async () => {
throw new Error('Missing challengeCreateFn()'); throw new Error("Missing challengeCreateFn()");
}, },
challengeRemoveFn: async () => { challengeRemoveFn: async () => {
throw new Error('Missing challengeRemoveFn()'); throw new Error("Missing challengeRemoveFn()");
}, }
}; };
/** /**
@ -30,7 +30,7 @@ const defaultOpts = {
* @returns {Promise<buffer>} Certificate * @returns {Promise<buffer>} Certificate
*/ */
export default async (client, userOpts) => { export default async (client, userOpts) => {
const opts = { ...defaultOpts, ...userOpts }; const opts = { ...defaultOpts, ...userOpts };
const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed }; const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed };
@ -49,14 +49,13 @@ export default async (client, userOpts) => {
* Register account * Register account
*/ */
log('[auto] Checking account'); log("[auto] Checking account");
try { try {
client.getAccountUrl(); client.getAccountUrl();
log('[auto] Account URL already exists, skipping account registration 证书申请账户已存在,跳过注册 '); log("[auto] Account URL already exists, skipping account registration 证书申请账户已存在,跳过注册 ");
} } catch (e) {
catch (e) { log("[auto] Registering account (注册证书申请账户)");
log('[auto] Registering account (注册证书申请账户)');
await client.createAccount(accountPayload); await client.createAccount(accountPayload);
} }
@ -64,7 +63,7 @@ export default async (client, userOpts) => {
* Parse domains from CSR * Parse domains from CSR
*/ */
log('[auto] Parsing domains from Certificate Signing Request '); log("[auto] Parsing domains from Certificate Signing Request ");
const { commonName, altNames } = readCsrDomains(opts.csr); const { commonName, altNames } = readCsrDomains(opts.csr);
const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d))); const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));
@ -74,8 +73,8 @@ export default async (client, userOpts) => {
* Place order * Place order
*/ */
log('[auto] Placing new certificate order with ACME provider'); log("[auto] Placing new certificate order with ACME provider");
const orderPayload = { identifiers: uniqueDomains.map((d) => ({ type: 'dns', value: d })) }; const orderPayload = { identifiers: uniqueDomains.map((d) => ({ type: "dns", value: d })) };
const order = await client.createOrder(orderPayload); const order = await client.createOrder(orderPayload);
const authorizations = await client.getAuthorizations(order); const authorizations = await client.getAuthorizations(order);
@ -85,82 +84,81 @@ export default async (client, userOpts) => {
* Resolve and satisfy challenges * Resolve and satisfy challenges
*/ */
log('[auto] Resolving and satisfying authorization challenges'); log("[auto] Resolving and satisfying authorization challenges");
const clearTasks = []; const clearTasks = [];
const localVerifyTasks = [];
const completeChallengeTasks = [];
const challengeFunc = async (authz) => { const challengeFunc = async (authz) => {
const d = authz.identifier.value; const d = authz.identifier.value;
let challengeCompleted = false; let challengeCompleted = false;
/* Skip authz that already has valid status */ /* Skip authz that already has valid status */
if (authz.status === 'valid') { if (authz.status === "valid") {
log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`); log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
return; return;
} }
const keyAuthorizationGetter = async (challenge) => { const keyAuthorizationGetter = async (challenge) => {
return await client.getChallengeKeyAuthorization(challenge); return await client.getChallengeKeyAuthorization(challenge);
} };
try { async function deactivateAuth(e) {
log(`[auto] [${d}] Trigger challengeCreateFn()`); log(`[auto] [${d}] Unable to complete challenge: ${e.message}`);
try { try {
const { recordReq, recordRes, dnsProvider,challenge ,keyAuthorization} = await opts.challengeCreateFn(authz, keyAuthorizationGetter); log(`[auto] [${d}] Deactivating failed authorization`);
clearTasks.push(async () => { await client.deactivateAuthorization(authz);
/* Trigger challengeRemoveFn(), suppress errors */ } catch (f) {
log(`[auto] [${d}] Trigger challengeRemoveFn()`); /* Suppress deactivateAuthorization() errors */
try { log(`[auto] [${d}] Authorization deactivation threw error: ${f.message}`);
await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
}
catch (e) {
log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
}
});
// throw new Error('测试异常');
/* Challenge verification */
if (opts.skipChallengeVerification === true) {
log(`[auto] [${d}] 跳过本地验证skipChallengeVerification=true等待 60s`);
await wait(60 * 1000);
}
else {
log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`);
try {
await client.verifyChallenge(authz, challenge);
}
catch (e) {
log(`[auto] [${d}] 本地验证失败尝试请求ACME提供商获取状态: ${e.message}`);
}
}
/* Complete challenge and wait for valid status */
log(`[auto] [${d}] 请求ACME提供商完成验证等待返回valid状态`);
await client.completeChallenge(challenge);
challengeCompleted = true;
await client.waitForValidStatus(challenge);
}
catch (e) {
log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
throw e;
} }
} }
catch (e) {
/* Deactivate pending authz when unable to complete challenge */
if (!challengeCompleted) {
log(`[auto] [${d}] Unable to complete challenge: ${e.message}`);
log(`[auto] [${d}] Trigger challengeCreateFn()`);
try {
const { recordReq, recordRes, dnsProvider, challenge, keyAuthorization } = await opts.challengeCreateFn(authz, keyAuthorizationGetter);
clearTasks.push(async () => {
/* Trigger challengeRemoveFn(), suppress errors */
log(`[auto] [${d}] Trigger challengeRemoveFn()`);
try { try {
log(`[auto] [${d}] Deactivating failed authorization`); await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
await client.deactivateAuthorization(authz); } catch (e) {
log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);
} }
catch (f) { });
/* Suppress deactivateAuthorization() errors */
log(`[auto] [${d}] Authorization deactivation threw error: ${f.message}`);
}
}
localVerifyTasks.push(async () => {
/* Challenge verification */
log(`[auto] [${d}] 开始本地验证, type = ${challenge.type}`);
try {
await client.verifyChallenge(authz, challenge);
} catch (e) {
log(`[auto] [${d}] 本地验证失败尝试请求ACME提供商获取状态: ${e.message}`);
}
});
completeChallengeTasks.push(async () => {
/* Complete challenge and wait for valid status */
log(`[auto] [${d}] 请求ACME提供商完成验证`);
try{
await client.completeChallenge(challenge);
}catch (e) {
await deactivateAuth(e);
throw e;
}
challengeCompleted = true;
log(`[auto] [${d}] 等待返回valid状态`);
await client.waitForValidStatus(challenge,d);
});
} catch (e) {
log(`[auto] [${d}] challengeCreateFn threw error: ${e.message}`);
await deactivateAuth(e);
throw e; throw e;
} }
}; };
const domainSets = []; const domainSets = [];
@ -168,7 +166,7 @@ export default async (client, userOpts) => {
const d = authz.identifier.value; const d = authz.identifier.value;
log(`authorization:domain = ${d}, value = ${JSON.stringify(authz)}`); log(`authorization:domain = ${d}, value = ${JSON.stringify(authz)}`);
if (authz.status === 'valid') { if (authz.status === "valid") {
log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`); log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
return; return;
} }
@ -192,8 +190,9 @@ export default async (client, userOpts) => {
const allChallengePromises = []; const allChallengePromises = [];
// eslint-disable-next-line no-restricted-syntax // eslint-disable-next-line no-restricted-syntax
const challengePromises = [];
allChallengePromises.push(challengePromises);
for (const domainSet of domainSets) { for (const domainSet of domainSets) {
const challengePromises = [];
// eslint-disable-next-line guard-for-in,no-restricted-syntax // eslint-disable-next-line guard-for-in,no-restricted-syntax
for (const domain in domainSet) { for (const domain in domainSet) {
const authz = domainSet[domain]; const authz = domainSet[domain];
@ -202,12 +201,11 @@ export default async (client, userOpts) => {
await challengeFunc(authz); await challengeFunc(authz);
}); });
} }
allChallengePromises.push(challengePromises);
} }
log(`[auto] challengeGroups:${allChallengePromises.length}`); log(`[auto] challengeGroups:${allChallengePromises.length}`);
function runAllPromise(tasks) { async function runAllPromise(tasks) {
let promise = Promise.resolve(); let promise = Promise.resolve();
tasks.forEach((task) => { tasks.forEach((task) => {
promise = promise.then(task); promise = promise.then(task);
@ -215,73 +213,60 @@ export default async (client, userOpts) => {
return promise; return promise;
} }
async function runPromisePa(tasks) { async function runPromisePa(tasks, waitTime = 5000) {
const results = []; const results = [];
// eslint-disable-next-line no-await-in-loop,no-restricted-syntax // eslint-disable-next-line no-await-in-loop,no-restricted-syntax
for (const task of tasks) { for (const task of tasks) {
results.push(task()); results.push(task());
// eslint-disable-next-line no-await-in-loop // eslint-disable-next-line no-await-in-loop
await wait(10000); await wait(waitTime);
} }
return Promise.all(results); return Promise.all(results);
} }
try { log(`开始challenge${allChallengePromises.length}`);
log(`开始challenge${allChallengePromises.length}`); let i = 0;
let i = 0; // eslint-disable-next-line no-restricted-syntax
// eslint-disable-next-line no-restricted-syntax for (const challengePromises of allChallengePromises) {
for (const challengePromises of allChallengePromises) { i += 1;
i += 1; log(`开始第${i}`);
log(`开始第${i}`); if (opts.signal && opts.signal.aborted) {
if (opts.signal && opts.signal.aborted) { throw new CancelError("用户取消");
throw new CancelError('用户取消'); }
try {
// eslint-disable-next-line no-await-in-loop
await runPromisePa(challengePromises);
if (opts.skipChallengeVerification === true) {
log(`跳过本地验证skipChallengeVerification=true等待 60s`);
await wait(60 * 1000);
} else {
await runPromisePa(localVerifyTasks, 1000);
log("本地校验完成等待30s")
await wait(30 * 1000)
} }
try { log("开始向提供商请求挑战验证");
// eslint-disable-next-line no-await-in-loop await runPromisePa(completeChallengeTasks, 1000);
await runPromisePa(challengePromises); } catch (e) {
} log(`证书申请失败${e.message}`);
catch (e) { throw e;
log(`证书申请失败${e.message}`); } finally {
throw e; // letsencrypt 如果同时检出两个TXT记录会以第一个为准就会校验失败所以需要提前删除
} // zerossl 此方式测试无问题
finally {
if (client.opts.sslProvider !== 'google') {
// letsencrypt 如果同时检出两个TXT记录会以第一个为准就会校验失败所以需要提前删除
// zerossl 此方式测试无问题
log(`清理challenge痕迹length:${clearTasks.length}`);
try {
// eslint-disable-next-line no-await-in-loop
await runAllPromise(clearTasks);
}
catch (e) {
log('清理challenge失败');
log(e);
}
}
}
}
}
finally {
if (client.opts.sslProvider === 'google') {
// google 相同的域名txt记录是一样的不能提前删除否则校验失败报错如下
// Error: The TXT record retrieved from _acme-challenge.bbc.handsfree.work.
// at the time the challenge was validated did not contain JshHVu7dt_DT6uYILWhokHefFVad2Q6Mw1L-fNZFcq8
// (the base64url-encoded SHA-256 digest of RlJZNBR0LWnxNK_xd2zqtYVvCiNJOKJ3J1NmCjU_9BjaUJgL3k-qSpIhQ-uF4FBS.NRyqT8fRiq6THzzrvkgzgR5Xai2LsA2SyGLAq_wT3qc).
// See https://tools.ietf.org/html/rfc8555#section-8.4 for more information.
log(`清理challenge痕迹length:${clearTasks.length}`); log(`清理challenge痕迹length:${clearTasks.length}`);
try { try {
// eslint-disable-next-line no-await-in-loop // eslint-disable-next-line no-await-in-loop
await runAllPromise(clearTasks); await runAllPromise(clearTasks);
} } catch (e) {
catch (e) { log("清理challenge失败");
log('清理challenge失败');
log(e); log(e);
} }
} }
} }
log('challenge结束');
log("challenge结束");
// log('[auto] Waiting for challenge valid status'); // log('[auto] Waiting for challenge valid status');
// await Promise.all(challengePromises); // await Promise.all(challengePromises);
@ -289,7 +274,7 @@ export default async (client, userOpts) => {
* Finalize order and download certificate * Finalize order and download certificate
*/ */
log('[auto] Finalizing order and downloading certificate'); log("[auto] Finalizing order and downloading certificate");
const finalized = await client.finalizeOrder(order, opts.csr); const finalized = await client.finalizeOrder(order, opts.csr);
const res = await client.getCertificate(finalized, opts.preferredChain); const res = await client.getCertificate(finalized, opts.preferredChain);
return res; return res;

12
packages/core/acme-client/src/client.js
View File

@ -554,9 +554,9 @@ class AcmeClient {
* ``` * ```
*/ */
async waitForValidStatus(item) { async waitForValidStatus(item,d) {
if (!item.url) { if (!item.url) {
throw new Error('Unable to verify status of item, URL not found'); throw new Error(`[${d}] Unable to verify status of item, URL not found`);
} }
const verifyFn = async (abort) => { const verifyFn = async (abort) => {
@ -568,23 +568,23 @@ class AcmeClient {
const resp = await this.api.apiRequest(item.url, null, [200]); const resp = await this.api.apiRequest(item.url, null, [200]);
/* Verify status */ /* Verify status */
log(`Item has status挑战状态: ${resp.data.status}`); log(`[${d}] Item has status挑战状态: ${resp.data.status}`);
if (invalidStates.includes(resp.data.status)) { if (invalidStates.includes(resp.data.status)) {
abort(); abort();
throw new Error(util.formatResponseError(resp)); throw new Error(util.formatResponseError(resp));
} }
else if (pendingStates.includes(resp.data.status)) { else if (pendingStates.includes(resp.data.status)) {
throw new Error('Operation is pending or processing当前仍然在等待状态'); throw new Error(`[${d}] Operation is pending or processing当前仍然在等待状态`);
} }
else if (validStates.includes(resp.data.status)) { else if (validStates.includes(resp.data.status)) {
return resp.data; return resp.data;
} }
throw new Error(`Unexpected item status: ${resp.data.status}`); throw new Error(`[${d}] Unexpected item status: ${resp.data.status}`);
}; };
log(`Waiting for valid status 等待valid状态: ${item.url}`, this.backoffOpts); log(`[${d}] Waiting for valid status 等待valid状态: ${item.url}`, this.backoffOpts);
return util.retry(verifyFn, this.backoffOpts); return util.retry(verifyFn, this.backoffOpts);
} }

6
packages/core/acme-client/src/verify.js
View File

@ -98,7 +98,7 @@ export async function walkTxtRecord(recordName,deep = 0) {
try { try {
/* Default DNS resolver first */ /* Default DNS resolver first */
log('从本地DNS服务器获取TXT解析记录'); log('从本地DNS服务器获取TXT解析记录');
const res = await walkDnsChallengeRecord(recordName,null,deep); const res = await walkDnsChallengeRecord(recordName,dns,deep);
if (res && res.length > 0) { if (res && res.length > 0) {
for (const item of res) { for (const item of res) {
txtRecords.push(item) txtRecords.push(item)
@ -147,12 +147,12 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '
let recordValues = await walkTxtRecord(recordName); let recordValues = await walkTxtRecord(recordName);
//去重 //去重
recordValues = [...new Set(recordValues)]; recordValues = [...new Set(recordValues)];
log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录`); log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录${recordValues}`);
if (!recordValues.length || !recordValues.includes(keyAuthorization)) { if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
throw new Error(`没有找到需要的DNS TXT记录: ${recordName},期望:${keyAuthorization},结果:${recordValues}`); throw new Error(`没有找到需要的DNS TXT记录: ${recordName},期望:${keyAuthorization},结果:${recordValues}`);
} }
log(`关键授权匹配成功(${challenge.type}/${recordName},校验成功, ACME challenge verified`); log(`关键授权匹配成功(${challenge.type}/${recordName}:${keyAuthorization},校验成功, ACME challenge verified`);
return true; return true;
} }

6
packages/ui/certd-client/src/style/antdv4.less
View File

@ -60,3 +60,9 @@
footer{ footer{
background-color: hsl(var(--card)) !important; background-color: hsl(var(--card)) !important;
} }
.ant-select-multiple .ant-select-selection-item-remove{
display: flex;
align-items: center;
}

152
packages/ui/certd-server/src/plugins/plugin-huawei/dns-provider/huawei-dns-provider.ts
View File

@ -1,37 +1,38 @@
import * as _ from 'lodash-es'; import * as _ from "lodash-es";
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert'; import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
import { Autowire } from '@certd/pipeline'; import { Autowire } from "@certd/pipeline";
import { HuaweiAccess } from '../access/index.js'; import { HuaweiAccess } from "../access/index.js";
import { ApiRequestOptions, HuaweiYunClient } from '@certd/lib-huawei'; import { ApiRequestOptions, HuaweiYunClient } from "@certd/lib-huawei";
export type SearchRecordOptions = { export type SearchRecordOptions = {
zoneId: string; zoneId: string;
} & CreateRecordOptions; } & CreateRecordOptions;
@IsDnsProvider({ @IsDnsProvider({
name: 'huawei', name: "huawei",
title: '华为云', title: "华为云",
desc: '华为云DNS解析提供商', desc: "华为云DNS解析提供商",
accessType: 'huawei', accessType: "huawei",
icon: 'svg:icon-huawei', icon: "svg:icon-huawei"
}) })
export class HuaweiDnsProvider extends AbstractDnsProvider { export class HuaweiDnsProvider extends AbstractDnsProvider {
client!: HuaweiYunClient; client!: HuaweiYunClient;
@Autowire() @Autowire()
access!: HuaweiAccess; access!: HuaweiAccess;
domainEndpoint = 'https://domains-external.myhuaweicloud.com'; domainEndpoint = "https://domains-external.myhuaweicloud.com";
dnsEndpoint = 'https://dns.cn-south-1.myhuaweicloud.com'; dnsEndpoint = "https://dns.cn-south-1.myhuaweicloud.com";
async onInstance() { async onInstance() {
const access: any = this.access; const access: any = this.access;
this.client = new HuaweiYunClient(access,this.logger); this.client = new HuaweiYunClient(access, this.logger);
} }
async getDomainList() { async getDomainList() {
const url = `${this.dnsEndpoint}/v2/zones`; const url = `${this.dnsEndpoint}/v2/zones`;
const ret = await this.client.request({ const ret = await this.client.request({
url, url,
method: 'GET', method: "GET"
}); });
return ret.zones; return ret.zones;
} }
@ -40,21 +41,21 @@ export class HuaweiDnsProvider extends AbstractDnsProvider {
const zoneList = await this.getDomainList(); const zoneList = await this.getDomainList();
let zoneRecord = null; let zoneRecord = null;
for (const item of zoneList) { for (const item of zoneList) {
if (_.endsWith(dnsRecord + '.', item.name)) { if (_.endsWith(dnsRecord + ".", item.name)) {
zoneRecord = item; zoneRecord = item;
break; break;
} }
} }
if (!zoneRecord) { if (!zoneRecord) {
throw new Error('can not find Domain ,' + dnsRecord); throw new Error("can not find Domain ," + dnsRecord);
} }
return zoneRecord; return zoneRecord;
} }
async searchRecord(options: SearchRecordOptions): Promise<any> { async searchRecord(options: SearchRecordOptions): Promise<any> {
const req: ApiRequestOptions = { const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${options.zoneId}/recordsets?name=${options.fullRecord}.`, url: `${this.dnsEndpoint}/v2/zones/${options.zoneId}/recordsets?search_mode=equal&name=${options.fullRecord}.&type=${options.type}`,
method: 'GET', method: "GET"
}; };
const ret = await this.client.request(req); const ret = await this.client.request(req);
return ret.recordsets; return ret.recordsets;
@ -62,59 +63,120 @@ export class HuaweiDnsProvider extends AbstractDnsProvider {
async createRecord(options: CreateRecordOptions): Promise<any> { async createRecord(options: CreateRecordOptions): Promise<any> {
const { fullRecord, value, type } = options; const { fullRecord, value, type } = options;
this.logger.info('添加域名解析:', fullRecord, value); this.logger.info("添加域名解析:", fullRecord, value);
this.logger.info("查询是否有重复记录");
const zoneRecord = await this.matchDomain(fullRecord); const zoneRecord = await this.matchDomain(fullRecord);
const zoneId = zoneRecord.id; const zoneId = zoneRecord.id;
const records: any = await this.searchRecord({ const records: any = await this.searchRecord({
zoneId, zoneId,
...options, ...options
}); });
this.logger.info(`查询${options.type}数量:${records.length}`);
let found = null;
const hwRecordValue = `"${value}"`;
if (records && records.length > 0) { if (records && records.length > 0) {
for (const record of records) { found = records[0];
await this.removeRecord({ this.logger.info(`记录:${found.id},${found.records}`);
recordRes: record, if (found.records.includes(hwRecordValue)) {
recordReq: options, // this.logger.info(`删除重复记录:${record.id}`)
}); // await this.removeRecord({
// recordRes: record,
// recordReq: options,
// });
this.logger.info(`无需重复添加:${found.records}`);
return found;
} }
} }
try { if (found) {
//修改
const req: ApiRequestOptions = { const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets`, url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: 'POST', method: "PUT",
data: { data: {
name: fullRecord + '.', name: fullRecord + ".",
type, type,
records: [`"${value}"`], records: [hwRecordValue, ...found.records]
}, }
}; };
const ret = await this.client.request(req); const ret = await this.client.request(req);
this.logger.info('添加域名解析成功:', value, ret); this.logger.info("添加域名解析成功:", value, ret);
return ret; return ret;
} catch (e: any) { } else {
if (e.code === 'DNS.0312') { //创建
return; try {
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets`,
method: "POST",
data: {
name: fullRecord + ".",
type,
records: [hwRecordValue]
}
};
const ret = await this.client.request(req);
this.logger.info("添加域名解析成功:", value, ret);
return ret;
} catch (e: any) {
if (e.code === "DNS.0312") {
return;
}
this.logger.info("添加域名解析出错", e);
throw e;
} }
this.logger.info('添加域名解析出错', e);
throw e;
} }
} }
async removeRecord(options: RemoveRecordOptions<any>): Promise<any> { async removeRecord(options: RemoveRecordOptions<any>): Promise<any> {
const { fullRecord, value } = options.recordReq; const { fullRecord, value } = options.recordReq;
const record = options.recordRes; const record = options.recordRes;
if (!record) { if (!record) {
this.logger.info('解析记录recordId为空不执行删除', fullRecord, value); this.logger.info("解析记录recordId为空不执行删除", fullRecord, value);
return; return;
} }
const req: ApiRequestOptions = { const zoneId = record.zone_id;
url: `${this.dnsEndpoint}/v2/zones/${record.zone_id}/recordsets/${record.id}`,
method: 'DELETE',
};
const ret = await this.client.request(req); //查询原来的记录
this.logger.info('删除域名解析成功:', fullRecord, value, ret.RecordId); const records: any = await this.searchRecord({
return ret.RecordId; zoneId,
...options.recordReq
});
const hwRecordValue = `"${value}"`;
if (records && records.length > 0) {
//找到记录
const found = records[0];
if (found.records.includes(hwRecordValue)) {
if (found.records.length > 1) {
//修改
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "PUT",
data: {
name: fullRecord + ".",
type: found.type,
records: found.records.filter((item: string) => item !== hwRecordValue)
}
};
const ret = await this.client.request(req);
this.logger.info("修改域名解析成功[put]:", value, ret);
} else {
//删除
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "DELETE"
};
const ret = await this.client.request(req);
this.logger.info("删除域名解析成功[delete]:", fullRecord, value, ret.RecordId);
}
}else{
this.logger.info("没有找到records无需删除", fullRecord, value,found);
}
}else{
this.logger.info("删除域名解析失败,没有找到解析记录", fullRecord, value);
}
} }
} }

77
packages/ui/certd-server/src/plugins/plugin-upyun/client.ts Normal file
View File

@ -0,0 +1,77 @@
import { UpyunAccess } from "./access.js";
import { HttpClient, ILogger } from "@certd/basic";
import { CertInfo } from "@certd/plugin-cert";
export type UpyunClientOptions = {
access: UpyunAccess
logger: ILogger;
http: HttpClient
}
export class UpyunClient {
opts: UpyunClientOptions;
constructor(opts: UpyunClientOptions) {
this.opts = opts;
}
async uploadCert(cookie: string,cert:CertInfo) {
// https://console.upyun.com/api/https/certificate/
const res = await this.doRequest({
cookie: cookie,
url: "https://console.upyun.com/api/https/certificate/",
method: "POST",
data: {
certificate: cert.crt,
private_key: cert.key
}
});
return res.data.result.certificate_id;
}
async getLoginToken() {
const access = this.opts.access
const http = this.opts.http;
const res = await http.request({
url: "https://console.upyun.com/accounts/signin/",
method: "POST",
data: {
username: access.username,
password: access.password
},
logRes: false,
returnResponse: true
});
if (res.data?.errors?.length > 0) {
throw new Error(JSON.stringify(res.data.msg));
}
const cookie = res.headers["set-cookie"];
return cookie;
}
async doRequest(req: {
cookie: string,
url: string,
method: string,
data: any
}) {
const res = await this.opts.http.request({
url: req.url,
method: req.method,
data: req.data,
headers: {
Cookie: req.cookie
}
});
if (res.msg.errors.length > 0) {
throw new Error(JSON.stringify(res.msg));
}
if(res.data?.error_code){
throw new Error(res.data?.message);
}
return res;
}
}

1
packages/ui/certd-server/src/plugins/plugin-upyun/index.ts
View File

@ -1,2 +1,3 @@
export * from './plugins/index.js'; export * from './plugins/index.js';
export * from './access.js'; export * from './access.js';
export * from './client.js';

183
packages/ui/certd-server/src/plugins/plugin-upyun/plugins/plugin-depoy-to-cdn.ts
View File

@ -1,35 +1,38 @@
import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline'; import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertInfo } from '@certd/plugin-cert'; import { CertInfo } from "@certd/plugin-cert";
import { AbstractPlusTaskPlugin } from '@certd/plugin-plus'; import { AbstractPlusTaskPlugin } from "@certd/plugin-plus";
import { UpyunAccess } from '../access.js'; import { UpyunAccess } from "../access.js";
import {createCertDomainGetterInputDefine, createRemoteSelectInputDefine} from '@certd/plugin-lib'; import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import { CertApplyPluginNames} from '@certd/plugin-cert'; import { CertApplyPluginNames } from "@certd/plugin-cert";
import {optionsUtils} from "@certd/basic/dist/utils/util.options.js"; import { optionsUtils } from "@certd/basic/dist/utils/util.options.js";
import { UpyunClient } from "../client.js";
@IsTaskPlugin({ @IsTaskPlugin({
//命名规范,插件名称+功能就是目录plugin-demo中的demo大写字母开头驼峰命名 //命名规范,插件名称+功能就是目录plugin-demo中的demo大写字母开头驼峰命名
name: 'UpyunDeployToCdn', name: "UpyunDeployToCdn",
title: '又拍云-部署证书到CDN', title: "又拍云-部署证书到CDN/USS",
icon: 'svg:icon-upyun', icon: "svg:icon-upyun",
desc:"支持又拍云CDN又拍云云存储USS",
//插件分组 //插件分组
group: pluginGroups.cdn.key, group: pluginGroups.cdn.key,
needPlus: true, needPlus: true,
default: { default: {
//默认值配置照抄即可 //默认值配置照抄即可
strategy: { strategy: {
runStrategy: RunStrategy.SkipWhenSucceed, runStrategy: RunStrategy.SkipWhenSucceed
}, }
}, }
}) })
//类名规范跟上面插件名称name一致 //类名规范跟上面插件名称name一致
export class UpyunDeployToCdn extends AbstractPlusTaskPlugin { export class UpyunDeployToCdn extends AbstractPlusTaskPlugin {
//证书选择,此项必须要有 //证书选择,此项必须要有
@TaskInput({ @TaskInput({
title: '域名证书', title: "域名证书",
helper: '请选择前置任务输出的域名证书', helper: "请选择前置任务输出的域名证书",
component: { component: {
name: 'output-selector', name: "output-selector",
from: [...CertApplyPluginNames], from: [...CertApplyPluginNames]
}, }
// required: true, // 必填 // required: true, // 必填
}) })
cert!: CertInfo; cert!: CertInfo;
@ -38,142 +41,99 @@ export class UpyunDeployToCdn extends AbstractPlusTaskPlugin {
certDomains!: string[]; certDomains!: string[];
//授权选择框 //授权选择框
@TaskInput({ @TaskInput({
title: 'Upyun授权', title: "Upyun授权",
component: { component: {
name: 'access-selector', name: "access-selector",
type: 'upyun', //固定授权类型 type: "upyun" //固定授权类型
}, },
required: true, //必填 required: true //必填
}) })
accessId!: string; accessId!: string;
// //
@TaskInput( @TaskInput(
createRemoteSelectInputDefine({ createRemoteSelectInputDefine({
title: 'CDN加速域名', title: "加速域名",
helper: '选择CDN加速域名可以手动输入', helper: "选择加速域名,可以手动输入",
typeName: 'UpyunDeployToCdn', typeName: "UpyunDeployToCdn",
action: UpyunDeployToCdn.prototype.onGetCdnList.name, action: UpyunDeployToCdn.prototype.onGetCdnList.name,
watches: ['accessId'], watches: ["accessId"]
}) })
) )
cdnList!: string[]; cdnList!: string[];
//插件实例化时执行的方法 //插件实例化时执行的方法
async onInstance() {} async onInstance() {
}
//插件执行方法 //插件执行方法
async execute(): Promise<void> { async execute(): Promise<void> {
const access = await this.accessService.getById<UpyunAccess>(this.accessId);
const cookie = await this.getLoginToken(); const upyunClient = new UpyunClient({
access,
logger: this.logger,
http: this.ctx.http
});
const cookie = await upyunClient.getLoginToken();
this.logger.info(`登录成功`); this.logger.info(`登录成功`);
const certId = await this.uploadCert(cookie); const certId = await upyunClient.uploadCert(cookie, this.cert);
this.logger.info(`上传证书成功:${certId}`); this.logger.info(`上传证书成功:${certId}`);
for (const item of this.cdnList) { for (const item of this.cdnList) {
this.logger.info(`开始部署证书:${item}`); this.logger.info(`开始部署证书:${item}`);
const res = await this.doRequest({ const res = await upyunClient.doRequest({
cookie:cookie, cookie: cookie,
url: 'https://console.upyun.com/api/https/migrate/domain', url: "https://console.upyun.com/api/https/migrate/domain",
method: 'POST', method: "POST",
data:{ data: {
crt_id: certId, crt_id: certId,
domain_name : item domain_name: item
} }
}) });
this.logger.info(`部署成功:${JSON.stringify(res)}`); this.logger.info(`部署成功:${JSON.stringify(res)}`);
} }
this.logger.info('部署成功'); this.logger.info("部署成功");
} }
async uploadCert(cookie:string){
// https://console.upyun.com/api/https/certificate/
const res = await this.doRequest({
cookie:cookie,
url: 'https://console.upyun.com/api/https/certificate/',
method: 'POST',
data:{
certificate: this.cert.crt,
private_key: this.cert.key
}
})
return res.data.result.certificate_id
}
async getLoginToken(){
const access = await this.accessService.getById<UpyunAccess>(this.accessId)
const res = await this.http.request({
url: 'https://console.upyun.com/accounts/signin/',
method: 'POST',
data:{
username: access.username,
password: access.password
},
logRes:false,
returnResponse:true
});
if (res.data?.errors?.length>0) {
throw new Error(JSON.stringify(res.data.msg));
}
const cookie = res.headers['set-cookie'];
return cookie;
}
async doRequest(req:{
cookie:string,
url:string,
method:string,
data:any
}){
const res = await this.http.request({
url: req.url,
method: req.method,
data:req.data,
headers:{
Cookie: req.cookie
}
})
if (res.msg.errors.length>0) {
throw new Error(JSON.stringify(res.msg));
}
return res
}
async onGetCdnList() { async onGetCdnList() {
if(!this.accessId){ if (!this.accessId) {
throw new Error('accessId不能为空'); throw new Error("accessId不能为空");
} }
const access = await this.accessService.getById<UpyunAccess>(this.accessId);
const cookie = await this.getLoginToken(); const upyunClient = new UpyunClient({
access,
logger: this.logger,
http: this.ctx.http
});
const cookie = await upyunClient.getLoginToken();
const req = { const req = {
cookie, cookie,
url: 'https://console.upyun.com/api/v2/buckets/?bucket_name=&with_domains=true&business_type=file&perPage=100&page=1&tag=all&state=all&type=ucdn&security_cdn=false', url: "https://console.upyun.com/api/account/domains/?limit=15&business_type=file&security_cdn=false&websocket=false&key=&domain=",
method: 'GET', method: "GET",
data:{} data: {}
} };
const res = await this.doRequest(req); const res = await upyunClient.doRequest(req);
const buckets = res.data?.buckets; const domains = res.data?.domains;
if(!buckets || buckets.length === 0){ if (!domains || domains.length === 0) {
throw new Error('没有找到CDN加速域名'); throw new Error("没有找到加速域名");
} }
const list= [] const list = [];
for (const item of buckets) { for (const domain of domains) {
for (const domain of item.domains) { list.push({
list.push({ domain: domain.domain,
domain:domain.domain, bucket: domain.bucket_name
bucket:item.bucket_name });
});
}
} }
const options = list.map((item: any) => { const options = list.map((item: any) => {
return { return {
value: item.domain, value: item.domain,
label: `${item.domain}<${item.bucket}>`, label: `${item.domain}<${item.bucket}>`,
domain: item.domain, domain: item.domain
}; };
}); });
return optionsUtils.buildGroupOptions(options, this.certDomains); return optionsUtils.buildGroupOptions(options, this.certDomains);
@ -181,5 +141,6 @@ export class UpyunDeployToCdn extends AbstractPlusTaskPlugin {
} }
} }
//实例化一下,注册插件 //实例化一下,注册插件
new UpyunDeployToCdn(); new UpyunDeployToCdn();