github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

perf: 优化华为dns解析记录创建和删除问题

pull/361/head
xiaojunnuo 2025-04-05 00:24:57 +08:00
parent 857589b365
commit 0948c5bc69
5 changed files with 124 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/core/acme-client/src/auto.js
View File

@ -149,7 +149,7 @@ export default async (client, userOpts) => {
} }
challengeCompleted = true; challengeCompleted = true;
log(`[auto] [${d}] 等待返回valid状态`); log(`[auto] [${d}] 等待返回valid状态`);
await client.waitForValidStatus(challenge); await client.waitForValidStatus(challenge,d);
}); });
@ -242,6 +242,8 @@ export default async (client, userOpts) => {
await wait(60 * 1000); await wait(60 * 1000);
} else { } else {
await runPromisePa(localVerifyTasks, 1000); await runPromisePa(localVerifyTasks, 1000);
log("本地校验完成等待30s")
await wait(30 * 1000)
} }
log("开始向提供商请求挑战验证"); log("开始向提供商请求挑战验证");

12
packages/core/acme-client/src/client.js
View File

@ -554,9 +554,9 @@ class AcmeClient {
* ``` * ```
*/ */
async waitForValidStatus(item) { async waitForValidStatus(item,d) {
if (!item.url) { if (!item.url) {
throw new Error('Unable to verify status of item, URL not found'); throw new Error(`[${d}] Unable to verify status of item, URL not found`);
} }
const verifyFn = async (abort) => { const verifyFn = async (abort) => {
@ -568,23 +568,23 @@ class AcmeClient {
const resp = await this.api.apiRequest(item.url, null, [200]); const resp = await this.api.apiRequest(item.url, null, [200]);
/* Verify status */ /* Verify status */
log(`Item has status挑战状态: ${resp.data.status}`); log(`[${d}] Item has status挑战状态: ${resp.data.status}`);
if (invalidStates.includes(resp.data.status)) { if (invalidStates.includes(resp.data.status)) {
abort(); abort();
throw new Error(util.formatResponseError(resp)); throw new Error(util.formatResponseError(resp));
} }
else if (pendingStates.includes(resp.data.status)) { else if (pendingStates.includes(resp.data.status)) {
throw new Error('Operation is pending or processing当前仍然在等待状态'); throw new Error(`[${d}] Operation is pending or processing当前仍然在等待状态`);
} }
else if (validStates.includes(resp.data.status)) { else if (validStates.includes(resp.data.status)) {
return resp.data; return resp.data;
} }
throw new Error(`Unexpected item status: ${resp.data.status}`); throw new Error(`[${d}] Unexpected item status: ${resp.data.status}`);
}; };
log(`Waiting for valid status 等待valid状态: ${item.url}`, this.backoffOpts); log(`[${d}] Waiting for valid status 等待valid状态: ${item.url}`, this.backoffOpts);
return util.retry(verifyFn, this.backoffOpts); return util.retry(verifyFn, this.backoffOpts);
} }

4
packages/core/acme-client/src/verify.js
View File

@ -147,12 +147,12 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '
let recordValues = await walkTxtRecord(recordName); let recordValues = await walkTxtRecord(recordName);
//去重 //去重
recordValues = [...new Set(recordValues)]; recordValues = [...new Set(recordValues)];
log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录`); log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录${recordValues}`);
if (!recordValues.length || !recordValues.includes(keyAuthorization)) { if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
throw new Error(`没有找到需要的DNS TXT记录: ${recordName},期望:${keyAuthorization},结果:${recordValues}`); throw new Error(`没有找到需要的DNS TXT记录: ${recordName},期望:${keyAuthorization},结果:${recordValues}`);
} }
log(`关键授权匹配成功(${challenge.type}/${recordName},校验成功, ACME challenge verified`); log(`关键授权匹配成功(${challenge.type}/${recordName}:${keyAuthorization},校验成功, ACME challenge verified`);
return true; return true;
} }

6
packages/ui/certd-client/src/style/antdv4.less
View File

@ -60,3 +60,9 @@
footer{ footer{
background-color: hsl(var(--card)) !important; background-color: hsl(var(--card)) !important;
} }
.ant-select-multiple .ant-select-selection-item-remove{
display: flex;
align-items: center;
}

138
packages/ui/certd-server/src/plugins/plugin-huawei/dns-provider/huawei-dns-provider.ts
View File

@ -1,27 +1,28 @@
import * as _ from 'lodash-es'; import * as _ from "lodash-es";
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert'; import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
import { Autowire } from '@certd/pipeline'; import { Autowire } from "@certd/pipeline";
import { HuaweiAccess } from '../access/index.js'; import { HuaweiAccess } from "../access/index.js";
import { ApiRequestOptions, HuaweiYunClient } from '@certd/lib-huawei'; import { ApiRequestOptions, HuaweiYunClient } from "@certd/lib-huawei";
export type SearchRecordOptions = { export type SearchRecordOptions = {
zoneId: string; zoneId: string;
} & CreateRecordOptions; } & CreateRecordOptions;
@IsDnsProvider({ @IsDnsProvider({
name: 'huawei', name: "huawei",
title: '华为云', title: "华为云",
desc: '华为云DNS解析提供商', desc: "华为云DNS解析提供商",
accessType: 'huawei', accessType: "huawei",
icon: 'svg:icon-huawei', icon: "svg:icon-huawei"
}) })
export class HuaweiDnsProvider extends AbstractDnsProvider { export class HuaweiDnsProvider extends AbstractDnsProvider {
client!: HuaweiYunClient; client!: HuaweiYunClient;
@Autowire() @Autowire()
access!: HuaweiAccess; access!: HuaweiAccess;
domainEndpoint = 'https://domains-external.myhuaweicloud.com'; domainEndpoint = "https://domains-external.myhuaweicloud.com";
dnsEndpoint = 'https://dns.cn-south-1.myhuaweicloud.com'; dnsEndpoint = "https://dns.cn-south-1.myhuaweicloud.com";
async onInstance() { async onInstance() {
const access: any = this.access; const access: any = this.access;
this.client = new HuaweiYunClient(access, this.logger); this.client = new HuaweiYunClient(access, this.logger);
@ -31,7 +32,7 @@ export class HuaweiDnsProvider extends AbstractDnsProvider {
const url = `${this.dnsEndpoint}/v2/zones`; const url = `${this.dnsEndpoint}/v2/zones`;
const ret = await this.client.request({ const ret = await this.client.request({
url, url,
method: 'GET', method: "GET"
}); });
return ret.zones; return ret.zones;
} }
@ -40,21 +41,21 @@ export class HuaweiDnsProvider extends AbstractDnsProvider {
const zoneList = await this.getDomainList(); const zoneList = await this.getDomainList();
let zoneRecord = null; let zoneRecord = null;
for (const item of zoneList) { for (const item of zoneList) {
if (_.endsWith(dnsRecord + '.', item.name)) { if (_.endsWith(dnsRecord + ".", item.name)) {
zoneRecord = item; zoneRecord = item;
break; break;
} }
} }
if (!zoneRecord) { if (!zoneRecord) {
throw new Error('can not find Domain ,' + dnsRecord); throw new Error("can not find Domain ," + dnsRecord);
} }
return zoneRecord; return zoneRecord;
} }
async searchRecord(options: SearchRecordOptions): Promise<any> { async searchRecord(options: SearchRecordOptions): Promise<any> {
const req: ApiRequestOptions = { const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${options.zoneId}/recordsets?name=${options.fullRecord}.`, url: `${this.dnsEndpoint}/v2/zones/${options.zoneId}/recordsets?search_mode=equal&name=${options.fullRecord}.&type=${options.type}`,
method: 'GET', method: "GET"
}; };
const ret = await this.client.request(req); const ret = await this.client.request(req);
return ret.recordsets; return ret.recordsets;
@ -62,59 +63,120 @@ export class HuaweiDnsProvider extends AbstractDnsProvider {
async createRecord(options: CreateRecordOptions): Promise<any> { async createRecord(options: CreateRecordOptions): Promise<any> {
const { fullRecord, value, type } = options; const { fullRecord, value, type } = options;
this.logger.info('添加域名解析:', fullRecord, value); this.logger.info("添加域名解析:", fullRecord, value);
this.logger.info("查询是否有重复记录");
const zoneRecord = await this.matchDomain(fullRecord); const zoneRecord = await this.matchDomain(fullRecord);
const zoneId = zoneRecord.id; const zoneId = zoneRecord.id;
const records: any = await this.searchRecord({ const records: any = await this.searchRecord({
zoneId, zoneId,
...options, ...options
}); });
this.logger.info(`查询${options.type}数量:${records.length}`);
let found = null;
const hwRecordValue = `"${value}"`;
if (records && records.length > 0) { if (records && records.length > 0) {
for (const record of records) { found = records[0];
await this.removeRecord({ this.logger.info(`记录:${found.id},${found.records}`);
recordRes: record, if (found.records.includes(hwRecordValue)) {
recordReq: options, // this.logger.info(`删除重复记录:${record.id}`)
}); // await this.removeRecord({
// recordRes: record,
// recordReq: options,
// });
this.logger.info(`无需重复添加:${found.records}`);
return found;
} }
} }
if (found) {
//修改
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "PUT",
data: {
name: fullRecord + ".",
type,
records: [hwRecordValue, ...found.records]
}
};
const ret = await this.client.request(req);
this.logger.info("添加域名解析成功:", value, ret);
return ret;
} else {
//创建
try { try {
const req: ApiRequestOptions = { const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets`, url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets`,
method: 'POST', method: "POST",
data: { data: {
name: fullRecord + '.', name: fullRecord + ".",
type, type,
records: [`"${value}"`], records: [hwRecordValue]
}, }
}; };
const ret = await this.client.request(req); const ret = await this.client.request(req);
this.logger.info('添加域名解析成功:', value, ret); this.logger.info("添加域名解析成功:", value, ret);
return ret; return ret;
} catch (e: any) { } catch (e: any) {
if (e.code === 'DNS.0312') { if (e.code === "DNS.0312") {
return; return;
} }
this.logger.info('添加域名解析出错', e); this.logger.info("添加域名解析出错", e);
throw e; throw e;
} }
} }
}
async removeRecord(options: RemoveRecordOptions<any>): Promise<any> { async removeRecord(options: RemoveRecordOptions<any>): Promise<any> {
const { fullRecord, value } = options.recordReq; const { fullRecord, value } = options.recordReq;
const record = options.recordRes; const record = options.recordRes;
if (!record) { if (!record) {
this.logger.info('解析记录recordId为空不执行删除', fullRecord, value); this.logger.info("解析记录recordId为空不执行删除", fullRecord, value);
return; return;
} }
const req: ApiRequestOptions = { const zoneId = record.zone_id;
url: `${this.dnsEndpoint}/v2/zones/${record.zone_id}/recordsets/${record.id}`,
method: 'DELETE',
};
//查询原来的记录
const records: any = await this.searchRecord({
zoneId,
...options.recordReq
});
const hwRecordValue = `"${value}"`;
if (records && records.length > 0) {
//找到记录
const found = records[0];
if (found.records.includes(hwRecordValue)) {
if (found.records.length > 1) {
//修改
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "PUT",
data: {
name: fullRecord + ".",
type: found.type,
records: found.records.filter((item: string) => item !== hwRecordValue)
}
};
const ret = await this.client.request(req); const ret = await this.client.request(req);
this.logger.info('删除域名解析成功:', fullRecord, value, ret.RecordId); this.logger.info("修改域名解析成功[put]:", value, ret);
return ret.RecordId; } else {
//删除
const req: ApiRequestOptions = {
url: `${this.dnsEndpoint}/v2/zones/${zoneId}/recordsets/${found.id}`,
method: "DELETE"
};
const ret = await this.client.request(req);
this.logger.info("删除域名解析成功[delete]:", fullRecord, value, ret.RecordId);
}
}else{
this.logger.info("没有找到records无需删除", fullRecord, value,found);
}
}else{
this.logger.info("删除域名解析失败,没有找到解析记录", fullRecord, value);
}
} }
} }