perf: 多重认证登录

packages/core/basic/src/utils/util.id.ts

@@ -1,4 +1,4 @@
 import { customAlphabet } from "nanoid";
 
 export const randomNumber = customAlphabet("1234567890", 4);
-export const simpleNanoId = customAlphabet("1234567890abcdefghijklmopqrstuvwxyz", 12);
+export const simpleNanoId = customAlphabet("1234567890abcdefghijklmopqrstuvwxyzABCDEFGHIJKLMOPQRSTUVWXYZ", 12);

packages/ui/certd-client/src/views/certd/settings/api.ts

@@ -1,26 +0,0 @@
-// @ts-ignore
-import { request } from "/@/api/service";
-const apiPrefix = "/user/settings";
-export type UserSettings = {
-  defaultNotification?: number;
-  defaultCron?: string;
-};
-
-export async function UserSettingsGet() {
-  const res = await request({
-    url: apiPrefix + "/getDefault",
-    method: "post",
-  });
-  if (!res) {
-    return {};
-  }
-  return res;
-}
-
-export async function UserSettingsSave(setting: any) {
-  return await request({
-    url: apiPrefix + "/saveDefault",
-    method: "post",
-    data: setting,
-  });
-}

packages/ui/certd-client/src/views/certd/settings/index.vue

@@ -1,74 +0,0 @@
-<template>
-  <fs-page class="page-user-settings">
-    <template #header>
-      <div class="title">设置</div>
-    </template>
-    <div class="user-settings-form settings-form">
-      <a-form
-        :model="formState"
-        name="basic"
-        :label-col="{ span: 8 }"
-        :wrapper-col="{ span: 16 }"
-        autocomplete="off"
-        @finish="onFinish"
-        @finish-failed="onFinishFailed"
-      >
-        <a-form-item label="默认定时设置" name="defaultCron">
-          <notification-selector v-model="formState.defaultCron" />
-          <div class="helper">创建流水线时默认使用此定时时间</div>
-        </a-form-item>
-
-        <a-form-item :wrapper-col="{ offset: 8, span: 16 }">
-          <a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
-        </a-form-item>
-      </a-form>
-    </div>
-  </fs-page>
-</template>
-
-<script setup lang="tsx">
-import { reactive, ref } from "vue";
-import * as api from "./api";
-import { UserSettings } from "./api";
-import { notification } from "ant-design-vue";
-import { merge } from "lodash-es";
-import NotificationSelector from "/@/views/certd/notification/notification-selector/index.vue";
-
-defineOptions({
-  name: "UserSettings"
-});
-
-const formState = reactive<Partial<UserSettings>>({});
-
-async function loadUserSettings() {
-  const data: any = await api.UserSettingsGet();
-  merge(formState, data);
-}
-
-const saveLoading = ref(false);
-loadUserSettings();
-const onFinish = async (form: any) => {
-  try {
-    saveLoading.value = true;
-    await api.UserSettingsSave(form);
-    notification.success({
-      message: "保存成功"
-    });
-  } finally {
-    saveLoading.value = false;
-  }
-};
-
-const onFinishFailed = (errorInfo: any) => {
-  // console.log("Failed:", errorInfo);
-};
-</script>
-
-<style lang="less">
-.page-user-settings {
-  .user-settings-form {
-    width: 500px;
-    margin: 20px;
-  }
-}
-</style>

packages/ui/certd-client/src/views/certd/settings/two-factor/api.ts

@@ -0,0 +1,40 @@
+// @ts-ignore
+import { request } from "/@/api/service";
+const apiPrefix = "/user/settings";
+export type UserTwoFactorSetting = {
+  authenticator: {
+    enabled: boolean;
+    verified: boolean;
+  };
+};
+
+export type AuthenticatorSaveReq = {
+  verifyCode?: string;
+};
+
+export async function TwoFactorSettingsGet() {
+  const res = await request({
+    url: apiPrefix + "/twoFactor/get",
+    method: "post",
+  });
+  if (!res) {
+    return {};
+  }
+  return res as UserTwoFactorSetting;
+}
+
+export async function TwoFactorAuthenticatorGet() {
+  const res = await request({
+    url: apiPrefix + "/twoFactor/authenticator/qrcode",
+    method: "post",
+  });
+  return res as string; //base64
+}
+
+export async function TwoFactorAuthenticatorSave(req: AuthenticatorSaveReq) {
+  return await request({
+    url: apiPrefix + "/twoFactor/authenticator/save",
+    method: "post",
+    data: req,
+  });
+}

packages/ui/certd-client/src/views/certd/settings/two-factor/index.vue

@@ -0,0 +1,99 @@
+<template>
+  <fs-page class="page-user-settings page-two-factor">
+    <template #header>
+      <div class="title">多重认证设置</div>
+    </template>
+    <div class="user-settings-form settings-form">
+      <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off">
+        <a-form-item label="Authenticator APP认证" :name="['authenticator', 'enabled']">
+          <div class="flex">
+            <a-switch v-model:checked="formState.authenticator.enabled" />
+
+            <a-button v-if="formState.authenticator.enabled && formState.authenticator.verified" class="ml-1" type="primary" @click="authenticatorForm.open = true">修改</a-button>
+          </div>
+
+          <div class="helper">创建流水线时默认使用此定时时间</div>
+        </a-form-item>
+        <div v-if="authenticatorOpenRef" class="authenticator-config">
+          <h3>1. 安装任意一款 Authenticator APP</h3>
+          <div>比如：Microsoft Authenticator / Google Authenticator / Authy / Synology Secure SignIn 等</div>
+          <h3>2. 扫描二维码添加账号</h3>
+          <div v-if="authenticatorForm.qrcodeSrc" class="qrcode">
+            <img style="width: 400px; height: 400px" :src="authenticatorForm.qrcodeSrc" />
+          </div>
+          <h3>3. 输入验证码</h3>
+          <div>
+            <a-input v-model:value="authenticatorForm.verifyCode" placeholder="请输入验证码" />
+          </div>
+          <div>
+            <loading-button type="primary" html-type="button" :click="doAuthenticatorSave">确认</loading-button>
+            <a-button class="ml-1" @click="authenticatorForm.open = false">取消</a-button>
+          </div>
+        </div>
+      </a-form>
+    </div>
+  </fs-page>
+</template>
+
+<script setup lang="tsx">
+import { computed, reactive, watch } from "vue";
+import * as api from "./api";
+import { UserTwoFactorSetting } from "./api";
+import { notification } from "ant-design-vue";
+import { merge } from "lodash-es";
+
+defineOptions({
+  name: "UserSettingsTwoFactor",
+});
+
+const formState = reactive<Partial<UserTwoFactorSetting>>({});
+
+const authenticatorForm = reactive({
+  qrcodeSrc: "",
+  verifyCode: "",
+  open: false,
+});
+
+const authenticatorOpenRef = computed(() => {
+  return formState.authenticator.enabled && (authenticatorForm.open || !formState.authenticator.verified);
+});
+watch(
+  () => {
+    return authenticatorOpenRef.value;
+  },
+  async open => {
+    if (open) {
+      const data = await api.TwoFactorAuthenticatorGet();
+      //base64 转图片
+      authenticatorForm.qrcodeSrc = `data:image/png;base64,${data}`;
+    } else {
+      authenticatorForm.qrcodeSrc = "";
+      authenticatorForm.verifyCode = "";
+    }
+  }
+);
+
+async function loadUserSettings() {
+  const data: any = await api.TwoFactorSettingsGet();
+  merge(formState, data);
+}
+
+loadUserSettings();
+const doAuthenticatorSave = async (form: any) => {
+  await api.TwoFactorAuthenticatorSave({
+    verifyCode: authenticatorForm.verifyCode,
+  });
+  notification.success({
+    message: "保存成功",
+  });
+};
+</script>
+
+<style lang="less">
+.page-user-settings {
+  .user-settings-form {
+    width: 500px;
+    margin: 20px;
+  }
+}
+</style>

packages/ui/certd-server/package.json

@@ -97,9 +97,11 @@
     "nanoid": "^5.0.7",
     "node-forge": "^1.3.1",
     "nodemailer": "^6.9.16",
+    "otplib": "^12.0.1",
     "pg": "^8.12.0",
     "psl": "^1.9.0",
     "qiniu": "^7.12.0",
+    "qrcode": "^1.5.4",
     "qs": "^6.13.1",
     "querystring": "^0.2.1",
     "reflect-metadata": "^0.2.2",

packages/ui/certd-server/src/controller/user/mine/setting-two-factor-controller.ts

@@ -0,0 +1,61 @@
+import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
+import { BaseController, Constants } from "@certd/lib-server";
+import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
+import { UserTwoFactorSetting } from "../../../modules/mine/service/models.js";
+import { merge } from "lodash-es";
+import { TwoFactorService } from "../../../modules/mine/service/two-factor-service.js";
+
+/**
+ */
+@Provide()
+@Controller("/api/user/settings/twoFactor")
+export class UserTwoFactorSettingController extends BaseController {
+  @Inject()
+  service: UserSettingsService;
+
+  @Inject()
+  twoFactorService: TwoFactorService;
+
+
+
+  @Post("/get", { summary: Constants.per.authOnly })
+  async get() {
+    const userId = this.getUserId();
+    const setting = await this.service.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
+    return this.ok(setting);
+  }
+
+  @Post("/save", { summary: Constants.per.authOnly })
+  async save(@Body(ALL) bean: any) {
+    const userId = this.getUserId();
+    const setting = new UserTwoFactorSetting();
+    merge(setting, bean);
+
+    // 禁用时清除
+    if(!setting.authenticator.enabled){
+        setting.authenticator.secret = null;
+        setting.authenticator.verified = false;
+    }
+
+    await this.service.saveSetting(userId, setting);
+    return this.ok({});
+  }
+
+  @Post("/authenticator/qrcode", { summary: Constants.per.authOnly })
+  async authenticatorQrcode() {
+    const userId = this.getUserId();
+    const qrcode = await this.twoFactorService.getAuthenticatorQrCode(userId);
+    return this.ok(qrcode);
+  }
+
+  @Post("/authenticator/save", { summary: Constants.per.authOnly })
+  async authenticatorSave(@Body(ALL) bean: any) {
+    const userId = this.getUserId();
+    await this.twoFactorService.saveAuthenticator({
+        userId,
+        verifyCode: bean.verifyCode,
+    });
+    return this.ok();
+  }
+
+}

packages/ui/certd-server/src/controller/user/mine/user-settings-controller.ts

@@ -1,8 +1,7 @@
-import { ALL, Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core';
-import { CrudController } from '@certd/lib-server';
-import { Constants } from '@certd/lib-server';
-import { UserSettingsService } from '../../../modules/mine/service/user-settings-service.js';
-import { UserSettingsEntity } from '../../../modules/mine/entity/user-settings.js';
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
+import { Constants, CrudController } from "@certd/lib-server";
+import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
+import { UserSettingsEntity } from "../../../modules/mine/entity/user-settings.js";
 
 /**
  */
@@ -66,4 +65,6 @@ export class UserSettingsController extends CrudController<UserSettingsService>
     const entity = await this.service.getByKey(key, this.getUserId());
     return this.ok(entity);
   }
+
+
 }

packages/ui/certd-server/src/modules/mine/service/models.ts

@@ -0,0 +1,22 @@
+import { BaseSettings } from "@certd/lib-server";
+
+export type TwoFactorAuthenticator = {
+  enabled: boolean;
+  secret?: string;
+  type?: string;
+  verified?:boolean;
+}
+
+export class UserTwoFactorSetting extends BaseSettings {
+  static __title__ = "用户多重认证设置";
+  static __key__ = "user.two.factor";
+
+  authenticator: TwoFactorAuthenticator = {
+    enabled:false,
+    verified:false,
+    type: "totp"
+  };
+
+}
+
+

packages/ui/certd-server/src/modules/mine/service/two-factor-service.ts

@@ -0,0 +1,62 @@
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { UserSettingsService } from "./user-settings-service.js";
+import { UserTwoFactorSetting } from "./models.js";
+import { utils } from "@certd/basic";
+import { UserService } from "../../sys/authority/service/user-service.js";
+
+/**
+ * 授权
+ */
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class TwoFactorService {
+  @Inject()
+  userSettingsService: UserSettingsService;
+  @Inject()
+  userService: UserService;
+
+
+  async getAuthenticatorQrCode(userId: any) {
+    const setting = await this.userSettingsService.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
+
+    const authenticator = setting.authenticator;
+    if (!authenticator.secret) {
+      authenticator.secret = utils.id.simpleNanoId(16);
+      await this.userSettingsService.saveSetting(userId, setting);
+    }
+
+    const user = await this.userService.info(userId);
+    const username = user.username;
+    const secret = authenticator.secret;
+    const qrcodeContent = `otpauth://totp/Certd:${username}?secret=${secret}&issuer=Certd`;
+
+    //生成qrcode base64
+    const qrcode = await import("qrcode");
+    return await qrcode.toDataURL(qrcodeContent);
+
+  }
+
+  async saveAuthenticator(req: { userId: any; verifyCode: any }) {
+    const userId = req.userId;
+    const { authenticator } = await import("otplib");
+    const tfSetting = await this.userSettingsService.getSetting<UserTwoFactorSetting>(userId, UserTwoFactorSetting);
+
+    const setting = tfSetting.authenticator;
+    if (!setting.secret) {
+      throw new Error("secret is required");
+    }
+    const secret = setting.secret;
+    const token = req.verifyCode;
+
+    const isValid = authenticator.verify({ token, secret });
+    if (!isValid) {
+      throw new Error("authenticator 校验错误");
+    }
+
+    //校验成功，保存开启状态
+    setting.enabled = true;
+    setting.verified = true;
+
+    await this.userSettingsService.saveSetting(userId, setting);
+  }
+}

packages/ui/certd-server/src/modules/mine/service/user-settings-service.ts

@@ -1,8 +1,9 @@
-import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
-import { InjectEntityModel } from '@midwayjs/typeorm';
-import { Repository } from 'typeorm';
-import { BaseService } from '@certd/lib-server';
-import { UserSettingsEntity } from '../entity/user-settings.js';
+import { Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { InjectEntityModel } from "@midwayjs/typeorm";
+import { Repository } from "typeorm";
+import { BaseService, BaseSettings } from "@certd/lib-server";
+import { UserSettingsEntity } from "../entity/user-settings.js";
+import { merge } from "lodash-es";
 
 /**
  * 授权
@@ -27,23 +28,29 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
     const setting = JSON.parse(entity.setting);
     return {
       id: entity.id,
-      ...setting,
+      ...setting
     };
   }
 
   async getByKey(key: string, userId: number): Promise<UserSettingsEntity | null> {
+    if(!userId){
+      throw new Error('userId is required');
+    }
     if (!key || !userId) {
       return null;
     }
     return await this.repository.findOne({
       where: {
         key,
-        userId,
-      },
+        userId
+      }
     });
   }
 
   async getSettingByKey(key: string, userId: number): Promise<any | null> {
+    if(!userId){
+      throw new Error('userId is required');
+    }
     const entity = await this.getByKey(key, userId);
     if (!entity) {
       return null;
@@ -55,8 +62,8 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
     const entity = await this.repository.findOne({
       where: {
         key: bean.key,
-        userId: bean.userId,
-      },
+        userId: bean.userId
+      }
     });
     if (entity) {
       entity.setting = bean.setting;
@@ -66,4 +73,39 @@ export class UserSettingsService extends BaseService<UserSettingsEntity> {
       await this.repository.save(bean);
     }
   }
+
+
+  async getSetting<T>( userId: number,type: any): Promise<T> {
+    if(!userId){
+      throw new Error('userId is required');
+    }
+    const key = type.__key__;
+    let newSetting: T = new type();
+    const savedSettings = await this.getSettingByKey(key, userId);
+    newSetting = merge(newSetting, savedSettings);
+    return newSetting;
+  }
+
+  async saveSetting<T extends BaseSettings>(userId:number,bean: T) {
+    if(!userId){
+      throw new Error('userId is required');
+    }
+    const old = await this.getSetting(userId,bean.constructor)
+    bean = merge(old,bean)
+
+    const type: any = bean.constructor;
+    const key = type.__key__;
+    const entity = await this.getByKey(key,userId);
+    const newEntity = new UserSettingsEntity();
+    if (entity) {
+      newEntity.id = entity.id;
+    }else{
+      newEntity.key = key;
+      newEntity.title = type.__title__;
+      newEntity.userId = userId;
+    }
+    entity.setting = JSON.stringify(bean);
+    await this.repository.save(entity);
+  }
+
 }

pnpm-lock.yaml

@@ -46,7 +46,7 @@ importers:
   packages/core/acme-client:
     dependencies:
       '@certd/basic':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../basic
       '@peculiar/x509':
         specifier: ^1.11.0
@@ -204,11 +204,11 @@ importers:
   packages/core/pipeline:
     dependencies:
       '@certd/basic':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../basic
       '@certd/plus-core':
-        specifier: ^1.33.2
-        version: 1.33.2
+        specifier: ^1.33.4
+        version: link:../../pro/plus-core
       dayjs:
         specifier: ^1.11.7
         version: 1.11.13
@@ -412,7 +412,7 @@ importers:
   packages/libs/lib-k8s:
     dependencies:
       '@certd/basic':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/basic
       '@kubernetes/client-node':
         specifier: 0.21.0
@@ -452,17 +452,17 @@ importers:
   packages/libs/lib-server:
     dependencies:
       '@certd/acme-client':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/acme-client
       '@certd/basic':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/basic
       '@certd/pipeline':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/pipeline
       '@certd/plus-core':
-        specifier: ^1.33.2
-        version: 1.33.2
+        specifier: ^1.33.4
+        version: link:../../pro/plus-core
       '@midwayjs/cache':
         specifier: ~3.14.0
         version: 3.14.0
@@ -604,16 +604,16 @@ importers:
   packages/plugins/plugin-cert:
     dependencies:
       '@certd/acme-client':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/acme-client
       '@certd/basic':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/basic
       '@certd/pipeline':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/pipeline
       '@certd/plugin-lib':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../plugin-lib
       '@google-cloud/publicca':
         specifier: ^1.3.0
@@ -680,10 +680,10 @@ importers:
         specifier: ^1.7.10
         version: 1.8.0
       '@certd/basic':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/basic
       '@certd/pipeline':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/pipeline
       '@kubernetes/client-node':
         specifier: 0.21.0
@@ -771,19 +771,19 @@ importers:
   packages/pro/commercial-core:
     dependencies:
       '@certd/basic':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../core/basic
       '@certd/lib-server':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../libs/lib-server
       '@certd/pipeline':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../core/pipeline
       '@certd/plugin-plus':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../plugin-plus
       '@certd/plus-core':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../plus-core
       '@midwayjs/core':
         specifier: ~3.20.3
@@ -868,22 +868,22 @@ importers:
         specifier: ^1.0.2
         version: 1.0.2
       '@certd/basic':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../core/basic
       '@certd/lib-k8s':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../libs/lib-k8s
       '@certd/pipeline':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../core/pipeline
       '@certd/plugin-cert':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../plugins/plugin-cert
       '@certd/plugin-lib':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../plugins/plugin-lib
       '@certd/plus-core':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../plus-core
       ali-oss:
         specifier: ^6.21.0
@@ -980,7 +980,7 @@ importers:
   packages/pro/plus-core:
     dependencies:
       '@certd/basic':
-        specifier: ^1.32.0
+        specifier: ^1.33.4
         version: link:../../core/basic
       dayjs:
         specifier: ^1.11.7
@@ -1270,10 +1270,10 @@ importers:
         version: 0.1.3(zod@3.24.2)
     devDependencies:
       '@certd/lib-iframe':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../libs/lib-iframe
       '@certd/pipeline':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/pipeline
       '@rollup/plugin-commonjs':
         specifier: ^25.0.7
@@ -1453,44 +1453,44 @@ importers:
         specifier: ^3.705.0
         version: 3.758.0(aws-crt@1.25.3)
       '@certd/acme-client':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/acme-client
       '@certd/basic':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/basic
       '@certd/commercial-core':
-        specifier: ^1.33.2
-        version: 1.33.2(better-sqlite3@11.8.1)(encoding@0.1.13)(mysql2@3.14.0)(pg@8.13.3)(reflect-metadata@0.2.2)(ts-node@10.9.2(@types/node@18.19.80)(typescript@5.8.2))
+        specifier: ^1.33.4
+        version: link:../../pro/commercial-core
       '@certd/jdcloud':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../libs/lib-jdcloud
       '@certd/lib-huawei':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../libs/lib-huawei
       '@certd/lib-k8s':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../libs/lib-k8s
       '@certd/lib-server':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../libs/lib-server
       '@certd/midway-flyway-js':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../libs/midway-flyway-js
       '@certd/pipeline':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../core/pipeline
       '@certd/plugin-cert':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../plugins/plugin-cert
       '@certd/plugin-lib':
-        specifier: ^1.33.2
+        specifier: ^1.33.4
         version: link:../../plugins/plugin-lib
       '@certd/plugin-plus':
-        specifier: ^1.33.2
-        version: 1.33.2(encoding@0.1.13)
+        specifier: ^1.33.4
+        version: link:../../pro/plugin-plus
       '@certd/plus-core':
-        specifier: ^1.33.2
-        version: 1.33.2
+        specifier: ^1.33.4
+        version: link:../../pro/plus-core
       '@corsinvest/cv4pve-api-javascript':
         specifier: ^8.3.0
         version: 8.3.0
@@ -1629,6 +1629,9 @@ importers:
       nodemailer:
         specifier: ^6.9.16
         version: 6.10.0
+      otplib:
+        specifier: ^12.0.1
+        version: 12.0.1
       pg:
         specifier: ^8.12.0
         version: 8.13.3
@@ -1638,6 +1641,9 @@ importers:
       qiniu:
         specifier: ^7.12.0
         version: 7.14.0
+      qrcode:
+        specifier: ^1.5.4
+        version: 1.5.4
       qs:
         specifier: ^6.13.1
         version: 6.14.0
@@ -2620,15 +2626,6 @@ packages:
   '@better-scroll/zoom@2.5.1':
     resolution: {integrity: sha512-aGvFY5ooeZWS4RcxQLD+pGLpQHQxpPy0sMZV3yadcd2QK53PK9gS4Dp+BYfRv8lZ4/P2LoNEhr6Wq1DN6+uPlA==}
 
-  '@certd/commercial-core@1.33.2':
-    resolution: {integrity: sha512-LTRvwRAkMEU+knG+/eA8QbyK3EE2Z2eyn4763ILadCY/qHLAWqxg7NUD+fwsuAoByvsr3l5qLPPOF73p5s1iEA==}
-
-  '@certd/plugin-plus@1.33.2':
-    resolution: {integrity: sha512-x8qdJ1qtYfqVNBQ3uWJuFVYUHHnteoaH/3vnYKjgAnEAcosruZAz8h5RwwOjDhR+Vsdda/sSRdjlTCVDLidHZg==}
-
-  '@certd/plus-core@1.33.2':
-    resolution: {integrity: sha512-CsD+/P3Ycne3KzxrZAkFXGpCO9ZQNY4p28WAA2XfKQ6sLIYLuuDBP18V/E7EygfJEZ/c9KJWMkYgx/4wGGvb6w==}
-
   '@colors/colors@1.5.0':
     resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==}
     engines: {node: '>=0.1.90'}
@@ -3787,6 +3784,21 @@ packages:
   '@one-ini/wasm@0.1.1':
     resolution: {integrity: sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw==}
 
+  '@otplib/core@12.0.1':
+    resolution: {integrity: sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA==}
+
+  '@otplib/plugin-crypto@12.0.1':
+    resolution: {integrity: sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g==}
+
+  '@otplib/plugin-thirty-two@12.0.1':
+    resolution: {integrity: sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA==}
+
+  '@otplib/preset-default@12.0.1':
+    resolution: {integrity: sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ==}
+
+  '@otplib/preset-v11@12.0.1':
+    resolution: {integrity: sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg==}
+
   '@panva/asn1.js@1.0.0':
     resolution: {integrity: sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==}
     engines: {node: '>=10.13.0'}
@@ -9899,6 +9911,9 @@ packages:
     engines: {node: '>=0.10.0'}
     hasBin: true
 
+  otplib@12.0.1:
+    resolution: {integrity: sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg==}
+
   output-file-sync@1.1.2:
     resolution: {integrity: sha512-uQLlclru4xpCi+tfs80l3QF24KL81X57ELNMy7W/dox+JTtxUf1bLyQ8968fFCmSqqbokjW0kn+WBIlO+rSkNg==}
 
@@ -11985,6 +12000,10 @@ packages:
   thenify@3.3.1:
     resolution: {integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==}
 
+  thirty-two@1.0.2:
+    resolution: {integrity: sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==}
+    engines: {node: '>=0.2.6'}
+
   throttle-debounce@5.0.2:
     resolution: {integrity: sha512-B71/4oyj61iNH0KeCamLuE2rmKuTO5byTOSVwECM5FA7TiAiAW+UqTKZ9ERueC4qvgSttUhdmq1mXC3kJqGX7A==}
     engines: {node: '>=12.22'}
@@ -14803,75 +14822,6 @@ snapshots:
     dependencies:
       '@better-scroll/core': 2.5.1
 
-  '@certd/commercial-core@1.33.2(better-sqlite3@11.8.1)(encoding@0.1.13)(mysql2@3.14.0)(pg@8.13.3)(reflect-metadata@0.2.2)(ts-node@10.9.2(@types/node@18.19.80)(typescript@5.8.2))':
-    dependencies:
-      '@certd/basic': link:packages/core/basic
-      '@certd/lib-server': link:packages/libs/lib-server
-      '@certd/pipeline': link:packages/core/pipeline
-      '@certd/plugin-plus': 1.33.2(encoding@0.1.13)
-      '@certd/plus-core': 1.33.2
-      '@midwayjs/core': 3.20.3
-      '@midwayjs/koa': 3.20.3
-      '@midwayjs/logger': 3.4.2
-      '@midwayjs/typeorm': 3.20.3
-      alipay-sdk: 4.13.0
-      dayjs: 1.11.13
-      typeorm: 0.3.21(better-sqlite3@11.8.1)(mysql2@3.14.0)(pg@8.13.3)(reflect-metadata@0.2.2)(ts-node@10.9.2(@types/node@18.19.80)(typescript@5.8.2))
-      wechatpay-node-v3: 2.2.1
-    transitivePeerDependencies:
-      - '@google-cloud/spanner'
-      - '@sap/hana-client'
-      - better-sqlite3
-      - encoding
-      - hdb-pool
-      - ioredis
-      - mongodb
-      - mssql
-      - mysql2
-      - oracledb
-      - pg
-      - pg-native
-      - pg-query-stream
-      - proxy-agent
-      - redis
-      - reflect-metadata
-      - sql.js
-      - sqlite3
-      - supports-color
-      - ts-node
-      - typeorm-aurora-data-api-driver
-
-  '@certd/plugin-plus@1.33.2(encoding@0.1.13)':
-    dependencies:
-      '@alicloud/pop-core': 1.8.0
-      '@baiducloud/sdk': 1.0.2
-      '@certd/basic': link:packages/core/basic
-      '@certd/lib-k8s': link:packages/libs/lib-k8s
-      '@certd/pipeline': link:packages/core/pipeline
-      '@certd/plugin-cert': link:packages/plugins/plugin-cert
-      '@certd/plugin-lib': link:packages/plugins/plugin-lib
-      '@certd/plus-core': 1.33.2
-      ali-oss: 6.22.0
-      baidu-aip-sdk: 4.16.16
-      basic-ftp: 5.0.5
-      cos-nodejs-sdk-v5: 2.14.6
-      crypto-js: 4.2.0
-      dayjs: 1.11.13
-      form-data: 4.0.2
-      https-proxy-agent: 7.0.6
-      jsencrypt: 3.3.2
-      qiniu: 7.14.0
-      tencentcloud-sdk-nodejs: 4.0.1045(encoding@0.1.13)
-    transitivePeerDependencies:
-      - encoding
-      - proxy-agent
-      - supports-color
-
-  '@certd/plus-core@1.33.2':
-    dependencies:
-      '@certd/basic': link:packages/core/basic
-      dayjs: 1.11.13
-
   '@colors/colors@1.5.0':
     optional: true
 
@@ -16306,6 +16256,29 @@ snapshots:
 
   '@one-ini/wasm@0.1.1': {}
 
+  '@otplib/core@12.0.1': {}
+
+  '@otplib/plugin-crypto@12.0.1':
+    dependencies:
+      '@otplib/core': 12.0.1
+
+  '@otplib/plugin-thirty-two@12.0.1':
+    dependencies:
+      '@otplib/core': 12.0.1
+      thirty-two: 1.0.2
+
+  '@otplib/preset-default@12.0.1':
+    dependencies:
+      '@otplib/core': 12.0.1
+      '@otplib/plugin-crypto': 12.0.1
+      '@otplib/plugin-thirty-two': 12.0.1
+
+  '@otplib/preset-v11@12.0.1':
+    dependencies:
+      '@otplib/core': 12.0.1
+      '@otplib/plugin-crypto': 12.0.1
+      '@otplib/plugin-thirty-two': 12.0.1
+
   '@panva/asn1.js@1.0.0': {}
 
   '@peculiar/asn1-cms@2.3.15':
@@ -20700,13 +20673,13 @@ snapshots:
       resolve: 1.22.10
       semver: 6.3.1
 
-  eslint-plugin-prettier@3.4.1(eslint-config-prettier@8.10.0(eslint@8.57.0))(eslint@7.32.0)(prettier@2.8.8):
+  eslint-plugin-prettier@3.4.1(eslint-config-prettier@8.10.0(eslint@7.32.0))(eslint@7.32.0)(prettier@2.8.8):
     dependencies:
       eslint: 7.32.0
       prettier: 2.8.8
       prettier-linter-helpers: 1.0.0
     optionalDependencies:
-      eslint-config-prettier: 8.10.0(eslint@8.57.0)
+      eslint-config-prettier: 8.10.0(eslint@7.32.0)
 
   eslint-plugin-prettier@4.2.1(eslint-config-prettier@8.10.0(eslint@8.57.0))(eslint@8.57.0)(prettier@2.8.8):
     dependencies:
@@ -23420,7 +23393,7 @@ snapshots:
       eslint: 7.32.0
       eslint-config-prettier: 8.10.0(eslint@7.32.0)
       eslint-plugin-node: 11.1.0(eslint@7.32.0)
-      eslint-plugin-prettier: 3.4.1(eslint-config-prettier@8.10.0(eslint@8.57.0))(eslint@7.32.0)(prettier@2.8.8)
+      eslint-plugin-prettier: 3.4.1(eslint-config-prettier@8.10.0(eslint@7.32.0))(eslint@7.32.0)(prettier@2.8.8)
       execa: 5.1.1
       inquirer: 7.3.3
       json5: 2.2.3
@@ -23853,6 +23826,12 @@ snapshots:
     dependencies:
       minimist: 1.2.8
 
+  otplib@12.0.1:
+    dependencies:
+      '@otplib/core': 12.0.1
+      '@otplib/preset-default': 12.0.1
+      '@otplib/preset-v11': 12.0.1
+
   output-file-sync@1.1.2:
     dependencies:
       graceful-fs: 4.2.11
@@ -26255,6 +26234,8 @@ snapshots:
     dependencies:
       any-promise: 1.3.0
 
+  thirty-two@1.0.2: {}
+
   throttle-debounce@5.0.2: {}
 
   through2@2.0.5: