fix: 安全更新，备份数据库插件仅限管理员运行

packages/core/pipeline/src/plugin/api.ts

@@ -59,6 +59,7 @@ export type PluginDefine = Registrable & {
       form: any;
     };
   };
+  onlyAdmin?: boolean;
   needPlus?: boolean;
   showRunStrategy?: boolean;
   pluginType?: string; //类型
@@ -162,6 +163,14 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
       this.registerSecret(cert.key);
       this.registerSecret(cert.one);
     }
+
+    debugger
+    // @ts-ignore
+    if (this.ctx.step.onlyAdmin) {
+      if (!this.isAdmin()) {
+        throw new Error("只有管理员才能运行此任务");
+      }
+    }
   }
 
   async getAccess<T = any>(accessId: string | number, isCommon = false) {

packages/core/pipeline/src/plugin/group.ts

@@ -30,4 +30,5 @@ export const pluginGroups = {
   qiniu: new PluginGroup("qiniu", "七牛云", 5, "svg:icon-qiniuyun"),
   aws: new PluginGroup("aws", "亚马逊云", 6, "svg:icon-aws"),
   other: new PluginGroup("other", "其他", 10, "clarity:plugin-line"),
+  admin: new PluginGroup("admin", "管理", 11, "ion:settings-outline"),
 };

packages/ui/certd-server/src/plugins/index.ts

@@ -30,3 +30,4 @@ export * from './plugin-github/index.js'
 export * from './plugin-namesilo/index.js'
 export * from './plugin-proxmox/index.js'
 export * from './plugin-wangsu/index.js'
+export * from './plugin-admin/index.js'

packages/ui/certd-server/src/plugins/plugin-admin/index.ts

@@ -0,0 +1,3 @@
+export * from './plugin-restart.js';
+export * from './plugin-script.js';
+export * from './plugin-db-backup.js';

packages/ui/certd-server/src/plugins/plugin-admin/plugin-db-backup.ts

@@ -14,14 +14,15 @@ const defaultFilePrefix = 'db_backup';
   name: 'DBBackupPlugin',
   title: '数据库备份',
   icon: 'lucide:database-backup',
-  desc: '仅支持备份SQLite数据库',
+  desc: '【仅管理员可用】仅支持备份SQLite数据库',
-  group: pluginGroups.other.key,
+  group: pluginGroups.admin.key,
   showRunStrategy: true,
   default: {
     strategy: {
       runStrategy: RunStrategy.AlwaysRun,
     },
   },
+  onlyAdmin:true,
   needPlus: true,
 })
 export class DBBackupPlugin extends AbstractPlusTaskPlugin {
@@ -157,6 +158,11 @@ export class DBBackupPlugin extends AbstractPlusTaskPlugin {
   }
 
   async execute(): Promise<void> {
+
+    if (!this.isAdmin()) {
+      throw new Error('只有管理员才能运行此任务');
+    }
+
     this.logger.info('开始备份数据库');
 
     let dbPath = process.env.certd_typeorm_dataSource_default_database;

packages/ui/certd-server/src/plugins/plugin-admin/plugin-restart.ts

@@ -1,5 +1,5 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy } from '@certd/pipeline';
-import { httpsServer } from '../../../modules/auto/https/server.js';
+import { httpsServer } from '../../modules/auto/https/server.js';
 
 @IsTaskPlugin({
   name: 'RestartCertd',
@@ -7,6 +7,7 @@ import { httpsServer } from '../../../modules/auto/https/server.js';
   icon: 'mdi:restart',
   desc: '【仅管理员可用】 重启 certd的https服务，用于更新 Certd 的 ssl 证书',
   group: pluginGroups.other.key,
+  onlyAdmin:true,
   default: {
     strategy: {
       runStrategy: RunStrategy.SkipWhenSucceed,

packages/ui/certd-server/src/plugins/plugin-admin/plugin-script.ts

@@ -13,6 +13,7 @@ export type CustomScriptContext = {
   desc: '【仅管理员】运行自定义js脚本执行',
   group: pluginGroups.other.key,
   showRunStrategy: true,
+  onlyAdmin: true,
   default: {
     strategy: {
       runStrategy: RunStrategy.SkipWhenSucceed,

packages/ui/certd-server/src/plugins/plugin-other/plugins/index.ts

@@ -1,5 +1,2 @@
-export * from './plugin-restart.js';
-export * from './plugin-script.js';
 export * from './plugin-wait.js';
-export * from './plugin-db-backup.js';
 export * from './plugin-deploy-to-mail.js';