github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

perf: 部署到IIS插件

pull/265/head
xiaojunnuo 2024-11-30 17:36:47 +08:00
parent aedc462135
commit 1534f45236
10 changed files with 121 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/guide/install/1panel/index.md
View File

@ -48,4 +48,4 @@ admin/123456
## 五、备份恢复
将备份的`db.sqlite`覆盖到原来的位置重启certd即可
将备份的`db.sqlite`及同目录下的其他文件一起覆盖到原来的位置重启certd即可

2
docs/guide/install/baota/index.md
View File

@ -81,4 +81,4 @@ services:
## 五、备份恢复
将备份的`db.sqlite`覆盖到原来的位置重启certd即可
将备份的`db.sqlite`及同目录下的其他文件一起覆盖到原来的位置重启certd即可

2
docs/guide/install/docker/index.md
View File

@ -71,4 +71,4 @@ docker compose up -d
## 四、备份恢复
将备份的`db.sqlite`覆盖到原来的位置重启certd即可
将备份的`db.sqlite`及同目录下的其他文件一起覆盖到原来的位置重启certd即可

7
docs/guide/install/source/index.md
View File

@ -1,6 +1,9 @@
# 源码部署
不推荐
## 一、源码安装
### 环境要求
- nodejs 20 及以上
### 源码启动
```shell
# 克隆代码
@ -42,4 +45,4 @@ kill -9 $(lsof -t -i:7001)
## 四、备份恢复
将备份的`db.sqlite`覆盖到原来的位置重启certd即可
将备份的`db.sqlite`及同目录下的其他文件覆盖到原来的位置重启certd即可

12
docs/guide/use/host/windows.md
View File

@ -25,3 +25,15 @@ win+R 弹出运行对话框,输入 services.msc 打开服务管理器
C:\Users\xxxxx>
↑↑↑↑---------这个就是windows ssh的登录用户名
```
### 4. 切换默认shell终端
安装openssh后默认终端是cmd建议切换成powershell
```shell
# powershell中执行如下命令切换
# 设置默认shell为powershell 【推荐】
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
# 恢复默认shell为cmd 【不推荐】
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\cmd.exe" -PropertyType String -Force
```

33
packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
View File

@ -4,7 +4,6 @@ import type { CertInfo } from "./acme.js";
import { CertReader } from "./cert-reader.js";
import JSZip from "jszip";
import { CertConverter } from "./convert.js";
import fs from "fs";
import { pick } from "lodash-es";
export { CertReader };
@ -59,6 +58,19 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
})
pfxPassword!: string;
@TaskInput({
title: "PFX证书转换参数",
value: "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES",
component: {
name: "a-input",
vModel: "value",
},
required: false,
order: 100,
helper: "兼容Server 2016如果导入证书失败请删除此参数",
})
pfxArgs = "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES";
@TaskInput({
title: "更新天数",
value: 35,
@ -143,23 +155,18 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
const res = await converter.convert({
cert,
pfxPassword: this.pfxPassword,
pfxArgs: this.pfxArgs,
});
if (cert.pfx == null && res.pfxPath) {
const pfxBuffer = fs.readFileSync(res.pfxPath);
cert.pfx = pfxBuffer.toString("base64");
fs.unlinkSync(res.pfxPath);
if (cert.pfx == null && res.pfx) {
cert.pfx = res.pfx;
}
if (cert.der == null && res.derPath) {
const derBuffer = fs.readFileSync(res.derPath);
cert.der = derBuffer.toString("base64");
fs.unlinkSync(res.derPath);
if (cert.der == null && res.der) {
cert.der = res.der;
}
if (cert.jks == null && res.jksPath) {
const jksBuffer = fs.readFileSync(res.jksPath);
cert.jks = jksBuffer.toString("base64");
fs.unlinkSync(res.jksPath);
if (cert.jks == null && res.jks) {
cert.jks = res.jks;
}
this.logger.info("转换证书格式成功");

57
packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts
View File

@ -14,31 +14,31 @@ export class CertConverter {
constructor(opts: { logger: ILogger }) {
this.logger = opts.logger;
}
async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
pfxPath: string;
derPath: string;
jksPath: string;
async convert(opts: { cert: CertInfo; pfxPassword: string; pfxArgs: string }): Promise<{
pfx: string;
der: string;
jks: string;
}> {
const certReader = new CertReader(opts.cert);
let pfxPath: string;
let derPath: string;
let jksPath: string;
let pfx: string;
let der: string;
let jks: string;
const handle = async (ctx: CertReaderHandleContext) => {
// 调用openssl 转pfx
pfxPath = await this.convertPfx(ctx, opts.pfxPassword);
pfx = await this.convertPfx(ctx, opts.pfxPassword, opts.pfxArgs);
// 转der
derPath = await this.convertDer(ctx);
der = await this.convertDer(ctx);
jksPath = await this.convertJks(ctx, opts.pfxPassword);
jks = await this.convertJks(ctx, opts.pfxPassword);
};
await certReader.readCertFile({ logger: this.logger, handle });
return {
pfxPath,
derPath,
jksPath,
pfx,
der,
jks,
};
}
@ -50,7 +50,7 @@ export class CertConverter {
});
}
private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string) {
private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string, pfxArgs: string) {
const { tmpCrtPath, tmpKeyPath } = opts;
const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "_cert.pfx");
@ -65,12 +65,14 @@ export class CertConverter {
passwordArg = `-password pass:${pfxPassword}`;
}
// 兼容server 2016旧版本不能用sha256
const oldPfxCmd = `openssl pkcs12 -macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
const oldPfxCmd = `openssl pkcs12 ${pfxArgs} -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
// const newPfx = `openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
await this.exec(oldPfxCmd);
return pfxPath;
// const fileBuffer = fs.readFileSync(pfxPath);
// this.pfxCert = fileBuffer.toString("base64");
const fileBuffer = fs.readFileSync(pfxPath);
const pfxCert = fileBuffer.toString("base64");
fs.unlinkSync(pfxPath);
return pfxCert;
//
// const applyTime = new Date().getTime();
// const filename = reader.buildCertFileName("pfx", applyTime);
@ -87,15 +89,10 @@ export class CertConverter {
}
await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
return derPath;
// const fileBuffer = fs.readFileSync(derPath);
// this.derCert = fileBuffer.toString("base64");
//
// const applyTime = new Date().getTime();
// const filename = reader.buildCertFileName("der", applyTime);
// this.saveFile(filename, fileBuffer);
const fileBuffer = fs.readFileSync(derPath);
const derCert = fileBuffer.toString("base64");
fs.unlinkSync(derPath);
return derCert;
}
async convertJks(opts: CertReaderHandleContext, pfxPassword = "") {
@ -120,7 +117,11 @@ export class CertConverter {
`keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `
);
fs.unlinkSync(p12Path);
return jksPath;
const fileBuffer = fs.readFileSync(jksPath);
const certBase64 = fileBuffer.toString("base64");
fs.unlinkSync(jksPath);
return certBase64;
} catch (e) {
this.logger.error("转换jks失败", e);
return;

42
packages/plugins/plugin-lib/src/ssh/ssh.ts
View File

@ -25,7 +25,7 @@ export class AsyncSsh2Client {
if (this.encoding) {
return iconv.decode(buffer, this.encoding);
}
return buffer.toString();
return buffer.toString().replaceAll("\r\n", "\n");
}
async connect() {
@ -95,7 +95,12 @@ export class AsyncSsh2Client {
});
}
async exec(script: string) {
async exec(
script: string,
opts: {
throwOnStdErr?: boolean;
} = {}
): Promise<string> {
if (!script) {
this.logger.info("script 为空,取消执行");
return;
@ -114,9 +119,17 @@ export class AsyncSsh2Client {
return;
}
let data = "";
let hasErrorLog = false;
stream
.on("close", (code: any, signal: any) => {
this.logger.info(`[${this.connConf.host}][close]:code:${code}`);
if (opts.throwOnStdErr == null && this.windows) {
opts.throwOnStdErr = true;
}
if (opts.throwOnStdErr && hasErrorLog) {
reject(new Error(data));
}
if (code === 0) {
resolve(data);
} else {
@ -135,13 +148,14 @@ export class AsyncSsh2Client {
.stderr.on("data", (ret: Buffer) => {
const err = this.convert(iconv, ret);
data += err;
this.logger.info(`[${this.connConf.host}][error]: ` + err.trimEnd());
hasErrorLog = true;
this.logger.error(`[${this.connConf.host}][error]: ` + err.trimEnd());
});
});
});
}
async shell(script: string | string[]): Promise<string[]> {
async shell(script: string | string[]): Promise<string> {
return new Promise<any>((resolve, reject) => {
this.logger.info(`执行shell脚本[${this.connConf.host}][shell]: ` + script);
this.conn.shell((err: Error, stream: any) => {
@ -149,11 +163,11 @@ export class AsyncSsh2Client {
reject(err);
return;
}
const output: string[] = [];
let output = "";
function ansiHandle(data: string) {
data = data.replace(/\[[0-9]+;1H/g, "\n");
data = data.replace(/\[[0-9]+;1H/g, "");
data = stripAnsi(data);
return data;
return data.replaceAll("\r\n", "\n");
}
stream
.on("close", (code: any) => {
@ -163,7 +177,7 @@ export class AsyncSsh2Client {
.on("data", (ret: Buffer) => {
const data = ansiHandle(ret.toString());
this.logger.info(data);
output.push(data);
output += data;
})
.on("error", (err: any) => {
reject(err);
@ -171,8 +185,8 @@ export class AsyncSsh2Client {
})
.stderr.on("data", (ret: Buffer) => {
const data = ansiHandle(ret.toString());
output.push(data);
this.logger.info(`[${this.connConf.host}][error]: ` + data);
output += data;
this.logger.error(`[${this.connConf.host}][error]: ` + data);
});
//保证windows下正常退出
const exit = "\r\nexit\r\n";
@ -269,7 +283,7 @@ export class SshClient {
async getIsCmd(options: { connectConf: SshAccess }) {
const { connectConf } = options;
return await this._call({
return await this._call<boolean>({
connectConf,
callable: async (conn: AsyncSsh2Client) => {
return await this.isCmd(conn);
@ -285,7 +299,7 @@ export class SshClient {
* Set-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\cmd.exe"
* @param options
*/
async exec(options: { connectConf: SshAccess; script: string | Array<string>; env?: any }): Promise<string[]> {
async exec(options: { connectConf: SshAccess; script: string | Array<string>; env?: any }): Promise<string> {
let { script } = options;
const { connectConf } = options;
@ -337,7 +351,7 @@ export class SshClient {
});
}
async shell(options: { connectConf: SshAccess; script: string | Array<string> }): Promise<string[]> {
async shell(options: { connectConf: SshAccess; script: string | Array<string> }): Promise<string> {
let { script } = options;
const { connectConf } = options;
if (_.isArray(script)) {
@ -361,7 +375,7 @@ export class SshClient {
});
}
async _call(options: { connectConf: SshAccess; callable: any }): Promise<string[]> {
async _call<T = any>(options: { connectConf: SshAccess; callable: (conn: AsyncSsh2Client) => Promise<T> }): Promise<T> {
const { connectConf, callable } = options;
const conn = new AsyncSsh2Client(connectConf, this.logger);
try {

9
packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/task-view/index.vue
View File

@ -8,7 +8,7 @@
<pi-status-show :status="item.node.status?.result" type="icon"></pi-status-show>
</div>
</template>
<div class="pi-task-view-logs" :class="item.node.id" style="overflow: auto">
<div class="pi-task-view-logs" :class="'id-' + item.node.id" style="overflow: auto">
<template v-for="(logItem, index) of item.logs" :key="index">
<span :class="logItem.color"> {{ logItem.time }}</span> <span>{{ logItem.content }}</span>
</template>
@ -84,11 +84,14 @@ export default {
return node.logs.value.length;
},
async () => {
let el = document.querySelector(`.pi-task-view-logs.${node.node.id}`);
let el = document.querySelector(`.pi-task-view-logs.id-${node.node.id}`);
if (!el) {
return;
}
//
const isBottom = el ? el.scrollHeight - el.scrollTop === el.clientHeight : true;
await nextTick();
el = document.querySelector(`.pi-task-view-logs.${node.node.id}`);
el = document.querySelector(`.pi-task-view-logs.id-${node.node.id}`);
//
if (isBottom && el) {
el?.scrollTo({

19
packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-db-backup.ts
View File

@ -79,6 +79,18 @@ export class DBBackupPlugin extends AbstractPlusTaskPlugin {
})
filePrefix: string = defaultFilePrefix;
@TaskInput({
title: '附加上传文件',
value: true,
component: {
name: 'a-switch',
vModel: 'checked',
placeholder: `是否备份上传的头像等文件`,
},
required: false,
})
withUpload = true;
@TaskInput({
title: '删除过期备份',
component: {
@ -101,7 +113,6 @@ export class DBBackupPlugin extends AbstractPlusTaskPlugin {
this.logger.error('数据库文件不存在:', dbPath);
return;
}
const dbTmpFilename = `${this.filePrefix}.${dayjs().format('YYYYMMDD.HHmmss')}.sqlite`;
const dbZipFilename = `${dbTmpFilename}.zip`;
const tempDir = path.resolve(os.tmpdir(), 'certd_backup');
@ -118,6 +129,12 @@ export class DBBackupPlugin extends AbstractPlusTaskPlugin {
const stream = fs.createReadStream(dbTmpPath);
// 使用流的方式添加文件内容
zip.file(dbTmpFilename, stream, { binary: true, compression: 'DEFLATE' });
const uploadDir = path.resolve('data', 'upload');
if (this.withUpload && fs.existsSync(uploadDir)) {
zip.folder(uploadDir);
}
const content = await zip.generateAsync({ type: 'nodebuffer' });
await fs.promises.writeFile(dbZipPath, content);