github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

perf: 支持http校验方式申请证书

v2
xiaojunnuo 2025-01-02 00:28:13 +08:00
parent 67af67b92d
commit 405591c5d0
42 changed files with 820 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
packages/core/pipeline/src/service/cname.ts
View File

@ -18,6 +18,7 @@ export type CnameRecord = {
status: string;
commonDnsProvider?: any;
};
export type ICnameProxyService = {
getByDomain: (domain: string) => Promise<CnameRecord>;
};

1
packages/plugins/plugin-cert/package.json
View File

@ -18,6 +18,7 @@
"@certd/acme-client": "^1.29.2",
"@certd/basic": "^1.29.2",
"@certd/pipeline": "^1.29.2",
"@certd/plugin-lib": "^1.29.2",
"@google-cloud/publicca": "^1.3.0",
"dayjs": "^1.11.7",
"jszip": "^3.10.1",

68
packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
View File

@ -6,6 +6,7 @@ import { Challenge } from "@certd/acme-client/types/rfc8555";
import { IContext } from "@certd/pipeline";
import { ILogger, utils } from "@certd/basic";
import { IDnsProvider, parseDomain } from "../../dns-provider/index.js";
import { HttpChallengeUploader } from "./uploads/api.js";
export type CnameVerifyPlan = {
domain: string;
@ -15,7 +16,7 @@ export type CnameVerifyPlan = {
export type DomainVerifyPlan = {
domain: string;
type: "cname" | "dns";
type: "cname" | "dns" | "http";
dnsProvider?: IDnsProvider;
cnameVerifyPlan?: Record<string, CnameVerifyPlan>;
};
@ -23,6 +24,12 @@ export type DomainsVerifyPlan = {
[key: string]: DomainVerifyPlan;
};
export type Providers = {
dnsProvider?: IDnsProvider;
domainsVerifyPlan?: DomainsVerifyPlan;
httpUploader?: HttpChallengeUploader;
};
export type CertInfo = {
crt: string; //fullchain证书
key: string; //私钥
@ -155,20 +162,17 @@ export class AcmeService {
return key.toString();
}
async challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, dnsProvider: IDnsProvider, domainsVerifyPlan: DomainsVerifyPlan) {
async challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, providers: Providers) {
this.logger.info("Triggered challengeCreateFn()");
/* http-01 */
const fullDomain = authz.identifier.value;
if (challenge.type === "http-01") {
const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
const filePath = `.well-known/acme-challenge/${challenge.token}`;
const fileContents = keyAuthorization;
this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);
/* Replace this */
this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
// await fs.writeFileAsync(filePath, fileContents);
this.logger.info(`校验 ${fullDomain} ,准备上传文件:${filePath}`);
await providers.httpUploader.upload(filePath, fileContents);
this.logger.info(`上传文件【${filePath}】成功`);
} else if (challenge.type === "dns-01") {
/* dns-01 */
let fullRecord = `_acme-challenge.${fullDomain}`;
@ -181,9 +185,10 @@ export class AcmeService {
let domain = parseDomain(fullDomain);
this.logger.info("解析到域名domain=" + domain);
if (domainsVerifyPlan) {
let dnsProvider = providers.dnsProvider;
if (providers.domainsVerifyPlan) {
//按照计划执行
const domainVerifyPlan = domainsVerifyPlan[domain];
const domainVerifyPlan = providers.domainsVerifyPlan[domain];
if (domainVerifyPlan) {
if (domainVerifyPlan.type === "dns") {
dnsProvider = domainVerifyPlan.dnsProvider;
@ -239,22 +244,28 @@ export class AcmeService {
* @param recordReq
* @param recordRes
* @param dnsProvider dnsProvider
* @param httpUploader
* @returns {Promise}
*/
async challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordReq: any, recordRes: any, dnsProvider: IDnsProvider) {
this.logger.info("Triggered challengeRemoveFn()");
async challengeRemoveFn(
authz: any,
challenge: any,
keyAuthorization: string,
recordReq: any,
recordRes: any,
dnsProvider?: IDnsProvider,
httpUploader?: HttpChallengeUploader
) {
this.logger.info("执行清理");
/* http-01 */
const fullDomain = authz.identifier.value;
if (challenge.type === "http-01") {
const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);
/* Replace this */
this.logger.info(`Would remove file on path "${filePath}"`);
// await fs.unlinkAsync(filePath);
const filePath = `.well-known/acme-challenge/${challenge.token}`;
this.logger.info(`Removing challenge response for ${fullDomain} at file: ${filePath}`);
await httpUploader.remove(filePath);
this.logger.info(`删除文件【${filePath}】成功`);
} else if (challenge.type === "dns-01") {
this.logger.info(`删除 TXT 解析记录:${JSON.stringify(recordReq)} ,recordRes = ${JSON.stringify(recordRes)}`);
try {
@ -275,11 +286,12 @@ export class AcmeService {
domains: string | string[];
dnsProvider?: any;
domainsVerifyPlan?: DomainsVerifyPlan;
httpUploader?: any;
csrInfo: any;
isTest?: boolean;
privateKeyType?: string;
}): Promise<CertInfo> {
const { email, isTest, domains, csrInfo, dnsProvider, domainsVerifyPlan } = options;
const { email, isTest, domains, csrInfo, dnsProvider, domainsVerifyPlan, httpUploader } = options;
const client: acme.Client = await this.getAcmeClient(email, isTest);
/* Create CSR */
@ -319,9 +331,15 @@ export class AcmeService {
privateKey
);
if (dnsProvider == null && domainsVerifyPlan == null) {
throw new Error("dnsProvider 、 domainsVerifyPlan 不能都为空");
if (dnsProvider == null && domainsVerifyPlan == null && httpUploader == null) {
throw new Error("dnsProvider 、 domainsVerifyPlan 、 httpUploader不能都为空");
}
const providers: Providers = {
dnsProvider,
domainsVerifyPlan,
httpUploader,
};
/* 自动申请证书 */
const crt = await client.auto({
csr,
@ -334,7 +352,7 @@ export class AcmeService {
challenge: Challenge,
keyAuthorization: string
): Promise<{ recordReq: any; recordRes: any; dnsProvider: any }> => {
return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider, domainsVerifyPlan);
return await this.challengeCreateFn(authz, challenge, keyAuthorization, providers);
},
challengeRemoveFn: async (
authz: acme.Authorization,
@ -344,7 +362,7 @@ export class AcmeService {
recordRes: any,
dnsProvider: IDnsProvider
): Promise<any> => {
return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider, httpUploader);
},
signal: this.options.signal,
});

3
packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts
View File

@ -147,10 +147,11 @@ export class CertReader {
tmpOnePath,
});
} catch (err) {
logger.error("处理失败", err);
throw err;
} finally {
//删除临时文件
logger.info("删除临时文件");
logger.info("清理临时文件");
function removeFile(filepath?: string) {
if (filepath) {
fs.unlinkSync(filepath);

87
packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
View File

@ -1,4 +1,4 @@
import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CancelError, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { utils } from "@certd/basic";
import type { CertInfo, CnameVerifyPlan, DomainsVerifyPlan, PrivateKeyType, SSLProvider } from "./acme.js";
@ -9,7 +9,8 @@ import { CertReader } from "./cert-reader.js";
import { CertApplyBasePlugin } from "./base.js";
import { GoogleClient } from "../../libs/google.js";
import { EabAccess } from "../../access";
import { CancelError } from "@certd/pipeline";
import { HttpChallengeUploader } from "./uploads/api";
import { httpChallengeUploaderFactory } from "./uploads/factory.js";
export type { CertInfo };
export * from "./cert-reader.js";
@ -17,12 +18,20 @@ export type CnameRecordInput = {
id: number;
status: string;
};
export type HttpRecordInput = {
domain: string;
httpUploaderType: string;
httpUploaderAccess: number;
httpUploadRootDir: string;
};
export type DomainVerifyPlanInput = {
domain: string;
type: "cname" | "dns";
type: "cname" | "dns" | "http";
dnsProviderType?: string;
dnsProviderAccessId?: number;
cnameVerifyPlan?: Record<string, CnameRecordInput>;
httpVerifyPlan?: Record<string, HttpRecordInput>;
};
export type DomainsVerifyPlanInput = {
[key: string]: DomainVerifyPlanInput;
@ -54,6 +63,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
options: [
{ value: "dns", label: "DNS直接验证" },
{ value: "cname", label: "CNAME代理验证" },
{ value: "http", label: "HTTP文件验证" },
],
},
required: true,
@ -117,6 +127,67 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
})
dnsProviderAccess!: number;
@TaskInput({
title: "文件上传方式",
component: {
name: "a-select",
vModel: "value",
options: [
{ value: "ftp", label: "FTP" },
{ value: "sftp", label: "SFTP" },
{ value: "alioss", label: "阿里云OSS" },
{ value: "tencentcos", label: "腾讯云COS" },
{ value: "qiniuoss", label: "七牛OSS" },
],
},
mergeScript: `
return {
show: ctx.compute(({form})=>{
return form.challengeType === 'http'
})
}
`,
required: true,
helper: "您的域名注册商或者域名的dns服务器属于哪个平台\n如果这里没有请选择CNAME代理验证校验方式",
})
httpUploadType!: string;
@TaskInput({
title: "文件上传授权",
component: {
name: "access-selector",
},
required: true,
helper: "请选择文件上传授权",
mergeScript: `return {
component:{
type: ctx.compute(({form})=>{
return form.httpUploadType
})
},
show: ctx.compute(({form})=>{
return form.challengeType === 'http'
})
}
`,
})
httpUploadAccess!: number;
@TaskInput({
title: "网站根路径",
component: {
name: "a-input",
},
required: true,
helper: "请选择网站根路径,校验文件将上传到此目录下",
mergeScript: `return {
show: ctx.compute(({form})=>{
return form.challengeType === 'http'
})
}
`,
})
httpUploadRootDir!: string;
@TaskInput({
title: "域名验证配置",
component: {
@ -320,10 +391,17 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
);
this.logger.info("开始申请证书,", email, domains);
let dnsProvider: any = null;
let dnsProvider: IDnsProvider = null;
let domainsVerifyPlan: DomainsVerifyPlan = null;
let httpUploader: HttpChallengeUploader = null;
if (this.challengeType === "cname") {
domainsVerifyPlan = await this.createDomainsVerifyPlan();
} else if (this.challengeType === "http") {
const access = await this.ctx.accessService.getById(this.httpUploadAccess);
httpUploader = await httpChallengeUploaderFactory.createUploaderByType(this.httpUploadType, {
rootDir: this.httpUploadRootDir,
access,
});
} else {
const dnsProviderType = this.dnsProviderType;
const access = await this.ctx.accessService.getById(this.dnsProviderAccess);
@ -336,6 +414,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
domains,
dnsProvider,
domainsVerifyPlan,
httpUploader,
csrInfo,
isTest: false,
privateKeyType: this.privateKeyType,

35
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/api.ts Normal file
View File

@ -0,0 +1,35 @@
import { IAccessService } from "@certd/pipeline";
import { ILogger, utils } from "@certd/basic";
export type HttpChallengeUploader = {
upload: (fileName: string, fileContent: string) => Promise<void>;
remove: (fileName: string) => Promise<void>;
};
export type HttpChallengeUploadContext = {
accessService: IAccessService;
logger: ILogger;
utils: typeof utils;
};
export abstract class BaseHttpChallengeUploader<A> implements HttpChallengeUploader {
rootDir: string;
access: A = null;
logger: ILogger;
utils: typeof utils;
ctx: HttpChallengeUploadContext;
protected constructor(opts: { rootDir: string; access: A }) {
this.rootDir = opts.rootDir;
this.access = opts.access;
}
async setCtx(ctx: any) {
// set context
this.ctx = ctx;
this.logger = ctx.logger;
this.utils = ctx.utils;
}
abstract remove(fileName: string): Promise<void>;
abstract upload(fileName: string, fileContent: string): Promise<void>;
}

26
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/factory.ts Normal file
View File

@ -0,0 +1,26 @@
export class HttpChallengeUploaderFactory {
async getClassByType(type: string) {
if (type === "alioss") {
return (await import("./impls/alioss.js")).AliossHttpChallengeUploader;
} else if (type === "ssh") {
return (await import("./impls/ssh.js")).SshHttpChallengeUploader;
} else if (type === "ftp") {
return (await import("./impls/ftp.js")).FtpHttpChallengeUploader;
} else if (type === "tencentcos") {
return (await import("./impls/tencentcos.js")).TencentCosHttpChallengeUploader;
} else if (type === "qiniuoss") {
return (await import("./impls/qiniuoss.js")).QiniuOssHttpChallengeUploader;
} else {
throw new Error(`暂不支持此文件上传方式: ${type}`);
}
}
createUploaderByType(type: string, opts: { rootDir: string; access: any }) {
const cls = this.getClassByType(type);
if (cls) {
// @ts-ignore
return new cls(opts);
}
}
}
export const httpChallengeUploaderFactory = new HttpChallengeUploaderFactory();

36
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/alioss.ts Normal file
View File

@ -0,0 +1,36 @@
import { BaseHttpChallengeUploader } from "../api";
import { AliossAccess, AliyunAccess } from "@certd/plugin-lib";
import { AliossClient } from "@certd/plugin-lib/dist/aliyun/lib/oss-client";
export class AliossHttpChallengeUploader extends BaseHttpChallengeUploader<AliossAccess> {
async upload(filePath: string, fileContent: string) {
const aliyunAccess = await this.ctx.accessService.getById<AliyunAccess>(this.access.accessId);
const client = new AliossClient({
access: aliyunAccess,
bucket: this.access.bucket,
region: this.access.region,
});
await client.uploadFile(filePath, Buffer.from(fileContent));
this.logger.info(`校验文件上传成功: ${filePath}`);
}
async remove(filePath: string) {
// remove file from alioss
const client = await this.getAliossClient();
await client.removeFile(filePath);
this.logger.info(`文件删除成功: ${filePath}`);
}
private async getAliossClient() {
const aliyunAccess = await this.ctx.accessService.getById<AliyunAccess>(this.access.accessId);
const client = new AliossClient({
access: aliyunAccess,
bucket: this.access.bucket,
region: this.access.region,
});
await client.init();
return client;
}
}

25
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/ftp.ts Normal file
View File

@ -0,0 +1,25 @@
import { BaseHttpChallengeUploader } from "../api";
import { FtpAccess } from "@certd/plugin-lib";
import { FtpClient } from "@certd/plugin-lib/dist/ftp/client";
export class FtpHttpChallengeUploader extends BaseHttpChallengeUploader<FtpAccess> {
async upload(fileName: string, fileContent: string) {
const client = new FtpClient({
access: this.access,
logger: this.logger,
});
await client.connect(async (client) => {
await client.upload(fileName, fileContent);
});
}
async remove(fileName: string) {
const client = new FtpClient({
access: this.access,
logger: this.logger,
});
await client.connect(async (client) => {
await client.client.remove(fileName);
});
}
}

10
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/qiniuoss.ts Normal file
View File

@ -0,0 +1,10 @@
import { BaseHttpChallengeUploader } from "../api";
import { FtpAccess } from "@certd/plugin-lib";
export class QiniuOssHttpChallengeUploader extends BaseHttpChallengeUploader<FtpAccess> {
async upload(fileName: string, fileContent: string) {
return null;
}
async remove(fileName: string) {}
}

38
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/ssh.ts Normal file
View File

@ -0,0 +1,38 @@
import { BaseHttpChallengeUploader } from "../api";
import { SshAccess, SshClient } from "@certd/plugin-lib";
import path from "path";
import os from "os";
import fs from "fs";
export class SshHttpChallengeUploader extends BaseHttpChallengeUploader<SshAccess> {
async upload(fileName: string, fileContent: string) {
const tmpFilePath = path.join(os.tmpdir(), "cert", "http", fileName);
// Write file to temp path
fs.writeFileSync(tmpFilePath, fileContent);
try {
const client = new SshClient(this.logger);
await client.uploadFiles({
connectConf: this.access,
mkdirs: true,
transports: [
{
localPath: fileName,
remotePath: fileName,
},
],
});
} finally {
// Remove temp file
fs.unlinkSync(tmpFilePath);
}
}
async remove(filePath: string) {
const client = new SshClient(this.logger);
await client.removeFiles({
connectConf: this.access,
files: [filePath],
});
}
}

10
packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/tencentcos.ts Normal file
View File

@ -0,0 +1,10 @@
import { BaseHttpChallengeUploader } from "../api";
import { FtpAccess } from "@certd/plugin-lib";
export class TencentCosHttpChallengeUploader extends BaseHttpChallengeUploader<FtpAccess> {
async upload(fileName: string, fileContent: string) {
return null;
}
async remove(fileName: string) {}
}

2
packages/plugins/plugin-lib/package.json
View File

@ -18,8 +18,8 @@
"@alicloud/pop-core": "^1.7.10",
"@certd/basic": "^1.29.2",
"@certd/pipeline": "^1.29.2",
"@certd/plugin-cert": "^1.29.2",
"@kubernetes/client-node": "0.21.0",
"basic-ftp": "^5.0.5",
"dayjs": "^1.11.7",
"iconv-lite": "^0.6.3",
"lodash-es": "^4.17.21",

71
packages/plugins/plugin-lib/src/aliyun/access/alioss-access.ts Normal file
View File

@ -0,0 +1,71 @@
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
@IsAccess({
name: "alioss",
title: "阿里云OSS授权",
desc: "包含地域和Bucket",
icon: "ant-design:aliyun-outlined",
})
export class AliossAccess extends BaseAccess {
@AccessInput({
title: "阿里云授权",
component: {
name: "access-selector",
vModel: "modelValue",
type: "aliyun",
},
helper: "请选择阿里云授权",
required: true,
})
accessId = "";
@AccessInput({
title: "大区",
component: {
name: "a-auto-complete",
vModel: "value",
options: [
{ value: "oss-cn-hangzhou", label: "华东1杭州" },
{ value: "oss-cn-shanghai", label: "华东2上海" },
{ value: "oss-cn-nanjing", label: "华东5南京-本地地域)" },
{ value: "oss-cn-fuzhou", label: "华东6福州-本地地域)" },
{ value: "oss-cn-wuhan-lr", label: "华中1武汉-本地地域)" },
{ value: "oss-cn-qingdao", label: "华北1青岛" },
{ value: "oss-cn-beijing", label: "华北2北京" },
{ value: "oss-cn-zhangjiakou", label: "华北 3张家口" },
{ value: "oss-cn-huhehaote", label: "华北5呼和浩特" },
{ value: "oss-cn-wulanchabu", label: "华北6乌兰察布" },
{ value: "oss-cn-shenzhen", label: "华南1深圳" },
{ value: "oss-cn-heyuan", label: "华南2河源" },
{ value: "oss-cn-guangzhou", label: "华南3广州" },
{ value: "oss-cn-chengdu", label: "西南1成都" },
{ value: "oss-cn-hongkong", label: "中国香港" },
{ value: "oss-us-west-1", label: "美国(硅谷)①" },
{ value: "oss-us-east-1", label: "美国(弗吉尼亚)①" },
{ value: "oss-ap-northeast-1", label: "日本(东京)①" },
{ value: "oss-ap-northeast-2", label: "韩国(首尔)" },
{ value: "oss-ap-southeast-1", label: "新加坡①" },
{ value: "oss-ap-southeast-2", label: "澳大利亚(悉尼)①" },
{ value: "oss-ap-southeast-3", label: "马来西亚(吉隆坡)①" },
{ value: "oss-ap-southeast-5", label: "印度尼西亚(雅加达)①" },
{ value: "oss-ap-southeast-6", label: "菲律宾(马尼拉)" },
{ value: "oss-ap-southeast-7", label: "泰国(曼谷)" },
{ value: "oss-eu-central-1", label: "德国(法兰克福)①" },
{ value: "oss-eu-west-1", label: "英国(伦敦)" },
{ value: "oss-me-east-1", label: "阿联酋(迪拜)①" },
{ value: "oss-rg-china-mainland", label: "无地域属性(中国内地)" },
],
},
required: true,
})
region!: string;
@AccessInput({
title: "Bucket",
helper: "存储桶名称",
required: true,
})
bucket!: string;
}
new AliossAccess();

3
packages/plugins/plugin-lib/src/aliyun/access/index.ts
View File

@ -1 +1,2 @@
export * from './aliyun-access.js';
export * from "./aliyun-access.js";
export * from "./alioss-access.js";

56
packages/plugins/plugin-lib/src/aliyun/lib/oss-client.ts Normal file
View File

@ -0,0 +1,56 @@
import { AliyunAccess } from "../access";
export class AliossClient {
access: AliyunAccess;
region: string;
bucket: string;
client: any;
constructor(opts: { access: AliyunAccess; bucket: string; region: string }) {
this.access = opts.access;
this.bucket = opts.bucket;
this.region = opts.region;
}
async init() {
// @ts-ignore
const OSS = await import("ali-oss");
this.client = new OSS.default({
accessKeyId: this.access.accessKeyId,
accessKeySecret: this.access.accessKeySecret,
// yourRegion填写Bucket所在地域。以华东1杭州为例Region填写为oss-cn-hangzhou。
region: this.region,
//@ts-ignore
authorizationV4: true,
// yourBucketName填写Bucket名称。
bucket: this.bucket,
});
}
async doRequest(client: any, bucket: string, xml: string, params: any) {
params = client._bucketRequestParams("POST", bucket, {
...params,
});
params.content = xml;
params.mime = "xml";
params.successStatuses = [200];
const res = await client.request(params);
this.checkRet(res);
return res;
}
checkRet(ret: any) {
if (ret.code != null) {
throw new Error("执行失败:" + ret.Message);
}
}
async uploadFile(filePath: string, content: Buffer) {
const memFile = new File([content], filePath);
return await this.client.put(filePath, memFile);
}
async removeFile(filePath: string) {
return await this.client.delete(filePath);
}
}

7
packages/plugins/plugin-lib/src/aliyun/lib/ssl-client.ts
View File

@ -1,8 +1,11 @@
import { ILogger } from "@certd/basic";
import { AliyunAccess } from "../access/index.js";
import { AliyunClient } from "./index.js";
import { CertInfo } from "@certd/plugin-cert";
export type AliyunCertInfo = {
crt: string; //fullchain证书
key: string; //私钥
};
export type AliyunSslClientOpts = {
access: AliyunAccess;
logger: ILogger;
@ -23,7 +26,7 @@ export type AliyunSslCreateDeploymentJobReq = {
export type AliyunSslUploadCertReq = {
name: string;
cert: CertInfo;
cert: AliyunCertInfo;
};
export class AliyunSslClient {

77
packages/plugins/plugin-lib/src/ftp/access.ts Normal file
View File

@ -0,0 +1,77 @@
import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
/**
*
* certd
*/
@IsAccess({
name: "ftp",
title: "FTP授权",
desc: "",
icon: "mdi:folder-upload-outline",
})
export class FtpAccess extends BaseAccess {
@AccessInput({
title: "host",
component: {
placeholder: "ip / 域名",
name: "a-input",
vModel: "value",
},
helper: "FTP地址",
required: true,
})
host!: string;
@AccessInput({
title: "host",
value: 21,
component: {
placeholder: "21",
name: "a-input-number",
vModel: "value",
},
helper: "FTP端口",
required: true,
})
port!: string;
@AccessInput({
title: "user",
component: {
placeholder: "用户名",
},
helper: "FTP用户名",
required: true,
})
user!: string;
@AccessInput({
title: "password",
component: {
placeholder: "密码",
component: {
name: "a-input-password",
vModel: "value",
},
},
encrypt: true,
helper: "FTP密码",
required: true,
})
password!: string;
@AccessInput({
title: "secure",
value: false,
component: {
name: "a-switch",
vModel: "checked",
},
helper: "是否使用SSL",
required: true,
})
secure?: boolean = false;
}
new FtpAccess();

47
packages/plugins/plugin-lib/src/ftp/client.ts Normal file
View File

@ -0,0 +1,47 @@
import { FtpAccess } from "./access";
import { ILogger } from "@certd/basic";
import path from "node:path";
export class FtpClient {
access: FtpAccess = null;
logger: ILogger = null;
client: any;
constructor(opts: { access: FtpAccess; logger: ILogger }) {
this.access = opts.access;
this.logger = opts.logger;
}
async connect(callback: (client: FtpClient) => Promise<void>) {
const ftp = await import("basic-ftp");
const Client = ftp.Client;
const client = new Client();
client.ftp.verbose = true;
this.logger.info("开始连接FTP");
await client.access(this.access as any);
this.logger.info("FTP连接成功");
this.client = client;
try {
await callback(this);
} finally {
if (client) {
client.close();
}
}
}
async upload(filePath: string, remotePath: string): Promise<void> {
if (!remotePath) {
return;
}
const dirname = path.dirname(remotePath);
this.logger.info(`确保目录存在:${dirname}`);
await this.client.ensureDir(dirname);
this.logger.info(`开始上传文件${filePath} -> ${remotePath}`);
await this.client.uploadFrom(filePath, remotePath);
}
async remove(filePath: string): Promise<void> {
this.logger.info(`开始删除文件${filePath}`);
await this.client.remove(filePath, true);
}
}

2
packages/plugins/plugin-lib/src/ftp/index.ts Normal file
View File

@ -0,0 +1,2 @@
export * from "./access.js";
export * from "./client.js";

3
packages/plugins/plugin-lib/src/index.ts
View File

@ -1,3 +1,6 @@
export * from "./ssh/index.js";
export * from "./aliyun/index.js";
export * from "./common/index.js";
export * from "./ftp/index.js";
export * from "./tencent/index.js";
export * from "./qiniu/index.js";

31
packages/plugins/plugin-lib/src/qiniu/access-oss.ts Normal file
View File

@ -0,0 +1,31 @@
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
@IsAccess({
name: "qiniuoss",
title: "七牛OSS授权",
desc: "",
icon: "svg:icon-qiniuyun",
input: {},
})
export class QiniuOssAccess extends BaseAccess {
@AccessInput({
title: "七牛云授权",
component: {
name: "access-selector",
vModel: "modelValue",
type: "qiniu",
},
helper: "请选择七牛云授权",
required: true,
})
accessId = "";
@AccessInput({
title: "Bucket",
helper: "存储桶名称",
required: true,
})
bucket = "";
}
new QiniuOssAccess();

25
packages/plugins/plugin-lib/src/qiniu/access.ts Normal file
View File

@ -0,0 +1,25 @@
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
@IsAccess({
name: "qiniu",
title: "七牛云授权",
desc: "",
icon: "svg:icon-qiniuyun",
input: {},
})
export class QiniuAccess extends BaseAccess {
@AccessInput({
title: "AccessKey",
rules: [{ required: true, message: "此项必填" }],
helper: "AK前往[密钥管理](https://portal.qiniu.com/developer/user/key)获取",
})
accessKey!: string;
@AccessInput({
title: "SecretKey",
encrypt: true,
helper: "SK",
})
secretKey!: string;
}
new QiniuAccess();

1
packages/plugins/plugin-lib/src/qiniu/index.ts Normal file
View File

@ -0,0 +1 @@
export * from "./access.js";

36
packages/plugins/plugin-lib/src/ssh/ssh.ts
View File

@ -7,6 +7,7 @@ import { SshAccess } from "./ssh-access.js";
import stripAnsi from "strip-ansi";
import { SocksClient } from "socks";
import { SocksProxy, SocksProxyType } from "socks/typings/common/constants.js";
export type TransportItem = { localPath: string; remotePath: string };
export class AsyncSsh2Client {
conn: ssh2.Client;
@ -95,6 +96,21 @@ export class AsyncSsh2Client {
});
}
async unlink(options: { sftp: any; remotePath: string }) {
const { sftp, remotePath } = options;
return new Promise((resolve, reject) => {
this.logger.info(`开始删除远程文件:${remotePath}`);
sftp.unlink(remotePath, (err: Error) => {
if (err) {
reject(err);
return;
}
this.logger.info(`删除文件成功:${remotePath}`);
resolve({});
});
});
}
async exec(
script: string,
opts: {
@ -239,7 +255,7 @@ export class SshClient {
}
* @param options
*/
async uploadFiles(options: { connectConf: SshAccess; transports: any; mkdirs: boolean }) {
async uploadFiles(options: { connectConf: SshAccess; transports: TransportItem[]; mkdirs: boolean }) {
const { connectConf, transports, mkdirs } = options;
await this._call({
connectConf,
@ -272,6 +288,24 @@ export class SshClient {
});
}
async removeFiles(opts: { connectConf: SshAccess; files: string[] }) {
const { connectConf, files } = opts;
await this._call({
connectConf,
callable: async (conn: AsyncSsh2Client) => {
const sftp = await conn.getSftp();
this.logger.info("开始删除");
for (const file of files) {
await conn.unlink({
sftp,
remotePath: file,
});
}
this.logger.info("文件全部删除成功");
},
});
}
async isCmd(conn: AsyncSsh2Client) {
const spec = await conn.exec("echo %COMSPEC% ");
if (spec.toString().trim() === "%COMSPEC%") {

63
packages/plugins/plugin-lib/src/tencent/access-cos.ts Normal file
View File

@ -0,0 +1,63 @@
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
@IsAccess({
name: "tencentcos",
title: "腾讯云COS授权",
icon: "svg:icon-tencentcloud",
desc: "腾讯云对象存储授权,包含地域和存储桶",
})
export class TencentCosAccess extends BaseAccess {
@AccessInput({
title: "腾讯云授权",
component: {
name: "access-selector",
vModel: "modelValue",
type: "tencent",
},
helper: "请选择腾讯云授权",
required: true,
})
accessId = "";
@AccessInput({
title: "所在地域",
helper: "存储桶所在地域",
component: {
name: "a-auto-complete",
vModel: "value",
options: [
{ value: "", label: "--------中国大陆地区-------", disabled: true },
{ value: "ap-beijing-1", label: "北京1区" },
{ value: "ap-beijing", label: "北京" },
{ value: "ap-nanjing", label: "南京" },
{ value: "ap-shanghai", label: "上海" },
{ value: "ap-guangzhou", label: "广州" },
{ value: "ap-chengdu", label: "成都" },
{ value: "ap-chongqing", label: "重庆" },
{ value: "ap-shenzhen-fsi", label: "深圳金融" },
{ value: "ap-shanghai-fsi", label: "上海金融" },
{ value: "ap-beijing-fsi", label: "北京金融" },
{ value: "", label: "--------中国香港及境外-------", disabled: true },
{ value: "ap-hongkong", label: "中国香港" },
{ value: "ap-singapore", label: "新加坡" },
{ value: "ap-mumbai", label: "孟买" },
{ value: "ap-jakarta", label: "雅加达" },
{ value: "ap-seoul", label: "首尔" },
{ value: "ap-bangkok", label: "曼谷" },
{ value: "ap-tokyo", label: "东京" },
{ value: "na-siliconvalley", label: "硅谷" },
{ value: "na-ashburn", label: "弗吉尼亚" },
{ value: "sa-saopaulo", label: "圣保罗" },
{ value: "eu-frankfurt", label: "法兰克福" },
],
},
})
region!: string;
@AccessInput({
title: "Bucket",
helper: "存储桶名称",
required: true,
})
bucket = "";
}

28
packages/plugins/plugin-lib/src/tencent/access.ts Normal file
View File

@ -0,0 +1,28 @@
import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
@IsAccess({
name: "tencent",
title: "腾讯云",
icon: "svg:icon-tencentcloud",
})
export class TencentAccess extends BaseAccess {
@AccessInput({
title: "secretId",
helper:
"使用对应的插件需要有对应的权限,比如上传证书,需要证书管理权限;部署到clb需要clb相关权限\n前往[密钥管理](https://console.cloud.tencent.com/cam/capi)进行创建",
component: {
placeholder: "secretId",
},
rules: [{ required: true, message: "该项必填" }],
})
secretId = "";
@AccessInput({
title: "secretKey",
component: {
placeholder: "secretKey",
},
encrypt: true,
rules: [{ required: true, message: "该项必填" }],
})
secretKey = "";
}

1
packages/plugins/plugin-lib/src/tencent/index.ts Normal file
View File

@ -0,0 +1 @@
export * from "./access.js";

12
packages/ui/certd-client/src/components/plugins/cert/domains-verify-plan-editor/index.vue
View File

@ -58,6 +58,9 @@
<div v-if="item.type === 'cname'" class="plan-cname">
<cname-verify-plan v-model="item.cnameVerifyPlan" @change="onPlanChanged" />
</div>
<div v-if="item.type === 'http'" class="plan-http">
<cname-verify-plan v-model="item.cnameVerifyPlan" @change="onPlanChanged" />
</div>
</div>
</td>
</tr>
@ -127,12 +130,7 @@ function showError(error: string) {
errorMessageRef.value = error;
}
type DomainGroup = Record<
string,
{
[key: string]: CnameRecord;
}
>[];
type DomainGroup = Record<string, Record<string, CnameRecord>>;
function onDomainsChanged(domains: string[]) {
console.log("域名变化", domains);
@ -169,6 +167,7 @@ function onDomainsChanged(domains: string[]) {
planItem = {
domain,
type: "cname",
//@ts-ignore
cnameVerifyPlan: {
...subDomains
}
@ -178,6 +177,7 @@ function onDomainsChanged(domains: string[]) {
const cnamePlan = planItem.cnameVerifyPlan;
for (const subDomain in subDomains) {
if (!cnamePlan[subDomain]) {
//@ts-ignore
cnamePlan[subDomain] = {
id: 0
};

10
packages/ui/certd-client/src/components/plugins/cert/domains-verify-plan-editor/type.ts
View File

@ -1,11 +1,19 @@
import { CnameRecord } from "@certd/pipeline";
export type HttpRecord = {
domain: string;
httpUploaderType: string;
httpUploaderAccess: number;
httpUploadRootDir: string;
};
export type DomainVerifyPlanInput = {
domain: string;
type: "cname" | "dns";
type: "cname" | "dns" | "http";
dnsProviderType?: string;
dnsProviderAccessId?: number;
cnameVerifyPlan?: Record<string, CnameRecord>;
httpVerifyPlan?: Record<string, HttpRecord>;
};
export type DomainsVerifyPlanInput = {
[key: string]: DomainVerifyPlanInput;

2
packages/ui/certd-client/src/router/source/modules/sys.ts
View File

@ -109,7 +109,7 @@ export const sysResources = [
meta: {
show: () => {
const settingStore = useSettingStore();
return settingStore.isComm;
return settingStore.isPlus;
},
icon: "ion:extension-puzzle-outline",
permission: "sys:settings:view"

47
packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts
View File

@ -1,6 +1,5 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskOutput } from '@certd/pipeline';
import { CertInfo, CertReader, CertReaderHandleContext } from '@certd/plugin-cert';
import * as fs from 'fs';
import dayjs from 'dayjs';
import { SshAccess, SshClient } from '@certd/plugin-lib';
@ -243,27 +242,32 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
})
hostJksPath!: string;
@TaskOutput({
title: '一体证书保存路径',
})
hostOnePath!: string;
async onInstance() {}
copyFile(srcFile: string, destFile: string) {
if (!srcFile || !destFile) {
this.logger.warn(`srcFile:${srcFile} 或 destFile:${destFile} 为空,不复制`);
return;
}
const dir = destFile.substring(0, destFile.lastIndexOf('/'));
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
fs.copyFileSync(srcFile, destFile);
this.logger.info(`复制文件:${srcFile} => ${destFile}`);
}
// copyFile(srcFile: string, destFile: string) {
// if (!srcFile || !destFile) {
// this.logger.warn(`srcFile:${srcFile} 或 destFile:${destFile} 为空,不复制`);
// return;
// }
// const dir = destFile.substring(0, destFile.lastIndexOf('/'));
// if (!fs.existsSync(dir)) {
// fs.mkdirSync(dir, { recursive: true });
// }
// fs.copyFileSync(srcFile, destFile);
// this.logger.info(`复制文件:${srcFile} => ${destFile}`);
// }
async execute(): Promise<void> {
const { cert, accessId } = this;
let { crtPath, keyPath, icPath, pfxPath, derPath, jksPath } = this;
let { crtPath, keyPath, icPath, pfxPath, derPath, jksPath, onePath } = this;
const certReader = new CertReader(cert);
const handle = async (opts: CertReaderHandleContext) => {
const { tmpCrtPath, tmpKeyPath, tmpDerPath, tmpJksPath, tmpPfxPath, tmpIcPath } = opts;
const { tmpCrtPath, tmpKeyPath, tmpDerPath, tmpJksPath, tmpPfxPath, tmpIcPath, tmpOnePath } = opts;
// if (this.copyToThisHost) {
// this.logger.info('复制到目标路径');
// this.copyFile(tmpCrtPath, crtPath);
@ -336,6 +340,16 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
});
this.logger.info(`上传jks证书到主机${jksPath}`);
}
if (this.onePath) {
this.logger.info(`上传一体证书到主机:${this.onePath}`);
onePath = this.onePath.trim();
transports.push({
localPath: tmpOnePath,
remotePath: this.onePath,
});
}
this.logger.info('开始上传文件到服务器');
await sshClient.uploadFiles({
connectConf,
@ -350,6 +364,7 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
this.hostPfxPath = pfxPath;
this.hostDerPath = derPath;
this.hostJksPath = jksPath;
this.hostOnePath = onePath;
};
await certReader.readCertFile({
@ -376,6 +391,8 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
env['HOST_IC_PATH'] = this.hostIcPath || '';
env['HOST_PFX_PATH'] = this.hostPfxPath || '';
env['HOST_DER_PATH'] = this.hostDerPath || '';
env['HOST_JKS_PATH'] = this.hostJksPath || '';
env['HOST_ONE_PATH'] = this.hostOnePath || '';
}
const scripts = this.script.split('\n');

4
packages/ui/certd-server/src/plugins/plugin-qiniu/plugin/deploy-to-cdn/index.ts
View File

@ -1,8 +1,8 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine, QiniuAccess } from '@certd/plugin-lib';
import { CertInfo } from '@certd/plugin-cert';
import { optionsUtils } from '@certd/basic/dist/utils/util.options.js';
import { QiniuAccess, QiniuClient } from '@certd/plugin-plus';
import { QiniuClient } from '@certd/plugin-plus';
@IsTaskPlugin({
name: 'QiniuDeployCertToCDN',

5
packages/ui/certd-server/src/plugins/plugin-qiniu/plugin/upload-cert/index.ts
View File

@ -1,6 +1,7 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskOutput } from '@certd/pipeline';
import { QiniuAccess, QiniuClient } from '@certd/plugin-plus';
import { QiniuClient } from '@certd/plugin-plus';
import { CertInfo } from '@certd/plugin-cert';
import { QiniuAccess } from '@certd/plugin-lib';
@IsTaskPlugin({
name: 'QiniuCertUpload',
@ -51,7 +52,7 @@ export class QiniuCertUpload extends AbstractTaskPlugin {
async onInstance() {}
async execute(): Promise<void> {
this.logger.info('开始上传证书到七牛云');
const access = (await this.accessService.getById(this.accessId)) as QiniuAccess;
const access = await this.accessService.getById<QiniuAccess>(this.accessId);
const qiniuClient = new QiniuClient({
http: this.ctx.http,
access,

2
packages/ui/certd-server/src/plugins/plugin-tencent/dns-provider/tencent-dns-provider.ts
View File

@ -1,7 +1,7 @@
import { Autowire } from '@certd/pipeline';
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { TencentAccess } from '@certd/plugin-plus';
import { TencentAccess } from '@certd/plugin-lib';
@IsDnsProvider({
name: 'tencent',

2
packages/ui/certd-server/src/plugins/plugin-tencent/lib/index.ts
View File

@ -1,4 +1,4 @@
import { TencentAccess } from '@certd/plugin-plus';
import { TencentAccess } from '@certd/plugin-lib';
import { CertInfo } from '@certd/plugin-cert';
import { ILogger } from '@certd/basic';
export class TencentSslClient {

3
packages/ui/certd-server/src/plugins/plugin-tencent/plugin/delete-expiring-cert/index.ts
View File

@ -1,8 +1,9 @@
import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { AbstractPlusTaskPlugin, TencentAccess } from '@certd/plugin-plus';
import { AbstractPlusTaskPlugin } from '@certd/plugin-plus';
import { TencentSslClient } from '../../lib/index.js';
import dayjs from 'dayjs';
import { remove } from 'lodash-es';
import { TencentAccess } from '@certd/plugin-lib';
@IsTaskPlugin({
name: 'TencentDeleteExpiringCert',

3
packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-cdn-v2/index.ts
View File

@ -1,9 +1,8 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { TencentAccess } from '@certd/plugin-plus';
import { CertInfo } from '@certd/plugin-cert';
import { TencentSslClient } from '../../lib/index.js';
import { createRemoteSelectInputDefine } from '@certd/plugin-lib';
import { TencentAccess } from '@certd/plugin-lib';
@IsTaskPlugin({
name: 'TencentDeployCertToCDNv2',
title: '腾讯云-部署到CDN-v2',

3
packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-cdn/index.ts
View File

@ -1,7 +1,6 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { TencentAccess } from '@certd/plugin-plus';
import { CertInfo } from '@certd/plugin-cert';
import { TencentAccess } from '@certd/plugin-lib';
@IsTaskPlugin({
name: 'DeployCertToTencentCDN',
title: '腾讯云-部署到CDN废弃',

3
packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-clb/index.ts
View File

@ -1,7 +1,6 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { TencentAccess } from '@certd/plugin-plus';
import dayjs from 'dayjs';
import { TencentAccess } from '@certd/plugin-lib';
@IsTaskPlugin({
name: 'DeployCertToTencentCLB',
title: '腾讯云-部署到CLB',

3
packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-eo/index.ts
View File

@ -1,6 +1,5 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { TencentAccess } from '@certd/plugin-plus';
import { TencentAccess } from '@certd/plugin-lib';
@IsTaskPlugin({
name: 'DeployCertToTencentEO',
title: '腾讯云-部署到腾讯云EO',

2
packages/ui/certd-server/src/plugins/plugin-tencent/plugin/start-instances/index.ts
View File

@ -1,6 +1,6 @@
import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { AbstractTaskPlugin } from '@certd/pipeline';
import { TencentAccess } from '@certd/plugin-plus';
import { TencentAccess } from '@certd/plugin-lib';
import { createRemoteSelectInputDefine } from '@certd/plugin-lib';
@IsTaskPlugin({