From 65ef6857296784ca765926e09eafcb6fc8b6ecde Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Fri, 6 Sep 2024 23:19:34 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E6=94=AF=E6=8C=81=E5=A4=9A=E5=90=89?=
 =?UTF-8?q?=E4=BA=91cdn=E8=AF=81=E4=B9=A6=E9=83=A8=E7=BD=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/build-image.yml             |  2 +-
 packages/core/pipeline/src/plugin/group.ts    |  1 +
 packages/ui/certd-server/package.json         |  1 +
 packages/ui/certd-server/src/plugins/index.ts |  1 +
 .../src/plugins/plugin-doge/access.ts         | 39 ++++++++++
 .../src/plugins/plugin-doge/index.ts          |  3 +
 .../src/plugins/plugin-doge/lib/index.ts      | 42 +++++++++++
 .../plugins/deploy-to-cdn/index.ts            | 75 +++++++++++++++++++
 .../src/plugins/plugin-doge/plugins/index.ts  |  1 +
 9 files changed, 164 insertions(+), 1 deletion(-)
 create mode 100644 packages/ui/certd-server/src/plugins/plugin-doge/access.ts
 create mode 100644 packages/ui/certd-server/src/plugins/plugin-doge/index.ts
 create mode 100644 packages/ui/certd-server/src/plugins/plugin-doge/lib/index.ts
 create mode 100644 packages/ui/certd-server/src/plugins/plugin-doge/plugins/deploy-to-cdn/index.ts
 create mode 100644 packages/ui/certd-server/src/plugins/plugin-doge/plugins/index.ts

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 7f529888..ff1b2dd8 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -67,7 +67,7 @@ jobs:
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64
           push: true
           context: ./packages/ui/
           tags: |
diff --git a/packages/core/pipeline/src/plugin/group.ts b/packages/core/pipeline/src/plugin/group.ts
index f7cb4bf9..73d62d20 100644
--- a/packages/core/pipeline/src/plugin/group.ts
+++ b/packages/core/pipeline/src/plugin/group.ts
@@ -21,5 +21,6 @@ export const pluginGroups = {
   huawei: new PluginGroup("huawei", "华为云", 3),
   tencent: new PluginGroup("tencent", "腾讯云", 4),
   host: new PluginGroup("host", "主机", 5),
+  cdn: new PluginGroup("cdn", "CDN", 6),
   other: new PluginGroup("other", "其他", 7),
 };
diff --git a/packages/ui/certd-server/package.json b/packages/ui/certd-server/package.json
index 7796e7d6..c0aed453 100644
--- a/packages/ui/certd-server/package.json
+++ b/packages/ui/certd-server/package.json
@@ -62,6 +62,7 @@
     "nanoid": "^4.0.0",
     "nodemailer": "^6.9.3",
     "pg": "^8.12.0",
+    "querystring": "^0.2.1",
     "reflect-metadata": "^0.1.13",
     "ssh2": "^1.15.0",
     "strip-ansi": "^7.1.0",
diff --git a/packages/ui/certd-server/src/plugins/index.ts b/packages/ui/certd-server/src/plugins/index.ts
index d2ceab09..4ecd2b31 100644
--- a/packages/ui/certd-server/src/plugins/index.ts
+++ b/packages/ui/certd-server/src/plugins/index.ts
@@ -7,3 +7,4 @@ export * from './plugin-huawei/index.js';
 export * from './plugin-demo/index.js';
 export * from './plugin-other/index.js';
 export * from './plugin-west/index.js';
+export * from './plugin-doge/index.js';
diff --git a/packages/ui/certd-server/src/plugins/plugin-doge/access.ts b/packages/ui/certd-server/src/plugins/plugin-doge/access.ts
new file mode 100644
index 00000000..b37ef80e
--- /dev/null
+++ b/packages/ui/certd-server/src/plugins/plugin-doge/access.ts
@@ -0,0 +1,39 @@
+import { IsAccess, AccessInput } from '@certd/pipeline';
+
+/**
+ * 这个注解将注册一个授权配置
+ * 在certd的后台管理系统中，用户可以选择添加此类型的授权
+ */
+@IsAccess({
+  name: 'dogecloud',
+  title: '多吉云',
+  desc: '',
+})
+export class DogeCloudAccess {
+  /**
+   * 授权属性配置
+   */
+  @AccessInput({
+    title: 'AccessKey',
+    component: {
+      placeholder: 'AccessKey',
+    },
+    helper: '请前往[多吉云-密钥管理](https://console.dogecloud.com/user/keys)获取',
+    required: true,
+    encrypt: false,
+  })
+  accessKey = '';
+
+  @AccessInput({
+    title: 'SecretKey',
+    component: {
+      placeholder: 'SecretKey',
+    },
+    helper: '请前往[多吉云-密钥管理](https://console.dogecloud.com/user/keys)获取',
+    required: true,
+    encrypt: true,
+  })
+  secretKey = '';
+}
+
+new DogeCloudAccess();
diff --git a/packages/ui/certd-server/src/plugins/plugin-doge/index.ts b/packages/ui/certd-server/src/plugins/plugin-doge/index.ts
new file mode 100644
index 00000000..5bdf4efb
--- /dev/null
+++ b/packages/ui/certd-server/src/plugins/plugin-doge/index.ts
@@ -0,0 +1,3 @@
+export * from './access.js';
+export * from './lib/index.js';
+export * from './plugins/index.js';
diff --git a/packages/ui/certd-server/src/plugins/plugin-doge/lib/index.ts b/packages/ui/certd-server/src/plugins/plugin-doge/lib/index.ts
new file mode 100644
index 00000000..079dd264
--- /dev/null
+++ b/packages/ui/certd-server/src/plugins/plugin-doge/lib/index.ts
@@ -0,0 +1,42 @@
+import crypto from 'crypto';
+import querystring from 'querystring';
+import { DogeCloudAccess } from '../access.js';
+import { AxiosInstance } from 'axios';
+
+export class DogeClient {
+  accessKey: string;
+  secretKey: string;
+  http: AxiosInstance;
+  constructor(access: DogeCloudAccess, http: AxiosInstance) {
+    this.accessKey = access.accessKey;
+    this.secretKey = access.secretKey;
+    this.http = http;
+  }
+
+  async request(apiPath: string, data: any = {}, jsonMode = false) {
+    // 这里替换为你的多吉云永久 AccessKey 和 SecretKey，可在用户中心 - 密钥管理中查看
+    // 请勿在客户端暴露 AccessKey 和 SecretKey，那样恶意用户将获得账号完全控制权
+
+    const body = jsonMode ? JSON.stringify(data) : querystring.encode(data);
+    const sign = crypto
+      .createHmac('sha1', this.secretKey)
+      .update(Buffer.from(apiPath + '\n' + body, 'utf8'))
+      .digest('hex');
+    const authorization = 'TOKEN ' + this.accessKey + ':' + sign;
+    const res: any = await this.http.request({
+      url: 'https://api.dogecloud.com' + apiPath,
+      method: 'POST',
+      data: body,
+      responseType: 'json',
+      headers: {
+        'Content-Type': jsonMode ? 'application/json' : 'application/x-www-form-urlencoded',
+        Authorization: authorization,
+      },
+    });
+
+    if (res.code !== 200) {
+      throw new Error('API Error: ' + res.msg);
+    }
+    return res.data;
+  }
+}
diff --git a/packages/ui/certd-server/src/plugins/plugin-doge/plugins/deploy-to-cdn/index.ts b/packages/ui/certd-server/src/plugins/plugin-doge/plugins/deploy-to-cdn/index.ts
new file mode 100644
index 00000000..ee6be7a8
--- /dev/null
+++ b/packages/ui/certd-server/src/plugins/plugin-doge/plugins/deploy-to-cdn/index.ts
@@ -0,0 +1,75 @@
+import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { CertInfo, CertReader } from '@certd/plugin-cert';
+import { DogeClient } from '../../lib/index.js';
+import dayjs from 'dayjs';
+
+@IsTaskPlugin({
+  name: 'DogeCloudDeployToCDN',
+  title: '部署证书到多吉云CDN',
+  group: pluginGroups.cdn.key,
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed,
+    },
+  },
+})
+export class DogeCloudDeployToCDNPlugin extends AbstractTaskPlugin {
+  @TaskInput({
+    title: '域名',
+    helper: 'CDN域名',
+    required: true,
+  })
+  domain!: string;
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: '证书',
+    helper: '请选择前置任务输出的域名证书',
+    component: {
+      name: 'pi-output-selector',
+      from: 'CertApply',
+    },
+    required: true,
+  })
+  cert!: CertInfo;
+
+  //授权选择框
+  @TaskInput({
+    title: '多吉云授权',
+    helper: '多吉云AccessKey',
+    component: {
+      name: 'pi-access-selector',
+      type: 'dogecloud',
+    },
+    rules: [{ required: true, message: '此项必填' }],
+  })
+  accessId!: string;
+
+  dogeClient!: DogeClient;
+
+  async onInstance() {
+    const access = await this.accessService.getById(this.accessId);
+    this.dogeClient = new DogeClient(access, this.ctx.http);
+  }
+  async execute(): Promise<void> {
+    const certId: number = await this.updateCert();
+    await this.bindCert(certId);
+  }
+
+  async updateCert() {
+    const certReader = new CertReader(this.cert);
+    const data = await this.dogeClient.request('/cdn/cert/upload.json', {
+      note: 'certd-' + dayjs().format('YYYYMMDDHHmmss'),
+      cert: certReader.crt,
+      private: certReader.key,
+    });
+    return data.id;
+  }
+
+  async bindCert(certId: number) {
+    await this.dogeClient.request('/cdn/cert/bind.json', {
+      id: certId,
+      domain: this.domain,
+    });
+  }
+}
+new DogeCloudDeployToCDNPlugin();
diff --git a/packages/ui/certd-server/src/plugins/plugin-doge/plugins/index.ts b/packages/ui/certd-server/src/plugins/plugin-doge/plugins/index.ts
new file mode 100644
index 00000000..71437bc9
--- /dev/null
+++ b/packages/ui/certd-server/src/plugins/plugin-doge/plugins/index.ts
@@ -0,0 +1 @@
+export * from './deploy-to-cdn/index.js';