From 968c4690a07f69c08dcb3d3a494da4e319627345 Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Fri, 23 Aug 2024 13:15:06 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E8=AF=81=E4=B9=A6?=
 =?UTF-8?q?=E7=94=B3=E8=AF=B7=E6=88=90=E5=8A=9F=E7=8E=87?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/core/acme-client/src/auto.js         | 53 ++++++++++++++++---
 packages/core/acme-client/src/http.js         |  2 +-
 packages/core/pipeline/src/utils/util.sp.ts   |  2 +-
 .../src/plugin/cert-plugin/acme.ts            | 31 +++++++----
 .../src/plugin/cert-plugin/index.ts           |  2 +-
 .../views/certd/settings/email-setting.vue    |  2 +-
 packages/ui/certd-server/.env.production.yaml |  3 ++
 .../certd-server/src/config/config.default.ts |  3 ++
 8 files changed, 78 insertions(+), 20 deletions(-)

diff --git a/packages/core/acme-client/src/auto.js b/packages/core/acme-client/src/auto.js
index 10e81fe5..e780d30c 100644
--- a/packages/core/acme-client/src/auto.js
+++ b/packages/core/acme-client/src/auto.js
@@ -137,7 +137,12 @@ module.exports = async (client, userOpts) => {
                 }
                 else {
                     log(`[auto] [${d}] Running challenge verification`);
-                    await client.verifyChallenge(authz, challenge);
+                    try {
+                        await client.verifyChallenge(authz, challenge);
+                    }
+                    catch (e) {
+                        log(`[auto] [${d}] challenge verification threw error: ${e.message}`);
+                    }
                 }
 
                 /* Complete challenge and wait for valid status */
@@ -170,11 +175,41 @@ module.exports = async (client, userOpts) => {
             throw e;
         }
     };
+    const domainSets = [];
 
-    const challengePromises = authorizations.map((authz) => async () => {
-        await challengeFunc(authz);
+    authorizations.forEach((authz) => {
+        const d = authz.identifier.value;
+        let setd = false;
+        // eslint-disable-next-line no-restricted-syntax
+        for (const group of domainSets) {
+            if (!group[d]) {
+                group[d] = authz;
+                setd = true;
+            }
+        }
+        if (!setd) {
+            const group = {};
+            group[d] = authz;
+            domainSets.push(group);
+        }
     });
 
+    const allChallengePromises = [];
+    // eslint-disable-next-line no-restricted-syntax
+    for (const domainSet of domainSets) {
+        const challengePromises = [];
+        // eslint-disable-next-line guard-for-in,no-restricted-syntax
+        for (const domain in domainSet) {
+            const authz = domainSet[domain];
+            challengePromises.push(async () => {
+                log(`[auto] [${domain}] Starting challenge`);
+                await challengeFunc(authz);
+            });
+        }
+        allChallengePromises.push(challengePromises);
+    }
+
+    log(`[auto] challengeGroups:${allChallengePromises.length}`);
     function runAllPromise(tasks) {
         let promise = Promise.resolve();
         tasks.forEach((task) => {
@@ -195,9 +230,15 @@ module.exports = async (client, userOpts) => {
     }
 
     try {
-        log('开始challenge');
-        await runPromisePa(challengePromises);
-
+        log(`开始challenge，共${allChallengePromises.length}组`);
+        let i = 0;
+        // eslint-disable-next-line no-restricted-syntax
+        for (const challengePromises of allChallengePromises) {
+            i += 1;
+            log(`开始第${i}组`);
+            // eslint-disable-next-line no-await-in-loop
+            await runPromisePa(challengePromises);
+        }
         log('challenge结束');
 
         // log('[auto] Waiting for challenge valid status');
diff --git a/packages/core/acme-client/src/http.js b/packages/core/acme-client/src/http.js
index caf73dd7..4e1efa08 100644
--- a/packages/core/acme-client/src/http.js
+++ b/packages/core/acme-client/src/http.js
@@ -55,7 +55,7 @@ class HttpClient {
      */
 
     async request(url, method, opts = {}) {
-        if (this.urlMapping && this.urlMapping.enabled === true && this.urlMapping.mappings) {
+        if (this.urlMapping && this.urlMapping.mappings) {
             // eslint-disable-next-line no-restricted-syntax
             for (const key in this.urlMapping.mappings) {
                 if (url.includes(key)) {
diff --git a/packages/core/pipeline/src/utils/util.sp.ts b/packages/core/pipeline/src/utils/util.sp.ts
index 3482247e..9d32eaa9 100644
--- a/packages/core/pipeline/src/utils/util.sp.ts
+++ b/packages/core/pipeline/src/utils/util.sp.ts
@@ -72,7 +72,7 @@ async function spawn(opts: SpawnOption): Promise<string> {
   let stderr = "";
   return safePromise((resolve, reject) => {
     const ls = childProcess.spawn(cmd, {
-      shell: process.platform == "win32",
+      shell: true,
       env: {
         ...process.env,
         ...opts.env,
diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
index 8be51bf7..2569d63a 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
@@ -13,7 +13,7 @@ export type CertInfo = {
   key: string;
   csr: string;
 };
-export type SSLProvider = "letsencrypt" | "buypass" | "zerossl";
+export type SSLProvider = "letsencrypt" | "google" | "zerossl";
 type AcmeServiceOptions = {
   userContext: IContext;
   logger: Logger;
@@ -42,10 +42,18 @@ export class AcmeService {
     });
   }
 
-  async getAccountConfig(email: string): Promise<any> {
+  async getAccountConfig(email: string, urlMapping: UrlMapping): Promise<any> {
     const conf = (await this.userContext.getObj(this.buildAccountKey(email))) || {};
-    if (conf.accountUrl?.indexOf("letsencrypt.proxy.handsfree.work")) {
-      conf.accountUrl = conf.accountUrl.replace("letsencrypt.proxy.handsfree.work", "acme-v02.api.letsencrypt.org");
+    if (urlMapping && urlMapping.mappings) {
+      for (const key in urlMapping.mappings) {
+        if (Object.prototype.hasOwnProperty.call(urlMapping.mappings, key)) {
+          const element = urlMapping.mappings[key];
+          if (conf.accountUrl?.indexOf(element) > -1) {
+            //如果用了代理url，要替换回去
+            conf.accountUrl = conf.accountUrl.replace(element, key);
+          }
+        }
+      }
     }
     return conf;
   }
@@ -59,7 +67,14 @@ export class AcmeService {
   }
 
   async getAcmeClient(email: string, isTest = false): Promise<acme.Client> {
-    const conf = await this.getAccountConfig(email);
+    const urlMapping: UrlMapping = {
+      enabled: false,
+      mappings: {
+        "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work",
+        "dv.acme-v02.api.pki.goog": "google.proxy.handsfree.work",
+      },
+    };
+    const conf = await this.getAccountConfig(email, urlMapping);
     if (conf.key == null) {
       conf.key = await this.createNewKey();
       await this.saveAccountConfig(email, conf);
@@ -70,19 +85,15 @@ export class AcmeService {
     } else {
       directoryUrl = acme.directory[this.sslProvider].production;
     }
-    const urlMapping: UrlMapping = { enabled: false, mappings: {} };
     if (this.options.useMappingProxy) {
       urlMapping.enabled = true;
-      urlMapping.mappings = {
-        "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work",
-      };
     }
     const client = new acme.Client({
       directoryUrl: directoryUrl,
       accountKey: conf.key,
       accountUrl: conf.accountUrl,
       externalAccountBinding: this.eab,
-      backoffAttempts: 30,
+      backoffAttempts: 15,
       backoffMin: 5000,
       backoffMax: 10000,
       urlMapping,
diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
index e9ed9dbb..88f96a77 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
@@ -34,7 +34,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       options: [
         { value: "letsencrypt", label: "Let's Encrypt" },
         // { value: "letsencrypt-proxy", label: "Let's Encrypt代理，letsencrypt.org无法访问时使用" },
-        // { value: "buypass", label: "Buypass" },
+        { value: "google", label: "Google" },
         { value: "zerossl", label: "ZeroSSL" },
       ],
     },
diff --git a/packages/ui/certd-client/src/views/certd/settings/email-setting.vue b/packages/ui/certd-client/src/views/certd/settings/email-setting.vue
index c95892aa..a0f8b1e1 100644
--- a/packages/ui/certd-client/src/views/certd/settings/email-setting.vue
+++ b/packages/ui/certd-client/src/views/certd/settings/email-setting.vue
@@ -55,7 +55,7 @@
             <a-input v-model:value="testFormState.receiver" />
           </a-form-item>
           <a-form-item :wrapper-col="{ offset: 8, span: 16 }">
-            <a-button type="primary" html-type="submit">测试</a-button>
+            <a-button type="primary" :loading="testFormState.loading" html-type="submit">测试</a-button>
           </a-form-item>
         </a-form>
       </div>
diff --git a/packages/ui/certd-server/.env.production.yaml b/packages/ui/certd-server/.env.production.yaml
index b6c1623c..98ac4163 100644
--- a/packages/ui/certd-server/.env.production.yaml
+++ b/packages/ui/certd-server/.env.production.yaml
@@ -6,3 +6,6 @@ typeorm:
     default:
       logging: false
 
+
+plus:
+  serverBaseUrl: 'https://api.ai.handsfree.work/'
diff --git a/packages/ui/certd-server/src/config/config.default.ts b/packages/ui/certd-server/src/config/config.default.ts
index 7929535d..0fb389d9 100644
--- a/packages/ui/certd-server/src/config/config.default.ts
+++ b/packages/ui/certd-server/src/config/config.default.ts
@@ -88,6 +88,9 @@ const development = {
   system: {
     resetAdminPasswd: false,
   },
+  plus: {
+    serverBaseUrl: 'http://127.0.0.1:11007',
+  },
 } as MidwayConfig;
 mergeConfig(development, 'development');