perf: 添加阿里云 ESA证书部署插件

- 新增 AliyunDeployCertToESA 插件类，实现证书上传和部署到阿里云 ESA 功能 - 优化证书名称生成逻辑，支持通配符域名 - 重构部分代码，提高可复用性和可维护性 - 更新相关依赖版本，确保兼容性
2025-11-25 09:10:11 +08:00 · 2025-05-22 23:21:32 +08:00
parent 7984b625ba
commit 1db1ffde99
13 changed files with 420 additions and 71 deletions
--- a/packages/plugins/plugin-lib/package.json
+++ b/packages/plugins/plugin-lib/package.json
@@ -16,7 +16,9 @@
    "pub": "npm publish"
  },
  "dependencies": {
+    "@alicloud/openapi-client": "^0.4.14",
    "@alicloud/pop-core": "^1.7.10",
+    "@alicloud/tea-util": "^1.4.10",
    "@aws-sdk/client-s3": "^3.787.0",
    "@certd/basic": "^1.34.5",
    "@certd/pipeline": "^1.34.5",
--- a/packages/plugins/plugin-lib/src/aliyun/access/aliyun-access.ts
+++ b/packages/plugins/plugin-lib/src/aliyun/access/aliyun-access.ts
@@ -1,4 +1,88 @@
 import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
+import { ILogger } from "@certd/basic";
+
+export type AliyunClientV2Req = {
+  action: string;
+  version: string;
+  protocol?: "HTTPS";
+  // 接口 HTTP 方法
+  method?: "GET" | "POST";
+  authType?: "AK";
+  style?: "RPC";
+  // 接口 PATH
+  pathname?: `/`;
+
+  data?: any;
+  query?: any;
+};
+export class AliyunClientV2 {
+  access: AliyunAccess;
+  logger: ILogger;
+  endpoint: string;
+
+  client: any;
+  constructor(opts: { access: AliyunAccess; logger: ILogger; endpoint: string }) {
+    this.access = opts.access;
+    this.logger = opts.logger;
+    this.endpoint = opts.endpoint;
+  }
+
+  async getClient() {
+    if (this.client) {
+      return this.client;
+    }
+    const $OpenApi = await import("@alicloud/openapi-client");
+    const config = new $OpenApi.Config({
+      accessKeyId: this.access.accessKeyId,
+      accessKeySecret: this.access.accessKeySecret,
+    });
+    // Endpoint 请参考 https://api.aliyun.com/product/FC
+    // config.endpoint = `esa.${this.regionId}.aliyuncs.com`;
+    config.endpoint = this.endpoint;
+    //@ts-ignore
+    this.client = new $OpenApi.default.default(config);
+    return this.client;
+  }
+
+  async doRequest(req: AliyunClientV2Req) {
+    const client = await this.getClient();
+
+    const $OpenApi = await import("@alicloud/openapi-client");
+    const $Util = await import("@alicloud/tea-util");
+
+    const params = new $OpenApi.Params({
+      // 接口名称
+      action: req.action,
+      // 接口版本
+      version: req.version,
+      // 接口协议
+      protocol: "HTTPS",
+      // 接口 HTTP 方法
+      method: req.method ?? "POST",
+      authType: "AK",
+      style: "RPC",
+      // 接口 PATH
+      pathname: `/`,
+      // 接口请求体内容格式
+      reqBodyType: "json",
+      // 接口响应体内容格式
+      bodyType: "json",
+    });
+
+    const runtime = new $Util.RuntimeOptions({});
+    const request = new $OpenApi.OpenApiRequest({
+      body: req.data,
+      query: req.query,
+    });
+    // 复制代码运行请自行打印 API 的返回值
+    // 返回值实际为 Map 类型，可从 Map 中获得三类数据：响应体 body、响应头 headers、HTTP 返回的状态码 statusCode。
+    const res = await client.callApi(params, request, runtime);
+    /**
+     * res?.body?.
+     */
+    return res?.body;
+  }
+}

@IsAccess({
  name: "aliyun",
@@ -27,6 +111,14 @@ export class AliyunAccess extends BaseAccess {
    helper: "注意：证书申请需要dns解析权限；其他阿里云插件，需要对应的权限，比如证书上传需要证书管理权限；嫌麻烦就用主账号的全量权限的accessKey",
  })
  accessKeySecret = "";
+
+  getClient(endpoint: string) {
+    return new AliyunClientV2({
+      access: this,
+      logger: this.ctx.logger,
+      endpoint: endpoint,
+    });
+  }
 }

 new AliyunAccess();