refactor: move

packages/plugins/plugin-aliyun/.eslintrc

@@ -0,0 +1,14 @@
+{
+  "extends": "standard",
+  "env": {
+    "mocha": true
+  },
+  "overrides": [
+    {
+      "files": ["*.test.js", "*.spec.js"],
+      "rules": {
+        "no-unused-expressions": "off"
+      }
+    }
+  ]
+}

packages/plugins/plugin-aliyun/package.json

@@ -0,0 +1,25 @@
+{
+	"name": "@certd/plugin-aliyun",
+	"version": "0.1.13",
+	"description": "",
+	"main": "src/index.js",
+	"type": "module",
+	"dependencies": {
+		"@alicloud/pop-core": "^1.7.10",
+		"@certd/api": "^0.1.13",
+		"dayjs": "^1.9.7",
+		"lodash-es": "^4.17.20"
+	},
+	"devDependencies": {
+		"chai": "^4.2.0",
+		"eslint": "^7.15.0",
+		"eslint-config-standard": "^16.0.2",
+		"eslint-plugin-import": "^2.22.1",
+		"eslint-plugin-node": "^11.1.0",
+		"eslint-plugin-promise": "^4.2.1",
+		"mocha": "^8.2.1"
+	},
+	"author": "Greper",
+	"license": "MIT",
+	"gitHead": "4a421d5b142d453203c68ce6d1036e168ea2455b"
+}

packages/plugins/plugin-aliyun/src/access-providers/aliyun.js

@@ -0,0 +1,30 @@
+export class AliyunAccessProvider {
+  static define () {
+    return {
+      name: 'aliyun',
+      label: '阿里云',
+      desc: '',
+      input: {
+        accessKeyId: {
+          type: String,
+          component: {
+            placeholder: 'accessKeyId',
+            rules: [{ required: true, message: '必填项' }]
+          },
+          required: true
+        },
+        accessKeySecret: {
+          type: String,
+          component: {
+            placeholder: 'accessKeySecret',
+            rules: [{ required: true, message: '必填项' }]
+          }
+
+        }
+      },
+      output: {
+
+      }
+    }
+  }
+}

packages/plugins/plugin-aliyun/src/dns-providers/aliyun.js

@@ -0,0 +1,131 @@
+import { AbstractDnsProvider } from '@certd/api'
+import Core from '@alicloud/pop-core'
+import _ from 'lodash-es'
+export class AliyunDnsProvider extends AbstractDnsProvider {
+  static define () {
+    return {
+      name: 'aliyun',
+      label: '阿里云',
+      desc: '',
+      input: {
+        accessProvider: {
+          label: '授权',
+          type: [String, Object],
+          desc: '需要aliyun类型的授权',
+          component: {
+            name: 'access-provider-selector',
+            filter: 'aliyun'
+          },
+          required: true
+        }
+      },
+      output: {
+
+      }
+    }
+  }
+
+  constructor (args) {
+    super(args)
+    const { props } = args
+    const accessProvider = this.getAccessProvider(props.accessProvider)
+    this.client = new Core({
+      accessKeyId: accessProvider.accessKeyId,
+      accessKeySecret: accessProvider.accessKeySecret,
+      endpoint: 'https://alidns.aliyuncs.com',
+      apiVersion: '2015-01-09'
+    })
+  }
+
+  async getDomainList () {
+    const params = {
+      RegionId: 'cn-hangzhou'
+    }
+
+    const requestOption = {
+      method: 'POST'
+    }
+
+    const ret = await this.client.request('DescribeDomains', params, requestOption)
+    return ret.Domains.Domain
+  }
+
+  async matchDomain (dnsRecord) {
+    const list = await this.getDomainList()
+    let domain = null
+    for (const item of list) {
+      if (_.endsWith(dnsRecord, item.DomainName)) {
+        domain = item.DomainName
+        break
+      }
+    }
+    if (!domain) {
+      throw new Error('can not find Domain ,' + dnsRecord)
+    }
+    return domain
+  }
+
+  async getRecords (domain, rr, value) {
+    const params = {
+      RegionId: 'cn-hangzhou',
+      DomainName: domain,
+      RRKeyWord: rr
+    }
+    if (value) {
+      params.ValueKeyWord = value
+    }
+
+    const requestOption = {
+      method: 'POST'
+    }
+
+    const ret = await this.client.request('DescribeDomainRecords', params, requestOption)
+    return ret.DomainRecords.Record
+  }
+
+  async createRecord ({ fullRecord, type, value }) {
+    this.logger.info('添加域名解析：', fullRecord, value)
+    const domain = await this.matchDomain(fullRecord)
+    const rr = fullRecord.replace('.' + domain, '')
+
+    const params = {
+      RegionId: 'cn-hangzhou',
+      DomainName: domain,
+      RR: rr,
+      Type: type,
+      Value: value
+      // Line: 'oversea' // 海外
+    }
+
+    const requestOption = {
+      method: 'POST'
+    }
+
+    try {
+      const ret = await this.client.request('AddDomainRecord', params, requestOption)
+      this.logger.info('添加域名解析成功:', value, value, ret.RecordId)
+      return ret.RecordId
+    } catch (e) {
+      if (e.code === 'DomainRecordDuplicate') {
+        return
+      }
+      this.logger.info('添加域名解析出错', e)
+      throw e
+    }
+  }
+
+  async removeRecord ({ fullRecord, type, value, record }) {
+    const params = {
+      RegionId: 'cn-hangzhou',
+      RecordId: record
+    }
+
+    const requestOption = {
+      method: 'POST'
+    }
+
+    const ret = await this.client.request('DeleteDomainRecord', params, requestOption)
+    this.logger.info('删除域名解析成功:', fullRecord, value, ret.RecordId)
+    return ret.RecordId
+  }
+}

packages/plugins/plugin-aliyun/src/index.js

@@ -0,0 +1,42 @@
+
+import _ from 'lodash-es'
+
+import { AliyunDnsProvider, AliyunAccessProvider } from './access-providers/aliyun'
+
+import { UploadCertToAliyun } from './plugins/upload-to-aliyun'
+import { DeployCertToAliyunCDN } from './plugins/deploy-to-cdn'
+
+import { UploadCertToTencent } from './tencent/upload-to-tencent/index.js'
+
+import { DeployCertToTencentCDN } from './tencent/deploy-to-cdn/index.js'
+
+import { DeployCertToTencentCLB } from './tencent/deploy-to-clb/index.js'
+
+import { DeployCertToTencentTKEIngress } from './tencent/deploy-to-tke-ingress/index.js'
+
+import { UploadCertToHost } from './host/upload-to-host/index.js'
+import { HostShellExecute } from './host/host-shell-execute/index.js'
+
+import { pluginRegistry, accessProviderRegister, dnsProviderRegistry } from '@certd/api'
+
+export const Plugins = {
+  UploadCertToAliyun,
+  DeployCertToAliyunCDN,
+  UploadCertToTencent,
+  DeployCertToTencentTKEIngress,
+  DeployCertToTencentCDN,
+  DeployCertToTencentCLB,
+  UploadCertToHost,
+  HostShellExecute
+}
+export default {
+  install () {
+    _.forEach(Plugins, item => {
+      pluginRegistry.install(item)
+    })
+
+    accessProviderRegister.install(AliyunAccessProvider)
+
+    dnsProviderRegistry.install(AliyunDnsProvider)
+  }
+}

packages/plugins/plugin-aliyun/src/plugins/abstract-aliyun.js

@@ -0,0 +1,9 @@
+import { AbstractPlugin } from '@certd/api'
+
+export class AbstractAliyunPlugin extends AbstractPlugin {
+  checkRet (ret) {
+    if (ret.code != null) {
+      throw new Error('执行失败：', ret.Message)
+    }
+  }
+}

packages/plugins/plugin-aliyun/src/plugins/deploy-to-cdn/index.js

@@ -0,0 +1,107 @@
+import { AbstractAliyunPlugin } from '../abstract-aliyun.js'
+import Core from '@alicloud/pop-core'
+import dayjs from 'dayjs'
+
+const define = {
+  name: 'deployCertToAliyunCDN',
+  label: '部署到阿里云CDN',
+  input: {
+    domainName: {
+      label: 'cdn加速域名',
+      component: {
+        placeholder: 'cdn加速域名'
+      },
+      required: true
+    },
+    certName: {
+      label: '证书名称',
+      component: {
+        placeholder: '上传后将以此名称作为前缀'
+      }
+    },
+    from: {
+      default: 'upload',
+      label: '证书来源',
+      required: true,
+      component: {
+        required: true,
+        placeholder: '证书来源',
+        name: 'a-select',
+        options: [
+          { value: 'upload', label: '直接上传' },
+          { value: 'cas', label: '从证书库', title: '需要uploadCertToAliyun作为前置任务' }
+        ]
+      },
+      desc: '如果选择‘从证书库’类型，则需要以《上传证书到阿里云》作为前置任务'
+
+    },
+    // serverCertificateStatus: {
+    //   label: '启用https',
+    //   options: [
+    //     { value: 'on', label: '开启HTTPS，并更新证书' },
+    //     { value: 'auto', label: '若HTTPS开启则更新，未开启不更新' }
+    //   ],
+    //   required:true
+    // },
+    accessProvider: {
+      label: 'Access提供者',
+      type: [String, Object],
+      desc: 'access授权',
+      component: {
+        name: 'access-provider-selector',
+        filter: 'aliyun'
+      },
+      required: true
+    }
+  },
+  output: {
+
+  }
+}
+
+export class DeployCertToAliyunCDN extends AbstractAliyunPlugin {
+  static define () {
+    return define
+  }
+
+  async execute ({ cert, props, context }) {
+    const accessProvider = this.getAccessProvider(props.accessProvider)
+    const client = this.getClient(accessProvider)
+    const params = this.buildParams(props, context, cert)
+    await this.doRequest(client, params)
+  }
+
+  getClient (aliyunProvider) {
+    return new Core({
+      accessKeyId: aliyunProvider.accessKeyId,
+      accessKeySecret: aliyunProvider.accessKeySecret,
+      endpoint: 'https://cdn.aliyuncs.com',
+      apiVersion: '2018-05-10'
+    })
+  }
+
+  buildParams (args, context, cert) {
+    const { certName, from, domainName } = args
+    const CertName = certName + '-' + dayjs().format('YYYYMMDDHHmmss')
+
+    const params = {
+      RegionId: 'cn-hangzhou',
+      DomainName: domainName,
+      ServerCertificateStatus: 'on',
+      CertName: CertName,
+      CertType: from,
+      ServerCertificate: cert.crt,
+      PrivateKey: cert.key
+    }
+    return params
+  }
+
+  async doRequest (client, params) {
+    const requestOption = {
+      method: 'POST'
+    }
+    const ret = await client.request('SetDomainServerCertificate', params, requestOption)
+    this.checkRet(ret)
+    this.logger.info('设置cdn证书成功:', ret.RequestId)
+  }
+}

packages/plugins/plugin-aliyun/src/plugins/upload-to-aliyun/index.js

@@ -0,0 +1,100 @@
+import Core from '@alicloud/pop-core'
+import { AbstractAliyunPlugin } from '../abstract-aliyun.js'
+
+const define = {
+  name: 'uploadCertToAliyun',
+  label: '上传证书到阿里云',
+  input: {
+    name: {
+      label: '证书名称',
+      desc: '证书上传后将以此参数作为名称前缀'
+    },
+    regionId: {
+      label: '大区',
+      default: 'cn-hangzhou',
+      required: true
+    },
+    accessProvider: {
+      label: 'Access提供者',
+      type: [String, Object],
+      desc: 'access授权',
+      component: {
+        name: 'access-provider-selector',
+        filter: 'aliyun'
+      },
+      required: true
+    }
+  },
+  output: {
+    aliyunCertId: {
+      type: String,
+      desc: '上传成功后的阿里云CertId'
+    }
+  }
+}
+
+export class UploadCertToAliyun extends AbstractAliyunPlugin {
+  static define () {
+    return define
+  }
+
+  getClient (aliyunProvider) {
+    return new Core({
+      accessKeyId: aliyunProvider.accessKeyId,
+      accessKeySecret: aliyunProvider.accessKeySecret,
+      endpoint: 'https://cas.aliyuncs.com',
+      apiVersion: '2018-07-13'
+    })
+  }
+
+  async execute ({ cert, props, context }) {
+    const { name, accessProvider } = props
+    const certName = this.appendTimeSuffix(name || cert.domain)
+    const params = {
+      RegionId: props.regionId || 'cn-hangzhou',
+      Name: certName,
+      Cert: cert.crt,
+      Key: cert.key
+    }
+
+    const requestOption = {
+      method: 'POST'
+    }
+
+    const provider = this.getAccessProvider(accessProvider)
+    const client = this.getClient(provider)
+    const ret = await client.request('CreateUserCertificate', params, requestOption)
+    this.checkRet(ret)
+    this.logger.info('证书上传成功：aliyunCertId=', ret.CertId)
+    context.aliyunCertId = ret.CertId
+  }
+
+  /**
+   * 没用，现在阿里云证书不允许删除
+   * @param accessProviders
+   * @param cert
+   * @param props
+   * @param context
+   * @returns {Promise<void>}
+   */
+  async rollback ({ cert, props, context }) {
+    const { accessProvider } = props
+    const { aliyunCertId } = context
+    this.logger.info('准备删除阿里云证书:', aliyunCertId)
+    const params = {
+      RegionId: props.regionId || 'cn-hangzhou',
+      CertId: aliyunCertId
+    }
+
+    const requestOption = {
+      method: 'POST'
+    }
+
+    const provider = this.getAccessProvider(accessProvider)
+    const client = this.getClient(provider)
+    const ret = await client.request('DeleteUserCertificate', params, requestOption)
+    this.checkRet(ret)
+    this.logger.info('证书删除成功:', aliyunCertId)
+    delete context.aliyunCertId
+  }
+}

packages/plugins/plugin-aliyun/test/dns-providers/aliyun.test.js

@@ -0,0 +1,33 @@
+import pkg from 'chai'
+import AliyunDnsProvider from '../../src/dns-providers/aliyun.js'
+import { createOptions } from '../../../../../test/options.js'
+const { expect } = pkg
+describe('AliyunDnsProvider', function () {
+  it('#getDomainList', async function () {
+    const options = createOptions()
+    const aliyunDnsProvider = new AliyunDnsProvider(options.accessProviders.aliyun)
+    const domainList = await aliyunDnsProvider.getDomainList()
+    console.log('domainList', domainList)
+    expect(domainList.length).gt(0)
+  })
+
+  it('#getRecords', async function () {
+    const options = createOptions()
+    const aliyunDnsProvider = new AliyunDnsProvider(options.accessProviders.aliyun)
+    const recordList = await aliyunDnsProvider.getRecords('docmirror.cn', '*')
+    console.log('recordList', recordList)
+    expect(recordList.length).gt(0)
+  })
+
+  it('#createAndRemoveRecord', async function () {
+    const options = createOptions()
+    const aliyunDnsProvider = new AliyunDnsProvider(options.accessProviders.aliyun)
+    const record = await aliyunDnsProvider.createRecord({ fullRecord: '___certd___.__test__.docmirror.cn', type: 'TXT', value: 'aaaa' })
+    console.log('recordId', record)
+    expect(record != null).ok
+
+    const recordId = await aliyunDnsProvider.removeRecord({ fullRecord: '___certd___.__test__.docmirror.cn', type: 'TXT', value: 'aaaa', record })
+    console.log('recordId', recordId)
+    expect(recordId != null).ok
+  })
+})

packages/plugins/plugin-aliyun/test/options.js

@@ -0,0 +1,42 @@
+import _ from 'lodash-es'
+import optionsPrivate from '../../../test/options.private.mjs'
+const defaultOptions = {
+  version: '1.0.0',
+  args: {
+    directory: 'test',
+    dry: false
+  },
+  accessProviders: {
+    aliyun: {
+      providerType: 'aliyun',
+      accessKeyId: '',
+      accessKeySecret: ''
+    },
+    myLinux: {
+      providerType: 'SSH',
+      username: 'xxx',
+      password: 'xxx',
+      host: '1111.com',
+      port: 22,
+      publicKey: ''
+    }
+  },
+  cert: {
+    domains: ['*.docmirror.club', 'docmirror.club'],
+    email: 'xiaojunnuo@qq.com',
+    dnsProvider: 'aliyun',
+    certProvider: 'letsencrypt',
+    csrInfo: {
+      country: 'CN',
+      state: 'GuangDong',
+      locality: 'ShengZhen',
+      organization: 'CertD Org.',
+      organizationUnit: 'IT Department',
+      emailAddress: 'xiaojunnuo@qq.com'
+    }
+  }
+}
+
+_.merge(defaultOptions, optionsPrivate)
+
+export default defaultOptions

packages/plugins/plugin-aliyun/test/plugins/deploy-to-cdn.test.js

@@ -0,0 +1,22 @@
+import pkg from 'chai'
+import { DeployCertToAliyunCDN } from '../../src/plugins/deploy-to-cdn/index.js'
+import { Certd } from '@certd/certd'
+import createOptions from '../../../../../test/options.js'
+const { expect } = pkg
+
+describe('DeployToAliyunCDN', function () {
+  it('#execute', async function () {
+    this.timeout(5000)
+    const options = createOptions()
+    const plugin = new DeployCertToAliyunCDN()
+    options.cert.domains = ['*.docmirror.cn', 'docmirror.cn']
+    const certd = new Certd(options)
+    const cert = await certd.readCurrentCert()
+    const ret = await plugin.doExecute({
+      accessProviders: options.accessProviders,
+      cert,
+      props: { domainName: 'certd-cdn-upload.docmirror.cn', certName: 'certd部署测试', certType: 'cas', accessProvider: 'aliyun' }
+    })
+    console.log('context:', context, ret)
+  })
+})

packages/plugins/plugin-aliyun/test/plugins/upload-to-aliyun.test.js

@@ -0,0 +1,28 @@
+import pkg from 'chai'
+import { UploadCertToAliyun } from '../../src/plugins/upload-to-aliyun/index.js'
+import { Certd } from '@certd/certd'
+import { createOptions } from '../../../../../test/options.js'
+const { expect } = pkg
+describe('PluginUploadToAliyun', function () {
+  it('#execute', async function () {
+    this.timeout(5000)
+    const options = createOptions()
+    options.cert.email = 'xiaojunnuo@qq.com'
+    options.cert.domains = ['_.docmirror.cn']
+    const plugin = new UploadCertToAliyun()
+    const certd = new Certd(options)
+    const cert = await certd.readCurrentCert()
+    const context = {}
+    const deployOpts = {
+      accessProviders: options.accessProviders,
+      cert,
+      props: { accessProvider: 'aliyun' },
+      context
+    }
+    await plugin.doExecute(deployOpts)
+    console.log('context:', context)
+
+    //  await plugin.sleep(1000)
+    // await plugin.rollback(deployOpts)
+  })
+})