perf: 新增部署到百度云CDN插件

2025-11-25 09:10:11 +08:00 · 2024-10-23 16:33:53 +08:00
parent 5b148b7ed9
commit f126f9f932
10 changed files with 231 additions and 6 deletions
--- a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
@@ -128,7 +128,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
        count += 1;
      }
      if (count > freeCount) {
-        throw new NeedVIPException('免费版最多只能创建10个pipeline');
+        throw new NeedVIPException('基础版最多只能创建10个pipeline');
      }
    }
    if (!isUpdate) {
--- a/packages/ui/certd-server/src/plugins/plugin-tencent/lib/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-tencent/lib/index.ts
@@ -0,0 +1,59 @@
+import { TencentAccess } from '@certd/plugin-plus';
+import { CertInfo } from '@certd/plugin-cert';
+import { ILogger } from '@certd/pipeline';
+
+export class TencentSslClient {
+  access: TencentAccess;
+  logger: ILogger;
+  region?: string;
+  constructor(opts: { access: TencentAccess; logger: ILogger; region?: string }) {
+    this.access = opts.access;
+    this.logger = opts.logger;
+    this.region = opts.region;
+  }
+  async getSslClient(): Promise<any> {
+    const sdk = await import('tencentcloud-sdk-nodejs/tencentcloud/services/ssl/v20191205/index.js');
+    const SslClient = sdk.v20191205.Client;
+
+    const clientConfig = {
+      credential: {
+        secretId: this.access.secretId,
+        secretKey: this.access.secretKey,
+      },
+      region: this.region,
+      profile: {
+        httpProfile: {
+          endpoint: 'ssl.tencentcloudapi.com',
+        },
+      },
+    };
+
+    return new SslClient(clientConfig);
+  }
+
+  checkRet(ret: any) {
+    if (!ret || ret.Error) {
+      throw new Error('请求失败：' + ret.Error.Code + ',' + ret.Error.Message);
+    }
+  }
+
+  async uploadToTencent(opts: { certName: string; cert: CertInfo }): Promise<string> {
+    const client = await this.getSslClient();
+    const params = {
+      CertificatePublicKey: opts.cert.crt,
+      CertificatePrivateKey: opts.cert.key,
+      Alias: opts.certName,
+    };
+    const ret = await client.UploadCertificate(params);
+    this.checkRet(ret);
+    this.logger.info('证书上传成功：tencentCertId=', ret.CertificateId);
+    return ret.CertificateId;
+  }
+
+  async deployCertificateInstance(params: any) {
+    const client = await this.getSslClient();
+    const res = await client.DeployCertificateInstance(params);
+    this.checkRet(res);
+    return res;
+  }
+}
--- a/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-cos/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-cos/index.ts
@@ -0,0 +1,163 @@
+import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { CertInfo } from '@certd/plugin-cert';
+import { AbstractPlusTaskPlugin, createRemoteSelectInputDefine } from '@certd/plugin-plus';
+import { TencentSslClient } from '../../lib/index.js';
+
+@IsTaskPlugin({
+  name: 'DeployCertToTencentCosPlugin',
+  title: '部署证书到腾讯云COS',
+  needPlus: true,
+  icon: 'svg:icon-tencentcloud',
+  group: pluginGroups.tencent.key,
+  desc: '部署到腾讯云COS源站域名证书',
+  deprecated: '暂不可用',
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed,
+    },
+  },
+})
+export class DeployCertToTencentCosPlugin extends AbstractPlusTaskPlugin {
+  /**
+   * AccessProvider的id
+   */
+  @TaskInput({
+    title: 'Access授权',
+    helper: 'access授权',
+    component: {
+      name: 'access-selector',
+      type: 'tencent',
+    },
+    required: true,
+  })
+  accessId!: string;
+
+  @TaskInput({
+    title: '存储桶名称',
+    helper: '请输入存储桶名称',
+  })
+  bucket!: string;
+
+  @TaskInput({
+    title: '所在地域',
+    helper: '存储桶所在地域',
+    component: {
+      name: 'a-auto-complete',
+      vModel: 'value',
+      options: [
+        { value: '', label: '--------中国大陆地区-------', disabled: true },
+        { value: 'ap-beijing-1', label: '北京1区' },
+        { value: 'ap-beijing', label: '北京' },
+        { value: 'ap-nanjing', label: '南京' },
+        { value: 'ap-shanghai', label: '上海' },
+        { value: 'ap-guangzhou', label: '广州' },
+        { value: 'ap-chengdu', label: '成都' },
+        { value: 'ap-chongqing', label: '重庆' },
+        { value: 'ap-shenzhen-fsi', label: '深圳金融' },
+        { value: 'ap-shanghai-fsi', label: '上海金融' },
+        { value: 'ap-beijing-fsi', label: '北京金融' },
+        { value: '', label: '--------中国香港及境外-------', disabled: true },
+        { value: 'ap-hongkong', label: '中国香港' },
+        { value: 'ap-singapore', label: '新加坡' },
+        { value: 'ap-mumbai', label: '孟买' },
+        { value: 'ap-jakarta', label: '雅加达' },
+        { value: 'ap-seoul', label: '首尔' },
+        { value: 'ap-bangkok', label: '曼谷' },
+        { value: 'ap-tokyo', label: '东京' },
+        { value: 'na-siliconvalley', label: '硅谷' },
+        { value: 'na-ashburn', label: '弗吉尼亚' },
+        { value: 'sa-saopaulo', label: '圣保罗' },
+        { value: 'eu-frankfurt', label: '法兰克福' },
+      ],
+    },
+  })
+  region!: string;
+
+  // @TaskInput(createCertDomainGetterInputDefine())
+  // certDomains!: string[];
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: 'COS域名',
+      helper: '请选择域名',
+      typeName: DeployCertToTencentCosPlugin.name,
+      action: DeployCertToTencentCosPlugin.prototype.onGetDomainList.name,
+      watches: ['bucket', 'region'],
+    })
+  )
+  domains!: string | string[];
+
+  @TaskInput({
+    title: '域名证书',
+    helper: '请选择前置任务输出的域名证书，或者选择前置任务“上传证书到腾讯云”任务的证书ID',
+    component: {
+      name: 'output-selector',
+      from: ['CertApply', 'CertApplyLego', 'UploadCertToTencent'],
+    },
+    required: true,
+  })
+  cert!: CertInfo | string;
+
+  async onInstance() {}
+
+  async execute(): Promise<void> {
+    const access = await this.accessService.getById(this.accessId);
+
+    const client = new TencentSslClient({
+      access,
+      logger: this.logger,
+      region: this.region,
+    });
+
+    let tencentCertId: string = this.cert as string;
+    if (typeof this.cert !== 'string') {
+      tencentCertId = await client.uploadToTencent({
+        certName: this.appendTimeSuffix('certd'),
+        cert: this.cert,
+      });
+    }
+
+    const params = {
+      CertificateId: tencentCertId,
+      ResourceType: 'cos',
+      Status: 1,
+      InstanceIdList: [`${this.bucket}#${this.region}#${this.domains}`],
+    };
+
+    const res = await client.deployCertificateInstance(params);
+    this.logger.info('部署成功', res);
+  }
+
+  async onGetDomainList(data: any) {
+    const access = await this.accessService.getById(this.accessId);
+
+    const cosv5 = await import('cos-nodejs-sdk-v5');
+    const cos = new cosv5.default({
+      SecretId: access.secretId,
+      SecretKey: access.secretKey,
+    });
+    if (!this.bucket) {
+      throw new Error('存储桶名称不能为空');
+    }
+    if (!this.region) {
+      throw new Error('所在地域不能为空');
+    }
+
+    const res = await cos.getBucketDomain({
+      Bucket: this.bucket,
+      /** 存储桶所在地域 @see https://cloud.tencent.com/document/product/436/6224 */
+      Region: this.region,
+    });
+
+    this.ctx.logger.info('获取域名列表:', res);
+
+    return res.DomainRule.map((item: any) => {
+      return {
+        label: item.Name,
+        value: item.Name,
+      };
+    });
+  }
+}
+
+// new DeployCertToTencentCosPlugin()