@certd/plugin-cert 1.25.8 → 1.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -0
- package/dist/access/eab-access.d.ts +2 -1
- package/dist/access/eab-access.js +3 -3
- package/dist/access/google-access.d.ts +8 -0
- package/dist/access/google-access.js +118 -0
- package/dist/access/index.d.ts +1 -0
- package/dist/access/index.js +2 -1
- package/dist/dns-provider/api.d.ts +7 -4
- package/dist/dns-provider/base.d.ts +5 -0
- package/dist/dns-provider/base.js +26 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +2 -2
- package/dist/libs/google.d.ts +11 -0
- package/dist/libs/google.js +59 -0
- package/dist/plugin/cert-plugin/acme.d.ts +32 -6
- package/dist/plugin/cert-plugin/acme.js +68 -39
- package/dist/plugin/cert-plugin/base.js +5 -3
- package/dist/plugin/cert-plugin/index.d.ts +24 -3
- package/dist/plugin/cert-plugin/index.js +206 -57
- package/dist/plugin/cert-plugin/lego/index.js +2 -2
- package/package.json +7 -5
- package/stats.html +6177 -0
- package/test/user.secret.js +7 -0
- package/test/user.secret.ts +4 -0
- package/tsconfig.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,26 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
# [1.26.0](https://github.com/certd/certd/compare/v1.25.9...v1.26.0) (2024-10-10)
|
|
7
|
+
|
|
8
|
+
### Features
|
|
9
|
+
|
|
10
|
+
* 域名验证方法支持CNAME间接方式,此方式支持所有域名注册商,且无需提供Access授权,但是需要手动添加cname解析 ([f3d3508](https://github.com/certd/certd/commit/f3d35084ed44f9f33845f7045e520be5c27eed93))
|
|
11
|
+
|
|
12
|
+
### Performance Improvements
|
|
13
|
+
|
|
14
|
+
* 调整静态资源到static目录 ([0584b36](https://github.com/certd/certd/commit/0584b3672b40f9042a2ed87e5627022606d046cd))
|
|
15
|
+
* 检查cname是否正确配置 ([b5d8935](https://github.com/certd/certd/commit/b5d8935159374fbe7fc7d4c48ae0ed9396861bdd))
|
|
16
|
+
* 域名输入增加校验提示,避免输入错误的域名 ([0c8e83e](https://github.com/certd/certd/commit/0c8e83e1254a9ce4d5a4e7888eb1710394a4b77c))
|
|
17
|
+
* cname校验配置增加未校验通过提示 ([77cc3c4](https://github.com/certd/certd/commit/77cc3c4a5cbd81f8233a8e0bb33fab0621c0905f))
|
|
18
|
+
* google eab授权支持自动获取,不过要配置代理 ([592791d](https://github.com/certd/certd/commit/592791d1356fc252fbb70d7f168567aee9585507))
|
|
19
|
+
|
|
20
|
+
## [1.25.9](https://github.com/certd/certd/compare/v1.25.8...v1.25.9) (2024-10-01)
|
|
21
|
+
|
|
22
|
+
### Bug Fixes
|
|
23
|
+
|
|
24
|
+
* 修复西部数码账户级别apikey不可用的bug ([f8f3e8b](https://github.com/certd/certd/commit/f8f3e8b43fd5d815887bcb53b95f46dc96424b79))
|
|
25
|
+
|
|
6
26
|
## [1.25.8](https://github.com/certd/certd/compare/v1.25.7...v1.25.8) (2024-09-30)
|
|
7
27
|
|
|
8
28
|
### Bug Fixes
|
|
@@ -7,8 +7,8 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
7
7
|
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
8
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
9
|
};
|
|
10
|
-
import { IsAccess, AccessInput } from "@certd/pipeline";
|
|
11
|
-
let EabAccess = class EabAccess {
|
|
10
|
+
import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
|
|
11
|
+
let EabAccess = class EabAccess extends BaseAccess {
|
|
12
12
|
kid = "";
|
|
13
13
|
hmacKey = "";
|
|
14
14
|
};
|
|
@@ -45,4 +45,4 @@ EabAccess = __decorate([
|
|
|
45
45
|
], EabAccess);
|
|
46
46
|
export { EabAccess };
|
|
47
47
|
new EabAccess();
|
|
48
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
48
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWFiLWFjY2Vzcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9hY2Nlc3MvZWFiLWFjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7QUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFFLFdBQVcsRUFBRSxVQUFVLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQU83RCxJQUFNLFNBQVMsR0FBZixNQUFNLFNBQVUsU0FBUSxVQUFVO0lBVXZDLEdBQUcsR0FBRyxFQUFFLENBQUM7SUFVVCxPQUFPLEdBQUcsRUFBRSxDQUFDO0NBQ2QsQ0FBQTtBQVhDO0lBVEMsV0FBVyxDQUFDO1FBQ1gsS0FBSyxFQUFFLEtBQUs7UUFDWixTQUFTLEVBQUU7WUFDVCxXQUFXLEVBQUUsS0FBSztTQUNuQjtRQUNELE1BQU0sRUFBRSxTQUFTO1FBQ2pCLFFBQVEsRUFBRSxJQUFJO1FBQ2QsT0FBTyxFQUFFLElBQUk7S0FDZCxDQUFDOztzQ0FDTztBQVVUO0lBVEMsV0FBVyxDQUFDO1FBQ1gsS0FBSyxFQUFFLFNBQVM7UUFDaEIsU0FBUyxFQUFFO1lBQ1QsV0FBVyxFQUFFLFVBQVU7U0FDeEI7UUFDRCxNQUFNLEVBQUUsY0FBYztRQUN0QixRQUFRLEVBQUUsSUFBSTtRQUNkLE9BQU8sRUFBRSxJQUFJO0tBQ2QsQ0FBQzs7MENBQ1c7QUFwQkYsU0FBUztJQUxyQixRQUFRLENBQUM7UUFDUixJQUFJLEVBQUUsS0FBSztRQUNYLEtBQUssRUFBRSxPQUFPO1FBQ2QsSUFBSSxFQUFFLG9CQUFvQjtLQUMzQixDQUFDO0dBQ1csU0FBUyxDQXFCckI7O0FBRUQsSUFBSSxTQUFTLEVBQUUsQ0FBQyJ9
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { IsAccess, AccessInput, BaseAccess } from "@certd/pipeline";
|
|
11
|
+
let GoogleAccess = class GoogleAccess extends BaseAccess {
|
|
12
|
+
type = "";
|
|
13
|
+
projectId = "";
|
|
14
|
+
apiKey = "";
|
|
15
|
+
serviceAccountSecret = "";
|
|
16
|
+
httpsProxy = "";
|
|
17
|
+
};
|
|
18
|
+
__decorate([
|
|
19
|
+
AccessInput({
|
|
20
|
+
title: "密钥类型",
|
|
21
|
+
value: "serviceAccount",
|
|
22
|
+
component: {
|
|
23
|
+
placeholder: "密钥类型",
|
|
24
|
+
name: "a-select",
|
|
25
|
+
vModel: "value",
|
|
26
|
+
options: [
|
|
27
|
+
{ value: "serviceAccount", label: "服务账号密钥" },
|
|
28
|
+
{ value: "apiKey", label: "ApiKey,暂不可用", disabled: true },
|
|
29
|
+
],
|
|
30
|
+
},
|
|
31
|
+
helper: "密钥类型",
|
|
32
|
+
required: true,
|
|
33
|
+
encrypt: false,
|
|
34
|
+
}),
|
|
35
|
+
__metadata("design:type", Object)
|
|
36
|
+
], GoogleAccess.prototype, "type", void 0);
|
|
37
|
+
__decorate([
|
|
38
|
+
AccessInput({
|
|
39
|
+
title: "项目ID",
|
|
40
|
+
component: {
|
|
41
|
+
placeholder: "ProjectId",
|
|
42
|
+
},
|
|
43
|
+
helper: "ProjectId",
|
|
44
|
+
required: true,
|
|
45
|
+
encrypt: false,
|
|
46
|
+
mergeScript: `
|
|
47
|
+
return {
|
|
48
|
+
show:ctx.compute(({form})=>{
|
|
49
|
+
return form.access.type === 'apiKey'
|
|
50
|
+
})
|
|
51
|
+
}
|
|
52
|
+
`,
|
|
53
|
+
}),
|
|
54
|
+
__metadata("design:type", Object)
|
|
55
|
+
], GoogleAccess.prototype, "projectId", void 0);
|
|
56
|
+
__decorate([
|
|
57
|
+
AccessInput({
|
|
58
|
+
title: "ApiKey",
|
|
59
|
+
component: {
|
|
60
|
+
placeholder: "ApiKey",
|
|
61
|
+
},
|
|
62
|
+
helper: "不要选,目前没有用",
|
|
63
|
+
required: true,
|
|
64
|
+
encrypt: true,
|
|
65
|
+
mergeScript: `
|
|
66
|
+
return {
|
|
67
|
+
show:ctx.compute(({form})=>{
|
|
68
|
+
return form.access.type === 'apiKey'
|
|
69
|
+
})
|
|
70
|
+
}
|
|
71
|
+
`,
|
|
72
|
+
}),
|
|
73
|
+
__metadata("design:type", Object)
|
|
74
|
+
], GoogleAccess.prototype, "apiKey", void 0);
|
|
75
|
+
__decorate([
|
|
76
|
+
AccessInput({
|
|
77
|
+
title: "服务账号密钥",
|
|
78
|
+
component: {
|
|
79
|
+
placeholder: "serviceAccountSecret",
|
|
80
|
+
name: "a-textarea",
|
|
81
|
+
vModel: "value",
|
|
82
|
+
rows: 4,
|
|
83
|
+
},
|
|
84
|
+
helper: "[如何创建服务账号](https://cloud.google.com/iam/docs/service-accounts-create?hl=zh-CN) \n[获取密钥](https://console.cloud.google.com/iam-admin/serviceaccounts?hl=zh-cn),点击详情,点击创建密钥,将下载json文件,把内容填在此处",
|
|
85
|
+
required: true,
|
|
86
|
+
encrypt: true,
|
|
87
|
+
mergeScript: `
|
|
88
|
+
return {
|
|
89
|
+
show:ctx.compute(({form})=>{
|
|
90
|
+
return form.access.type === 'serviceAccount'
|
|
91
|
+
})
|
|
92
|
+
}
|
|
93
|
+
`,
|
|
94
|
+
}),
|
|
95
|
+
__metadata("design:type", Object)
|
|
96
|
+
], GoogleAccess.prototype, "serviceAccountSecret", void 0);
|
|
97
|
+
__decorate([
|
|
98
|
+
AccessInput({
|
|
99
|
+
title: "https代理",
|
|
100
|
+
component: {
|
|
101
|
+
placeholder: "http://127.0.0.1:10811",
|
|
102
|
+
},
|
|
103
|
+
helper: "Google的请求需要走代理,如果不配置,则会使用环境变量中的全局HTTPS_PROXY配置\n或者服务器本身在海外,则不需要配置",
|
|
104
|
+
required: false,
|
|
105
|
+
encrypt: false,
|
|
106
|
+
}),
|
|
107
|
+
__metadata("design:type", Object)
|
|
108
|
+
], GoogleAccess.prototype, "httpsProxy", void 0);
|
|
109
|
+
GoogleAccess = __decorate([
|
|
110
|
+
IsAccess({
|
|
111
|
+
name: "google",
|
|
112
|
+
title: "google cloud",
|
|
113
|
+
desc: "谷歌云授权",
|
|
114
|
+
})
|
|
115
|
+
], GoogleAccess);
|
|
116
|
+
export { GoogleAccess };
|
|
117
|
+
new GoogleAccess();
|
|
118
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ29vZ2xlLWFjY2Vzcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9hY2Nlc3MvZ29vZ2xlLWFjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7QUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFFLFdBQVcsRUFBRSxVQUFVLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQU83RCxJQUFNLFlBQVksR0FBbEIsTUFBTSxZQUFhLFNBQVEsVUFBVTtJQWlCMUMsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQWtCVixTQUFTLEdBQUcsRUFBRSxDQUFDO0lBa0JmLE1BQU0sR0FBRyxFQUFFLENBQUM7SUFzQlosb0JBQW9CLEdBQUcsRUFBRSxDQUFDO0lBVzFCLFVBQVUsR0FBRyxFQUFFLENBQUM7Q0FDakIsQ0FBQTtBQXRFQztJQWhCQyxXQUFXLENBQUM7UUFDWCxLQUFLLEVBQUUsTUFBTTtRQUNiLEtBQUssRUFBRSxnQkFBZ0I7UUFDdkIsU0FBUyxFQUFFO1lBQ1QsV0FBVyxFQUFFLE1BQU07WUFDbkIsSUFBSSxFQUFFLFVBQVU7WUFDaEIsTUFBTSxFQUFFLE9BQU87WUFDZixPQUFPLEVBQUU7Z0JBQ1AsRUFBRSxLQUFLLEVBQUUsZ0JBQWdCLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRTtnQkFDNUMsRUFBRSxLQUFLLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxhQUFhLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBRTthQUMxRDtTQUNGO1FBQ0QsTUFBTSxFQUFFLE1BQU07UUFDZCxRQUFRLEVBQUUsSUFBSTtRQUNkLE9BQU8sRUFBRSxLQUFLO0tBQ2YsQ0FBQzs7MENBQ1E7QUFrQlY7SUFoQkMsV0FBVyxDQUFDO1FBQ1gsS0FBSyxFQUFFLE1BQU07UUFDYixTQUFTLEVBQUU7WUFDVCxXQUFXLEVBQUUsV0FBVztTQUN6QjtRQUNELE1BQU0sRUFBRSxXQUFXO1FBQ25CLFFBQVEsRUFBRSxJQUFJO1FBQ2QsT0FBTyxFQUFFLEtBQUs7UUFDZCxXQUFXLEVBQUU7Ozs7OztLQU1aO0tBQ0YsQ0FBQzs7K0NBQ2E7QUFrQmY7SUFoQkMsV0FBVyxDQUFDO1FBQ1gsS0FBSyxFQUFFLFFBQVE7UUFDZixTQUFTLEVBQUU7WUFDVCxXQUFXLEVBQUUsUUFBUTtTQUN0QjtRQUNELE1BQU0sRUFBRSxXQUFXO1FBQ25CLFFBQVEsRUFBRSxJQUFJO1FBQ2QsT0FBTyxFQUFFLElBQUk7UUFDYixXQUFXLEVBQUU7Ozs7OztLQU1aO0tBQ0YsQ0FBQzs7NENBQ1U7QUFzQlo7SUFwQkMsV0FBVyxDQUFDO1FBQ1gsS0FBSyxFQUFFLFFBQVE7UUFDZixTQUFTLEVBQUU7WUFDVCxXQUFXLEVBQUUsc0JBQXNCO1lBQ25DLElBQUksRUFBRSxZQUFZO1lBQ2xCLE1BQU0sRUFBRSxPQUFPO1lBQ2YsSUFBSSxFQUFFLENBQUM7U0FDUjtRQUNELE1BQU0sRUFDSiw0TEFBNEw7UUFDOUwsUUFBUSxFQUFFLElBQUk7UUFDZCxPQUFPLEVBQUUsSUFBSTtRQUNiLFdBQVcsRUFBRTs7Ozs7O0tBTVo7S0FDRixDQUFDOzswREFDd0I7QUFXMUI7SUFUQyxXQUFXLENBQUM7UUFDWCxLQUFLLEVBQUUsU0FBUztRQUNoQixTQUFTLEVBQUU7WUFDVCxXQUFXLEVBQUUsd0JBQXdCO1NBQ3RDO1FBQ0QsTUFBTSxFQUFFLG1FQUFtRTtRQUMzRSxRQUFRLEVBQUUsS0FBSztRQUNmLE9BQU8sRUFBRSxLQUFLO0tBQ2YsQ0FBQzs7Z0RBQ2M7QUF0RkwsWUFBWTtJQUx4QixRQUFRLENBQUM7UUFDUixJQUFJLEVBQUUsUUFBUTtRQUNkLEtBQUssRUFBRSxjQUFjO1FBQ3JCLElBQUksRUFBRSxPQUFPO0tBQ2QsQ0FBQztHQUNXLFlBQVksQ0F1RnhCOztBQUVELElBQUksWUFBWSxFQUFFLENBQUMifQ==
|
package/dist/access/index.d.ts
CHANGED
package/dist/access/index.js
CHANGED
|
@@ -1,2 +1,3 @@
|
|
|
1
1
|
export * from "./eab-access.js";
|
|
2
|
-
|
|
2
|
+
export * from "./google-access.js";
|
|
3
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYWNjZXNzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsaUJBQWlCLENBQUM7QUFDaEMsY0FBYyxvQkFBb0IsQ0FBQyJ9
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { HttpClient, IAccess, ILogger, Registrable } from "@certd/pipeline";
|
|
1
|
+
import { HttpClient, IAccess, ILogger, Registrable, utils } from "@certd/pipeline";
|
|
2
2
|
export type DnsProviderDefine = Registrable & {
|
|
3
3
|
accessType: string;
|
|
4
4
|
autowire?: {
|
|
@@ -6,18 +6,21 @@ export type DnsProviderDefine = Registrable & {
|
|
|
6
6
|
};
|
|
7
7
|
};
|
|
8
8
|
export type CreateRecordOptions = {
|
|
9
|
+
domain: string;
|
|
9
10
|
fullRecord: string;
|
|
11
|
+
hostRecord: string;
|
|
10
12
|
type: string;
|
|
11
13
|
value: any;
|
|
12
|
-
domain: string;
|
|
13
14
|
};
|
|
14
|
-
export type RemoveRecordOptions<T> =
|
|
15
|
-
|
|
15
|
+
export type RemoveRecordOptions<T> = {
|
|
16
|
+
recordReq: CreateRecordOptions;
|
|
17
|
+
recordRes: T;
|
|
16
18
|
};
|
|
17
19
|
export type DnsProviderContext = {
|
|
18
20
|
access: IAccess;
|
|
19
21
|
logger: ILogger;
|
|
20
22
|
http: HttpClient;
|
|
23
|
+
utils: typeof utils;
|
|
21
24
|
};
|
|
22
25
|
export interface IDnsProvider<T = any> {
|
|
23
26
|
onInstance(): Promise<void>;
|
|
@@ -6,3 +6,8 @@ export declare abstract class AbstractDnsProvider<T = any> implements IDnsProvid
|
|
|
6
6
|
abstract onInstance(): Promise<void>;
|
|
7
7
|
abstract removeRecord(options: RemoveRecordOptions<T>): Promise<void>;
|
|
8
8
|
}
|
|
9
|
+
export declare function parseDomain(fullDomain: string): string;
|
|
10
|
+
export declare function createDnsProvider(opts: {
|
|
11
|
+
dnsProviderType: string;
|
|
12
|
+
context: DnsProviderContext;
|
|
13
|
+
}): Promise<IDnsProvider>;
|
|
@@ -1,7 +1,32 @@
|
|
|
1
|
+
import psl from "psl";
|
|
2
|
+
import { dnsProviderRegistry } from "./registry.js";
|
|
3
|
+
import { Decorator } from "@certd/pipeline";
|
|
1
4
|
export class AbstractDnsProvider {
|
|
2
5
|
ctx;
|
|
3
6
|
setCtx(ctx) {
|
|
4
7
|
this.ctx = ctx;
|
|
5
8
|
}
|
|
6
9
|
}
|
|
7
|
-
|
|
10
|
+
export function parseDomain(fullDomain) {
|
|
11
|
+
const parsed = psl.parse(fullDomain);
|
|
12
|
+
if (parsed.error) {
|
|
13
|
+
throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
|
|
14
|
+
}
|
|
15
|
+
return parsed.domain;
|
|
16
|
+
}
|
|
17
|
+
export async function createDnsProvider(opts) {
|
|
18
|
+
const { dnsProviderType, context } = opts;
|
|
19
|
+
const dnsProviderPlugin = dnsProviderRegistry.get(dnsProviderType);
|
|
20
|
+
const DnsProviderClass = dnsProviderPlugin.target;
|
|
21
|
+
const dnsProviderDefine = dnsProviderPlugin.define;
|
|
22
|
+
if (dnsProviderDefine.deprecated) {
|
|
23
|
+
throw new Error(dnsProviderDefine.deprecated);
|
|
24
|
+
}
|
|
25
|
+
// @ts-ignore
|
|
26
|
+
const dnsProvider = new DnsProviderClass();
|
|
27
|
+
Decorator.inject(dnsProviderDefine.autowire, dnsProvider, context);
|
|
28
|
+
dnsProvider.setCtx(context);
|
|
29
|
+
await dnsProvider.onInstance();
|
|
30
|
+
return dnsProvider;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kbnMtcHJvdmlkZXIvYmFzZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEdBQUcsTUFBTSxLQUFLLENBQUM7QUFDdEIsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ3BELE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUU1QyxNQUFNLE9BQWdCLG1CQUFtQjtJQUN2QyxHQUFHLENBQXNCO0lBRXpCLE1BQU0sQ0FBQyxHQUF1QjtRQUM1QixJQUFJLENBQUMsR0FBRyxHQUFHLEdBQUcsQ0FBQztJQUNqQixDQUFDO0NBT0Y7QUFFRCxNQUFNLFVBQVUsV0FBVyxDQUFDLFVBQWtCO0lBQzVDLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFxQixDQUFDO0lBQ3pELElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxLQUFLLENBQUMsS0FBSyxVQUFVLE9BQU8sR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFDRCxPQUFPLE1BQU0sQ0FBQyxNQUFnQixDQUFDO0FBQ2pDLENBQUM7QUFFRCxNQUFNLENBQUMsS0FBSyxVQUFVLGlCQUFpQixDQUFDLElBQThEO0lBQ3BHLE1BQU0sRUFBRSxlQUFlLEVBQUUsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDO0lBQzFDLE1BQU0saUJBQWlCLEdBQUcsbUJBQW1CLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ25FLE1BQU0sZ0JBQWdCLEdBQUcsaUJBQWlCLENBQUMsTUFBTSxDQUFDO0lBQ2xELE1BQU0saUJBQWlCLEdBQUcsaUJBQWlCLENBQUMsTUFBMkIsQ0FBQztJQUN4RSxJQUFJLGlCQUFpQixDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsaUJBQWlCLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUNELGFBQWE7SUFDYixNQUFNLFdBQVcsR0FBaUIsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO0lBRXpELFNBQVMsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsUUFBUSxFQUFFLFdBQVcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUNuRSxXQUFXLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzVCLE1BQU0sV0FBVyxDQUFDLFVBQVUsRUFBRSxDQUFDO0lBQy9CLE9BQU8sV0FBVyxDQUFDO0FBQ3JCLENBQUMifQ==
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
+
export * from "./access/index.js";
|
|
1
2
|
export * from "./plugin/index.js";
|
|
2
3
|
export * from "./dns-provider/index.js";
|
|
3
|
-
|
|
4
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLHlCQUF5QixDQUFDO0FBQ3hDLGNBQWMsbUJBQW1CLENBQUMifQ==
|
|
4
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLG1CQUFtQixDQUFDO0FBQ2xDLGNBQWMseUJBQXlCLENBQUMifQ==
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { EabAccess, GoogleAccess } from "../access/index.js";
|
|
2
|
+
import { ILogger } from "@certd/basic";
|
|
3
|
+
export declare class GoogleClient {
|
|
4
|
+
access: GoogleAccess;
|
|
5
|
+
logger: ILogger;
|
|
6
|
+
constructor(opts: {
|
|
7
|
+
logger: ILogger;
|
|
8
|
+
access: GoogleAccess;
|
|
9
|
+
});
|
|
10
|
+
getEab(): Promise<EabAccess>;
|
|
11
|
+
}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { EabAccess } from "../access/index.js";
|
|
2
|
+
export class GoogleClient {
|
|
3
|
+
access;
|
|
4
|
+
logger;
|
|
5
|
+
constructor(opts) {
|
|
6
|
+
this.access = opts.access;
|
|
7
|
+
this.logger = opts.logger;
|
|
8
|
+
}
|
|
9
|
+
async getEab() {
|
|
10
|
+
// https://cloud.google.com/docs/authentication/api-keys-use#using-with-client-libs
|
|
11
|
+
const { v1 } = await import("@google-cloud/publicca");
|
|
12
|
+
// process.env.HTTPS_PROXY = "http://127.0.0.1:10811";
|
|
13
|
+
const access = this.access;
|
|
14
|
+
if (!access.serviceAccountSecret) {
|
|
15
|
+
throw new Error("服务账号密钥 不能为空");
|
|
16
|
+
}
|
|
17
|
+
const credentials = JSON.parse(access.serviceAccountSecret);
|
|
18
|
+
const client = new v1.PublicCertificateAuthorityServiceClient({ credentials });
|
|
19
|
+
const parent = `projects/${credentials.project_id}/locations/global`;
|
|
20
|
+
const externalAccountKey = {};
|
|
21
|
+
const request = {
|
|
22
|
+
parent,
|
|
23
|
+
externalAccountKey,
|
|
24
|
+
};
|
|
25
|
+
let envHttpsProxy = "";
|
|
26
|
+
try {
|
|
27
|
+
if (this.access.httpsProxy) {
|
|
28
|
+
//设置临时使用代理
|
|
29
|
+
envHttpsProxy = process.env.HTTPS_PROXY;
|
|
30
|
+
process.env.HTTPS_PROXY = this.access.httpsProxy;
|
|
31
|
+
}
|
|
32
|
+
this.logger.info("开始获取google eab授权");
|
|
33
|
+
const response = await client.createExternalAccountKey(request);
|
|
34
|
+
const { keyId, b64MacKey } = response[0];
|
|
35
|
+
const eabAccess = new EabAccess();
|
|
36
|
+
eabAccess.kid = keyId;
|
|
37
|
+
eabAccess.hmacKey = b64MacKey.toString();
|
|
38
|
+
this.logger.info(`google eab授权获取成功,kid: ${eabAccess.kid}`);
|
|
39
|
+
return eabAccess;
|
|
40
|
+
}
|
|
41
|
+
finally {
|
|
42
|
+
if (envHttpsProxy) {
|
|
43
|
+
process.env.HTTPS_PROXY = envHttpsProxy;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
// const access = new GoogleAccess();
|
|
49
|
+
// access.projectId = "hip-light-432411-d4";
|
|
50
|
+
// access.serviceAccountSecret = `
|
|
51
|
+
//
|
|
52
|
+
//
|
|
53
|
+
// `;
|
|
54
|
+
// // process.env.HTTPS_PROXY = "http://127.0.0.1:10811";
|
|
55
|
+
// const client = new GoogleClient(access);
|
|
56
|
+
// client.getEab().catch((e) => {
|
|
57
|
+
// console.error(e);
|
|
58
|
+
// });
|
|
59
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ29vZ2xlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2xpYnMvZ29vZ2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxTQUFTLEVBQWdCLE1BQU0sb0JBQW9CLENBQUM7QUFHN0QsTUFBTSxPQUFPLFlBQVk7SUFDdkIsTUFBTSxDQUFlO0lBQ3JCLE1BQU0sQ0FBVTtJQUNoQixZQUFZLElBQStDO1FBQ3pELElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUMxQixJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDNUIsQ0FBQztJQUNELEtBQUssQ0FBQyxNQUFNO1FBQ1YsbUZBQW1GO1FBQ25GLE1BQU0sRUFBRSxFQUFFLEVBQUUsR0FBRyxNQUFNLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO1FBQ3RELHNEQUFzRDtRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDO1FBQzNCLElBQUksQ0FBQyxNQUFNLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ2pDLENBQUM7UUFDRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO1FBRTVELE1BQU0sTUFBTSxHQUFHLElBQUksRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztRQUMvRSxNQUFNLE1BQU0sR0FBRyxZQUFZLFdBQVcsQ0FBQyxVQUFVLG1CQUFtQixDQUFDO1FBQ3JFLE1BQU0sa0JBQWtCLEdBQUcsRUFBRSxDQUFDO1FBQzlCLE1BQU0sT0FBTyxHQUFHO1lBQ2QsTUFBTTtZQUNOLGtCQUFrQjtTQUNuQixDQUFDO1FBRUYsSUFBSSxhQUFhLEdBQUcsRUFBRSxDQUFDO1FBQ3ZCLElBQUksQ0FBQztZQUNILElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDM0IsVUFBVTtnQkFDVixhQUFhLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUM7Z0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFDO1lBQ25ELENBQUM7WUFDRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1lBQ3JDLE1BQU0sUUFBUSxHQUFHLE1BQU0sTUFBTSxDQUFDLHdCQUF3QixDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ2hFLE1BQU0sRUFBRSxLQUFLLEVBQUUsU0FBUyxFQUFFLEdBQUcsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3pDLE1BQU0sU0FBUyxHQUFHLElBQUksU0FBUyxFQUFFLENBQUM7WUFDbEMsU0FBUyxDQUFDLEdBQUcsR0FBRyxLQUFLLENBQUM7WUFDdEIsU0FBUyxDQUFDLE9BQU8sR0FBRyxTQUFTLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDekMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMseUJBQXlCLFNBQVMsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1lBQzNELE9BQU8sU0FBUyxDQUFDO1FBQ25CLENBQUM7Z0JBQVMsQ0FBQztZQUNULElBQUksYUFBYSxFQUFFLENBQUM7Z0JBQ2xCLE9BQU8sQ0FBQyxHQUFHLENBQUMsV0FBVyxHQUFHLGFBQWEsQ0FBQztZQUMxQyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRjtBQUVELHFDQUFxQztBQUNyQyw0Q0FBNEM7QUFDNUMsa0NBQWtDO0FBQ2xDLEVBQUU7QUFDRixFQUFFO0FBQ0YsS0FBSztBQUNMLHlEQUF5RDtBQUN6RCwyQ0FBMkM7QUFDM0MsaUNBQWlDO0FBQ2pDLHNCQUFzQjtBQUN0QixNQUFNIn0=
|
|
@@ -1,8 +1,22 @@
|
|
|
1
1
|
import * as acme from "@certd/acme-client";
|
|
2
|
+
import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
|
|
2
3
|
import { Logger } from "log4js";
|
|
3
4
|
import { IContext } from "@certd/pipeline";
|
|
4
5
|
import { IDnsProvider } from "../../dns-provider/index.js";
|
|
5
|
-
|
|
6
|
+
export type CnameVerifyPlan = {
|
|
7
|
+
domain: string;
|
|
8
|
+
fullRecord: string;
|
|
9
|
+
dnsProvider: IDnsProvider;
|
|
10
|
+
};
|
|
11
|
+
export type DomainVerifyPlan = {
|
|
12
|
+
domain: string;
|
|
13
|
+
type: "cname" | "dns";
|
|
14
|
+
dnsProvider?: IDnsProvider;
|
|
15
|
+
cnameVerifyPlan?: Record<string, CnameVerifyPlan>;
|
|
16
|
+
};
|
|
17
|
+
export type DomainsVerifyPlan = {
|
|
18
|
+
[key: string]: DomainVerifyPlan;
|
|
19
|
+
};
|
|
6
20
|
export type CertInfo = {
|
|
7
21
|
crt: string;
|
|
8
22
|
key: string;
|
|
@@ -20,6 +34,7 @@ type AcmeServiceOptions = {
|
|
|
20
34
|
eab?: ClientExternalAccountBindingOptions;
|
|
21
35
|
skipLocalVerify?: boolean;
|
|
22
36
|
useMappingProxy?: boolean;
|
|
37
|
+
reverseProxy?: string;
|
|
23
38
|
privateKeyType?: PrivateKeyType;
|
|
24
39
|
signal?: AbortSignal;
|
|
25
40
|
};
|
|
@@ -36,23 +51,34 @@ export declare class AcmeService {
|
|
|
36
51
|
saveAccountConfig(email: string, conf: any): Promise<void>;
|
|
37
52
|
getAcmeClient(email: string, isTest?: boolean): Promise<acme.Client>;
|
|
38
53
|
createNewKey(): Promise<string>;
|
|
39
|
-
|
|
40
|
-
|
|
54
|
+
challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, dnsProvider: IDnsProvider, domainsVerifyPlan: DomainsVerifyPlan): Promise<{
|
|
55
|
+
recordReq: {
|
|
56
|
+
domain: string;
|
|
57
|
+
fullRecord: string;
|
|
58
|
+
hostRecord: string;
|
|
59
|
+
type: string;
|
|
60
|
+
value: string;
|
|
61
|
+
};
|
|
62
|
+
recordRes: any;
|
|
63
|
+
dnsProvider: IDnsProvider<any>;
|
|
64
|
+
}>;
|
|
41
65
|
/**
|
|
42
66
|
* Function used to remove an ACME challenge response
|
|
43
67
|
*
|
|
44
68
|
* @param {object} authz Authorization object
|
|
45
69
|
* @param {object} challenge Selected challenge
|
|
46
70
|
* @param {string} keyAuthorization Authorization key
|
|
47
|
-
* @param
|
|
71
|
+
* @param recordReq
|
|
72
|
+
* @param recordRes
|
|
48
73
|
* @param dnsProvider dnsProvider
|
|
49
74
|
* @returns {Promise}
|
|
50
75
|
*/
|
|
51
|
-
challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string,
|
|
76
|
+
challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordReq: any, recordRes: any, dnsProvider: IDnsProvider): Promise<void>;
|
|
52
77
|
order(options: {
|
|
53
78
|
email: string;
|
|
54
79
|
domains: string | string[];
|
|
55
|
-
dnsProvider
|
|
80
|
+
dnsProvider?: any;
|
|
81
|
+
domainsVerifyPlan?: DomainsVerifyPlan;
|
|
56
82
|
csrInfo: any;
|
|
57
83
|
isTest?: boolean;
|
|
58
84
|
privateKeyType?: string;
|