@zhengyizhao/deploy-helper 0.1.0

package/src/commands/env.js

@@ -0,0 +1,264 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import inquirer from 'inquirer';
+import fs from 'fs';
+import path from 'path';
+import crypto from 'crypto';
+import { connectSSH, runRemoteSilent } from '../utils/ssh.js';
+import { loadConfig } from '../utils/config.js';
+
+const ENV_BACKUP_DIR = '/var/deploy-helper/env-backups';
+
+/**
+ * 简单对称加密（AES-256-GCM），用于传输时保护内容
+ */
+function encryptContent(text, key) {
+  const salt = crypto.randomBytes(16);
+  const derivedKey = crypto.scryptSync(key, salt, 32);
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv('aes-256-gcm', derivedKey, iv);
+  const encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return Buffer.concat([salt, iv, tag, encrypted]).toString('base64');
+}
+
+function decryptContent(encryptedBase64, key) {
+  const data = Buffer.from(encryptedBase64, 'base64');
+  const salt = data.slice(0, 16);
+  const iv = data.slice(16, 28);
+  const tag = data.slice(28, 44);
+  const encrypted = data.slice(44);
+  const derivedKey = crypto.scryptSync(key, salt, 32);
+  const decipher = crypto.createDecipheriv('aes-256-gcm', derivedKey, iv);
+  decipher.setAuthTag(tag);
+  return decipher.update(encrypted) + decipher.final('utf8');
+}
+
+/**
+ * 解析 .env 文件，返回键值对数组（过滤注释和空行）
+ */
+function parseEnvFile(content) {
+  return content
+    .split('\n')
+    .map((line, i) => ({ line: line.trim(), num: i + 1 }))
+    .filter(({ line }) => line && !line.startsWith('#'))
+    .map(({ line, num }) => {
+      const eqIdx = line.indexOf('=');
+      if (eqIdx === -1) return null;
+      const key = line.slice(0, eqIdx).trim();
+      const value = line.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, '');
+      return { key, value, num };
+    })
+    .filter(Boolean);
+}
+
+/**
+ * 展示 .env 内容预览（隐藏敏感值）
+ */
+function previewEnv(vars) {
+  console.log(chalk.bold('\n  .env 文件内容预览：\n'));
+  vars.forEach(({ key, value }) => {
+    const isSensitive = /secret|password|key|token|pwd|pass/i.test(key);
+    const displayVal = isSensitive
+      ? chalk.gray(value.slice(0, 3) + '***' + value.slice(-2))
+      : chalk.gray(value.length > 40 ? value.slice(0, 40) + '...' : value);
+    console.log(`    ${chalk.cyan(key)}=${displayVal}`);
+  });
+  console.log('');
+}
+
+export async function deployEnv() {
+  const config = loadConfig();
+  if (!config) {
+    console.log(chalk.red('\n没有找到部署配置，请先运行：') + chalk.cyan(' deploy-helper init\n'));
+    return;
+  }
+
+  // 检查本地 .env 是否存在
+  const localEnvPath = path.join(process.cwd(), '.env');
+  if (!fs.existsSync(localEnvPath)) {
+    console.log(chalk.yellow('\n本地没有找到 .env 文件。'));
+    const { create } = await inquirer.prompt([{
+      type: 'confirm',
+      name: 'create',
+      message: '是否从服务器拉取现有的 .env？',
+      default: true,
+    }]);
+    if (create) {
+      await pullEnv(config);
+    }
+    return;
+  }
+
+  const envContent = fs.readFileSync(localEnvPath, 'utf-8');
+  const vars = parseEnvFile(envContent);
+
+  if (vars.length === 0) {
+    console.log(chalk.yellow('\n.env 文件是空的或只有注释。\n'));
+    return;
+  }
+
+  previewEnv(vars);
+
+  const { action } = await inquirer.prompt([{
+    type: 'list',
+    name: 'action',
+    message: '要做什么？',
+    choices: [
+      { name: '上传本地 .env 到服务器（覆盖）', value: 'push' },
+      { name: '从服务器拉取 .env 到本地', value: 'pull' },
+      { name: '对比本地和服务器的 .env 差异', value: 'diff' },
+    ],
+  }]);
+
+  if (action === 'push') await pushEnv(config, envContent, vars);
+  else if (action === 'pull') await pullEnv(config);
+  else if (action === 'diff') await diffEnv(config, vars);
+}
+
+async function pushEnv(config, envContent, vars) {
+  const { confirm } = await inquirer.prompt([{
+    type: 'confirm',
+    name: 'confirm',
+    message: `确认上传 ${vars.length} 个变量到服务器 ${config.host}？（将覆盖服务器上现有的 .env）`,
+    default: true,
+  }]);
+  if (!confirm) return;
+
+  let ssh;
+  const spinner = ora('连接服务器...').start();
+  try {
+    ssh = await connectSSH(config);
+    spinner.succeed('连接成功');
+  } catch (err) {
+    spinner.fail('连接失败：' + err.message);
+    return;
+  }
+
+  try {
+    // 备份服务器现有 .env
+    const backupSpinner = ora('备份服务器现有 .env...').start();
+    await runRemoteSilent(ssh, `mkdir -p ${ENV_BACKUP_DIR}`);
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    await runRemoteSilent(
+      ssh,
+      `[ -f ${config.remotePath}/.env ] && cp ${config.remotePath}/.env ${ENV_BACKUP_DIR}/.env_${config.appName}_${timestamp} || true`
+    );
+    backupSpinner.succeed('已备份旧 .env');
+
+    // 上传新 .env（通过 SSH 直接写入，不走文件上传避免明文落盘）
+    const uploadSpinner = ora('上传 .env 到服务器...').start();
+    const escaped = envContent.replace(/'/g, "'\\''");
+    await runRemoteSilent(ssh, `cat > ${config.remotePath}/.env << 'DEPLOY_HELPER_EOF'\n${escaped}\nDEPLOY_HELPER_EOF`);
+    await runRemoteSilent(ssh, `chmod 600 ${config.remotePath}/.env`);
+    uploadSpinner.succeed('.env 上传完成，权限已设为 600');
+
+    // 重启服务让新环境变量生效
+    const { restart } = await inquirer.prompt([{
+      type: 'confirm',
+      name: 'restart',
+      message: '是否重启服务让新变量生效？',
+      default: true,
+    }]);
+
+    if (restart) {
+      const restartSpinner = ora('重启服务...').start();
+      if (config.projectType === 'nodejs') {
+        await runRemoteSilent(ssh, `pm2 restart ${config.appName}`);
+      } else if (config.projectType === 'python') {
+        await runRemoteSilent(ssh, `supervisorctl restart ${config.appName}`);
+      } else if (config.projectType === 'docker') {
+        await runRemoteSilent(ssh, `cd ${config.remotePath} && docker compose up -d`);
+      }
+      restartSpinner.succeed('服务已重启');
+    }
+
+    ssh.dispose();
+    console.log(chalk.green.bold('\n✅ .env 同步完成！\n'));
+
+  } catch (err) {
+    console.log(chalk.red('\n上传失败：' + err.message));
+    ssh.dispose();
+  }
+}
+
+async function pullEnv(config) {
+  let ssh;
+  const spinner = ora('连接服务器...').start();
+  try {
+    ssh = await connectSSH(config);
+    spinner.succeed('连接成功');
+  } catch (err) {
+    spinner.fail('连接失败：' + err.message);
+    return;
+  }
+
+  try {
+    const result = await runRemoteSilent(ssh, `cat ${config.remotePath}/.env 2>/dev/null || echo ""`);
+    ssh.dispose();
+
+    if (!result.stdout.trim()) {
+      console.log(chalk.yellow('\n服务器上没有 .env 文件。\n'));
+      return;
+    }
+
+    const localEnvPath = path.join(process.cwd(), '.env');
+    if (fs.existsSync(localEnvPath)) {
+      const { overwrite } = await inquirer.prompt([{
+        type: 'confirm',
+        name: 'overwrite',
+        message: '本地已有 .env，确认覆盖？',
+        default: false,
+      }]);
+      if (!overwrite) return;
+    }
+
+    fs.writeFileSync(localEnvPath, result.stdout);
+    console.log(chalk.green.bold('\n✅ 已从服务器拉取 .env 到本地。\n'));
+
+  } catch (err) {
+    console.log(chalk.red('\n拉取失败：' + err.message));
+    ssh.dispose();
+  }
+}
+
+async function diffEnv(config, localVars) {
+  let ssh;
+  const spinner = ora('获取服务器 .env...').start();
+  try {
+    ssh = await connectSSH(config);
+    const result = await runRemoteSilent(ssh, `cat ${config.remotePath}/.env 2>/dev/null || echo ""`);
+    ssh.dispose();
+    spinner.succeed('获取完成');
+
+    const remoteVars = parseEnvFile(result.stdout);
+    const localMap = Object.fromEntries(localVars.map(v => [v.key, v.value]));
+    const remoteMap = Object.fromEntries(remoteVars.map(v => [v.key, v.value]));
+
+    const allKeys = new Set([...Object.keys(localMap), ...Object.keys(remoteMap)]);
+
+    console.log(chalk.bold('\n  差异对比（本地 vs 服务器）：\n'));
+    let hasDiff = false;
+
+    for (const key of allKeys) {
+      if (!(key in localMap)) {
+        console.log(chalk.red(`  - ${key}`) + chalk.gray('（仅服务器有）'));
+        hasDiff = true;
+      } else if (!(key in remoteMap)) {
+        console.log(chalk.green(`  + ${key}`) + chalk.gray('（仅本地有）'));
+        hasDiff = true;
+      } else if (localMap[key] !== remoteMap[key]) {
+        console.log(chalk.yellow(`  ~ ${key}`) + chalk.gray('（值不同）'));
+        hasDiff = true;
+      }
+    }
+
+    if (!hasDiff) {
+      console.log(chalk.green('  本地和服务器 .env 完全一致 ✓'));
+    }
+    console.log('');
+
+  } catch (err) {
+    spinner.fail('获取失败：' + err.message);
+  }
+}

package/src/commands/init.js

@@ -0,0 +1,261 @@
+import inquirer from 'inquirer';
+import chalk from 'chalk';
+import ora from 'ora';
+import path from 'path';
+import os from 'os';
+import { connectSSH, runRemote, runRemoteSilent, uploadDirectory } from '../utils/ssh.js';
+import { saveConfig, loadConfig, configExists } from '../utils/config.js';
+import { detectProjectType, PROJECT_TYPE_LABELS, getStartCommand } from '../utils/detect.js';
+import { getSetupCommands, getStartCommands, getNginxConfig } from '../utils/setup.js';
+
+const step = (n, total, msg) =>
+  console.log(chalk.cyan(`\n[${n}/${total}] `) + chalk.bold(msg));
+
+const success = (msg) => console.log(chalk.green('  ✓ ') + msg);
+const info = (msg) => console.log(chalk.gray('  ℹ ') + msg);
+
+export async function deployInit() {
+  // 已有配置，询问是否覆盖
+  if (configExists()) {
+    const existing = loadConfig();
+    const { overwrite } = await inquirer.prompt([{
+      type: 'confirm',
+      name: 'overwrite',
+      message: `检测到已有部署配置（服务器：${existing.host}），要重新配置吗？`,
+      default: false,
+    }]);
+    if (!overwrite) {
+      console.log(chalk.yellow('\n已取消。如需更新代码，运行：') + chalk.cyan(' deploy-helper update\n'));
+      return;
+    }
+  }
+
+  console.log(chalk.gray('回答几个问题，我来帮你搞定剩下的一切 👇\n'));
+
+  // ── Step 1: 服务器信息 ──────────────────────────────────────────
+  step(1, 5, '服务器连接信息');
+
+  const serverAnswers = await inquirer.prompt([
+    {
+      type: 'input',
+      name: 'host',
+      message: '服务器 IP 地址：',
+      validate: (v) => v.trim() ? true : '请输入 IP 地址',
+    },
+    {
+      type: 'input',
+      name: 'port',
+      message: 'SSH 端口：',
+      default: '22',
+    },
+    {
+      type: 'input',
+      name: 'user',
+      message: '登录用户名：',
+      default: 'root',
+    },
+    {
+      type: 'list',
+      name: 'authType',
+      message: '登录方式：',
+      choices: [
+        { name: 'SSH 密钥（推荐）', value: 'key' },
+        { name: '密码', value: 'password' },
+      ],
+    },
+    {
+      type: 'input',
+      name: 'keyPath',
+      message: 'SSH 密钥路径：',
+      default: `${os.homedir()}/.ssh/id_rsa`,
+      when: (a) => a.authType === 'key',
+    },
+    {
+      type: 'password',
+      name: 'password',
+      message: '服务器密码：',
+      when: (a) => a.authType === 'password',
+      mask: '*',
+    },
+  ]);
+
+  // 测试连接
+  const spinner = ora('正在连接服务器...').start();
+  let ssh;
+  try {
+    ssh = await connectSSH(serverAnswers);
+    spinner.succeed(chalk.green('服务器连接成功！'));
+  } catch (err) {
+    spinner.fail(chalk.red('连接失败：' + err.message));
+    console.log(chalk.yellow('\n排查建议：'));
+    console.log('  • 检查 IP 和端口是否正确');
+    console.log('  • 确认服务器安全组已开放 22 端口');
+    console.log('  • 如用密钥登录，确认密钥路径和权限（chmod 600）');
+    return;
+  }
+
+  // ── Step 2: 项目信息 ──────────────────────────────────────────
+  step(2, 5, '项目信息');
+
+  const detectedType = detectProjectType();
+  info(`自动检测到项目类型：${PROJECT_TYPE_LABELS[detectedType]}`);
+
+  const projectAnswers = await inquirer.prompt([
+    {
+      type: 'list',
+      name: 'projectType',
+      message: '确认项目类型：',
+      default: detectedType,
+      choices: Object.entries(PROJECT_TYPE_LABELS).map(([value, name]) => ({ name, value })),
+    },
+    {
+      type: 'input',
+      name: 'appName',
+      message: '应用名称（用于进程管理）：',
+      default: path.basename(process.cwd()),
+      validate: (v) => /^[a-z0-9_-]+$/i.test(v) ? true : '只能包含字母、数字、下划线和连字符',
+    },
+    {
+      type: 'input',
+      name: 'remotePath',
+      message: '部署到服务器的路径：',
+      default: (a) => `/var/www/${a.appName}`,
+    },
+    {
+      type: 'input',
+      name: 'startCmd',
+      message: '启动命令：',
+      default: 'node index.js',
+      when: (a) => ['nodejs', 'python'].includes(a.projectType),
+    },
+    {
+      type: 'input',
+      name: 'port',
+      message: '应用监听的端口：',
+      default: '3000',
+      when: (a) => ['nodejs', 'python', 'docker'].includes(a.projectType),
+    },
+  ]);
+
+  // ── Step 3: 域名 & HTTPS ──────────────────────────────────────
+  step(3, 5, '域名 & HTTPS（可选）');
+
+  const domainAnswers = await inquirer.prompt([
+    {
+      type: 'confirm',
+      name: 'useDomain',
+      message: '是否配置域名？（没有域名用 IP 也可以）',
+      default: true,
+    },
+    {
+      type: 'input',
+      name: 'domain',
+      message: '你的域名（如 example.com）：',
+      when: (a) => a.useDomain,
+      validate: (v) => v.trim() ? true : '请输入域名',
+    },
+    {
+      type: 'confirm',
+      name: 'useHttps',
+      message: '是否自动申请 HTTPS 证书？（免费，需要域名已解析到此服务器）',
+      default: true,
+      when: (a) => a.useDomain,
+    },
+  ]);
+
+  const config = {
+    ...serverAnswers,
+    ...projectAnswers,
+    ...domainAnswers,
+    domain: domainAnswers.domain || serverAnswers.host,
+    deployedAt: new Date().toISOString(),
+  };
+
+  // ── Step 4: 安装环境 ──────────────────────────────────────────
+  step(4, 5, '在服务器上安装运行环境');
+  console.log(chalk.gray('  首次部署需要安装依赖，大约需要 2-5 分钟...\n'));
+
+  try {
+    // 创建部署目录
+    await runRemote(ssh, `mkdir -p ${config.remotePath}`, '创建部署目录');
+
+    const setupSteps = getSetupCommands(config);
+    for (const s of setupSteps) {
+      const sp = ora(`  ${s.label}...`).start();
+      try {
+        await runRemoteSilent(ssh, s.cmd);
+        sp.succeed(chalk.green(s.label));
+      } catch (err) {
+        sp.warn(chalk.yellow(`${s.label} 失败，继续... (${err.message.slice(0, 60)})`));
+      }
+    }
+  } catch (err) {
+    console.log(chalk.red('\n环境安装失败：' + err.message));
+    ssh.dispose();
+    return;
+  }
+
+  // ── Step 5: 上传代码 & 启动 ──────────────────────────────────
+  step(5, 5, '上传代码并启动服务');
+
+  try {
+    // 上传代码
+    const uploadSpinner = ora('  上传项目文件...').start();
+    await uploadDirectory(ssh, process.cwd(), config.remotePath);
+    uploadSpinner.succeed('项目文件上传完成');
+
+    // 启动应用
+    const startSteps = getStartCommands(config);
+    for (const s of startSteps) {
+      const sp = ora(`  ${s.label}...`).start();
+      await runRemoteSilent(ssh, s.cmd);
+      sp.succeed(s.label);
+    }
+
+    // 配置 Nginx
+    const nginxConf = getNginxConfig(config);
+    const nginxPath = `/etc/nginx/sites-available/${config.appName}`;
+    await runRemoteSilent(ssh, `echo '${nginxConf.replace(/'/g, "'\\''")}' > ${nginxPath}`);
+    await runRemoteSilent(ssh, `ln -sf ${nginxPath} /etc/nginx/sites-enabled/${config.appName}`);
+    await runRemoteSilent(ssh, `rm -f /etc/nginx/sites-enabled/default`);
+    await runRemoteSilent(ssh, `nginx -t && systemctl reload nginx`);
+    success('Nginx 配置完成');
+
+    // HTTPS
+    if (domainAnswers.useHttps && domainAnswers.domain) {
+      const httpsSpinner = ora('  申请 SSL 证书...').start();
+      const certResult = await runRemoteSilent(
+        ssh,
+        `certbot --nginx -d ${config.domain} --non-interactive --agree-tos --email admin@${config.domain} --redirect`
+      );
+      if (certResult.code === 0) {
+        httpsSpinner.succeed(`HTTPS 证书申请成功`);
+      } else {
+        httpsSpinner.warn('HTTPS 申请失败（可能是域名还没解析），可以之后手动运行 certbot）');
+      }
+    }
+
+  } catch (err) {
+    console.log(chalk.red('\n部署失败：' + err.message));
+    ssh.dispose();
+    return;
+  }
+
+  // 保存配置
+  saveConfig(config);
+  ssh.dispose();
+
+  // 完成！
+  const accessUrl = domainAnswers.useHttps && domainAnswers.domain
+    ? `https://${config.domain}`
+    : domainAnswers.domain
+      ? `http://${config.domain}`
+      : `http://${config.host}:${config.port || 80}`;
+
+  console.log(chalk.green.bold('\n🎉 部署成功！\n'));
+  console.log(`  访问地址：${chalk.cyan.underline(accessUrl)}`);
+  console.log(`  配置已保存至：${chalk.gray('.deploy-config.json')}`);
+  console.log('\n后续操作：');
+  console.log(`  更新代码 → ${chalk.cyan('deploy-helper update')}`);
+  console.log(`  查看状态 → ${chalk.cyan('deploy-helper status')}\n`);
+}