npm - vk-ssl-auto-deploy - Versions diffs - 0.0.1 - Mend

vk-ssl-auto-deploy 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +200 -0
package/app.js +43 -0
package/bin/www.js +92 -0
package/config.json +8 -0
package/package.json +62 -0
package/public/stylesheets/style.css +8 -0
package/routes/cert.js +236 -0
package/routes/index.js +9 -0
package/routes/test.js +13 -0
package/views/error.ejs +3 -0
package/views/index.ejs +10 -0

package/README.md ADDED Viewed

@@ -0,0 +1,200 @@
+### 1. NPM 全局安装（推荐）
+```bash
+npm install -g vk-ssl-auto-deploy
+```
+安装后可以直接使用命令启动：
+```bash
+# 直接启动
+vk-ssl
+# 或使用 PM2 管理（需要先安装 PM2）
+npm install -g pm2
+cd <安装目录>
+npm run start
+```
+### 2. 本地开发安装
+```bash
+# 克隆项目
+git clone <repository-url>
+cd vk-ssl-auto-deploy
+# 安装依赖
+npm install
+# 启动运行
+npm dev
+```
+### 3. PM2 进程管理（生产环境推荐）
+```bash
+# 启动服务
+npm run start
+# 停止服务
+npm run stop
+# 重启服务
+npm run restart
+# 查看日志
+npm run logs
+# 删除进程
+npm run delete
+# 查看进程
+npm run list
+```
+### 4. 证书自动部署API
+#### 接口说明
+证书续期后台可以通过HTTP POST请求将证书文件自动部署到本项目。
+#### 请求地址
+```
+POST http://your-domain:3000/api/deploy-cert
+```
+#### 请求参数
+- Content-Type: `multipart/form-data`
+- `name`: 证书名称（必填），用于创建子目录，例如 `aaa` 会创建 `cert/aaa` 目录
+- `file`: zip格式的证书文件（必填）
+#### 返回格式
+成功响应：
+```json
+{
+  "code": 0,
+  "msg": "证书部署成功",
+  "path": "cert/aaa",
+  "fileCount": 11
+}
+```
+失败响应：
+```json
+{
+  "code": 错误码,
+  "msg": "错误信息"
+}
+```
+#### 错误码说明
+- `1001`: 缺少参数 name
+- `1002`: 缺少文件
+- `1003`: name参数包含非法字符
+- `2001`: 解压zip文件失败
+- `5000`: 服务器内部错误
+#### 证书文件说明
+上传的zip文件解压后应包含以下内容：
+- 私钥.pem（私钥文件）
+- 证书.pem（证书文件，包含证书链）
+- 中间证书.pem（中间证书文件，pem格式）
+- cert.crt（证书文件，包含证书链，与证书.pem内容一致）
+- cert.key（私钥文件，pem格式，与私钥.pem内容一致）
+- intermediate.crt（中间证书文件，pem格式，中间证书.pem内容一致）
+- cert.der（der格式证书文件）
+- cert.jks（jks格式证书文件，java服务器使用）
+- cert.p7b（p7b格式证书文件）
+- cert.pfx（pfx格式证书文件，iis服务器使用）
+- one.pem（证书和私钥简单合并成一个文件，pem格式，crt正文+key正文）
+#### 使用示例
+使用curl命令：
+```bash
+curl -X POST http://localhost:3000/api/deploy-cert \
+  -F "name=example" \
+  -F "file=@/path/to/cert.zip"
+```
+使用JavaScript（fetch）：
+```javascript
+const formData = new FormData();
+formData.append('name', 'example');
+formData.append('file', fileBlob);
+fetch('http://localhost:3000/api/deploy-cert', {
+  method: 'POST',
+  body: formData
+})
+.then(res => res.json())
+.then(data => console.log(data));
+```
+### 5. 配置说明
+编辑 `config.json` 文件可以修改服务端口和路由前缀：
+```json
+{
+  "port": 6001,
+  "routerName": "api",
+	"ipWhitelist": []
+}
+```
+- `port`: 服务监听端口（默认 6001）
+- `routerName`: API 路由前缀（默认 "api"，即访问路径为 `/api/...`）
+- `ipWhitelist`: IP白名单，默认为空，表示不限制IP，如果需要限制IP，可以填写IP地址，多个IP地址用逗号分隔
+### 6. License
+MIT
+### 7. 发布到 NPM（维护者使用）
+#### 发布前准备
+1. 确保已登录 npm 账号：
+```bash
+npm login
+```
+2. 更新版本号（遵循语义化版本）：
+```bash
+# 修复bug
+npm version patch
+# 新功能
+npm version minor
+# 破坏性更新
+npm version major
+```
+#### 发布命令
+```bash
+# 发布到 npm
+npm publish
+# 如果是第一次发布公开包
+npm publish --access public
+```
+#### 测试包
+发布前可以本地测试：
+```bash
+# 打包测试
+npm pack
+# 本地安装测试
+npm install -g ./vk-ssl-auto-deploy-1.0.0.tgz
+```

package/app.js ADDED Viewed

@@ -0,0 +1,43 @@
+const createError = require('http-errors');
+const express = require('express');
+const path = require('path');
+const cookieParser = require('cookie-parser');
+const logger = require('morgan');
+const indexRouter = require('./routes/index');
+const testRouter = require('./routes/test');
+const certRouter = require('./routes/cert');
+const config = require('./config');
+const app = express();
+// view engine setup
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'ejs');
+app.use(logger('dev'));
+app.use(express.json());
+app.use(express.urlencoded({ extended: false }));
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, 'public')));
+app.use('/', indexRouter);
+app.use('/test', testRouter);
+app.use(`/${config.routerName}`, certRouter);
+// catch 404 and forward to error handler
+app.use((req, res, next) => {
+	next(createError(404));
+});
+// error handler
+app.use((err, req, res, next) => {
+	res.locals.message = err.message;
+	res.locals.error = req.app.get('env') === 'development' ? err : {};
+	res.status(err.status || 500);
+	res.render('error');
+});
+module.exports = app;

package/bin/www.js ADDED Viewed

@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+/**
+ * Module dependencies.
+ */
+const app = require('../app');
+const debug = require('debug')('express-template:server');
+const http = require('http');
+const config = require('../config');
+/**
+ * Get port from environment and store in Express.
+ */
+const port = normalizePort(process.env.PORT || config.port);
+app.set('port', port);
+/**
+ * Create HTTP server.
+ */
+const server = http.createServer(app);
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+server.listen(port);
+console.log('listenPort:', port)
+server.on('error', onError);
+server.on('listening', onListening);
+/**
+ * Normalize a port into a number, string, or false.
+ */
+function normalizePort(val) {
+	const port = parseInt(val, 10);
+	if (isNaN(port)) {
+		// named pipe
+		return val;
+	}
+	if (port >= 0) {
+		// port number
+		return port;
+	}
+	return false;
+}
+/**
+ * Event listener for HTTP server "error" event.
+ */
+function onError(error) {
+	if (error.syscall !== 'listen') {
+		throw error;
+	}
+	const bind = typeof port === 'string' ?
+		'Pipe ' + port :
+		'Port ' + port;
+	// handle specific listen errors with friendly messages
+	switch (error.code) {
+		case 'EACCES':
+			console.error(bind + ' requires elevated privileges');
+			process.exit(1);
+			break;
+		case 'EADDRINUSE':
+			console.error(bind + ' is already in use');
+			process.exit(1);
+			break;
+		default:
+			throw error;
+	}
+}
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+function onListening() {
+	const addr = server.address();
+	const bind = typeof addr === 'string' ?
+		'pipe ' + addr :
+		'port ' + addr.port;
+	debug('Listening on ' + bind);
+}

package/config.json ADDED Viewed

@@ -0,0 +1,8 @@
+{
+	"port": 6001,
+	"routerName": "api",
+	"ipWhitelist": [],
+	"callbackCommand": [
+		"sudo nginx -t && sudo systemctl reload nginx"
+	]
+}

package/package.json ADDED Viewed

@@ -0,0 +1,62 @@
+{
+	"name": "vk-ssl-auto-deploy",
+	"version": "0.0.1",
+	"description": "SSL证书自动部署工具 - 提供HTTP API接口，支持证书文件自动上传和部署",
+	"main": "app.js",
+	"bin": {
+		"vk-ssl": "./bin/www.js"
+	},
+	"scripts": {
+		"dev": "node ./bin/www",
+		"start": "pm2 start ./bin/www.js --name vk-ssl-auto-deploy",
+		"stop": "pm2 stop vk-ssl-auto-deploy",
+		"restart": "pm2 restart vk-ssl-auto-deploy",
+		"delete": "pm2 delete vk-ssl-auto-deploy",
+		"logs": "pm2 logs vk-ssl-auto-deploy",
+		"list": "pm2 list"
+	},
+	"keywords": [
+		"ssl",
+		"certificate",
+		"auto-deploy",
+		"express",
+		"证书部署",
+		"自动化",
+		"无忧SSL证书"
+	],
+	"author": "VK",
+	"license": "MIT",
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/yourusername/vk-ssl-auto-deploy.git"
+	},
+	"bugs": {
+		"url": "https://github.com/yourusername/vk-ssl-auto-deploy/issues"
+	},
+	"homepage": "https://github.com/yourusername/vk-ssl-auto-deploy#readme",
+	"files": [
+		"bin/",
+		"routes/",
+		"views/",
+		"public/",
+		"app.js",
+		"config.json",
+		"README.md"
+	],
+	"engines": {
+		"node": ">=12.0.0"
+	},
+	"dependencies": {
+		"adm-zip": "^0.5.16",
+		"cookie-parser": "~1.4.4",
+		"debug": "~2.6.9",
+		"ejs": "~2.6.1",
+		"express": "~4.16.1",
+		"http-errors": "~1.6.3",
+		"morgan": "~1.9.1",
+		"multer": "^2.0.2"
+	},
+	"optionalDependencies": {
+		"pm2": "^5.3.0"
+	}
+}

package/public/stylesheets/style.css ADDED Viewed

@@ -0,0 +1,8 @@
+body {
+  padding: 50px;
+  font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
+}
+a {
+  color: #00B7FF;
+}

package/routes/cert.js ADDED Viewed

@@ -0,0 +1,236 @@
+const express = require('express');
+const router = express.Router();
+const multer = require('multer');
+const AdmZip = require('adm-zip');
+const fs = require('fs');
+const path = require('path');
+const { exec } = require('child_process');
+const { promisify } = require('util');
+const config = require('../config.json');
+const { validateCertFile } = require('../utils/certValidator');
+const { getClientIP, isIPInWhitelist } = require('../utils/ipValidator');
+const execAsync = promisify(exec);
+// 使用内存存储
+const upload = multer({
+	storage: multer.memoryStorage(),
+	limits: {
+		fileSize: 10 * 1024 * 1024 // 限制文件大小为10MB
+	}
+});
+/**
+ * POST /api/deploy-cert
+ * 接收证书zip文件并自动部署
+ *
+ * 参数：
+ * - name: 证书名称（用于创建子目录）
+ * - file: zip文件
+ *
+ * 返回：
+ * - 成功: { code: 0, msg: '证书部署成功', path: 'cert/xxx' }
+ * - 失败: { code: 错误码, msg: '错误信息' }
+ */
+router.post('/deploy-cert', upload.single('file'), async (req, res, next) => {
+	try {
+		// 0. IP白名单验证
+		const clientIP = getClientIP(req);
+		if (!isIPInWhitelist(clientIP, config.ipWhitelist)) {
+			console.warn(`[IP白名单拦截] IP: ${clientIP} 尝试部署证书但不在白名单中`);
+			return res.json({
+				code: 4030,
+				msg: 'IP地址不在白名单中，访问被拒绝',
+				ip: clientIP
+			});
+		}
+		console.log(`[证书部署请求] 来源IP: ${clientIP}`);
+		// 1. 验证参数
+		if (!req.body.name) {
+			return res.json({ code: 1001, msg: '缺少参数: name' });
+		}
+		if (!req.file) {
+			return res.json({ code: 1002, msg: '缺少文件: file' });
+		}
+		const certName = req.body.name;
+		// 验证name参数，防止路径注入
+		if (certName.includes('..') || certName.includes('/') || certName.includes('\\')) {
+			return res.json({ code: 1003, msg: 'name参数包含非法字符' });
+		}
+		// 2. 创建cert目录和子目录
+		const projectRoot = path.join(__dirname, '..');
+		const certBaseDir = path.join(projectRoot, 'cert');
+		const certDir = path.join(certBaseDir, certName);
+		// 确保cert根目录存在
+		if (!fs.existsSync(certBaseDir)) {
+			fs.mkdirSync(certBaseDir, { recursive: true });
+		}
+		// 如果目标目录已存在，先删除（实现覆盖更新）
+		if (fs.existsSync(certDir)) {
+			fs.rmSync(certDir, { recursive: true, force: true });
+		}
+		// 创建目标目录
+		fs.mkdirSync(certDir, { recursive: true });
+		// 3. 解压zip文件并进行安全验证
+		try {
+			const zip = new AdmZip(req.file.buffer);
+			const zipEntries = zip.getEntries();
+			// 统计信息
+			const stats = {
+				total: 0,           // 总文件数
+				saved: 0,           // 成功保存的文件数
+				filtered: 0,        // 被过滤的文件数
+				savedFiles: [],     // 保存的文件列表
+				filteredFiles: []   // 被过滤的文件列表（含原因）
+			};
+			// 遍历并验证每个文件
+			zipEntries.forEach((entry) => {
+				if (!entry.isDirectory) {
+					stats.total++;
+					const filename = path.basename(entry.entryName);
+					const entryData = entry.getData();
+					// 安全验证
+					const validation = validateCertFile(filename, entryData, entry.entryName);
+					if (validation.valid) {
+						// 验证通过，保存文件
+						try {
+							const entryPath = path.join(certDir, entry.entryName);
+							// 确保父目录存在
+							const entryDir = path.dirname(entryPath);
+							if (!fs.existsSync(entryDir)) {
+								fs.mkdirSync(entryDir, { recursive: true });
+							}
+							// 写入文件
+							fs.writeFileSync(entryPath, entryData);
+							stats.saved++;
+							stats.savedFiles.push(entry.entryName);
+							console.log(`[文件已保存] ${entry.entryName} (${entryData.length} bytes)`);
+						} catch (writeError) {
+							console.error(`[文件写入失败] ${entry.entryName}:`, writeError.message);
+							stats.filtered++;
+							stats.filteredFiles.push({
+								filename: entry.entryName,
+								reason: '文件写入失败: ' + writeError.message
+							});
+						}
+					} else {
+						// 验证失败，过滤该文件
+						stats.filtered++;
+						stats.filteredFiles.push({
+							filename: entry.entryName,
+							reason: validation.reason
+						});
+						console.warn(`[文件已过滤] ${entry.entryName}: ${validation.reason}`);
+					}
+				}
+			});
+			// 检查是否至少保存了一个文件
+			if (stats.saved === 0) {
+				// 如果没有任何有效文件，删除创建的目录
+				if (fs.existsSync(certDir)) {
+					fs.rmSync(certDir, { recursive: true, force: true });
+				}
+				return res.json({
+					code: 2002,
+					msg: 'zip文件中没有有效的证书文件',
+					stats: stats
+				});
+			}
+		console.log(`[证书部署成功] 名称: ${certName}, 路径: ${certDir}, 保存: ${stats.saved}个, 过滤: ${stats.filtered}个`);
+		// 4. 执行回调命令
+		const commandResults = [];
+		if (config.callbackCommand && Array.isArray(config.callbackCommand) && config.callbackCommand.length > 0) {
+			console.log(`[开始执行回调命令] 共${config.callbackCommand.length}个命令`);
+			for (let i = 0; i < config.callbackCommand.length; i++) {
+				const command = config.callbackCommand[i];
+				const commandResult = {
+					command: command,
+					index: i + 1,
+					success: false,
+					output: '',
+					error: ''
+				};
+				try {
+					console.log(`[执行命令 ${i + 1}/${config.callbackCommand.length}] ${command}`);
+					const { stdout, stderr } = await execAsync(command, {
+						timeout: 30000, // 30秒超时
+						maxBuffer: 1024 * 1024 // 1MB buffer
+					});
+					commandResult.success = true;
+					commandResult.output = stdout ? stdout.trim() : '';
+					if (stderr) {
+						commandResult.error = stderr.trim();
+					}
+					console.log(`[命令执行成功 ${i + 1}/${config.callbackCommand.length}] ${command}`);
+					if (stdout) console.log(`[命令输出] ${stdout.trim()}`);
+					if (stderr) console.warn(`[命令stderr] ${stderr.trim()}`);
+				} catch (cmdError) {
+					commandResult.success = false;
+					commandResult.error = cmdError.message;
+					if (cmdError.stdout) commandResult.output = cmdError.stdout.trim();
+					if (cmdError.stderr) commandResult.error += '\n' + cmdError.stderr.trim();
+					console.error(`[命令执行失败 ${i + 1}/${config.callbackCommand.length}] ${command}:`, cmdError.message);
+				}
+				commandResults.push(commandResult);
+			}
+			console.log(`[回调命令执行完成] 成功: ${commandResults.filter(r => r.success).length}个, 失败: ${commandResults.filter(r => !r.success).length}个`);
+		}
+		return res.json({
+			code: 0,
+			msg: '证书部署成功',
+			path: 'cert/' + certName,
+			stats: {
+				total: stats.total,
+				saved: stats.saved,
+				filtered: stats.filtered,
+				savedFiles: stats.savedFiles,
+				filteredFiles: stats.filteredFiles
+			},
+			commandResults: commandResults.length > 0 ? commandResults : undefined
+		});
+		} catch (zipError) {
+			console.error('[解压失败]', zipError);
+			return res.json({ code: 2001, msg: '解压zip文件失败: ' + zipError.message });
+		}
+	} catch (error) {
+		console.error('[证书部署错误]', error);
+		return res.json({ code: 5000, msg: '服务器内部错误: ' + error.message });
+	}
+});
+module.exports = router;

package/routes/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+const express = require('express');
+const router = express.Router();
+/* GET home page. */
+router.get('/', (req, res, next) => {
+  res.render('index', { title: 'success' });
+});
+module.exports = router;

package/routes/test.js ADDED Viewed

@@ -0,0 +1,13 @@
+const express = require('express');
+const router = express.Router();
+/* GET users listing. */
+router.get('/', (req, res, next) => {
+	res.send('respond with a resource');
+});
+router.get('/test', (req, res, next) => {
+	res.send('hello word');
+});
+module.exports = router;

package/views/error.ejs ADDED Viewed

@@ -0,0 +1,3 @@
+<h1><%= message %></h1>
+<h2><%= error.status %></h2>
+<pre><%= error.stack %></pre>

package/views/index.ejs ADDED Viewed

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title><%= title %></title>
+    <link rel='stylesheet' href='/stylesheets/style.css' />
+  </head>
+  <body>
+    <h1><%= title %></h1>
+  </body>
+</html>