vk-ssl-auto-deploy 0.6.7 → 0.7.0

package/app.js

@@ -3,13 +3,13 @@ const express = require('express');
 const path = require('path');
 const cookieParser = require('cookie-parser');
 const logger = require('morgan');
+const http = require('http');
 
 const indexRouter = require('./routes/index');
 const testRouter = require('./routes/test');
 const certRouter = require('./routes/cert');
-
-const config = require('./config.json');
-
+const adminRouter = require('./routes/admin');
+const { setupWebSocket, broadcastLog } = require('./utils/websocket');
 
 const app = express();
 
@@ -26,6 +26,7 @@ app.use(express.static(path.join(__dirname, 'public')));
 app.use('/', indexRouter);
 app.use('/test', testRouter);
 app.use(`/api/cert`, certRouter);
+app.use('/admin', adminRouter);
 
 // catch 404 and forward to error handler
 app.use((req, res, next) => {
@@ -42,11 +43,21 @@ app.use((err, req, res, next) => {
 
 
 // 启动服务器
-const port = process.env.PORT || config.port;
+const port = process.env.PORT || 6001;
 const host = process.env.HOST || '0.0.0.0';
 
-app.listen(port, host, () => {
-	console.log('listenPort:', port)
+// 创建 HTTP 服务器
+const server = http.createServer(app);
+
+// 设置 WebSocket 服务器
+setupWebSocket(server);
+
+// 启动服务器
+server.listen(port, host, () => {
+	console.log('listenPort:', port);
+	console.log('管理后台地址: http://' + (host === '0.0.0.0' ? 'localhost' : host) + ':' + port + '/admin');
 });
 
-module.exports = app;
+// 导出应用和广播函数
+module.exports = app;
+module.exports.broadcastLog = broadcastLog;

package/config.json

@@ -1,8 +1,8 @@
-{
-	"key": "h85ymdt87reg4pr2p652zcgsuw2jsg7r",
-	"certSaveDir": "/vk-cert",
-	"nginxDir": "/www/server/nginx/sbin/nginx",
-	"domains": [],
-	"callbackCommand": [],
-	"port": 6001
+{
+	"key": "",
+	"certSaveDir": "/vk-cert",
+	"nginxDir": "/www/server/nginx/sbin/nginx",
+	"domains": [],
+	"callbackCommand": [],
+	"password": "admin@123456"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "vk-ssl-auto-deploy",
-	"version": "0.6.7",
+	"version": "0.7.0",
 	"description": "SSL证书自动部署工具 - 提供HTTP API接口，支持证书文件自动上传和部署",
 	"main": "app.js",
 	"bin": {
@@ -35,7 +35,6 @@
 	},
 	"homepage": "https://gitee.com/vk1688/vk-ssl-auto-deploy",
 	"files": [
-		"bin/",
 		"routes/",
 		"utils/",
 		"views/",
@@ -58,9 +57,10 @@
 		"http-errors": "~1.6.3",
 		"morgan": "~1.9.1",
 		"multer": "^2.0.2",
-		"node-forge": "^1.3.1"
+		"node-forge": "^1.3.1",
+		"ws": "^8.18.3"
 	},
 	"optionalDependencies": {
 		"pm2": "^5.3.0"
 	}
-}
+}

package/routes/admin.js

@@ -0,0 +1,266 @@
+const express = require('express');
+const router = express.Router();
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+
+const CONFIG_FILE = path.join(__dirname, '..', 'config.json');
+
+// 密码验证中间件
+function verifyPassword(req, res, next) {
+	try {
+		const config = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+		const configPassword = config.password;
+		const requestPassword = req.headers['x-password'];
+		
+		// 如果配置中没有设置密码，直接通过
+		if (!configPassword) {
+			return next();
+		}
+		
+		// 验证密码
+		if (requestPassword === configPassword) {
+			return next();
+		}
+		
+		// 密码错误
+		return res.status(401).json({
+			code: 401,
+			msg: '口令错误',
+			data: null
+		});
+	} catch (error) {
+		return res.status(500).json({
+			code: 500,
+			msg: '验证失败: ' + error.message,
+			data: null
+		});
+	}
+}
+
+// 读取证书信息的工具函数（从 cert.js 复制）
+function parseCertificate(certContent) {
+	try {
+		// 优先使用 Node.js 内置的 crypto 模块
+		if (crypto.X509Certificate) {
+			const cert = new crypto.X509Certificate(certContent);
+			const parseCN = (dn) => {
+				const cnMatch = dn.match(/CN=([^,]+)/);
+				return cnMatch ? cnMatch[1] : '';
+			};
+			return {
+				notBefore: new Date(cert.validFrom),
+				notAfter: new Date(cert.validTo),
+				subject: parseCN(cert.subject),
+				issuer: parseCN(cert.issuer)
+			};
+		}
+		// 降级方案：使用 node-forge
+		const forge = require('node-forge');
+		const cert = forge.pki.certificateFromPem(certContent);
+		return {
+			notBefore: cert.validity.notBefore,
+			notAfter: cert.validity.notAfter,
+			subject: cert.subject.attributes.find(attr => attr.name === 'commonName')?.value || '',
+			issuer: cert.issuer.attributes.find(attr => attr.name === 'commonName')?.value || ''
+		};
+	} catch (error) {
+		return null;
+	}
+}
+
+/**
+ * GET /admin
+ * 管理页面（不需要密码验证）
+ */
+router.get('/', (req, res) => {
+	res.render('admin', { title: 'SSL证书管理后台' });
+});
+
+/**
+ * POST /api/verify-password
+ * 验证密码（用于前端验证）
+ */
+router.post('/api/verify-password', (req, res) => {
+	try {
+		const config = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+		const configPassword = config.password;
+		const requestPassword = req.headers['x-password'] || req.body.password;
+		
+		// 如果配置中没有设置密码，直接通过
+		if (!configPassword) {
+			return res.json({
+				code: 0,
+				msg: 'success',
+				data: { valid: true }
+			});
+		}
+		
+		// 验证密码
+		if (requestPassword === configPassword) {
+			return res.json({
+				code: 0,
+				msg: 'success',
+				data: { valid: true }
+			});
+		}
+		
+		// 密码错误
+		return res.status(401).json({
+			code: 401,
+			msg: '口令错误',
+			data: { valid: false }
+		});
+	} catch (error) {
+		return res.status(500).json({
+			code: 500,
+			msg: '验证失败: ' + error.message,
+			data: null
+		});
+	}
+});
+
+/**
+ * GET /api/config
+ * 获取配置信息
+ */
+router.get('/api/config', verifyPassword, (req, res) => {
+	try {
+		const config = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+		res.json({
+			code: 0,
+			msg: 'success',
+			data: config
+		});
+	} catch (error) {
+		res.json({
+			code: 500,
+			msg: '读取配置失败: ' + error.message,
+			data: null
+		});
+	}
+});
+
+/**
+ * POST /api/config
+ * 保存配置信息
+ */
+router.post('/api/config', verifyPassword, (req, res) => {
+	try {
+		const newConfig = req.body;
+		
+		// 验证必填字段
+		if (!newConfig.key) {
+			return res.json({
+				code: 400,
+				msg: 'API Key 不能为空',
+				data: null
+			});
+		}
+		
+		if (!newConfig.certSaveDir) {
+			return res.json({
+				code: 400,
+				msg: '证书保存目录不能为空',
+				data: null
+			});
+		}
+		
+		// 确保 domains 和 callbackCommand 是数组
+		if (!Array.isArray(newConfig.domains)) {
+			newConfig.domains = [];
+		}
+		if (!Array.isArray(newConfig.callbackCommand)) {
+			newConfig.callbackCommand = [];
+		}
+		
+		// 保存配置文件
+		fs.writeFileSync(CONFIG_FILE, JSON.stringify(newConfig, null, '\t'), 'utf8');
+		
+		// 重新加载配置（清除 require 缓存）
+		delete require.cache[require.resolve('../config.json')];
+		
+		res.json({
+			code: 0,
+			msg: '配置保存成功',
+			data: newConfig
+		});
+	} catch (error) {
+		res.json({
+			code: 500,
+			msg: '保存配置失败: ' + error.message,
+			data: null
+		});
+	}
+});
+
+/**
+ * GET /api/certs/local
+ * 获取本地证书列表及有效期信息
+ */
+router.get('/api/certs/local', verifyPassword, (req, res) => {
+	try {
+		const config = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+		const certDir = path.isAbsolute(config.certSaveDir) ?
+			config.certSaveDir :
+			path.join(__dirname, '..', config.certSaveDir);
+		
+		// 检查目录是否存在
+		if (!fs.existsSync(certDir)) {
+			return res.json({
+				code: 0,
+				msg: 'success',
+				data: []
+			});
+		}
+		
+		// 读取目录中的所有 .crt 文件
+		const files = fs.readdirSync(certDir);
+		const crtFiles = files.filter(f => f.endsWith('.crt'));
+		
+		const certList = [];
+		
+		for (const fileName of crtFiles) {
+			const filePath = path.join(certDir, fileName);
+			const certContent = fs.readFileSync(filePath, 'utf8');
+			const certInfo = parseCertificate(certContent);
+			
+			if (certInfo) {
+				const now = new Date();
+				const expiryDate = new Date(certInfo.notAfter);
+				const remainingMs = expiryDate - now;
+				const remainingDays = Math.floor(remainingMs / (1000 * 60 * 60 * 24));
+				
+				// 提取域名（从文件名）
+				const baseName = fileName.replace('.crt', '');
+				
+				certList.push({
+					fileName: baseName,
+					domain: certInfo.subject || baseName,
+					issuer: certInfo.issuer,
+					notBefore: certInfo.notBefore.toISOString(),
+					notAfter: certInfo.notAfter.toISOString(),
+					remainingDays: remainingDays,
+					status: remainingDays < 0 ? 'expired' : (remainingDays < 14 ? 'warning' : 'valid')
+				});
+			}
+		}
+		
+		// 按剩余天数排序（过期的在前，然后是快过期的）
+		certList.sort((a, b) => a.remainingDays - b.remainingDays);
+		
+		res.json({
+			code: 0,
+			msg: 'success',
+			data: certList
+		});
+	} catch (error) {
+		res.json({
+			code: 500,
+			msg: '获取证书列表失败: ' + error.message,
+			data: null
+		});
+	}
+});
+
+module.exports = router;

package/routes/cert.js

@@ -8,10 +8,75 @@ const crypto = require('crypto');
 const axios = require('axios');
 const forge = require('node-forge');
 const chalk = require('chalk');
-const config = require('../config.json');
 
 const execAsync = promisify(exec);
 
+// 获取广播函数
+let broadcastLog = null;
+try {
+	const app = require('../app');
+	broadcastLog = app.broadcastLog;
+} catch (error) {
+	// 如果获取失败，使用空函数
+	broadcastLog = () => {};
+}
+
+// 配置文件路径
+const CONFIG_FILE = path.join(__dirname, '..', 'config.json');
+
+// 密码验证中间件
+function verifyPassword(req, res, next) {
+	try {
+		const config = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+		const configPassword = config.password;
+		const requestPassword = req.headers['x-password'];
+
+		// 如果配置中没有设置密码，直接通过
+		if (!configPassword) {
+			return next();
+		}
+
+		// 验证密码
+		if (requestPassword === configPassword) {
+			return next();
+		}
+
+		// 密码错误
+		return res.status(401).json({
+			code: 401,
+			msg: '口令错误',
+			data: null
+		});
+	} catch (error) {
+		return res.status(500).json({
+			code: 500,
+			msg: '验证失败: ' + error.message,
+			data: null
+		});
+	}
+}
+
+/**
+ * 动态获取配置（每次调用都重新读取文件）
+ * @returns {Object} 配置对象
+ */
+function getConfig() {
+	try {
+		const configContent = fs.readFileSync(CONFIG_FILE, 'utf8');
+		return JSON.parse(configContent);
+	} catch (error) {
+		logger.error('[配置读取错误]', error.message);
+		// 返回默认配置
+		return {
+			key: '',
+			certSaveDir: '/vk-cert',
+			nginxDir: '',
+			domains: [],
+			callbackCommand: []
+		};
+	}
+}
+
 // 日志工具 - 带颜色输出（仅使用5种颜色：白色、灰色、黄色、绿色、红色）
 const logger = {
 	// 错误 - 红色
@@ -34,7 +99,6 @@ const logger = {
 
 // 无忧SSL API配置
 const WUYOU_API_BASE = 'https://openapi-ssl.vk168.top/http'; // 请勿修改
-const API_KEY = config.key;
 
 // QPS限制：每次API调用后等待时间（毫秒）
 const API_CALL_DELAY = 1000; // 确保QPS不超过1
@@ -118,13 +182,14 @@ function releaseLock() {
  */
 async function getCertList(pageIndex = 1, pageSize = 10000) {
 	try {
+		const config = getConfig(); // 动态获取配置
 		logger.info(`[API调用] 获取证书列表 - 页码: ${pageIndex}, 每页: ${pageSize}`);
 
 		const params = {
 			pageIndex,
 			pageSize,
 			status: 3,
-			key: API_KEY
+			key: config.key
 		};
 
 		// 添加domains过滤条件
@@ -137,12 +202,13 @@ async function getCertList(pageIndex = 1, pageSize = 10000) {
 				timeout: 60000
 			}
 		);
-
-		logger.success(`[API响应] 获取证书列表成功 - 共 ${response.data?.data?.total || 0} 条记录`);
-
+		if (response.data?.code === 0) {
+			logger.success(`[API响应] 获取证书列表成功 - 共 ${response.data?.data?.total || 0} 条记录`);
+		} else {
+			logger.error('[API错误] 获取证书列表失败:', response.data?.msg);
+		}
 		// QPS限制：调用后等待
 		await sleep(API_CALL_DELAY);
-
 		return response.data;
 	} catch (error) {
 		logger.error('[API错误] 获取证书列表失败:', error.message);
@@ -157,11 +223,12 @@ async function getCertList(pageIndex = 1, pageSize = 10000) {
  */
 async function downloadCerts(certIds) {
 	try {
+		const config = getConfig(); // 动态获取配置
 		logger.info(`[API调用] 批量下载证书 - 数量: ${certIds.length}`);
 		const params = {
 			certIds,
 			type: "nginx",
-			key: API_KEY
+			key: config.key
 		};
 
 		const response = await axios.post(
@@ -295,6 +362,7 @@ function generateFileName(domains) {
  * @param {string} keyContent - 私钥内容
  */
 function saveCertFiles(fileName, certContent, keyContent) {
+	const config = getConfig(); // 动态获取配置
 	const certDir = path.isAbsolute(config.certSaveDir) ?
 		config.certSaveDir :
 		path.join(__dirname, '..', config.certSaveDir);
@@ -321,6 +389,7 @@ function saveCertFiles(fileName, certContent, keyContent) {
  * 重载Nginx配置
  */
 async function reloadNginx() {
+	const config = getConfig(); // 动态获取配置
 	if (!config.nginxDir || !config.nginxDir.trim()) {
 		logger.dim('[Nginx重载] 未配置nginxDir，跳过重载');
 		return { success: true, message: '未配置nginxDir' };
@@ -349,6 +418,8 @@ async function reloadNginx() {
  * 执行证书自动部署任务
  */
 async function executeDeployTask() {
+	const config = getConfig(); // 动态获取配置
+
 	if (isTaskRunning) {
 		logger.warn('[任务执行] 已有任务正在执行，跳过本次执行');
 		return { success: false, message: '任务正在执行中' };
@@ -387,7 +458,7 @@ async function executeDeployTask() {
 		const certListResponse = await getCertList(1, 10000);
 
 		if (!certListResponse || certListResponse.code !== 0) {
-			throw new Error(`获取证书列表失败: ${certListResponse?.message || '未知错误'}`);
+			throw new Error(`获取证书列表失败: ${certListResponse?.msg || certListResponse?.message || '未知错误'}`);
 		}
 
 		const certList = certListResponse.data?.rows || [];
@@ -490,7 +561,7 @@ async function executeDeployTask() {
 				const downloadResponse = await downloadCerts(certIds);
 
 				if (!downloadResponse || downloadResponse.code !== 0) {
-					throw new Error(`下载失败: ${downloadResponse?.message || '未知错误'}`);
+					throw new Error(`下载失败: ${downloadResponse?.msg || downloadResponse?.message || '未知错误'}`);
 				}
 
 				const downloadedCerts = downloadResponse.data?.certs || [];
@@ -577,6 +648,13 @@ async function executeDeployTask() {
 		logger.dim(`[证书保存目录] ${config.certSaveDir}`);
 		logger.divider();
 		console.log('');
+
+		// 任务完成后，通过WebSocket通知前端刷新证书列表
+		if (broadcastLog && result.stats.downloadedCerts > 0) {
+			setTimeout(() => {
+				broadcastLog('CERT_UPDATE_COMPLETE', 'cert_update');
+			}, 1000);
+		}
 	}
 
 	return result;
@@ -604,8 +682,8 @@ function initScheduledTask() {
 		};
 
 		// scheduledExecutionTime = {
-		// 	hour: 14,
-		// 	minute: 13
+		// 	hour: 17,
+		// 	minute: 9
 		// }
 
 		logger.success(
@@ -674,9 +752,7 @@ function initScheduledTask() {
 					if (lastExecutionDate !== currentDate) {
 						// 换行后输出触发信息
 						console.log('');
-						logger.success(
-							`[定时任务] 触发执行 - 当前时间: ${currentHour}:${currentMinute.toString().padStart(2, '0')}`
-						);
+						logger.success(`[定时任务] 触发执行`);
 						lastExecutionDate = currentDate;
 
 						// 异步执行任务，使用try-catch确保异常不会影响定时器
@@ -685,6 +761,7 @@ function initScheduledTask() {
 						}).finally(() => {
 							needWrite = true;
 							lastCountdownText = "";
+							logger.log(`[定时任务] 运行结束`);
 						})
 					}
 				}
@@ -705,7 +782,8 @@ function initScheduledTask() {
  * GET /api/cert/status
  * 获取任务状态
  */
-router.get('/status', (req, res) => {
+router.get('/status', verifyPassword, (req, res) => {
+	const config = getConfig(); // 动态获取配置
 	res.json({
 		code: 0,
 		msg: 'success',
@@ -724,11 +802,50 @@ router.get('/status', (req, res) => {
 	});
 });
 
+/**
+ * GET /api/cert/schedule-info
+ * 获取定时任务信息和服务器时间
+ */
+router.get('/schedule-info', verifyPassword, (req, res) => {
+	const now = new Date();
+	const serverTime = now.toISOString();
+
+	// 计算下次执行时间
+	let nextExecutionTime = null;
+	if (scheduledExecutionTime) {
+		const targetTime = new Date(now);
+		targetTime.setHours(scheduledExecutionTime.hour, scheduledExecutionTime.minute, 0, 0);
+
+		// 如果今天的执行时间已过，则计算明天的执行时间
+		if (now >= targetTime) {
+			targetTime.setDate(targetTime.getDate() + 1);
+		}
+
+		nextExecutionTime = targetTime.toISOString();
+	}
+
+	res.json({
+		code: 0,
+		msg: 'success',
+		data: {
+			serverTime,
+			scheduledExecutionTime: scheduledExecutionTime ? {
+				hour: scheduledExecutionTime.hour,
+				minute: scheduledExecutionTime.minute,
+				formatted: `${scheduledExecutionTime.hour}:${scheduledExecutionTime.minute.toString().padStart(2, '0')}`
+			} : null,
+			nextExecutionTime,
+			isTaskRunning,
+			lastExecutionDate
+		}
+	});
+});
+
 /**
  * GET /api/cert/execute
  * 手动触发任务执行
  */
-router.get('/execute', async (req, res) => {
+router.get('/execute', verifyPassword, async (req, res) => {
 	logger.info('[手动执行] 收到手动执行请求');
 
 	if (isTaskRunning) {