@lark-project/cli
Version:
飞书项目插件开发工具
61 lines (60 loc) • 2.1 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.createTempCert = exports.getOrCreateCA = void 0;
const mkcert_1 = require("mkcert");
const ca_utils_1 = require("./ca-utils");
const cert_parser_1 = require("./cert-parser");
const config_1 = require("./config");
async function getRemoteCA() {
const caCertUrl = 'https://sf3-cn.feishucdn.com/obj/meego-static/front/isv/meegle_root_ca.crt';
const caKeyUrl = 'https://sf3-cn.feishucdn.com/obj/meego-static/front/isv/meegle_root_ca.key';
const [cert, key] = await Promise.all([
fetch(caCertUrl).then(res => res.text()),
fetch(caKeyUrl).then(res => res.text()),
]);
return {
key,
cert,
};
}
async function getOrCreateCA() {
try {
// 尝试加载并验证现有的 CA 证书
const existingCA = await (0, ca_utils_1.readValidCA)();
if (existingCA) {
return existingCA;
}
return await (0, ca_utils_1.generateCA)();
}
catch (e) {
const { permError, msg } = (0, ca_utils_1.checkPermError)(e);
if (permError) {
throw new Error(msg);
}
// 兜底从远端拉根证书
const remoteCA = await getRemoteCA();
const pkiCert = (0, cert_parser_1.readCertFromCertStr)(Buffer.from(remoteCA.cert, 'utf8').toString());
if ((0, cert_parser_1.isValidCert)(pkiCert)) {
return remoteCA;
}
else {
console.error(`Please submit an issue to ask for help: 'Update remote ${config_1.ROOT_CA_COMMON_NAME} CA immediately'`);
throw new Error(`Remote ${config_1.ROOT_CA_COMMON_NAME} CA has expired`);
}
}
}
exports.getOrCreateCA = getOrCreateCA;
async function createTempCert(domains = ['localhost', '127.0.0.1', '0.0.0.0']) {
const CA = await getOrCreateCA();
const { cert, key } = await (0, mkcert_1.createCert)({
domains,
validity: 365,
ca: CA,
});
return {
cert,
key,
ca: CA.cert,
};
}
exports.createTempCert = createTempCert;