From c6dfe11bdba8816049507dc50cfdc673f296ea5c Mon Sep 17 00:00:00 2001
From: Fu Diwei <fudiwei@sina.com>
Date: Wed, 11 Jun 2025 22:55:07 +0800
Subject: [PATCH] feat: add preset scripts for qnap on deployment to ssh

---
 .../node/DeployNodeConfigFormSSHConfig.tsx    | 49 +++++++++++++++----
 .../i18n/locales/en/nls.workflow.nodes.json   |  1 +
 .../i18n/locales/zh/nls.workflow.nodes.json   |  1 +
 3 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
index 49110ce9..aa528b2e 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
@@ -46,12 +46,13 @@ const initFormModel = (): DeployNodeConfigFormSSHConfigFieldValues => {
 };
 
 const initPresetScript = (
-  key: Parameters<typeof _initPresetScript>[0] | "sh_replace_synologydsm_ssl" | "sh_replace_fnos_ssl",
+  key: Parameters<typeof _initPresetScript>[0] | "sh_replace_synologydsm_ssl" | "sh_replace_fnos_ssl" | "sh_replace_qnap_ssl",
   params?: Parameters<typeof _initPresetScript>[1]
 ) => {
   switch (key) {
     case "sh_replace_synologydsm_ssl":
       return `# *** 需要 root 权限 ***
+# 注意仅支持替换证书，需本身已开启过一次 HTTPS
 # 脚本参考 https://github.com/catchdave/ssl-certs/blob/main/replace_synology_ssl_certs.sh
 
 # 请将以下变量替换为实际值
@@ -129,6 +130,7 @@ info "Completed"
 
     case "sh_replace_fnos_ssl":
       return `# *** 需要 root 权限 ***
+# 注意仅支持替换证书，需本身已开启过一次 HTTPS
 # 脚本参考 https://github.com/lfgyx/fnos_certificate_update/blob/main/src/update_cert.sh
 
 # 请将以下变量替换为实际值
@@ -145,9 +147,9 @@ $domain = "<your-domain-name>" # 域名
 cp -rf "$tmpFullchainPath" "$fnFullchainPath"
 cp -rf "$tmpCertPath" "$fnCertPath"
 cp -rf "$tmpKeyPath" "$fnKeyPath"
+chmod 755 "$fnFullchainPath"
 chmod 755 "$fnCertPath"
 chmod 755 "$fnKeyPath"
-chmod 755 "$fnFullchainPath"
 
 # 更新数据库
 NEW_EXPIRY_DATE=$(openssl x509 -enddate -noout -in "$fnCertPath" | sed "s/^.*=\\(.*\\)$/\\1/")
@@ -159,6 +161,28 @@ systemctl restart webdav.service
 systemctl restart smbftpd.service
 systemctl restart trim_nginx.service
       `.trim();
+
+    case "sh_replace_qnap_ssl":
+      return `# *** 需要 root 权限 ***
+# 注意仅支持替换证书，需本身已开启过一次 HTTPS
+
+# 请将以下变量替换为实际值
+$tmpFullchainPath = "${params?.certPath || "<your-fullchain-cert-path>"}" # 证书文件路径（与表单中保持一致）
+$tmpKeyPath = "${params?.keyPath || "<your-key-path>"}" # 私钥文件路径（与表单中保持一致）
+
+# 复制文件
+cp -rf "$tmpFullchainPath" /etc/stunnel/backup.cert
+cp -rf "$tmpKeyPath" /etc/stunnel/backup.key
+cat /etc/stunnel/backup.key > /etc/stunnel/stunnel.pem
+cat /etc/stunnel/backup.cert >> /etc/stunnel/stunnel.pem
+chmod 600 /etc/stunnel/backup.cert
+chmod 600 /etc/stunnel/backup.key
+chmod 600 /etc/stunnel/stunnel.pem
+
+# 重启服务
+/etc/init.d/stunnel.sh restart
+/etc/init.d/reverse_proxy.sh reload
+      `.trim();
   }
 
   return _initPresetScript(key as Parameters<typeof _initPresetScript>[0], params);
@@ -286,6 +310,7 @@ const DeployNodeConfigFormSSHConfig = ({ form: formInst, formName, disabled, ini
 
       case "sh_replace_synologydsm_ssl":
       case "sh_replace_fnos_ssl":
+      case "sh_replace_qnap_ssl":
         {
           const presetScriptParams = {
             certPath: formInst.getFieldValue("certPath"),
@@ -461,13 +486,19 @@ const DeployNodeConfigFormSSHConfig = ({ form: formInst, formName, disabled, ini
             <div className="text-right">
               <Dropdown
                 menu={{
-                  items: ["sh_reload_nginx", "sh_replace_synologydsm_ssl", "sh_replace_fnos_ssl", "ps_binding_iis", "ps_binding_netsh", "ps_binding_rdp"].map(
-                    (key) => ({
-                      key,
-                      label: t(`workflow_node.deploy.form.ssh_preset_scripts.option.${key}.label`),
-                      onClick: () => handlePresetPostScriptClick(key),
-                    })
-                  ),
+                  items: [
+                    "sh_reload_nginx",
+                    "sh_replace_synologydsm_ssl",
+                    "sh_replace_fnos_ssl",
+                    "sh_replace_qnap_ssl",
+                    "ps_binding_iis",
+                    "ps_binding_netsh",
+                    "ps_binding_rdp",
+                  ].map((key) => ({
+                    key,
+                    label: t(`workflow_node.deploy.form.ssh_preset_scripts.option.${key}.label`),
+                    onClick: () => handlePresetPostScriptClick(key),
+                  })),
                 }}
                 trigger={["click"]}
               >
diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json
index ac8b8c60..cf585594 100644
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -626,6 +626,7 @@
   "workflow_node.deploy.form.ssh_preset_scripts.option.sh_reload_nginx.label": "POSIX Bash - Reload nginx",
   "workflow_node.deploy.form.ssh_preset_scripts.option.sh_replace_synologydsm_ssl.label": "POSIX Bash - Replace SynologyDSM SSL certificate",
   "workflow_node.deploy.form.ssh_preset_scripts.option.sh_replace_fnos_ssl.label": "POSIX Bash - Replace fnOS SSL certificate",
+  "workflow_node.deploy.form.ssh_preset_scripts.option.sh_replace_qnap_ssl.label": "POSIX Bash - Replace QNAP SSL certificate",
   "workflow_node.deploy.form.ssh_preset_scripts.option.ps_binding_iis.label": "PowerShell - Binding IIS",
   "workflow_node.deploy.form.ssh_preset_scripts.option.ps_binding_netsh.label": "PowerShell - Binding netsh",
   "workflow_node.deploy.form.ssh_preset_scripts.option.ps_binding_rdp.label": "PowerShell - Binding RDP",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index f88b055a..f1ecf783 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -625,6 +625,7 @@
   "workflow_node.deploy.form.ssh_preset_scripts.option.sh_reload_nginx.label": "POSIX Bash - 重启 nginx 进程",
   "workflow_node.deploy.form.ssh_preset_scripts.option.sh_replace_synologydsm_ssl.label": "POSIX Bash - 替换群晖 DSM 证书",
   "workflow_node.deploy.form.ssh_preset_scripts.option.sh_replace_fnos_ssl.label": "POSIX Bash - 替换飞牛 fnOS 证书",
+  "workflow_node.deploy.form.ssh_preset_scripts.option.sh_replace_qnap_ssl.label": "POSIX Bash - 替换威联通 QNAP 证书",
   "workflow_node.deploy.form.ssh_preset_scripts.option.ps_binding_iis.label": "PowerShell - 导入并绑定到 IIS",
   "workflow_node.deploy.form.ssh_preset_scripts.option.ps_binding_netsh.label": "PowerShell - 导入并绑定到 netsh",
   "workflow_node.deploy.form.ssh_preset_scripts.option.ps_binding_rdp.label": "PowerShell - 导入并绑定到 RDP",