feat(plugin): 实现插件安全验证和审计日志功能

- 添加插件签名验证机制，支持远程证书吊销列表
- 增加插件安装时的安全检查和签名验证
- 实现插件版本存储的HMAC完整性校验
- 添加插件审计日志记录插件安装和验证事件
- 增加JS插件沙箱安全限制配置
- 添加插件商店API的签名URL字段支持
- 实现安全配置的自动刷新机制

web/src/api/index.ts

@@ -32,9 +32,9 @@ export const enablePlugin = (name: string) => post(`/plugin/${name}/enable`)
 export const disablePlugin = (name: string) => post(`/plugin/${name}/disable`)
 
 // 扩展商店
-export const getStorePlugins = () => get<{ plugins: StorePluginInfo[], store_url: string }>('/store/plugins')
-export const installStorePlugin = (pluginName: string, downloadUrl: string, clientId: string) =>
-  post('/store/install', { plugin_name: pluginName, download_url: downloadUrl, client_id: clientId })
+export const getStorePlugins = () => get<{ plugins: StorePluginInfo[] }>('/store/plugins')
+export const installStorePlugin = (pluginName: string, downloadUrl: string, signatureUrl: string, clientId: string) =>
+  post('/store/install', { plugin_name: pluginName, download_url: downloadUrl, signature_url: signatureUrl, client_id: clientId })
 
 // 客户端插件配置
 export const getClientPluginConfig = (clientId: string, pluginName: string) =>

web/src/types/index.ts

@@ -110,6 +110,7 @@ export interface StorePluginInfo {
   author: string
   icon?: string
   download_url?: string
+  signature_url?: string
 }
 
 // JS 插件信息

web/src/views/PluginsView.vue

@@ -19,7 +19,6 @@ const plugins = ref<PluginInfo[]>([])
 const storePlugins = ref<StorePluginInfo[]>([])
 const jsPlugins = ref<JSPlugin[]>([])
 const clients = ref<ClientStatus[]>([])
-const storeUrl = ref('')
 const loading = ref(true)
 const storeLoading = ref(false)
 const jsLoading = ref(false)
@@ -41,7 +40,6 @@ const loadStorePlugins = async () => {
   try {
     const { data } = await getStorePlugins()
     storePlugins.value = data.plugins || []
-    storeUrl.value = data.store_url || ''
   } catch (e) {
     console.error('Failed to load store plugins', e)
   } finally {
@@ -165,11 +163,16 @@ const handleInstallStorePlugin = async () => {
     message.error('该插件没有下载地址')
     return
   }
+  if (!selectedStorePlugin.value.signature_url) {
+    message.error('该插件没有签名文件')
+    return
+  }
   installing.value = true
   try {
     await installStorePlugin(
       selectedStorePlugin.value.name,
       selectedStorePlugin.value.download_url,
+      selectedStorePlugin.value.signature_url,
       selectedClientId.value
     )
     message.success(`已安装 ${selectedStorePlugin.value.name} 到客户端`)
@@ -258,8 +261,7 @@ onMounted(() => {
       <!-- 扩展商店 -->
       <n-tab-pane name="store" tab="扩展商店">
         <n-spin :show="storeLoading">
-          <n-empty v-if="!storeUrl" description="未配置扩展商店URL，请在配置文件中设置 plugin_store.url" />
-          <n-empty v-else-if="!storeLoading && storePlugins.length === 0" description="扩展商店暂无可用扩展" />
+          <n-empty v-if="!storeLoading && storePlugins.length === 0" description="扩展商店暂无可用扩展" />
 
           <n-grid v-else :cols="3" :x-gap="16" :y-gap="16" responsive="screen" cols-s="1" cols-m="2">
             <n-gi v-for="plugin in storePlugins" :key="plugin.name">
@@ -273,7 +275,7 @@ onMounted(() => {
                 </template>
                 <template #header-extra>
                   <n-button
-                    v-if="plugin.download_url && onlineClients.length > 0"
+                    v-if="plugin.download_url && plugin.signature_url && onlineClients.length > 0"
                     size="small"
                     type="primary"
                     @click="openInstallModal(plugin)"