Merge branch 'refs/heads/zt-test' into test
# Conflicts: # zt-framework/zt-common/src/main/java/com/zt/plat/framework/common/biz/system/permission/PermissionCommonApi.java # zt-framework/zt-spring-boot-starter-biz-tenant/src/main/java/com/zt/plat/framework/tenant/core/context/DeptContextHolder.java # zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionServiceImpl.java
This commit is contained in:
FCL
@@ -192,24 +192,4 @@
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<!-- 设置构建的 jar 包名 -->
|
||||
<finalName>${project.artifactId}</finalName>
|
||||
<plugins>
|
||||
<!-- 打包 -->
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<version>${spring.boot.version}</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<goals>
|
||||
<goal>repackage</goal> <!-- 将引入的 jar 打入其中 -->
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
package com.zt.plat.module.databus;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
|
||||
/**
|
||||
* Databus 模块的启动类
|
||||
*
|
||||
* @author ZT
|
||||
*/
|
||||
@SpringBootApplication
|
||||
public class DatabusServerApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(DatabusServerApplication.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -42,6 +42,9 @@ public class ApiClientCredentialRespVO {
|
||||
@Schema(description = "匿名访问固定用户昵称", example = "张三")
|
||||
private String anonymousUserNickname;
|
||||
|
||||
@Schema(description = "是否启用加密", example = "true")
|
||||
private Boolean enableEncryption;
|
||||
|
||||
@Schema(description = "创建时间")
|
||||
private LocalDateTime createTime;
|
||||
|
||||
|
||||
@@ -45,4 +45,8 @@ public class ApiClientCredentialSaveReqVO {
|
||||
@Schema(description = "匿名访问固定用户 ID", example = "1024")
|
||||
private Long anonymousUserId;
|
||||
|
||||
@Schema(description = "是否启用加密", example = "true")
|
||||
@NotNull(message = "启用加密标识不能为空")
|
||||
private Boolean enableEncryption;
|
||||
|
||||
}
|
||||
|
||||
@@ -38,4 +38,6 @@ public class ApiClientCredentialDO extends BaseDO {
|
||||
|
||||
private Long anonymousUserId;
|
||||
|
||||
private Boolean enableEncryption;
|
||||
|
||||
}
|
||||
|
||||
@@ -108,7 +108,9 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
||||
credential = credentialService.findActiveCredential(appId)
|
||||
.orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "应用凭证不存在或已禁用"));
|
||||
boolean allowAnonymous = Boolean.TRUE.equals(credential.getAllowAnonymous());
|
||||
boolean enableEncryption = Boolean.TRUE.equals(credential.getEnableEncryption());
|
||||
ApiAnonymousUserService.AnonymousUserDetails anonymousDetails = null;
|
||||
byte[] requestBody = StreamUtils.copyToByteArray(request.getInputStream());
|
||||
if (allowAnonymous) {
|
||||
Long anonymousUserId = credential.getAnonymousUserId();
|
||||
if (anonymousUserId == null) {
|
||||
@@ -117,24 +119,25 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
||||
anonymousDetails = anonymousUserService.find(anonymousUserId)
|
||||
.orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问固定用户不可用"));
|
||||
}
|
||||
|
||||
String timestampHeader = requireHeader(request, TIMESTAMP_HEADER, "缺少时间戳");
|
||||
// 校验时间戳与随机数,防止请求被重放
|
||||
validateTimestamp(timestampHeader, security);
|
||||
String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
|
||||
if (nonce.length() < 8) {
|
||||
throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
|
||||
}
|
||||
String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
|
||||
if (enableEncryption){
|
||||
String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
|
||||
if (nonce.length() < 8) {
|
||||
throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
|
||||
}
|
||||
String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
|
||||
|
||||
byte[] originalBody = StreamUtils.copyToByteArray(request.getInputStream());
|
||||
// 尝试按凭证配置解密请求体,并构建签名载荷进行校验
|
||||
byte[] decryptedBody = decryptRequestBody(originalBody, credential, security);
|
||||
verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
|
||||
ensureNonce(tenantId, appId, nonce, security);
|
||||
// 尝试按凭证配置解密请求体,并构建签名载荷进行校验
|
||||
byte[] decryptedBody = decryptRequestBody(requestBody, credential, security);
|
||||
verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
|
||||
ensureNonce(tenantId, appId, nonce, security);
|
||||
requestBody = decryptedBody;
|
||||
}
|
||||
|
||||
// 使用可重复读取的请求包装,供后续过滤器继续消费
|
||||
CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, decryptedBody);
|
||||
CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, requestBody);
|
||||
securedRequest.setHeader(APP_ID_HEADER, credential.getAppId());
|
||||
securedRequest.setHeader(HEADER_CREDENTIAL_ID, credential.getId() != null ? String.valueOf(credential.getId()) : null);
|
||||
ApiGatewayAccessLogger.propagateLogIdHeader(securedRequest, accessLogId);
|
||||
@@ -238,6 +241,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
||||
private byte[] decryptRequestBody(byte[] originalBody,
|
||||
ApiClientCredentialDO credential,
|
||||
ApiGatewayProperties.Security security) {
|
||||
// 检查是否启用加密,如果未启用则直接返回原文
|
||||
if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) {
|
||||
return originalBody != null ? originalBody : new byte[0];
|
||||
}
|
||||
|
||||
if (originalBody == null || originalBody.length == 0) {
|
||||
return new byte[0];
|
||||
}
|
||||
@@ -390,6 +398,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
||||
private void encryptResponse(ContentCachingResponseWrapper responseWrapper,
|
||||
ApiClientCredentialDO credential,
|
||||
ApiGatewayProperties.Security security) throws IOException {
|
||||
// 检查是否启用加密,如果未启用则直接返回,不加密响应
|
||||
if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!security.isEncryptResponse()) {
|
||||
return;
|
||||
}
|
||||
@@ -524,6 +537,10 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
||||
if (security == null || credential == null) {
|
||||
return false;
|
||||
}
|
||||
// 检查是否启用加密,如果未启用则不加密错误响应
|
||||
if (Boolean.FALSE.equals(credential.getEnableEncryption())) {
|
||||
return false;
|
||||
}
|
||||
if (!security.isEncryptResponse()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -46,9 +46,9 @@ public class HttpStepHandler implements ApiStepHandler {
|
||||
private final WebClient.Builder webClientBuilder;
|
||||
private final ExpressionExecutor expressionExecutor;
|
||||
|
||||
private static final Duration RETRY_DELAY = Duration.ofMillis(200);
|
||||
private static final int RETRY_ATTEMPTS = 3;
|
||||
private static final Duration DEFAULT_TIMEOUT = Duration.ofSeconds(20);
|
||||
private static final Duration RETRY_DELAY = Duration.ofSeconds(5);
|
||||
private static final int RETRY_ATTEMPTS = 5;
|
||||
private static final Duration DEFAULT_TIMEOUT = Duration.ofSeconds(40);
|
||||
|
||||
private static final Set<String> DEFAULT_FORWARDED_HEADERS = Set.of(
|
||||
"authorization",
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
package com.zt.plat.module.databus.service.gateway.impl;
|
||||
|
||||
import com.github.benmanes.caffeine.cache.Caffeine;
|
||||
import com.github.benmanes.caffeine.cache.LoadingCache;
|
||||
import com.zt.plat.framework.common.exception.util.ServiceExceptionUtil;
|
||||
import com.zt.plat.framework.common.pojo.PageResult;
|
||||
import com.zt.plat.framework.common.util.object.BeanUtils;
|
||||
@@ -11,14 +9,12 @@ import com.zt.plat.module.databus.dal.dataobject.gateway.ApiClientCredentialDO;
|
||||
import com.zt.plat.module.databus.dal.mysql.gateway.ApiClientCredentialMapper;
|
||||
import com.zt.plat.module.databus.service.gateway.ApiAnonymousUserService;
|
||||
import com.zt.plat.module.databus.service.gateway.ApiClientCredentialService;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
@@ -36,16 +32,6 @@ public class ApiClientCredentialServiceImpl implements ApiClientCredentialServic
|
||||
private final ApiClientCredentialMapper credentialMapper;
|
||||
private final ApiAnonymousUserService anonymousUserService;
|
||||
|
||||
private LoadingCache<String, Optional<ApiClientCredentialDO>> credentialCache;
|
||||
|
||||
@PostConstruct
|
||||
public void initCache() {
|
||||
credentialCache = Caffeine.newBuilder()
|
||||
.maximumSize(256)
|
||||
.expireAfterWrite(Duration.ofMinutes(5))
|
||||
.build(this::loadCredentialSync);
|
||||
}
|
||||
|
||||
@Override
|
||||
public PageResult<ApiClientCredentialDO> getPage(ApiClientCredentialPageReqVO reqVO) {
|
||||
return credentialMapper.selectPage(reqVO);
|
||||
@@ -67,7 +53,6 @@ public class ApiClientCredentialServiceImpl implements ApiClientCredentialServic
|
||||
credential.setAnonymousUserId(null);
|
||||
}
|
||||
credentialMapper.insert(credential);
|
||||
invalidateCache(credential.getAppId());
|
||||
return credential.getId();
|
||||
}
|
||||
|
||||
@@ -86,8 +71,6 @@ public class ApiClientCredentialServiceImpl implements ApiClientCredentialServic
|
||||
updateObj.setAnonymousUserId(null);
|
||||
}
|
||||
credentialMapper.updateById(updateObj);
|
||||
invalidateCache(existing.getAppId());
|
||||
invalidateCache(updateObj.getAppId());
|
||||
if (!Objects.equals(existing.getAnonymousUserId(), updateObj.getAnonymousUserId())) {
|
||||
anonymousUserService.invalidate(existing.getAnonymousUserId());
|
||||
anonymousUserService.invalidate(updateObj.getAnonymousUserId());
|
||||
@@ -99,7 +82,6 @@ public class ApiClientCredentialServiceImpl implements ApiClientCredentialServic
|
||||
public void delete(Long id) {
|
||||
ApiClientCredentialDO existing = ensureExists(id);
|
||||
credentialMapper.deleteById(id);
|
||||
invalidateCache(existing.getAppId());
|
||||
anonymousUserService.invalidate(existing.getAnonymousUserId());
|
||||
}
|
||||
|
||||
@@ -118,11 +100,7 @@ public class ApiClientCredentialServiceImpl implements ApiClientCredentialServic
|
||||
if (!StringUtils.hasText(appId)) {
|
||||
return Optional.empty();
|
||||
}
|
||||
return credentialCache.get(appId.trim());
|
||||
}
|
||||
|
||||
private Optional<ApiClientCredentialDO> loadCredentialSync(String appId) {
|
||||
Optional<ApiClientCredentialDO> credential = credentialMapper.selectByAppId(appId)
|
||||
Optional<ApiClientCredentialDO> credential = credentialMapper.selectByAppId(appId.trim())
|
||||
.filter(item -> Boolean.TRUE.equals(item.getEnabled()));
|
||||
if (credential.isEmpty()) {
|
||||
log.debug("[API-PORTAL] 未找到 appId={} 的有效凭证", appId);
|
||||
@@ -147,13 +125,6 @@ public class ApiClientCredentialServiceImpl implements ApiClientCredentialServic
|
||||
return credential;
|
||||
}
|
||||
|
||||
private void invalidateCache(String appId) {
|
||||
if (!StringUtils.hasText(appId)) {
|
||||
return;
|
||||
}
|
||||
credentialCache.invalidate(appId.trim());
|
||||
}
|
||||
|
||||
private void normalizeAnonymousSettings(ApiClientCredentialSaveReqVO reqVO) {
|
||||
if (Boolean.TRUE.equals(reqVO.getAllowAnonymous())) {
|
||||
if (reqVO.getAnonymousUserId() == null) {
|
||||
|
||||
@@ -1,141 +0,0 @@
|
||||
spring:
|
||||
# 数据源配置项
|
||||
autoconfigure:
|
||||
exclude:
|
||||
datasource:
|
||||
druid: # Druid 【监控】相关的全局配置
|
||||
web-stat-filter:
|
||||
enabled: true
|
||||
stat-view-servlet:
|
||||
enabled: true
|
||||
allow: # 设置白名单,不填则允许所有访问
|
||||
url-pattern: /druid/*
|
||||
login-username: # 控制台管理用户名和密码
|
||||
login-password:
|
||||
filter:
|
||||
stat:
|
||||
enabled: true
|
||||
log-slow-sql: true # 慢 SQL 记录
|
||||
slow-sql-millis: 100
|
||||
merge-sql: true
|
||||
wall:
|
||||
config:
|
||||
multi-statement-allow: true
|
||||
dynamic: # 多数据源配置
|
||||
druid: # Druid 【连接池】相关的全局配置
|
||||
initial-size: 5 # 初始连接数
|
||||
min-idle: 10 # 最小连接池数量
|
||||
max-active: 20 # 最大连接池数量
|
||||
max-wait: 600000 # 配置获取连接等待超时的时间,单位:毫秒
|
||||
time-between-eviction-runs-millis: 60000 # 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位:毫秒
|
||||
min-evictable-idle-time-millis: 300000 # 配置一个连接在池中最小生存的时间,单位:毫秒
|
||||
max-evictable-idle-time-millis: 900000 # 配置一个连接在池中最大生存的时间,单位:毫秒
|
||||
validation-query: SELECT 1 FROM DUAL # 配置检测连接是否有效
|
||||
test-while-idle: true
|
||||
test-on-borrow: false
|
||||
test-on-return: false
|
||||
primary: master
|
||||
datasource:
|
||||
master:
|
||||
#url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
|
||||
#username: SYSDBA
|
||||
#password: pgbsci6ddJ6Sqj@e
|
||||
url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
|
||||
username: SYSDBA
|
||||
password: P@ssword25
|
||||
slave: # 模拟从库,可根据自己需要修改 # 模拟从库,可根据自己需要修改
|
||||
lazy: true # 开启懒加载,保证启动速度
|
||||
#url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
|
||||
#username: SYSDBA
|
||||
#password: pgbsci6ddJ6Sqj@e
|
||||
url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
|
||||
username: SYSDBA
|
||||
password: P@ssword25
|
||||
|
||||
# Redis 配置。Redisson 默认的配置足够使用,一般不需要进行调优
|
||||
data:
|
||||
redis:
|
||||
host: 172.16.46.63 # 地址
|
||||
port: 30379 # 端口
|
||||
database: 0 # 数据库索引
|
||||
username: zt-redis # 密码,建议生产环境开启
|
||||
password: P@ssword25
|
||||
|
||||
xxl:
|
||||
job:
|
||||
admin:
|
||||
addresses: http://172.16.46.63:30082/xxl-job-admin # 调度中心部署跟地址
|
||||
|
||||
# Lock4j 配置项
|
||||
lock4j:
|
||||
acquire-timeout: 3000 # 获取分布式锁超时时间,默认为 3000 毫秒
|
||||
expire: 30000 # 分布式锁的超时时间,默认为 30 毫秒
|
||||
|
||||
# Actuator 监控端点的配置项
|
||||
management:
|
||||
endpoints:
|
||||
web:
|
||||
base-path: /actuator # Actuator 提供的 API 接口的根目录。默认为 /actuator
|
||||
exposure:
|
||||
include: '*' # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ,可以开放所有端点。
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
file:
|
||||
name: ${LOG_PATH:./logs}/${spring.application.name}.log # 日志文件名,使用环境变量或相对路径
|
||||
|
||||
|
||||
# RocketMQ 配置项
|
||||
rocketmq:
|
||||
name-server: ${ROCKETMQ_NAME_SERVER:172.16.46.63:30876} # RocketMQ Namesrv,使用环境变量
|
||||
producer:
|
||||
group: databus-server-producer-group # 生产者组名
|
||||
send-message-timeout: 10000 # 发送消息超时时间,单位:毫秒
|
||||
|
||||
justauth:
|
||||
enabled: true
|
||||
type:
|
||||
DINGTALK: # 钉钉
|
||||
client-id: dingvrnreaje3yqvzhxg
|
||||
client-secret: i8E6iZyDvZj51JIb0tYsYfVQYOks9Cq1lgryEjFRqC79P3iJcrxEwT6Qk2QvLrLI
|
||||
ignore-check-redirect-uri: true
|
||||
WECHAT_ENTERPRISE: # 企业微信
|
||||
client-id: wwd411c69a39ad2e54
|
||||
client-secret: 1wTb7hYxnpT2TUbIeHGXGo7T0odav1ic10mLdyyATOw
|
||||
agent-id: 1000004
|
||||
ignore-check-redirect-uri: true
|
||||
# noinspection SpringBootApplicationYaml
|
||||
WECHAT_MINI_PROGRAM: # 微信小程序
|
||||
client-id: ${dollar}{wx.miniapp.appid}
|
||||
client-secret: ${dollar}{wx.miniapp.secret}
|
||||
ignore-check-redirect-uri: true
|
||||
ignore-check-state: true # 微信小程序,不会使用到 state,所以不进行校验
|
||||
WECHAT_MP: # 微信公众号
|
||||
client-id: ${dollar}{wx.mp.app-id}
|
||||
client-secret: ${dollar}{wx.mp.secret}
|
||||
ignore-check-redirect-uri: true
|
||||
cache:
|
||||
type: REDIS
|
||||
prefix: 'social_auth_state:' # 缓存前缀,目前只对 Redis 缓存生效,默认 JUSTAUTH::STATE::
|
||||
timeout: 24h # 超时时长,目前只对 Redis 缓存生效,默认 3 分钟
|
||||
|
||||
zt:
|
||||
databus:
|
||||
sync:
|
||||
server:
|
||||
enabled: true
|
||||
clients:
|
||||
- company-b # 配置订阅的客户端(与客户端的client-code一致)
|
||||
mq:
|
||||
enabled: true
|
||||
name-server: ${ROCKETMQ_NAME_SERVER:172.16.46.63:30876} # RocketMQ NameServer 地址,使用环境变量
|
||||
topic-base: databus-sync
|
||||
producer-group: databus-server-producer
|
||||
send-msg-timeout: 10000
|
||||
retry:
|
||||
max-attempts: 5 # 最大重试次数
|
||||
initial-delay: 1 # 初始重试延迟(秒)
|
||||
multiplier: 2 # 重试延迟倍数
|
||||
batch:
|
||||
default-size: 500 # 默认批量大小
|
||||
interval: 5 # 批量推送间隔(秒)
|
||||
@@ -1,111 +0,0 @@
|
||||
spring:
|
||||
# 数据源配置项
|
||||
autoconfigure:
|
||||
# noinspection SpringBootApplicationYaml
|
||||
exclude:
|
||||
- com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceAutoConfigure # 排除 Druid 的自动配置,使用 dynamic-datasource-spring-boot-starter 配置多数据源
|
||||
datasource:
|
||||
druid: # Druid 【监控】相关的全局配置
|
||||
web-stat-filter:
|
||||
enabled: true
|
||||
stat-view-servlet:
|
||||
enabled: true
|
||||
allow: # 设置白名单,不填则允许所有访问
|
||||
url-pattern: /druid/*
|
||||
login-username: # 控制台管理用户名和密码
|
||||
login-password:
|
||||
filter:
|
||||
stat:
|
||||
enabled: true
|
||||
log-slow-sql: true # 慢 SQL 记录
|
||||
slow-sql-millis: 100
|
||||
merge-sql: true
|
||||
wall:
|
||||
config:
|
||||
multi-statement-allow: true
|
||||
dynamic: # 多数据源配置
|
||||
druid: # Druid 【连接池】相关的全局配置
|
||||
initial-size: 1 # 初始连接数
|
||||
min-idle: 1 # 最小连接池数量
|
||||
max-active: 20 # 最大连接池数量
|
||||
max-wait: 600000 # 配置获取连接等待超时的时间,单位:毫秒
|
||||
time-between-eviction-runs-millis: 60000 # 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位:毫秒
|
||||
min-evictable-idle-time-millis: 300000 # 配置一个连接在池中最小生存的时间,单位:毫秒
|
||||
max-evictable-idle-time-millis: 900000 # 配置一个连接在池中最大生存的时间,单位:毫秒
|
||||
validation-query: SELECT 1 FROM DUAL # 配置检测连接是否有效
|
||||
test-while-idle: true
|
||||
test-on-borrow: false
|
||||
test-on-return: false
|
||||
primary: master
|
||||
datasource:
|
||||
master:
|
||||
#url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
|
||||
#username: SYSDBA
|
||||
#password: pgbsci6ddJ6Sqj@e
|
||||
url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
|
||||
username: SYSDBA
|
||||
password: P@ssword25
|
||||
slave: # 模拟从库,可根据自己需要修改 # 模拟从库,可根据自己需要修改
|
||||
lazy: true # 开启懒加载,保证启动速度
|
||||
#url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
|
||||
#username: SYSDBA
|
||||
#password: pgbsci6ddJ6Sqj@e
|
||||
url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
|
||||
username: SYSDBA
|
||||
password: P@ssword25
|
||||
|
||||
# Redis 配置。Redisson 默认的配置足够使用,一般不需要进行调优
|
||||
data:
|
||||
redis:
|
||||
host: 172.16.46.63 # 地址
|
||||
port: 30379 # 端口
|
||||
database: 0 # 数据库索引
|
||||
username: zt-redis # 密码,建议生产环境开启
|
||||
password: P@ssword25
|
||||
|
||||
xxl:
|
||||
job:
|
||||
admin:
|
||||
addresses: http://172.16.46.63:30082/xxl-job-admin # 调度中心部署跟地址
|
||||
|
||||
# Lock4j 配置项
|
||||
lock4j:
|
||||
acquire-timeout: 3000 # 获取分布式锁超时时间,默认为 3000 毫秒
|
||||
expire: 30000 # 分布式锁的超时时间,默认为 30 毫秒
|
||||
|
||||
# Actuator 监控端点的配置项
|
||||
management:
|
||||
endpoints:
|
||||
web:
|
||||
base-path: /actuator # Actuator 提供的 API 接口的根目录。默认为 /actuator
|
||||
exposure:
|
||||
include: '*' # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ,可以开放所有端点。
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
level:
|
||||
# 配置自己写的 MyBatis Mapper 打印日志
|
||||
com.zt.plat.module.databus.dal.mysql: debug
|
||||
org.springframework.context.support.PostProcessorRegistrationDelegate: ERROR
|
||||
|
||||
mybatis-plus:
|
||||
configuration:
|
||||
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
|
||||
|
||||
|
||||
# RocketMQ 配置项
|
||||
rocketmq:
|
||||
name-server: ${ROCKETMQ_NAME_SERVER:172.16.46.63:30876} # RocketMQ Namesrv,使用环境变量
|
||||
producer:
|
||||
group: databus-server-producer-group # 生产者组名
|
||||
send-message-timeout: 10000 # 发送消息超时时间,单位:毫秒
|
||||
|
||||
# ZT配置项,设置当前项目所有自定义的配置
|
||||
zt:
|
||||
env: # 多环境的配置项
|
||||
tag: ${HOSTNAME}
|
||||
security:
|
||||
mock-enable: true
|
||||
access-log: # 访问日志的配置项
|
||||
enable: true
|
||||
|
||||
@@ -1,145 +0,0 @@
|
||||
spring:
|
||||
application:
|
||||
name: databus-server
|
||||
|
||||
profiles:
|
||||
active: ${env.name}
|
||||
#统一nacos配置,使用 profile 管理
|
||||
cloud:
|
||||
nacos:
|
||||
server-addr: ${config.server-addr} # Nacos 服务器地址
|
||||
username: ${config.username} # Nacos 账号
|
||||
password: ${config.password} # Nacos 密码
|
||||
discovery: # 【配置中心】配置项
|
||||
namespace: ${config.namespace} # 命名空间。这里使用 maven Profile 资源过滤进行动态替换
|
||||
group: ${config.group} # 使用的 Nacos 配置分组,默认为 DEFAULT_GROUP
|
||||
metadata:
|
||||
version: 1.0.0 # 服务实例的版本号,可用于灰度发布
|
||||
config: # 【注册中心】配置项
|
||||
namespace: ${config.namespace} # 命名空间。这里使用 maven Profile 资源过滤进行动态替换
|
||||
group: ${config.group} # 使用的 Nacos 配置分组,默认为 DEFAULT_GROUP
|
||||
main:
|
||||
allow-circular-references: true # 允许循环依赖,因为项目是三层架构,无法避免这个情况。
|
||||
allow-bean-definition-overriding: true # 允许 Bean 覆盖,例如说 Feign 等会存在重复定义的服务
|
||||
|
||||
config:
|
||||
import:
|
||||
- optional:classpath:application-${spring.profiles.active}.yaml # 加载【本地】配置
|
||||
- optional:nacos:${spring.application.name}-${spring.profiles.active}.yaml # 加载【Nacos】的配置
|
||||
|
||||
# Servlet 配置
|
||||
servlet:
|
||||
# 文件上传相关配置项
|
||||
multipart:
|
||||
max-file-size: 16MB # 单个文件大小
|
||||
max-request-size: 32MB # 设置总上传的文件大小
|
||||
|
||||
# Jackson 配置项
|
||||
jackson:
|
||||
serialization:
|
||||
write-dates-as-timestamps: true # 设置 LocalDateTime 的格式,使用时间戳
|
||||
write-date-timestamps-as-nanoseconds: false # 设置不使用 nanoseconds 的格式。例如说 1611460870.401,而是直接 1611460870401
|
||||
write-durations-as-timestamps: true # 设置 Duration 的格式,使用时间戳
|
||||
fail-on-empty-beans: false # 允许序列化无属性的 Bean
|
||||
time-zone: Asia/Shanghai
|
||||
|
||||
# Cache 配置项
|
||||
cache:
|
||||
type: REDIS
|
||||
redis:
|
||||
time-to-live: 1h # 设置过期时间为 1 小时
|
||||
|
||||
server:
|
||||
port: 48108
|
||||
|
||||
logging:
|
||||
file:
|
||||
name: ${user.home}/logs/${spring.application.name}.log # 日志文件名,全路径
|
||||
|
||||
springdoc:
|
||||
api-docs:
|
||||
enabled: true # 1. 是否开启 Swagger 接文档的元数据
|
||||
path: /v3/api-docs
|
||||
swagger-ui:
|
||||
enabled: true # 2.1 是否开启 Swagger 文档的官方 UI 界面
|
||||
path: /swagger-ui.html
|
||||
default-flat-param-object: true # 参见 https://doc.xiaominfo.com/docs/faq/v4/knife4j-parameterobject-flat-param 文档
|
||||
|
||||
knife4j:
|
||||
enable: true # 2.2 是否开启 Swagger 文档的 Knife4j UI 界面
|
||||
setting:
|
||||
language: zh_cn
|
||||
|
||||
# MyBatis Plus 的配置项
|
||||
mybatis-plus:
|
||||
configuration:
|
||||
map-underscore-to-camel-case: true # 虽然默认为 true ,但是还是显示去指定下。
|
||||
global-config:
|
||||
db-config:
|
||||
id-type: NONE # “智能”模式,基于 IdTypeEnvironmentPostProcessor + 数据源的类型,自动适配成 AUTO、INPUT 模式。
|
||||
# id-type: AUTO # 自增 ID,适合 MySQL 等直接自增的数据库
|
||||
# id-type: INPUT # 用户输入 ID,适合 Oracle、PostgreSQL、Kingbase、DB2、H2 数据库
|
||||
# id-type: ASSIGN_ID # 分配 ID,默认使用雪花算法。注意,Oracle、PostgreSQL、Kingbase、DB2、H2 数据库时,需要去除实体类上的 @KeySequence 注解
|
||||
logic-delete-value: 1 # 逻辑已删除值(默认为 1)
|
||||
logic-not-delete-value: 0 # 逻辑未删除值(默认为 0)
|
||||
banner: false # 关闭控制台的 Banner 打印
|
||||
type-aliases-package: com.zt.plat.module.*.dal.dataobject
|
||||
encryptor:
|
||||
password: XDV71a+xqStEA3WH # 加解密的秘钥,可使用 https://www.imaegoo.com/2020/aes-key-generator/ 网站生成
|
||||
|
||||
mybatis-plus-join:
|
||||
banner: false # 关闭控制台的 Banner 打印
|
||||
|
||||
# VO 转换(数据翻译)相关
|
||||
easy-trans:
|
||||
is-enable-global: false # 启用全局翻译(拦截所有 SpringMVC ResponseBody 进行自动翻译 )。如果对于性能要求很高可关闭此配置,或通过 @IgnoreTrans 忽略某个接口
|
||||
|
||||
xxl:
|
||||
job:
|
||||
executor:
|
||||
appname: ${spring.application.name} # 执行器 AppName
|
||||
logpath: ${user.home}/logs/xxl-job/${spring.application.name} # 执行器运行日志文件存储磁盘路径
|
||||
accessToken: default_token # 执行器通讯TOKEN
|
||||
|
||||
zt:
|
||||
info:
|
||||
version: 1.0.0
|
||||
base-package: com.zt.plat.module.databus
|
||||
web:
|
||||
admin-ui:
|
||||
url: http://dashboard.zt.iocoder.cn # Admin 管理后台 UI 的地址
|
||||
security:
|
||||
permit-all-urls:
|
||||
- ${databus.api-portal.base-path:/admin-api/databus/api/portal}/**
|
||||
- /admin-api/databus/api/portal/**
|
||||
- /databus/api/portal/**
|
||||
xss:
|
||||
enable: false
|
||||
exclude-urls: # 如下两个 url,仅仅是为了演示,去掉配置也没关系
|
||||
- ${spring.boot.admin.context-path}/** # 不处理 Spring Boot Admin 的请求
|
||||
- ${management.endpoints.web.base-path}/** # 不处理 Actuator 的请求
|
||||
swagger:
|
||||
title: 统一对外 API 网关
|
||||
description: 提供统一对外 API 网关
|
||||
version: ${zt.info.version}
|
||||
tenant: # 多租户相关配置项
|
||||
enable: true
|
||||
ignore-urls:
|
||||
- ${databus.api-portal.base-path:/admin-api/databus/api/portal}/**
|
||||
- /admin-api/databus/api/portal/**
|
||||
- /databus/api/portal/**
|
||||
ignore-tables:
|
||||
- databus_api_client_credential
|
||||
- databus_api_definition_credential
|
||||
# DataBus 数据同步服务端配置
|
||||
databus:
|
||||
sync:
|
||||
server:
|
||||
enabled: true # 启用 DataBus 同步服务端
|
||||
|
||||
databus:
|
||||
gateway:
|
||||
web-client:
|
||||
connection-pool-enabled: false # 默认开启连接池,排查长连接问题时可临时关闭
|
||||
|
||||
debug: false
|
||||
Reference in New Issue
Block a user