From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/resources/application-prod.yml | 305 +++++++++++++++++++++++++++++++++-----------------
1 files changed, 200 insertions(+), 105 deletions(-)
diff --git a/ruoyi-admin/src/main/resources/application-prod.yml b/ruoyi-admin/src/main/resources/application-prod.yml
index be6fe44..2823bba 100644
--- a/ruoyi-admin/src/main/resources/application-prod.yml
+++ b/ruoyi-admin/src/main/resources/application-prod.yml
@@ -1,153 +1,122 @@
---- # 閰嶇疆涓存椂璺緞瀛樺偍
-spring:
- servlet:
- multipart:
- # 涓存椂鏂囦欢瀛樺偍浣嶇疆 閬垮厤涓存椂鏂囦欢琚郴缁熸竻鐞嗘姤閿�
- location: /ruoyi/server/temp
+--- # 涓存椂鏂囦欢瀛樺偍浣嶇疆 閬垮厤涓存椂鏂囦欢琚郴缁熸竻鐞嗘姤閿�
+spring.servlet.multipart.location: /ruoyi/server/temp
---- # 鐩戞帶閰嶇疆
-spring:
- boot:
- admin:
- # Spring Boot Admin Client 瀹㈡埛绔殑鐩稿叧閰嶇疆
- client:
- # 澧炲姞瀹㈡埛绔紑鍏�
- enabled: true
- # 璁剧疆 Spring Boot Admin Server 鍦板潃
- url: http://172.30.0.90:9090/admin
- instance:
- service-host-type: IP
- username: ruoyi
- password: 123456
+--- # 鐩戞帶涓績閰嶇疆
+spring.boot.admin.client:
+ # 澧炲姞瀹㈡埛绔紑鍏�
+ enabled: true
+ url: http://localhost:9090/admin
+ instance:
+ service-host-type: IP
+ metadata:
+ username: ${spring.boot.admin.client.username}
+ userpassword: ${spring.boot.admin.client.password}
+ username: ruoyi
+ password: 123456
---- # xxl-job 閰嶇疆
-xxl:
- job:
- # 鎵ц鍣ㄥ紑鍏�
- enabled: true
- # 璋冨害涓績鍦板潃锛氬璋冨害涓績闆嗙兢閮ㄧ讲瀛樺湪澶氫釜鍦板潃鍒欑敤閫楀彿鍒嗛殧銆�
- admin-addresses: http://172.30.0.92:9100/xxl-job-admin
- # 鎵ц鍣ㄩ�氳TOKEN锛氶潪绌烘椂鍚敤
- access-token: xxl-job
- # 鎵ц鍣ㄩ厤缃�
- executor:
- # 鎵ц鍣ˋppName锛氭墽琛屽櫒蹇冭烦娉ㄥ唽鍒嗙粍渚濇嵁锛涗负绌哄垯鍏抽棴鑷姩娉ㄥ唽
- appname: xxl-job-executor
- # 鎵ц鍣ㄧ鍙e彿 鎵ц鍣ㄤ粠9101寮�濮嬪線鍚庡啓
- port: 9101
- # 鎵ц鍣ㄦ敞鍐岋細榛樿IP:PORT
- address:
- # 鎵ц鍣↖P锛氶粯璁よ嚜鍔ㄨ幏鍙朓P
- ip:
- # 鎵ц鍣ㄨ繍琛屾棩蹇楁枃浠跺瓨鍌ㄧ鐩樿矾寰�
- logpath: ./logs/xxl-job
- # 鎵ц鍣ㄦ棩蹇楁枃浠朵繚瀛樺ぉ鏁帮細澶т簬3鐢熸晥
- logretentiondays: 30
+--- # snail-job 閰嶇疆
+snail-job:
+ enabled: true
+ # 闇�瑕佸湪 SnailJob 鍚庡彴缁勭鐞嗗垱寤哄搴斿悕绉扮殑缁�,鐒跺悗鍒涘缓浠诲姟鐨勬椂鍊欓�夋嫨瀵瑰簲鐨勭粍,鎵嶈兘姝g‘鍒嗘淳浠诲姟
+ group: "ruoyi_group"
+ # SnailJob 鎺ュ叆楠岃瘉浠ょ墝 璇﹁ script/sql/snail_job.sql `sj_group_config` 琛�
+ token: "SJ_cKqBTPzCsWA3VyuCfFoccmuIEGXjr5KT"
+ server:
+ host: 127.0.0.1
+ port: 17888
+ # 璇﹁ script/sql/snail_job.sql `sj_namespace` 琛�
+ namespace: ${spring.profiles.active}
+ # 闅忎富搴旂敤绔彛椋橀��
+ port: 2${server.port}
--- # 鏁版嵁婧愰厤缃�
spring:
datasource:
- type: com.alibaba.druid.pool.DruidDataSource
+ type: com.zaxxer.hikari.HikariDataSource
# 鍔ㄦ�佹暟鎹簮鏂囨。 https://www.kancloud.cn/tracy5546/dynamic-datasource/content
dynamic:
# 鎬ц兘鍒嗘瀽鎻掍欢(鏈夋�ц兘鎹熻�� 涓嶅缓璁敓浜х幆澧冧娇鐢�)
p6spy: false
# 璁剧疆榛樿鐨勬暟鎹簮鎴栬�呮暟鎹簮缁�,榛樿鍊煎嵆涓� master
primary: master
+ # 涓ユ牸妯″紡 鍖归厤涓嶅埌鏁版嵁婧愬垯鎶ラ敊
+ strict: true
datasource:
# 涓诲簱鏁版嵁婧�
master:
+ type: ${spring.datasource.type}
driverClassName: com.mysql.cj.jdbc.Driver
# jdbc 鎵�鏈夊弬鏁伴厤缃弬鑰� https://lionli.blog.csdn.net/article/details/122018562
# rewriteBatchedStatements=true 鎵瑰鐞嗕紭鍖� 澶у箙鎻愬崌鎵归噺鎻掑叆鏇存柊鍒犻櫎鎬ц兘(瀵规暟鎹簱鏈夋�ц兘鎹熻�� 浣跨敤鎵归噺鎿嶄綔搴旇�冭檻鎬ц兘闂)
- url: jdbc:mysql://172.30.0.36:3306/ry-vue?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&autoReconnect=true&rewriteBatchedStatements=true
+ url: jdbc:mysql://localhost:3306/ry-vue?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&autoReconnect=true&rewriteBatchedStatements=true&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true
username: root
password: root
# 浠庡簱鏁版嵁婧�
slave:
lazy: true
+ type: ${spring.datasource.type}
driverClassName: com.mysql.cj.jdbc.Driver
- url:
+ url: jdbc:mysql://localhost:3306/ry-vue?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&autoReconnect=true&rewriteBatchedStatements=true&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true
username:
password:
# oracle:
+# type: ${spring.datasource.type}
# driverClassName: oracle.jdbc.OracleDriver
-# url: jdbc:oracle:thin:@//172.30.0.36:1521/XE
+# url: jdbc:oracle:thin:@//localhost:1521/XE
# username: ROOT
# password: root
-# druid:
-# validationQuery: SELECT 1 FROM DUAL
- druid:
- # 鍒濆杩炴帴鏁�
- initialSize: 5
- # 鏈�灏忚繛鎺ユ睜鏁伴噺
- minIdle: 10
+# postgres:
+# type: ${spring.datasource.type}
+# driverClassName: org.postgresql.Driver
+# url: jdbc:postgresql://localhost:5432/postgres?useUnicode=true&characterEncoding=utf8&useSSL=true&autoReconnect=true&reWriteBatchedInserts=true
+# username: root
+# password: root
+# sqlserver:
+# type: ${spring.datasource.type}
+# driverClassName: com.microsoft.sqlserver.jdbc.SQLServerDriver
+# url: jdbc:sqlserver://localhost:1433;DatabaseName=tempdb;SelectMethod=cursor;encrypt=false;rewriteBatchedStatements=true
+# username: SA
+# password: root
+ hikari:
# 鏈�澶ц繛鎺ユ睜鏁伴噺
- maxActive: 20
+ maxPoolSize: 20
+ # 鏈�灏忕┖闂茬嚎绋嬫暟閲�
+ minIdle: 10
# 閰嶇疆鑾峰彇杩炴帴绛夊緟瓒呮椂鐨勬椂闂�
- maxWait: 60000
- # 閰嶇疆闂撮殧澶氫箙鎵嶈繘琛屼竴娆℃娴嬶紝妫�娴嬮渶瑕佸叧闂殑绌洪棽杩炴帴锛屽崟浣嶆槸姣
- timeBetweenEvictionRunsMillis: 60000
- # 閰嶇疆涓�涓繛鎺ュ湪姹犱腑鏈�灏忕敓瀛樼殑鏃堕棿锛屽崟浣嶆槸姣
- minEvictableIdleTimeMillis: 300000
- # 閰嶇疆涓�涓繛鎺ュ湪姹犱腑鏈�澶х敓瀛樼殑鏃堕棿锛屽崟浣嶆槸姣
- maxEvictableIdleTimeMillis: 900000
- # 閰嶇疆妫�娴嬭繛鎺ユ槸鍚︽湁鏁�
- validationQuery: SELECT 1
- testWhileIdle: true
- testOnBorrow: false
- testOnReturn: false
- # 娉ㄦ剰杩欎釜鍊煎拰druid鍘熺敓涓嶄竴鑷达紝榛樿鍚姩浜唖tat
- filters: stat
-
---- # druid 閰嶇疆
-spring:
- datasource:
- druid:
- webStatFilter:
- enabled: true
- statViewServlet:
- enabled: true
- # 璁剧疆鐧藉悕鍗曪紝涓嶅~鍒欏厑璁告墍鏈夎闂�
- allow:
- url-pattern: /druid/*
- # 鎺у埗鍙扮鐞嗙敤鎴峰悕鍜屽瘑鐮�
- login-username: ruoyi
- login-password: 123456
- filter:
- stat:
- enabled: true
- # 鎱QL璁板綍
- log-slow-sql: true
- slow-sql-millis: 1000
- merge-sql: true
- wall:
- config:
- multi-statement-allow: true
+ connectionTimeout: 30000
+ # 鏍¢獙瓒呮椂鏃堕棿
+ validationTimeout: 5000
+ # 绌洪棽杩炴帴瀛樻椿鏈�澶ф椂闂达紝榛樿10鍒嗛挓
+ idleTimeout: 600000
+ # 姝ゅ睘鎬ф帶鍒舵睜涓繛鎺ョ殑鏈�闀跨敓鍛藉懆鏈燂紝鍊�0琛ㄧず鏃犻檺鐢熷懡鍛ㄦ湡锛岄粯璁�30鍒嗛挓
+ maxLifetime: 1800000
+ # 澶氫箙妫�鏌ヤ竴娆¤繛鎺ョ殑娲绘��
+ keepaliveTime: 30000
--- # redis 鍗曟満閰嶇疆(鍗曟満涓庨泦缇ゅ彧鑳藉紑鍚竴涓彟涓�涓渶瑕佹敞閲婃帀)
-spring:
+spring.data:
redis:
# 鍦板潃
- host: 172.30.0.48
+ host: localhost
# 绔彛锛岄粯璁や负6379
port: 6379
# 鏁版嵁搴撶储寮�
database: 0
- # 瀵嗙爜
- password:
+ # redis 瀵嗙爜蹇呴』閰嶇疆
+ password: ruoyi123
# 杩炴帴瓒呮椂鏃堕棿
timeout: 10s
# 鏄惁寮�鍚痵sl
- ssl: false
+ ssl.enabled: false
+# redisson 閰嶇疆
redisson:
+ # redis key鍓嶇紑
+ keyPrefix:
# 绾跨▼姹犳暟閲�
threads: 16
# Netty绾跨▼姹犳暟閲�
nettyThreads: 32
- # 浼犺緭妯″紡
- transportMode: "NIO"
# 鍗曡妭鐐归厤缃�
singleServerConfig:
# 瀹㈡埛绔悕绉�
@@ -160,9 +129,135 @@
idleConnectionTimeout: 10000
# 鍛戒护绛夊緟瓒呮椂锛屽崟浣嶏細姣
timeout: 3000
- # 濡傛灉灏濊瘯鍦ㄦ闄愬埗涔嬪唴鍙戦�佹垚鍔燂紝鍒欏紑濮嬪惎鐢� timeout 璁℃椂銆�
- retryAttempts: 3
- # 鍛戒护閲嶈瘯鍙戦�佹椂闂撮棿闅旓紝鍗曚綅锛氭绉�
- retryInterval: 1500
# 鍙戝竷鍜岃闃呰繛鎺ユ睜澶у皬
subscriptionConnectionPoolSize: 50
+
+--- # mail 閭欢鍙戦��
+mail:
+ enabled: false
+ host: smtp.163.com
+ port: 465
+ # 鏄惁闇�瑕佺敤鎴峰悕瀵嗙爜楠岃瘉
+ auth: true
+ # 鍙戦�佹柟锛岄伒寰猂FC-822鏍囧噯
+ from: xxx@163.com
+ # 鐢ㄦ埛鍚嶏紙娉ㄦ剰锛氬鏋滀娇鐢╢oxmail閭锛屾澶剈ser涓簈q鍙凤級
+ user: xxx@163.com
+ # 瀵嗙爜锛堟敞鎰忥紝鏌愪簺閭闇�瑕佷负SMTP鏈嶅姟鍗曠嫭璁剧疆瀵嗙爜锛岃鎯呮煡鐪嬬浉鍏冲府鍔╋級
+ pass: xxxxxxxxxx
+ # 浣跨敤 STARTTLS瀹夊叏杩炴帴锛孲TARTTLS鏄绾枃鏈�氫俊鍗忚鐨勬墿灞曘��
+ starttlsEnable: true
+ # 浣跨敤SSL瀹夊叏杩炴帴
+ sslEnable: true
+ # SMTP瓒呮椂鏃堕暱锛屽崟浣嶆绉掞紝缂虹渷鍊间笉瓒呮椂
+ timeout: 0
+ # Socket杩炴帴瓒呮椂鍊硷紝鍗曚綅姣锛岀己鐪佸�间笉瓒呮椂
+ connectionTimeout: 0
+
+--- # sms 鐭俊 鏀寔 闃块噷浜� 鑵捐浜� 浜戠墖 绛夌瓑鍚勫紡鍚勬牱鐨勭煭淇℃湇鍔″晢
+# https://sms4j.com/doc3/ 宸紓閰嶇疆鏂囨。鍦板潃 鏀寔鍗曞巶鍟嗗閰嶇疆锛屽彲浠ラ厤缃涓悓鏃朵娇鐢�
+sms:
+ # 閰嶇疆婧愮被鍨嬬敤浜庢爣瀹氶厤缃潵婧�(interface,yaml)
+ config-type: yaml
+ # 鐢ㄤ簬鏍囧畾yml涓殑閰嶇疆鏄惁寮�鍚煭淇℃嫤鎴紝鎺ュ彛閰嶇疆涓嶅彈姝ら檺鍒�
+ restricted: true
+ # 鐭俊鎷︽埅闄愬埗鍗曟墜鏈哄彿姣忓垎閽熸渶澶у彂閫侊紝鍙寮�鍚簡鎷︽埅鐨勯厤缃湁鏁�
+ minute-max: 1
+ # 鐭俊鎷︽埅闄愬埗鍗曟墜鏈哄彿姣忔棩鏈�澶у彂閫侀噺锛屽彧瀵瑰紑鍚簡鎷︽埅鐨勯厤缃湁鏁�
+ account-max: 30
+ # 浠ヤ笅閰嶇疆鏉ヨ嚜浜� org.dromara.sms4j.provider.config.BaseConfig绫讳腑
+ blends:
+ # 鍞竴ID 鐢ㄤ簬鍙戦�佺煭淇″鎵惧叿浣撻厤缃� 闅忎究瀹氫箟鍒敤涓枃鍗冲彲
+ # 鍙互鍚屾椂瀛樺湪涓や釜鐩稿悓鍘傚晢 渚嬪: ali1 ali2 涓や釜涓嶅悓鐨勯樋閲岀煭淇¤处鍙� 涔熷彲鐢ㄤ簬鍖哄垎绉熸埛
+ config1:
+ # 妗嗘灦瀹氫箟鐨勫巶鍟嗗悕绉版爣璇嗭紝鏍囧畾姝ら厤缃槸鍝釜鍘傚晢锛岃缁嗚鐪嬪巶鍟嗘爣璇嗕粙缁嶉儴鍒�
+ supplier: alibaba
+ # 鏈変簺绉颁负accessKey鏈変簺绉颁箣涓篴piKey锛屼篃鏈夌О涓簊dkKey鎴栬�卆ppId銆�
+ access-key-id: 鎮ㄧ殑accessKey
+ # 绉颁负accessSecret鏈変簺绉颁箣涓篴piSecret
+ access-key-secret: 鎮ㄧ殑accessKeySecret
+ signature: 鎮ㄧ殑鐭俊绛惧悕
+ sdk-app-id: 鎮ㄧ殑sdkAppId
+ config2:
+ # 鍘傚晢鏍囪瘑锛屾爣瀹氭閰嶇疆鏄摢涓巶鍟嗭紝璇︾粏璇风湅鍘傚晢鏍囪瘑浠嬬粛閮ㄥ垎
+ supplier: tencent
+ access-key-id: 鎮ㄧ殑accessKey
+ access-key-secret: 鎮ㄧ殑accessKeySecret
+ signature: 鎮ㄧ殑鐭俊绛惧悕
+ sdk-app-id: 鎮ㄧ殑sdkAppId
+
+--- # 涓夋柟鎺堟潈
+justauth:
+ # 鍓嶇澶栫綉璁块棶鍦板潃
+ address: http://localhost:80
+ type:
+ maxkey:
+ # maxkey 鏈嶅姟鍣ㄥ湴鍧�
+ # 娉ㄦ剰 濡備笅鍧囬厤缃潎涓嶉渶瑕佷慨鏀� maxkey 宸茬粡鍐呯疆濂戒簡鏁版嵁
+ server-url: http://sso.maxkey.top
+ client-id: 876892492581044224
+ client-secret: x1Y5MTMwNzIwMjMxNTM4NDc3Mzche8
+ redirect-uri: ${justauth.address}/social-callback?source=maxkey
+ topiam:
+ # topiam 鏈嶅姟鍣ㄥ湴鍧�
+ server-url: http://127.0.0.1:1989/api/v1/authorize/y0q************spq***********8ol
+ client-id: 449c4*********937************759
+ client-secret: ac7***********1e0************28d
+ redirect-uri: ${justauth.address}/social-callback?source=topiam
+ scopes: [ openid, email, phone, profile ]
+ qq:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=qq
+ union-id: false
+ weibo:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=weibo
+ gitee:
+ client-id: 91436b7940090d09c72c7daf85b959cfd5f215d67eea73acbf61b6b590751a98
+ client-secret: 02c6fcfd70342980cd8dd2f2c06c1a350645d76c754d7a264c4e125f9ba915ac
+ redirect-uri: ${justauth.address}/social-callback?source=gitee
+ dingtalk:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=dingtalk
+ baidu:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=baidu
+ csdn:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=csdn
+ coding:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=coding
+ coding-group-name: xx
+ oschina:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=oschina
+ alipay_wallet:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=alipay_wallet
+ alipay-public-key: MIIB**************DAQAB
+ wechat_open:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=wechat_open
+ wechat_mp:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=wechat_mp
+ wechat_enterprise:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=wechat_enterprise
+ agent-id: 1000002
+ gitlab:
+ client-id: 10**********6
+ client-secret: 1f7d08**********5b7**********29e
+ redirect-uri: ${justauth.address}/social-callback?source=gitlab
--
Gitblit v1.9.3