From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/resources/application.yml | 326 +++++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 247 insertions(+), 79 deletions(-)
diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index 4c9aa84..5d94bef 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -1,125 +1,293 @@
# 椤圭洰鐩稿叧閰嶇疆
ruoyi:
# 鍚嶇О
- name: RuoYi
+ name: RuoYi-Vue-Plus
# 鐗堟湰
- version: 3.0.0
+ version: ${revision}
# 鐗堟潈骞翠唤
- copyrightYear: 2019
- # 瀹炰緥婕旂ず寮�鍏�
- demoEnabled: true
- # 鏂囦欢璺緞 绀轰緥锛� Windows閰嶇疆D:/ruoyi/uploadPath锛孡inux閰嶇疆 /home/ruoyi/uploadPath锛�
- profile: D:/ruoyi/uploadPath
- # 鑾峰彇ip鍦板潃寮�鍏�
- addressEnabled: false
+ copyrightYear: 2024
+
+captcha:
+ enable: true
+ # 椤甸潰 <鍙傛暟璁剧疆> 鍙紑鍚叧闂� 楠岃瘉鐮佹牎楠�
+ # 楠岃瘉鐮佺被鍨� math 鏁扮粍璁$畻 char 瀛楃楠岃瘉
+ type: MATH
+ # line 绾挎骞叉壈 circle 鍦嗗湀骞叉壈 shear 鎵洸骞叉壈
+ category: CIRCLE
+ # 鏁板瓧楠岃瘉鐮佷綅鏁�
+ numberLength: 1
+ # 瀛楃楠岃瘉鐮侀暱搴�
+ charLength: 4
# 寮�鍙戠幆澧冮厤缃�
server:
# 鏈嶅姟鍣ㄧ殑HTTP绔彛锛岄粯璁や负8080
- port: 8081
+ port: 8080
servlet:
# 搴旂敤鐨勮闂矾寰�
context-path: /
+ # undertow 閰嶇疆
undertow:
- # 璁剧疆IO绾跨▼鏁�, 瀹冧富瑕佹墽琛岄潪闃诲鐨勪换鍔�,瀹冧滑浼氳礋璐e涓繛鎺�, 榛樿璁剧疆姣忎釜CPU鏍稿績涓�涓嚎绋�
- io-threads: 8
- # 闃诲浠诲姟绾跨▼姹�, 褰撴墽琛岀被浼約ervlet璇锋眰闃诲鎿嶄綔, undertow浼氫粠杩欎釜绾跨▼姹犱腑鍙栧緱绾跨▼,瀹冪殑鍊艰缃彇鍐充簬绯荤粺鐨勮礋杞�
- worker-threads: 256
+ # HTTP post鍐呭鐨勬渶澶уぇ灏忋�傚綋鍊间负-1鏃讹紝榛樿鍊间负澶у皬鏄棤闄愮殑
+ max-http-post-size: -1
# 浠ヤ笅鐨勯厤缃細褰卞搷buffer,杩欎簺buffer浼氱敤浜庢湇鍔″櫒杩炴帴鐨処O鎿嶄綔,鏈夌偣绫讳技netty鐨勬睜鍖栧唴瀛樼鐞�
# 姣忓潡buffer鐨勭┖闂村ぇ灏�,瓒婂皬鐨勭┖闂磋鍒╃敤瓒婂厖鍒�
buffer-size: 512
# 鏄惁鍒嗛厤鐨勭洿鎺ュ唴瀛�
direct-buffers: true
-
+ threads:
+ # 璁剧疆IO绾跨▼鏁�, 瀹冧富瑕佹墽琛岄潪闃诲鐨勪换鍔�,瀹冧滑浼氳礋璐e涓繛鎺�, 榛樿璁剧疆姣忎釜CPU鏍稿績涓�涓嚎绋�
+ io: 8
+ # 闃诲浠诲姟绾跨▼姹�, 褰撴墽琛岀被浼約ervlet璇锋眰闃诲鎿嶄綔, undertow浼氫粠杩欎釜绾跨▼姹犱腑鍙栧緱绾跨▼,瀹冪殑鍊艰缃彇鍐充簬绯荤粺鐨勮礋杞�
+ worker: 256
# 鏃ュ織閰嶇疆
logging:
level:
- com.ruoyi: debug
+ org.dromara: @logging.level@
org.springframework: warn
+ org.mybatis.spring.mapper: error
+ config: classpath:logback-plus.xml
+
+# 鐢ㄦ埛閰嶇疆
+user:
+ password:
+ # 瀵嗙爜鏈�澶ч敊璇鏁�
+ maxRetryCount: 5
+ # 瀵嗙爜閿佸畾鏃堕棿锛堥粯璁�10鍒嗛挓锛�
+ lockTime: 10
# Spring閰嶇疆
spring:
+ application:
+ name: ${ruoyi.name}
+ threads:
+ # 寮�鍚櫄鎷熺嚎绋� 浠卝dk21鍙敤
+ virtual:
+ enabled: false
# 璧勬簮淇℃伅
messages:
# 鍥介檯鍖栬祫婧愭枃浠惰矾寰�
basename: i18n/messages
- profiles:
- active: dev
+ profiles:
+ active: @profiles.active@
# 鏂囦欢涓婁紶
servlet:
- multipart:
- # 鍗曚釜鏂囦欢澶у皬
- max-file-size: 10MB
- # 璁剧疆鎬讳笂浼犵殑鏂囦欢澶у皬
- max-request-size: 20MB
- # 鏈嶅姟妯″潡
- devtools:
- restart:
- # 鐑儴缃插紑鍏�
- enabled: true
+ multipart:
+ # 鍗曚釜鏂囦欢澶у皬
+ max-file-size: 10MB
+ # 璁剧疆鎬讳笂浼犵殑鏂囦欢澶у皬
+ max-request-size: 20MB
+ mvc:
+ # 璁剧疆闈欐�佽祫婧愯矾寰� 闃叉鎵�鏈夎姹傞兘鍘绘煡闈欐�佽祫婧�
+ static-path-pattern: /static/**
+ format:
+ date-time: yyyy-MM-dd HH:mm:ss
+ jackson:
+ # 鏃ユ湡鏍煎紡鍖�
+ date-format: yyyy-MM-dd HH:mm:ss
+ serialization:
+ # 鏍煎紡鍖栬緭鍑�
+ indent_output: false
+ # 蹇界暐鏃犳硶杞崲鐨勫璞�
+ fail_on_empty_beans: false
+ deserialization:
+ # 鍏佽瀵硅薄蹇界暐json涓笉瀛樺湪鐨勫睘鎬�
+ fail_on_unknown_properties: false
-# token閰嶇疆
-token:
- # 浠ょ墝鑷畾涔夋爣璇�
- header: Authorization
- # 浠ょ墝瀵嗛挜
- secret: abcdefghijklmnopqrstuvwxyz
- # 浠ょ墝鏈夋晥鏈燂紙榛樿30鍒嗛挓锛�
- expireTime: 30
+# Sa-Token閰嶇疆
+sa-token:
+ # token鍚嶇О (鍚屾椂涔熸槸cookie鍚嶇О)
+ token-name: Authorization
+ # 鏄惁鍏佽鍚屼竴璐﹀彿骞跺彂鐧诲綍 (涓簍rue鏃跺厑璁镐竴璧风櫥褰�, 涓篺alse鏃舵柊鐧诲綍鎸ゆ帀鏃х櫥褰�)
+ is-concurrent: true
+ # 鍦ㄥ浜虹櫥褰曞悓涓�璐﹀彿鏃讹紝鏄惁鍏辩敤涓�涓猼oken (涓簍rue鏃舵墍鏈夌櫥褰曞叡鐢ㄤ竴涓猼oken, 涓篺alse鏃舵瘡娆$櫥褰曟柊寤轰竴涓猼oken)
+ is-share: false
+ # jwt绉橀挜
+ jwt-secret-key: abcdefghijklmnopqrstuvwxyz
-# MyBatis閰嶇疆
+# security閰嶇疆
+security:
+ # 鎺掗櫎璺緞
+ excludes:
+ # 闈欐�佽祫婧�
+ - /*.html
+ - /**/*.html
+ - /**/*.css
+ - /**/*.js
+ # 鍏叡璺緞
+ - /favicon.ico
+ - /error
+ # swagger 鏂囨。閰嶇疆
+ - /*/api-docs
+ - /*/api-docs/**
+
+# 澶氱鎴烽厤缃�
+tenant:
+ # 鏄惁寮�鍚�
+ enable: true
+ # 鎺掗櫎琛�
+ excludes:
+ - sys_menu
+ - sys_tenant
+ - sys_tenant_package
+ - sys_role_dept
+ - sys_role_menu
+ - sys_user_post
+ - sys_user_role
+ - sys_client
+ - sys_oss_config
+
+# MyBatisPlus閰嶇疆
+# https://baomidou.com/config/
mybatis-plus:
- mapper-locations: classpath*:mapper/**/*Mapper.xml
- #瀹炰綋鎵弿锛屽涓猵ackage鐢ㄩ�楀彿鎴栬�呭垎鍙峰垎闅�
- typeAliasesPackage: com.ruoyi.**.domain
- configuration:
- map-underscore-to-camel-case: true
- cache-enabled: true
+ # 澶氬寘鍚嶄娇鐢� 渚嬪 org.dromara.**.mapper,org.xxx.**.mapper
+ mapperPackage: org.dromara.**.mapper
+ # 瀵瑰簲鐨� XML 鏂囦欢浣嶇疆
+ mapperLocations: classpath*:mapper/**/*Mapper.xml
+ # 瀹炰綋鎵弿锛屽涓猵ackage鐢ㄩ�楀彿鎴栬�呭垎鍙峰垎闅�
+ typeAliasesPackage: org.dromara.**.domain
global-config:
- banner: false
- #鍒锋柊mapper 璋冭瘯绁炲櫒
- refresh: true
- db-config:
- #涓婚敭绫诲瀷 0:"鏁版嵁搴揑D鑷", 1:"鐢ㄦ埛杈撳叆ID",2:"鍏ㄥ眬鍞竴ID (鏁板瓧绫诲瀷鍞竴ID)", 3:"鍏ㄥ眬鍞竴ID UUID";
- id-type: auto
- #瀛楁绛栫暐 0:"蹇界暐鍒ゆ柇",1:"闈� NULL 鍒ゆ柇"),2:"闈炵┖鍒ゆ柇"
- field-strategy: not_empty
- #椹煎嘲涓嬪垝绾胯浆鎹�
- db-column-underline: true
- #鏁版嵁搴撳ぇ鍐欎笅鍒掔嚎杞崲
- #capital-mode: true
- #搴忓垪鎺ュ彛瀹炵幇绫婚厤缃�
- #key-generator: com.baomidou.springboot.xxx
- #閫昏緫鍒犻櫎閰嶇疆
- logic-delete-value: 1
- logic-not-delete-value: 0
- #鏁版嵁搴撶被鍨�
- db-type: mysql
- #鑷畾涔塖QL娉ㄥ叆鍣�
- #sql-injector: com.baomidou.mybatisplus.mapper.LogicSqlInjector
- #鑷畾涔夊~鍏呯瓥鐣ユ帴鍙e疄鐜�
- #meta-object-handler: com.baomidou.springboot.xxx
+ dbConfig:
+ # 涓婚敭绫诲瀷
+ # AUTO 鑷 NONE 绌� INPUT 鐢ㄦ埛杈撳叆 ASSIGN_ID 闆姳 ASSIGN_UUID 鍞竴 UUID
+ # 濡傞渶鏀逛负鑷 闇�瑕佸皢鏁版嵁搴撹〃鍏ㄩ儴璁剧疆涓鸿嚜澧�
+ idType: ASSIGN_ID
-# PageHelper鍒嗛〉鎻掍欢
-pagehelper:
- helperDialect: mysql
- reasonable: true
- supportMethodsArguments: true
- params: count=countSql
+# 鏁版嵁鍔犲瘑
+mybatis-encryptor:
+ # 鏄惁寮�鍚姞瀵�
+ enable: false
+ # 榛樿鍔犲瘑绠楁硶
+ algorithm: BASE64
+ # 缂栫爜鏂瑰紡 BASE64/HEX銆傞粯璁ASE64
+ encode: BASE64
+ # 瀹夊叏绉橀挜 瀵圭О绠楁硶鐨勭閽� 濡傦細AES锛孲M4
+ password:
+ # 鍏閽� 闈炲绉扮畻娉曠殑鍏閽� 濡傦細SM2锛孯SA
+ publicKey:
+ privateKey:
-# Swagger閰嶇疆
-swagger:
- # 鏄惁寮�鍚痵wagger
+# api鎺ュ彛鍔犲瘑
+api-decrypt:
+ # 鏄惁寮�鍚叏灞�鎺ュ彛鍔犲瘑
enabled: true
- # 璇锋眰鍓嶇紑
- pathMapping: /dev-api
+ # AES 鍔犲瘑澶存爣璇�
+ headerFlag: encrypt-key
+ # 鍝嶅簲鍔犲瘑鍏挜 闈炲绉扮畻娉曠殑鍏閽� 濡傦細SM2锛孯SA 浣跨敤鑰呰鑷鏇存崲
+ # 瀵瑰簲鍓嶇瑙e瘑绉侀挜 MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAmc3CuPiGL/LcIIm7zryCEIbl1SPzBkr75E2VMtxegyZ1lYRD+7TZGAPkvIsBcaMs6Nsy0L78n2qh+lIZMpLH8wIDAQABAkEAk82Mhz0tlv6IVCyIcw/s3f0E+WLmtPFyR9/WtV3Y5aaejUkU60JpX4m5xNR2VaqOLTZAYjW8Wy0aXr3zYIhhQQIhAMfqR9oFdYw1J9SsNc+CrhugAvKTi0+BF6VoL6psWhvbAiEAxPPNTmrkmrXwdm/pQQu3UOQmc2vCZ5tiKpW10CgJi8kCIFGkL6utxw93Ncj4exE/gPLvKcT+1Emnoox+O9kRXss5AiAMtYLJDaLEzPrAWcZeeSgSIzbL+ecokmFKSDDcRske6QIgSMkHedwND1olF8vlKsJUGK3BcdtM8w4Xq7BpSBwsloE=
+ publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJnNwrj4hi/y3CCJu868ghCG5dUj8wZK++RNlTLcXoMmdZWEQ/u02RgD5LyLAXGjLOjbMtC+/J9qofpSGTKSx/MCAwEAAQ==
+ # 璇锋眰瑙e瘑绉侀挜 闈炲绉扮畻娉曠殑鍏閽� 濡傦細SM2锛孯SA 浣跨敤鑰呰鑷鏇存崲
+ # 瀵瑰簲鍓嶇鍔犲瘑鍏挜 MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==
+ privateKey: MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=
+
+springdoc:
+ api-docs:
+ # 鏄惁寮�鍚帴鍙f枃妗�
+ enabled: true
+# swagger-ui:
+# # 鎸佷箙鍖栬璇佹暟鎹�
+# persistAuthorization: true
+ info:
+ # 鏍囬
+ title: '鏍囬锛�${ruoyi.name}澶氱鎴风鐞嗙郴缁焈鎺ュ彛鏂囨。'
+ # 鎻忚堪
+ description: '鎻忚堪锛氱敤浜庣鐞嗛泦鍥㈡棗涓嬪叕鍙哥殑浜哄憳淇℃伅,鍏蜂綋鍖呮嫭XXX,XXX妯″潡...'
+ # 鐗堟湰
+ version: '鐗堟湰鍙�: ${ruoyi.version}'
+ # 浣滆�呬俊鎭�
+ contact:
+ name: Lion Li
+ email: crazylionli@163.com
+ url: https://gitee.com/dromara/RuoYi-Vue-Plus
+ components:
+ # 閴存潈鏂瑰紡閰嶇疆
+ security-schemes:
+ apiKey:
+ type: APIKEY
+ in: HEADER
+ name: ${sa-token.token-name}
+ #杩欓噷瀹氫箟浜嗕袱涓垎缁勶紝鍙畾涔夊涓紝涔熷彲浠ヤ笉瀹氫箟
+ group-configs:
+ - group: 1.婕旂ず妯″潡
+ packages-to-scan: org.dromara.demo
+ - group: 2.閫氱敤妯″潡
+ packages-to-scan: org.dromara.web
+ - group: 3.绯荤粺妯″潡
+ packages-to-scan: org.dromara.system
+ - group: 4.浠g爜鐢熸垚妯″潡
+ packages-to-scan: org.dromara.generator
# 闃叉XSS鏀诲嚮
-xss:
+xss:
# 杩囨护寮�鍏�
enabled: true
# 鎺掗櫎閾炬帴锛堝涓敤閫楀彿鍒嗛殧锛�
- excludes: /system/notice/*
+ excludes: /system/notice
# 鍖归厤閾炬帴
urlPatterns: /system/*,/monitor/*,/tool/*
+
+# 鍏ㄥ眬绾跨▼姹犵浉鍏抽厤缃�
+# 濡備娇鐢↗DK21璇风洿鎺ヤ娇鐢ㄨ櫄鎷熺嚎绋� 涓嶈寮�鍚閰嶇疆
+thread-pool:
+ # 鏄惁寮�鍚嚎绋嬫睜
+ enabled: false
+ # 闃熷垪鏈�澶ч暱搴�
+ queueCapacity: 128
+ # 绾跨▼姹犵淮鎶ょ嚎绋嬫墍鍏佽鐨勭┖闂叉椂闂�
+ keepAliveSeconds: 300
+
+--- # 鍒嗗竷寮忛攣 lock4j 鍏ㄥ眬閰嶇疆
+lock4j:
+ # 鑾峰彇鍒嗗竷寮忛攣瓒呮椂鏃堕棿锛岄粯璁や负 3000 姣
+ acquire-timeout: 3000
+ # 鍒嗗竷寮忛攣鐨勮秴鏃舵椂闂达紝榛樿涓� 30 绉�
+ expire: 30000
+
+--- # Actuator 鐩戞帶绔偣鐨勯厤缃」
+management:
+ endpoints:
+ web:
+ exposure:
+ include: '*'
+ endpoint:
+ health:
+ show-details: ALWAYS
+ logfile:
+ external-file: ./logs/sys-console.log
+
+--- # 榛樿/鎺ㄨ崘浣跨敤sse鎺ㄩ��
+sse:
+ enabled: true
+ path: /resource/sse
+
+--- # websocket
+websocket:
+ # 濡傛灉鍏抽棴 闇�瑕佸拰鍓嶇寮�鍏充竴璧峰叧闂�
+ enabled: false
+ # 璺緞
+ path: /resource/websocket
+ # 璁剧疆璁块棶婧愬湴鍧�
+ allowedOrigins: '*'
+
+--- #flowable閰嶇疆
+flowable:
+ # 寮�鍏� 鐢ㄤ簬鍚姩/鍋滅敤宸ヤ綔娴�
+ enabled: true
+ process.enabled: ${flowable.enabled}
+ eventregistry.enabled: ${flowable.enabled}
+ async-executor-activate: false #鍏抽棴瀹氭椂浠诲姟JOB
+ # 灏哾atabaseSchemaUpdate璁剧疆涓簍rue銆傚綋Flowable鍙戠幇搴撲笌鏁版嵁搴撹〃缁撴瀯涓嶄竴鑷存椂锛屼細鑷姩灏嗘暟鎹簱琛ㄧ粨鏋勫崌绾ц嚦鏂扮増鏈��
+ database-schema-update: true
+ activity-font-name: 瀹嬩綋
+ label-font-name: 瀹嬩綋
+ annotation-font-name: 瀹嬩綋
+ # 鍏抽棴鍚勪釜妯″潡鐢熸垚琛紝鐩墠鍙娇鐢ㄥ伐浣滄祦鍩虹琛�
+ idm:
+ enabled: false
+ cmmn:
+ enabled: false
+ dmn:
+ enabled: false
+ app:
+ enabled: false
--
Gitblit v1.9.3