From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/resources/application.yml | 123 +++++++++++++++++++++--------------------
1 files changed, 63 insertions(+), 60 deletions(-)
diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index 31d0de5..5d94bef 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -5,11 +5,7 @@
# 鐗堟湰
version: ${revision}
# 鐗堟潈骞翠唤
- copyrightYear: 2023
- # 瀹炰緥婕旂ず寮�鍏�
- demoEnabled: true
- # 鑾峰彇ip鍦板潃寮�鍏�
- addressEnabled: true
+ copyrightYear: 2024
captcha:
enable: true
@@ -50,6 +46,7 @@
level:
org.dromara: @logging.level@
org.springframework: warn
+ org.mybatis.spring.mapper: error
config: classpath:logback-plus.xml
# 鐢ㄦ埛閰嶇疆
@@ -64,6 +61,10 @@
spring:
application:
name: ${ruoyi.name}
+ threads:
+ # 寮�鍚櫄鎷熺嚎绋� 浠卝dk21鍙敤
+ virtual:
+ enabled: false
# 璧勬簮淇℃伅
messages:
# 鍥介檯鍖栬祫婧愭枃浠惰矾寰�
@@ -78,6 +79,8 @@
# 璁剧疆鎬讳笂浼犵殑鏂囦欢澶у皬
max-request-size: 20MB
mvc:
+ # 璁剧疆闈欐�佽祫婧愯矾寰� 闃叉鎵�鏈夎姹傞兘鍘绘煡闈欐�佽祫婧�
+ static-path-pattern: /static/**
format:
date-time: yyyy-MM-dd HH:mm:ss
jackson:
@@ -96,20 +99,10 @@
sa-token:
# token鍚嶇О (鍚屾椂涔熸槸cookie鍚嶇О)
token-name: Authorization
- # token鏈夋晥鏈� 璁句负涓�澶� (蹇呭畾杩囨湡) 鍗曚綅: 绉�
- timeout: 86400
- # token涓存椂鏈夋晥鏈� (鎸囧畾鏃堕棿鏃犳搷浣滃氨杩囨湡) 鍗曚綅: 绉�
- activity-timeout: 1800
# 鏄惁鍏佽鍚屼竴璐﹀彿骞跺彂鐧诲綍 (涓簍rue鏃跺厑璁镐竴璧风櫥褰�, 涓篺alse鏃舵柊鐧诲綍鎸ゆ帀鏃х櫥褰�)
is-concurrent: true
# 鍦ㄥ浜虹櫥褰曞悓涓�璐﹀彿鏃讹紝鏄惁鍏辩敤涓�涓猼oken (涓簍rue鏃舵墍鏈夌櫥褰曞叡鐢ㄤ竴涓猼oken, 涓篺alse鏃舵瘡娆$櫥褰曟柊寤轰竴涓猼oken)
is-share: false
- # 鏄惁灏濊瘯浠巋eader閲岃鍙杢oken
- is-read-header: true
- # 鏄惁灏濊瘯浠巆ookie閲岃鍙杢oken
- is-read-cookie: false
- # token鍓嶇紑
- token-prefix: "Bearer"
# jwt绉橀挜
jwt-secret-key: abcdefghijklmnopqrstuvwxyz
@@ -128,9 +121,6 @@
# swagger 鏂囨。閰嶇疆
- /*/api-docs
- /*/api-docs/**
- # actuator 鐩戞帶閰嶇疆
- - /actuator
- - /actuator/**
# 澶氱鎴烽厤缃�
tenant:
@@ -145,50 +135,24 @@
- sys_role_menu
- sys_user_post
- sys_user_role
+ - sys_client
+ - sys_oss_config
# MyBatisPlus閰嶇疆
# https://baomidou.com/config/
mybatis-plus:
- # 涓嶆敮鎸佸鍖�, 濡傛湁闇�瑕佸彲鍦ㄦ敞瑙i厤缃� 鎴� 鎻愬崌鎵寘绛夌骇
- # 渚嬪 com.**.**.mapper
+ # 澶氬寘鍚嶄娇鐢� 渚嬪 org.dromara.**.mapper,org.xxx.**.mapper
mapperPackage: org.dromara.**.mapper
# 瀵瑰簲鐨� XML 鏂囦欢浣嶇疆
mapperLocations: classpath*:mapper/**/*Mapper.xml
# 瀹炰綋鎵弿锛屽涓猵ackage鐢ㄩ�楀彿鎴栬�呭垎鍙峰垎闅�
typeAliasesPackage: org.dromara.**.domain
- # 鍚姩鏃舵槸鍚︽鏌� MyBatis XML 鏂囦欢鐨勫瓨鍦紝榛樿涓嶆鏌�
- checkConfigLocation: false
- configuration:
- # 鑷姩椹煎嘲鍛藉悕瑙勫垯锛坈amel case锛夋槧灏�
- mapUnderscoreToCamelCase: true
- # MyBatis 鑷姩鏄犲皠绛栫暐
- # NONE锛氫笉鍚敤 PARTIAL锛氬彧瀵归潪宓屽 resultMap 鑷姩鏄犲皠 FULL锛氬鎵�鏈� resultMap 鑷姩鏄犲皠
- autoMappingBehavior: FULL
- # MyBatis 鑷姩鏄犲皠鏃舵湭鐭ュ垪鎴栨湭鐭ュ睘鎬у鐞嗙瓥
- # NONE锛氫笉鍋氬鐞� WARNING锛氭墦鍗扮浉鍏宠鍛� FAILING锛氭姏鍑哄紓甯稿拰璇︾粏淇℃伅
- autoMappingUnknownColumnBehavior: NONE
- # 鏇磋缁嗙殑鏃ュ織杈撳嚭 浼氭湁鎬ц兘鎹熻�� org.apache.ibatis.logging.stdout.StdOutImpl
- # 鍏抽棴鏃ュ織璁板綍 (鍙崟绾娇鐢� p6spy 鍒嗘瀽) org.apache.ibatis.logging.nologging.NoLoggingImpl
- # 榛樿鏃ュ織杈撳嚭 org.apache.ibatis.logging.slf4j.Slf4jImpl
- logImpl: org.apache.ibatis.logging.nologging.NoLoggingImpl
global-config:
- # 鏄惁鎵撳嵃 Logo banner
- banner: true
dbConfig:
# 涓婚敭绫诲瀷
# AUTO 鑷 NONE 绌� INPUT 鐢ㄦ埛杈撳叆 ASSIGN_ID 闆姳 ASSIGN_UUID 鍞竴 UUID
+ # 濡傞渶鏀逛负鑷 闇�瑕佸皢鏁版嵁搴撹〃鍏ㄩ儴璁剧疆涓鸿嚜澧�
idType: ASSIGN_ID
- # 閫昏緫宸插垹闄ゅ��
- logicDeleteValue: 2
- # 閫昏緫鏈垹闄ゅ��
- logicNotDeleteValue: 0
- # 瀛楁楠岃瘉绛栫暐涔� insert,鍦� insert 鐨勬椂鍊欑殑瀛楁楠岃瘉绛栫暐
- # IGNORED 蹇界暐 NOT_NULL 闈濶ULL NOT_EMPTY 闈炵┖ DEFAULT 榛樿 NEVER 涓嶅姞鍏� SQL
- insertStrategy: NOT_NULL
- # 瀛楁楠岃瘉绛栫暐涔� update,鍦� update 鐨勬椂鍊欑殑瀛楁楠岃瘉绛栫暐
- updateStrategy: NOT_NULL
- # 瀛楁楠岃瘉绛栫暐涔� select,鍦� select 鐨勬椂鍊欑殑瀛楁楠岃瘉绛栫暐鏃� wrapper 鏍规嵁鍐呴儴 entity 鐢熸垚鐨� where 鏉′欢
- where-strategy: NOT_NULL
# 鏁版嵁鍔犲瘑
mybatis-encryptor:
@@ -204,8 +168,26 @@
publicKey:
privateKey:
-# Swagger閰嶇疆
-swagger:
+# api鎺ュ彛鍔犲瘑
+api-decrypt:
+ # 鏄惁寮�鍚叏灞�鎺ュ彛鍔犲瘑
+ enabled: true
+ # AES 鍔犲瘑澶存爣璇�
+ headerFlag: encrypt-key
+ # 鍝嶅簲鍔犲瘑鍏挜 闈炲绉扮畻娉曠殑鍏閽� 濡傦細SM2锛孯SA 浣跨敤鑰呰鑷鏇存崲
+ # 瀵瑰簲鍓嶇瑙e瘑绉侀挜 MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAmc3CuPiGL/LcIIm7zryCEIbl1SPzBkr75E2VMtxegyZ1lYRD+7TZGAPkvIsBcaMs6Nsy0L78n2qh+lIZMpLH8wIDAQABAkEAk82Mhz0tlv6IVCyIcw/s3f0E+WLmtPFyR9/WtV3Y5aaejUkU60JpX4m5xNR2VaqOLTZAYjW8Wy0aXr3zYIhhQQIhAMfqR9oFdYw1J9SsNc+CrhugAvKTi0+BF6VoL6psWhvbAiEAxPPNTmrkmrXwdm/pQQu3UOQmc2vCZ5tiKpW10CgJi8kCIFGkL6utxw93Ncj4exE/gPLvKcT+1Emnoox+O9kRXss5AiAMtYLJDaLEzPrAWcZeeSgSIzbL+ecokmFKSDDcRske6QIgSMkHedwND1olF8vlKsJUGK3BcdtM8w4Xq7BpSBwsloE=
+ publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJnNwrj4hi/y3CCJu868ghCG5dUj8wZK++RNlTLcXoMmdZWEQ/u02RgD5LyLAXGjLOjbMtC+/J9qofpSGTKSx/MCAwEAAQ==
+ # 璇锋眰瑙e瘑绉侀挜 闈炲绉扮畻娉曠殑鍏閽� 濡傦細SM2锛孯SA 浣跨敤鑰呰鑷鏇存崲
+ # 瀵瑰簲鍓嶇鍔犲瘑鍏挜 MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==
+ privateKey: MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=
+
+springdoc:
+ api-docs:
+ # 鏄惁寮�鍚帴鍙f枃妗�
+ enabled: true
+# swagger-ui:
+# # 鎸佷箙鍖栬璇佹暟鎹�
+# persistAuthorization: true
info:
# 鏍囬
title: '鏍囬锛�${ruoyi.name}澶氱鎴风鐞嗙郴缁焈鎺ュ彛鏂囨。'
@@ -225,14 +207,6 @@
type: APIKEY
in: HEADER
name: ${sa-token.token-name}
-
-springdoc:
- api-docs:
- # 鏄惁寮�鍚帴鍙f枃妗�
- enabled: true
- swagger-ui:
- # 鎸佷箙鍖栬璇佹暟鎹�
- persistAuthorization: true
#杩欓噷瀹氫箟浜嗕袱涓垎缁勶紝鍙畾涔夊涓紝涔熷彲浠ヤ笉瀹氫箟
group-configs:
- group: 1.婕旂ず妯″潡
@@ -254,6 +228,7 @@
urlPatterns: /system/*,/monitor/*,/tool/*
# 鍏ㄥ眬绾跨▼姹犵浉鍏抽厤缃�
+# 濡備娇鐢↗DK21璇风洿鎺ヤ娇鐢ㄨ櫄鎷熺嚎绋� 涓嶈寮�鍚閰嶇疆
thread-pool:
# 鏄惁寮�鍚嚎绋嬫睜
enabled: false
@@ -281,10 +256,38 @@
logfile:
external-file: ./logs/sys-console.log
+--- # 榛樿/鎺ㄨ崘浣跨敤sse鎺ㄩ��
+sse:
+ enabled: true
+ path: /resource/sse
+
--- # websocket
websocket:
- enabled: true
+ # 濡傛灉鍏抽棴 闇�瑕佸拰鍓嶇寮�鍏充竴璧峰叧闂�
+ enabled: false
# 璺緞
- path: /websocket
+ path: /resource/websocket
# 璁剧疆璁块棶婧愬湴鍧�
allowedOrigins: '*'
+
+--- #flowable閰嶇疆
+flowable:
+ # 寮�鍏� 鐢ㄤ簬鍚姩/鍋滅敤宸ヤ綔娴�
+ enabled: true
+ process.enabled: ${flowable.enabled}
+ eventregistry.enabled: ${flowable.enabled}
+ async-executor-activate: false #鍏抽棴瀹氭椂浠诲姟JOB
+ # 灏哾atabaseSchemaUpdate璁剧疆涓簍rue銆傚綋Flowable鍙戠幇搴撲笌鏁版嵁搴撹〃缁撴瀯涓嶄竴鑷存椂锛屼細鑷姩灏嗘暟鎹簱琛ㄧ粨鏋勫崌绾ц嚦鏂扮増鏈��
+ database-schema-update: true
+ activity-font-name: 瀹嬩綋
+ label-font-name: 瀹嬩綋
+ annotation-font-name: 瀹嬩綋
+ # 鍏抽棴鍚勪釜妯″潡鐢熸垚琛紝鐩墠鍙娇鐢ㄥ伐浣滄祦鍩虹琛�
+ idm:
+ enabled: false
+ cmmn:
+ enabled: false
+ dmn:
+ enabled: false
+ app:
+ enabled: false
--
Gitblit v1.9.3