From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev

---
 ruoyi-admin/src/main/resources/application.yml |  177 +++++++++++++++++++++++++++++++++--------------------------
 1 files changed, 99 insertions(+), 78 deletions(-)

diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index 2f496b0..5d94bef 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -3,17 +3,12 @@
   # 鍚嶇О
   name: RuoYi-Vue-Plus
   # 鐗堟湰
-  version: ${ruoyi-vue-plus.version}
+  version: ${revision}
   # 鐗堟潈骞翠唤
-  copyrightYear: 2022
-  # 瀹炰緥婕旂ず寮�鍏�
-  demoEnabled: true
-  # 鑾峰彇ip鍦板潃寮�鍏�
-  addressEnabled: true
-  # 缂撳瓨鎳掑姞杞�
-  cacheLazy: false
+  copyrightYear: 2024
 
 captcha:
+  enable: true
   # 椤甸潰 <鍙傛暟璁剧疆> 鍙紑鍚叧闂� 楠岃瘉鐮佹牎楠�
   # 楠岃瘉鐮佺被鍨� math 鏁扮粍璁$畻 char 瀛楃楠岃瘉
   type: MATH
@@ -49,9 +44,10 @@
 # 鏃ュ織閰嶇疆
 logging:
   level:
-    com.ruoyi: @logging.level@
+    org.dromara: @logging.level@
     org.springframework: warn
-  config: classpath:logback.xml
+    org.mybatis.spring.mapper: error
+  config: classpath:logback-plus.xml
 
 # 鐢ㄦ埛閰嶇疆
 user:
@@ -65,6 +61,10 @@
 spring:
   application:
     name: ${ruoyi.name}
+  threads:
+    # 寮�鍚櫄鎷熺嚎绋� 浠卝dk21鍙敤
+    virtual:
+      enabled: false
   # 璧勬簮淇℃伅
   messages:
     # 鍥介檯鍖栬祫婧愭枃浠惰矾寰�
@@ -78,12 +78,9 @@
       max-file-size: 10MB
       # 璁剧疆鎬讳笂浼犵殑鏂囦欢澶у皬
       max-request-size: 20MB
-  # 鏈嶅姟妯″潡
-  devtools:
-    restart:
-      # 鐑儴缃插紑鍏�
-      enabled: true
   mvc:
+    # 璁剧疆闈欐�佽祫婧愯矾寰� 闃叉鎵�鏈夎姹傞兘鍘绘煡闈欐�佽祫婧�
+    static-path-pattern: /static/**
     format:
       date-time: yyyy-MM-dd HH:mm:ss
   jackson:
@@ -102,20 +99,10 @@
 sa-token:
   # token鍚嶇О (鍚屾椂涔熸槸cookie鍚嶇О)
   token-name: Authorization
-  # token鏈夋晥鏈� 璁句负涓�澶� (蹇呭畾杩囨湡) 鍗曚綅: 绉�
-  timeout: 86400
-  # token涓存椂鏈夋晥鏈� (鎸囧畾鏃堕棿鏃犳搷浣滃氨杩囨湡) 鍗曚綅: 绉�
-  activity-timeout: 1800
   # 鏄惁鍏佽鍚屼竴璐﹀彿骞跺彂鐧诲綍 (涓簍rue鏃跺厑璁镐竴璧风櫥褰�, 涓篺alse鏃舵柊鐧诲綍鎸ゆ帀鏃х櫥褰�)
   is-concurrent: true
   # 鍦ㄥ浜虹櫥褰曞悓涓�璐﹀彿鏃讹紝鏄惁鍏辩敤涓�涓猼oken (涓簍rue鏃舵墍鏈夌櫥褰曞叡鐢ㄤ竴涓猼oken, 涓篺alse鏃舵瘡娆$櫥褰曟柊寤轰竴涓猼oken)
   is-share: false
-  # 鏄惁灏濊瘯浠巋eader閲岃鍙杢oken
-  is-read-header: true
-  # 鏄惁灏濊瘯浠巆ookie閲岃鍙杢oken
-  is-read-cookie: false
-  # token鍓嶇紑
-  token-prefix: "Bearer"
   # jwt绉橀挜
   jwt-secret-key: abcdefghijklmnopqrstuvwxyz
 
@@ -128,57 +115,44 @@
     - /**/*.html
     - /**/*.css
     - /**/*.js
-    # swagger 鏂囨。閰嶇疆
+    # 鍏叡璺緞
     - /favicon.ico
+    - /error
+    # swagger 鏂囨。閰嶇疆
     - /*/api-docs
     - /*/api-docs/**
-    # actuator 鐩戞帶閰嶇疆
-    - /actuator
-    - /actuator/**
+
+# 澶氱鎴烽厤缃�
+tenant:
+  # 鏄惁寮�鍚�
+  enable: true
+  # 鎺掗櫎琛�
+  excludes:
+    - sys_menu
+    - sys_tenant
+    - sys_tenant_package
+    - sys_role_dept
+    - sys_role_menu
+    - sys_user_post
+    - sys_user_role
+    - sys_client
+    - sys_oss_config
 
 # MyBatisPlus閰嶇疆
 # https://baomidou.com/config/
 mybatis-plus:
-  # 涓嶆敮鎸佸鍖�, 濡傛湁闇�瑕佸彲鍦ㄦ敞瑙i厤缃� 鎴� 鎻愬崌鎵寘绛夌骇
-  # 渚嬪 com.**.**.mapper
-  mapperPackage: com.ruoyi.**.mapper
+  # 澶氬寘鍚嶄娇鐢� 渚嬪 org.dromara.**.mapper,org.xxx.**.mapper
+  mapperPackage: org.dromara.**.mapper
   # 瀵瑰簲鐨� XML 鏂囦欢浣嶇疆
   mapperLocations: classpath*:mapper/**/*Mapper.xml
   # 瀹炰綋鎵弿锛屽涓猵ackage鐢ㄩ�楀彿鎴栬�呭垎鍙峰垎闅�
-  typeAliasesPackage: com.ruoyi.**.domain
-  # 鍚姩鏃舵槸鍚︽鏌� MyBatis XML 鏂囦欢鐨勫瓨鍦紝榛樿涓嶆鏌�
-  checkConfigLocation: false
-  configuration:
-    # 鑷姩椹煎嘲鍛藉悕瑙勫垯锛坈amel case锛夋槧灏�
-    mapUnderscoreToCamelCase: true
-    # MyBatis 鑷姩鏄犲皠绛栫暐
-    # NONE锛氫笉鍚敤 PARTIAL锛氬彧瀵归潪宓屽 resultMap 鑷姩鏄犲皠 FULL锛氬鎵�鏈� resultMap 鑷姩鏄犲皠
-    autoMappingBehavior: FULL
-    # MyBatis 鑷姩鏄犲皠鏃舵湭鐭ュ垪鎴栨湭鐭ュ睘鎬у鐞嗙瓥
-    # NONE锛氫笉鍋氬鐞� WARNING锛氭墦鍗扮浉鍏宠鍛� FAILING锛氭姏鍑哄紓甯稿拰璇︾粏淇℃伅
-    autoMappingUnknownColumnBehavior: NONE
-    # 鏇磋缁嗙殑鏃ュ織杈撳嚭 浼氭湁鎬ц兘鎹熻�� org.apache.ibatis.logging.stdout.StdOutImpl
-    # 鍏抽棴鏃ュ織璁板綍 (鍙崟绾娇鐢� p6spy 鍒嗘瀽) org.apache.ibatis.logging.nologging.NoLoggingImpl
-    # 榛樿鏃ュ織杈撳嚭 org.apache.ibatis.logging.slf4j.Slf4jImpl
-    logImpl: org.apache.ibatis.logging.nologging.NoLoggingImpl
+  typeAliasesPackage: org.dromara.**.domain
   global-config:
-    # 鏄惁鎵撳嵃 Logo banner
-    banner: true
     dbConfig:
       # 涓婚敭绫诲瀷
       # AUTO 鑷 NONE 绌� INPUT 鐢ㄦ埛杈撳叆 ASSIGN_ID 闆姳 ASSIGN_UUID 鍞竴 UUID
+      # 濡傞渶鏀逛负鑷 闇�瑕佸皢鏁版嵁搴撹〃鍏ㄩ儴璁剧疆涓鸿嚜澧�
       idType: ASSIGN_ID
-      # 閫昏緫宸插垹闄ゅ��
-      logicDeleteValue: 2
-      # 閫昏緫鏈垹闄ゅ��
-      logicNotDeleteValue: 0
-      # 瀛楁楠岃瘉绛栫暐涔� insert,鍦� insert 鐨勬椂鍊欑殑瀛楁楠岃瘉绛栫暐
-      # IGNORED 蹇界暐 NOT_NULL 闈濶ULL NOT_EMPTY 闈炵┖ DEFAULT 榛樿 NEVER 涓嶅姞鍏� SQL
-      insertStrategy: NOT_NULL
-      # 瀛楁楠岃瘉绛栫暐涔� update,鍦� update 鐨勬椂鍊欑殑瀛楁楠岃瘉绛栫暐
-      updateStrategy: NOT_NULL
-      # 瀛楁楠岃瘉绛栫暐涔� select,鍦� select 鐨勬椂鍊欑殑瀛楁楠岃瘉绛栫暐鏃� wrapper 鏍规嵁鍐呴儴 entity 鐢熸垚鐨� where 鏉′欢
-      where-strategy: NOT_NULL
 
 # 鏁版嵁鍔犲瘑
 mybatis-encryptor:
@@ -194,20 +168,38 @@
   publicKey:
   privateKey:
 
-# Swagger閰嶇疆
-swagger:
+# api鎺ュ彛鍔犲瘑
+api-decrypt:
+  # 鏄惁寮�鍚叏灞�鎺ュ彛鍔犲瘑
+  enabled: true
+  # AES 鍔犲瘑澶存爣璇�
+  headerFlag: encrypt-key
+  # 鍝嶅簲鍔犲瘑鍏挜 闈炲绉扮畻娉曠殑鍏閽� 濡傦細SM2锛孯SA 浣跨敤鑰呰鑷鏇存崲
+  # 瀵瑰簲鍓嶇瑙e瘑绉侀挜 MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAmc3CuPiGL/LcIIm7zryCEIbl1SPzBkr75E2VMtxegyZ1lYRD+7TZGAPkvIsBcaMs6Nsy0L78n2qh+lIZMpLH8wIDAQABAkEAk82Mhz0tlv6IVCyIcw/s3f0E+WLmtPFyR9/WtV3Y5aaejUkU60JpX4m5xNR2VaqOLTZAYjW8Wy0aXr3zYIhhQQIhAMfqR9oFdYw1J9SsNc+CrhugAvKTi0+BF6VoL6psWhvbAiEAxPPNTmrkmrXwdm/pQQu3UOQmc2vCZ5tiKpW10CgJi8kCIFGkL6utxw93Ncj4exE/gPLvKcT+1Emnoox+O9kRXss5AiAMtYLJDaLEzPrAWcZeeSgSIzbL+ecokmFKSDDcRske6QIgSMkHedwND1olF8vlKsJUGK3BcdtM8w4Xq7BpSBwsloE=
+  publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJnNwrj4hi/y3CCJu868ghCG5dUj8wZK++RNlTLcXoMmdZWEQ/u02RgD5LyLAXGjLOjbMtC+/J9qofpSGTKSx/MCAwEAAQ==
+  # 璇锋眰瑙e瘑绉侀挜 闈炲绉扮畻娉曠殑鍏閽� 濡傦細SM2锛孯SA 浣跨敤鑰呰鑷鏇存崲
+  # 瀵瑰簲鍓嶇鍔犲瘑鍏挜 MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==
+  privateKey: MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=
+
+springdoc:
+  api-docs:
+    # 鏄惁寮�鍚帴鍙f枃妗�
+    enabled: true
+#  swagger-ui:
+#    # 鎸佷箙鍖栬璇佹暟鎹�
+#    persistAuthorization: true
   info:
     # 鏍囬
-    title: '鏍囬锛�${ruoyi.name}鍚庡彴绠$悊绯荤粺_鎺ュ彛鏂囨。'
+    title: '鏍囬锛�${ruoyi.name}澶氱鎴风鐞嗙郴缁焈鎺ュ彛鏂囨。'
     # 鎻忚堪
     description: '鎻忚堪锛氱敤浜庣鐞嗛泦鍥㈡棗涓嬪叕鍙哥殑浜哄憳淇℃伅,鍏蜂綋鍖呮嫭XXX,XXX妯″潡...'
     # 鐗堟湰
-    version: '鐗堟湰鍙�: ${ruoyi-vue-plus.version}'
+    version: '鐗堟湰鍙�: ${ruoyi.version}'
     # 浣滆�呬俊鎭�
     contact:
       name: Lion Li
       email: crazylionli@163.com
-      url: https://gitee.com/JavaLionLi/RuoYi-Vue-Plus
+      url: https://gitee.com/dromara/RuoYi-Vue-Plus
   components:
     # 閴存潈鏂瑰紡閰嶇疆
     security-schemes:
@@ -215,24 +207,16 @@
         type: APIKEY
         in: HEADER
         name: ${sa-token.token-name}
-
-springdoc:
-  api-docs:
-    # 鏄惁寮�鍚帴鍙f枃妗�
-    enabled: true
-  swagger-ui:
-    # 鎸佷箙鍖栬璇佹暟鎹�
-    persistAuthorization: true
   #杩欓噷瀹氫箟浜嗕袱涓垎缁勶紝鍙畾涔夊涓紝涔熷彲浠ヤ笉瀹氫箟
   group-configs:
     - group: 1.婕旂ず妯″潡
-      packages-to-scan: com.ruoyi.demo
+      packages-to-scan: org.dromara.demo
     - group: 2.閫氱敤妯″潡
-      packages-to-scan: com.ruoyi.web
+      packages-to-scan: org.dromara.web
     - group: 3.绯荤粺妯″潡
-      packages-to-scan: com.ruoyi.system
+      packages-to-scan: org.dromara.system
     - group: 4.浠g爜鐢熸垚妯″潡
-      packages-to-scan: com.ruoyi.generator
+      packages-to-scan: org.dromara.generator
 
 # 闃叉XSS鏀诲嚮
 xss:
@@ -244,6 +228,7 @@
   urlPatterns: /system/*,/monitor/*,/tool/*
 
 # 鍏ㄥ眬绾跨▼姹犵浉鍏抽厤缃�
+# 濡備娇鐢↗DK21璇风洿鎺ヤ娇鐢ㄨ櫄鎷熺嚎绋� 涓嶈寮�鍚閰嶇疆
 thread-pool:
   # 鏄惁寮�鍚嚎绋嬫睜
   enabled: false
@@ -270,3 +255,39 @@
       show-details: ALWAYS
     logfile:
       external-file: ./logs/sys-console.log
+
+--- # 榛樿/鎺ㄨ崘浣跨敤sse鎺ㄩ��
+sse:
+  enabled: true
+  path: /resource/sse
+
+--- # websocket
+websocket:
+  # 濡傛灉鍏抽棴 闇�瑕佸拰鍓嶇寮�鍏充竴璧峰叧闂�
+  enabled: false
+  # 璺緞
+  path: /resource/websocket
+  # 璁剧疆璁块棶婧愬湴鍧�
+  allowedOrigins: '*'
+
+--- #flowable閰嶇疆
+flowable:
+  # 寮�鍏� 鐢ㄤ簬鍚姩/鍋滅敤宸ヤ綔娴�
+  enabled: true
+  process.enabled: ${flowable.enabled}
+  eventregistry.enabled: ${flowable.enabled}
+  async-executor-activate: false #鍏抽棴瀹氭椂浠诲姟JOB
+  #  灏哾atabaseSchemaUpdate璁剧疆涓簍rue銆傚綋Flowable鍙戠幇搴撲笌鏁版嵁搴撹〃缁撴瀯涓嶄竴鑷存椂锛屼細鑷姩灏嗘暟鎹簱琛ㄧ粨鏋勫崌绾ц嚦鏂扮増鏈��
+  database-schema-update: true
+  activity-font-name: 瀹嬩綋
+  label-font-name: 瀹嬩綋
+  annotation-font-name: 瀹嬩綋
+  # 鍏抽棴鍚勪釜妯″潡鐢熸垚琛紝鐩墠鍙娇鐢ㄥ伐浣滄祦鍩虹琛�
+  idm:
+    enabled: false
+  cmmn:
+    enabled: false
+  dmn:
+    enabled: false
+  app:
+    enabled: false

--
Gitblit v1.9.3