Gitlink
/
microservices
43
0
Fork 9
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

Merge pull request '完善Nacos安全策略' (#530) from otto/ruoyi-gitlink:dev_PMS into dev_PMS

This commit is contained in:
otto 2024-03-18 10:57:53 +08:00
parent 220b43f7ea c6f4bc3e45
commit 38b92d29a2
11 changed files with 77 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docker-gitlink/build.sh
View File

@ -18,19 +18,6 @@ build_base_image(){
docker build -t gitlink-java:"${base_image_version}" .
}
gen_nacos_config(){
# 修改nacos配置
cd "${orgin_path}"/nacos/conf
# 删除历史配置文件
rm -f application.properties
cp default_application.properties application.properties
# 替换配置
sed -i "s|#nacos_db_url|${nacos_db_url}|g" application.properties
sed -i "s|#nacos_db_name|${nacos_db_name}|g" application.properties
sed -i "s|#nacos_db_username|${nacos_db_username}|g" application.properties
sed -i "s|#nacos_db_password|${nacos_db_password}|g" application.properties
}
gen_nginx_config(){
# 修改nacos配置
cd "${orgin_path}"/nginx/conf
@ -148,6 +135,16 @@ gen_docker_compose(){
sed -i "s|#db_password|${db_password}|g" docker-compose.yml
sed -i "s|#db_name|${db_name}|g" docker-compose.yml
sed -i "s|#mapping_mysql_port|${mapping_mysql_port}|g" docker-compose.yml
# Nacos配置
sed -i "s|#NACOS_MYSQL_SERVICE_HOST|${NACOS_MYSQL_SERVICE_HOST}|g" docker-compose.yml
sed -i "s|#NACOS_MYSQL_SERVICE_PORT|${NACOS_MYSQL_SERVICE_PORT}|g" docker-compose.yml
sed -i "s|#NACOS_MYSQL_SERVICE_DB_NAME|${NACOS_MYSQL_SERVICE_DB_NAME}|g" docker-compose.yml
sed -i "s|#NACOS_MYSQL_SERVICE_USER|${NACOS_MYSQL_SERVICE_USER}|g" docker-compose.yml
sed -i "s|#NACOS_MYSQL_SERVICE_PASSWORD|${NACOS_MYSQL_SERVICE_PASSWORD}|g" docker-compose.yml
sed -i "s|#NACOS_AUTH_ENABLE|${NACOS_AUTH_ENABLE}|g" docker-compose.yml
sed -i "s|#NACOS_AUTH_TOKEN|${NACOS_AUTH_TOKEN}|g" docker-compose.yml
sed -i "s|#NACOS_AUTH_IDENTITY_KEY|${NACOS_AUTH_IDENTITY_KEY}|g" docker-compose.yml
sed -i "s|#NACOS_AUTH_IDENTITY_VALUE|${NACOS_AUTH_IDENTITY_VALUE}|g" docker-compose.yml
}
gen_dockerfile(){
@ -191,6 +188,8 @@ replace_dockerfile_config(){
sed -i "s|#nacos_password|${nacos_password}|g" dockerfile
sed -i "s|#base_image_version|${base_image_version}|g" dockerfile
sed -i "s|#deploy_env|${deploy_env}|g" dockerfile
sed -i "s|#nacos_username|${nacos_username}|g" dockerfile
sed -i "s|#nacos_password|${nacos_password}|g" dockerfile
}
# 微服务模块编译

3
docker-gitlink/copy.sh
View File

@ -62,9 +62,6 @@ copy_jar(){
copy_config(){
# copy 配置文件
echo "begin copy config file "
rm -f "${docker_data}"/gitlink/nacos/conf/application.properties
mkdir -p "${docker_data}"/gitlink/nacos/conf/
cp ./nacos/conf/application.properties "${docker_data}"/gitlink/nacos/conf/application.properties
rm -f "${docker_data}"/gitlink/redis/conf/redis.conf
mkdir -p "${docker_data}"/gitlink/redis/conf/

11
docker-gitlink/default_docker-compose.yml
View File

@ -23,10 +23,17 @@ services:
environment:
- MODE=standalone
- TZ=Asia/Shanghai
- NACOS_AUTH_ENABLE=true
- NACOS_AUTH_ENABLE=#NACOS_AUTH_ENABLE
- MYSQL_SERVICE_HOST=#NACOS_MYSQL_SERVICE_HOST
- MYSQL_SERVICE_PORT=#NACOS_MYSQL_SERVICE_PORT
- MYSQL_SERVICE_DB_NAME=#NACOS_MYSQL_SERVICE_DB_NAME
- MYSQL_SERVICE_USER=#NACOS_MYSQL_SERVICE_USER
- MYSQL_SERVICE_PASSWORD=#NACOS_MYSQL_SERVICE_PASSWORD
- NACOS_AUTH_TOKEN=#NACOS_AUTH_TOKEN
- NACOS_AUTH_IDENTITY_KEY=#NACOS_AUTH_IDENTITY_KEY
- NACOS_AUTH_IDENTITY_VALUE=#NACOS_AUTH_IDENTITY_VALUE
volumes:
- #docker_data/gitlink/nacos/logs/:/home/nacos/logs
- #docker_data/gitlink/nacos/conf/application.properties:/home/nacos/conf/application.properties
ports:
- "#mapping_nacos_port:8848"
deploy:

11
docker-gitlink/dev_config.profile
View File

@ -3,8 +3,15 @@ deploy_env=dev
## 基础镜像版本
base_image_version=1.0.0
## Nacos数据库连接
nacos_db_url=127.0.0.1:3306
nacos_db_name=gitlink-nacos-config
NACOS_MYSQL_SERVICE_HOST=127.0.0.1
NACOS_MYSQL_SERVICE_PORT=3306
NACOS_MYSQL_SERVICE_DB_NAME=gitlink-nacos-config
NACOS_MYSQL_SERVICE_USER=root
NACOS_MYSQL_SERVICE_PASSWORD=123456
NACOS_AUTH_ENABLE=true
NACOS_AUTH_TOKEN=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
NACOS_AUTH_IDENTITY_KEY=gitlink_key
NACOS_AUTH_IDENTITY_VALUE=gitlink_value
nacos_db_username=root
nacos_db_password=123456
## 连接Nacos配置

24
docker-gitlink/nacos/conf/default_application.properties
View File

@ -1,24 +0,0 @@
spring.datasource.platform=mysql
db.num=1
db.url.0=jdbc:mysql://#nacos_db_url/#nacos_db_name?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC
db.user=#nacos_db_username
db.password=#nacos_db_password
nacos.naming.empty-service.auto-clean=true
nacos.naming.empty-service.clean.initial-delay-ms=50000
nacos.naming.empty-service.clean.period-time-ms=30000
management.endpoints.web.exposure.include=*
management.metrics.export.elastic.enabled=false
management.metrics.export.influx.enabled=false
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i
server.tomcat.basedir=/home/ruoyi/nacos/tomcat/logs
nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-ui/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**
nacos.core.auth.system.type=nacos
nacos.core.auth.enabled=true
nacos.core.auth.plugin.nacos.token.expire.seconds=20000
nacos.core.auth.plugin.nacos.token.secret.key=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
nacos.core.auth.caching.enabled=true
nacos.core.auth.enable.userAgentAuthWhite=false
nacos.core.auth.server.identity.key=serverIdentity
nacos.core.auth.server.identity.value=security
nacos.istio.mcp.server.enabled=false

5
docker-gitlink/nacos/dockerfile
View File

@ -1,7 +1,4 @@
# 基础镜像
FROM nacos/nacos-server:v2.2.0
FROM nacos/nacos-server:v2.3.1
# author
MAINTAINER gitlink
# 复制conf文件到路径
COPY ./conf/application.properties /home/nacos/conf/application.properties

13
docker-gitlink/prod_config.profile
View File

@ -3,10 +3,17 @@ deploy_env=prod
## 基础镜像版本
base_image_version=1.0.0
## Nacos数据库连接
nacos_db_url=gitlink-mysql:3306
nacos_db_name=gitlink-nacos-config
NACOS_MYSQL_SERVICE_HOST=gitlink-mysql
NACOS_MYSQL_SERVICE_PORT=3306
NACOS_MYSQL_SERVICE_DB_NAME=gitlink-nacos-config
NACOS_MYSQL_SERVICE_USER=root
NACOS_MYSQL_SERVICE_PASSWORD=Trust_#%01
NACOS_AUTH_ENABLE=true
NACOS_AUTH_TOKEN=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
NACOS_AUTH_IDENTITY_KEY=gitlink_key
NACOS_AUTH_IDENTITY_VALUE=gitlink_value
nacos_db_username=root
nacos_db_password=Trust_#%01
nacos_db_password=hnxjy2024#
## 连接Nacos配置
nacos_ip=gitlink-nacos
nacos_port=8848

15
docker-gitlink/test_config.profile
View File

@ -3,10 +3,17 @@ deploy_env=test
## 基础镜像版本
base_image_version=1.0.0
## Nacos数据库连接
nacos_db_url=gitlink-mysql:3306
nacos_db_name=gitlink-nacos-config
nacos_db_username=root
nacos_db_password=Trust_#%01
NACOS_MYSQL_SERVICE_HOST=gitlink-mysql
NACOS_MYSQL_SERVICE_PORT=3306
NACOS_MYSQL_SERVICE_DB_NAME=gitlink-nacos-config
NACOS_MYSQL_SERVICE_USER=root
NACOS_MYSQL_SERVICE_PASSWORD=Trust_#%01
NACOS_AUTH_ENABLE=true
NACOS_AUTH_TOKEN=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
NACOS_AUTH_IDENTITY_KEY=gitlink_key
NACOS_AUTH_IDENTITY_VALUE=gitlink_value
nacos_username=nacos
nacos_password=hnxjy2023
## 连接Nacos配置
nacos_ip=gitlink-nacos
nacos_port=8848

4
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
View File

@ -125,6 +125,10 @@ public class Constants
* JSON类型
*/
public static final String JSON_CONTENT_TYPE = "application/json";
/**
* 文本类型
*/
public static final String TEXT_CONTENT_TYPE = "text/plain";
/**
* 定时任务违规的字符

7
ruoyi-common/ruoyi-common-httpClient/src/main/java/com/ruoyi/common/httpClient/service/HttpAPIService.java
View File

@ -8,12 +8,8 @@ import com.ruoyi.common.core.constant.HttpStatus;
import com.ruoyi.common.httpClient.domain.CustomHttpDelete;
import org.apache.commons.collections4.MapUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.*;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.entity.mime.MultipartEntityBuilder;
@ -25,7 +21,6 @@ import org.springframework.web.multipart.MultipartFile;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.*;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
@ -246,7 +241,7 @@ public class HttpAPIService {
* @return
* @throws Exception
*/
private JSONObject doRequest(HttpUriRequest request, HashMap<String, String> headers) throws Exception {
public JSONObject doRequest(HttpUriRequest request, HashMap<String, String> headers) throws Exception {
if (headers != null && !headers.isEmpty()) {
headers.forEach(request::setHeader);
}

23
ruoyi-modules/ruoyi-cms/src/main/java/com/ruoyi/cms/doc/service/impl/CmsAsyncServiceImpl.java
View File

@ -17,6 +17,7 @@ import com.ruoyi.cms.utils.CmsConstants;
import com.ruoyi.cms.utils.CmsGitLinkRequestUrl;
import com.ruoyi.cms.utils.CmsUtils;
import com.ruoyi.common.core.constant.CacheConstants;
import com.ruoyi.common.core.constant.Constants;
import com.ruoyi.common.core.constant.SecurityConstants;
import com.ruoyi.common.core.enums.SystemRole;
import com.ruoyi.common.core.exception.ServiceException;
@ -32,6 +33,9 @@ import com.ruoyi.common.security.utils.SecurityUtils;
import com.ruoyi.system.api.RemoteDeptService;
import com.ruoyi.system.api.RemoteZoneService;
import com.ruoyi.system.api.utils.FeignUtils;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -90,6 +94,8 @@ public class CmsAsyncServiceImpl implements ICmsAsyncService {
private HttpAPIService httpAPIService;
@Autowired
private RemoteZoneService remoteZoneService;
@Autowired
private RequestConfig config;
/**
* 异步设置文章更新时间
*
@ -897,11 +903,22 @@ public class CmsAsyncServiceImpl implements ICmsAsyncService {
}
try {
JSONArray jsonArray = new JSONArray();
jsonArray.add(docDetailUrl);
// 推送至百度搜索
String baiduSearchPushUrl = String.format("%s?site=%s&token=%s", baiduSearchUrl, gitlinkUrl, baiduSearchToken);
JSONObject res = httpAPIService.doPost(baiduSearchPushUrl, jsonArray);
// 声明httpPost请求
HttpPost httpPost = new HttpPost(baiduSearchPushUrl);
// 加入配置信息
httpPost.setConfig(config);
String[] param = {
docDetailUrl
};
StringEntity stringEntity = new StringEntity(String.join(",", param), Constants.UTF8);
stringEntity.setContentEncoding(Constants.UTF8);
stringEntity.setContentType(Constants.TEXT_CONTENT_TYPE);
// 把表单放到post里
httpPost.setEntity(stringEntity);
JSONObject res = httpAPIService.doRequest(httpPost, null);
logger.info("推送文章【{}】至百度搜索成功,请求响应为:{}", cmsDoc.getName(), res);
} catch (Exception e) {
logger.error("推送文章【{}】至百度搜索引擎失败:{0}", cmsDoc.getName(), e);