[institute/deploy-authx-service.git] /

# personal-security-center-bff.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: personal-security-center
  name: personal-security-center-bff-template-env
data:
  # 根据情况，修改邮件模板
  EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}：您正在激活帐号，须验证邮箱有效，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}：您正在找回密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  
  EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}：您正在修改密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}：您正在修改安全邮箱，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}：您正在修改安全邮箱，须验证邮箱有效，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}：您正在修改安全手机，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'

  EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}：您正在绑定QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}：您正在解绑QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}：您正在绑定微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}：您正在解绑微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}：您正在绑定企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}：您正在解绑企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}：您正在绑定支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}：您正在解绑支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{name}：您正在绑定钉钉，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{name}：您正在解绑钉钉，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'

  EMAIL_TEMPLATE_USER_COMPLETED_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}：您正在绑定安全邮箱，须验证邮箱有效，验证码{code}，有效期5分钟，请尽快完成验证。'

  # 根据情况，修改短信模板
  SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}您正在激活帐号，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}您正在激活帐号，须验证手机有效，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}您正在找回密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'

  SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}您正在修改密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}您正在修改安全邮箱，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}您正在修改安全手机，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}您正在修改安全手机，须验证手机有效，验证码{code}，有效期5分钟，请尽快完成验证。'

  SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}您正在绑定QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}您正在解绑QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}您正在绑定微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}您正在解绑微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}您正在绑定企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}您正在解绑企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}您正在绑定支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}您正在解绑支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{prefix}{name}：您正在绑定钉钉，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{prefix}{name}：您正在解绑钉钉，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'

  SMS_TEMPLATE_USER_COMPLETED_SECURITY_MOBILE_SEND_CODE: '{name}：您正在绑定安全手机，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'

  SMS_TEMPLATE_USER_COMPLETED_REALNAME_SEND_CODE_BY_PRE_MOBILE: '{name}：您正在实名认证，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'

  SMS_TEMPLATE_ACCOUNT_INFO_SEND_CODE_BY_MOBILE: '{prefix}您当前正在查询账号，须验证手机有效，验证码{code}，有效期5分钟，请尽快完成验证。'
  SMS_TEMPLATE_ACCOUNT_INFO_SEND_ACCOUNT_NAME: '{prefix}您当前正在查询账号，查询结果为：{accountName}，账号是您在学校中的重要信息，请妥善保管。'

  SMS_TEMPLATE_PREFIX: ''


---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: personal-security-center
  name: personal-security-center-bff-env
data:
  SERVER_PORT: "8080"
  SSL_ENABLED: "false"
  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
  #SSL_KEYSTORE_PASSWORD: ""
  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
  #SSL_TRUSTSTORE_PASSWORD: ""

  SERVER_MAXHTTPHEADERSIZE: "10240"

  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
  SERVER_TOMCAT_MAX_THREADS: "800"
  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"

  LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO


  SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE: 10Mb
  # SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: 10Mb

  SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
  SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
  SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"


  # 修改为学校的 personal-security-center 的访问域名
  PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://authx-service.paas.xxx.edu.cn/personal
  # 修改为学校的 cas 的访问域名
  CAS_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/cas

  PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis


  ## 密码验证接口（外部接口）
  PERSONAL_SECURITY_BFF_SECURITY_PASSWORD_VERIFY_URL: ""
  # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword


  # 新开普人脸对接配置
  # 修改为实际项目配置
  PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
  PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
  PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
  PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
  PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"


  CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
  CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
  #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
  #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
  #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
  #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""

  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""

  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""

  # PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
  # PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
  #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
  #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
  #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
  #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""


  TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
  TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
  TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
  TPAS_FACE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/face/aiface
  TPAS_CLIENT_AUTH_ENABLED: "false"
  #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
  #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
  #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
  #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""


  # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
  # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
  # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
  # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
  # COMMUNICATOR_EMAIL_VALIDATE: "true"

  # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send


  AUTHX_LOG_ENABLED: "true"
  AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
  AUTHX_LOG_RABBITMQ_PORT: "5672"
  AUTHX_LOG_RABBITMQ_USERNAME: guest
  AUTHX_LOG_RABBITMQ_PASSWORD: guest


---
apiVersion: v1
kind: Secret
metadata:
  namespace: personal-security-center
  name: personal-security-center-bff-env-secret
type: Opaque
data:



---
apiVersion: v1
kind: Service
metadata:
  namespace: personal-security-center
  name: personal-security-center-bff-svc
  labels:
    app: personal-security-center-bff
    needMonitor: 'true'
spec:
  ports:
    - port: 8080
      targetPort: http
      protocol: TCP
      name: http
    - port: 6060
      targetPort: http-metrics
      protocol: TCP
      name: http-metrics
  selector:
    app: personal-security-center-bff

---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: personal-security-center
  name: personal-security-center-bff
spec:
  selector:
    matchLabels:
      app: personal-security-center-bff
  replicas: 1
  template:
    metadata:
      labels:
        app: personal-security-center-bff
    spec:
      containers:
      - name: personal-security-center-bff
        # 若使用了学校搭设的私有仓库，请修改
        image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.4.0-RELEASE
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
          name: http
        - containerPort: 6060
          name: http-metrics
        envFrom:
        - configMapRef:
            name: jvm-env
        - secretRef:
            name: redis-env-secret
        - secretRef:
            name: personal-security-center-bff-env-secret
        - configMapRef:
            name: personal-security-center-bff-env
        - configMapRef:
            name: personal-security-center-bff-template-env
        resources:
          requests:
            memory: "512Mi"
          limits:
            memory: "512Mi"
        readinessProbe:
          httpGet:
            path: /actuator/health
            port: 8080
          initialDelaySeconds: 20
          periodSeconds: 5
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 10
      imagePullSecrets:
        - name: harbor-registry