docs: 认证授权服务部署文档
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
new file mode 100644
index 0000000..4da5aa2
--- /dev/null
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
@@ -0,0 +1,232 @@
+# personal-security-center-bff.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: personal-security-center
+ name: personal-security-center-bff-template-env
+data:
+ # 根据情况,修改邮件模板
+ EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: "{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: "{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+
+ EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: "{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: "{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: "{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: "{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+
+ EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: "{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: "{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: "{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: "{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: "{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: "{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: "{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: "{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+
+ # 根据情况,修改短信模板
+ SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: "{prefix}{name}:您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: "{prefix}{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+
+ SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: "{prefix}{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: "{prefix}{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: "{prefix}{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: "{prefix}{name}:您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。"
+
+ SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: "{prefix}{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: "{prefix}{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: "{prefix}{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: "{prefix}{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: "{prefix}{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: "{prefix}{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: "{prefix}{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+ SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: "{prefix}{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
+
+ SMS_TEMPLATE_PREFIX: ""
+
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: personal-security-center
+ name: personal-security-center-bff-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+ SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+ SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
+
+
+ # 修改为学校的 personal-security-center 的访问域名
+ PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn
+ # 修改为学校的 cas 的访问域名
+ CAS_SERVER_PREFIX: http://cas.paas.xxx.edu.cn/cas
+
+ PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
+
+
+ # 新开普人脸对接配置
+ # 修改为实际项目配置
+ PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
+ PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
+ PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
+ PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
+ PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
+
+
+ CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
+ CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ # PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
+ # PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/db
+ TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
+ TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
+ TPAS_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
+ # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
+ # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
+ # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
+ # COMMUNICATOR_EMAIL_VALIDATE: "true"
+
+ # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: personal-security-center
+ name: personal-security-center-bff-env-secret
+type: Opaque
+data:
+
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: personal-security-center
+ name: personal-security-center-bff-svc
+ labels:
+ app: personal-security-center-bff
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: personal-security-center-bff
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: personal-security-center
+ name: personal-security-center-bff
+spec:
+ selector:
+ matchLabels:
+ app: personal-security-center-bff
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: personal-security-center-bff
+ spec:
+ containers:
+ - name: personal-security-center-bff
+ # 若使用了学校搭设的私有仓库,请修改
+ image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: personal-security-center-bff-env-secret
+ - configMapRef:
+ name: personal-security-center-bff-env
+ - configMapRef:
+ name: personal-security-center-bff-template-env
+ resources:
+ requests:
+ memory: "400Mi"
+ limits:
+ memory: "400Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+