Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / a30aeb63aed8815a78774d0556a31b1e7d56124a / . / deploy-manifests / k8s-rancher / 1.authx-service / 6.personal-security-center / 4.4.personal-security-center-bff.yaml
blob: 1a6f0077c53f6eef0cad2a488b011c73f9a5ed95 [file] [log] [blame]
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]1# personal-security-center-bff.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: personal-security-center
8 name: personal-security-center-bff-template-env
9data:
10 # 根据情况,修改邮件模板
刘洪青c31902b2020-08-19 14:52:46 +0800[diff] [blame]11 EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
12 EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]13
刘洪青c31902b2020-08-19 14:52:46 +0800[diff] [blame]14 EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
15 EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
16 EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
17 EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]18
刘洪青a30aeb62021-12-29 11:49:50 +0800[diff] [blame^]19 EMAIL_TEMPLATE_USER_SECURITY_QUESTION_SEND_CODE: '{name}:您正在设置安全问题,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
20
刘洪青c31902b2020-08-19 14:52:46 +0800[diff] [blame]21 EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
22 EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
23 EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
24 EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
25 EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
26 EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
27 EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
28 EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青417d2292020-12-21 16:02:05 +0800[diff] [blame]29 EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{name}:您正在绑定钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
30 EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{name}:您正在解绑钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
31
32 EMAIL_TEMPLATE_USER_COMPLETED_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在绑定安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]33
34 # 根据情况,修改短信模板
刘洪青ad59f942020-10-14 16:44:50 +0800[diff] [blame]35 SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}您正在激活帐号,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
36 SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
37 SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]38
刘洪青ad59f942020-10-14 16:44:50 +0800[diff] [blame]39 SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
40 SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
41 SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
42 SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]43
刘洪青a30aeb62021-12-29 11:49:50 +0800[diff] [blame^]44 SMS_TEMPLATE_USER_SECURITY_QUESTION_SEND_CODE: '{name}:您正在设置安全问题,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
45
刘洪青ad59f942020-10-14 16:44:50 +0800[diff] [blame]46 SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
47 SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
48 SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
49 SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
50 SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
51 SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
52 SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
53 SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青417d2292020-12-21 16:02:05 +0800[diff] [blame]54 SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{prefix}{name}:您正在绑定钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
55 SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{prefix}{name}:您正在解绑钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]56
刘洪青dc2c1582021-05-08 17:10:26 +0800[diff] [blame]57 SMS_TEMPLATE_USER_COMPLETED_SECURITY_MOBILE_SEND_CODE: '{name}:您正在绑定安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
58
59 SMS_TEMPLATE_USER_COMPLETED_REALNAME_SEND_CODE_BY_PRE_MOBILE: '{name}:您正在实名认证,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
60
刘洪青ad59f942020-10-14 16:44:50 +0800[diff] [blame]61 SMS_TEMPLATE_ACCOUNT_INFO_SEND_CODE_BY_MOBILE: '{prefix}您当前正在查询账号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
62 SMS_TEMPLATE_ACCOUNT_INFO_SEND_ACCOUNT_NAME: '{prefix}您当前正在查询账号,查询结果为:{accountName},账号是您在学校中的重要信息,请妥善保管。'
刘洪青3655f382020-09-17 11:39:34 +0800[diff] [blame]63
刘洪青c31902b2020-08-19 14:52:46 +0800[diff] [blame]64 SMS_TEMPLATE_PREFIX: ''
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]65
66
67---
68apiVersion: v1
69kind: ConfigMap
70metadata:
71 namespace: personal-security-center
72 name: personal-security-center-bff-env
73data:
74 SERVER_PORT: "8080"
75 SSL_ENABLED: "false"
76 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
77 #SSL_KEYSTORE_PASSWORD: ""
78 #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
79 #SSL_TRUSTSTORE_PASSWORD: ""
80
81 SERVER_MAXHTTPHEADERSIZE: "10240"
82
83 SERVER_TOMCAT_ACCEPT_COUNT: "5000"
84 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
85 SERVER_TOMCAT_MAX_THREADS: "800"
86 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
87
刘洪青9c2687b2020-09-10 15:53:39 +0800[diff] [blame]88 LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
89
90
刘洪青61e83d02020-12-04 00:45:08 +0800[diff] [blame]91 SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE: 10Mb
92 # SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: 10Mb
93
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]94 SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
95 SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
96 SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
97
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]98
99 # 修改为学校的 personal-security-center 的访问域名
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]100 PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://authx-service.paas.xxx.edu.cn/personal
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]101 # 修改为学校的 cas 的访问域名
刘洪青046f19b2021-09-18 11:22:49 +0800[diff] [blame]102 CAS_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/cas
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]103
104 PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
105
106
刘洪青b0fc0e92021-07-17 15:50:00 +0800[diff] [blame]107 ## 密码验证接口(外部接口)
108 PERSONAL_SECURITY_BFF_SECURITY_PASSWORD_VERIFY_URL: ""
109 # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
110
111
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]112 # 新开普人脸对接配置
113 # 修改为实际项目配置
114 PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
115 PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
116 PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
117 PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
118 PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
119
120
121 CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
122 CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
123 #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
124 #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
125 #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
126 #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
127 #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
128
129 CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
130 CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
131 #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
132 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
133 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
134 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
135 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
136
137 USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
138 USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
139 #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
140 #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
141 #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
142 #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
143 #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
144
145 # PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
146 # PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
147 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
148 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
149 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
150 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
151 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
152
153
刘洪青5f8aff12020-09-12 23:24:30 +0800[diff] [blame]154 TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]155 TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
156 TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
刘洪青046f19b2021-09-18 11:22:49 +0800[diff] [blame]157 TPAS_FACE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/face/aiface
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]158 TPAS_CLIENT_AUTH_ENABLED: "false"
159 #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
160 #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
161 #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
162 #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
163 #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
164
165
166 # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
167 # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
168 # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
169 # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
170 # COMMUNICATOR_EMAIL_VALIDATE: "true"
171
172 # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
173
刘洪青046f19b2021-09-18 11:22:49 +0800[diff] [blame]174
175 AUTHX_LOG_ENABLED: "true"
176 AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
177 AUTHX_LOG_RABBITMQ_PORT: "5672"
178 AUTHX_LOG_RABBITMQ_USERNAME: guest
179 AUTHX_LOG_RABBITMQ_PASSWORD: guest
180
181
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]182---
183apiVersion: v1
184kind: Secret
185metadata:
186 namespace: personal-security-center
187 name: personal-security-center-bff-env-secret
188type: Opaque
189data:
190
191
192
193---
194apiVersion: v1
195kind: Service
196metadata:
197 namespace: personal-security-center
198 name: personal-security-center-bff-svc
199 labels:
200 app: personal-security-center-bff
201 needMonitor: 'true'
202spec:
203 ports:
204 - port: 8080
205 targetPort: http
206 protocol: TCP
207 name: http
208 - port: 6060
209 targetPort: http-metrics
210 protocol: TCP
211 name: http-metrics
212 selector:
213 app: personal-security-center-bff
214
215---
216apiVersion: apps/v1
217kind: Deployment
218metadata:
219 namespace: personal-security-center
220 name: personal-security-center-bff
221spec:
222 selector:
223 matchLabels:
224 app: personal-security-center-bff
225 replicas: 1
226 template:
227 metadata:
228 labels:
229 app: personal-security-center-bff
230 spec:
231 containers:
232 - name: personal-security-center-bff
233 # 若使用了学校搭设的私有仓库,请修改
刘洪青c6782852021-12-27 13:31:09 +0800[diff] [blame]234 image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.5.0-RELEASE
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]235 imagePullPolicy: Always
236 ports:
237 - containerPort: 8080
238 name: http
239 - containerPort: 6060
240 name: http-metrics
241 envFrom:
242 - configMapRef:
243 name: jvm-env
244 - secretRef:
245 name: redis-env-secret
246 - secretRef:
247 name: personal-security-center-bff-env-secret
248 - configMapRef:
249 name: personal-security-center-bff-env
250 - configMapRef:
251 name: personal-security-center-bff-template-env
252 resources:
253 requests:
刘洪青5f8aff12020-09-12 23:24:30 +0800[diff] [blame]254 memory: "512Mi"
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]255 limits:
刘洪青5f8aff12020-09-12 23:24:30 +0800[diff] [blame]256 memory: "512Mi"
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]257 readinessProbe:
258 httpGet:
259 path: /actuator/health
260 port: 8080
261 initialDelaySeconds: 20
262 periodSeconds: 5
263 timeoutSeconds: 5
264 successThreshold: 1
265 failureThreshold: 10
266 imagePullSecrets:
267 - name: harbor-registry
268