-
Notifications
You must be signed in to change notification settings - Fork 87
fix:update model data and API key authentication support #315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: develop
Are you sure you want to change the base?
Changes from all commits
d476dab
01701c5
c582ac8
98c3914
63e4864
5af15d2
b50e53b
3a3a96f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| drop table if exists `t_api_key`; | ||
|
|
||
| create table `t_api_key` | ||
| ( | ||
| `id` int not null auto_increment comment '主键id', | ||
| `api_key` varchar(255) not null comment 'api_key', | ||
| `api_secret` varchar(255) comment '秘钥', | ||
| `expire_time` timestamp not null comment '过期时间', | ||
| `tenant_id` varchar(60) comment '租户id', | ||
| `status` int comment '业务租户id', | ||
| primary key (`id`) using btree, | ||
| unique index `u_idx_api_key` (`api_key`,`api_secret`) using btree | ||
| ) engine = innodb comment = 'api_key表'; | ||
|
|
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| drop table if exists `t_model_data`; | ||
|
|
||
| create table `t_model_data` | ||
| ( | ||
| `id` int not null auto_increment comment '主键id', | ||
| `model_id` varchar(255) not null comment '模型id', | ||
| `data_json` json NOT NULL COMMENT '模型数据', | ||
| `version` varchar(255) comment '版本', | ||
| `created_by` varchar(60) not null comment '创建人', | ||
| `created_time` timestamp not null default current_timestamp comment '创建时间', | ||
| `last_updated_by` varchar(60) not null comment '最后修改人', | ||
| `last_updated_time` timestamp not null default current_timestamp comment '更新时间', | ||
| `tenant_id` varchar(60) comment '租户id', | ||
| `renter_id` varchar(60) comment '业务租户id', | ||
| `site_id` varchar(60) comment '站点id,设计预留字段', | ||
| primary key (`id`) using btree, | ||
| unique index `u_idx_model_data` (`id`,`model_id`) using btree | ||
| ) engine = innodb comment = '模型数据表'; | ||
|
|
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| INSERT INTO `t_api_key` (`id`, `api_key`, `api_secret`, `expire_time`, `tenant_id`, `status`) VALUES (1, '', '', '2032-11-01 11:38:23', NULL, 1); | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 初始化数据插入 这条是已关闭意见的二次风险:最初 CodeRabbit 说“不要提交真实 API key/secret”。当前代码把真实值改成空字符串,但这不是安全修复,因为空字符串同样可以作为有效凭据使用。 建议改法:不要在初始化 SQL 中插入任何启用状态的默认 API Key。服务端也应拒绝空
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 数据库加密存储密钥和APIKEY,环境变量管理解密密钥 |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| package com.tinyengine.it.config; | ||
|
|
||
| import org.springframework.beans.factory.annotation.Value; | ||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.data.redis.connection.RedisConnectionFactory; | ||
| import org.springframework.data.redis.connection.RedisPassword; | ||
| import org.springframework.data.redis.connection.RedisStandaloneConfiguration; | ||
| import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; | ||
| import org.springframework.data.redis.core.RedisTemplate; | ||
| import org.springframework.data.redis.core.StringRedisTemplate; | ||
| import org.springframework.data.redis.serializer.StringRedisSerializer; | ||
|
|
||
| @Configuration | ||
| public class RedisConfig { | ||
|
|
||
| /** | ||
| * 专门用于 Nonce 存储的 RedisTemplate(Key 和 Value 都存字符串) | ||
| * 避免乱码,方便 redis-cli 命令行调试查看 | ||
| */ | ||
| @Bean | ||
| public StringRedisTemplate stringRedisTemplate(RedisConnectionFactory connectionFactory) { | ||
| StringRedisTemplate template = new StringRedisTemplate(); | ||
| template.setConnectionFactory(connectionFactory); | ||
| // StringRedisTemplate 默认使用 StringRedisSerializer,无需额外配置 | ||
| return template; | ||
| } | ||
|
|
||
| /** | ||
| * (可选)如果你的业务还需要存对象,可以配置通用的 RedisTemplate | ||
| */ | ||
| @Bean | ||
| public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory connectionFactory) { | ||
| RedisTemplate<String, Object> template = new RedisTemplate<>(); | ||
| template.setConnectionFactory(connectionFactory); | ||
|
|
||
| // 使用 StringRedisSerializer 序列化 Key | ||
| StringRedisSerializer stringSerializer = new StringRedisSerializer(); | ||
| template.setKeySerializer(stringSerializer); | ||
| template.setHashKeySerializer(stringSerializer); | ||
|
|
||
| // Value 使用 Jackson 序列化(如果存对象) | ||
| // 这里不重复贴 Jackson 代码,保持配置简洁 | ||
| template.afterPropertiesSet(); | ||
| return template; | ||
| } | ||
|
|
||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR变更太多,请先完成以下内容:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
本地postman测试已ok