submit

run-prod.sh

@@ -1,3 +1,42 @@
+#!/usr/bin/env bash
+# 定义应用组名
+group_name='zhichen'
+# 定义应用名称
+app_name='zhichen-saas-api'
+# 定义应用版本
+app_version='1.0-SNAPSHOT'
+# 定义应用环境
+profile_active='prod'
+echo '----copy jar----'
+docker stop ${app_name}
+echo '----stop container----'
+docker rm ${app_name}
+echo '----rm container----'
+docker rmi ${group_name}/${app_name}:${app_version}
+echo '----rm image----'
+# 打包编译docker镜像
+docker build -f /mydata/maven/build/Dockerfile -t ${group_name}/${app_name}:${app_version} .
+echo '----build image----'
+docker run -p 5055:5055 --name ${app_name} \
+--restart=always \
+-e 'spring.profiles.active'=${profile_active} \
+-e TZ="Asia/Shanghai" \
+-m 10240m \
+--cpus=3 \
+--log-opt max-size=50m \
+--log-opt max-file=3 \
+-v /etc/localtime:/etc/localtime \
+-v /usr/share/fonts:/usr/share/fonts \
+-v /data/logs/prod_api:/logs \
+-v /mydata/app/${app_name}/logs:/var/logs \
+-d ${group_name}/${app_name}:${app_version}
+echo '----start container----'
+
+echo "开始等待20秒..."
+# 1-10秒内随机
+sleep 5
+echo "等待后继续"
+
 #!/usr/bin/env bash
 # 定义应用组名
 group_admin_name='zhichen'

zhichen-admin/src/main/resources/application-prod.yml

@@ -29,13 +29,13 @@ spring:
             webStatFilter:
                 enabled: true
             statViewServlet:
-                enabled: true
+                enabled: false
                 # 设置白名单，不填则允许所有访问
                 allow:
                 url-pattern: /druid/*
                 # 控制台管理用户名和密码
                 login-username: ruoyi
-                login-password: 123456
+                login-password: ZC@2025
             filter:
                 stat:
                     enabled: true

zhichen-admin/src/main/resources/application.yml

@@ -105,8 +105,10 @@ management:
       base-path: /actuator
       exposure:
         # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ，可以开放所有端点。
-        include: '*'
+        include: health, info  # 只启用健康和info端点
   endpoint:
+    health:
+      show-details: when_authorized  # 敏感信息需要授权
     logfile:
       external-file: ./logs/sys-console.log
 

zhichen-api/src/main/resources/application-prod.yml

@@ -29,13 +29,13 @@ spring:
             webStatFilter:
                 enabled: true
             statViewServlet:
-                enabled: true
+                enabled: false
                 # 设置白名单，不填则允许所有访问
                 allow:
                 url-pattern: /druid/*
                 # 控制台管理用户名和密码
                 login-username: ruoyi
-                login-password: 123456
+                login-password: ZC@2025
             filter:
                 stat:
                     enabled: true

zhichen-api/src/main/resources/application.yml

@@ -105,8 +105,10 @@ management:
       base-path: /actuator
       exposure:
         # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ，可以开放所有端点。
-        include: '*'
+        include: health, info  # 只启用健康和info端点
   endpoint:
+    health:
+      show-details: when_authorized  # 敏感信息需要授权
     logfile:
       external-file: ./logs/sys-console.log
 

zhichen-framework/src/main/java/com/zhichen/framework/config/SecurityConfig.java

@@ -170,7 +170,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 .antMatchers("/swagger-ui.html").anonymous()
                 .antMatchers("/swagger-resources/**").anonymous()
                 .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
+//                .antMatchers("/*/api-docs").anonymous()
                 .antMatchers("/druid/**").anonymous()
                 // Spring Boot Admin Server 的安全配置
                 .antMatchers(adminServerProperties.getContextPath()).anonymous()

zhichen-framework/src/main/java/com/zhichen/framework/web/exception/GlobalExceptionHandler.java

@@ -9,6 +9,7 @@ import com.zhichen.common.exception.DemoModeException;
 import io.jsonwebtoken.ExpiredJwtException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.dao.DataAccessException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -19,6 +20,7 @@ import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.servlet.NoHandlerFoundException;
 
 import javax.validation.ConstraintViolationException;
+import java.sql.SQLException;
 
 /**
  * 全局异常处理器
@@ -52,6 +54,16 @@ public class GlobalExceptionHandler
         return AjaxResult.error(e.getCode(), e.getMessage());
     }
 
+    /**
+     * sql错误
+     */
+    @ExceptionHandler({SQLException.class, DataAccessException.class})
+    public AjaxResult handleAllSqlExceptions(Exception e)
+    {
+        log.error(e.getMessage(), e);
+        return AjaxResult.error(HttpStatus.HTTP_INTERNAL_ERROR, "非法操作，请稍后再试");
+    }
+
     @ExceptionHandler(NoHandlerFoundException.class)
     public AjaxResult handlerNoFoundException(Exception e)
     {