引入jasypt encryption 对配置文件加密、解密

2023-07-31 12:11:05 +08:00 · 2023-07-31 12:11:05 +08:00 · 8865981c04
commit 8865981c04
parent 4f38f3be63
7 changed files with 65 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -107,6 +107,22 @@ yuapi:

 配置完成启动项目，访问 `http://localhost:8101/api/doc.html` 即可打开接口文档

+> **ENC加密配置文件中的内容**
+> 
+> 1) 使用EncryptorTest.java对你需要加密的内容加密，获取密文，在配置文件进行替换
+>   ```yaml
+>   spring:
+>     datasource:
+>       password: ENC(加密后的密文)
+>   ```
+> 2) 启动时指定环境变量 ${ENCRYPTOR_PASSWORD}
+> - idea
+> ![启动配置](doc/runConfig.png)
+> - 命令行启动
+> ```shell
+> java -jar answerBi-backend.jar --ENCRYPTOR_PASSWORD=xxx 
+> ```
+
 ### [前端](https://gitee.com/anscoder/answer-bi-frontend)
 1）执行 npm install 或 yarn 安装依赖
 ```shell
@ -125,10 +141,11 @@ yarn run dev
 - [x] 使用死信队列处理异常情况，将图表生成任务置为失败
 - [x] 引入Guava RateLimiter(单机) 和 Redisson RateLimiter(分布式) 两种限流机制 
 - [x] 支持用户对失败的图表进行手动重试
- [ ] 图表数据分表存储，提高查询灵活性和性能
 - [x] 引入redis缓存提高加载速度
+- [x] 引入jasypt encryption 对配置文件加密、解密
+- [ ] 图表数据分表存储，提高查询灵活性和性能
 - [ ] 给任务执行增加 guava Retrying重试机制，保证系统可靠性
 - [ ] 定时任务把失败状态的图表放到队列中(补偿机制)
 - [ ] 给任务的执行增加超时时间，超时自动标记为失败(超时控制)
 - [ ] 任务执行结果通过websocket实时通知给用户
- [ ] 我的图表管理页增加一个刷新、定时刷新的按钮，保证获取到图表的最新状态(前端轮询)
+- [ ] 我的图表管理页增加一个刷新、定时刷新的按钮，保证获取到图表的最新状态(前端轮询)
--- a/doc/runConfig.png
+++ b/doc/runConfig.png
--- a/pom.xml
+++ b/pom.xml
@ -137,6 +137,12 @@
            <artifactId>redisson</artifactId>
            <version>3.21.3</version>
        </dependency>
+        <!-- 配置文件加密 -->
+        <dependency>
+            <groupId>com.github.ulisesbocchio</groupId>
+            <artifactId>jasypt-spring-boot-starter</artifactId>
+            <version>3.0.5</version>
+        </dependency>
    </dependencies>

    <build>
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@ -7,7 +7,7 @@ spring:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://localhost:3306/answer_bi
    username: root
-    password: 123456
+    password: ENC(W22KZePz8XkyZFkevBe50CCkRC+72Ql+5JJlrJJs/WKLe6FaZHG/hCL84pgH7Xre)
  # Redis 配置
  # todo 需替换配置
  redis:
@ -15,7 +15,7 @@ spring:
    host: localhost
    port: 6379
    timeout: 5000
-    password: 123456
+    password: ENC(fSQ1SjW1aMVBfbTIO/+FCKgywMK+MfCqJbGxGz6sDpnZaVi1l73H0kpPazxV5Tb7)
  # rabbitMq 配置
  rabbitmq:
    host: localhost
--- a/src/main/resources/application-prod.yml
+++ b/src/main/resources/application-prod.yml
@ -6,14 +6,14 @@ spring:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://localhost:3306/answer_bi
    username: root
-    password: 123456
+    password: ENC(W22KZePz8XkyZFkevBe50CCkRC+72Ql+5JJlrJJs/WKLe6FaZHG/hCL84pgH7Xre)
  # Redis 配置
  redis:
    database: 1
    host: localhost
    port: 6379
    timeout: 5000
-    password: 123456
+    password: ENC(fSQ1SjW1aMVBfbTIO/+FCKgywMK+MfCqJbGxGz6sDpnZaVi1l73H0kpPazxV5Tb7)
    # rabbitMq 配置
  rabbitmq:
    host: localhost
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -16,16 +16,16 @@ spring:
  # 数据库配置
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
-    url: jdbc:mysql://localhost:3306/my_db
+    url: jdbc:mysql://localhost:3306/answer_bi
    username: root
-    password: 123456
+    password: ENC(W22KZePz8XkyZFkevBe50CCkRC+72Ql+5JJlrJJs/WKLe6FaZHG/hCL84pgH7Xre)
  # Redis 配置
  redis:
    database: 1
    host: localhost
    port: 6379
    timeout: 5000
-    password: 123456
+    password: ENC(fSQ1SjW1aMVBfbTIO/+FCKgywMK+MfCqJbGxGz6sDpnZaVi1l73H0kpPazxV5Tb7)
  # rabbitMq 配置
  rabbitmq:
    host: localhost
@ -88,5 +88,9 @@ cos:

 yuapi:
  client:
-    access-key: xyjjaiosvyjxfk4t98g0qlrplfijigrz
-    secret-key: q6lppq8sdz587jggbttg35nrsj1iyofl
+    access-key: ENC(v27uTfT5pLqgnpL5glE1dJGChWOzY9ODw/kXrvZ/YO4vbWpyjbI80nclIm2neceZwN7rCiexSFhmrXEu18eZsyfOlU5IfbwFAITBPg/GJ2I=)
+    secret-key: ENC(5Gn5+7922Qg1Ru3VrzVMkX/PdKou6DfzaTKS2tKetd1Z7PXsNY0Pv6GNXIZwzkb2z2+OKU40XKRdPH57Ds/D0p6338kbMUg704Wj8INOWhI=)
+
+jasypt:
+  encryptor:
+    password: ${ENCRYPTOR_PASSWORD}
--- a/src/test/java/top/peng/answerbi/manager/EncryptorTest.java
+++ b/src/test/java/top/peng/answerbi/manager/EncryptorTest.java
@ -0,0 +1,27 @@
+package top.peng.answerbi.manager;
+
+import org.jasypt.encryption.StringEncryptor;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+
+/**
+ * AiManagerTest
+ *
+ * @author yunpeng
+ * @version 1.0 2023/7/14
+ */
+@SpringBootTest
+class EncryptorTest {
+
+    @Autowired
+    private StringEncryptor stringEncryptor;
+
+    @Test
+    void encode() {
+        String password = "123456";
+
+        System.out.println( "加密密文：" + stringEncryptor.encrypt(password));
+        System.out.println("解密密文：" + stringEncryptor.decrypt(stringEncryptor.encrypt(password)));
+    }
+}