refactor(security): 重构安全配置并优化测试环境

- 移除旧的测试套件和UAT测试文件 - 更新密码编码器配置使用BCrypt strength=12 - 添加用户角色关联表和相关服务 - 优化前端日期显示格式 - 清理无用资源和配置文件 - 增强测试数据管理和清理功能
2026-03-27 13:00:22 +08:00
parent ce30893a96
commit af44c23f21
294 changed files with 16057 additions and 22601 deletions
@@ -26,21 +26,116 @@ spring:
              basedOnPreviousValue: false

 jwt:
-  secret: ${JWT_SECRET:mySecretKeyForNovalonManageSystem2024}
+  secret: ${JWT_SECRET:enc:U2FsdGVkX1+vZ5Y9QmKxL8nN3rP7tW2jH4fG6dA8sB1cE5yN0zX3qV7wM4}
  expiration: ${JWT_EXPIRATION:86400000}
+  key:
+    encryption:
+      password: ${JWT_KEY_ENCRYPTION_PASSWORD:}
+    rotation:
+      enabled: ${JWT_KEY_ROTATION_ENABLED:true}
+      interval:
+        days: ${JWT_KEY_ROTATION_INTERVAL_DAYS:30}
+
+rate:
+  limit:
+    enabled: ${RATE_LIMIT_ENABLED:true}
+    global:
+      limit-for-period: ${RATE_LIMIT_GLOBAL_LIMIT:1000}
+      limit-refresh-period: ${RATE_LIMIT_GLOBAL_PERIOD:1s}
+      timeout-duration: ${RATE_LIMIT_GLOBAL_TIMEOUT:0}
+    ip:
+      limit-for-period: ${RATE_LIMIT_IP_LIMIT:100}
+      limit-refresh-period: ${RATE_LIMIT_IP_PERIOD:1s}
+      timeout-duration: ${RATE_LIMIT_IP_TIMEOUT:0}
+    user:
+      limit-for-period: ${RATE_LIMIT_USER_LIMIT:200}
+      limit-refresh-period: ${RATE_LIMIT_USER_PERIOD:1s}
+      timeout-duration: ${RATE_LIMIT_USER_TIMEOUT:0}
+
+signature:
+  enabled: ${SIGNATURE_ENABLED:true}
+  secret: ${SIGNATURE_SECRET:NovalonManageSystemSecretKey2026}
+  max-age-minutes: ${SIGNATURE_MAX_AGE_MINUTES:5}
+  nonce-cache-size: ${SIGNATURE_NONCE_CACHE_SIZE:10000}
+  whitelist:
+    paths: ${SIGNATURE_WHITELIST_PATHS:/actuator/health,/actuator/info}
+
+resilience:
+  enabled: ${RESILIENCE_ENABLED:true}
+  circuit-breaker:
+    enabled: ${RESILIENCE_CIRCUIT_BREAKER_ENABLED:true}
+    failure-rate-threshold: ${RESILIENCE_CB_FAILURE_RATE:50}
+    slow-call-rate-threshold: ${RESILIENCE_CB_SLOW_CALL_RATE:100}
+    slow-call-duration-threshold: ${RESILIENCE_CB_SLOW_CALL_DURATION:2s}
+    permitted-number-of-calls-in-half-open-state: ${RESILIENCE_CB_HALF_OPEN_CALLS:10}
+    sliding-window-type: ${RESILIENCE_CB_SLIDING_WINDOW_TYPE:COUNT_BASED}
+    sliding-window-size: ${RESILIENCE_CB_SLIDING_WINDOW_SIZE:100}
+    minimum-number-of-calls: ${RESILIENCE_CB_MIN_CALLS:10}
+    wait-duration-in-open-state: ${RESILIENCE_CB_WAIT_DURATION:10s}
+  retry:
+    enabled: ${RESILIENCE_RETRY_ENABLED:true}
+    max-attempts: ${RESILIENCE_RETRY_MAX_ATTEMPTS:3}
+    wait-duration: ${RESILIENCE_RETRY_WAIT_DURATION:500ms}
+  timeout:
+    enabled: ${RESILIENCE_TIMEOUT_ENABLED:true}
+    duration: ${RESILIENCE_TIMEOUT_DURATION:3s}
+
+user:
+  service:
+    url: ${USER_SERVICE_URL:http://localhost:8084}
+
+permission:
+  cache:
+    expiry:
+      minutes: 5

 management:
  endpoints:
    web:
      exposure:
-        include: health,info,metrics
+        include: health,info,metrics,env,loggers,httptrace,threaddump,heapdump
      base-path: /actuator
  endpoint:
    health:
      show-details: always
+      probes:
+        enabled: true
+      group:
+        liveness:
+          include: ping,livenessState
+        readiness:
+          include: ping,readinessState
+    metrics:
+      enabled: true
+    env:
+      enabled: true
+    loggers:
+      enabled: true
+    httptrace:
+      enabled: true
+  health:
+    livenessstate:
+      enabled: true
+    readinessstate:
+      enabled: true
+    circuitbreakers:
+      enabled: true
+    ratelimiters:
+      enabled: true
  metrics:
    tags:
      application: ${spring.application.name}
+    distribution:
+      percentiles-histogram:
+        http.server.requests: true
+      percentiles:
+        http.server.requests: 0.5,0.95,0.99
+    web:
+      server:
+        request:
+          autotime:
+            enabled: true
+            percentiles: 0.5,0.95,0.99

 logging:
  level: