🔥MateCloud是一款基于Spring Cloud Alibaba的微服务架构。目前已经整合Spring Boot 2.7.0、 Spring Cloud 2021、Spring Cloud Alibaba 2021、Spring Security Oauth2、Feign、Dubbo、JetCache、RocketMQ等,支持多租户的低代码平台,Saas平台开发套件
Home Page: http://www.mate.vip
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
gateway模块动态路由的实现方式似乎没有删除废弃路由的逻辑。我做了如下改造,不知道是否可行?
package com.example.gateway.config.route;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.api.NacosFactory;
import com.alibaba.nacos.api.config.ConfigService;
import com.alibaba.nacos.api.config.listener.Listener;
import com.alibaba.nacos.api.exception.NacosException;
import com.example.gateway.config.NacosGatewayProperties;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.springframework.cloud.gateway.event.RefreshRoutesEvent;
import org.springframework.cloud.gateway.route.RouteDefinition;
import org.springframework.cloud.gateway.route.RouteDefinitionRepository;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.annotation.DependsOn;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
import reactor.core.publisher.Mono;
import javax.annotation.PostConstruct;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.Executor;
/**
* @author hcq
* @date 2020/11/4 19:31
*/
@Slf4j
@Component
@DependsOn({"nacosProperties"})
public class DynamicRouteConfig implements ApplicationEventPublisherAware {
/**
* 路由规则仓库
*/
private final RouteDefinitionRepository definitionRepository;
/**
* 发布Application事件
*/
private ApplicationEventPublisher publisher;
/**
* NacosConfig Client用于监听Nacos配置变更
*/
private ConfigService configService;
private DynamicRouteConfig(RouteDefinitionRepository definitionRepository) {
this.definitionRepository = definitionRepository;
}
@Override
public void setApplicationEventPublisher(@NonNull ApplicationEventPublisher publisher) {
this.publisher = publisher;
}
@PostConstruct
public void init() {
// 初始化Nacos配置的路由规则,并获取NacosClient
configService = initConfig();
// 监听Nacos配置文件
dynamicRouteByNacosListener(NacosGatewayProperties.NACOS_ROUTE_DATA_ID, NacosGatewayProperties.NACOS_ROUTE_GROUP);
}
/**
* 初始化NacosRoutes
*/
private ConfigService initConfig() {
log.info("gateway route init...");
ConfigService configService = null;
try {
Properties properties = new Properties();
properties.setProperty("serverAddr", NacosGatewayProperties.NACOS_SERVER_ADDR);
properties.setProperty("namespace", NacosGatewayProperties.NACOS_NAMESPACE);
configService = NacosFactory.createConfigService(properties);
if (configService == null) {
log.warn("initConfigService fail");
throw new IllegalArgumentException("initConfigService fail");
}
String configInfo = configService.getConfig(NacosGatewayProperties.NACOS_ROUTE_DATA_ID, NacosGatewayProperties.NACOS_ROUTE_GROUP, NacosGatewayProperties.DEFAULT_TIMEOUT);
// 初始化路由规则
if (StringUtils.isNotBlank(configInfo)) {
updateRouteRule(configInfo);
}
} catch (Exception e) {
log.error("初始化网关路由时发生错误", e);
}
return configService;
}
/**
* 根据Nacos中配置的路由规则json串更新路由规则
*
* @param routesStr Nacos中配置的路由规则json串
*/
private void updateRouteRule(String routesStr) {
System.out.println(this);
log.info("更新gateway路由规则\n\r{}", routesStr);
definitionRepository.getRouteDefinitions().collectMap(RouteDefinition::getId).subscribe(oldRoutes -> {
List<RouteDefinition> nowRoutes = JSONObject.parseArray(routesStr, RouteDefinition.class);
// 删除原有规则
for (RouteDefinition oldRoute : oldRoutes.values()) {
log.info("gateway remove route {}", oldRoute);
definitionRepository.delete(Mono.just(oldRoute.getId())).subscribe();
}
// 加载配置文件中的规则
for (RouteDefinition route : nowRoutes) {
log.info("gateway add route {}", route);
definitionRepository.save(Mono.just(route)).subscribe();
}
this.publisher.publishEvent(new RefreshRoutesEvent(this));
});
}
/**
* 监听Nacos下发的动态路由配置
*
* @param dataId 路由规则
* @param group 路由规则group
*/
private void dynamicRouteByNacosListener(String dataId, String group) {
try {
DynamicRouteConfig routeConfig = this;
configService.addListener(dataId, group, new Listener() {
@Override
public void receiveConfigInfo(String configInfo) {
System.out.println(this);
System.out.println(routeConfig);
routeConfig.updateRouteRule(configInfo);
}
@Override
public Executor getExecutor() {
log.info("getExecutor\n\r");
return null;
}
});
} catch (NacosException e) {
log.error("从nacos接收动态路由配置出错!!!", e);
}
}
}
sql文件中缺少mate_sys_menu表的信息,导致前端无法正常打开,麻烦补充一些表结构和实例数据
public static final String SYS_USER_CACHE = "sys-user-cache-";
public static final String SYS_ROLE_CACHE = "sys-user-cache-";
在PreRequestFilter 中定义了transID,在RequestLogFilter也有获取,但是之后的打印并未使用到,参见:
RequestLogFilter.java lines:36,
String traceId = exchange.getRequest().getHeaders().getFirst(MateConstant.MATE_TRACE_ID);
这个变量并未在该过滤器之后的逻辑中使用。
不使用refreshtoken,访问的时候判断,token有效期小于10分钟这种,自动续上客户端配置的有效时间,如半个小时
复现步骤:
现象:连续两个调用中,永远第一个成功,第二个失败
错误信息:
feign.FeignException$BadRequest: [400 Bad Request] during [GET] to [http://ums/rpc/staff/query?partyId=20210326113752311294202859057154] [UmsStaffFeignClient#queryByPartyId(String)]: []
at feign.FeignException.clientErrorStatus(FeignException.java:195)
at feign.FeignException.errorStatus(FeignException.java:177)
at feign.FeignException.errorStatus(FeignException.java:169)
at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:92)
at feign.AsyncResponseHandler.handleResponse(AsyncResponseHandler.java:96)
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:138)
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:89)
at com.alibaba.cloud.sentinel.feign.SentinelInvocationHandler.invoke(SentinelInvocationHandler.java:107)
at com.sun.proxy.$Proxy218.queryByPartyId(Unknown Source)
The following class uses @Bean on a field, but is missing @Component or @Configuration annotation on the class. Is it intentional?
你好在网关没有看到cros相关的代码,请问作者是怎么解决跨域的呢?niginx还是?
限流、熔断统一处理类 WebfluxHandler 不生效
WebfluxHandler.java 44 line
/**
* 限流、熔断统一处理类
*/
@Configuration
@ConditionalOnClass(ServerResponse.class)
public static class WebfluxHandler {
@Bean
public BlockRequestHandler webfluxBlockExceptionHandler() {
return (exchange, t) ->
ServerResponse.status(HttpStatus.TOO_MANY_REQUESTS)
.contentType(MediaType.APPLICATION_JSON)
.body(BodyInserters.fromValue(Result.fail(t.getMessage())));
}
}请教下,为啥要重新封装那么多个stater
private static void defaultExport(List list, Class pojoClass, String fileName,
HttpServletResponse response, ExportParams exportParams) {
Workbook workbook = ExcelExportUtil.exportExcel(exportParams,pojoClass,list);
if (workbook != null); downLoadExcel(fileName, response, workbook);
}
if (workbook != null)之后多了一个分号
希望作者能加上,再就是建议样例多些,辛苦了!
看作者在mate-starter-database模块中用的mybatis-plus版本为3.4.0, 使用自带的handler处理createTime填充时,插入一直为null, 使用旧版的strictInsertFill()才好用,是怎么回事? 下面解释掉的两种方试都不管用
/*this.strictUpdateFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now());
this.strictUpdateFill(metaObject, "updateTime", LocalDateTime.class, LocalDateTime.now());*/
/*this.strictUpdateFill(metaObject, "createTime", () -> LocalDateTime.now(), LocalDateTime.class);
this.strictUpdateFill(metaObject, "updateTime", () -> LocalDateTime.now(), LocalDateTime.class);*/
log.info("start insert fill ....");
this.strictInsertFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now());
this.strictInsertFill(metaObject, "updateTime", LocalDateTime.class, LocalDateTime.now());
String codeFromRedis = redisService.get(Oauth2Constant.CAPTCHA_KEY + key).toString();
object如果是null,.toString(),就会出现NPE,不会进入下面的判断!
if (codeFromRedis == null) {
throw new UserDeniedAuthorizationException("验证码已过期");
}
1,Integrate dubbo-admin console program, and visualize dubbo interface information and configuration information
集成seata之后数据源会被代理,之后无法打印输出sql信息:
Execute SQL:io.seata.rm.datasource.PreparedStatementProxy@17960009
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector on Java language(Our main concern is the secure implementation and use of Json Web Token). We found your great public repository (i.e., matecloud
Public) from GitHub, and several security issues detected by our detector are shown in the following. The specific security issues we found are as follows:
(1) Location: Package: cpackage vip.mate.uaa.config; Class: AuthServerConfig .class
Method:jwtAccessTokenConverter
Hard-coded key: public static final String SIGN_KEY = "MATE";
Security issue: Using predictable/constant cryptographic key when creating and verifing Json Web Token.
Using a hard-coded secret does not conform to the security implementation specification of JWT, which may bring security risks to your system. It is recommended that you use a more secure way to store the secret used to generate the JWT. (For the hazards of hardcoded keys, you can refer to CWE-321, NIST Special Publication 800-57).
We wish the above security issues cloud truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.
gray那个模块是不是没写完 好像是用不了的
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.