From e6d00e9bc682a790f975ffeb5c622cd2550f8ba2 Mon Sep 17 00:00:00 2001 From: Jiang Date: Fri, 13 Mar 2026 17:14:50 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=9E=84=E5=BB=BA=E5=B7=A5?= =?UTF-8?q?=E4=BD=9C=E6=B5=81=EF=BC=8C=E5=88=A0=E9=99=A4=E4=B8=8D=E5=BF=85?= =?UTF-8?q?=E8=A6=81=E7=9A=84=E5=AE=89=E5=85=A8=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build-package.yml | 8 +- infra/docker/docker-compose.yml | 17 ---- scripts/setup_security.sh | 122 ---------------------------- 3 files changed, 5 insertions(+), 142 deletions(-) delete mode 100755 scripts/setup_security.sh diff --git a/.github/workflows/build-package.yml b/.github/workflows/build-package.yml index 5b9e661..3281695 100644 --- a/.github/workflows/build-package.yml +++ b/.github/workflows/build-package.yml @@ -8,6 +8,8 @@ on: jobs: build-package: runs-on: ${{ matrix.os }} + env: + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true strategy: fail-fast: false matrix: @@ -15,10 +17,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.12" @@ -104,7 +106,7 @@ jobs: shell: bash - name: Upload package artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: tjwater-server-package-${{ runner.os }} path: dist/* diff --git a/infra/docker/docker-compose.yml b/infra/docker/docker-compose.yml index 0131f20..abbd2c7 100644 --- a/infra/docker/docker-compose.yml +++ b/infra/docker/docker-compose.yml @@ -39,23 +39,6 @@ services: volumes: - ./redis/data:/data - # --- InfluxDB --- - influxdb: - image: influxdb:2.7 - container_name: influxdb - restart: always - environment: - DOCKER_INFLUXDB_INIT_MODE: setup - DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_USER} - DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB_PASSWORD} - DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_ORG} - DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_BUCKET} - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: ${INFLUXDB_ADMIN_TOKEN} - ports: - - "${INFLUXDB_PORT}:8086" - volumes: - - ./influxdb/data:/var/lib/influxdb2 - # --- Keycloak --- keycloakDB: image: postgis/postgis:14-3.5 diff --git a/scripts/setup_security.sh b/scripts/setup_security.sh deleted file mode 100755 index 003f5c8..0000000 --- a/scripts/setup_security.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash - -# TJWater Server 安全功能快速设置脚本 - -set -e - -echo "==================================" -echo "TJWater Server 安全功能设置" -echo "==================================" -echo "" - -# 颜色定义 -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -NC='\033[0m' # No Color - -# 步骤 1: 检查依赖 -echo "📦 步骤 1/5: 检查 Python 依赖..." -if ! python -c "import cryptography, passlib, jose" 2>/dev/null; then - echo -e "${YELLOW}缺少依赖,正在安装...${NC}" - pip install cryptography passlib python-jose bcrypt -else - echo -e "${GREEN}✓ 依赖已安装${NC}" -fi -echo "" - -# 步骤 2: 生成密钥 -echo "🔑 步骤 2/5: 生成安全密钥..." - -if [ ! -f .env ]; then - echo "正在创建 .env 文件..." - cp .env.example .env - - # 生成 JWT 密钥 - JWT_KEY=$(openssl rand -hex 32) - sed -i "s/SECRET_KEY=.*/SECRET_KEY=$JWT_KEY/" .env - echo -e "${GREEN}✓ JWT 密钥已生成${NC}" - - # 生成加密密钥 - ENC_KEY=$(python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())") - sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=$ENC_KEY/" .env - echo -e "${GREEN}✓ 加密密钥已生成${NC}" -else - echo -e "${YELLOW}⚠ .env 文件已存在,跳过生成${NC}" -fi -echo "" - -# 步骤 3: 数据库配置 -echo "💾 步骤 3/5: 数据库配置..." -read -p "请输入数据库名称 [默认: tjwater]: " DB_NAME -DB_NAME=${DB_NAME:-tjwater} - -read -p "请输入数据库用户 [默认: postgres]: " DB_USER -DB_USER=${DB_USER:-postgres} - -read -sp "请输入数据库密码: " DB_PASS -echo "" - -# 更新 .env -sed -i "s/DB_NAME=.*/DB_NAME=$DB_NAME/" .env -sed -i "s/DB_USER=.*/DB_USER=$DB_USER/" .env -sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=$DB_PASS/" .env - -echo -e "${GREEN}✓ 数据库配置已更新${NC}" -echo "" - -# 步骤 4: 执行数据库迁移 -echo "🗄️ 步骤 4/5: 执行数据库迁移..." -read -p "是否立即执行数据库迁移?(y/n) [y]: " DO_MIGRATION -DO_MIGRATION=${DO_MIGRATION:-y} - -if [ "$DO_MIGRATION" = "y" ]; then - echo "正在执行迁移脚本..." - - PGPASSWORD=$DB_PASS psql -U $DB_USER -d $DB_NAME -f resources/sql/001_create_users_table.sql 2>&1 | grep -v "NOTICE" - if [ $? -eq 0 ]; then - echo -e "${GREEN}✓ 用户表创建成功${NC}" - else - echo -e "${RED}✗ 用户表创建失败${NC}" - fi - - PGPASSWORD=$DB_PASS psql -U $DB_USER -d $DB_NAME -f resources/sql/002_create_audit_logs_table.sql 2>&1 | grep -v "NOTICE" - if [ $? -eq 0 ]; then - echo -e "${GREEN}✓ 审计日志表创建成功${NC}" - else - echo -e "${RED}✗ 审计日志表创建失败${NC}" - fi -else - echo -e "${YELLOW}⚠ 跳过数据库迁移,请稍后手动执行:${NC}" - echo " psql -U $DB_USER -d $DB_NAME -f resources/sql/001_create_users_table.sql" - echo " psql -U $DB_USER -d $DB_NAME -f resources/sql/002_create_audit_logs_table.sql" -fi -echo "" - -# 步骤 5: 测试 -echo "🧪 步骤 5/5: 运行测试..." -if python tests/test_encryption.py 2>&1; then - echo -e "${GREEN}✓ 加密功能测试通过${NC}" -else - echo -e "${RED}✗ 加密功能测试失败${NC}" -fi -echo "" - -# 完成 -echo "==================================" -echo -e "${GREEN}✅ 设置完成!${NC}" -echo "==================================" -echo "" -echo "默认管理员账号:" -echo " 用户名: admin" -echo " 密码: admin123" -echo "" -echo " 用户名: tjwater" -echo " 密码: tjwater@123" -echo "" -echo "下一步:" -echo " 1. 查看文档: cat SECURITY_README.md" -echo " 2. 查看部署指南: cat DEPLOYMENT.md" -echo " 3. 启动服务器: uvicorn app.main:app --reload" -echo " 4. 访问文档: http://localhost:8000/docs" -echo ""