feat(auth): support per-deploy login password key override
Multi-replica deployments need every Pod/container to share one RSA private key, otherwise public keys handed to the browser may not match the key that decrypts the resulting ciphertext. Introduce a `*.local.yaml` override layer that ops-config and tenant-config both load on top of the base config, ship example overrides plus compose/k3s wiring, and tolerate PEM bodies that arrive folded or escaped from Secrets.
This commit is contained in:
@@ -25,6 +25,18 @@ if [[ ! -f "${SCRIPT_DIR}/.env" ]]; then
|
||||
echo " 如需填写真实 API Key 或修改端口,可编辑 ${SCRIPT_DIR}/.env 后再次执行 bash deploy.sh"
|
||||
fi
|
||||
|
||||
ensure_local_config() {
|
||||
local file="$1" example="$2"
|
||||
if [[ -f "${SCRIPT_DIR}/${file}" ]]; then
|
||||
return
|
||||
fi
|
||||
if [[ -f "${SCRIPT_DIR}/${example}" ]]; then
|
||||
cp "${SCRIPT_DIR}/${example}" "${SCRIPT_DIR}/${file}"
|
||||
echo "==> 已从 ${example} 创建 ${file}。"
|
||||
echo " 生产多副本部署前请把其中的 password_cipher.private_key_pem 替换为同一把 RSA 私钥。"
|
||||
fi
|
||||
}
|
||||
|
||||
env_value() {
|
||||
local key="$1" default_value="$2" value
|
||||
value="$(grep -E "^${key}=" "${SCRIPT_DIR}/.env" | tail -1 | cut -d= -f2- || true)"
|
||||
@@ -34,6 +46,9 @@ env_value() {
|
||||
}
|
||||
|
||||
deploy_compose() {
|
||||
ensure_local_config "config.local.yaml" "config.local.yaml.example"
|
||||
ensure_local_config "ops-config.local.yaml" "ops-config.local.yaml.example"
|
||||
|
||||
# ─── Step 1: 加载镜像 ───────────────────────────────────────────────────────
|
||||
echo "==> [1/3] 加载 Docker 镜像(可能需要几分钟)..."
|
||||
docker load -i "${SCRIPT_DIR}/images.tar"
|
||||
|
||||
Reference in New Issue
Block a user