dromara / mendmix-cloud Goto Github PK

Mendmix定位是一站式分布式开发架构开源解决方案及云原生架构技术底座。Mendmix提供了数据库、缓存、消息中间件、分布式定时任务、安全框架、网关以及主流产商云服务快速集成能力。基于Mendmix可以不用关注技术细节快速搭建高并发高可用基于微服务的分布式架构。

Home Page: http://www.jeesuite.com/

License: Apache License 2.0

Java 100.00%

kafka redis distributed mybatis springboot security spring-web springcloud framework cloud-native

mendmix-cloud's Introduction

资源索引

简介

Mendmix定位是一站式分布式开发架构开源解决方案及云原生架构技术底座。Mendmix提供了数据库、缓存、消息中间件、分布式定时任务、安全框架、网关以及主流产商云服务快速集成能力。基于Mendmix可以不用关注技术细节快速搭建高并发高可用基于微服务的分布式架构。

发展历程`jeesuite-libs`→`Mendmix`

2015年发布第一版取名叫jeesuite-libs一直沿用至今，定位是工具型软件，以各个模块能完全独立使用为前提。经过近8年的发展以及在多家大型公司技术中台、数字化转型、企业上云过程中锤炼，定制化越来越高，jeesuite-libs从原来一个个离散的点变成了一个逻辑完备的面，也就是形成了一整套分布式架构及云原生架构的解决方案。基于这种转变jeesuite-libs不再适合我们的发展方向，因此现在更名为Mendmix。

关于Mendmix

✅寓意：Mend+Mix，解决各种框架整合、各种场景的融合的问题、形成一整套完全自洽的解决方案
✅理念：融合、增强、包容、自洽
✅原则：最小依赖可运行；只做增强不修改依赖框架本；贴近业务场景只做有用的功能

最小运行依赖

以下是包含了消息队列、定时任务、存储、全局锁、缓存、Mybatis增强等各种场景最小化运行依赖。如果需要支持分布式仅仅只需要增加必要的配置和第三方依赖包即可。

Spring + Springcloud必要组件
Mybatis，mybatis-spring,Druid
Quartz
以及一些诸如guava,jackson的工具类库

功能图谱

模块	核心功能说明	其他说明
mendmix-common	http、json、加解密、异步、GUID等工具类以及整体架构一些规范性定义
mendmix-common2	分布式锁、轻量级定时任务、全局workerId生成等依赖中间件的通用组件
mendmix-spring	Spring工厂以及一些相关工具类、配置二次处理、一些运行机制规范定义
mendmix-cache	缓存中间件适配、多redis实例快速注册及管理
mendmix-scheduler	分布式定时任务，基于quartz、redis、zookeeper实现，支持日志上报、重试、多租户、并行处理，提供管理API	支持redis或zookeeper分布式协调
mendmix-mybatis	CRUD增强、通用字段自动处理、自动缓存、读写分离、软删除、乐观锁、数据权限、安全审计	兼容Mapper3增强框架
mendmix-security	认证和鉴权（接口权限）、session管理器、支持oauth2.0等	不依赖任何第三方权限框架
mendmix-logging	多日志厂商适配、日志采集上报、应用日志动态刷新机制
mendmix-springweb	接口规范定义，通用拦截器、mock用户、请求响应增强插件机制
mendmix-springcloud-support	组件自动注册、springcloud 组件增强
mendmix-gateway	认证、接口权限、审计日志、openAPI、响应统一包装、限流、防重复提交、命中缓存降级访问	默认集成mendmix-security模块
mendmix-amqp-adapter	消息中间件适配，目前支持：内存队列、redis、kafka、rocketMQ、腾讯云及阿里云的云厂商MQ产品
mendmix-cos-adapter	文件存储适配，目前支持：minIO、七牛、阿里云、腾讯云、华为云、AWS的文件存储服务

版本

关于作者

15年IT互联网老兵，熟悉微服务、k8s、云原生架构及各种分布式架构；
DDD领域驱动早期实践者,2012-2014年作为开源项目koala企业级开发平台核心开发主推领域驱动设计理念；
荣获2021年度海纳奖—分布式数据库十大优秀实践人物

🚀🚀知识星球🚀🚀

欢迎加入我的知识星球。提供mendmix各种问题交流，定期分享架构实践、架构案例、面试技巧等。

mendmix-cloud's People

Contributors

Stargazers

Watchers

Forkers

cyzh catkitty someoneaaron vincke zmwxiaoming grindwheel liyong1028826685 jing981111 chengcanmm77 kanhai001 chenbiao1992 huaijinwoyu rucky2013 beijinguang huangshaoze icodingstar wsw2008new zjpjohn wenhao59410 grayoxygen mk100120 changmingivy koywang holysky5 boboge dvbug memory8 lipengyu ljingxiong optimuse zhiyingang duydcoco 0v1 zhangjianfei yezilong9 damozhiying alanhufanfan kakasjuno fightingbilling 1011641270 deerlion ccbobe chongtianfeiyu watermelony lxlx704034204 bellmit dazi005 skywangjie michael-ancestor kingdom031 caohaogit 00zhengfu00 fisherhuangpx czl349095941 zhurui536 chobitc jianghongjie douglashu joydit hemin1003 thewkgithub sunqinbo liuchchc jackjet yangbod vincentpanqi ysj123688 supercoeus nineee tutty427 ts-li hadoop168 marionlxy ppayaoxing irocky1 ninollei calmy 396175371 smallratluobin geekcheng leysauron zhunengfei ting9901 quan2005 dong4j yanxinorg zyuanlove zzzhangjian zhangyu03121011 e9ab98e991ab rsk16 moonshowder liyunfei21 crazyydevil dwj1979 caicaima aceinsice zhc8844096 zhaofu1994 andrew8305

mendmix-cloud's Issues

Cryptographic API misuse detected

Hi, I am currently looking into projects on github which are parametrically misusing cryptographic APIs for my research and I came across a few instances in your project where I found such misuses. These misuses have been highlighted in research papers such as

CDRep: Automatic Repair of Cryptographic Misuses in Android Applications

In your source code file DES.java there are following issues in encrypt(String, String):

At line 37

AlgorithmParameterSpec paramSpec = new IvParameterSpec(IV_PARAMS_BYTES);;

The first parameter should be properly randomized using java.security.SecureRandom API.

At line 36

Cipher cipher = Cipher.getInstance(ALGORITHM_DES);

The first parameter (with value "DES/CBC/PKCS5Padding") should be any of {AES, Blowfish, DESede, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA}

Consequently at line 38

cipher.init(Cipher.ENCRYPT_MODE, secretKey,paramSpec);

since "paramSpec" was not properly prepared due to the absence of randomzation therefore, here cipher.init() call is compromised as well. Same issues were found in the function "decrypt(String, String)"

Next in your source code file AES.java we found following misuses:

At line 54 and 39

Cipher cipher = Cipher.getInstance("AES");

First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}

Next in your source code file SHA1.java we found following misuses:

At line 40

MessageDigest md = MessageDigest.getInstance("SHA-1");

First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}

Then in your source code file DigestUtils.java we found following misuses:

At line 37

MessageDigest md = MessageDigest.getInstance(MD5_NAME);

First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}

I believe fixing these issues would help your product be more secure.

kafka commons

java.lang.RuntimeException: com.esotericsoftware.kryo.KryoException: Encountered unregistered class ID: 47
at com.jeesuite.common.serializer.KryoPoolSerializer.deserialize(KryoPoolSerializer.java:163) ~[jeesuite-common-1.1.0.jar:na]
at com.jeesuite.common.serializer.SerializeUtils.deserialize(SerializeUtils.java:37) ~[jeesuite-common-1.1.0.jar:na]
at com.jeesuite.kafka.serializer.KyroMessageDeserializer.deserialize(KyroMessageDeserializer.java:25) ~[jeesuite-kafka-1.1.0.jar:na]
at com.jeesuite.kafka.serializer.MessageDecoder.fromBytes(MessageDecoder.java:29) ~[jeesuite-kafka-1.1.0.jar:na]
at kafka.message.MessageAndMetadata.message(MessageAndMetadata.scala:32) ~[kafka_2.10-0.9.0-kafka-2.0.0.jar:na]
at com.jeesuite.kafka.consumer.OldApiTopicConsumer$MessageProcessor.run(OldApiTopicConsumer.java:193) ~[jeesuite-kafka-1.1.0.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_121]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
Caused by: com.esotericsoftware.kryo.KryoException: Encountered unregistered class ID: 47
at com.esotericsoftware.kryo.util.DefaultClassResolver.readClass(DefaultClassResolver.java:119) ~[kryo-2.24.0.jar:na]
at com.esotericsoftware.kryo.Kryo.readClass(Kryo.java:641) ~[kryo-2.24.0.jar:na]
at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:752) ~[kryo-2.24.0.jar:na]
at com.jeesuite.common.serializer.KryoPoolSerializer.deserialize(KryoPoolSerializer.java:161) ~[jeesuite-common-1.1.0.jar:na]
... 8 common frames omitted

common2 excel读取问题

大神，你好，我在用这个读取的时候，如果一个单元格里面的内容中含有英文冒号，这个单元格会被拆分成两个同一行的单元格，最后读取出来的数据是错乱的，请问这种情况，通过代码怎么解决呢

方法名 "getHanlderNames" 应该是 "getHandlerNames"

https://github.com/vakinge/jeesuite-libs/blob/c3811360bd55f6aa5bfc983782725b5ab16b9f2a/jeesuite-mybatis/src/main/java/com/jeesuite/mybatis/MybatisConfigs.java#L98

确定 spring.profiles.active 的方式

https://github.com/vakinge/jeesuite-libs/blob/c3811360bd55f6aa5bfc983782725b5ab16b9f2a/jeesuite-common/src/main/java/com/jeesuite/common/util/ResourceUtils.java#L176

spring.profiles.active 除了可以在配置文件中指定外，还可以有下面几种方式：

System.setProperty("spring.profiles.active", "xxx")
运行参数 -Dspring.profiles.active=xxx
运行参数 --spring.profiles.active=xxx
系统环境变量 SPRING_PROFILES_ACTIVE

这些都应该考虑

The scope of this CVE affected version is ** [0,1.31)**

After further analysis, in this project, the main Api called is org.yaml.snakeyaml.composer.Composer: composeNode(org.yaml.snakeyaml.nodes.Node)Lorg.yaml.snakeyaml.nodes.Node;

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 5

CVE Bug Invocation Path : 
com.mendmix.cache.command.RedisBase: listDerialize(java.util.List)Ljava.util.List; .m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar
org.yaml.snakeyaml.Yaml$1: next()Ljava.lang.Object; .m2/repository/org/springframework/spring-context-support/5.2.9.RELEASE/spring-context-support-5.2.9.RELEASE.jar
org.yaml.snakeyaml.constructor.BaseConstructor: getData()Ljava.lang.Object; .m2/repository/org/springframework/spring-context-support/5.2.9.RELEASE/spring-context-support-5.2.9.RELEASE.jar
org.yaml.snakeyaml.composer.Composer: getNode()Lorg.yaml.snakeyaml.nodes.Node; .m2/repository/org/springframework/spring-context-support/5.2.9.RELEASE/spring-context-support-5.2.9.RELEASE.jar
org.yaml.snakeyaml.composer.Composer: composeNode(org.yaml.snakeyaml.nodes.Node)Lorg.yaml.snakeyaml.nodes.Node;

Dependency tree--

[INFO] com.mendmix:mendmix-cache:jar:1.4.2
[INFO] +- com.mendmix:mendmix-common:jar:1.4.2:compile
[INFO] |  +- org.apache.commons:commons-lang3:jar:3.4:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.3:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.3:compile
[INFO] |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.13.3:compile
[INFO] |  +- com.esotericsoftware:kryo:jar:5.0.4:compile
[INFO] |  |  +- com.esotericsoftware:reflectasm:jar:1.11.9:compile
[INFO] |  |  +- org.objenesis:objenesis:jar:3.1:compile
[INFO] |  |  \- com.esotericsoftware:minlog:jar:1.3.1:compile
[INFO] |  +- org.yaml:snakeyaml:jar:1.29:compile
[INFO] |  \- net.sf.jmimemagic:jmimemagic:jar:0.1.5:compile
[INFO] |     +- commons-logging:commons-logging:jar:1.0.4:compile
[INFO] |     \- commons-io:commons-io:jar:2.1:compile
[INFO] +- com.mendmix:mendmix-spring:jar:1.4.2:compile
[INFO] |  +- org.springframework:spring-context:jar:5.3.18:compile
[INFO] |  +- org.springframework:spring-core:jar:5.3.18:compile
[INFO] |  |  \- org.springframework:spring-jcl:jar:5.3.18:compile
[INFO] |  +- org.springframework:spring-beans:jar:5.3.18:compile
[INFO] |  +- org.springframework:spring-tx:jar:5.3.18:compile
[INFO] |  +- org.springframework:spring-aop:jar:5.3.18:compile
[INFO] |  +- org.springframework:spring-expression:jar:5.3.18:compile
[INFO] |  \- org.springframework:spring-aspects:jar:5.3.18:compile
[INFO] |     \- org.aspectj:aspectjweaver:jar:1.9.7:compile
[INFO] +- redis.clients:jedis:jar:3.3.0:compile
[INFO] |  \- org.apache.commons:commons-pool2:jar:2.6.2:compile
[INFO] +- com.google.guava:guava:jar:30.1.1-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:3.8.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.5.1:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- net.sf.ehcache:ehcache-core:jar:2.6.11:compile
[INFO] +- org.springframework.data:spring-data-redis:jar:2.3.4.RELEASE:compile
[INFO] |  +- org.springframework.data:spring-data-keyvalue:jar:2.3.4.RELEASE:compile
[INFO] |  |  \- org.springframework.data:spring-data-commons:jar:2.3.4.RELEASE:compile
[INFO] |  +- org.springframework:spring-oxm:jar:5.2.9.RELEASE:compile
[INFO] |  \- org.springframework:spring-context-support:jar:5.2.9.RELEASE:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.17.2:test
[INFO] |  \- org.apache.logging.log4j:log4j-api:jar:2.17.2:test
[INFO] +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.17.2:test
[INFO] +- org.slf4j:slf4j-api:jar:1.7.32:compile
[INFO] +- junit:junit:jar:4.13.3-SNAPSHOT:test
[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] \- org.springframework:spring-test:jar:5.3.18:test

Suggested solutions:

Update dependency version

Thank you very much.

类名 "MutiRouteDataSource" 应该是 "MultiRouteDataSource"

https://github.com/vakinge/jeesuite-libs/blob/c3811360bd55f6aa5bfc983782725b5ab16b9f2a/jeesuite-mybatis/src/main/java/com/jeesuite/mybatis/datasource/MutiRouteDataSource.java#L49