From bd4b9ea9795558e37389fec1ef062ff28cae4c46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E5=B8=85?= <ls1006@126.com>
Date: Tue, 3 Jun 2025 20:11:48 +0800
Subject: [PATCH] =?UTF-8?q?1.=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/system/SysIndexController.java |  2 +-
 .../src/main/resources/application.yml        | 40 +++++++++++++++----
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/maintain-admin/src/main/java/com/maintain/web/controller/system/SysIndexController.java b/maintain-admin/src/main/java/com/maintain/web/controller/system/SysIndexController.java
index 39bd2af..b4f440f 100644
--- a/maintain-admin/src/main/java/com/maintain/web/controller/system/SysIndexController.java
+++ b/maintain-admin/src/main/java/com/maintain/web/controller/system/SysIndexController.java
@@ -27,6 +27,6 @@ public class SysIndexController {
     @SaIgnore
     @GetMapping("/")
     public String index() {
-        return StringUtils.format("欢迎使用{}后台管理框架，当前版本：v{}，请通过前端地址访问。", maintainConfig.getName(), maintainConfig.getVersion());
+        return StringUtils.format("欢迎使用维修管理系统，当前版本：v1.0.0，请通过前端地址访问。");
     }
 }
diff --git a/maintain-admin/src/main/resources/application.yml b/maintain-admin/src/main/resources/application.yml
index c283e28..1a1c2ca 100644
--- a/maintain-admin/src/main/resources/application.yml
+++ b/maintain-admin/src/main/resources/application.yml
@@ -139,9 +139,9 @@ security:
     # actuator 监控配置
     - /actuator
     - /actuator/**
-    - /jmreport/**
-    - /drag/**
-    - /jimubi/**
+#    - /jmreport/**
+#    - /drag/**
+#    - /jimubi/**
 
 # MyBatisPlus配置
 # https://baomidou.com/config/
@@ -205,11 +205,12 @@ springdoc:
   api-docs:
     path: /api-docs
     # 是否开启接口文档
-    enabled: true
+    enabled: false
   swagger-ui:
     path: /swagger-ui.html
     # 持久化认证数据
     persistAuthorization: true
+    enabled: false
   info:
     # 标题
     title: '标题：维修后台管理系统_接口文档'
@@ -263,14 +264,37 @@ lock4j:
 --- # Actuator 监控端点的配置项
 management:
   endpoints:
+    enabled-by-default: false  # 默认关闭所有端点
     web:
       exposure:
-        include: '*'
+        include: health,info   # 仅允许健康检查和基础信息端点
+        exclude: env,jolokia,heapdump,shutdown,threaddump,sessions,trace,prometheus  # 显式排除高危端点
+      base-path: /internal-monitor  # 自定义访问路径（避免默认/actuator）
+    jmx:
+      exposure:
+        exclude: '*'            # 禁用所有JMX端点（除非必要）
+
   endpoint:
     health:
-      show-details: ALWAYS
-    logfile:
-      external-file: ./logs/sys-console.log
+      enabled: true             # 开放健康检查（无敏感信息）
+      show-details: never       # 禁止显示详情（或改为`when-authorized`）
+#      health:
+#        show-details: ALWAYS
+      logfile:
+        external-file: ./logs/sys-console.log
+    info:
+      enabled: true             # 开放基础信息端点
+    env:
+      enabled: false            # 禁用环境变量端点
+      keys-to-sanitize: password,secret,key,token  # 脱敏字段（即使意外开启）
+    jolokia:
+      enabled: false            # 禁用Jolokia（防RCE漏洞）
+    heapdump:
+      enabled: false            # 禁用堆转储
+    shutdown:
+      enabled: false            # 禁用远程关闭
+    configprops:
+      keys-to-sanitize: password,secret  # 配置属性脱敏
 
 spring:
   datasource:
-- 
2.22.0