1
This commit is contained in:
Leo
4
.editorconfig
Normal file
4
.editorconfig
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
# 确保 shell 脚本在 Linux 上可执行(LF 换行)
|
||||||
|
[*.sh]
|
||||||
|
end_of_line = lf
|
||||||
|
charset = utf-8
|
||||||
29
doc/refresh_jarvis_cert.sh
Normal file
29
doc/refresh_jarvis_cert.sh
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Jarvis 证书申请与安装(acme.sh + 腾讯云 DNS)
|
||||||
|
# 用法:上传到服务器后 chmod +x refresh_jarvis_cert.sh && ./refresh_jarvis_cert.sh
|
||||||
|
# 若报 $'\r': command not found,先执行:sed -i 's/\r$//' refresh_jarvis_cert.sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
cd /root/project/acme/acme.sh
|
||||||
|
|
||||||
|
# 1. 申请/续期证书(--force 强制续期;ECC 用 --keylength ec-256)
|
||||||
|
# --dnssleep 120:添加 TXT 后等 2 分钟再让 CA 校验,避免「retryafter too large」因 DNS 未生效
|
||||||
|
./acme.sh --dns dns_tencent --issue \
|
||||||
|
-d jarvis.van333.cn -d van333.cn \
|
||||||
|
--keylength ec-256 \
|
||||||
|
--dnssleep 120 \
|
||||||
|
--force \
|
||||||
|
--debug 2
|
||||||
|
|
||||||
|
# 2. 安装证书(--ecc 必须紧跟在 -d 域名后,避免 Unknown parameter)
|
||||||
|
./acme.sh --install-cert -d jarvis.van333.cn --ecc \
|
||||||
|
--key-file /opt/1panel/apps/openresty/openresty/www/common/ssl/jarvis.van333.cn.key \
|
||||||
|
--fullchain-file /opt/1panel/apps/openresty/openresty/www/common/ssl/jarvis.van333.cn/fullchain.cer \
|
||||||
|
--reloadcmd "docker restart openresty"
|
||||||
|
|
||||||
|
# 3. 验证
|
||||||
|
echo "--- 证书文件 ---"
|
||||||
|
ls -l /opt/1panel/apps/openresty/openresty/www/common/ssl/
|
||||||
|
ls -l /opt/1panel/apps/openresty/openresty/www/common/ssl/jarvis.van333.cn/ 2>/dev/null || true
|
||||||
|
echo "--- 证书过期时间 ---"
|
||||||
|
openssl x509 -in /opt/1panel/apps/openresty/openresty/www/common/ssl/jarvis.van333.cn/fullchain.cer -noout -enddate 2>/dev/null || true
|
||||||
@@ -49,3 +49,6 @@ wps365:
|
|||||||
# scope: kso.file.readwrite
|
# scope: kso.file.readwrite
|
||||||
# scope: kso.file.read,kso.file.readwrite
|
# scope: kso.file.read,kso.file.readwrite
|
||||||
# scope: kso.doclib.readwrite
|
# scope: kso.doclib.readwrite
|
||||||
|
# 后端写入「智能表格」时,授权必须包含 kso.airsheet.readwrite,例如:
|
||||||
|
# scope: kso.file.readwrite,kso.airsheet.readwrite
|
||||||
|
scope: kso.file.readwrite,kso.airsheet.readwrite
|
||||||
|
|||||||
@@ -110,14 +110,15 @@ public class WPS365OAuthServiceImpl implements IWPS365OAuthService {
|
|||||||
// - kso.file.readwrite (文件读写)
|
// - kso.file.readwrite (文件读写)
|
||||||
// - kso.doclib.readwrite (文档库读写)
|
// - kso.doclib.readwrite (文档库读写)
|
||||||
// - kso.wiki.readwrite (知识库读写)
|
// - kso.wiki.readwrite (知识库读写)
|
||||||
// - 对于在线表格(AirSheet/KSheet),可能需要 kso.file.readwrite
|
// - 对于在线表格(KSheet),可能需要 kso.file.readwrite
|
||||||
|
// - 对于智能表格(AirSheet)读写,需要 kso.airsheet.readwrite
|
||||||
//
|
//
|
||||||
// 如果报错invalid_scope,请:
|
// 如果报错invalid_scope,请:
|
||||||
// 1. 登录WPS365开放平台:https://open.wps.cn/
|
// 1. 登录WPS365开放平台:https://open.wps.cn/
|
||||||
// 2. 进入"开发配置" > "权限管理"
|
// 2. 进入"开发配置" > "权限管理"
|
||||||
// 3. 查看已申请权限的准确名称(必须以 kso. 开头)
|
// 3. 查看已申请权限的准确名称(必须以 kso. 开头)
|
||||||
// 4. 在application.yml中配置scope参数,使用逗号分隔
|
// 4. 在application.yml中配置scope参数,使用逗号分隔
|
||||||
scope = "kso.file.readwrite"; // 默认使用文件读写权限(支持在线表格操作)
|
scope = "kso.file.readwrite,kso.airsheet.readwrite"; // 文件读写 + 智能表格读写(后端写入智能表格必须含 kso.airsheet.readwrite)
|
||||||
}
|
}
|
||||||
scope = scope.trim();
|
scope = scope.trim();
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user