HaHafeng
61cdc97eeb
Summary: - Fix pg-boss queue conflict (duplicate key violation on queue_pkey) - Add global error listener to prevent process crash - Reduce connection pool from 10 to 4 - Add graceful shutdown handling (SIGTERM/SIGINT) - Fix researchWorker recursive call bug in catch block - Make screeningWorker idempotent using upsert Security Standards (v1.1): - Prohibit recursive retry in Worker catch blocks - Prohibit payload bloat (only store fileKey/ID in job.data) - Require Worker idempotency (upsert + unique constraint) - Recommend task-specific expireInSeconds settings - Document graceful shutdown pattern New Features: - PKB signed URL endpoint for document preview/download - pg_bigm installation guide for Docker - Dockerfile.postgres-with-extensions for pgvector + pg_bigm Documentation: - Update Postgres-Only async task processing guide (v1.1) - Add troubleshooting SQL queries - Update safety checklist Tested: Local verification passed
167 lines
4.0 KiB
Markdown
167 lines
4.0 KiB
Markdown
# OSS 账号与配置信息
|
||
|
||
> **创建日期:** 2026-01-22
|
||
> **状态:** 已配置
|
||
> **⚠️ 安全提醒:** 本文档不包含敏感密钥,AccessKey Secret 请从安全渠道获取
|
||
|
||
---
|
||
|
||
## 1. RAM 服务账号
|
||
|
||
| 配置项 | 值 |
|
||
|--------|-----|
|
||
| **显示名称** | AI临床研究OSS服务账号 |
|
||
| **登录名称** | `aiclinical-oss@1991407246109125.onaliyun.com` |
|
||
| **AccessKey ID** | `LTAI5tBHkL39GjdLfcr77Y3f` |
|
||
| **AccessKey Secret** | `********` (见 .env 文件或联系管理员) |
|
||
| **安全手机** | 86-18611348738 |
|
||
| **安全邮箱** | gofeng117@163.com |
|
||
| **授权策略** | AliyunOSSFullAccess |
|
||
|
||
---
|
||
|
||
## 2. Bucket 配置清单
|
||
|
||
### 2.1 生产环境
|
||
|
||
| Bucket 名称 | 区域 | ACL | 加密 | 用途 |
|
||
|-------------|------|-----|------|------|
|
||
| `ai-clinical-data` | 华北2(北京) | 私有 | SSE-OSS (AES256) | 核心数据(文献、病历、报告) |
|
||
| `ai-clinical-static` | 华北2(北京) | 公共读 | 无 | 静态资源(头像、Logo、RAG图片) |
|
||
|
||
### 2.2 开发环境
|
||
|
||
| Bucket 名称 | 区域 | ACL | 加密 | 用途 |
|
||
|-------------|------|-----|------|------|
|
||
| `ai-clinical-data-dev` | 华北2(北京) | 私有 | 无 | 开发测试核心数据 |
|
||
| `ai-clinical-static-dev` | 华北2(北京) | 公共读 | 无 | 开发测试静态资源 |
|
||
|
||
---
|
||
|
||
## 3. CORS 配置(所有 Bucket 相同)
|
||
|
||
| 配置项 | 值 |
|
||
|--------|-----|
|
||
| 来源 (AllowedOrigin) | `*` |
|
||
| 允许 Methods | GET, HEAD |
|
||
| 允许 Headers | `*` |
|
||
| 暴露 Headers | `ETag, x-oss-request-id` |
|
||
| 缓存时间 | 3600 秒 |
|
||
|
||
---
|
||
|
||
## 4. 生命周期规则
|
||
|
||
### 仅 Data Bucket 配置
|
||
|
||
| Bucket | 规则名称 | 前缀 | 策略 |
|
||
|--------|---------|------|------|
|
||
| `ai-clinical-data` | auto-delete-temp | `temp/` | 1 天后删除 |
|
||
| `ai-clinical-data-dev` | auto-delete-temp | `temp/` | 1 天后删除 |
|
||
|
||
---
|
||
|
||
## 5. 环境变量配置
|
||
|
||
### 5.1 本地开发环境 (`.env.development`)
|
||
|
||
```bash
|
||
# 存储类型
|
||
STORAGE_TYPE=oss
|
||
|
||
# OSS 开发环境配置
|
||
OSS_REGION=oss-cn-beijing
|
||
OSS_BUCKET=ai-clinical-data-dev
|
||
OSS_BUCKET_STATIC=ai-clinical-static-dev
|
||
OSS_ACCESS_KEY_ID=LTAI5tBHkL39GjdLfcr77Y3f
|
||
OSS_ACCESS_KEY_SECRET=<从安全渠道获取>
|
||
OSS_INTERNAL=false
|
||
```
|
||
|
||
### 5.2 SAE 生产环境
|
||
|
||
```bash
|
||
# 存储类型
|
||
STORAGE_TYPE=oss
|
||
|
||
# OSS 生产环境配置
|
||
OSS_REGION=oss-cn-beijing
|
||
OSS_BUCKET=ai-clinical-data
|
||
OSS_BUCKET_STATIC=ai-clinical-static
|
||
OSS_ACCESS_KEY_ID=LTAI5tBHkL39GjdLfcr77Y3f
|
||
OSS_ACCESS_KEY_SECRET=<从安全渠道获取>
|
||
OSS_INTERNAL=true # 🔴 生产必须用内网
|
||
```
|
||
|
||
---
|
||
|
||
## 6. Endpoint 地址
|
||
|
||
| 环境 | Endpoint | 说明 |
|
||
|------|----------|------|
|
||
| 公网(本地开发) | `oss-cn-beijing.aliyuncs.com` | 本地开发使用 |
|
||
| 内网(SAE 生产) | `oss-cn-beijing-internal.aliyuncs.com` | 生产环境必须使用,免流量费 |
|
||
|
||
---
|
||
|
||
## 7. 成本预警设置
|
||
|
||
| 配置项 | 值 |
|
||
|--------|-----|
|
||
| 预算名称 | OSS成本监控 |
|
||
| 月预算 | 100 元 |
|
||
| 告警阈值 | 80%, 100% |
|
||
| 通知方式 | 短信 + 邮件 |
|
||
| 通知手机 | 18611348738 |
|
||
| 通知邮箱 | gofeng117@163.com |
|
||
|
||
---
|
||
|
||
## 8. 安全注意事项
|
||
|
||
### 🔴 绝对不要做的事
|
||
|
||
1. **不要**将 AccessKey Secret 提交到 Git 仓库
|
||
2. **不要**在前端代码中使用 AccessKey
|
||
3. **不要**将 `ai-clinical-data` Bucket 设为公共读
|
||
4. **不要**在生产环境使用公网 Endpoint
|
||
|
||
### ✅ 应该做的事
|
||
|
||
1. AccessKey Secret 存储在 `.env` 文件(已加入 .gitignore)
|
||
2. 定期轮换 AccessKey(建议每 90 天)
|
||
3. 监控成本告警邮件
|
||
4. 生产环境使用内网 Endpoint
|
||
|
||
---
|
||
|
||
## 9. 快速参考
|
||
|
||
### 开发环境快速测试
|
||
|
||
```bash
|
||
# 1. 配置环境变量
|
||
export OSS_REGION=oss-cn-beijing
|
||
export OSS_BUCKET=ai-clinical-data-dev
|
||
export OSS_ACCESS_KEY_ID=LTAI5tBHkL39GjdLfcr77Y3f
|
||
export OSS_ACCESS_KEY_SECRET=<你的密钥>
|
||
export OSS_INTERNAL=false
|
||
|
||
# 2. 启动后端
|
||
cd backend
|
||
npm run dev
|
||
```
|
||
|
||
### 阿里云控制台链接
|
||
|
||
- [OSS 控制台](https://oss.console.aliyun.com/)
|
||
- [RAM 控制台](https://ram.console.aliyun.com/)
|
||
- [费用中心](https://usercenter2.aliyun.com/)
|
||
|
||
---
|
||
|
||
*文档结束。如有问题请联系:gofeng117@163.com*
|
||
|
||
|
||
|