feat: AI Gateway, Client Certificate (mTLS), API management now supports setting CORS headers, gRPC test connections, automatic trust certificate functionality for gRPC proxy, and optimized API exception report UI.

Author: mini-lee-tpi

build.gradle

@@ -35,7 +35,7 @@ licenseReport {
 
 allprojects {
 	group = 'tpi.dgrv4'
-	version = 'release-v4.5.16'
+	version = 'release-rc-v4.5.19.0-4-g052aa0662'
 	apply plugin:  'io.spring.dependency-management'
 
 	repositories {
@@ -62,8 +62,8 @@ subprojects {
 
 
 	dependencies {
-		implementation files("${rootDir}/libsext/dgrv4_CodecUtil-v4.5.16.3-lib.jar")
-		implementation files("${rootDir}/libsext/dgrv4_HttpUtil-v4.5.16.3-lib.jar")
+		implementation files("${rootDir}/libsext/dgrv4_CodecUtil-v4.5.19.0-4-g052aa0662-lib.jar")
+		implementation files("${rootDir}/libsext/dgrv4_HttpUtil-v4.5.19.0-4-g052aa0662-lib.jar")
 
 		implementation ('org.springframework.boot:spring-boot-starter-data-jpa'){
 		}
@@ -87,6 +87,8 @@ subprojects {
 		implementation 'commons-io:commons-io:2.16.1'
 		// CVE-2025-8885
 		implementation 'org.bouncycastle:bc-fips:2.1.1'
+		
+		implementation 'org.bouncycastle:bcpkix-fips:2.1.9'
 	}
 
 	// clear lib
@@ -249,6 +251,8 @@ project(':dgrv4_Gateway_serv'){
 		implementation 'io.netty:netty-codec:4.1.125.Final'
 
 		implementation 'io.netty:netty-tcnative-boringssl-static:2.0.61.Final'
+		
+		implementation 'com.google.code.gson:gson:2.10.1'
 	}
 
 	protobuf {

dgrv4_Common_lib/src/main/java/tpi/dgrv4/common/constant/TsmpDpAaRtnCode.java

@@ -426,6 +426,8 @@ public enum TsmpDpAaRtnCode implements ITsmpDpAaError<TsmpDpAaException> {
 	_1557(TsmpDpModule.DP5, "57", "啟用日期需要小於停用日期"),
 	_1558(TsmpDpModule.DP5, "58", "停用日期需要小於啟用日期"),
 	_1559(TsmpDpModule.DP5, "59", "{{0}}"),
+	_1560(TsmpDpModule.DP5, "60", "憑證過期"),
+
 	_1561(TsmpDpModule.DP5, "61", "對稱式加密失敗：{{0}}"),
 	_1562(TsmpDpModule.DP5, "62", "對稱式解密失敗：{{0}}"),
 
@@ -468,6 +470,7 @@ public enum TsmpDpAaRtnCode implements ITsmpDpAaError<TsmpDpAaException> {
 	_2036(TsmpDpModule.DP10, "36", "必須先移除預定下架日期"),
 	_2037(TsmpDpModule.DP10, "37", "上架日期需要小於下架日期"),
 	_2038(TsmpDpModule.DP10, "38", "下架日期需要小於上架日期"),
+	_2039(TsmpDpModule.DP10, "39", "啟用中，無法刪除"),
     ;
 
 	private TsmpDpModule module;

dgrv4_Common_lib/src/main/java/tpi/dgrv4/common/utils/autoInitSQL/Initializer/AiGatewayTableInitializer.java

@@ -0,0 +1,83 @@
+package tpi.dgrv4.common.utils.autoInitSQL.Initializer;
+
+import lombok.Builder;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+@Service
+public class AiGatewayTableInitializer {
+
+    @Builder
+    public record AiEngineProvider(
+            Long id,
+            String name,
+            String alias,
+            String model,
+            String generateAPI,
+            String countTokenAPI
+    ) {}
+
+    @Builder
+    public record AiPromptTemplate(
+            Long id,
+            String name,
+            String content,
+            String remark
+    ) {}
+
+    public List<AiEngineProvider> defaultProviders() {
+        var google = AiEngineProvider.builder()
+                .name("Google");
+        var gemini_2_5_FlashLite = google
+                .id(1L)
+                .alias("Gemini 2.5 Flash Lite")
+                .model("gemini-2.5-flash-lite")
+                .generateAPI("https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash-lite:generateContent")
+                .countTokenAPI("https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash-lite:countTokens")
+                .build();
+
+        var gemini_2_5_Flash= google
+                .id(2L)
+                .alias("Gemini 2.5 Flash")
+                .model("gemini-2.5-flash")
+                .generateAPI("https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent")
+                .countTokenAPI("https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:countTokens")
+                .build();
+
+        var openai = AiEngineProvider.builder()
+                .name("OpenAI");
+
+        var gpt_4oMini = openai
+                .id(3L)
+                .alias("OpenAI GPT 4o Mini")
+                .model("gpt-4o-mini")
+                .generateAPI("https://api.openai.com/v1/responses")
+                .countTokenAPI("#")
+                .build();
+
+        var gpt_o1Mini = openai
+                .id(4L)
+                .alias("OpenAI GPT o1 Mini")
+                .model("o1-mini")
+                .generateAPI("https://api.openai.com/v1/responses")
+                .countTokenAPI("#")
+                .build();
+        return List.of(
+                gemini_2_5_FlashLite
+                ,gemini_2_5_Flash
+//                ,gpt_4oMini
+//                ,gpt_o1Mini
+        );
+    }
+
+    public List<AiPromptTemplate> defaultTemplates() {
+        var defaultTemplate = AiPromptTemplate.builder()
+                .id(1L)
+                .name("Default")
+                .content("")
+                .remark("ai prompt default template")
+                .build();
+        return List.of(defaultTemplate);
+    }
+}

dgrv4_Common_lib/src/main/java/tpi/dgrv4/common/utils/autoInitSQL/Initializer/TsmpFuncTableInitializer.java

@@ -11,6 +11,7 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
+@SuppressWarnings("java:S1192")
 @Service
 public class TsmpFuncTableInitializer {
 
@@ -43,7 +44,9 @@ public class TsmpFuncTableInitializer {
 			//系統現況查詢
 			"NP05","NP0504","NP0512","NP0513","NP0514","NP0516","NP1201","NP1202",
 			//系統設定
-			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012"		
+			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012",
+			// AI Gateway
+			"AI00","AI0001","AI0002","AI0003","AI0004","AI0005",
 	};	
 	public static final String[] ENTERPRISE = new String[] {
 			//v4-權限管理
@@ -65,7 +68,9 @@ public class TsmpFuncTableInitializer {
 			//系統現況查詢
 			"NP05","NP0504","NP0513","NP0514","NP0516","NP1201","NP1202",
 			//系統設定
-			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012"
+			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012",
+			// AI Gateway
+			"AI00","AI0001","AI0002","AI0003","AI0004","AI0005",
 	};
 	public static final String[] ENTERPRISE_LITE = new String[] {
 			//v4-權限管理
@@ -82,13 +87,15 @@ public class TsmpFuncTableInitializer {
 			//20250407 no execute
 			//"AC13","AC1301","AC1302","AC1303","AC1304","AC1305",
 			//用戶憑證管理
-			"NP02","NP0201","NP0202","NP0203","NP0204",
+			"NP02","NP0201","NP0202","NP0203","NP0204","NP0205",
 			//各類申請單
 			"NP03","NP0304","NP0401","NP0402",
 			//系統現況查詢
 			"NP05","NP0504","NP0513","NP0514","NP0516","NP1201","NP1202",
 			//系統設定
-			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012"
+			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012",
+			// AI Gateway
+			"AI00","AI0001","AI0002","AI0003","AI0004","AI0005",
 	};
 	public static final String[] EXPRESS = new String[] {
 			//v4-權限管理
@@ -105,13 +112,15 @@ public class TsmpFuncTableInitializer {
 			//20250407 no execute
 			//"AC13","AC1301","AC1302","AC1303","AC1304","AC1305",
 			//用戶憑證管理
-			"NP02","NP0201","NP0202","NP0203","NP0204",
+			"NP02","NP0201","NP0202","NP0203","NP0204","NP0205",
 			//各類申請單
 			"NP03","NP0304","NP0401","NP0402",
 			//系統現況查詢
 			"NP05","NP0504","NP0513","NP0514","NP0516","NP1201","NP1202",
 			//系統設定
-			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012"
+			"LB00","LB0001","LB0002","LB0003","LB0004","LB0005","LB0006","LB0007","LB0008","LB0009","LB0010","LB0011","LB0012",
+			// AI Gateway
+			"AI00","AI0001","AI0002","AI0003","AI0004","AI0005",
 	};
 
 	public List<TsmpFuncVo> insertTsmpFunc(LicenseEditionTypeVo licenseEdition, boolean isOsType) {
@@ -172,8 +181,8 @@ public List<TsmpFuncVo> insertTsmpFunc(LicenseEditionTypeVo licenseEdition, bool
 	    	createTsmpFunc("AC0501","digiRunner監控","digiRunnerMonitor","digiRunner Server監控",null,"zh-TW","manager",DateTimeUtil.now());
 	    	createTsmpFunc("AC0502","System Resource","","digiRunnerDashboard",null,"en-US","manager",DateTimeUtil.now());
 	    	createTsmpFunc("AC0502","digiRunner儀表板","digiRunnerDashboard","digiRunner儀表板",null,"zh-TW","manager",DateTimeUtil.now());
-	    	createTsmpFunc("AC0503","API Abnormal Report","API Abnormal Report","API Abnormal Report","","en-US","manager",DateTimeUtil.now());
-            createTsmpFunc("AC0503","API異常報表","API Abnormal Report","API異常報表","","zh-TW","manager",DateTimeUtil.now());
+	    	createTsmpFunc("AC0503","API Abnormal Real-time Information","API Abnormal Real-time Information","API Abnormal Real-time Information","","en-US","manager",DateTimeUtil.now());
+            createTsmpFunc("AC0503","API異常即時資訊","API Abnormal Real-time Information","API異常即時資訊","","zh-TW","manager",DateTimeUtil.now());
 	    	createTsmpFunc("AC0508","Elastic Stack","","Monitor and explore system data effortlessly using interactive ELK dashboards powered by Elastic Stack.",null,"en-US","manager",DateTimeUtil.now());
 	    	createTsmpFunc("AC0508","ELK儀表板","","",null,"zh-TW","manager",DateTimeUtil.now());
 
@@ -329,6 +338,19 @@ public List<TsmpFuncVo> insertTsmpFunc(LicenseEditionTypeVo licenseEdition, bool
 
 	    	createTsmpFunc("LB0010","Bot Detection","Bot Detection","botDetection","","en-US","manager",DateTimeUtil.now());
 	    	createTsmpFunc("LB0010","Bot Detection","Bot Detection","botDetection","","zh-TW","manager",DateTimeUtil.now());
+
+			createTsmpFunc("AI00","AI Gateway","AI Gateway","aiGateway","","en-US","manager",DateTimeUtil.now());
+			createTsmpFunc("AI00","AI Gateway","AI Gateway","aiGateway","","zh-TW","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0001","AI Provider","AI Provider","aiProvider","","en-US","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0001","AI 供應商","AI 供應商","aiProvider","","zh-TW","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0002","AI APIKEY","AI APIKEY","aiAPIKEY","","en-US","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0002","AI APIKEY","AI APIKEY","aiAPIKEY","","zh-TW","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0003","AI APIKEY USAGE","AI APIKEY USAGE","aiAPIKEYUsage","","en-US","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0003","AI APIKEY 使用情況","AI APIKEY 使用情況","aiAPIKEYUsage","","zh-TW","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0004","AI Prompt Template","AI Prompt Template","aiPromptTemplate","","en-US","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0004","AI 提示詞樣版","AI 提示詞樣版","aiPromptTemplate","","zh-TW","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0005","User AI Prompt Template","User AI Prompt Template","userAiPromptTemplateSetting","","en-US","manager",DateTimeUtil.now());
+			createTsmpFunc("AI0005","使用者 AI 提示詞樣版設定","使用者預設 AI 提示詞樣版設定","userAiPromptTemplateSetting","","zh-TW","manager",DateTimeUtil.now());
 
 			createTsmpFunc("LB0011","Webhook","Webhook","Real time event notification mechanism","","en-US","manager",DateTimeUtil.now());
 			createTsmpFunc("LB0011","Webhook","Webhook","即時事件通知推送機制","","zh-TW","manager",DateTimeUtil.now());

dgrv4_Common_lib/src/main/java/tpi/dgrv4/common/utils/autoInitSQL/Initializer/TsmpRtnCodeTableInitializer.java

@@ -1041,13 +1041,18 @@ public List<TsmpRtnCodeVo> insertTsmpRtnCode() {
 			// 20240905, 自訂錯誤訊息, Mini Lee
 		    createTsmpRtnCode((tsmpRtnCodeColumn = "1559"), (locale = "zh-TW"), (tsmpRtnMsg = "{{0}}"), (tsmpRtnDesc = ""));
 		    createTsmpRtnCode((tsmpRtnCodeColumn = "1559"), (locale = "en-US"), (tsmpRtnMsg = "{{0}}"), (tsmpRtnDesc = ""));
+
 
 		    // 20250206, 對稱式加密/解密失敗訊息, Mini Lee
 		    createTsmpRtnCode((tsmpRtnCodeColumn = "1561"), (locale = "zh-TW"), (tsmpRtnMsg = "對稱式加密失敗：{{0}}"), (tsmpRtnDesc = ""));
 		    createTsmpRtnCode((tsmpRtnCodeColumn = "1561"), (locale = "en-US"), (tsmpRtnMsg = "Symmetric encryption error: {{0}}"), (tsmpRtnDesc = ""));
 
 			createTsmpRtnCode((tsmpRtnCodeColumn = "1562"), (locale = "zh-TW"), (tsmpRtnMsg = "對稱式解密失敗：{{0}}"), (tsmpRtnDesc = ""));
 		    createTsmpRtnCode((tsmpRtnCodeColumn = "1562"), (locale = "en-US"), (tsmpRtnMsg = "Symmetric decryption error: {{0}}"), (tsmpRtnDesc = ""));
+			// 20250116, 刪除失敗，狀態為啟用中, Zoe Lee
+			createTsmpRtnCode((tsmpRtnCodeColumn = "2039"), (locale = "zh-TW"), (tsmpRtnMsg = "啟用中，無法刪除"), (tsmpRtnDesc = ""));
+			createTsmpRtnCode((tsmpRtnCodeColumn = "2039"), (locale = "en-US"), (tsmpRtnMsg = "Enabled, cannot be deleted."), (tsmpRtnDesc = ""));
+
 
 			// 20250701, 查無簽核關卡設定訊息, Kevin Cheng
 			createTsmpRtnCode((tsmpRtnCodeColumn = "1565"), (locale = "zh-TW"), (tsmpRtnMsg = "查無簽核關卡設定，應設定簽核關卡"), (tsmpRtnDesc = ""));
@@ -1056,9 +1061,12 @@ public List<TsmpRtnCodeVo> insertTsmpRtnCode() {
 			// 20250722, 結束日期不可小於開始日期, Kevin Cheng
 			createTsmpRtnCode((tsmpRtnCodeColumn = "1566"), (locale = "zh-TW"), (tsmpRtnMsg = "結束日期不可小於開始日期"), (tsmpRtnDesc = ""));
 			createTsmpRtnCode((tsmpRtnCodeColumn = "1566"), (locale = "en-US"), (tsmpRtnMsg = "End date cannot be less than start date"), (tsmpRtnDesc = ""));
-		
-		
-		
+
+			// 20250723, 憑證過期, Zoe Lee
+			createTsmpRtnCode((tsmpRtnCodeColumn = "1560"), (locale = "zh-TW"), (tsmpRtnMsg = "憑證過期"), (tsmpRtnDesc = ""));
+			createTsmpRtnCode((tsmpRtnCodeColumn = "1560"), (locale = "en-US"), (tsmpRtnMsg = "The Certificate has expired."), (tsmpRtnDesc = ""));
+
+
 		} catch (Exception e) {
 			StackTraceUtil.logStackTrace(e);
 			throw e;

dgrv4_Common_lib/src/main/java/tpi/dgrv4/common/utils/autoInitSQL/Initializer/TsmpSettingTableInitializer.java

@@ -305,6 +305,11 @@ public List<TsmpSettingVo> insertTsmpSetting() {
 //			-- 2025/06/10 Audit log retention days, Kevin Cheng
 			createTsmpSetting((id = "AUDIT_LOG_RETENTION_DAYS"), (value = "0"), (memo = "Audit log retention days, default: 0, setting to 0 means using gov_long time setting"));
 
+			//  --2025/07/31 kibana allowlist ,Zoe Lee
+			createTsmpSetting((id = "KIBANA_REFERER_ALLOWLIST"),(value = "/app/dashboards,/app/discover,/app/monitoring"),(memo = "Allowed Referer list for Kibana. Multiple paths should be separated by \",\"."));
+
+
+
 		} catch (Exception e) {
 			StackTraceUtil.logStackTrace(e);
 			throw e;

dgrv4_Entity_lib/src/main/java/tpi/dgrv4/entity/entity/DgrAiApiKey.java

@@ -0,0 +1,103 @@
+package tpi.dgrv4.entity.entity;
+
+
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
+import jakarta.persistence.*;
+import lombok.*;
+import lombok.experimental.Accessors;
+import org.hibernate.annotations.OnDelete;
+import org.hibernate.annotations.OnDeleteAction;
+import tpi.dgrv4.codec.constant.RandomLongTypeEnum;
+import tpi.dgrv4.common.utils.DateTimeUtil;
+import tpi.dgrv4.entity.component.dgrSeq.DgrSeq;
+
+import java.util.Date;
+import java.util.List;
+
+@Builder
+@Data
+@Entity
+@Table(name = "dgr_ai_apikey")
+@NoArgsConstructor
+@AllArgsConstructor
+@Accessors(chain = true)
+public class DgrAiApiKey implements DgrSequenced {
+
+    @JsonSerialize(using = ToStringSerializer.class)
+    @Id
+    @DgrSeq(strategy = RandomLongTypeEnum.YYYYMMDD)
+    @Column(name = "ai_apikey_id")
+    private Long id;
+
+    @Column(name = "ai_apikey_name")
+    private String aiApikeyName;
+
+
+    @ManyToOne
+    @JoinColumn(name = "ai_provider_id", referencedColumnName = "ai_provider_id")
+    private DgrAiProvider dgrAiProvider; // 多個 api key 可能屬於一個 provider
+
+    @JsonIgnore
+    @ToString.Exclude
+    @OneToMany(mappedBy = "dgrAiApiKey", fetch = FetchType.EAGER)
+    private List<DgrAiApiKeyUsage> dgrAiApiKeyUsages; // 1 個 key 對應多個 usage
+
+    @Column(name = "ai_apikey_code")
+    private String aiApikeyCode;
+
+    @JsonSerialize(using = ToStringSerializer.class)
+    @Builder.Default
+    @Column(name = "usage_limit_input_token")
+    private Long usageLimitInputToken = 0L;
+
+    @JsonSerialize(using = ToStringSerializer.class)
+    @Builder.Default
+    @Column(name = "usage_limit_output_token")
+    private Long usageLimitOutputToken = 0L;
+
+    @Column(name = "usage_limit_policy")
+    private String usageLimitPolicy;
+
+    @JsonSerialize(using = ToStringSerializer.class)
+    @Builder.Default
+    @Column(name = "usage_input_token_count")
+    private Long usageInputTokenCount = 0L;
+
+    @JsonSerialize(using = ToStringSerializer.class)
+    @Builder.Default
+    @Column(name = "usage_output_token_count")
+    private Long usageOutputTokenCount = 0L;
+
+//    @Column(name = "backup_key_id")
+//    private Long backupKeyId;
+
+    @Column(name = "ai_apikey_enable")
+    private String aiApikeyEnable;
+
+    @Builder.Default
+    @Column(name = "create_date_time")
+    private Date createDateTime = DateTimeUtil.now();
+
+    @Builder.Default
+    @Column(name = "create_user")
+    private String createUser = "SYSTEM";
+
+    @Column(name = "update_date_time")
+    private Date updateDateTime;
+
+    @Column(name = "update_user")
+    private String updateUser;
+
+    @JsonSerialize(using = ToStringSerializer.class)
+    @Builder.Default
+    @Column(name = "version")
+    private Long version = 1L;
+
+    @Override
+    public Long getPrimaryKey() {
+        return id;
+    }
+}