mirror of
https://github.com/chatopera/cosin.git
synced 2025-08-01 16:38:02 +08:00
#866 只支持https,默认启用Http2
This commit is contained in:
duke
parent
4ab36cdc57
commit
81fe5bf6a6
@ -14,24 +14,18 @@
|
||||
*/
|
||||
package com.cskefu.cc.config;
|
||||
|
||||
import com.cskefu.cc.basic.MainUtils;
|
||||
import com.cskefu.cc.exception.InstantMessagingExceptionListener;
|
||||
import com.corundumstudio.socketio.AuthorizationListener;
|
||||
import com.corundumstudio.socketio.Configuration;
|
||||
import com.corundumstudio.socketio.HandshakeData;
|
||||
import com.corundumstudio.socketio.SocketIOServer;
|
||||
import com.corundumstudio.socketio.annotation.SpringAnnotationScanner;
|
||||
import com.cskefu.cc.exception.InstantMessagingExceptionListener;
|
||||
import jakarta.annotation.PreDestroy;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
|
||||
import jakarta.annotation.PreDestroy;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Properties;
|
||||
|
||||
@org.springframework.context.annotation.Configuration
|
||||
public class MessagingServerConfigure {
|
||||
@ -41,12 +35,18 @@ public class MessagingServerConfigure {
|
||||
@Value("${uk.im.server.port}")
|
||||
private Integer port;
|
||||
|
||||
@Value("${cs.im.server.ssl.port}")
|
||||
private Integer sslPort;
|
||||
|
||||
@Value("${web.upload-path}")
|
||||
private String path;
|
||||
|
||||
@Value("${server.ssl.key-store}")
|
||||
private String keyStore;
|
||||
//
|
||||
// @Value("${server.ssl.key-store-type}")
|
||||
// private String keyStoreType;
|
||||
|
||||
@Value("${server.ssl.key-store-password}")
|
||||
private String keyStorepassword;
|
||||
|
||||
@Value("${uk.im.server.threads}")
|
||||
private String threads;
|
||||
|
||||
@ -54,11 +54,7 @@ public class MessagingServerConfigure {
|
||||
|
||||
@Bean(name = "webimport")
|
||||
public Integer getWebIMPort() {
|
||||
if (sslPort != null) {
|
||||
return sslPort;
|
||||
} else {
|
||||
return port;
|
||||
}
|
||||
return port;
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ -69,7 +65,7 @@ public class MessagingServerConfigure {
|
||||
tmpConfig.setReuseAddress(true);
|
||||
config.setSocketConfig(tmpConfig);
|
||||
|
||||
// config.setHostname("localhost");
|
||||
// config.setHostname(host);
|
||||
config.setPort(port);
|
||||
|
||||
// config.getSocketConfig().setReuseAddress(true);
|
||||
@ -77,26 +73,8 @@ public class MessagingServerConfigure {
|
||||
// config.setOrigin("*");
|
||||
config.setExceptionListener(new InstantMessagingExceptionListener());
|
||||
|
||||
File sslFile = new File(path, "ssl/https.properties");
|
||||
if (sslFile.exists()) {
|
||||
Properties sslProperties = new Properties();
|
||||
|
||||
try (FileInputStream in = new FileInputStream(sslFile)) {
|
||||
sslProperties.load(in);
|
||||
}
|
||||
if (StringUtils.isNotBlank(sslProperties.getProperty("key-store")) && StringUtils.isNotBlank(
|
||||
sslProperties.getProperty("key-store-password"))) {
|
||||
config.setKeyStorePassword(MainUtils.decryption(sslProperties.getProperty("key-store-password")));
|
||||
InputStream stream = new FileInputStream(
|
||||
new File(path, "ssl/" + sslProperties.getProperty("key-store")));
|
||||
config.setKeyStore(stream);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// config.setSSLProtocol("https");
|
||||
int workThreads = StringUtils.isNotBlank(threads) && threads.matches("[\\d]{1,6}") ? Integer.parseInt(
|
||||
threads) : 100;
|
||||
int workThreads = StringUtils.isNotBlank(threads) && threads.matches("[\\d]{1,6}") ? Integer.parseInt(threads) : 100;
|
||||
config.setWorkerThreads(workThreads);
|
||||
// config.setStoreFactory(new HazelcastStoreFactory());
|
||||
config.setAuthorizationListener(data -> true);
|
||||
@ -105,6 +83,10 @@ public class MessagingServerConfigure {
|
||||
config.getSocketConfig().setTcpNoDelay(true);
|
||||
config.getSocketConfig().setTcpKeepAlive(true);
|
||||
|
||||
//设置https
|
||||
InputStream keyStoreStream = this.getClass().getResourceAsStream("/" + keyStore.split(":")[1]); // 读取证书文件流
|
||||
config.setKeyStore(keyStoreStream); // 设置证书文件
|
||||
config.setKeyStorePassword(keyStorepassword); // 设置证书密码
|
||||
return server = new SocketIOServer(config);
|
||||
}
|
||||
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
package com.cskefu.cc.config;
|
||||
|
||||
import org.apache.catalina.connector.Connector;
|
||||
import org.apache.coyote.ProtocolHandler;
|
||||
import org.apache.coyote.http11.Http11NioProtocol;
|
||||
import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
|
||||
@ -30,10 +30,8 @@ import com.cskefu.cc.persistence.repository.SystemMessageRepository;
|
||||
import com.cskefu.cc.persistence.repository.TemplateRepository;
|
||||
import com.cskefu.cc.util.Menu;
|
||||
import com.corundumstudio.socketio.SocketIOServer;
|
||||
import org.apache.commons.io.FileUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.validation.BindingResult;
|
||||
@ -44,25 +42,16 @@ import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.validation.Valid;
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.sql.SQLException;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
|
||||
@Controller
|
||||
@RequestMapping("/admin/config")
|
||||
public class SystemConfigController extends Handler {
|
||||
|
||||
@Value("${uk.im.server.port}")
|
||||
private Integer port;
|
||||
|
||||
@Value("${web.upload-path}")
|
||||
private String path;
|
||||
|
||||
@Autowired
|
||||
private SocketIOServer server;
|
||||
|
||||
@ -207,9 +196,6 @@ public class SystemConfigController extends Handler {
|
||||
@Valid Secret secret) throws SQLException, IOException, NoSuchAlgorithmException {
|
||||
SystemConfig systemConfig = systemConfigRes.findOne();
|
||||
String msg = "0";
|
||||
if (StringUtils.isBlank(config.getJkspassword())) {
|
||||
config.setJkspassword(null);
|
||||
}
|
||||
if (systemConfig == null) {
|
||||
config.setCreater(super.getUser(request).getId());
|
||||
config.setCreatetime(new Date());
|
||||
@ -217,29 +203,6 @@ public class SystemConfigController extends Handler {
|
||||
} else {
|
||||
MainUtils.copyProperties(config, systemConfig);
|
||||
}
|
||||
if (config.isEnablessl()) {
|
||||
if (keyfile != null && keyfile.getBytes() != null && keyfile.getBytes().length > 0 && keyfile.getOriginalFilename() != null && keyfile.getOriginalFilename().length() > 0) {
|
||||
FileUtils.writeByteArrayToFile(
|
||||
new File(path, "ssl/" + keyfile.getOriginalFilename()), keyfile.getBytes());
|
||||
systemConfig.setJksfile(keyfile.getOriginalFilename());
|
||||
File sslFilePath = new File(path, "ssl/https.properties");
|
||||
if (!sslFilePath.getParentFile().exists()) {
|
||||
sslFilePath.getParentFile().mkdirs();
|
||||
}
|
||||
Properties prop = new Properties();
|
||||
FileOutputStream oFile = new FileOutputStream(sslFilePath);//true表示追加打开
|
||||
prop.setProperty("key-store-password", MainUtils.encryption(systemConfig.getJkspassword()));
|
||||
prop.setProperty("key-store", systemConfig.getJksfile());
|
||||
prop.store(oFile, "SSL Properties File");
|
||||
oFile.close();
|
||||
}
|
||||
} else if (new File(path, "ssl").exists()) {
|
||||
File[] sslFiles = new File(path, "ssl").listFiles();
|
||||
for (File sslFile : sslFiles) {
|
||||
sslFile.delete();
|
||||
}
|
||||
}
|
||||
|
||||
if (loginlogo != null && StringUtils.isNotBlank(
|
||||
loginlogo.getOriginalFilename()) && loginlogo.getOriginalFilename().lastIndexOf(".") > 0) {
|
||||
systemConfig.setLoginlogo(super.saveImageFileWithMultipart(loginlogo));
|
||||
|
||||
@ -85,9 +85,6 @@ public class IMController extends Handler {
|
||||
@Value("${uk.im.server.port}")
|
||||
private Integer port;
|
||||
|
||||
@Value("${cs.im.server.ssl.port}")
|
||||
private Integer sslPort;
|
||||
|
||||
@Value("${web.upload-path}")
|
||||
private String path;
|
||||
|
||||
@ -185,18 +182,9 @@ public class IMController extends Handler {
|
||||
CousultInvite consultInvite = consultInviteRes.findBySnsaccountid(id);
|
||||
view.addObject("hostname", request.getServerName());
|
||||
SystemConfig systemConfig = MainUtils.getSystemConfig();
|
||||
if (systemConfig != null && systemConfig.isEnablessl()) {
|
||||
view.addObject("schema", "https");
|
||||
if (request.getServerPort() == 80) {
|
||||
view.addObject("port", 443);
|
||||
} else {
|
||||
view.addObject("port", request.getServerPort());
|
||||
}
|
||||
} else {
|
||||
view.addObject("schema", super.getSchema(request));
|
||||
view.addObject("port", request.getServerPort());
|
||||
}
|
||||
|
||||
view.addObject("schema", super.getSchema(request));
|
||||
view.addObject("port", request.getServerPort());
|
||||
view.addObject("appid", id);
|
||||
view.addObject("userid", userid);
|
||||
view.addObject("title", title);
|
||||
@ -241,17 +229,8 @@ public class IMController extends Handler {
|
||||
view.addObject("webimexist", webimexist);
|
||||
|
||||
SystemConfig systemConfig = MainUtils.getSystemConfig();
|
||||
if (systemConfig != null && systemConfig.isEnablessl()) {
|
||||
view.addObject("schema", "https");
|
||||
if (request.getServerPort() == 80) {
|
||||
view.addObject("port", 443);
|
||||
} else {
|
||||
view.addObject("port", request.getServerPort());
|
||||
}
|
||||
} else {
|
||||
view.addObject("schema", super.getSchema(request));
|
||||
view.addObject("port", request.getServerPort());
|
||||
}
|
||||
view.addObject("schema", super.getSchema(request));
|
||||
view.addObject("port", request.getServerPort());
|
||||
|
||||
view.addObject("appid", id);
|
||||
view.addObject("client", MainUtils.getUUID());
|
||||
@ -683,13 +662,7 @@ public class IMController extends Handler {
|
||||
|
||||
String schema = super.getSchema(request);
|
||||
|
||||
if (StringUtils.equals(schema, "https")) {
|
||||
map.addAttribute("port", 443);
|
||||
} else if (sslPort != null) {
|
||||
map.addAttribute("port", sslPort);
|
||||
} else {
|
||||
map.addAttribute("port", port);
|
||||
}
|
||||
map.addAttribute("port", port);
|
||||
|
||||
map.addAttribute("appid", appid);
|
||||
map.addAttribute("userid", userid);
|
||||
|
||||
@ -63,7 +63,7 @@ public class InstantMessagingExceptionListener extends ExceptionListenerAdapter
|
||||
}else{
|
||||
logger.error(e.getMessage(), e);
|
||||
}
|
||||
ctx.close();
|
||||
// ctx.close();//TODO lecjy
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -102,24 +102,13 @@ public class UserInterceptorHandler implements HandlerInterceptor {
|
||||
HttpServletRequest request, HttpServletResponse response, Object arg2,
|
||||
ModelAndView view) {
|
||||
final User user = (User) request.getSession().getAttribute(Constants.USER_SESSION_NAME);
|
||||
final String infoace = (String) request.getSession().getAttribute(
|
||||
Constants.CSKEFU_SYSTEM_INFOACQ); // 进入信息采集模式
|
||||
final String infoace = (String) request.getSession().getAttribute(Constants.CSKEFU_SYSTEM_INFOACQ); // 进入信息采集模式
|
||||
final SystemConfig systemConfig = MainUtils.getSystemConfig();
|
||||
if (view != null) {
|
||||
if (user != null) {
|
||||
view.addObject("user", user);
|
||||
|
||||
if (systemConfig != null && systemConfig.isEnablessl()) {
|
||||
view.addObject("schema", "https");
|
||||
if (request.getServerPort() == 80) {
|
||||
view.addObject("port", 443);
|
||||
} else {
|
||||
view.addObject("port", request.getServerPort());
|
||||
}
|
||||
} else {
|
||||
view.addObject("schema", request.getScheme());
|
||||
view.addObject("port", request.getServerPort());
|
||||
}
|
||||
view.addObject("schema", request.getScheme());
|
||||
view.addObject("port", request.getServerPort());
|
||||
view.addObject("hostname", request.getServerName());
|
||||
|
||||
HandlerMethod handlerMethod = (HandlerMethod) arg2;
|
||||
|
||||
@ -45,9 +45,6 @@ public class SystemConfig implements java.io.Serializable {
|
||||
private Date createtime;
|
||||
private Date updatetime;
|
||||
private String loglevel;
|
||||
private boolean enablessl;
|
||||
private String jksfile;
|
||||
private String jkspassword;
|
||||
private String mapkey;
|
||||
private boolean workorders; //工单启用三栏布局
|
||||
private String iconstr; //修改服务器url地址
|
||||
@ -201,30 +198,6 @@ public class SystemConfig implements java.io.Serializable {
|
||||
this.loglevel = loglevel;
|
||||
}
|
||||
|
||||
public boolean isEnablessl() {
|
||||
return enablessl;
|
||||
}
|
||||
|
||||
public void setEnablessl(boolean enablessl) {
|
||||
this.enablessl = enablessl;
|
||||
}
|
||||
|
||||
public String getJksfile() {
|
||||
return jksfile;
|
||||
}
|
||||
|
||||
public void setJksfile(String jksfile) {
|
||||
this.jksfile = jksfile;
|
||||
}
|
||||
|
||||
public String getJkspassword() {
|
||||
return jkspassword;
|
||||
}
|
||||
|
||||
public void setJkspassword(String jkspassword) {
|
||||
this.jkspassword = jkspassword;
|
||||
}
|
||||
|
||||
public String getMapkey() {
|
||||
return mapkey;
|
||||
}
|
||||
|
||||
@ -23,14 +23,13 @@ management.security.enabled=false
|
||||
server.session-timeout=86400
|
||||
server.threads.max=2000
|
||||
server.connection.max=2000
|
||||
server.port=8035
|
||||
server.port=8443
|
||||
server.context-path=/
|
||||
|
||||
# IM Server
|
||||
uk.im.server.port=8036
|
||||
uk.im.server.host=localhost
|
||||
uk.im.server.host=www.cskefu.com
|
||||
uk.im.server.threads=1000
|
||||
cs.im.server.ssl.port=
|
||||
|
||||
spring.mvc.servlet.load-on-startup=1
|
||||
spring.servlet.multipart.enabled=true
|
||||
@ -173,3 +172,11 @@ extras.auth.super-admin.pass=
|
||||
extras.log.request=off
|
||||
|
||||
spring.jpa.properties.hibernate.allow_update_outside_transaction=true
|
||||
##############################################
|
||||
# ssl
|
||||
##############################################
|
||||
server.ssl.key-store=classpath:cskefu.jks
|
||||
server.ssl.key-alias=cskefu
|
||||
server.ssl.key-store-password=123456
|
||||
|
||||
server.http2.enabled=true
|
||||
|
||||
BIN
contact-center/app/src/main/resources/cskefu.jks
Normal file
BIN
contact-center/app/src/main/resources/cskefu.jks
Normal file
Binary file not shown.
@ -181,37 +181,6 @@ block content
|
||||
select(name='loglevel', lay-filter='sysconfig')
|
||||
option(value="info", selected = (systemConfig.loglevel == 'info'?'selected' : false)) INFO
|
||||
option(value="debug", selected = (systemConfig.loglevel == 'debug'?'selected' : false)) DEBUG
|
||||
.ukefu-webim-prop(hidden)
|
||||
.ukefu-webim-tl(style='clear:both;') 启用服务SSL安全访问
|
||||
.box-item
|
||||
.row
|
||||
.col-lg-8
|
||||
p 启用 SSL 安全协议
|
||||
p(style='color:#888888;font-size:13px;margin-top:10px;') 启用后需要上传SSL证书和设置SSL证书密码
|
||||
.col-lg-4(style='text-align:right;')
|
||||
input(type="checkbox" title="启用" name="enablessl" lay-filter="enablessl" value="1", checked=(systemConfig.enablessl?'checked':false))
|
||||
.row.httpsconfig(style='margin-top:20px;display:' + (systemConfig.enablessl == false? "none;":"block;"))
|
||||
.col-lg-8
|
||||
p
|
||||
| JKS 证书文件
|
||||
span(style='color:red;font-weight:bold;')= systemConfig.jksfile
|
||||
p(style='color:#888888;font-size:13px;margin-top:10px;').
|
||||
受信的SSL证书文件,请上传.JKS类型的证书文件
|
||||
.col-lg-4(style='text-align:right;')
|
||||
span#jkstip
|
||||
.layui-box.layui-upload-button
|
||||
input.layui-upload-file(type='file', name='keyfile', accept='.jks', lay-ext='jks', onchange='$(\'#jkstip\').html($(this).val());')
|
||||
span.layui-upload-icon
|
||||
i.layui-icon
|
||||
| 上传 JKS 文件
|
||||
.row.httpsconfig(style='margin-top:20px;display:' + (systemConfig.enablessl == false ? 'none;':'block;'))
|
||||
.col-lg-8
|
||||
p JKS证书密码
|
||||
p(style='color:#888888;font-size:13px;margin-top:10px;')
|
||||
| .JKS文件的证书密码,
|
||||
b(style='color:red;font-weight:bold;') 如无改变,不用填写
|
||||
.col-lg-4(style='text-align:right;')
|
||||
input.layui-input(type='password', name='jkspassword', autocomplete='off')
|
||||
.ukefu-webim-prop(hidden)
|
||||
.ukefu-webim-tl(style='clear:both;') 启用涉及重要操作的二次验证密码
|
||||
.box-item
|
||||
@ -514,13 +483,6 @@ block content
|
||||
layui.use('form', function(){
|
||||
var form = layui.form();
|
||||
form.render('select'); //刷新select选择框渲染
|
||||
form.on("checkbox(enablessl)" , function(data){
|
||||
if(data.elem.checked == true){
|
||||
$('.httpsconfig').show();
|
||||
}else{
|
||||
$('.httpsconfig').hide();
|
||||
}
|
||||
})
|
||||
form.on("checkbox(enable)" , function(data){
|
||||
if(data.elem.checked == true){
|
||||
$('.elablesec').show();
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
'chat-list-item': true,
|
||||
'active': (curagentuser.id == agentuser.id)
|
||||
}, id='agentuser_' + agentuser.userid, remove-id=agentuser.id, data-id=agentuser.userid)
|
||||
a(href='/agent/agentuser.html?id=' + agentuser.id + '&channel=' + agentuser.channeltype, data-toggle="load", data-target="#ukefu-chat-agent", onclick="$('.chat-list-item.active').removeClass('active');$(this).closest('li.chat-list-item').addClass('active');cleanTopMsgTip(this) ;$('#last_msg_#{agentuser.userid}').text(0).hide();")
|
||||
a(href='/agent/agentuser.html?id=' + agentuser.id + '&channel=' + agentuser.channeltype, data-toggle="load", data-target="#ukefu-chat-agent", onclick="$('.chat-list-item.active').removeClass('active');$(this).closest('li.chat-list-item').addClass('active');cleanTopMsgTip(this) ;$('#last_msg_" + agentuser.userid + "').text(0).hide();")
|
||||
img(src=(agentuser.headimgurl && agentuser.headimgurl != '' ? agentuser.headimgurl : '/images/im/user.png'), style="width:45px;height:45px;")
|
||||
if agentuser.status && agentuser.status == 'end'
|
||||
if agentuser.channeltype && agentuser.channeltype == "weixin"
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
'chat-list-item': true,
|
||||
'active': (curagentuser.id == agentuser.id)
|
||||
}, id='agentuser_' + agentuser.userid, remove-id=agentuser.id, data-id=agentuser.userid)
|
||||
a(href='/apps/cca/agentuser.html?id=' + agentuser.id + '&channel=' + agentuser.channeltype, data-toggle="load", data-target="#ukefu-chat-agent", onclick="$('.chat-list-item.active').removeClass('active');$(this).closest('li.chat-list-item').addClass('active');cleanTopMsgTip(this) ;$('#last_msg_#{agentuser.userid}').text(0).hide();")
|
||||
a(href='/apps/cca/agentuser.html?id=' + agentuser.id + '&channel=' + agentuser.channeltype, data-toggle="load", data-target="#ukefu-chat-agent", onclick="$('.chat-list-item.active').removeClass('active');$(this).closest('li.chat-list-item').addClass('active');cleanTopMsgTip(this) ;$('#last_msg_" + agentuser.userid + "').text(0).hide();")
|
||||
img(src=(agentuser.headimgurl && agentuser.headimgurl != '' ? agentuser.headimgurl : '/images/im/user.png'), style="width:45px;height:45px;")
|
||||
if agentuser.status && agentuser.status == 'end'
|
||||
if agentuser.channeltype && agentuser.channeltype == "weixin"
|
||||
|
||||
@ -16,7 +16,7 @@ if agentUserList
|
||||
'chat-list-item': true,
|
||||
'active': (curagentuser.id == agentuser.id)
|
||||
}, id='agentuser_' + agentuser.userid, remove-id=agentuser.id, data-id=agentuser.userid)
|
||||
a(href='/apps/cca/agentuser.html?id=' + agentuser.id + '&channel=' + agentuser.channeltype, data-toggle="load", data-target="#ukefu-chat-agent", onclick="$('.chat-list-item.active').removeClass('active');$(this).closest('li.chat-list-item').addClass('active');Proxy.cleanTopMsgTip(1) ;$('#last_msg_#{agentuser.userid}').text(0).hide();")
|
||||
a(href='/apps/cca/agentuser.html?id=' + agentuser.id + '&channel=' + agentuser.channeltype, data-toggle="load", data-target="#ukefu-chat-agent", onclick="$('.chat-list-item.active').removeClass('active');$(this).closest('li.chat-list-item').addClass('active');Proxy.cleanTopMsgTip(1) ;$('#last_msg_" + agentuser.userid + "'").text(0).hide();")
|
||||
img(src=(agentuser.headimgurl && agentuser.headimgurl != '' ? agentuser.headimgurl : '/images/im/user.png'), style="width:45px;height:45px;")
|
||||
if agentuser.status && agentuser.status == 'end'
|
||||
if agentuser.channeltype && agentuser.channeltype == "weixin"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user