server: port: 8080 mode: release # debug, release read_timeout: 30 read_header_timeout: 10 write_timeout: 30 idle_timeout: 60 shutdown_timeout: 15 max_header_bytes: 1048576 database: type: sqlite # current runtime support: sqlite sqlite: path: ./data/user_management.db postgresql: host: localhost port: 5432 database: user_management username: postgres password: "" ssl_mode: disable max_open_conns: 100 max_idle_conns: 10 mysql: host: localhost port: 3306 database: user_management username: root password: "" charset: utf8mb4 max_open_conns: 100 max_idle_conns: 10 cache: l1: enabled: true max_size: 10000 ttl: 5m l2: enabled: false type: redis redis: addr: localhost:6379 password: "" db: 0 pool_size: 50 ttl: 30m redis: enabled: false addr: localhost:6379 password: "" db: 0 jwt: algorithm: HS256 # debug mode 使用 HS256 secret: "change-me-in-production-use-at-least-32-bytes-secret" access_token_expire_minutes: 120 # 2小时 refresh_token_expire_days: 7 # 7天 security: password_min_length: 8 password_require_special: true password_require_number: true login_max_attempts: 5 login_lock_duration: 30m ratelimit: enabled: true login: enabled: true algorithm: token_bucket capacity: 5 rate: 1 window: 1m register: enabled: true algorithm: leaky_bucket capacity: 3 rate: 1 window: 1h api: enabled: true algorithm: sliding_window capacity: 1000 window: 1m monitoring: prometheus: enabled: true path: /metrics tracing: enabled: false endpoint: http://localhost:4318 service_name: user-management-system logging: level: info # debug, info, warn, error format: json # json, text output: - stdout - ./logs/app.log rotation: max_size: 100 # MB max_age: 30 # days max_backups: 10 admin: username: "" password: "" email: "" cors: enabled: true allowed_origins: - "http://localhost:3000" - "http://127.0.0.1:3000" allowed_methods: - GET - POST - PUT - DELETE - OPTIONS allowed_headers: - Authorization - Content-Type - X-Requested-With - X-CSRF-Token allow_credentials: true max_age: 3600 email: host: "" # 生产环境填写真实 SMTP Host port: 587 username: "" password: "" from_email: "" from_name: "用户管理系统" sms: enabled: false provider: "" # aliyun, tencent;留空表示禁用短信能力 code_ttl: 5m resend_cooldown: 1m max_daily_limit: 10 aliyun: access_key_id: "" access_key_secret: "" sign_name: "" template_code: "" endpoint: "" region_id: "cn-hangzhou" code_param_name: "code" tencent: secret_id: "" secret_key: "" app_id: "" sign_name: "" template_id: "" region: "ap-guangzhou" endpoint: "" password_reset: token_ttl: 15m site_url: "http://localhost:8080" # OAuth 社交登录配置(留空则禁用对应 Provider) oauth: google: client_id: "" client_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/google/callback" wechat: app_id: "" app_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/wechat/callback" github: client_id: "" client_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/github/callback" qq: app_id: "" app_key: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/qq/callback" alipay: app_id: "" private_key: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/alipay/callback" sandbox: false douyin: client_key: "" client_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/douyin/callback" # Webhook 全局配置 webhook: enabled: true secret_header: "X-Webhook-Signature" # 签名 Header 名称 timeout_sec: 30 # 单次投递超时(秒) max_retries: 3 # 最大重试次数 retry_backoff: "exponential" # 退避策略:exponential / fixed worker_count: 4 # 后台投递协程数 queue_size: 1000 # 投递队列大小 # IP 安全配置 ip_security: auto_block_enabled: true # 是否启用自动封禁 auto_block_duration: 30m # 自动封禁时长 brute_force_threshold: 10 # 暴力破解阈值(窗口内失败次数) detection_window: 15m # 检测时间窗口