server: port: 18080 mode: release # debug, release read_timeout: 30s read_header_timeout: 10s write_timeout: 30s idle_timeout: 60s shutdown_timeout: 15s max_header_bytes: 1048576 database: type: sqlite # sqlite, postgresql, mysql sqlite: path: "D:/project/docs/evidence/ops/2026-03-24/backup-restore/20260324-072353/user_management.restored.db" postgresql: host: localhost port: 5432 database: user_management username: postgres password: password ssl_mode: disable max_open_conns: 100 max_idle_conns: 10 mysql: host: localhost port: 3306 database: user_management username: root password: password charset: utf8mb4 max_open_conns: 100 max_idle_conns: 10 cache: l1: enabled: true max_size: 10000 ttl: 5m l2: enabled: false type: redis redis: addr: localhost:6379 password: "" db: 0 pool_size: 50 ttl: 30m redis: enabled: false addr: localhost:6379 password: "" db: 0 jwt: algorithm: RS256 secret: your-secret-key-change-in-production private_key_path: "./data/jwt/private.pem" public_key_path: "./data/jwt/public.pem" private_key_pem: "" public_key_pem: "" access_token_expire: 2h refresh_token_expire: 168h # 7澶?= 168灏忔椂 security: password_min_length: 8 password_require_special: true password_require_number: true login_max_attempts: 5 login_lock_duration: 30m ratelimit: enabled: true login: enabled: true algorithm: token_bucket capacity: 5 rate: 1 window: 1m register: enabled: true algorithm: leaky_bucket capacity: 3 rate: 1 window: 1h api: enabled: true algorithm: sliding_window capacity: 1000 window: 1m monitoring: prometheus: enabled: true path: /metrics tracing: enabled: false endpoint: http://localhost:4318 service_name: user-management-system logging: level: info # debug, info, warn, error format: json # json, text output: - stdout - ./logs/app.log rotation: max_size: 100 # MB max_age: 30 # days max_backups: 10 admin: username: "" password: "" email: "" cors: enabled: true allowed_origins: - "http://localhost:3000" - "http://127.0.0.1:3000" allowed_methods: - GET - POST - PUT - DELETE - OPTIONS allowed_headers: - Authorization - Content-Type - X-Requested-With - X-CSRF-Token max_age: 3600 email: host: "" # 鐢熶骇鐜濉啓鐪熷疄 SMTP Host port: 18080 username: "" password: "" from_email: "" from_name: "鐢ㄦ埛绠$悊绯荤粺" sms: enabled: false provider: "" # aliyun, tencent锛涚暀绌鸿〃绀虹鐢ㄧ煭淇¤兘鍔? code_ttl: 5m resend_cooldown: 1m max_daily_limit: 10 aliyun: access_key_id: "" access_key_secret: "" sign_name: "" template_code: "" endpoint: "" region_id: "cn-hangzhou" code_param_name: "code" tencent: secret_id: "" secret_key: "" app_id: "" sign_name: "" template_id: "" region: "ap-guangzhou" endpoint: "" password_reset: token_ttl: 15m site_url: "http://localhost:8080" # OAuth 绀句氦鐧诲綍閰嶇疆锛堢暀绌哄垯绂佺敤瀵瑰簲 Provider锛? oauth: google: client_id: "" client_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/google/callback" wechat: app_id: "" app_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/wechat/callback" github: client_id: "" client_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/github/callback" qq: app_id: "" app_key: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/qq/callback" alipay: app_id: "" private_key: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/alipay/callback" sandbox: false douyin: client_key: "" client_secret: "" redirect_url: "http://localhost:8080/api/v1/auth/oauth/douyin/callback" # Webhook 鍏ㄥ眬閰嶇疆 webhook: enabled: true secret_header: "X-Webhook-Signature" # 绛惧悕 Header 鍚嶇О timeout_sec: 30 # 鍗曟鎶曢€掕秴鏃讹紙绉掞級 max_retries: 3 # 鏈€澶ч噸璇曟鏁? retry_backoff: "exponential" # 閫€閬跨瓥鐣ワ細exponential / fixed worker_count: 4 # 鍚庡彴鎶曢€掑崗绋嬫暟 queue_size: 1000 # 鎶曢€掗槦鍒楀ぇ灏? # IP 瀹夊叏閰嶇疆 ip_security: auto_block_enabled: true # 鏄惁鍚敤鑷姩灏佺 auto_block_duration: 30m # 鑷姩灏佺鏃堕暱 brute_force_threshold: 10 # 鏆村姏鐮磋В闃堝€硷紙绐楀彛鍐呭け璐ユ鏁帮級 detection_window: 15m # 妫€娴嬫椂闂寸獥鍙?