216 lines
4.8 KiB
YAML
216 lines
4.8 KiB
YAML
server:
|
|
port: 18080
|
|
mode: release # debug, release
|
|
read_timeout: 30s
|
|
read_header_timeout: 10s
|
|
write_timeout: 30s
|
|
idle_timeout: 60s
|
|
shutdown_timeout: 15s
|
|
max_header_bytes: 1048576
|
|
|
|
database:
|
|
type: sqlite # current runtime support: sqlite
|
|
sqlite:
|
|
path: "D:/project/docs/evidence/ops/2026-03-27/backup-restore/20260327-182059/user_management.restored.db"
|
|
postgresql:
|
|
host: localhost
|
|
port: 5432
|
|
database: user_management
|
|
username: postgres
|
|
password: ""
|
|
ssl_mode: disable
|
|
max_open_conns: 100
|
|
max_idle_conns: 10
|
|
mysql:
|
|
host: localhost
|
|
port: 3306
|
|
database: user_management
|
|
username: root
|
|
password: ""
|
|
charset: utf8mb4
|
|
max_open_conns: 100
|
|
max_idle_conns: 10
|
|
|
|
cache:
|
|
l1:
|
|
enabled: true
|
|
max_size: 10000
|
|
ttl: 5m
|
|
l2:
|
|
enabled: false
|
|
type: redis
|
|
redis:
|
|
addr: localhost:6379
|
|
password: ""
|
|
db: 0
|
|
pool_size: 50
|
|
ttl: 30m
|
|
|
|
redis:
|
|
enabled: false
|
|
addr: localhost:6379
|
|
password: ""
|
|
db: 0
|
|
|
|
jwt:
|
|
algorithm: RS256
|
|
secret: ""
|
|
private_key_path: "./data/jwt/private.pem"
|
|
public_key_path: "./data/jwt/public.pem"
|
|
private_key_pem: ""
|
|
public_key_pem: ""
|
|
access_token_expire: 2h
|
|
refresh_token_expire: 168h # 7澶?= 168灏忔椂
|
|
|
|
security:
|
|
password_min_length: 8
|
|
password_require_special: true
|
|
password_require_number: true
|
|
login_max_attempts: 5
|
|
login_lock_duration: 30m
|
|
|
|
ratelimit:
|
|
enabled: true
|
|
login:
|
|
enabled: true
|
|
algorithm: token_bucket
|
|
capacity: 5
|
|
rate: 1
|
|
window: 1m
|
|
register:
|
|
enabled: true
|
|
algorithm: leaky_bucket
|
|
capacity: 3
|
|
rate: 1
|
|
window: 1h
|
|
api:
|
|
enabled: true
|
|
algorithm: sliding_window
|
|
capacity: 1000
|
|
window: 1m
|
|
|
|
monitoring:
|
|
prometheus:
|
|
enabled: true
|
|
path: /metrics
|
|
tracing:
|
|
enabled: false
|
|
endpoint: http://localhost:4318
|
|
service_name: user-management-system
|
|
|
|
logging:
|
|
level: info # debug, info, warn, error
|
|
format: json # json, text
|
|
output:
|
|
- stdout
|
|
- ./logs/app.log
|
|
rotation:
|
|
max_size: 100 # MB
|
|
max_age: 30 # days
|
|
max_backups: 10
|
|
|
|
admin:
|
|
username: ""
|
|
password: ""
|
|
email: ""
|
|
|
|
cors:
|
|
enabled: true
|
|
allowed_origins:
|
|
- "http://localhost:3000"
|
|
- "http://127.0.0.1:3000"
|
|
allowed_methods:
|
|
- GET
|
|
- POST
|
|
- PUT
|
|
- DELETE
|
|
- OPTIONS
|
|
allowed_headers:
|
|
- Authorization
|
|
- Content-Type
|
|
- X-Requested-With
|
|
- X-CSRF-Token
|
|
max_age: 3600
|
|
|
|
email:
|
|
host: "" # 鐢熶骇鐜濉啓鐪熷疄 SMTP Host
|
|
port: 18080
|
|
username: ""
|
|
password: ""
|
|
from_email: ""
|
|
from_name: "鐢ㄦ埛绠$悊绯荤粺"
|
|
|
|
sms:
|
|
enabled: false
|
|
provider: "" # aliyun, tencent锛涚暀绌鸿〃绀虹鐢ㄧ煭淇¤兘鍔? code_ttl: 5m
|
|
resend_cooldown: 1m
|
|
max_daily_limit: 10
|
|
aliyun:
|
|
access_key_id: ""
|
|
access_key_secret: ""
|
|
sign_name: ""
|
|
template_code: ""
|
|
endpoint: ""
|
|
region_id: "cn-hangzhou"
|
|
code_param_name: "code"
|
|
tencent:
|
|
secret_id: ""
|
|
secret_key: ""
|
|
app_id: ""
|
|
sign_name: ""
|
|
template_id: ""
|
|
region: "ap-guangzhou"
|
|
endpoint: ""
|
|
|
|
password_reset:
|
|
token_ttl: 15m
|
|
site_url: "http://localhost:8080"
|
|
|
|
# OAuth 绀句氦鐧诲綍閰嶇疆锛堢暀绌哄垯绂佺敤瀵瑰簲 Provider锛?
|
|
oauth:
|
|
google:
|
|
client_id: ""
|
|
client_secret: ""
|
|
redirect_url: "http://localhost:8080/api/v1/auth/oauth/google/callback"
|
|
wechat:
|
|
app_id: ""
|
|
app_secret: ""
|
|
redirect_url: "http://localhost:8080/api/v1/auth/oauth/wechat/callback"
|
|
github:
|
|
client_id: ""
|
|
client_secret: ""
|
|
redirect_url: "http://localhost:8080/api/v1/auth/oauth/github/callback"
|
|
qq:
|
|
app_id: ""
|
|
app_key: ""
|
|
redirect_url: "http://localhost:8080/api/v1/auth/oauth/qq/callback"
|
|
alipay:
|
|
app_id: ""
|
|
private_key: ""
|
|
redirect_url: "http://localhost:8080/api/v1/auth/oauth/alipay/callback"
|
|
sandbox: false
|
|
douyin:
|
|
client_key: ""
|
|
client_secret: ""
|
|
redirect_url: "http://localhost:8080/api/v1/auth/oauth/douyin/callback"
|
|
|
|
# Webhook 鍏ㄥ眬閰嶇疆
|
|
webhook:
|
|
enabled: true
|
|
secret_header: "X-Webhook-Signature" # 绛惧悕 Header 鍚嶇О
|
|
timeout_sec: 30 # 鍗曟鎶曢€掕秴鏃讹紙绉掞級
|
|
max_retries: 3 # 鏈€澶ч噸璇曟鏁?
|
|
retry_backoff: "exponential" # 閫€閬跨瓥鐣ワ細exponential / fixed
|
|
worker_count: 4 # 鍚庡彴鎶曢€掑崗绋嬫暟
|
|
queue_size: 1000 # 鎶曢€掗槦鍒楀ぇ灏?
|
|
|
|
# IP 瀹夊叏閰嶇疆
|
|
ip_security:
|
|
auto_block_enabled: true # 鏄惁鍚敤鑷姩灏佺
|
|
auto_block_duration: 30m # 鑷姩灏佺鏃堕暱
|
|
brute_force_threshold: 10 # 鏆村姏鐮磋В闃堝€硷紙绐楀彛鍐呭け璐ユ鏁帮級
|
|
detection_window: 15m # 妫€娴嬫椂闂寸獥鍙?
|
|
|
|
|
|
|