217 lines
4.6 KiB
YAML
217 lines
4.6 KiB
YAML
server:
|
||
port: 18088
|
||
mode: release # debug, release
|
||
read_timeout: 30s
|
||
read_header_timeout: 10s
|
||
write_timeout: 30s
|
||
idle_timeout: 60s
|
||
shutdown_timeout: 15s
|
||
max_header_bytes: 1048576
|
||
|
||
database:
|
||
type: sqlite # current runtime support: sqlite
|
||
sqlite:
|
||
path: "D:/project/docs/evidence/ops/2026-03-24/secret-boundary/20260324-104122/user_management.secret-boundary.db"
|
||
postgresql:
|
||
host: localhost
|
||
port: 5432
|
||
database: user_management
|
||
username: postgres
|
||
password: ""
|
||
ssl_mode: disable
|
||
max_open_conns: 100
|
||
max_idle_conns: 10
|
||
mysql:
|
||
host: localhost
|
||
port: 3306
|
||
database: user_management
|
||
username: root
|
||
password: ""
|
||
charset: utf8mb4
|
||
max_open_conns: 100
|
||
max_idle_conns: 10
|
||
|
||
cache:
|
||
l1:
|
||
enabled: true
|
||
max_size: 10000
|
||
ttl: 5m
|
||
l2:
|
||
enabled: false
|
||
type: redis
|
||
redis:
|
||
addr: localhost:6379
|
||
password: ""
|
||
db: 0
|
||
pool_size: 50
|
||
ttl: 30m
|
||
|
||
redis:
|
||
enabled: false
|
||
addr: localhost:6379
|
||
password: ""
|
||
db: 0
|
||
|
||
jwt:
|
||
algorithm: RS256
|
||
secret: ""
|
||
private_key_path: "./data/jwt/private.pem"
|
||
public_key_path: "./data/jwt/public.pem"
|
||
private_key_pem: ""
|
||
public_key_pem: ""
|
||
access_token_expire: 2h
|
||
refresh_token_expire: 168h # 7天 = 168小时
|
||
|
||
security:
|
||
password_min_length: 8
|
||
password_require_special: true
|
||
password_require_number: true
|
||
login_max_attempts: 5
|
||
login_lock_duration: 30m
|
||
|
||
ratelimit:
|
||
enabled: true
|
||
login:
|
||
enabled: true
|
||
algorithm: token_bucket
|
||
capacity: 5
|
||
rate: 1
|
||
window: 1m
|
||
register:
|
||
enabled: true
|
||
algorithm: leaky_bucket
|
||
capacity: 3
|
||
rate: 1
|
||
window: 1h
|
||
api:
|
||
enabled: true
|
||
algorithm: sliding_window
|
||
capacity: 1000
|
||
window: 1m
|
||
|
||
monitoring:
|
||
prometheus:
|
||
enabled: true
|
||
path: /metrics
|
||
tracing:
|
||
enabled: false
|
||
endpoint: http://localhost:4318
|
||
service_name: user-management-system
|
||
|
||
logging:
|
||
level: info # debug, info, warn, error
|
||
format: json # json, text
|
||
output:
|
||
- stdout
|
||
- ./logs/app.log
|
||
rotation:
|
||
max_size: 100 # MB
|
||
max_age: 30 # days
|
||
max_backups: 10
|
||
|
||
admin:
|
||
username: ""
|
||
password: ""
|
||
email: ""
|
||
|
||
cors:
|
||
enabled: true
|
||
allowed_origins:
|
||
- "http://localhost:3000"
|
||
- "http://127.0.0.1:3000"
|
||
allowed_methods:
|
||
- GET
|
||
- POST
|
||
- PUT
|
||
- DELETE
|
||
- OPTIONS
|
||
allowed_headers:
|
||
- Authorization
|
||
- Content-Type
|
||
- X-Requested-With
|
||
- X-CSRF-Token
|
||
max_age: 3600
|
||
|
||
email:
|
||
host: "" # 生产环境填写真实 SMTP Host
|
||
port: 18088
|
||
username: ""
|
||
password: ""
|
||
from_email: ""
|
||
from_name: "用户管理系统"
|
||
|
||
sms:
|
||
enabled: false
|
||
provider: "" # aliyun, tencent;留空表示禁用短信能力
|
||
code_ttl: 5m
|
||
resend_cooldown: 1m
|
||
max_daily_limit: 10
|
||
aliyun:
|
||
access_key_id: ""
|
||
access_key_secret: ""
|
||
sign_name: ""
|
||
template_code: ""
|
||
endpoint: ""
|
||
region_id: "cn-hangzhou"
|
||
code_param_name: "code"
|
||
tencent:
|
||
secret_id: ""
|
||
secret_key: ""
|
||
app_id: ""
|
||
sign_name: ""
|
||
template_id: ""
|
||
region: "ap-guangzhou"
|
||
endpoint: ""
|
||
|
||
password_reset:
|
||
token_ttl: 15m
|
||
site_url: "http://localhost:8080"
|
||
|
||
# OAuth 社交登录配置(留空则禁用对应 Provider)
|
||
oauth:
|
||
google:
|
||
client_id: ""
|
||
client_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/google/callback"
|
||
wechat:
|
||
app_id: ""
|
||
app_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/wechat/callback"
|
||
github:
|
||
client_id: ""
|
||
client_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/github/callback"
|
||
qq:
|
||
app_id: ""
|
||
app_key: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/qq/callback"
|
||
alipay:
|
||
app_id: ""
|
||
private_key: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/alipay/callback"
|
||
sandbox: false
|
||
douyin:
|
||
client_key: ""
|
||
client_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/douyin/callback"
|
||
|
||
# Webhook 全局配置
|
||
webhook:
|
||
enabled: true
|
||
secret_header: "X-Webhook-Signature" # 签名 Header 名称
|
||
timeout_sec: 30 # 单次投递超时(秒)
|
||
max_retries: 3 # 最大重试次数
|
||
retry_backoff: "exponential" # 退避策略:exponential / fixed
|
||
worker_count: 4 # 后台投递协程数
|
||
queue_size: 1000 # 投递队列大小
|
||
|
||
# IP 安全配置
|
||
ip_security:
|
||
auto_block_enabled: true # 是否启用自动封禁
|
||
auto_block_duration: 30m # 自动封禁时长
|
||
brute_force_threshold: 10 # 暴力破解阈值(窗口内失败次数)
|
||
detection_window: 15m # 检测时间窗口
|
||
|
||
|
||
|