213 lines
4.5 KiB
YAML
213 lines
4.5 KiB
YAML
server:
|
||
port: 8080
|
||
mode: release # debug, release
|
||
read_timeout: 30
|
||
read_header_timeout: 10
|
||
write_timeout: 30
|
||
idle_timeout: 60
|
||
shutdown_timeout: 15
|
||
max_header_bytes: 1048576
|
||
|
||
database:
|
||
type: sqlite # current runtime support: sqlite
|
||
sqlite:
|
||
path: ./data/user_management.db
|
||
postgresql:
|
||
host: localhost
|
||
port: 5432
|
||
database: user_management
|
||
username: postgres
|
||
password: ""
|
||
ssl_mode: disable
|
||
max_open_conns: 100
|
||
max_idle_conns: 10
|
||
mysql:
|
||
host: localhost
|
||
port: 3306
|
||
database: user_management
|
||
username: root
|
||
password: ""
|
||
charset: utf8mb4
|
||
max_open_conns: 100
|
||
max_idle_conns: 10
|
||
|
||
cache:
|
||
l1:
|
||
enabled: true
|
||
max_size: 10000
|
||
ttl: 5m
|
||
l2:
|
||
enabled: false
|
||
type: redis
|
||
redis:
|
||
addr: localhost:6379
|
||
password: ""
|
||
db: 0
|
||
pool_size: 50
|
||
ttl: 30m
|
||
|
||
redis:
|
||
enabled: false
|
||
addr: localhost:6379
|
||
password: ""
|
||
db: 0
|
||
|
||
jwt:
|
||
algorithm: HS256 # debug mode 使用 HS256
|
||
secret: "change-me-in-production-use-at-least-32-bytes-secret"
|
||
access_token_expire_minutes: 120 # 2小时
|
||
refresh_token_expire_days: 7 # 7天
|
||
|
||
security:
|
||
password_min_length: 8
|
||
password_require_special: true
|
||
password_require_number: true
|
||
login_max_attempts: 5
|
||
login_lock_duration: 30m
|
||
|
||
ratelimit:
|
||
enabled: true
|
||
login:
|
||
enabled: true
|
||
algorithm: token_bucket
|
||
capacity: 5
|
||
rate: 1
|
||
window: 1m
|
||
register:
|
||
enabled: true
|
||
algorithm: leaky_bucket
|
||
capacity: 3
|
||
rate: 1
|
||
window: 1h
|
||
api:
|
||
enabled: true
|
||
algorithm: sliding_window
|
||
capacity: 1000
|
||
window: 1m
|
||
|
||
monitoring:
|
||
prometheus:
|
||
enabled: true
|
||
path: /metrics
|
||
tracing:
|
||
enabled: false
|
||
endpoint: http://localhost:4318
|
||
service_name: user-management-system
|
||
|
||
logging:
|
||
level: info # debug, info, warn, error
|
||
format: json # json, text
|
||
output:
|
||
- stdout
|
||
- ./logs/app.log
|
||
rotation:
|
||
max_size: 100 # MB
|
||
max_age: 30 # days
|
||
max_backups: 10
|
||
|
||
admin:
|
||
username: ""
|
||
password: ""
|
||
email: ""
|
||
|
||
cors:
|
||
enabled: true
|
||
allowed_origins:
|
||
- "http://localhost:3000"
|
||
- "http://127.0.0.1:3000"
|
||
allowed_methods:
|
||
- GET
|
||
- POST
|
||
- PUT
|
||
- DELETE
|
||
- OPTIONS
|
||
allowed_headers:
|
||
- Authorization
|
||
- Content-Type
|
||
- X-Requested-With
|
||
- X-CSRF-Token
|
||
allow_credentials: true
|
||
max_age: 3600
|
||
|
||
email:
|
||
host: "" # 生产环境填写真实 SMTP Host
|
||
port: 587
|
||
username: ""
|
||
password: ""
|
||
from_email: ""
|
||
from_name: "用户管理系统"
|
||
|
||
sms:
|
||
enabled: false
|
||
provider: "" # aliyun, tencent;留空表示禁用短信能力
|
||
code_ttl: 5m
|
||
resend_cooldown: 1m
|
||
max_daily_limit: 10
|
||
aliyun:
|
||
access_key_id: ""
|
||
access_key_secret: ""
|
||
sign_name: ""
|
||
template_code: ""
|
||
endpoint: ""
|
||
region_id: "cn-hangzhou"
|
||
code_param_name: "code"
|
||
tencent:
|
||
secret_id: ""
|
||
secret_key: ""
|
||
app_id: ""
|
||
sign_name: ""
|
||
template_id: ""
|
||
region: "ap-guangzhou"
|
||
endpoint: ""
|
||
|
||
password_reset:
|
||
token_ttl: 15m
|
||
site_url: "http://localhost:8080"
|
||
|
||
# OAuth 社交登录配置(留空则禁用对应 Provider)
|
||
oauth:
|
||
google:
|
||
client_id: ""
|
||
client_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/google/callback"
|
||
wechat:
|
||
app_id: ""
|
||
app_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/wechat/callback"
|
||
github:
|
||
client_id: ""
|
||
client_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/github/callback"
|
||
qq:
|
||
app_id: ""
|
||
app_key: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/qq/callback"
|
||
alipay:
|
||
app_id: ""
|
||
private_key: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/alipay/callback"
|
||
sandbox: false
|
||
douyin:
|
||
client_key: ""
|
||
client_secret: ""
|
||
redirect_url: "http://localhost:8080/api/v1/auth/oauth/douyin/callback"
|
||
|
||
# Webhook 全局配置
|
||
webhook:
|
||
enabled: true
|
||
secret_header: "X-Webhook-Signature" # 签名 Header 名称
|
||
timeout_sec: 30 # 单次投递超时(秒)
|
||
max_retries: 3 # 最大重试次数
|
||
retry_backoff: "exponential" # 退避策略:exponential / fixed
|
||
worker_count: 4 # 后台投递协程数
|
||
queue_size: 1000 # 投递队列大小
|
||
|
||
# IP 安全配置
|
||
ip_security:
|
||
auto_block_enabled: true # 是否启用自动封禁
|
||
auto_block_duration: 30m # 自动封禁时长
|
||
brute_force_threshold: 10 # 暴力破解阈值(窗口内失败次数)
|
||
detection_window: 15m # 检测时间窗口
|
||
|
||
|