fix: harden login for MLPS requirements
This commit is contained in:
@@ -4,6 +4,11 @@
|
||||
server:
|
||||
port: 8080
|
||||
mode: debug
|
||||
# Production should restrict this to real frontend origins.
|
||||
# Empty keeps local development CORS permissive.
|
||||
allowed_origins: []
|
||||
security_headers:
|
||||
enabled: true
|
||||
trusted_proxies:
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
@@ -162,6 +167,16 @@ jwt:
|
||||
access_ttl: 15m
|
||||
refresh_ttl: 720h
|
||||
|
||||
auth:
|
||||
login_guard:
|
||||
enabled: true
|
||||
password_cipher:
|
||||
# Empty private_key_pem generates a per-process key. Production multi-instance deployments
|
||||
# should inject the same private key through AUTH_PASSWORD_CIPHER_PRIVATE_KEY_PEM.
|
||||
enabled: true
|
||||
key_id: login-password-rsa-oaep-v1
|
||||
private_key_pem: ""
|
||||
|
||||
llm:
|
||||
provider: ark
|
||||
base_url: https://ark.cn-beijing.volces.com/api/v3
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
server:
|
||||
port: 8080
|
||||
mode: debug
|
||||
# 生产环境请配置为真实前端域名,例如 https://app.example.com。
|
||||
# 留空时沿用开发环境 CORS 放开策略。
|
||||
allowed_origins: []
|
||||
security_headers:
|
||||
enabled: true
|
||||
trusted_proxies:
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
@@ -171,6 +176,11 @@ jwt:
|
||||
auth:
|
||||
login_guard:
|
||||
enabled: true
|
||||
password_cipher:
|
||||
# 留空 private_key_pem 时会在单进程内生成临时密钥;生产多实例请通过环境变量注入同一把私钥。
|
||||
enabled: true
|
||||
key_id: login-password-rsa-oaep-v1
|
||||
private_key_pem: ""
|
||||
|
||||
log:
|
||||
level: debug,info,warn,error
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
server:
|
||||
port: 8090
|
||||
mode: debug
|
||||
# 生产环境请配置为真实运维后台域名,例如 https://ops.example.com。
|
||||
# 留空时沿用开发环境 CORS 放开策略。
|
||||
allowed_origins: []
|
||||
security_headers:
|
||||
enabled: true
|
||||
trusted_proxies:
|
||||
- 127.0.0.1
|
||||
- ::1
|
||||
@@ -43,6 +48,13 @@ jwt:
|
||||
secret: "15645415841" # 必须通过 OPS_JWT_SECRET 环境变量提供
|
||||
access_ttl: 8h
|
||||
|
||||
auth:
|
||||
password_cipher:
|
||||
# 留空 private_key_pem 时会在单进程内生成临时密钥;生产多实例请通过环境变量注入同一把私钥。
|
||||
enabled: true
|
||||
key_id: ops-password-rsa-oaep-v1
|
||||
private_key_pem: ""
|
||||
|
||||
default_admin:
|
||||
username: admin
|
||||
display_name: 系统管理员
|
||||
|
||||
Reference in New Issue
Block a user