fix: harden login for MLPS requirements

This commit is contained in:
2026-05-14 11:05:20 +08:00
parent ecf3ee1ef0
commit 879677516f
39 changed files with 1230 additions and 71 deletions
+15
View File
@@ -4,6 +4,11 @@
server:
port: 8080
mode: debug
# Production should restrict this to real frontend origins.
# Empty keeps local development CORS permissive.
allowed_origins: []
security_headers:
enabled: true
trusted_proxies:
- 127.0.0.1
- ::1
@@ -162,6 +167,16 @@ jwt:
access_ttl: 15m
refresh_ttl: 720h
auth:
login_guard:
enabled: true
password_cipher:
# Empty private_key_pem generates a per-process key. Production multi-instance deployments
# should inject the same private key through AUTH_PASSWORD_CIPHER_PRIVATE_KEY_PEM.
enabled: true
key_id: login-password-rsa-oaep-v1
private_key_pem: ""
llm:
provider: ark
base_url: https://ark.cn-beijing.volces.com/api/v3