fix: harden login for MLPS requirements

This commit is contained in:
2026-05-14 11:05:20 +08:00
parent ecf3ee1ef0
commit 879677516f
39 changed files with 1230 additions and 71 deletions
+10
View File
@@ -1,6 +1,11 @@
server:
port: 8080
mode: debug
# 生产环境请配置为真实前端域名,例如 https://app.example.com。
# 留空时沿用开发环境 CORS 放开策略。
allowed_origins: []
security_headers:
enabled: true
trusted_proxies:
- 127.0.0.1
- ::1
@@ -171,6 +176,11 @@ jwt:
auth:
login_guard:
enabled: true
password_cipher:
# 留空 private_key_pem 时会在单进程内生成临时密钥;生产多实例请通过环境变量注入同一把私钥。
enabled: true
key_id: login-password-rsa-oaep-v1
private_key_pem: ""
log:
level: debug,info,warn,error