thread-master/apps/backend/etc/gateway.example.yaml

163 lines
5.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 巡樓 gateway — 可提交的設定範本。
# 複製為 gateway.yaml 後填入私有密鑰gateway.yaml 已被 .gitignore 排除。
Name: haixun-gateway
Host: 0.0.0.0
Port: 8888
# AI 產文/試產可能超過 30s過短會 503 且前端拿不到結果
Timeout: 120000
MaxBytes: 104857600
Log:
Mode: console
Level: info
# go-zero monc 快取Redis— 與 monc.MustNewModel / CacheRedis 對接
# 若 Redis 有 requirepass設 Pass 或環境變數 REDIS_PASSWORD / HAIXUN_REDIS_PASSWORD
# (沒帶密碼會 NOAUTH登入 API 回 500
CacheRedis:
- Host: 127.0.0.1:6379
Type: node
Pass: ""
# Shared key prefix for this environment and a dedicated HMAC secret for
# credential-safe AI model-cache fingerprints. Prefer env REDIS_NAMESPACE and
# AI_MODEL_CACHE_FINGERPRINT_SECRET; do not reuse JWT, Scout, or encryption keys.
Redis:
Namespace: "haixun:dev:v1"
AIModelCacheFingerprintSecret: "REPLACE_WITH_A_DEDICATED_LONG_RANDOM_SECRET"
# Mongo — mon/monc 使用完整 URI含帳密時寫在 URI可用環境變數 MONGO_URI 覆寫)
# 本機有 auth 的例子:
# export MONGO_URI='mongodb://USER:PASS@127.0.0.1:27017/?authSource=admin'
# 沒設帳密但 Mongo 開了 auth → 查詢會失敗,登入會 500 而不是「密碼錯」
Mongo:
URI: "mongodb://127.0.0.1:27017"
Database: "haixun"
Auth:
# 至少 32 bytes且不得與 RefreshSecret 相同。
AccessSecret: "REPLACE_WITH_A_LONG_RANDOM_ACCESS_SECRET"
AccessExpire: 86400
RefreshSecret: "REPLACE_WITH_A_DIFFERENT_LONG_RANDOM_REFRESH_SECRET"
RefreshExpire: 604800
# AES-256-GCM for member BYOK at rest. Generate Key with: openssl rand -base64 32
# Prefer env MEMBER_SETTINGS_ENCRYPTION_KEY_ID / MEMBER_SETTINGS_ENCRYPTION_KEY.
# Keep this key ID/key unchanged until persisted values have been migrated to a replacement.
MemberSettingsEncryption:
CurrentKeyID: "v1"
Key: "REPLACE_WITH_BASE64_32_BYTE_KEY"
# 平台預設 key所有會員可用會員在設定頁填的 BYOK 優先)
# 也可用環境變數覆寫PLATFORM_XAI_KEY / PLATFORM_OPENCODE_KEY / PLATFORM_EXA_KEY / PLATFORM_AI_KEY
Platform:
# xAIapi.x.ai— 人設 LLM、文案等
XAIKey: ""
# 相容舊名XAIKey 空時會用 AIKey
AIKey: ""
# OpenCode Goopencode.ai/zen/go
OpenCodeKey: ""
# Exa 網搜
ExaKey: ""
ThreadsAppId: ""
ThreadsAppSecret: ""
Scout:
# Dedicated encryption key for Chrome storage state; do not reuse JWT keys.
SessionSecret: "REPLACE_WITH_A_DEDICATED_SCOUT_SESSION_SECRET"
# Private Playwright crawler service, called only by cmd/worker in dev_mode.
CrawlerEndpoint: ""
CrawlerToken: ""
Worker:
# 留空時 worker 會用 hostname + pid 產生唯一 owner id多 worker 不可共用固定值。
ID: ""
PollIntervalMs: 2000
# 僅 cmd/seeder 使用gateway/worker 不會讀取或寫入 log。
Seed:
AdminPassword: "REPLACE_WITH_A_STRONG_SEED_ADMIN_PASSWORD"
Bcrypt:
Cost: 10
# OAuth未設定 provider 時相關 API 明確拒絕,不提供 mock 路徑)
OAuth:
GoogleClientID: ""
LineClientID: ""
LineClientSecret: ""
LineRedirectURI: ""
# Prefer STRIPE_* environment variables. Disabled/missing configuration never
# blocks startup; Stripe-dependent billing operations explicitly return 503.
Stripe:
Enabled: false
SecretKey: ""
WebhookSecret: ""
StarterPriceID: ""
ProPriceID: ""
SuccessURL: ""
CancelURL: ""
PortalReturnURL: ""
# 驗證碼/重設密碼寄信
#
# 本機MailpitMailgun 相容 SMTP 介面):
# Host: 127.0.0.1 Port: 1025 User/Password 可空
# UI: http://127.0.0.1:8025
# 容器old/infra docker-compose 的 mailpit 服務
#
# 正式 Mailgun SMTP 例:
# Host: smtp.mailgun.org Port: 587
# User: postmaster@YOUR_DOMAIN Password: <API SMTP password>
# DevExposeCode: false試產
#
# env 覆寫MAIL_SMTP_* 或 HAIXUN_SMTP_*(舊名相容)
Mail:
Sender: "Harbor Desk <noreply@haixun.local>"
SMTP:
Host: "127.0.0.1"
Port: 1025
User: ""
Password: ""
# 不再於 API 回傳驗證碼碼只在郵件MailpitSMTP
DevExposeCode: false
# 前端 origin重設信連結 + 預設 logo URL/brand-mark.jpg
# 遠端 devhttps://threads-tool-dev.30cm.net
PublicWebBase: "https://threads-tool-dev.30cm.net"
# 瀏覽器直連 gateway 時的 allowlist同源 proxy 不需要列在此處。
# CORS_ALLOWED_ORIGINS 可用逗號附加額外的明確 origin不能使用 *。
CORSAllowedOrigins:
- "https://threads-tool-dev.30cm.net"
- "http://127.0.0.1:5173"
- "http://localhost:5173"
# 郵件品牌hermes 模板LogoURL 空 = PublicWebBase/brand-mark.jpg
Brand:
Name: "Harbor Desk"
LogoURL: ""
Copyright: "© Harbor Desk"
# 物件儲存(頭像等)— **只接 MinIO/S3**
#
# Endpoint = gateway 上傳用(本機 MinIO一定要 :9000
# PublicBaseURL = 瀏覽器讀圖用(走 nginx :80不要寫 port、不要加 /bucket
# 成品網址 = PublicBaseURL + "/" + key
# 例http://10.0.0.5/haixun-assets/avatar/1000000/xxx.png
#
# Secret 建議用 env不要 commit
# export HAIXUN_STORAGE_S3_ACCESS_KEY=haixun
# export HAIXUN_STORAGE_S3_SECRET_KEY='你的密碼'
# 或 MINIO_ROOT_USER / MINIO_ROOT_PASSWORDApplyEnv 會讀)
ObjectStorage:
Endpoint: "http://127.0.0.1:9000"
Region: "us-east-1"
Bucket: "haixun-assets"
AccessKey: "haixun"
SecretKey: ""
UsePathStyle: true
# env HAIXUN_STORAGE_S3_PUBLIC_BASE_URL 會覆寫;勿用 /api/v1/public/assets新後端無此 route
PublicBaseURL: "https://threads-tool-dev.30cm.net/haixun-assets"