hyapi-server/configs/env.production.yaml

# 🏭 生产环境配置
# 只包含与默认配置不同的配置项

# ===========================================
# 🌍 环境标识
# ===========================================
app:
    env: production

# ===========================================
# 🌐 服务器配置
# ===========================================
server:
    mode: release

# ===========================================
# 🔒 CORS配置 - 生产环境
# ===========================================
development:
    enable_cors: true
    cors_allowed_origins: "http://localhost:5173,https://consoletest.haiyudata.com,https://console.haiyudata.com"
    cors_allowed_methods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
    cors_allowed_headers: "Origin,Content-Type,Accept,Authorization,X-Requested-With,Access-Id"

# ===========================================
# 🗄️ 数据库配置
# ===========================================
# 敏感信息通过外部环境变量注入
database:
    host: "hyapi-postgres-prod"
    port: "5432"
    user: "hyapi_user"
    password: "Qm8kZ3nR7pL4wT9y"
    name: "hyapi"
    sslmode: "disable"
    timezone: "Asia/Shanghai"
    max_open_conns: 25
    max_idle_conns: 10
    conn_max_lifetime: 300s
    auto_migrate: true
redis:
    host: "hyapi-redis-prod"
    port: "6379"
    password: ""
    db: 0

# ===========================================
# 🔐 JWT配置
# ===========================================
jwt:
    secret: JwT8xR4mN9vP2sL7kH3oB6yC1zA5uF0qE9tW

api:
    domain: "api.haiyudata.com"
    # 可选：对外可访问的 API 完整基址（无尾斜杠），用于企业报告 reportUrl、PDF 预生成等；不设则按 https://{domain} 推导。环境变量 API_PUBLIC_BASE_URL 优先于本项。
    # public_base_url: "https://api.haiyudata.com"
# ===========================================
# 📁 存储服务配置 - 七牛云
# ===========================================
storage:
    access_key: "AO6u6sDWi6L9TsPfr4awC7FYP85JTjt3bodZACCM"
    secret_key: "2fjxweGtSAEaUdVgDkWEmN7JbBxHBQDv1cLORb9_"
    bucket: "tianyuanapi"
    domain: "https://file.haiyudata.com"

# ===========================================
# 🔍 OCR服务配置 - 百度智能云
# ===========================================
ocr:
    api_key: "aMsrBNGUJxgcgqdm3SEdcumm"
    secret_key: "sWlv2h2AWA3aAt5bjXCkE6WeA5AzpAAD"

# ===========================================
# 📝 e签宝服务配置
# ===========================================
esign:
    app_id: "5112059455"
    app_secret: "cacdb6cfca94b74c86bcea277a978884"
    server_url: "https://openapi.esign.cn"
    template_id: "d8f5db99506f4dab893f629cb1e82497"
    contract:
        name: "海宇数据-合作协议"
        expire_days: 7
        retry_count: 3
    auth:
        org_auth_modes: ["PSN_MOBILE3"]
        default_auth_mode: "PSN_MOBILE3"
        psn_auth_modes: ["PSN_MOBILE3", "PSN_IDCARD"]
        willingness_auth_modes: ["CODE_SMS"]
        redirect_url: "https://console.haiyudata.com/certification/callback/auth"
    sign:
        auto_finish: true
        sign_field_style: 1
        client_type: "ALL"
        redirect_url: "https://console.haiyudata.com/certification/callback/sign"
# ===========================================
# 💰 支付宝支付配置
# ===========================================
alipay:
    is_production: true
    notify_url: "https://console.haiyudata.com/api/v1/finance/alipay/callback"
    return_url: "https://console.haiyudata.com/api/v1/finance/alipay/return"

# ===========================================
# 💰 钱包配置
# ===========================================
wallet:
    default_credit_limit: 50.00
    min_amount: "100.00" # 生产环境最低充值金额
    max_amount: "100000.00" # 单次最高充值金额
    recharge_bonus_enabled: false # 暂不赠送，展示商务洽谈提示
    api_store_recharge_tip: "尊敬的客户，若您的充值金额较大或有批量调价需求，为获取专属商务优惠方案，请直接联系我司商务团队进行洽谈。感谢您的支持！"
    # 支付宝充值赠送配置（recharge_bonus_enabled 为 true 时生效）
    alipay_recharge_bonus:
        - recharge_amount: 1000.00 # 充值1000元
          bonus_amount: 50.00 # 赠送50元
        - recharge_amount: 5000.00 # 充值5000元
          bonus_amount: 300.00 # 赠送300元
        - recharge_amount: 10000.00 # 充值10000元
          bonus_amount: 800.00 # 赠送800元

# ===========================================
# 🚦 频率限制配置 - 生产环境
# ===========================================
daily_ratelimit:
    max_requests_per_day: 50000 # 生产环境每日最大请求次数
    max_requests_per_ip: 5000 # 生产环境每个IP每日最大请求次数
    max_concurrent: 200 # 生产环境最大并发请求数

    # 排除频率限制的路径
    exclude_paths:
        - "/health" # 健康检查接口
        - "/metrics" # 监控指标接口

    # 排除频率限制的域名
    exclude_domains:
        - "api.*" # API二级域名不受频率限制
        - "*.api.*" # 支持多级API域名

    # 生产环境安全配置（严格限制）
    enable_ip_whitelist: false # 生产环境不启用IP白名单
    enable_ip_blacklist: true # 启用IP黑名单
    ip_blacklist: # 生产环境IP黑名单
        - "192.168.1.100" # 示例：被禁止的IP
        - "10.0.0.50" # 示例：被禁止的IP

    enable_user_agent: true # 启用User-Agent检查
    blocked_user_agents: # 被阻止的User-Agent
        - "curl" # 阻止curl请求
        - "wget" # 阻止wget请求
        - "python-requests" # 阻止Python requests
        - "LangShen" # 阻止LangShen请求

    enable_referer: true # 启用Referer检查
    allowed_referers: # 允许的Referer
        - "https://console.haiyudata.com"
        - "https://consoletest.haiyudata.com"

    enable_geo_block: false # 生产环境暂时不启用地理位置阻止
    enable_proxy_check: true # 启用代理检查

# ===========================================
# 📱 短信服务配置
# ===========================================
sms:
    # 短信服务商切换：tencent / aliyun
    provider: "aliyun"
    # 滑块验证码配置
    captcha_enabled: false # 是否启用滑块验证码
    captcha_secret: "" # 阿里云验证码密钥（可选）
    scene_id: "wynt39to" # 阿里云验证码场景ID