5eeb37389b
Replace known development JWT secret placeholders with an ephemeral runtime secret during config loading. Return LoadInfo so startup can warn when token persistence depends on a stable configured secret. Update config docs and tests for default, legacy placeholder, custom, env, and empty secret behavior.
36 lines
817 B
YAML
36 lines
817 B
YAML
server:
|
|
host: 0.0.0.0
|
|
port: 10086
|
|
|
|
database:
|
|
driver: sqlite3
|
|
sqlite:
|
|
path: data/mygo.db
|
|
postgres:
|
|
host: localhost
|
|
port: 5432
|
|
user: mygo
|
|
password: mygo
|
|
dbname: mygo
|
|
sslmode: disable
|
|
|
|
storage:
|
|
driver: local
|
|
local:
|
|
path: data/files
|
|
|
|
# Max upload file size in bytes. 0 = unlimited
|
|
max_upload_size: 104857600 # 100 MB
|
|
|
|
log:
|
|
level: info # terminal: debug, info, warn, error
|
|
file_path: "" # empty = no file logging
|
|
file_level: debug # file: debug, info, warn, error
|
|
|
|
jwt:
|
|
# Development placeholder. MyGO replaces this with an ephemeral runtime
|
|
# secret at startup; set a stable value for production.
|
|
secret: dev-secret-do-not-use-in-production
|
|
access_ttl: 15m
|
|
refresh_ttl: 168h
|