-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.yaml.example
More file actions
46 lines (42 loc) · 1.95 KB
/
Copy pathconfig.yaml.example
File metadata and controls
46 lines (42 loc) · 1.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
server:
port: ":8000"
gin_log: true
external_url: "http://127.0.0.1:8000" # 生产环境部署时必须配置为外部可访问的基准域名(如 http://code.cndev.net,含协议,末尾无斜杠)
auth:
jwt_secret: "YOUR_JWT_SECRET_KEY_HERE" # Unified shared secret, should be updated for production
password_login_enabled: true
# ── OAuth2 / OIDC 单点登录配置 (SSO) ──
oauth2:
enabled: false # 是否启用 OAuth2 / OIDC 单点登录
client_id: "code-bench" # 在 OAuth2 Provider 中注册的 Client ID
client_secret: "" # Client Secret
auth_url: "https://sso.yourcompany.com/realms/main/protocol/openid-connect/auth" # Authorization Endpoint
token_url: "https://sso.yourcompany.com/realms/main/protocol/openid-connect/token" # Token Endpoint
userinfo_url: "https://sso.yourcompany.com/realms/main/protocol/openid-connect/userinfo" # UserInfo Endpoint
redirect_url: "" # 回调地址(留空则自动推导为 <external_url>/api/oauth2/callback)
scopes:
- "openid"
- "profile"
- "email"
admin_list:
- "admin@yourcompany.com" # 管理员邮箱列表,匹配到的用户会自动同步为管理员
allowed_email_domains: # 允许通过 SSO 登录的邮箱后缀白名单,留空表示不限制域名限制
- "@microsoft.com"
- "@apple.com"
# ── 用户信息字段映射 ──
field_mapping:
username: "preferred_username"
email: "email"
name: "name"
employee_id: "employee_id"
unique_id: "unique_id"
employee_type: "employee_type"
dept_api_url: "" # 部门信息同步 API 地址(可选)
sync:
targets:
- "http://127.0.0.1:8080"
repo_detail_url: "http://192.168.56.18:8080/api/external/project-id"
gateways:
shield: "http://127.0.0.1:8080"
proto: "http://127.0.0.1:8081"
pipeline: "http://127.0.0.1:8082"