Wang Zhuoxuan
58db7d6063
通过阿里云号码认证服务 (DYPNS) 的 SendSmsVerifyCode / CheckSmsVerifyCode 实现手机号验证码两步登录流程,验证码由阿里云生成和管理,无需服务端存储。 新增端点: - POST /v1/auth/phone/send-code (5次/分钟) - POST /v1/auth/phone 核验+登录 (10次/分钟) 新增环境变量:ALIYUN_SMS_SIGN_NAME, ALIYUN_SMS_TEMPLATE_CODE, ALIYUN_SMS_TEMPLATE_PARAM
40 lines
851 B
Plaintext
40 lines
851 B
Plaintext
# Database
|
||
DATABASE_URL=mysql://root:password@localhost:3306/duoqi
|
||
|
||
# JWT
|
||
# 生成安全密钥: openssl rand -base64 32
|
||
# 或: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
|
||
JWT_SECRET=change-me-to-a-secure-secret
|
||
JWT_EXPIRES_IN=1h
|
||
JWT_REFRESH_EXPIRES_IN=30d
|
||
|
||
# Admin
|
||
# 生成方式同 JWT_SECRET,建议与生产环境使用不同的值
|
||
ADMIN_TOKEN=change-me-admin-token
|
||
|
||
# Huawei ID Kit (Phase 1b)
|
||
HUAWEI_CLIENT_ID=
|
||
HUAWEI_CLIENT_SECRET=
|
||
|
||
# Alibaba Cloud OSS
|
||
OSS_ACCESS_KEY_ID=
|
||
OSS_ACCESS_KEY_SECRET=
|
||
OSS_BUCKET=
|
||
OSS_REGION=
|
||
|
||
# Alibaba Cloud (Phase 1e)
|
||
ALIYUN_ACCESS_KEY_ID=
|
||
ALIYUN_ACCESS_KEY_SECRET=
|
||
ALIYUN_SMS_SIGN_NAME=
|
||
ALIYUN_SMS_TEMPLATE_CODE=
|
||
# ALIYUN_SMS_TEMPLATE_PARAM={"code":"##code##"}
|
||
|
||
# Huawei IAP (Phase 1c)
|
||
HUAWEI_IAP_URL=
|
||
HUAWEI_MERCHANT_ID=
|
||
|
||
# Application
|
||
PORT=3000
|
||
NODE_ENV=development
|
||
LOG_LEVEL=info
|