server:
  port: 8080

spring:
  application:
    name: manage-gateway
  cloud:
    gateway:
      routes:
        - id: manage-app
          uri: http://localhost:8084
          predicates:
            - Path=/api/**
      default-filters:
        - name: JwtAuthentication
        - name: RbacAuthorization
        - name: Retry
          args:
            retries: 3
            statuses: BAD_GATEWAY,SERVICE_UNAVAILABLE
            methods: GET,POST
            backoff:
              firstBackoff: 10ms
              maxBackoff: 50ms
              factor: 2
              basedOnPreviousValue: false

jwt:
  secret: ${JWT_SECRET:enc:U2FsdGVkX1+vZ5Y9QmKxL8nN3rP7tW2jH4fG6dA8sB1cE5yN0zX3qV7wM4}
  expiration: ${JWT_EXPIRATION:86400000}
  key:
    encryption:
      password: ${JWT_KEY_ENCRYPTION_PASSWORD:}
    rotation:
      enabled: ${JWT_KEY_ROTATION_ENABLED:true}
      interval:
        days: ${JWT_KEY_ROTATION_INTERVAL_DAYS:30}

rate:
  limit:
    enabled: ${RATE_LIMIT_ENABLED:true}
    global:
      limit-for-period: ${RATE_LIMIT_GLOBAL_LIMIT:1000}
      limit-refresh-period: ${RATE_LIMIT_GLOBAL_PERIOD:1s}
      timeout-duration: ${RATE_LIMIT_GLOBAL_TIMEOUT:0}
    ip:
      limit-for-period: ${RATE_LIMIT_IP_LIMIT:100}
      limit-refresh-period: ${RATE_LIMIT_IP_PERIOD:1s}
      timeout-duration: ${RATE_LIMIT_IP_TIMEOUT:0}
    user:
      limit-for-period: ${RATE_LIMIT_USER_LIMIT:200}
      limit-refresh-period: ${RATE_LIMIT_USER_PERIOD:1s}
      timeout-duration: ${RATE_LIMIT_USER_TIMEOUT:0}

signature:
  enabled: ${SIGNATURE_ENABLED:true}
  secret: ${SIGNATURE_SECRET:NovalonManageSystemSecretKey2026}
  max-age-minutes: ${SIGNATURE_MAX_AGE_MINUTES:5}
  nonce-cache-size: ${SIGNATURE_NONCE_CACHE_SIZE:10000}
  whitelist:
    paths: ${SIGNATURE_WHITELIST_PATHS:/actuator/health,/actuator/info}

resilience:
  enabled: ${RESILIENCE_ENABLED:true}
  circuit-breaker:
    enabled: ${RESILIENCE_CIRCUIT_BREAKER_ENABLED:true}
    failure-rate-threshold: ${RESILIENCE_CB_FAILURE_RATE:50}
    slow-call-rate-threshold: ${RESILIENCE_CB_SLOW_CALL_RATE:100}
    slow-call-duration-threshold: ${RESILIENCE_CB_SLOW_CALL_DURATION:2s}
    permitted-number-of-calls-in-half-open-state: ${RESILIENCE_CB_HALF_OPEN_CALLS:10}
    sliding-window-type: ${RESILIENCE_CB_SLIDING_WINDOW_TYPE:COUNT_BASED}
    sliding-window-size: ${RESILIENCE_CB_SLIDING_WINDOW_SIZE:100}
    minimum-number-of-calls: ${RESILIENCE_CB_MIN_CALLS:10}
    wait-duration-in-open-state: ${RESILIENCE_CB_WAIT_DURATION:10s}
  retry:
    enabled: ${RESILIENCE_RETRY_ENABLED:true}
    max-attempts: ${RESILIENCE_RETRY_MAX_ATTEMPTS:3}
    wait-duration: ${RESILIENCE_RETRY_WAIT_DURATION:500ms}
  timeout:
    enabled: ${RESILIENCE_TIMEOUT_ENABLED:true}
    duration: ${RESILIENCE_TIMEOUT_DURATION:3s}

user:
  service:
    url: ${USER_SERVICE_URL:http://localhost:8084}

permission:
  cache:
    expiry:
      minutes: 5

management:
  endpoints:
    web:
      exposure:
        include: health,info,metrics,env,loggers,httptrace,threaddump,heapdump
      base-path: /actuator
  endpoint:
    health:
      show-details: always
      probes:
        enabled: true
      group:
        liveness:
          include: ping,livenessState
        readiness:
          include: ping,readinessState
    metrics:
      enabled: true
    env:
      enabled: true
    loggers:
      enabled: true
    httptrace:
      enabled: true
  health:
    livenessstate:
      enabled: true
    readinessstate:
      enabled: true
    circuitbreakers:
      enabled: true
    ratelimiters:
      enabled: true
  metrics:
    tags:
      application: ${spring.application.name}
    distribution:
      percentiles-histogram:
        http.server.requests: true
      percentiles:
        http.server.requests: 0.5,0.95,0.99
    web:
      server:
        request:
          autotime:
            enabled: true
            percentiles: 0.5,0.95,0.99

logging:
  level:
    cn.novalon.manage: DEBUG
    org.springframework.cloud.gateway: DEBUG