yinghuoapi/config.yaml

# Sub2API Configuration File
# Sub2API 配置文件
#
# Copy this file to /etc/sub2api/config.yaml and modify as needed
# 复制此文件到 /etc/sub2api/config.yaml 并根据需要修改
#
# Documentation / 文档: https://github.com/Wei-Shaw/sub2api

# =============================================================================
# Server Configuration
# 服务器配置
# =============================================================================
server:
  # Bind address (0.0.0.0 for all interfaces)
  # 绑定地址（0.0.0.0 表示监听所有网络接口）
  host: "0.0.0.0"
  # Port to listen on
  # 监听端口
  port: 8080
  # Mode: "debug" for development, "release" for production
  # 运行模式："debug" 用于开发，"release" 用于生产环境
  mode: "release"
  # Trusted proxies for X-Forwarded-For parsing (CIDR/IP). Empty disables trusted proxies.
  # 信任的代理地址（CIDR/IP 格式），用于解析 X-Forwarded-For 头。留空则禁用代理信任。
  trusted_proxies: []

# =============================================================================
# Run Mode Configuration
# 运行模式配置
# =============================================================================
# Run mode: "standard" (default) or "simple" (for internal use)
# 运行模式："standard"（默认）或 "simple"（内部使用）
# - standard: Full SaaS features with billing/balance checks
# - standard: 完整 SaaS 功能，包含计费和余额校验
# - simple: Hides SaaS features and skips billing/balance checks
# - simple: 隐藏 SaaS 功能，跳过计费和余额校验
run_mode: "standard"

# =============================================================================
# CORS Configuration
# 跨域资源共享 (CORS) 配置
# =============================================================================
cors:
  # Allowed origins list. Leave empty to disable cross-origin requests.
  # 允许的来源列表。留空则禁用跨域请求。
  allowed_origins: []
  # Allow credentials (cookies/authorization headers). Cannot be used with "*".
  # 允许携带凭证（cookies/授权头）。不能与 "*" 通配符同时使用。
  allow_credentials: true

# =============================================================================
# Security Configuration
# 安全配置
# =============================================================================
security:
  url_allowlist:
    # Enable URL allowlist validation (disable to skip all URL checks)
    # 启用 URL 白名单验证（禁用则跳过所有 URL 检查）
    enabled: false
    # Allowed upstream hosts for API proxying
    # 允许代理的上游 API 主机列表
    upstream_hosts:
      - "api.openai.com"
      - "api.anthropic.com"
      - "api.kimi.com"
      - "open.bigmodel.cn"
      - "api.minimaxi.com"
      - "generativelanguage.googleapis.com"
      - "cloudcode-pa.googleapis.com"
      - "*.openai.azure.com"
    # Allowed hosts for pricing data download
    # 允许下载定价数据的主机列表
    pricing_hosts:
      - "raw.githubusercontent.com"
    # Allowed hosts for CRS sync (required when using CRS sync)
    # 允许 CRS 同步的主机列表（使用 CRS 同步功能时必须配置）
    crs_hosts: []
    # Allow localhost/private IPs for upstream/pricing/CRS (use only in trusted networks)
    # 允许本地/私有 IP 地址用于上游/定价/CRS（仅在可信网络中使用）
    allow_private_hosts: true
    # Allow http:// URLs when allowlist is disabled (default: false, require https)
    # 白名单禁用时是否允许 http:// URL（默认: false，要求 https）
    allow_insecure_http: true
  response_headers:
    # Enable configurable response header filtering (disable to use default allowlist)
    # 启用可配置的响应头过滤（禁用则使用默认白名单）
    enabled: false
    # Extra allowed response headers from upstream
    # 额外允许的上游响应头
    additional_allowed: []
    # Force-remove response headers from upstream
    # 强制移除的上游响应头
    force_remove: []
  csp:
    # Enable Content-Security-Policy header
    # 启用内容安全策略 (CSP) 响应头
    enabled: true
    # Default CSP policy (override if you host assets on other domains)
    # 默认 CSP 策略（如果静态资源托管在其他域名，请自行覆盖）
    policy: "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"
  proxy_probe:
    # Allow skipping TLS verification for proxy probe (debug only)
    # 允许代理探测时跳过 TLS 证书验证（仅用于调试）
    insecure_skip_verify: false

# =============================================================================
# Gateway Configuration
# 网关配置
# =============================================================================
gateway:
  # Timeout for waiting upstream response headers (seconds)
  # 等待上游响应头超时时间（秒）
  response_header_timeout: 600
  # Max request body size in bytes (default: 100MB)
  # 请求体最大字节数（默认 100MB）
  max_body_size: 104857600
  # Connection pool isolation strategy:
  # 连接池隔离策略：
  # - proxy: Isolate by proxy, same proxy shares connection pool (suitable for few proxies, many accounts)
  # - proxy: 按代理隔离，同一代理共享连接池（适合代理少、账户多）
  # - account: Isolate by account, same account shares connection pool (suitable for few accounts, strict isolation)
  # - account: 按账户隔离，同一账户共享连接池（适合账户少、需严格隔离）
  # - account_proxy: Isolate by account+proxy combination (default, finest granularity)
  # - account_proxy: 按账户+代理组合隔离（默认，最细粒度）
  connection_pool_isolation: "account_proxy"
  # HTTP upstream connection pool settings (HTTP/2 + multi-proxy scenario defaults)
  # HTTP 上游连接池配置（HTTP/2 + 多代理场景默认值）
  # Max idle connections across all hosts
  # 所有主机的最大空闲连接数
  max_idle_conns: 240
  # Max idle connections per host
  # 每个主机的最大空闲连接数
  max_idle_conns_per_host: 120
  # Max connections per host
  # 每个主机的最大连接数
  max_conns_per_host: 240
  # Idle connection timeout (seconds)
  # 空闲连接超时时间（秒）
  idle_conn_timeout_seconds: 90
  # Upstream client cache settings
  # 上游连接池客户端缓存配置
  # max_upstream_clients: Max cached clients, evicts least recently used when exceeded
  # max_upstream_clients: 最大缓存客户端数量，超出后淘汰最久未使用的
  max_upstream_clients: 5000
  # client_idle_ttl_seconds: Client idle reclaim threshold (seconds), reclaimed when idle and no active requests
  # client_idle_ttl_seconds: 客户端空闲回收阈值（秒），超时且无活跃请求时回收
  client_idle_ttl_seconds: 900
  # Concurrency slot expiration time (minutes)
  # 并发槽位过期时间（分钟）
  concurrency_slot_ttl_minutes: 30
  # Stream data interval timeout (seconds), 0=disable
  # 流数据间隔超时（秒），0=禁用
  stream_data_interval_timeout: 180
  # Stream keepalive interval (seconds), 0=disable
  # 流式 keepalive 间隔（秒），0=禁用
  stream_keepalive_interval: 10
  # SSE max line size in bytes (default: 40MB)
  # SSE 单行最大字节数（默认 40MB）
  max_line_size: 41943040
  # Log upstream error response body summary (safe/truncated; does not log request content)
  # 记录上游错误响应体摘要（安全/截断；不记录请求内容）
  log_upstream_error_body: true
  # Max bytes to log from upstream error body
  # 记录上游错误响应体的最大字节数
  log_upstream_error_body_max_bytes: 2048
  # Auto inject anthropic-beta header for API-key accounts when needed (default: off)
  # 需要时自动为 API-key 账户注入 anthropic-beta 头（默认：关闭）
  inject_beta_for_apikey: false
  # Allow failover on selected 400 errors (default: off)
  # 允许在特定 400 错误时进行故障转移（默认：关闭）
  failover_on_400: false

# =============================================================================
# API Key Auth Cache Configuration
# API Key 认证缓存配置
# =============================================================================
api_key_auth_cache:
  # L1 cache size (entries), in-process LRU/TTL cache
  # L1 缓存容量（条目数），进程内 LRU/TTL 缓存
  l1_size: 65535
  # L1 cache TTL (seconds)
  # L1 缓存 TTL（秒）
  l1_ttl_seconds: 15
  # L2 cache TTL (seconds), stored in Redis
  # L2 缓存 TTL（秒），Redis 中存储
  l2_ttl_seconds: 300
  # Negative cache TTL (seconds)
  # 负缓存 TTL（秒）
  negative_ttl_seconds: 30
  # TTL jitter percent (0-100)
  # TTL 抖动百分比（0-100）
  jitter_percent: 10
  # Enable singleflight for cache misses
  # 缓存未命中时启用 singleflight 合并回源
  singleflight: true

# =============================================================================
# Dashboard Cache Configuration
# 仪表盘缓存配置
# =============================================================================
dashboard_cache:
  # Enable dashboard cache
  # 启用仪表盘缓存
  enabled: true
  # Redis key prefix for multi-environment isolation
  # Redis key 前缀，用于多环境隔离
  key_prefix: "sub2api:"
  # Fresh TTL (seconds); within this window cached stats are considered fresh
  # 新鲜阈值（秒）；命中后处于该窗口视为新鲜数据
  stats_fresh_ttl_seconds: 15
  # Cache TTL (seconds) stored in Redis
  # Redis 缓存 TTL（秒）
  stats_ttl_seconds: 30
  # Async refresh timeout (seconds)
  # 异步刷新超时（秒）
  stats_refresh_timeout_seconds: 30

# =============================================================================
# Dashboard Aggregation Configuration
# 仪表盘预聚合配置（重启生效）
# =============================================================================
dashboard_aggregation:
  # Enable aggregation job
  # 启用聚合作业
  enabled: true
  # Refresh interval (seconds)
  # 刷新间隔（秒）
  interval_seconds: 60
  # Lookback window (seconds) for late-arriving data
  # 回看窗口（秒），处理迟到数据
  lookback_seconds: 120
  # Allow manual backfill
  # 允许手动回填
  backfill_enabled: false
  # Backfill max range (days)
  # 回填最大跨度（天）
  backfill_max_days: 31
  # Recompute recent N days on startup
  # 启动时重算最近 N 天
  recompute_days: 2
  # Retention windows (days)
  # 保留窗口（天）
  retention:
    # Raw usage_logs retention
    # 原始 usage_logs 保留天数
    usage_logs_days: 90
    # Hourly aggregation retention
    # 小时聚合保留天数
    hourly_days: 180
    # Daily aggregation retention
    # 日聚合保留天数
    daily_days: 730

# =============================================================================
# Usage Cleanup Task Configuration
# 使用记录清理任务配置（重启生效）
# =============================================================================
usage_cleanup:
  # Enable cleanup task worker
  # 启用清理任务执行器
  enabled: true
  # Max date range (days) per task
  # 单次任务最大时间跨度（天）
  max_range_days: 31
  # Batch delete size
  # 单批删除数量
  batch_size: 5000
  # Worker interval (seconds)
  # 执行器轮询间隔（秒）
  worker_interval_seconds: 10
  # Task execution timeout (seconds)
  # 单次任务最大执行时长（秒）
  task_timeout_seconds: 1800

# =============================================================================
# Concurrency Wait Configuration
# 并发等待配置
# =============================================================================
concurrency:
  # SSE ping interval during concurrency wait (seconds)
  # 并发等待期间的 SSE ping 间隔（秒）
  ping_interval: 10

# =============================================================================
# Database Configuration (PostgreSQL)
# 数据库配置 (PostgreSQL)
# =============================================================================
database:
  # Database host address
  # 数据库主机地址
  host: "localhost"
  # Database port
  # 数据库端口
  port: 5432
  # Database username
  # 数据库用户名
  user: "postgres"
  # Database password
  # 数据库密码
  password: "your_secure_password_here"
  # Database name
  # 数据库名称
  dbname: "sub2api"
  # SSL mode: disable, require, verify-ca, verify-full
  # SSL 模式：disable（禁用）, require（要求）, verify-ca（验证CA）, verify-full（完全验证）
  sslmode: "disable"

# =============================================================================
# Redis Configuration
# Redis 配置
# =============================================================================
redis:
  # Redis host address
  # Redis 主机地址
  host: "localhost"
  # Redis port
  # Redis 端口
  port: 6379
  # Redis password (leave empty if no password is set)
  # Redis 密码（如果未设置密码则留空）
  password: ""
  # Database number (0-15)
  # 数据库编号（0-15）
  db: 0
  # Enable TLS/SSL connection
  # 是否启用 TLS/SSL 连接
  enable_tls: false

# =============================================================================
# Ops Monitoring (Optional)
# 运维监控 (可选)
# =============================================================================
ops:
  # Hard switch: disable all ops background jobs and APIs when false
  # 硬开关：为 false 时禁用所有 Ops 后台任务与接口
  enabled: true

  # Prefer pre-aggregated tables (ops_metrics_hourly/ops_metrics_daily) for long-window dashboard queries.
  # 优先使用预聚合表（用于长时间窗口查询性能）
  use_preaggregated_tables: false

  # Data cleanup configuration
  # 数据清理配置（vNext 默认统一保留 30 天）
  cleanup:
    enabled: true
    # Cron expression (minute hour dom month dow), e.g. "0 2 * * *" = daily at 2 AM
    # Cron 表达式（分 时 日 月 周），例如 "0 2 * * *" = 每天凌晨 2 点
    schedule: "0 2 * * *"
    error_log_retention_days: 30
    minute_metrics_retention_days: 30
    hourly_metrics_retention_days: 30

  # Pre-aggregation configuration
  # 预聚合任务配置
  aggregation:
    enabled: true

  # OpsMetricsCollector Redis cache (reduces duplicate expensive window aggregation in multi-replica deployments)
  # 指标采集 Redis 缓存（多副本部署时减少重复计算）
  metrics_collector_cache:
    enabled: true
    ttl: 65s

# =============================================================================
# JWT Configuration
# JWT 配置
# =============================================================================
jwt:
  # IMPORTANT: Change this to a random string in production!
  # 重要：生产环境中请更改为随机字符串！
  # Generate with / 生成命令: openssl rand -hex 32
  secret: "change-this-to-a-secure-random-string"
  # Token expiration time in hours (max 24)
  # 令牌过期时间（小时，最大 24）
  expire_hour: 24

# =============================================================================
# Default Settings
# 默认设置
# =============================================================================
default:
  # Initial admin account (created on first run)
  # 初始管理员账户（首次运行时创建）
  admin_email: "admin@example.com"
  admin_password: "admin123"

  # Default settings for new users
  # 新用户默认设置
  # Max concurrent requests per user
  # 每用户最大并发请求数
  user_concurrency: 5
  # Initial balance for new users
  # 新用户初始余额
  user_balance: 0

  # API key settings
  # API 密钥设置
  # Prefix for generated API keys
  # 生成的 API 密钥前缀
  api_key_prefix: "sk-"

  # Rate multiplier (affects billing calculation)
  # 费率倍数（影响计费计算）
  rate_multiplier: 1.0

# =============================================================================
# Rate Limiting
# 速率限制
# =============================================================================
rate_limit:
  # Cooldown time (in minutes) when upstream returns 529 (overloaded)
  # 上游返回 529（过载）时的冷却时间（分钟）
  overload_cooldown_minutes: 10

# =============================================================================
# Pricing Data Source (Optional)
# 定价数据源（可选）
# =============================================================================
pricing:
  # URL to fetch model pricing data (default: LiteLLM)
  # 获取模型定价数据的 URL（默认：LiteLLM）
  remote_url: "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json"
  # Hash verification URL (optional)
  # 哈希校验 URL（可选）
  hash_url: ""
  # Local data directory for caching
  # 本地数据缓存目录
  data_dir: "./data"
  # Fallback pricing file
  # 备用定价文件
  fallback_file: "./resources/model-pricing/model_prices_and_context_window.json"
  # Update interval in hours
  # 更新间隔（小时）
  update_interval_hours: 24
  # Hash check interval in minutes
  # 哈希检查间隔（分钟）
  hash_check_interval_minutes: 10

# =============================================================================
# Billing Configuration
# 计费配置
# =============================================================================
billing:
  circuit_breaker:
    # Enable circuit breaker for billing service
    # 启用计费服务熔断器
    enabled: true
    # Number of failures before opening circuit
    # 触发熔断的失败次数阈值
    failure_threshold: 5
    # Time to wait before attempting reset (seconds)
    # 熔断后重试等待时间（秒）
    reset_timeout_seconds: 30
    # Number of requests to allow in half-open state
    # 半开状态允许通过的请求数
    half_open_requests: 3

# =============================================================================
# Turnstile Configuration
# Turnstile 人机验证配置
# =============================================================================
turnstile:
  # Require Turnstile in release mode (when enabled, login/register will fail if not configured)
  # 在 release 模式下要求 Turnstile 验证（启用后，若未配置则登录/注册会失败）
  required: false

# =============================================================================
# Gemini OAuth (Required for Gemini accounts)
# Gemini OAuth 配置（Gemini 账户必需）
# =============================================================================
# Sub2API supports TWO Gemini OAuth modes:
# Sub2API 支持两种 Gemini OAuth 模式：
#
# 1. Code Assist OAuth (requires GCP project_id)
# 1. Code Assist OAuth（需要 GCP project_id）
#    - Uses: cloudcode-pa.googleapis.com (Code Assist API)
#    - 使用：cloudcode-pa.googleapis.com（Code Assist API）
#
# 2. AI Studio OAuth (no project_id needed)
# 2. AI Studio OAuth（不需要 project_id）
#    - Uses: generativelanguage.googleapis.com (AI Studio API)
#    - 使用：generativelanguage.googleapis.com（AI Studio API）
#
# Default: Uses Gemini CLI's public OAuth credentials (same as Google's official CLI tool)
# 默认：使用 Gemini CLI 的公开 OAuth 凭证（与 Google 官方 CLI 工具相同）
gemini:
  oauth:
    # Gemini CLI public OAuth credentials (works for both Code Assist and AI Studio)
    # Gemini CLI 公开 OAuth 凭证（适用于 Code Assist 和 AI Studio）
    client_id: "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com"
    client_secret: "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"
    # Optional scopes (space-separated). Leave empty to auto-select based on oauth_type.
    # 可选的权限范围（空格分隔）。留空则根据 oauth_type 自动选择。
    scopes: ""
  quota:
    # Optional: local quota simulation for Gemini Code Assist (local billing).
    # 可选：Gemini Code Assist 本地配额模拟（本地计费）。
    # These values are used for UI progress + precheck scheduling, not official Google quotas.
    # 这些值用于 UI 进度显示和预检调度，并非 Google 官方配额。
    tiers:
      LEGACY:
        # Pro model requests per day
        # Pro 模型每日请求数
        pro_rpd: 50
        # Flash model requests per day
        # Flash 模型每日请求数
        flash_rpd: 1500
        # Cooldown time (minutes) after hitting quota
        # 达到配额后的冷却时间（分钟）
        cooldown_minutes: 30
      PRO:
        # Pro model requests per day
        # Pro 模型每日请求数
        pro_rpd: 1500
        # Flash model requests per day
        # Flash 模型每日请求数
        flash_rpd: 4000
        # Cooldown time (minutes) after hitting quota
        # 达到配额后的冷却时间（分钟）
        cooldown_minutes: 5
      ULTRA:
        # Pro model requests per day
        # Pro 模型每日请求数
        pro_rpd: 2000
        # Flash model requests per day (0 = unlimited)
        # Flash 模型每日请求数（0 = 无限制）
        flash_rpd: 0
        # Cooldown time (minutes) after hitting quota
        # 达到配额后的冷却时间（分钟）
        cooldown_minutes: 5