2025-11-13 03:40:05 +03:00
|
|
|
|
# Güvenlik ayarları
|
|
|
|
|
|
security:
|
|
|
|
|
|
# API Key Authentication
|
|
|
|
|
|
require_api_key: true # true ise tüm endpoint'ler API key gerektirir
|
|
|
|
|
|
api_keys:
|
|
|
|
|
|
# API key'ler: key -> {name, rate_limit, enabled}
|
|
|
|
|
|
# Örnek API key'ler (production'da değiştirilmeli!)
|
|
|
|
|
|
demo_key_12345:
|
|
|
|
|
|
name: "Demo API Key"
|
|
|
|
|
|
rate_limit: 100 # Dakikada maksimum istek
|
|
|
|
|
|
enabled: true
|
|
|
|
|
|
created_at: "2025-01-01"
|
|
|
|
|
|
|
|
|
|
|
|
# Daha fazla API key eklenebilir
|
|
|
|
|
|
# production_key_xyz:
|
|
|
|
|
|
# name: "Production Key"
|
|
|
|
|
|
# rate_limit: 1000
|
|
|
|
|
|
# enabled: true
|
|
|
|
|
|
|
|
|
|
|
|
# Rate Limiting (IP bazlı, API key yoksa)
|
|
|
|
|
|
default_rate_limit: 60 # Dakikada maksimum istek
|
|
|
|
|
|
rate_limit_by_endpoint:
|
|
|
|
|
|
"/": 60 # Ana feed endpoint
|
|
|
|
|
|
"/health": 120 # Health check daha fazla izin ver
|
|
|
|
|
|
"/info": 120 # Info endpoint
|
|
|
|
|
|
|
|
|
|
|
|
# Input Validation
|
|
|
|
|
|
max_input_length:
|
|
|
|
|
|
channel_id: 50
|
|
|
|
|
|
channel_handle: 50
|
|
|
|
|
|
channel_url: 200
|
2025-11-13 04:12:05 +03:00
|
|
|
|
max_items: 100 # Maksimum transcript sayısı (20'şer batch'ler halinde işlenir)
|
2025-11-13 03:40:05 +03:00
|
|
|
|
|
|
|
|
|
|
# CORS Settings
|
|
|
|
|
|
cors:
|
|
|
|
|
|
enabled: true
|
|
|
|
|
|
allowed_origins:
|
|
|
|
|
|
- "*" # Production'da spesifik domain'ler belirtilmeli
|
|
|
|
|
|
allowed_methods:
|
|
|
|
|
|
- "GET"
|
|
|
|
|
|
- "OPTIONS"
|
|
|
|
|
|
allowed_headers:
|
|
|
|
|
|
- "Content-Type"
|
|
|
|
|
|
- "X-API-Key"
|
|
|
|
|
|
|
|
|
|
|
|
# Security Headers
|
|
|
|
|
|
security_headers:
|
|
|
|
|
|
X-Content-Type-Options: "nosniff"
|
|
|
|
|
|
X-Frame-Options: "DENY"
|
|
|
|
|
|
X-XSS-Protection: "1; mode=block"
|
|
|
|
|
|
Strict-Transport-Security: "max-age=31536000; includeSubDomains" # HTTPS için
|
|
|
|
|
|
Content-Security-Policy: "default-src 'self'"
|
|
|
|
|
|
|
