|
74 | 74 | '*.m4v', |
75 | 75 | '*.torrent' |
76 | 76 | ], |
| 77 | + |
| 78 | + /* |
| 79 | + |-------------------------------------------------------------------------- |
| 80 | + | API Optimization Settings |
| 81 | + |-------------------------------------------------------------------------- |
| 82 | + | |
| 83 | + | Settings for API-specific middlewares that enhance performance and |
| 84 | + | observability without modifying response data. |
| 85 | + | |
| 86 | + */ |
| 87 | + 'api' => [ |
| 88 | + /* |
| 89 | + | Response Compression Settings |
| 90 | + */ |
| 91 | + 'min_compression_size' => env('API_MIN_COMPRESSION_SIZE', 1024), // 1KB minimum |
| 92 | + 'show_compression_metrics' => env('API_SHOW_COMPRESSION_METRICS', false), |
| 93 | + 'skip_error_compression' => env('API_SKIP_ERROR_COMPRESSION', false), |
| 94 | + |
| 95 | + /* |
| 96 | + | Performance Headers Settings |
| 97 | + */ |
| 98 | + 'track_queries' => env('API_TRACK_QUERIES', false), |
| 99 | + 'query_threshold' => env('API_QUERY_THRESHOLD', 20), // Warn if more than 20 queries |
| 100 | + 'slow_request_threshold' => env('API_SLOW_REQUEST_THRESHOLD', 1000), // 1 second |
| 101 | + |
| 102 | + /* |
| 103 | + | ETag Settings |
| 104 | + */ |
| 105 | + 'etag_algorithm' => env('API_ETAG_ALGORITHM', 'md5'), // md5, sha1, or sha256 |
| 106 | + 'etag_max_age' => env('API_ETAG_MAX_AGE', 300), // 5 minutes |
| 107 | + |
| 108 | + /* |
| 109 | + | Security Headers Settings |
| 110 | + */ |
| 111 | + 'referrer_policy' => env('API_REFERRER_POLICY', 'strict-origin-when-cross-origin'), |
| 112 | + 'hsts_max_age' => env('API_HSTS_MAX_AGE', 31536000), // 1 year |
| 113 | + 'hsts_include_subdomains' => env('API_HSTS_INCLUDE_SUBDOMAINS', false), |
| 114 | + 'content_security_policy' => env('API_CSP', "default-src 'none'; frame-ancestors 'none'"), |
| 115 | + 'permissions_policy' => env('API_PERMISSIONS_POLICY', 'geolocation=(), microphone=(), camera=()'), |
| 116 | + |
| 117 | + /* |
| 118 | + | Response Cache Settings (Advanced) |
| 119 | + */ |
| 120 | + 'cache' => [ |
| 121 | + 'enabled' => env('API_CACHE_ENABLED', false), |
| 122 | + 'driver' => env('API_CACHE_DRIVER', 'redis'), // redis, memcached, file, array |
| 123 | + 'ttl' => env('API_CACHE_TTL', 300), // seconds (5 minutes default) |
| 124 | + 'per_user' => env('API_CACHE_PER_USER', false), // Separate cache per authenticated user |
| 125 | + 'cache_authenticated' => env('API_CACHE_AUTHENTICATED', false), // Cache authenticated requests |
| 126 | + 'track_metrics' => env('API_CACHE_TRACK_METRICS', true), // Track hit/miss metrics |
| 127 | + 'vary_headers' => [], // Headers that affect caching (e.g., ['Accept-Language']) |
| 128 | + 'cacheable_content_types' => [ |
| 129 | + 'application/json', |
| 130 | + 'application/xml', |
| 131 | + 'application/vnd.api+json', |
| 132 | + ], |
| 133 | + ], |
| 134 | + |
| 135 | + /* |
| 136 | + | Health Check Settings |
| 137 | + */ |
| 138 | + 'health' => [ |
| 139 | + 'endpoint' => env('API_HEALTH_ENDPOINT', '/health'), // Health check endpoint path |
| 140 | + 'cache_results' => env('API_HEALTH_CACHE_RESULTS', true), // Cache health check results for 10s |
| 141 | + 'include_app_info' => env('API_HEALTH_INCLUDE_APP_INFO', true), // Include app name/version |
| 142 | + 'checks' => [ |
| 143 | + 'database' => env('API_HEALTH_CHECK_DATABASE', true), |
| 144 | + 'cache' => env('API_HEALTH_CHECK_CACHE', true), |
| 145 | + 'disk' => env('API_HEALTH_CHECK_DISK', true), |
| 146 | + 'memory' => env('API_HEALTH_CHECK_MEMORY', true), |
| 147 | + 'queue' => env('API_HEALTH_CHECK_QUEUE', false), // Disabled by default |
| 148 | + ], |
| 149 | + 'thresholds' => [ |
| 150 | + 'database_ms' => env('API_HEALTH_THRESHOLD_DB_MS', 100), // Max DB response time |
| 151 | + 'cache_ms' => env('API_HEALTH_THRESHOLD_CACHE_MS', 50), // Max cache response time |
| 152 | + 'disk_usage_percent' => env('API_HEALTH_THRESHOLD_DISK_PERCENT', 90), // Max disk usage |
| 153 | + 'memory_usage_percent' => env('API_HEALTH_THRESHOLD_MEMORY_PERCENT', 90), // Max memory usage |
| 154 | + ], |
| 155 | + ], |
| 156 | + |
| 157 | + /* |
| 158 | + | Circuit Breaker Settings |
| 159 | + */ |
| 160 | + 'circuit_breaker' => [ |
| 161 | + 'enabled' => env('API_CIRCUIT_BREAKER_ENABLED', false), |
| 162 | + 'failure_threshold' => env('API_CIRCUIT_BREAKER_THRESHOLD', 5), // Failures before opening |
| 163 | + 'timeout' => env('API_CIRCUIT_BREAKER_TIMEOUT', 60), // Seconds before half-open |
| 164 | + 'scope' => env('API_CIRCUIT_BREAKER_SCOPE', 'endpoint'), // endpoint, route, or path |
| 165 | + 'slow_threshold_ms' => env('API_CIRCUIT_BREAKER_SLOW_MS', 5000), // 5s = slow request |
| 166 | + 'error_codes' => [500, 502, 503, 504], // Status codes that trigger failure |
| 167 | + 'fallback_status_code' => env('API_CIRCUIT_BREAKER_FALLBACK_CODE', 503), |
| 168 | + 'fallback_response' => null, // Custom callback for fallback response |
| 169 | + ], |
| 170 | + ], |
77 | 171 | ]; |
0 commit comments