cors:
  enabled: true
  origins:
    - "http://localhost:3000"
    - "http://localhost:8000"
  allow_credentials: true
  allow_methods: ["*"]
  allow_headers: ["*"]
  
rate_limiting:
  enabled: true
  requests_per_minute: 60
  burst: 10
  storage: "redis"
  
jwt:
  algorithm: "HS256"
  access_token_expire_minutes: 30
  refresh_token_expire_days: 7
  
allowed_hosts:
  - "*"