config

package
v0.0.1-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package config loads the websec0 configuration from defaults, an optional YAML file, environment variables prefixed with WEBSEC101_, and CLI flags.

Precedence (lowest to highest): defaults < YAML < env < flags.

Env variables use double underscores to denote key nesting: 

WEBSEC101_SERVER__LISTEN=":9090"        // → server.listen
WEBSEC101_SCANNER__PER_CHECK_TIMEOUT=5s // → scanner.per_check_timeout

Index

Constants

View Source 
const EnvPrefix = "WEBSEC101_"

EnvPrefix is the env-var prefix used for configuration overrides.

Variables

This section is empty.

Functions

func Defaults 

func Defaults() map[string]any

Defaults returns the flat key→value map applied as the lowest-precedence configuration layer. Values match SPECIFICATIONS.md §4.6.

Types

type Config 

type Config struct {
	Server    ServerConfig    `koanf:"server"`
	Scanner   ScannerConfig   `koanf:"scanner"`
	Storage   StorageConfig   `koanf:"storage"`
	RateLimit RateLimitConfig `koanf:"ratelimit"`
	Security  SecurityConfig  `koanf:"security"`
	Reports   ReportsConfig   `koanf:"reports"`
	Logging   LoggingConfig   `koanf:"logging"`
}

Config is the typed configuration tree. It mirrors the YAML schema documented in SPECIFICATIONS.md §4.6.

func Load 

func Load(opts LoadOptions) (*Config, error)

Load assembles a *Config from defaults, file, env, and flags in order.

type LoadOptions 

type LoadOptions struct {
	// ConfigPath, if non-empty, points at a YAML file. A missing file is
	// silently ignored so the binary works without config on a fresh install.
	ConfigPath string
	// Flags is an already-parsed pflag.FlagSet whose long-name keys (using
	// dots, e.g. "server.listen") override env and YAML values. May be nil.
	Flags *pflag.FlagSet
}

LoadOptions controls Load behaviour.

type LoggingConfig 

type LoggingConfig struct {
	Level      string `koanf:"level"`  // debug | info | warn | error
	Format     string `koanf:"format"` // json | text
	LogTargets bool   `koanf:"log_targets"`
}

type PerIPLimit 

type PerIPLimit struct {
	Rate   int           `koanf:"rate"`
	Period time.Duration `koanf:"period"`
}

type PerTargetLimit 

type PerTargetLimit struct {
	Cooldown time.Duration `koanf:"cooldown"`
}

type RateLimitConfig 

type RateLimitConfig struct {
	PerIP     PerIPLimit     `koanf:"per_ip"`
	PerTarget PerTargetLimit `koanf:"per_target"`
}

type RedisConfig 

type RedisConfig struct {
	URL string `koanf:"url"`
}

type ReportsConfig 

type ReportsConfig struct {
	DefaultVisibility string `koanf:"default_visibility"` // public | private
	PrivateTokenBytes int    `koanf:"private_token_bytes"`
}

type ScannerConfig 

type ScannerConfig struct {
	MaxConcurrentScans         int           `koanf:"max_concurrent_scans"`
	MaxConcurrentChecksPerScan int           `koanf:"max_concurrent_checks_per_scan"`
	PerCheckTimeout            time.Duration `koanf:"per_check_timeout"`
	PerScanTimeout             time.Duration `koanf:"per_scan_timeout"`
	UserAgent                  string        `koanf:"user_agent"`
}

type SecurityConfig 

type SecurityConfig struct {
	RefusePrivateRanges bool `koanf:"refuse_private_ranges"`
	RefuseLoopback      bool `koanf:"refuse_loopback"`
	RefuseCGNAT         bool `koanf:"refuse_cgnat"`
	RefuseLinkLocal     bool `koanf:"refuse_link_local"`
	// RefuseMetadata is a separate hard-toggle from RefusePrivateRanges:
	// disabling metadata blocking on a cloud host is essentially a
	// pre-authorised IAM-credential heist, so we keep it default-true
	// and log a WARN at startup if it's flipped off.
	RefuseMetadata  bool     `koanf:"refuse_metadata"`
	DomainBlocklist []string `koanf:"domain_blocklist"`
	AllowedCIDRs    []string `koanf:"allowed_cidrs"`
	AllowedHosts    []string `koanf:"allowed_hosts"`
}

type ServerConfig 

type ServerConfig struct {
	Listen       string        `koanf:"listen"`
	ReadTimeout  time.Duration `koanf:"read_timeout"`
	WriteTimeout time.Duration `koanf:"write_timeout"`
}

type StorageConfig 

type StorageConfig struct {
	Backend string        `koanf:"backend"` // memory | ristretto | redis
	TTL     time.Duration `koanf:"ttl"`
	Redis   RedisConfig   `koanf:"redis"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.