config

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 22, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	OAuth2ProviderGoogle = "google"
	OAuth2ProviderGitHub = "github"
)
View Source
const ScopeApplication = "application"

ScopeApplication defines the scope for the main application configuration.

Variables

This section is empty.

Functions

func Reload

func Reload(configStore SecureStore, provider *Provider, logger *slog.Logger) func() error

Reload returns a function that, when called, attempts to reload the application configuration. This allows the reload logic to be prepared once and executed later, typically on SIGHUP.

func Validate

func Validate(cfg *Config) error

Validate checks the entire configuration for correctness. It aggregates validation checks from different parts of the configuration.

Types

type BackupLocal

type BackupLocal struct {
	SourcePath    string   `toml:"source_path" comment:"Path to the source database file to back up."`
	BackupDir     string   `toml:"backup_dir" comment:"Directory where backup files will be stored."`
	Strategy      string   `toml:"strategy" comment:"Backup strategy to use ('online' or 'vacuum'). 'online' is the default."`
	PagesPerStep  int      `toml:"pages_per_step" comment:"For 'online' strategy, the number of pages to copy in each step."`
	SleepInterval Duration `toml:"sleep_interval" comment:"For 'online' strategy, the duration to sleep between steps."`
}

BackupLocal defines the settings for the local backup job.

type BatchLogger

type BatchLogger struct {
	FlushSize     int      `toml:"flush_size" comment:"Records to batch before writing"`
	ChanSize      int      `toml:"chan_size" comment:"Log record channel buffer size"`
	FlushInterval Duration `toml:"flush_interval" comment:"Max time between flushes"`
	Level         LogLevel `toml:"level" comment:"Minimum log level (debug, info, warn, error)"`
	DbPath        string   `toml:"db_path" comment:"SQLite database path for logs"`
}

BatchLogger contains batch logging configuration

type BlockHost

type BlockHost struct {
	// Activated controls whether host blocking is currently active.
	Activated bool `toml:"activated" comment:"Activate host blocking"`
	// AllowedHosts is a list of hostnames that are allowed to access the server.
	// If the list is empty, all hosts are allowed.
	// Supports exact matches (e.g., "example.com") and wildcard subdomains (e.g., "*.example.com").
	AllowedHosts []string `toml:"allowed_hosts" comment:"List of allowed hostnames (e.g., 'example.com', '*.example.com')"`
}

BlockHost holds configuration for blocking requests based on the Host header.

type BlockIp

type BlockIp struct {
	// Enabled determines if the IP blocking feature is compiled and available.
	// A restart is required to apply changes to this field.
	Enabled bool `toml:"enabled" comment:"Enable automatic IP blocking (requires restart)"`
	// Activated controls whether IP blocking is currently active.
	// This can be toggled dynamically via a configuration reload.
	Activated bool `toml:"activated" comment:"Activate IP blocking (can be toggled via config reload)"`
	// Level sets the sensitivity and memory usage profile for the blocker.
	// Valid options: "low", "medium", "high".
	// - "low":    Minimal memory footprint (~10 KB). Suitable for low-traffic sites (e.g., < 50 RPS)
	//             or environments with strict memory constraints. Less accurate at detecting sophisticated attacks.
	// - "medium": A balanced profile (~120 KB). Suitable for most applications (e.g., 50-500 RPS).
	//             Offers good accuracy with moderate memory usage. This is the recommended default.
	// - "high":   Maximum accuracy and responsiveness (~640 KB). Best for high-traffic sites or APIs
	//             (e.g., > 500 RPS) that are critical targets for DDoS attacks. Consumes significantly more memory.
	Level string `toml:"level" comment:"Sensitivity profile: 'low', 'medium', or 'high'"`
}

BlockIp holds configuration specific to IP blocking. This feature is intended to automatically block IP addresses based on certain criteria, such as excessive requests, to mitigate abuse.

type BlockOversizedRequest added in v0.13.0

type BlockOversizedRequest struct {
	// Activated enables or disables the request size limiting middleware.
	// This can be toggled dynamically via a configuration reload.
	Activated bool `toml:"activated" comment:"Enable request size limiting"`

	// URLPathLimit is the maximum allowed length for the URL path.
	URLPathLimit int `toml:"url_path_limit" comment:"Max URL path length"`

	// QueryStringLimit is the maximum allowed length for the raw query string.
	QueryStringLimit int `toml:"query_string_limit" comment:"Max query string length"`

	// HeaderCountLimit is the maximum number of distinct headers allowed.
	HeaderCountLimit int `toml:"header_count_limit" comment:"Max number of headers"`

	// HeaderValueLimit is the maximum allowed length for any single header value.
	HeaderValueLimit int `toml:"header_value_limit" comment:"Max length of any single header value"`

	// BodyLimit is the maximum allowed request body size in bytes.
	BodyLimit int64 `toml:"body_limit" comment:"Maximum allowed request body size in bytes"`

	// ExcludedPaths are URL paths that bypass the size limiting middleware.
	// Path matching rules:
	// - Exact match required (case-sensitive)
	// - Trailing slashes are significant ('/path' ≠ '/path/')
	// - Query strings are ignored (matches path only)
	// - Paths should start with '/' (e.g. '/api/upload')
	// No wildcards or pattern matching
	ExcludedPaths []string `toml:"excluded_paths" comment:"Paths that bypass size limiting"`
}

BlockOversizedRequest holds configuration for limiting the size of various request dimensions. This is a security measure to prevent denial-of-service and resource exhaustion attacks.

type BlockUaList

type BlockUaList struct {
	// Activated controls whether the User-Agent block list is currently active.
	// This can be toggled dynamically via a configuration reload.
	Activated bool `toml:"activated" comment:"Activate User-Agent block list"`
	// List holds a compiled regular expression for matching User-Agent strings.
	// RE2 Syntax Notes: Go uses the RE2 regex engine. For literal matching:
	// - Metacharacters like '.' MUST be escaped (e.g., `\.`).
	// - Characters like '-' or ' ' outside character classes `[]` are literal
	//   and do NOT require escaping, though RE2 tolerates unnecessary escapes (e.g., `\-`).
	// TOML Marshaling: When marshaling to TOML, the `go-toml` library might use
	// double quotes (`"..."`) with escaped backslashes (`\\`) or single quotes (`'...'`)
	// for literal strings. Both forms are correctly unmarshaled back into the
	// intended regex pattern string by the TOML parser before being compiled.
	// For manual TOML editing, use single quotes (`'...'`) for easier pasting of patterns.
	List Regexp `toml:"list" comment:"Regex for matching User-Agents to block"`
}

BlockUaList holds configuration for blocking requests based on User-Agent patterns. This is useful for filtering out bots, scrapers, or other unwanted clients.

type Cache added in v0.4.0

type Cache struct {
	// Level defines the cache size and performance preset.
	// Valid options are "small", "medium", "large", "very-large".
	Level string `toml:"level"`
}

Cache contains settings for the cache system.

type Config

type Config struct {
	PublicDir              string                    `toml:"public_dir" comment:"Directory containing static web assets"`
	Source                 string                    `toml:"-" comment:"[READONLY] Source of config - 'file:<path>' or 'db'"`
	Jwt                    Jwt                       `toml:"jwt" comment:"JSON Web Token settings"`
	Scheduler              Scheduler                 `toml:"scheduler" comment:"Background job scheduler settings"`
	Server                 Server                    `toml:"server" comment:"HTTP server configuration"`
	RateLimits             RateLimits                `toml:"rate_limits" comment:"Rate limiting settings"`
	OAuth2Providers        map[string]OAuth2Provider `toml:"oauth2_providers" comment:"OAuth2 provider configurations"`
	Smtp                   Smtp                      `toml:"smtp" comment:"SMTP email settings"`
	Endpoints              Endpoints                 `toml:"endpoints" comment:"API endpoint paths"`
	Maintenance            Maintenance               `toml:"maintenance" comment:"Maintenance mode settings"`
	BlockIp                BlockIp                   `toml:"block_ip" comment:"IP blocking settings"`
	BlockUaList            BlockUaList               `toml:"block_ua_list" comment:"User-Agent block list settings"`
	BlockHost              BlockHost                 `toml:"block_host" comment:"Host blocking settings"`
	BlockOversizedRequest  BlockOversizedRequest     `toml:"block_oversized_request" comment:"Request size limiting configuration"`
	EndpointsBlockMismatch EndpointsBlockMismatch    `toml:"endpoints_block_mismatch" comment:"Endpoints hash mismatch blocking settings"`
	Notifier               Notifier                  `toml:"notifier"`
	Log                    Log                       `toml:"log" comment:"Logging configuration"`
	Metrics                Metrics                   `toml:"metrics" comment:"Metrics collection configuration"`
	BackupLocal            BackupLocal               `toml:"backup_local" comment:"Local backup configuration"`
	Cache                  Cache                     `toml:"cache" comment:"Cache system settings"`
}

Config holds the application configuration.

Configuration fields use specific naming conventions for their behavior: - Fields named "Activated" can be toggled dynamically via config reload - Fields named "Enabled" require a server restart to take effect - Other boolean fields typically require restart unless documented otherwise

func NewDefaultConfig

func NewDefaultConfig() *Config

NewDefaultConfig creates a new Config with sensible defaults. All secret values are randomly generated.

effective = defaults ← stored_overrides The key invariant is that defaults are always a complete, valid config. The stored TOML is intentionally partial — it only encodes intent to deviate.

New fields in code always have a value, even if the stored config predates them Stale fields in the stored TOML are silently ignored on unmarshal No invalid config at startup

type Discord

type Discord struct {
	// Activated controls whether the Discord notifier is active.
	Activated bool `toml:"activated" comment:"Activate the default Discord notifier"`
	// WebhookURL is the URL of the Discord webhook to which notifications will be sent.
	WebhookURL string `toml:"webhook_url" comment:"Discord webhook URL"`
	// APIRateLimit specifies the minimum time between API calls to avoid rate limiting.
	APIRateLimit Duration `toml:"api_rate_limit" comment:"API call rate limit (e.g., '2s'). Discord webhooks generally allow ~30 requests/minute."`
	// APIBurst allows for a certain number of requests to be made in quick succession before rate limiting is enforced.
	APIBurst int `toml:"api_burst" comment:"API call burst allowance (e.g., 1, 5)"`
	// SendTimeout is the maximum time to wait for a single notification to be sent to Discord.
	SendTimeout Duration `toml:"send_timeout" comment:"Timeout for sending a single notification via Discord (e.g., '10s')"`
}

Discord holds the configuration for sending notifications via a Discord webhook.

type Duration

type Duration struct {
	time.Duration
}

Duration is a wrapper around time.Duration that supports TOML unmarshalling from a string value (e.g., "3h", "15m", "1h30m").

func (Duration) MarshalText

func (d Duration) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface. This is useful if you ever need to marshal the config back to TOML, ensuring durations are written as strings.

func (*Duration) UnmarshalText

func (d *Duration) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface. This allows TOML libraries like pelletier/go-toml/v2 to unmarshal TOML string values directly into a Duration field.

type Endpoints

type Endpoints struct {
	// RefreshAuth is the endpoint for refreshing an authentication token.
	RefreshAuth string `toml:"refresh_auth" json:"refresh_auth" comment:"Refresh auth token endpoint"`
	// ListEndpoints is the endpoint that provides a list of all available API endpoints.
	ListEndpoints string `toml:"list_endpoints" json:"list_endpoints" comment:"List available endpoints"`
	// AuthWithPassword is the endpoint for authenticating a user with their email and password.
	AuthWithPassword string `toml:"auth_with_password" json:"auth_with_password" comment:"Password authentication endpoint"`
	// AuthWithOAuth2 is the endpoint for initiating or handling an OAuth2 authentication flow.
	AuthWithOAuth2 string `toml:"auth_with_oauth2" json:"auth_with_oauth2" comment:"OAuth2 authentication endpoint"`
	// RegisterWithPassword is the endpoint for creating a new user account with an email and password.
	RegisterWithPassword string `toml:"register_with_password" json:"register_with_password" comment:"Password registration endpoint"`
	// ListOAuth2Providers is the endpoint for listing all configured OAuth2 providers.
	ListOAuth2Providers string `toml:"list_oauth2_providers" json:"list_oauth2_providers" comment:"List available OAuth2 providers"`
	// RequestPasswordResetOtp is the endpoint for users to request an OTP for password reset.
	RequestPasswordResetOtp string `toml:"request_password_reset_otp" json:"request_password_reset_otp" comment:"Request password reset OTP endpoint"`
	// VerifyPasswordResetOtp is the endpoint for verifying the OTP before resetting the password.
	VerifyPasswordResetOtp string `toml:"verify_password_reset_otp" json:"verify_password_reset_otp" comment:"Verify password reset OTP endpoint"`
	// ConfirmPasswordResetOtp is the endpoint for resetting a user's password using a grant token.
	ConfirmPasswordResetOtp string `toml:"confirm_password_reset_otp" json:"confirm_password_reset_otp" comment:"Confirm password reset OTP endpoint"`
	// RequestEmailChangeOtp is the endpoint for users to request an email address change.
	RequestEmailChangeOtp string `toml:"request_email_change_otp" json:"request_email_change_otp" comment:"Request email change OTP endpoint"`
	// ConfirmEmailChangeOtp is the endpoint for confirming an email address change using a token.
	ConfirmEmailChangeOtp string `toml:"confirm_email_change_otp" json:"confirm_email_change_otp" comment:"Confirm email change OTP endpoint"`
	// RequestEmailVerificationOtp is the endpoint for requesting a new email OTP verification code.
	RequestEmailVerificationOtp string `toml:"request_email_verification_otp" json:"request_email_verification_otp" comment:"Request email OTP verification endpoint"`
	// ConfirmEmailVerificationOtp is the endpoint for confirming an email OTP verification code.
	ConfirmEmailVerificationOtp string `toml:"confirm_email_verification_otp" json:"confirm_email_verification_otp" comment:"Confirm email OTP verification endpoint"`
}

Endpoints defines the API endpoint paths for various authentication and account management actions. Each field maps a function to a specific HTTP method and path (e.g., "POST /api/refresh-auth").

func (Endpoints) ConfirmHtml

func (e Endpoints) ConfirmHtml(endpoint string) string

ConfirmHtml returns the HTML confirmation page path for an endpoint Follows naming convention: /api/confirm-X → /confirm-X.html This ensures consistency between API endpoints and their corresponding HTML pages

func (Endpoints) Hash added in v0.11.0

func (e Endpoints) Hash() string

Hash returns a deterministic hash of all endpoint values. Uses hardcoded field concatenation to avoid any marshaling ambiguity. The hash changes whenever any endpoint path is modified.

func (Endpoints) Path

func (e Endpoints) Path(endpoint string) string

Path extracts just the path portion from an endpoint string (removes method prefix)

type EndpointsBlockMismatch added in v0.11.0

type EndpointsBlockMismatch struct {
	// Activated controls whether endpoints hash checking is currently active.
	// This can be toggled dynamically via a configuration reload.
	Activated bool `toml:"activated" comment:"Activate endpoints hash mismatch blocking"`
}

EndpointsBlockMismatch holds configuration for the endpoints hash mismatch middleware. When activated, requests with a stale X-Restinpieces-Endpoints-Hash header will receive an error response, forcing the SDK to refetch endpoints.

type Jwt

type Jwt struct {
	// Secret key for auth tokens.
	AuthSecret string `toml:"auth_secret" comment:"Secret key for auth tokens"`
	// Duration for which standard authentication tokens are valid.
	AuthTokenDuration Duration `toml:"auth_token_duration" comment:"Duration auth tokens remain valid"`
	// Secret key for password reset tokens.
	PasswordResetSecret string `toml:"password_reset_secret" comment:"Secret key for password reset tokens"`
	// Duration for which password reset tokens are valid.
	PasswordResetTokenDuration Duration `toml:"password_reset_token_duration" comment:"Duration password reset tokens remain valid"`
	// Secret key for email change OTP tokens.
	EmailChangeOtpSecret string `toml:"email_change_otp_secret" comment:"Secret key for email change OTP tokens"`
	// Duration for which email change OTP tokens remain valid.
	EmailChangeOtpTokenDuration Duration `toml:"email_change_otp_token_duration" comment:"Duration email change OTP tokens remain valid"`
	// Secret key for email OTP verification tokens.
	VerificationEmailOtpSecret string `toml:"verification_email_otp_secret" comment:"Secret key for email OTP verification tokens"`
	// Duration for which email OTP verification tokens are valid.
	VerificationEmailOtpTokenDuration Duration `toml:"verification_email_otp_token_duration" comment:"Duration email OTP verification tokens remain valid"`

	// Secret key for OAuth2 state tokens. Used to HMAC sign the JWT containing
	// the code_verifier hash, ensuring the state cannot be forged.
	Oauth2StateSecret string `toml:"oauth2_state_secret" comment:"Secret key for OAuth2 state tokens"`

	// Duration for which OAuth2 state tokens are valid. Keeps the window short
	// to minimize replay risks.
	Oauth2StateTokenDuration Duration `toml:"oauth2_state_token_duration" comment:"Duration OAuth2 state tokens remain valid"`
}

type Log

type Log struct {
	Request LogRequest  `toml:"request" comment:"HTTP request logging configuration"`
	Batch   BatchLogger `toml:"batch" comment:"Batch logging configuration"`
}

Log contains Default (Batch) log configuration

type LogLevel

type LogLevel struct {
	slog.Level
}

LogLevel is a wrapper around slog.Level that supports TOML unmarshalling Valid TOML values:

  • String values (case insensitive): "debug", "info", "warn", "error"
  • Numeric values: -4 (debug), 0 (info), 4 (warn), 8 (error)

Example:

level = "debug"  # string name
level = "DEBUG"  # any case
level = -4       # numeric value

func (LogLevel) MarshalText

func (l LogLevel) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface Always marshals to the string name (e.g. "debug", "info")

func (*LogLevel) UnmarshalText

func (l *LogLevel) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface Supports both string names and numeric values for log levels

type LogRequest

type LogRequest struct {
	Activated bool             `toml:"activated" comment:"Activate HTTP request logging"`
	Limits    LogRequestLimits `toml:"limits" comment:"Maximum field lengths"`
}

LogRequest contains HTTP request logging configuration

type LogRequestLimits

type LogRequestLimits struct {
	URILength       int `toml:"uri" comment:"Max URI length (path + query) (minimum 64)"`
	UserAgentLength int `toml:"user_agent" comment:"Max User-Agent length (minimum 32)"`
	RefererLength   int `toml:"referer" comment:"Max Referer length (minimum 64)"`
	RemoteIPLength  int `` /* 156-byte string literal not displayed */
}

LogRequestLimits defines maximum lengths for request log fields

type Maintenance

type Maintenance struct {
	// Activated controls whether maintenance mode is currently active.
	// This can be toggled dynamically via a configuration reload.
	Activated bool `toml:"activated" comment:"Currently in maintenance mode"`
}

Maintenance holds configuration for the maintenance mode feature. When activated, the application will serve a maintenance page or message for all incoming requests, effectively taking the service offline gracefully.

type Metrics

type Metrics struct {
	// Enabled controls whether metrics collection is compiled into the binary and available.
	// Changing this requires a server restart.
	Enabled bool `toml:"enabled" comment:"Enable metrics collection (requires restart)"`

	// Activated controls whether metrics are actively being collected.
	// This can be toggled via config reload without restart.
	Activated bool `toml:"activated" comment:"Activate metrics collection (can toggle via reload)"`

	// Endpoint is the HTTP path where metrics are exposed (e.g. "/metrics")
	Endpoint string `toml:"endpoint" comment:"HTTP path where metrics are exposed"`

	// AllowedIPs is a list of exact IP addresses that can access the metrics endpoint
	// Example: ["127.0.0.1", "192.168.1.100"]
	AllowedIPs []string `toml:"allowed_ips" comment:"List of exact IP addresses allowed to access metrics endpoint (no CIDR ranges)"`
}

Metrics holds the configuration for collecting and exposing application metrics, typically for monitoring purposes (e.g., with Prometheus).

type Notifier

type Notifier struct {
	// Discord holds the configuration for the Discord notifier.
	Discord Discord `toml:"discord" comment:"Default Discord notifier configuration"`
}

Notifier holds the configuration for various notification services. Currently, it only contains settings for Discord.

type OAuth2Provider

type OAuth2Provider struct {
	Name            string   `toml:"name" comment:"Provider identifier (e.g. 'google')"`
	ClientID        string   `toml:"client_id" comment:"OAuth2 client ID (set via env)"`
	ClientSecret    string   `toml:"client_secret" comment:"OAuth2 client secret (set via env)"`
	DisplayName     string   `toml:"display_name" comment:"User-facing provider name"`
	RedirectURL     string   `toml:"redirect_url" comment:"Callback URL (leave empty for dynamic)"`
	RedirectURLPath string   `toml:"redirect_url_path" comment:"Callback URL path (e.g. '/oauth2/callback') - uses server host/port"`
	AuthURL         string   `toml:"auth_url" comment:"OAuth2 authorization endpoint"`
	TokenURL        string   `toml:"token_url" comment:"OAuth2 token endpoint"`
	UserInfoURL     string   `toml:"user_info_url" comment:"User info API endpoint"`
	Scopes          []string `toml:"scopes" comment:"Requested OAuth2 scopes"`
	PKCE            bool     `toml:"pkce" comment:"Enable PKCE flow"`
}

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

Provider holds the application configuration and allows for atomic updates.

func NewProvider

func NewProvider(c *Config) *Provider

NewProvider creates a new configuration provider with the initial config. It panics if the initialConfig is nil.

func (*Provider) Get

func (p *Provider) Get() *Config

Get returns the current configuration snapshot. It's safe for concurrent use.

func (*Provider) Update

func (p *Provider) Update(newConfig *Config)

Update atomically swaps the current configuration with the new one. The caller is responsible for ensuring newConfig is not nil.

type RateLimits

type RateLimits struct {
	// Minimum time a user must wait between requesting password resets for the same account.
	PasswordResetCooldown Duration `toml:"password_reset_cooldown" comment:"Min time between password reset requests"`
	// Minimum time a user must wait between requesting email address changes.
	EmailChangeCooldown Duration `toml:"email_change_cooldown" comment:"Min time between email change requests"`
	// Minimum time a user must wait between requesting email OTP verifications.
	EmailVerificationOtpCooldown Duration `toml:"email_verification_otp_cooldown" comment:"Min time between email OTP verification requests"`
}

type Regexp

type Regexp struct {
	*regexp.Regexp
}

Regexp is a wrapper around *regexp.Regexp that supports TOML unmarshalling from a string value directly into a compiled regular expression.

func (Regexp) MarshalText

func (r Regexp) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface.

func (*Regexp) UnmarshalText

func (r *Regexp) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface.

type Scheduler

type Scheduler struct {
	// Interval specifies how often the scheduler checks for pending jobs.
	Interval Duration `toml:"interval" comment:"How often to check for pending jobs"`
	// MaxJobsPerTick limits the number of jobs processed in a single scheduler run.
	MaxJobsPerTick int `toml:"max_jobs_per_tick" comment:"Max jobs to process per scheduler run"`
	// ConcurrencyMultiplier sets the number of concurrent workers per CPU core.
	// For I/O-bound tasks, a value between 2 and 8 is recommended.
	// For CPU-bound tasks, this should typically be 1.
	ConcurrencyMultiplier int `toml:"concurrency_multiplier" comment:"Workers per CPU core (2-8 for I/O bound)"`
}

Scheduler defines settings for the background job processing queue.

type SecureStore

type SecureStore interface {
	// Get retrieves configuration, decrypts it, and returns plaintext + format
	// empty scope = application scope
	// generation 0 = latest, 1 = previous, etc.
	Get(scope string, generation int) ([]byte, string, error)

	// Save encrypts the given plaintext data and stores it as the latest configuration
	// for the given scope, using the provided format and description.
	Save(scope string, plaintextData []byte, format string, description string) error
}

SecureStore defines an interface for securely storing and retrieving configuration data. Implementations handle the encryption/decryption details.

func NewSecureStoreAge

func NewSecureStoreAge(dbCfg db.DbConfig, ageKeyPath string) (SecureStore, error)

NewSecureStoreAge creates a new SecureStore implementation using age. It validates the age key file exists and is readable immediately.

type Server

type Server struct {
	// Network address and port the HTTP server listens on.
	// Examples: ":8080" (all interfaces, port 8080), "localhost:9000"
	Addr string `toml:"addr" comment:"HTTP listen address (e.g. ':8080')"`

	// Maximum duration the server waits for ongoing requests to complete before shutting down.
	ShutdownGracefulTimeout Duration `toml:"shutdown_graceful_timeout" comment:"Max time to wait for graceful shutdown"`

	// Maximum duration for reading the entire request, including the body.
	ReadTimeout Duration `toml:"read_timeout" comment:"Max time to read full request"`

	// Maximum duration for reading only the request headers.
	ReadHeaderTimeout Duration `toml:"read_header_timeout" comment:"Max time to read request headers"`

	// Maximum duration before timing out writes of the response.
	WriteTimeout Duration `toml:"write_timeout" comment:"Max time to write response"`

	// Maximum duration for waiting for the next request on a keep-alive connection.
	IdleTimeout Duration `toml:"idle_timeout" comment:"Max time for idle keep-alive connections"`

	// If behind a trusted proxy, specify the header containing the real client IP.
	// Common values: "X-Forwarded-For", "X-Real-IP". Leave empty if not behind a proxy.
	ClientIpProxyHeader string `toml:"client_ip_proxy_header" comment:"Header to trust for client IP (e.g. 'X-Forwarded-For')"`

	// Enable HTTPS/TLS for secure connections
	EnableTLS bool `toml:"enable_tls" comment:"Enable HTTPS/TLS"`

	// PEM-encoded TLS certificate data (alternative to cert_file)
	CertData string `toml:"cert_data" comment:"PEM-encoded TLS certificate (alternative to file)"`

	// PEM-encoded TLS private key data (alternative to key_file)
	KeyData string `toml:"key_data" comment:"PEM-encoded TLS private key (alternative to file)"`

	// Address for HTTP->HTTPS redirect server (e.g. ":80")
	// Only used when enable_tls is true
	RedirectAddr string `toml:"redirect_addr" comment:"HTTP->HTTPS redirect address (e.g. ':80')"`
}

func (*Server) BaseURL

func (s *Server) BaseURL() string

type Smtp

type Smtp struct {
	// Enabled controls whether the SMTP email sending functionality is active.
	Enabled bool `toml:"enabled" comment:"Enable SMTP email sending"`
	// Host is the SMTP server hostname or IP address.
	Host string `toml:"host" comment:"SMTP server hostname"`
	// Port is the SMTP server port. Common values are 587 (STARTTLS), 465 (TLS), or 25 (unencrypted).
	Port int `toml:"port" comment:"SMTP server port (587/465/25)"`
	// Username for SMTP authentication. It is recommended to set this via an environment variable.
	Username string `toml:"username" comment:"SMTP username (set via env)"`
	// Password for SMTP authentication. It is recommended to set this via an environment variable.
	Password string `toml:"password" comment:"SMTP password (set via env)"`
	// FromName is the display name for the sender (e.g., "My Application").
	FromName string `toml:"from_name" comment:"Sender display name"`
	// FromAddress is the email address from which emails are sent (e.g., "noreply@example.com").
	FromAddress string `toml:"from_address" comment:"Sender email address"`
	// LocalName is the domain name sent during the HELO/EHLO handshake. Defaults to "localhost".
	LocalName string `toml:"local_name" comment:"HELO/EHLO domain name"`
	// AuthMethod specifies the authentication mechanism, e.g., "plain", "login", "cram-md5".
	AuthMethod string `toml:"auth_method" comment:"Auth method (plain/login/cram-md5)"`
	// UseTLS enables a direct TLS connection (SMTPS), typically on port 465.
	UseTLS bool `toml:"use_tls" comment:"Use direct TLS (port 465)"`
	// UseStartTLS enables the STARTTLS command to upgrade an insecure connection to a secure one, typically on port 587.
	UseStartTLS bool `toml:"use_start_tls" comment:"Use STARTTLS (port 587)"`
}

Smtp holds the configuration for sending emails via an SMTP server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL