Documentation
¶
Index ¶
- Constants
- func Reload(configStore SecureStore, provider *Provider, logger *slog.Logger) func() error
- func Validate(cfg *Config) error
- type BackupLocal
- type BatchLogger
- type BlockHost
- type BlockIp
- type BlockOversizedRequest
- type BlockUaList
- type Cache
- type Config
- type Discord
- type Duration
- type Endpoints
- type EndpointsBlockMismatch
- type Jwt
- type Log
- type LogLevel
- type LogRequest
- type LogRequestLimits
- type Maintenance
- type Metrics
- type Notifier
- type OAuth2Provider
- type Provider
- type RateLimits
- type Regexp
- type Scheduler
- type SecureStore
- type Server
- type Smtp
Constants ¶
const ( OAuth2ProviderGoogle = "google" OAuth2ProviderGitHub = "github" )
const ScopeApplication = "application"
ScopeApplication defines the scope for the main application configuration.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BackupLocal ¶
type BackupLocal struct {
SourcePath string `toml:"source_path" comment:"Path to the source database file to back up."`
BackupDir string `toml:"backup_dir" comment:"Directory where backup files will be stored."`
Strategy string `toml:"strategy" comment:"Backup strategy to use ('online' or 'vacuum'). 'online' is the default."`
PagesPerStep int `toml:"pages_per_step" comment:"For 'online' strategy, the number of pages to copy in each step."`
SleepInterval Duration `toml:"sleep_interval" comment:"For 'online' strategy, the duration to sleep between steps."`
}
BackupLocal defines the settings for the local backup job.
type BatchLogger ¶
type BatchLogger struct {
FlushSize int `toml:"flush_size" comment:"Records to batch before writing"`
ChanSize int `toml:"chan_size" comment:"Log record channel buffer size"`
FlushInterval Duration `toml:"flush_interval" comment:"Max time between flushes"`
Level LogLevel `toml:"level" comment:"Minimum log level (debug, info, warn, error)"`
DbPath string `toml:"db_path" comment:"SQLite database path for logs"`
}
BatchLogger contains batch logging configuration
type BlockHost ¶
type BlockHost struct {
// Activated controls whether host blocking is currently active.
Activated bool `toml:"activated" comment:"Activate host blocking"`
// AllowedHosts is a list of hostnames that are allowed to access the server.
// If the list is empty, all hosts are allowed.
// Supports exact matches (e.g., "example.com") and wildcard subdomains (e.g., "*.example.com").
AllowedHosts []string `toml:"allowed_hosts" comment:"List of allowed hostnames (e.g., 'example.com', '*.example.com')"`
}
BlockHost holds configuration for blocking requests based on the Host header.
type BlockIp ¶
type BlockIp struct {
// Enabled determines if the IP blocking feature is compiled and available.
// A restart is required to apply changes to this field.
Enabled bool `toml:"enabled" comment:"Enable automatic IP blocking (requires restart)"`
// Activated controls whether IP blocking is currently active.
// This can be toggled dynamically via a configuration reload.
Activated bool `toml:"activated" comment:"Activate IP blocking (can be toggled via config reload)"`
// Level sets the sensitivity and memory usage profile for the blocker.
// Valid options: "low", "medium", "high".
// - "low": Minimal memory footprint (~10 KB). Suitable for low-traffic sites (e.g., < 50 RPS)
// or environments with strict memory constraints. Less accurate at detecting sophisticated attacks.
// - "medium": A balanced profile (~120 KB). Suitable for most applications (e.g., 50-500 RPS).
// Offers good accuracy with moderate memory usage. This is the recommended default.
// - "high": Maximum accuracy and responsiveness (~640 KB). Best for high-traffic sites or APIs
// (e.g., > 500 RPS) that are critical targets for DDoS attacks. Consumes significantly more memory.
Level string `toml:"level" comment:"Sensitivity profile: 'low', 'medium', or 'high'"`
}
BlockIp holds configuration specific to IP blocking. This feature is intended to automatically block IP addresses based on certain criteria, such as excessive requests, to mitigate abuse.
type BlockOversizedRequest ¶ added in v0.13.0
type BlockOversizedRequest struct {
// Activated enables or disables the request size limiting middleware.
// This can be toggled dynamically via a configuration reload.
Activated bool `toml:"activated" comment:"Enable request size limiting"`
// URLPathLimit is the maximum allowed length for the URL path.
URLPathLimit int `toml:"url_path_limit" comment:"Max URL path length"`
// QueryStringLimit is the maximum allowed length for the raw query string.
QueryStringLimit int `toml:"query_string_limit" comment:"Max query string length"`
// HeaderCountLimit is the maximum number of distinct headers allowed.
HeaderCountLimit int `toml:"header_count_limit" comment:"Max number of headers"`
// HeaderValueLimit is the maximum allowed length for any single header value.
HeaderValueLimit int `toml:"header_value_limit" comment:"Max length of any single header value"`
// BodyLimit is the maximum allowed request body size in bytes.
BodyLimit int64 `toml:"body_limit" comment:"Maximum allowed request body size in bytes"`
// ExcludedPaths are URL paths that bypass the size limiting middleware.
// Path matching rules:
// - Exact match required (case-sensitive)
// - Trailing slashes are significant ('/path' ≠ '/path/')
// - Query strings are ignored (matches path only)
// - Paths should start with '/' (e.g. '/api/upload')
// No wildcards or pattern matching
ExcludedPaths []string `toml:"excluded_paths" comment:"Paths that bypass size limiting"`
}
BlockOversizedRequest holds configuration for limiting the size of various request dimensions. This is a security measure to prevent denial-of-service and resource exhaustion attacks.
type BlockUaList ¶
type BlockUaList struct {
// Activated controls whether the User-Agent block list is currently active.
// This can be toggled dynamically via a configuration reload.
Activated bool `toml:"activated" comment:"Activate User-Agent block list"`
// List holds a compiled regular expression for matching User-Agent strings.
// RE2 Syntax Notes: Go uses the RE2 regex engine. For literal matching:
// - Metacharacters like '.' MUST be escaped (e.g., `\.`).
// - Characters like '-' or ' ' outside character classes `[]` are literal
// and do NOT require escaping, though RE2 tolerates unnecessary escapes (e.g., `\-`).
// TOML Marshaling: When marshaling to TOML, the `go-toml` library might use
// double quotes (`"..."`) with escaped backslashes (`\\`) or single quotes (`'...'`)
// for literal strings. Both forms are correctly unmarshaled back into the
// intended regex pattern string by the TOML parser before being compiled.
// For manual TOML editing, use single quotes (`'...'`) for easier pasting of patterns.
List Regexp `toml:"list" comment:"Regex for matching User-Agents to block"`
}
BlockUaList holds configuration for blocking requests based on User-Agent patterns. This is useful for filtering out bots, scrapers, or other unwanted clients.
type Cache ¶ added in v0.4.0
type Cache struct {
// Level defines the cache size and performance preset.
// Valid options are "small", "medium", "large", "very-large".
Level string `toml:"level"`
}
Cache contains settings for the cache system.
type Config ¶
type Config struct {
PublicDir string `toml:"public_dir" comment:"Directory containing static web assets"`
Source string `toml:"-" comment:"[READONLY] Source of config - 'file:<path>' or 'db'"`
Jwt Jwt `toml:"jwt" comment:"JSON Web Token settings"`
Scheduler Scheduler `toml:"scheduler" comment:"Background job scheduler settings"`
Server Server `toml:"server" comment:"HTTP server configuration"`
RateLimits RateLimits `toml:"rate_limits" comment:"Rate limiting settings"`
OAuth2Providers map[string]OAuth2Provider `toml:"oauth2_providers" comment:"OAuth2 provider configurations"`
Smtp Smtp `toml:"smtp" comment:"SMTP email settings"`
Endpoints Endpoints `toml:"endpoints" comment:"API endpoint paths"`
Maintenance Maintenance `toml:"maintenance" comment:"Maintenance mode settings"`
BlockIp BlockIp `toml:"block_ip" comment:"IP blocking settings"`
BlockUaList BlockUaList `toml:"block_ua_list" comment:"User-Agent block list settings"`
BlockHost BlockHost `toml:"block_host" comment:"Host blocking settings"`
BlockOversizedRequest BlockOversizedRequest `toml:"block_oversized_request" comment:"Request size limiting configuration"`
EndpointsBlockMismatch EndpointsBlockMismatch `toml:"endpoints_block_mismatch" comment:"Endpoints hash mismatch blocking settings"`
Notifier Notifier `toml:"notifier"`
Log Log `toml:"log" comment:"Logging configuration"`
Metrics Metrics `toml:"metrics" comment:"Metrics collection configuration"`
BackupLocal BackupLocal `toml:"backup_local" comment:"Local backup configuration"`
Cache Cache `toml:"cache" comment:"Cache system settings"`
}
Config holds the application configuration.
Configuration fields use specific naming conventions for their behavior: - Fields named "Activated" can be toggled dynamically via config reload - Fields named "Enabled" require a server restart to take effect - Other boolean fields typically require restart unless documented otherwise
func NewDefaultConfig ¶
func NewDefaultConfig() *Config
NewDefaultConfig creates a new Config with sensible defaults. All secret values are randomly generated.
effective = defaults ← stored_overrides The key invariant is that defaults are always a complete, valid config. The stored TOML is intentionally partial — it only encodes intent to deviate.
New fields in code always have a value, even if the stored config predates them Stale fields in the stored TOML are silently ignored on unmarshal No invalid config at startup
type Discord ¶
type Discord struct {
// Activated controls whether the Discord notifier is active.
Activated bool `toml:"activated" comment:"Activate the default Discord notifier"`
// WebhookURL is the URL of the Discord webhook to which notifications will be sent.
WebhookURL string `toml:"webhook_url" comment:"Discord webhook URL"`
// APIRateLimit specifies the minimum time between API calls to avoid rate limiting.
APIRateLimit Duration `toml:"api_rate_limit" comment:"API call rate limit (e.g., '2s'). Discord webhooks generally allow ~30 requests/minute."`
// APIBurst allows for a certain number of requests to be made in quick succession before rate limiting is enforced.
APIBurst int `toml:"api_burst" comment:"API call burst allowance (e.g., 1, 5)"`
// SendTimeout is the maximum time to wait for a single notification to be sent to Discord.
SendTimeout Duration `toml:"send_timeout" comment:"Timeout for sending a single notification via Discord (e.g., '10s')"`
}
Discord holds the configuration for sending notifications via a Discord webhook.
type Duration ¶
Duration is a wrapper around time.Duration that supports TOML unmarshalling from a string value (e.g., "3h", "15m", "1h30m").
func (Duration) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface. This is useful if you ever need to marshal the config back to TOML, ensuring durations are written as strings.
func (*Duration) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface. This allows TOML libraries like pelletier/go-toml/v2 to unmarshal TOML string values directly into a Duration field.
type Endpoints ¶
type Endpoints struct {
// RefreshAuth is the endpoint for refreshing an authentication token.
RefreshAuth string `toml:"refresh_auth" json:"refresh_auth" comment:"Refresh auth token endpoint"`
// ListEndpoints is the endpoint that provides a list of all available API endpoints.
ListEndpoints string `toml:"list_endpoints" json:"list_endpoints" comment:"List available endpoints"`
// AuthWithPassword is the endpoint for authenticating a user with their email and password.
AuthWithPassword string `toml:"auth_with_password" json:"auth_with_password" comment:"Password authentication endpoint"`
// AuthWithOAuth2 is the endpoint for initiating or handling an OAuth2 authentication flow.
AuthWithOAuth2 string `toml:"auth_with_oauth2" json:"auth_with_oauth2" comment:"OAuth2 authentication endpoint"`
// RegisterWithPassword is the endpoint for creating a new user account with an email and password.
RegisterWithPassword string `toml:"register_with_password" json:"register_with_password" comment:"Password registration endpoint"`
// ListOAuth2Providers is the endpoint for listing all configured OAuth2 providers.
ListOAuth2Providers string `toml:"list_oauth2_providers" json:"list_oauth2_providers" comment:"List available OAuth2 providers"`
// RequestPasswordResetOtp is the endpoint for users to request an OTP for password reset.
RequestPasswordResetOtp string `toml:"request_password_reset_otp" json:"request_password_reset_otp" comment:"Request password reset OTP endpoint"`
// VerifyPasswordResetOtp is the endpoint for verifying the OTP before resetting the password.
VerifyPasswordResetOtp string `toml:"verify_password_reset_otp" json:"verify_password_reset_otp" comment:"Verify password reset OTP endpoint"`
// ConfirmPasswordResetOtp is the endpoint for resetting a user's password using a grant token.
ConfirmPasswordResetOtp string `toml:"confirm_password_reset_otp" json:"confirm_password_reset_otp" comment:"Confirm password reset OTP endpoint"`
// RequestEmailChangeOtp is the endpoint for users to request an email address change.
RequestEmailChangeOtp string `toml:"request_email_change_otp" json:"request_email_change_otp" comment:"Request email change OTP endpoint"`
// ConfirmEmailChangeOtp is the endpoint for confirming an email address change using a token.
ConfirmEmailChangeOtp string `toml:"confirm_email_change_otp" json:"confirm_email_change_otp" comment:"Confirm email change OTP endpoint"`
// RequestEmailVerificationOtp is the endpoint for requesting a new email OTP verification code.
RequestEmailVerificationOtp string `toml:"request_email_verification_otp" json:"request_email_verification_otp" comment:"Request email OTP verification endpoint"`
// ConfirmEmailVerificationOtp is the endpoint for confirming an email OTP verification code.
ConfirmEmailVerificationOtp string `toml:"confirm_email_verification_otp" json:"confirm_email_verification_otp" comment:"Confirm email OTP verification endpoint"`
}
Endpoints defines the API endpoint paths for various authentication and account management actions. Each field maps a function to a specific HTTP method and path (e.g., "POST /api/refresh-auth").
func (Endpoints) ConfirmHtml ¶
ConfirmHtml returns the HTML confirmation page path for an endpoint Follows naming convention: /api/confirm-X → /confirm-X.html This ensures consistency between API endpoints and their corresponding HTML pages
type EndpointsBlockMismatch ¶ added in v0.11.0
type EndpointsBlockMismatch struct {
// Activated controls whether endpoints hash checking is currently active.
// This can be toggled dynamically via a configuration reload.
Activated bool `toml:"activated" comment:"Activate endpoints hash mismatch blocking"`
}
EndpointsBlockMismatch holds configuration for the endpoints hash mismatch middleware. When activated, requests with a stale X-Restinpieces-Endpoints-Hash header will receive an error response, forcing the SDK to refetch endpoints.
type Jwt ¶
type Jwt struct {
// Secret key for auth tokens.
AuthSecret string `toml:"auth_secret" comment:"Secret key for auth tokens"`
// Duration for which standard authentication tokens are valid.
AuthTokenDuration Duration `toml:"auth_token_duration" comment:"Duration auth tokens remain valid"`
// Secret key for password reset tokens.
PasswordResetSecret string `toml:"password_reset_secret" comment:"Secret key for password reset tokens"`
// Duration for which password reset tokens are valid.
PasswordResetTokenDuration Duration `toml:"password_reset_token_duration" comment:"Duration password reset tokens remain valid"`
// Secret key for email change OTP tokens.
EmailChangeOtpSecret string `toml:"email_change_otp_secret" comment:"Secret key for email change OTP tokens"`
// Duration for which email change OTP tokens remain valid.
EmailChangeOtpTokenDuration Duration `toml:"email_change_otp_token_duration" comment:"Duration email change OTP tokens remain valid"`
// Secret key for email OTP verification tokens.
VerificationEmailOtpSecret string `toml:"verification_email_otp_secret" comment:"Secret key for email OTP verification tokens"`
// Duration for which email OTP verification tokens are valid.
VerificationEmailOtpTokenDuration Duration `toml:"verification_email_otp_token_duration" comment:"Duration email OTP verification tokens remain valid"`
// Secret key for OAuth2 state tokens. Used to HMAC sign the JWT containing
// the code_verifier hash, ensuring the state cannot be forged.
Oauth2StateSecret string `toml:"oauth2_state_secret" comment:"Secret key for OAuth2 state tokens"`
// Duration for which OAuth2 state tokens are valid. Keeps the window short
// to minimize replay risks.
Oauth2StateTokenDuration Duration `toml:"oauth2_state_token_duration" comment:"Duration OAuth2 state tokens remain valid"`
}
type Log ¶
type Log struct {
Request LogRequest `toml:"request" comment:"HTTP request logging configuration"`
Batch BatchLogger `toml:"batch" comment:"Batch logging configuration"`
}
Log contains Default (Batch) log configuration
type LogLevel ¶
LogLevel is a wrapper around slog.Level that supports TOML unmarshalling Valid TOML values:
- String values (case insensitive): "debug", "info", "warn", "error"
- Numeric values: -4 (debug), 0 (info), 4 (warn), 8 (error)
Example:
level = "debug" # string name level = "DEBUG" # any case level = -4 # numeric value
func (LogLevel) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface Always marshals to the string name (e.g. "debug", "info")
func (*LogLevel) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface Supports both string names and numeric values for log levels
type LogRequest ¶
type LogRequest struct {
Activated bool `toml:"activated" comment:"Activate HTTP request logging"`
Limits LogRequestLimits `toml:"limits" comment:"Maximum field lengths"`
}
LogRequest contains HTTP request logging configuration
type LogRequestLimits ¶
type LogRequestLimits struct {
URILength int `toml:"uri" comment:"Max URI length (path + query) (minimum 64)"`
UserAgentLength int `toml:"user_agent" comment:"Max User-Agent length (minimum 32)"`
RefererLength int `toml:"referer" comment:"Max Referer length (minimum 64)"`
RemoteIPLength int `` /* 156-byte string literal not displayed */
}
LogRequestLimits defines maximum lengths for request log fields
type Maintenance ¶
type Maintenance struct {
// Activated controls whether maintenance mode is currently active.
// This can be toggled dynamically via a configuration reload.
Activated bool `toml:"activated" comment:"Currently in maintenance mode"`
}
Maintenance holds configuration for the maintenance mode feature. When activated, the application will serve a maintenance page or message for all incoming requests, effectively taking the service offline gracefully.
type Metrics ¶
type Metrics struct {
// Enabled controls whether metrics collection is compiled into the binary and available.
// Changing this requires a server restart.
Enabled bool `toml:"enabled" comment:"Enable metrics collection (requires restart)"`
// Activated controls whether metrics are actively being collected.
// This can be toggled via config reload without restart.
Activated bool `toml:"activated" comment:"Activate metrics collection (can toggle via reload)"`
// Endpoint is the HTTP path where metrics are exposed (e.g. "/metrics")
Endpoint string `toml:"endpoint" comment:"HTTP path where metrics are exposed"`
// AllowedIPs is a list of exact IP addresses that can access the metrics endpoint
// Example: ["127.0.0.1", "192.168.1.100"]
AllowedIPs []string `toml:"allowed_ips" comment:"List of exact IP addresses allowed to access metrics endpoint (no CIDR ranges)"`
}
Metrics holds the configuration for collecting and exposing application metrics, typically for monitoring purposes (e.g., with Prometheus).
type Notifier ¶
type Notifier struct {
// Discord holds the configuration for the Discord notifier.
Discord Discord `toml:"discord" comment:"Default Discord notifier configuration"`
}
Notifier holds the configuration for various notification services. Currently, it only contains settings for Discord.
type OAuth2Provider ¶
type OAuth2Provider struct {
Name string `toml:"name" comment:"Provider identifier (e.g. 'google')"`
ClientID string `toml:"client_id" comment:"OAuth2 client ID (set via env)"`
ClientSecret string `toml:"client_secret" comment:"OAuth2 client secret (set via env)"`
DisplayName string `toml:"display_name" comment:"User-facing provider name"`
RedirectURL string `toml:"redirect_url" comment:"Callback URL (leave empty for dynamic)"`
RedirectURLPath string `toml:"redirect_url_path" comment:"Callback URL path (e.g. '/oauth2/callback') - uses server host/port"`
AuthURL string `toml:"auth_url" comment:"OAuth2 authorization endpoint"`
TokenURL string `toml:"token_url" comment:"OAuth2 token endpoint"`
UserInfoURL string `toml:"user_info_url" comment:"User info API endpoint"`
Scopes []string `toml:"scopes" comment:"Requested OAuth2 scopes"`
PKCE bool `toml:"pkce" comment:"Enable PKCE flow"`
}
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider holds the application configuration and allows for atomic updates.
func NewProvider ¶
NewProvider creates a new configuration provider with the initial config. It panics if the initialConfig is nil.
type RateLimits ¶
type RateLimits struct {
// Minimum time a user must wait between requesting password resets for the same account.
PasswordResetCooldown Duration `toml:"password_reset_cooldown" comment:"Min time between password reset requests"`
// Minimum time a user must wait between requesting email address changes.
EmailChangeCooldown Duration `toml:"email_change_cooldown" comment:"Min time between email change requests"`
// Minimum time a user must wait between requesting email OTP verifications.
EmailVerificationOtpCooldown Duration `toml:"email_verification_otp_cooldown" comment:"Min time between email OTP verification requests"`
}
type Regexp ¶
Regexp is a wrapper around *regexp.Regexp that supports TOML unmarshalling from a string value directly into a compiled regular expression.
func (Regexp) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface.
func (*Regexp) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface.
type Scheduler ¶
type Scheduler struct {
// Interval specifies how often the scheduler checks for pending jobs.
Interval Duration `toml:"interval" comment:"How often to check for pending jobs"`
// MaxJobsPerTick limits the number of jobs processed in a single scheduler run.
MaxJobsPerTick int `toml:"max_jobs_per_tick" comment:"Max jobs to process per scheduler run"`
// ConcurrencyMultiplier sets the number of concurrent workers per CPU core.
// For I/O-bound tasks, a value between 2 and 8 is recommended.
// For CPU-bound tasks, this should typically be 1.
ConcurrencyMultiplier int `toml:"concurrency_multiplier" comment:"Workers per CPU core (2-8 for I/O bound)"`
}
Scheduler defines settings for the background job processing queue.
type SecureStore ¶
type SecureStore interface {
// Get retrieves configuration, decrypts it, and returns plaintext + format
// empty scope = application scope
// generation 0 = latest, 1 = previous, etc.
Get(scope string, generation int) ([]byte, string, error)
// Save encrypts the given plaintext data and stores it as the latest configuration
// for the given scope, using the provided format and description.
Save(scope string, plaintextData []byte, format string, description string) error
}
SecureStore defines an interface for securely storing and retrieving configuration data. Implementations handle the encryption/decryption details.
func NewSecureStoreAge ¶
func NewSecureStoreAge(dbCfg db.DbConfig, ageKeyPath string) (SecureStore, error)
NewSecureStoreAge creates a new SecureStore implementation using age. It validates the age key file exists and is readable immediately.
type Server ¶
type Server struct {
// Network address and port the HTTP server listens on.
// Examples: ":8080" (all interfaces, port 8080), "localhost:9000"
Addr string `toml:"addr" comment:"HTTP listen address (e.g. ':8080')"`
// Maximum duration the server waits for ongoing requests to complete before shutting down.
ShutdownGracefulTimeout Duration `toml:"shutdown_graceful_timeout" comment:"Max time to wait for graceful shutdown"`
// Maximum duration for reading the entire request, including the body.
ReadTimeout Duration `toml:"read_timeout" comment:"Max time to read full request"`
// Maximum duration for reading only the request headers.
ReadHeaderTimeout Duration `toml:"read_header_timeout" comment:"Max time to read request headers"`
// Maximum duration before timing out writes of the response.
WriteTimeout Duration `toml:"write_timeout" comment:"Max time to write response"`
// Maximum duration for waiting for the next request on a keep-alive connection.
IdleTimeout Duration `toml:"idle_timeout" comment:"Max time for idle keep-alive connections"`
// If behind a trusted proxy, specify the header containing the real client IP.
// Common values: "X-Forwarded-For", "X-Real-IP". Leave empty if not behind a proxy.
ClientIpProxyHeader string `toml:"client_ip_proxy_header" comment:"Header to trust for client IP (e.g. 'X-Forwarded-For')"`
// Enable HTTPS/TLS for secure connections
EnableTLS bool `toml:"enable_tls" comment:"Enable HTTPS/TLS"`
// PEM-encoded TLS certificate data (alternative to cert_file)
CertData string `toml:"cert_data" comment:"PEM-encoded TLS certificate (alternative to file)"`
// PEM-encoded TLS private key data (alternative to key_file)
KeyData string `toml:"key_data" comment:"PEM-encoded TLS private key (alternative to file)"`
// Address for HTTP->HTTPS redirect server (e.g. ":80")
// Only used when enable_tls is true
RedirectAddr string `toml:"redirect_addr" comment:"HTTP->HTTPS redirect address (e.g. ':80')"`
}
type Smtp ¶
type Smtp struct {
// Enabled controls whether the SMTP email sending functionality is active.
Enabled bool `toml:"enabled" comment:"Enable SMTP email sending"`
// Host is the SMTP server hostname or IP address.
Host string `toml:"host" comment:"SMTP server hostname"`
// Port is the SMTP server port. Common values are 587 (STARTTLS), 465 (TLS), or 25 (unencrypted).
Port int `toml:"port" comment:"SMTP server port (587/465/25)"`
// Username for SMTP authentication. It is recommended to set this via an environment variable.
Username string `toml:"username" comment:"SMTP username (set via env)"`
// Password for SMTP authentication. It is recommended to set this via an environment variable.
Password string `toml:"password" comment:"SMTP password (set via env)"`
// FromName is the display name for the sender (e.g., "My Application").
FromName string `toml:"from_name" comment:"Sender display name"`
// FromAddress is the email address from which emails are sent (e.g., "noreply@example.com").
FromAddress string `toml:"from_address" comment:"Sender email address"`
// LocalName is the domain name sent during the HELO/EHLO handshake. Defaults to "localhost".
LocalName string `toml:"local_name" comment:"HELO/EHLO domain name"`
// AuthMethod specifies the authentication mechanism, e.g., "plain", "login", "cram-md5".
AuthMethod string `toml:"auth_method" comment:"Auth method (plain/login/cram-md5)"`
// UseTLS enables a direct TLS connection (SMTPS), typically on port 465.
UseTLS bool `toml:"use_tls" comment:"Use direct TLS (port 465)"`
// UseStartTLS enables the STARTTLS command to upgrade an insecure connection to a secure one, typically on port 587.
UseStartTLS bool `toml:"use_start_tls" comment:"Use STARTTLS (port 587)"`
}
Smtp holds the configuration for sending emails via an SMTP server.