Documentation
¶
Overview ¶
Package config provides application configuration management for Lesser's serverless deployment.
Index ¶
- func GetDomainName() string
- func GetDynamoTableName() string
- func GetEnvironment() string
- func GetMainTableName() string
- func GetPrivateKeySecret() string
- func GetS3Bucket() string
- func GetStreamEventsTableName() string
- func QuickValidateProductionConfig() error
- func ResetForTests()
- func SetupTestEnvironment(t *testing.T)
- type Config
- func (c *Config) ActorURL(username string) string
- func (c *Config) BaseURL() string
- func (c *Config) CMSCategoriesAllowed() bool
- func (c *Config) CMSDraftsEnabled() bool
- func (c *Config) CMSEnabled() bool
- func (c *Config) CMSLongFormEnabled() bool
- func (c *Config) CMSRevisionsEnabled() bool
- func (c *Config) CMSSchedulingEnabled() bool
- func (c *Config) CMSSeriesAllowed() bool
- func (c *Config) EffectiveInstanceMode() InstanceMode
- func (c *Config) ObjectURL(objectType, id string) string
- type InstanceConfig
- type InstanceMode
- type ProductionConfigValidator
- type ResourceStatus
- type ResourceValidation
- type SecurityStatus
- type SecurityValidation
- type ValidationError
- type ValidationResult
- type ValidationSummary
- type ValidationWarning
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetDynamoTableName ¶
func GetDynamoTableName() string
GetDynamoTableName returns the DynamoDB table name
func GetMainTableName ¶
func GetMainTableName() string
GetMainTableName returns the canonical DynamoDB table name for the current stage/environment.
func GetPrivateKeySecret ¶
func GetPrivateKeySecret() string
GetPrivateKeySecret returns the private key secret name
func GetStreamEventsTableName ¶
func GetStreamEventsTableName() string
GetStreamEventsTableName returns the DynamoDB table used for SSE stream event log storage.
func QuickValidateProductionConfig ¶
func QuickValidateProductionConfig() error
QuickValidateProductionConfig performs a quick validation without AWS resource checks
func ResetForTests ¶
func ResetForTests()
ResetForTests clears cached configuration so tests can vary environment variables safely within a single package test run.
This should only be used in tests.
func SetupTestEnvironment ¶
SetupTestEnvironment sets up environment variables for testing
Types ¶
type Config ¶
type Config struct {
// Instance configuration
Domain string // e.g., "example.com"
InstanceName string // e.g., "My ActivityPub Server"
InstanceMode InstanceMode
// AWS configuration
Region string
DynamoTableName string
DynamoDBEndpoint string // DynamoDB endpoint (for local development)
S3BucketName string
SQSQueueURL string
ReputationTableName string // For reputation/vouch storage
AWSAccountID string // AWS Account ID
ExportProcessorQueueURL string // Export processor SQS queue URL
ImportProcessorQueueURL string // Import processor SQS queue URL
MediaProcessorQueueURL string // Media processor SQS queue URL
EnhancedRetryQueueURL string // Enhanced federation retry SQS queue URL
// Security
JWTSecret string // For client authentication
JWTSecretARN string // ARN pointing to stored secret (optional)
KMSKeyID string // AWS KMS key ID for encryption (optional)
ReputationPrivateKey string // Private key for reputation system
VAPIDPublicKey string // VAPID public key for push notifications
VAPIDSecretARN string // ARN pointing to VAPID secret (private key + metadata)
VAPIDSubject string // Subject/identifier used for VAPID JWTs
AdminUsername string // Admin username for privileged operations
SystemActorPublicKey string // System actor public key for recovery federation
// lesser.host trust services (optional; managed instances)
LesserHostURL string // Base URL for lesser.host trust API
LesserHostInstanceKey string // Instance key for machine-to-machine trust API calls (server-side only)
LesserHostInstanceKeyARN string // ARN pointing to stored instance key (optional)
LesserHostAttestationsURL string // Optional override for public attestations/JWKS base URL
// Privacy Configuration
PrivacyMasterKey string // Master key for privacy hashing (required for audit privacy)
EnablePrivacyHashing bool // Enable privacy-preserving hashing in audit logs
IPLevel string // Privacy level for IP addresses: none, partial, full
EmailLevel string // Privacy level for email addresses: none, partial, full
UsernameLevel string // Privacy level for usernames: none, partial, full
PIILevel string // Privacy level for PII data: none, partial, full
GenericLevel string // Privacy level for generic data: none, partial, full
// Privacy Key Rotation
KeyRotationEnabled bool // Enable key rotation
KeyRotationInterval time.Duration // Key rotation interval
// Privacy Argon2 Parameters
Argon2Memory uint32 // Argon2 memory usage in KB
Argon2Time uint32 // Argon2 number of iterations
Argon2Threads uint8 // Argon2 number of threads
Argon2KeyLen uint32 // Argon2 derived key length in bytes
// ActivityPub URLs
InboxURL string // Inbox URL pattern
OutboxURL string // Outbox URL pattern
FollowersURL string // Followers URL pattern
FollowingURL string // Following URL pattern
// Features
MaxUploadSize int64 // Maximum file upload size in bytes
PageSize int // Default pagination size
AllowRegistration bool // Whether new users can register
AllowAgents bool // Whether agent accounts are enabled
AllowAgentRegistration bool // Whether new agent accounts can be registered/delegated
AllowDeviceFlow bool // Whether OAuth device authorization is enabled
// CLI automation safety rails (device-flow tokens classified as client_class=cli)
CLIAutomationConcurrencyLimit int // Max concurrent in-flight requests per CLI session (sid)
CLIAutomationBurstLimit int // Burst requests allowed per window
CLIAutomationBurstWindow time.Duration // Burst window duration
CLIAutomationSustainedLimit int // Sustained requests allowed per window
CLIAutomationSustainedWindow time.Duration // Sustained window duration
CLIAutomationErrorRateThreshold float64 // Fraction of requests in window that may be errors before lockout
CLIAutomationErrorRateMin int // Minimum requests in window before error-rate lockout can trigger
CLIAutomationErrorRateWindow time.Duration // Error-rate evaluation window
CLIAutomationLockoutDuration time.Duration // Lockout duration when error-rate threshold exceeded
// CMS Configuration
CMSLongFormPublishingEnabled bool // Enable Article creation and CMS reads
CMSDraftSystemEnabled bool // Enable draft storage and editing workflows
CMSRevisionHistoryEnabled bool // Enable revision history and restores
CMSScheduledPublishingEnabled bool // Enable scheduled publishing worker behavior
CMSSeriesEnabled bool // Enable series organization
CMSCategoriesEnabled bool // Enable categories organization
CMSMaxRevisionsPerObject int // Maximum revisions retained per CMS object (0 = unlimited)
// Moderation Features
DisableAWSModeration bool // Master switch to disable all AWS moderation services
DisableComprehend bool // Disable AWS Comprehend text analysis
DisableRekognition bool // Disable AWS Rekognition image/video analysis
// Development & Debug Features
DisableMetrics bool // Disable metrics collection
DisableCostTracking bool // Disable cost tracking
DisableRateLimiting bool // Disable rate limiting
DisableFederationRateLimiting bool // Disable federation-specific rate limiting
DisableAI bool // Disable AI features
EnablePlayground bool // Enable GraphQL playground
GraphQLAllowIntrospection bool // Allow GraphQL introspection (non-debug deployments should keep this off)
GraphQLMaxDepth int // Maximum GraphQL query depth (0 disables)
GraphQLMaxComplexity int // Maximum GraphQL query complexity (0 disables)
GraphQLParserTokenLimit int // Maximum GraphQL parser tokens (0 disables)
GraphQLRequestTimeout time.Duration
TranslationEnabled bool // Enable translation features
XRayTracingEnabled bool // Enable X-Ray tracing
DebugMode bool // Enable debug mode
LogLevel string // Log level (debug, info, warn, error)
// Testing Configuration
IntegrationTestsEnabled bool // Enable integration tests
CIEnvironment bool // Running in CI environment
IntegrationTestMode bool // Integration test mode enabled
// AI Configuration
BedrockModelID string // AWS Bedrock model ID for AI features
// Media Streaming Configuration
MediaSourceBucketName string // S3 bucket for original media uploads
MediaStreamingBucketName string // S3 bucket for transcoded streaming outputs
MediaConvertEndpoint string // AWS MediaConvert custom endpoint
MediaConvertRoleArn string // IAM role ARN for MediaConvert
CloudFrontDomain string // CloudFront distribution domain for streaming
CloudFrontKeyPairID string // CloudFront key pair ID for signed URLs
CloudFrontPrivateKeyPath string // Path or secret ARN for CloudFront private key
ManifestTTLHours int // Default TTL for streaming manifests (hours)
// ML Moderation Configuration
ModerationTrainingBucketName string // S3 bucket for ML training datasets
ModerationModelMetadataTable string // DynamoDB table for model metadata
BedrockTrainingRegion string // AWS region for Bedrock training jobs
BedrockInferenceModelID string // Bedrock model ID for moderation inference
BedrockGuardrailID string // Bedrock guardrail ID for inference safety
BedrockGuardrailVersion string // Bedrock guardrail version (defaults to "DRAFT")
BedrockCustomizationRoleARN string // IAM role ARN for Bedrock model customization jobs
ModerationMLEnabled bool // Feature flag to enable ML moderation
ModerationMLTenants []string // List of tenant IDs allowed to use ML moderation
// Alerting & Monitoring
AlertSNSTopicArn string // SNS topic ARN for alerts
AlertWebhookURL string // Webhook URL for alerts
AlertWebhookVerifySSL bool // Verify TLS certificates for alert webhooks (default true)
AlertEmail string // Email address for alerts
WebSocketEndpoint string // WebSocket endpoint for real-time updates
NotificationRetryQueueURL string // Notification retry queue URL
// WebSocket & Streaming
ConnectionsTable string // DynamoDB table for WebSocket connections
SubscriptionsTable string // DynamoDB table for subscriptions
StreamEventsTable string // DynamoDB table for SSE stream event log
IdleTimeoutMinutes int // WebSocket idle timeout in minutes
StaleTimeoutHours int // Stale connection timeout in hours
// Budget & Cost Management
BudgetAlertWebhookURL string // Budget alert webhook URL
BudgetAlertSNSTopicArn string // Budget alert SNS topic ARN
CostHistoryTableName string // Cost history DynamoDB table name
// Notification System
NotificationDLQURL string // Notification dead letter queue URL
PushNotificationTopicArn string // Push notification SNS topic ARN
PushNotificationQueueURL string // Push notification queue URL
// Dead Letter Queue Configuration
DLQEnabled bool // Enable DLQ processing
DLQMaxRetries int // Maximum number of retries before sending to DLQ
DLQRetryDelay int // Retry delay in seconds
DLQFailFast bool // Send to DLQ immediately on certain errors
DLQPermanentErrors []string // Error patterns that should go straight to DLQ
DLQTransientErrors []string // Error patterns that should be retried
// Queue URLs for job processing
ImportQueueURL string // Import processing queue URL
ExportQueueURL string // Export generation queue URL
MediaQueueURL string // Media processing queue URL
ScheduledQueueURL string // Scheduled publishing queue URL
FederationQueueURL string // Federation queue URL
// Media & Storage
MediaBucketName string // S3 bucket for media storage
S3MediaBucket string // Alternative S3 bucket name
DynamoDBEncryptionKey string // DynamoDB encryption key
ActorPrivateKeyEncryption string // Actor private key encryption key
// Delivery & Processing
FederationDeliveryMode string // Federation delivery mode
AuthorizedFetchEnabled bool // Authorized fetch enabled
ModerationMode string // Moderation mode setting
AllowPublicStatusHistory bool // Allow public access to status history
// Deployment info
Stage string // Deployment stage (dev, staging, prod)
Version string // Application version
// Service identification
Environment string // Runtime environment (development, staging, production)
ServiceName string // Service name (lesser, api, federation, etc.)
MonitoringEnabled bool // Enable monitoring and alerting
XrayTracingEnabled bool // Enable X-Ray tracing
EmfMetricsEnabled bool // Enable EMF metrics
LambdaLogGroupName string // Lambda log group name
LambdaLogStreamName string // Lambda log stream name
// Instance configuration
InstanceTitle string // Instance title/name
InstanceShortDesc string // Short description of the instance
InstanceDescription string // Detailed description of the instance
InstanceAdminEmail string // Admin email for the instance
InstanceLanguages []string // Supported languages
MaxStatusChars int // Maximum characters in a status
MaxMediaSize int64 // Maximum media file size in bytes
MaxVideoSize int64 // Maximum video file size in bytes
RegistrationsOpen bool // Whether registrations are open
ApprovalRequired bool // Whether new registrations require approval
InvitesEnabled bool // Whether invites are enabled
FederationEnabled bool // Whether federation is enabled
// Tips (TipSplitter integration; non-secret public config)
TipEnabled bool // Whether on-chain tipping is enabled for this instance
TipChainID int // EVM chain ID (e.g. 8453)
TipContractAddress string // TipSplitter contract address
}
Config holds the application configuration
func (*Config) CMSCategoriesAllowed ¶
CMSCategoriesAllowed reports whether category organization is enabled.
func (*Config) CMSDraftsEnabled ¶
CMSDraftsEnabled reports whether the draft system is enabled.
func (*Config) CMSEnabled ¶
CMSEnabled reports whether the CMS surface is enabled for this instance mode.
func (*Config) CMSLongFormEnabled ¶
CMSLongFormEnabled reports whether long-form publishing (Articles) is enabled.
func (*Config) CMSRevisionsEnabled ¶
CMSRevisionsEnabled reports whether revision history is enabled.
func (*Config) CMSSchedulingEnabled ¶
CMSSchedulingEnabled reports whether scheduled publishing is enabled.
func (*Config) CMSSeriesAllowed ¶
CMSSeriesAllowed reports whether series organization is enabled.
func (*Config) EffectiveInstanceMode ¶
func (c *Config) EffectiveInstanceMode() InstanceMode
EffectiveInstanceMode returns the normalized instance mode (defaults to `hybrid`).
type InstanceConfig ¶
type InstanceConfig struct {
// From environment variables
Title string
ShortDescription string
Description string
Email string
// Static configuration
Version string
Software string
MaxStatusChars int
MaxMediaSize int64
MaxVideoSize int64
Languages []string
// Feature flags
RegistrationsOpen bool
ApprovalRequired bool
InvitesEnabled bool
FederationEnabled bool
}
InstanceConfig holds static instance configuration
func GetInstanceConfig ¶
func GetInstanceConfig() *InstanceConfig
GetInstanceConfig returns the instance configuration
type InstanceMode ¶
type InstanceMode string
InstanceMode controls which product surface is enabled for an instance.
const ( InstanceModeSocial InstanceMode = "social" InstanceModeCMS InstanceMode = "cms" InstanceModeHybrid InstanceMode = "hybrid" )
Supported instance modes.
type ProductionConfigValidator ¶
type ProductionConfigValidator struct {
// contains filtered or unexported fields
}
ProductionConfigValidator validates production configuration
func NewProductionConfigValidator ¶
func NewProductionConfigValidator(logger *zap.Logger) (*ProductionConfigValidator, error)
NewProductionConfigValidator creates a new production configuration validator
func (*ProductionConfigValidator) ValidateProductionConfig ¶
func (v *ProductionConfigValidator) ValidateProductionConfig(ctx context.Context) (*ValidationResult, error)
ValidateProductionConfig validates all production configuration requirements
type ResourceStatus ¶
type ResourceStatus struct {
Available bool `json:"available"`
Message string `json:"message,omitempty"`
Error string `json:"error,omitempty"`
}
ResourceStatus represents the status of an AWS resource
type ResourceValidation ¶
type ResourceValidation struct {
DynamoDB ResourceStatus `json:"dynamodb"`
S3 ResourceStatus `json:"s3"`
SecretsManager ResourceStatus `json:"secrets_manager"`
Lambda ResourceStatus `json:"lambda"`
}
ResourceValidation tracks AWS resource availability
type SecurityStatus ¶
type SecurityStatus struct {
Configured bool `json:"configured"`
Valid bool `json:"valid"`
Message string `json:"message,omitempty"`
}
SecurityStatus represents the status of a security configuration
type SecurityValidation ¶
type SecurityValidation struct {
EncryptionKeys SecurityStatus `json:"encryption_keys"`
PrivateKeys SecurityStatus `json:"private_keys"`
OAuthSecrets SecurityStatus `json:"oauth_secrets"`
JWTConfiguration SecurityStatus `json:"jwt_configuration"`
HTTPSEnforcement SecurityStatus `json:"https_enforcement"`
}
SecurityValidation tracks security configuration status
type ValidationError ¶
type ValidationError struct {
Field string `json:"field"`
Value string `json:"value,omitempty"`
Message string `json:"message"`
Severity string `json:"severity"`
Remediation string `json:"remediation,omitempty"`
}
ValidationError represents a configuration validation error
type ValidationResult ¶
type ValidationResult struct {
Valid bool `json:"valid"`
Errors []ValidationError `json:"errors,omitempty"`
Warnings []ValidationWarning `json:"warnings,omitempty"`
Summary ValidationSummary `json:"summary"`
Resources ResourceValidation `json:"resources"`
Security SecurityValidation `json:"security"`
Timestamp time.Time `json:"timestamp"`
}
ValidationResult represents the result of configuration validation
type ValidationSummary ¶
type ValidationSummary struct {
TotalChecks int `json:"total_checks"`
PassedChecks int `json:"passed_checks"`
FailedChecks int `json:"failed_checks"`
WarningChecks int `json:"warning_checks"`
CriticalErrors int `json:"critical_errors"`
}
ValidationSummary provides a summary of validation results
Source Files
Click to show internal directories.
Click to hide internal directories.