config

package
v1.6.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2026 License: GPL-3.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Bootstrap = BootstrapConfig{
		DbFilePath:                  "./autentico.db",
		AppURL:                      "http://localhost:9999",
		AppOAuthPath:                "/oauth2",
		AppDomain:                   "localhost",
		AppHost:                     "localhost:9999",
		AppPort:                     "9999",
		AppAuthIssuer:               "http://localhost:9999/oauth2",
		AuthAccessTokenSecret:       "",
		AuthRefreshTokenSecret:      "",
		AuthCSRFProtectionSecretKey: "",
		AuthCSRFSecureCookie:        false,
		AuthJwkCertKeyID:            "autentico-key-1",
		AuthRefreshTokenCookieName:  "autentico_refresh_token",
		AuthRefreshTokenCookieOnly:  false,
		AuthIdpSessionCookieName:    "autentico_idp_session",
		AuthIdpSessionSecureCookie:  false,
		RateLimitRPS:                5,
		RateLimitBurst:              10,
		RateLimitRPM:                20,
		RateLimitRPMBurst:           20,
	}
	Values = defaultConfig
)

Functions

func InitBootstrap added in v1.0.0 

func InitBootstrap()

InitBootstrap loads environment variables (from .env file if present, then OS env) and populates Bootstrap. AppDomain, AppHost, AppPort and AppAuthIssuer are derived from AppURL — they do not need to be set manually.

func ParseDuration added in v1.0.0 

func ParseDuration(s string, fallback time.Duration) time.Duration

ParseDuration parses a duration string with a fallback value.

Types

type BootstrapConfig added in v1.0.0 

type BootstrapConfig struct {
	DbFilePath   string
	AppURL       string // AUTENTICO_APP_URL
	AppOAuthPath string // AUTENTICO_APP_OAUTH_PATH
	// Derived from AppURL — not set by env vars
	AppDomain     string
	AppHost       string
	AppPort       string
	AppAuthIssuer string
	// AUTENTICO_LISTEN_PORT overrides the port the server binds to,
	// while AppURL (and AppAuthIssuer) remain unchanged. Useful when
	// a reverse proxy handles TLS and the public URL differs from the
	// local listen port.
	AppListenPort string
	// Secrets and cookies
	AuthAccessTokenSecret       string
	AuthRefreshTokenSecret      string
	AuthCSRFProtectionSecretKey string
	AuthCSRFSecureCookie        bool
	AuthJwkCertKeyID            string
	AuthRefreshTokenCookieName  string
	AuthRefreshTokenCookieOnly  bool
	AuthIdpSessionCookieName    string
	AuthIdpSessionSecureCookie  bool
	// Private key (base64-encoded PEM). If empty, an ephemeral key is used.
	PrivateKeyBase64 string
	// Rate limiting (per-IP, applied to auth endpoints). RPS <= 0 disables.
	RateLimitRPS      float64
	RateLimitBurst    int
	RateLimitRPM      float64
	RateLimitRPMBurst int
	// Anti-timing delay (ms) added to auth responses to prevent user enumeration.
	// Both set to 0 disables the delay.
	AntiTimingMinMs int
	AntiTimingMaxMs int
}

BootstrapConfig holds immutable infrastructure settings loaded from environment variables at startup. AppDomain, AppHost, AppPort, and AppAuthIssuer are derived from AppURL and AppOAuthPath — they are not read from env vars directly.

func GetBootstrap added in v1.0.0 

func GetBootstrap() *BootstrapConfig

type ClientOverrides added in v1.0.0 

type ClientOverrides struct {
	AccessTokenExpiration       *string
	RefreshTokenExpiration      *string
	AuthorizationCodeExpiration *string
	AllowedAudiences            []string
	AllowSelfSignup             *bool
	SsoSessionIdleTimeout       *string
	TrustDeviceEnabled          *bool
	TrustDeviceExpiration       *string
}

ClientOverrides holds nullable per-client config fields. A nil pointer means "use the global setting"; a non-nil pointer overrides it.

type Config 

type Config struct {
	AuthAccessTokenExpiration          time.Duration
	AuthAccessTokenExpirationStr       string
	AuthRefreshTokenExpiration         time.Duration
	AuthRefreshTokenExpirationStr      string
	AuthAuthorizationCodeExpiration    time.Duration
	AuthAuthorizationCodeExpirationStr string
	AuthAccessTokenAudience            []string
	AuthAllowSelfSignup                bool
	AuthSsoSessionIdleTimeout          time.Duration
	AuthSsoSessionIdleTimeoutStr       string
	AuthAccountLockoutMaxAttempts      int
	AuthAccountLockoutDuration         time.Duration
	AuthAccountLockoutDurationStr      string
	AuthMode                           string
	PasskeyRPName                      string
	TrustDeviceEnabled                 bool
	TrustDeviceExpiration              time.Duration
	TrustDeviceExpirationStr           string
	CleanupInterval                    time.Duration
	CleanupIntervalStr                 string
	CleanupRetention                   time.Duration
	CleanupRetentionStr                string
	AuthPKCEEnforceSHA256              bool
	RequireMfa                         bool
	MfaMethod                          string
	RequireEmailVerification           bool
	EmailVerificationExpiration        time.Duration
	EmailVerificationExpirationStr     string
	PasswordResetExpiration            time.Duration
	PasswordResetExpirationStr         string
	AuditLogRetention                  time.Duration
	AuditLogRetentionStr               string
	SmtpHost                           string
	SmtpPort                           string
	SmtpUsername                       string
	SmtpPassword                       string
	SmtpFrom                           string
	ValidationMinUsernameLength        int
	ValidationMaxUsernameLength        int
	ValidationMinPasswordLength        int
	ValidationMaxPasswordLength        int
	Theme                              ThemeConfig
	ThemeCssResolved                   string
	// When true, users can delete their own account immediately without admin approval.
	AllowSelfServiceDeletion bool
	// When false (default), users cannot change their own username via the account portal.
	AllowUsernameChange bool
	// When false (default), users cannot change their own email via the account portal.
	AllowEmailChange bool
	// CORS: parsed from the "cors_allowed_origins" runtime setting.
	CORSAllowedOrigins []string
	CORSAllowAll       bool
	// When false (default), optional profile fields are hidden on the signup form
	// to keep it minimal. Required fields are always shown regardless.
	SignupShowOptionalFields bool
	// Profile field visibility: "hidden" | "optional" | "required"
	// ProfileFieldEmail also accepts "is_username" (username field doubles as email)
	ProfileFieldEmail      string
	ProfileFieldGivenName  string
	ProfileFieldFamilyName string
	ProfileFieldMiddleName string
	ProfileFieldNickname   string
	ProfileFieldPhone      string
	ProfileFieldPicture    string
	ProfileFieldWebsite    string
	ProfileFieldGender     string
	ProfileFieldBirthdate  string
	ProfileFieldProfileURL string
	ProfileFieldLocale     string
	ProfileFieldAddress    string
}

Config holds soft settings loaded from the settings DB table. These can be updated at runtime via the admin-ui without restarting the server.

func Get 

func Get() *Config

func GetForClient added in v1.0.0 

func GetForClient(overrides ClientOverrides) Config

GetForClient returns a copy of the current soft Config with any non-nil per-client overrides applied. Pass the overrides as a ClientOverrides struct.

func GetOriginal 

func GetOriginal() Config

GetOriginal returns the default soft config for test override purposes.

type ThemeConfig added in v1.0.0 

type ThemeConfig struct {
	CssFile   string `json:"themeCssFile"`
	CssInline string `json:"themeCssInline"`
	LogoUrl   string `json:"themeLogoUrl"`
	Title     string `json:"themeTitle"`
}

ThemeConfig holds theme-related display settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.