Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( Bootstrap = BootstrapConfig{ DbFilePath: "./db/autentico.db", AppURL: "http://localhost:9999", AppOAuthPath: "/oauth2", AppDomain: "localhost", AppHost: "localhost:9999", AppPort: "9999", AppAuthIssuer: "http://localhost:9999/oauth2", AuthAccessTokenSecret: "", AuthRefreshTokenSecret: "", AuthCSRFProtectionSecretKey: "", AuthCSRFSecureCookie: false, AuthJwkCertKeyID: "autentico-key-1", AuthRefreshTokenCookieName: "autentico_refresh_token", AuthRefreshTokenCookieOnly: false, AuthIdpSessionCookieName: "autentico_idp_session", AuthIdpSessionSecureCookie: false, RateLimitRPS: 5, RateLimitBurst: 10, RateLimitRPM: 20, RateLimitRPMBurst: 20, } Values = defaultConfig )
Functions ¶
func InitBootstrap ¶ added in v1.0.0
func InitBootstrap()
InitBootstrap loads environment variables (from .env file if present, then OS env) and populates Bootstrap. AppDomain, AppHost, AppPort and AppAuthIssuer are derived from AppURL — they do not need to be set manually.
Types ¶
type BootstrapConfig ¶ added in v1.0.0
type BootstrapConfig struct {
DbFilePath string
AppURL string // AUTENTICO_APP_URL
AppOAuthPath string // AUTENTICO_APP_OAUTH_PATH
// Derived from AppURL — not set by env vars
AppDomain string
AppHost string
AppPort string
AppAuthIssuer string
// AUTENTICO_LISTEN_PORT overrides the port the server binds to,
// while AppURL (and AppAuthIssuer) remain unchanged. Useful when
// a reverse proxy handles TLS and the public URL differs from the
// local listen port.
AppListenPort string
// Secrets and cookies
AuthAccessTokenSecret string
AuthRefreshTokenSecret string
AuthCSRFProtectionSecretKey string
AuthCSRFSecureCookie bool
AuthJwkCertKeyID string
AuthRefreshTokenCookieName string
AuthRefreshTokenCookieOnly bool
AuthIdpSessionCookieName string
AuthIdpSessionSecureCookie bool
// Private key (base64-encoded PEM). If empty, an ephemeral key is used.
PrivateKeyBase64 string
// Rate limiting (per-IP, applied to auth endpoints). RPS <= 0 disables.
RateLimitRPS float64
RateLimitBurst int
RateLimitRPM float64
RateLimitRPMBurst int
// Anti-timing delay (ms) added to auth responses to prevent user enumeration.
// Both set to 0 disables the delay.
AntiTimingMinMs int
AntiTimingMaxMs int
}
BootstrapConfig holds immutable infrastructure settings loaded from environment variables at startup. AppDomain, AppHost, AppPort, and AppAuthIssuer are derived from AppURL and AppOAuthPath — they are not read from env vars directly.
func GetBootstrap ¶ added in v1.0.0
func GetBootstrap() *BootstrapConfig
type ClientOverrides ¶ added in v1.0.0
type ClientOverrides struct {
AccessTokenExpiration *string
RefreshTokenExpiration *string
AuthorizationCodeExpiration *string
AllowedAudiences []string
AllowSelfSignup *bool
SsoSessionIdleTimeout *string
TrustDeviceEnabled *bool
TrustDeviceExpiration *string
}
ClientOverrides holds nullable per-client config fields. A nil pointer means "use the global setting"; a non-nil pointer overrides it.
type Config ¶
type Config struct {
AuthAccessTokenExpiration time.Duration
AuthAccessTokenExpirationStr string
AuthRefreshTokenExpiration time.Duration
AuthRefreshTokenExpirationStr string
AuthAuthorizationCodeExpiration time.Duration
AuthAuthorizationCodeExpirationStr string
AuthAccessTokenAudience []string
AuthAllowSelfSignup bool
AuthSsoSessionIdleTimeout time.Duration
AuthSsoSessionIdleTimeoutStr string
AuthAccountLockoutMaxAttempts int
AuthAccountLockoutDuration time.Duration
AuthAccountLockoutDurationStr string
AuthMode string
PasskeyRPName string
TrustDeviceEnabled bool
TrustDeviceExpiration time.Duration
TrustDeviceExpirationStr string
CleanupInterval time.Duration
CleanupIntervalStr string
CleanupRetention time.Duration
CleanupRetentionStr string
AuthPKCEEnforceSHA256 bool
RequireMfa bool
MfaMethod string
RequireEmailVerification bool
EmailVerificationExpiration time.Duration
EmailVerificationExpirationStr string
PasswordResetExpiration time.Duration
PasswordResetExpirationStr string
AuditLogRetention time.Duration
AuditLogRetentionStr string
SmtpHost string
SmtpPort string
SmtpUsername string
SmtpPassword string
SmtpFrom string
ValidationMinUsernameLength int
ValidationMaxUsernameLength int
ValidationMinPasswordLength int
ValidationMaxPasswordLength int
Theme ThemeConfig
ThemeCssResolved string
// When true, users can delete their own account immediately without admin approval.
AllowSelfServiceDeletion bool
// When false (default), users cannot change their own username via the account portal.
AllowUsernameChange bool
// When false (default), users cannot change their own email via the account portal.
AllowEmailChange bool
// CORS: parsed from the "cors_allowed_origins" runtime setting.
CORSAllowedOrigins []string
CORSAllowAll bool
// When false (default), optional profile fields are hidden on the signup form
// to keep it minimal. Required fields are always shown regardless.
SignupShowOptionalFields bool
// Profile field visibility: "hidden" | "optional" | "required"
// ProfileFieldEmail also accepts "is_username" (username field doubles as email)
ProfileFieldEmail string
ProfileFieldGivenName string
ProfileFieldFamilyName string
ProfileFieldMiddleName string
ProfileFieldNickname string
ProfileFieldPhone string
ProfileFieldPicture string
ProfileFieldWebsite string
ProfileFieldGender string
ProfileFieldBirthdate string
ProfileFieldProfileURL string
ProfileFieldLocale string
ProfileFieldAddress string
}
Config holds soft settings loaded from the settings DB table. These can be updated at runtime via the admin-ui without restarting the server.
func GetForClient ¶ added in v1.0.0
func GetForClient(overrides ClientOverrides) Config
GetForClient returns a copy of the current soft Config with any non-nil per-client overrides applied. Pass the overrides as a ClientOverrides struct.
func GetOriginal ¶
func GetOriginal() Config
GetOriginal returns the default soft config for test override purposes.
Source Files
Click to show internal directories.
Click to hide internal directories.