config

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2026 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultDumpMaxSize   = 10 * 1024 * 1024 // 10MB
	DefaultDumpRetention = "24h"
)

Default dump settings.

View Source 
const (
	DefaultMaxResultRows  = 100000
	DefaultMaxResultBytes = 100 * 1024 * 1024 // 100MB
)

Default query storage limits.

View Source 
const (
	DefaultRateLimitEnabled = true
	DefaultRateLimitRPM     = 60
	DefaultRateLimitRPMAnon = 10
	DefaultRateLimitBurst   = 10
)

Default rate limiting settings.

View Source 
const (
	DefaultHashMemoryMB = 64
	DefaultHashTime     = 1
	DefaultHashThreads  = 4
)

Default hash settings (matching current argon2id defaults).

View Source 
const (
	DefaultAuthCacheEnabled    = true
	DefaultAuthCacheTTLSeconds = 300 // 5 minutes
	DefaultAuthCacheMaxSize    = 10000
)

Default auth cache settings.

View Source 
const DefaultBaseURL = "/app"

DefaultBaseURL is the default base URL path for the frontend.

View Source 
const DefaultDemoTargetDB = "demo:demo@localhost/demo"

DefaultDemoTargetDB is the default value for DemoTargetDB.

View Source 
const DefaultLogLevel = "info"

DefaultLogLevel is the default log level.

Variables

View Source 
var (
	ErrDSNRequired    = errors.New("DBB_DSN environment variable is required")
	ErrKeyRequired    = errors.New("either DBB_KEY or DBB_KEYFILE must be set")
	ErrInvalidKeySize = errors.New("encryption key must be 32 bytes")
)

Configuration errors.

Functions

func DefaultKeyFilePath 

func DefaultKeyFilePath() (string, error)

DefaultKeyFilePath returns the path to the default key file (~/.dbbat/key).

func ParseLogLevel added in v0.1.0 

func ParseLogLevel(level string) slog.Level

ParseLogLevel parses a log level string and returns the corresponding slog.Level. Supported values (case-insensitive): debug, info, warn, warning, error. Returns slog.LevelInfo for invalid values.

Types

type AuthCacheConfig added in v0.0.1 

type AuthCacheConfig struct {
	// Enabled enables/disables the authentication cache.
	Enabled bool `koanf:"enabled"`

	// TTLSeconds is the time-to-live for cache entries in seconds.
	TTLSeconds int `koanf:"ttl_seconds"`

	// MaxSize is the maximum number of cache entries.
	MaxSize int `koanf:"max_size"`
}

AuthCacheConfig holds configuration for authentication caching.

type Config 

type Config struct {
	// Proxy listen address.
	ListenPG string `koanf:"listen_pg"`

	// Oracle proxy listen address (empty = disabled).
	ListenOracle string `koanf:"listen_ora"`

	// MySQL proxy listen address (empty = disabled).
	ListenMySQL string `koanf:"listen_mysql"`

	// REST API listen address.
	ListenAPI string `koanf:"listen_api"`

	// PostgreSQL DSN for DBBat storage.
	DSN string `koanf:"dsn"`

	// Base64-encoded encryption key (alternative to KeyFile).
	Key string `koanf:"key"`

	// Path to file containing encryption key (alternative to Key).
	KeyFile string `koanf:"keyfile"`

	// ConfigFile path (not loaded from config, set via CLI).
	ConfigFile string `koanf:"-"`

	// Encryption key for database credentials (32 bytes).
	// Populated from Key or KeyFile after loading.
	EncryptionKey []byte `koanf:"-"`

	// RunMode controls whether test data is provisioned on startup.
	RunMode RunMode `koanf:"run_mode"`

	// DemoTargetDB specifies the only allowed database target in demo mode.
	// Format: "user:password@host/dbname" (e.g., "demo:demo@localhost/demo")
	// Only applies when RunMode is "demo". If empty, defaults to "demo:demo@localhost/demo".
	DemoTargetDB string `koanf:"demo_target_db"`

	// QueryStorage holds query result storage configuration.
	QueryStorage QueryStorageConfig `koanf:"query_storage"`

	// RateLimit holds rate limiting configuration.
	RateLimit RateLimitConfig `koanf:"rate_limit"`

	// Hash holds password hashing configuration.
	Hash HashConfig `koanf:"hash"`

	// AuthCache holds authentication cache configuration.
	AuthCache AuthCacheConfig `koanf:"auth_cache"`

	// BaseURL is the base URL path for the frontend app (default: "/app").
	BaseURL string `koanf:"base_url"`

	// Redirects contains dev redirect rules parsed from DBB_REDIRECTS env var.
	// Not loaded from config file, parsed from environment only.
	Redirects []RedirectRule `koanf:"-"`

	// LogLevel controls the logging verbosity (debug, info, warn, error).
	// Default is "info".
	LogLevel string `koanf:"log_level"`

	// SlackAuth holds Slack OAuth configuration.
	SlackAuth SlackAuthConfig `koanf:"slack_auth"`

	// Dump holds session packet dump configuration.
	Dump DumpConfig `koanf:"dump"`

	// MySQL holds MySQL proxy specific configuration.
	MySQL MySQLConfig `koanf:"mysql"`

	// PG holds PostgreSQL proxy specific configuration.
	PG PGConfig `koanf:"pg"`
}

Config holds the application configuration.

func Load 

func Load(opts LoadOptions, cliOverrides ...func(*Config)) (*Config, error)

Load reads configuration from environment variables and optional config file. Priority order: CLI overrides > Environment variables > Config file > Defaults

func (*Config) GetDemoTarget 

func (c *Config) GetDemoTarget() *DemoTarget

GetDemoTarget parses and returns the demo target configuration. Returns nil if not in demo mode.

func (*Config) GetHashParams added in v0.0.1 

func (c *Config) GetHashParams() ResolvedHashParams

GetHashParams returns the resolved hash parameters.

func (*Config) IsDemoMode 

func (c *Config) IsDemoMode() bool

IsDemoMode returns true if running in demo mode.

func (*Config) ValidateDemoTarget 

func (c *Config) ValidateDemoTarget(username, password, host, database string) string

ValidateDemoTarget checks if the given credentials match the demo target. Returns an error message if validation fails, or empty string if valid.

type DemoTarget 

type DemoTarget struct {
	Username string
	Password string
	Host     string
	Database string
}

DemoTarget holds the parsed demo target database credentials.

func ParseDemoTargetDB 

func ParseDemoTargetDB(s string) *DemoTarget

ParseDemoTargetDB parses a demo target string in format "user:pass@host/dbname".

type DumpConfig added in v0.5.0 

type DumpConfig struct {
	// Dir is the directory for dump files. Empty = disabled.
	Dir string `koanf:"dir"`

	// MaxSize is the maximum dump file size per session in bytes.
	MaxSize int64 `koanf:"max_size"`

	// Retention is the auto-delete duration for old dumps (e.g., "24h").
	Retention string `koanf:"retention"`
}

DumpConfig holds configuration for session packet dumps.

type HashConfig added in v0.0.1 

type HashConfig struct {
	// Preset is a named configuration preset (default, low, minimal).
	Preset string `koanf:"preset"`

	// MemoryMB is the memory parameter in megabytes (1-1024).
	MemoryMB int `koanf:"memory_mb"`

	// Time is the time/iterations parameter (1-10).
	Time int `koanf:"time"`

	// Threads is the parallelism parameter (1-16).
	Threads int `koanf:"threads"`
}

HashConfig holds password hashing configuration.

type LoadOptions 

type LoadOptions struct {
	// ConfigFile is the path to a config file (YAML, JSON, or TOML).
	ConfigFile string
}

LoadOptions configures how configuration is loaded.

type MySQLConfig added in v0.7.0 

type MySQLConfig struct {
	// TLS holds TLS server-termination settings for the proxy. When enabled,
	// the proxy advertises CLIENT_SSL and accepts SSL Request packets from
	// clients, terminating the TLS session at the proxy. Required for clean
	// caching_sha2_password full-auth (cleartext password over TLS).
	TLS TLSConfig `koanf:"tls"`
}

MySQLConfig holds configuration specific to the MySQL proxy.

type PGConfig added in v0.8.0 

type PGConfig struct {
	// TLS holds TLS server-termination settings for the proxy. When enabled,
	// the proxy responds 'S' to SSLRequest and terminates TLS at the proxy.
	// Without this, clients with sslmode=prefer silently fall back to
	// plaintext and credentials travel over the wire in the clear.
	TLS TLSConfig `koanf:"tls"`
}

PGConfig holds configuration specific to the PostgreSQL proxy.

type QueryStorageConfig 

type QueryStorageConfig struct {
	// MaxResultRows is the maximum number of rows to store per query.
	MaxResultRows int `koanf:"max_result_rows"`

	// MaxResultBytes is the maximum total bytes to store per query.
	MaxResultBytes int64 `koanf:"max_result_bytes"`

	// StoreResults enables/disables result storage globally.
	StoreResults bool `koanf:"store_results"`
}

QueryStorageConfig holds configuration for query result storage.

type RateLimitConfig 

type RateLimitConfig struct {
	// Enabled enables/disables rate limiting.
	Enabled bool `koanf:"enabled"`

	// RequestsPerMinute is the rate limit for authenticated users.
	RequestsPerMinute int `koanf:"requests_per_minute"`

	// RequestsPerMinuteAnon is the rate limit for unauthenticated requests (by IP).
	RequestsPerMinuteAnon int `koanf:"requests_per_minute_anon"`

	// Burst allows short bursts above the rate limit.
	Burst int `koanf:"burst"`
}

RateLimitConfig holds configuration for API rate limiting.

type RedirectRule 

type RedirectRule struct {
	// PathPrefix is the path prefix to match (e.g., "/app").
	PathPrefix string
	// TargetHost is the target host to proxy to (e.g., "localhost:5173").
	TargetHost string
	// TargetPath is the path on the target (e.g., "/").
	TargetPath string
}

RedirectRule represents a path-based redirect for development proxying.

type ResolvedHashParams added in v0.0.1 

type ResolvedHashParams struct {
	MemoryKB uint32
	Time     uint32
	Threads  uint8
}

ResolvedHashParams returns the hash parameters after applying presets. Individual settings override preset values.

type RunMode 

type RunMode string

RunMode represents the application run mode. 

const (
	// RunModeDefault is the default production mode.
	RunModeDefault RunMode = ""
	// RunModeTest provisions test data on startup.
	RunModeTest RunMode = "test"
	// RunModeDemo provisions demo data on startup with additional protections.
	RunModeDemo RunMode = "demo"
)

type SlackAuthConfig added in v0.4.0 

type SlackAuthConfig struct {
	ClientID        string `koanf:"client_id"`
	ClientSecret    string `koanf:"client_secret"`
	TeamID          string `koanf:"team_id"`
	AutoCreateUsers bool   `koanf:"auto_create_users"`
	DefaultRole     string `koanf:"default_role"`
}

SlackAuthConfig holds Slack OAuth configuration.

func (SlackAuthConfig) Enabled added in v0.4.0 

func (c SlackAuthConfig) Enabled() bool

Enabled returns true if Slack OAuth is configured with both client ID and secret.

type TLSConfig added in v0.7.0 

type TLSConfig struct {
	// CertFile is the path to a PEM-encoded server certificate.
	CertFile string `koanf:"cert_file"`

	// KeyFile is the path to a PEM-encoded server private key.
	KeyFile string `koanf:"key_file"`

	// Disable turns off TLS termination entirely. When true, SSL Request
	// packets from clients are refused and connections stay plaintext.
	Disable bool `koanf:"disable"`
}

TLSConfig holds TLS server-side termination settings.

When CertFile and KeyFile are both empty (and Disable is false), the proxy auto-generates a self-signed certificate at startup. This is suitable for development; production deployments should provide a real certificate.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.