config

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2026 License: GPL-3.0 Imports: 10 Imported by: 0

Documentation

Overview

Package config provides configuration loading and validation for the proxy server.

Configuration can be provided via:

  • Command line flags (highest priority)
  • Environment variables (PROXY_ prefix)
  • Configuration file (YAML or JSON)

Storage Configuration:

The proxy supports multiple storage backends via gocloud.dev/blob:

Local filesystem (default): 

storage:
  url: "file:///var/cache/proxy"

Amazon S3: 

storage:
  url: "s3://bucket-name"

S3-compatible (MinIO, etc.): 

storage:
  url: "s3://bucket?endpoint=http://localhost:9000"

For S3, configure credentials via AWS environment variables: 

AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION

Database Configuration:

The proxy supports two database backends:

SQLite (default): 

database:
  driver: "sqlite"
  path: "/var/lib/proxy/cache.db"

PostgreSQL: 

database:
  driver: "postgres"
  url: "postgres://user:password@localhost:5432/proxy?sslmode=disable"

See config.example.yaml in the repository root for a complete example.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseSize 

func ParseSize(s string) (int64, error)

ParseSize parses a human-readable size string (e.g., "10GB", "500MB"). Returns the size in bytes.

Types

type AuthConfig 

type AuthConfig struct {
	// Type is the authentication type: "bearer", "basic", or "header".
	Type string `json:"type" yaml:"type"`

	// Token is used for bearer authentication.
	// Can reference environment variables with ${VAR_NAME} syntax.
	Token string `json:"token" yaml:"token"`

	// Username is used for basic authentication.
	Username string `json:"username" yaml:"username"`

	// Password is used for basic authentication.
	// Can reference environment variables with ${VAR_NAME} syntax.
	Password string `json:"password" yaml:"password"`

	// HeaderName is the custom header name (for type "header").
	HeaderName string `json:"header_name" yaml:"header_name"`

	// HeaderValue is the custom header value (for type "header").
	// Can reference environment variables with ${VAR_NAME} syntax.
	HeaderValue string `json:"header_value" yaml:"header_value"`
}

AuthConfig configures authentication for an upstream registry.

func (*AuthConfig) Header 

func (a *AuthConfig) Header() (name, value string)

Header returns the HTTP header name and value for this auth config. Returns empty strings if the config is invalid or incomplete.

type Config 

type Config struct {
	// Listen is the address to listen on (e.g., ":8080", "127.0.0.1:8080").
	Listen string `json:"listen" yaml:"listen"`

	// BaseURL is the public URL where this proxy is accessible.
	// Used for rewriting package metadata URLs.
	// Example: "https://proxy.example.com" or "http://localhost:8080"
	BaseURL string `json:"base_url" yaml:"base_url"`

	// Storage configures artifact storage.
	Storage StorageConfig `json:"storage" yaml:"storage"`

	// Database configures the cache database.
	Database DatabaseConfig `json:"database" yaml:"database"`

	// Log configures logging.
	Log LogConfig `json:"log" yaml:"log"`

	// Upstream configures upstream registry URLs (optional overrides).
	Upstream UpstreamConfig `json:"upstream" yaml:"upstream"`

	// Cooldown configures version age filtering to mitigate supply chain attacks.
	Cooldown CooldownConfig `json:"cooldown" yaml:"cooldown"`

	// CacheMetadata enables caching of upstream metadata responses for offline fallback.
	// When enabled, metadata is stored in the database and storage backend.
	// The mirror command always enables this regardless of this setting.
	CacheMetadata bool `json:"cache_metadata" yaml:"cache_metadata"`

	// MetadataTTL is how long cached metadata is considered fresh before
	// revalidating with upstream. Uses Go duration syntax (e.g. "5m", "1h").
	// Default: "5m". Set to "0" to always revalidate.
	MetadataTTL string `json:"metadata_ttl" yaml:"metadata_ttl"`

	// MirrorAPI enables the /api/mirror endpoints for starting mirror jobs via HTTP.
	// Disabled by default to prevent unauthenticated users from triggering downloads.
	MirrorAPI bool `json:"mirror_api" yaml:"mirror_api"`
}

Config holds all configuration for the proxy server.

func Default 

func Default() *Config

Default returns a Config with sensible defaults.

func Load 

func Load(path string) (*Config, error)

Load reads configuration from a file (YAML or JSON).

func (*Config) LoadFromEnv 

func (c *Config) LoadFromEnv()

LoadFromEnv applies environment variable overrides to a Config. Environment variables use the PROXY_ prefix:

  • PROXY_LISTEN
  • PROXY_BASE_URL
  • PROXY_STORAGE_PATH
  • PROXY_STORAGE_MAX_SIZE
  • PROXY_DATABASE_PATH
  • PROXY_LOG_LEVEL
  • PROXY_LOG_FORMAT

func (*Config) ParseDirectServeTTL 

func (c *Config) ParseDirectServeTTL() time.Duration

ParseDirectServeTTL returns the presigned URL expiry duration. Returns 15 minutes if unset.

func (*Config) ParseMaxSize 

func (c *Config) ParseMaxSize() int64

ParseMaxSize returns the maximum cache size in bytes. Returns 0 if unset or explicitly disabled (meaning unlimited).

func (*Config) ParseMetadataTTL 

func (c *Config) ParseMetadataTTL() time.Duration

ParseMetadataTTL returns the metadata TTL duration. Returns 5 minutes if unset, 0 if explicitly disabled.

func (*Config) Validate 

func (c *Config) Validate() error

Validate checks the configuration for errors.

type CooldownConfig 

type CooldownConfig struct {
	// Default is the global default cooldown (e.g., "3d", "48h", "0" to disable).
	Default string `json:"default" yaml:"default"`

	// Ecosystems overrides the default for specific ecosystems.
	Ecosystems map[string]string `json:"ecosystems" yaml:"ecosystems"`

	// Packages overrides the cooldown for specific packages (keyed by PURL).
	Packages map[string]string `json:"packages" yaml:"packages"`
}

CooldownConfig configures version cooldown periods. Versions published more recently than the cooldown are hidden from metadata responses.

type DatabaseConfig 

type DatabaseConfig struct {
	// Driver is the database driver: "sqlite" or "postgres".
	Driver string `json:"driver" yaml:"driver"`

	// Path is the path to the SQLite database file.
	Path string `json:"path" yaml:"path"`

	// URL is the PostgreSQL connection string.
	URL string `json:"url" yaml:"url"`
}

DatabaseConfig configures the cache database.

type LogConfig 

type LogConfig struct {
	// Level is the minimum log level: "debug", "info", "warn", "error".
	Level string `json:"level" yaml:"level"`

	// Format is the log format: "text" or "json".
	Format string `json:"format" yaml:"format"`
}

LogConfig configures logging.

type StorageConfig 

type StorageConfig struct {
	// URL is the storage backend URL.
	// Supported schemes:
	//   - file:///path/to/dir - Local filesystem (default)
	//   - s3://bucket-name - Amazon S3
	//   - s3://bucket?endpoint=http://localhost:9000 - S3-compatible (MinIO)
	// If empty, defaults to file:// with the Path value.
	URL string `json:"url" yaml:"url"`

	// Path is the directory where cached artifacts are stored.
	// If URL is empty, this is used as file://{Path}.
	//
	// Deprecated: Use URL with file:// scheme instead.
	Path string `json:"path" yaml:"path"`

	// MaxSize is the maximum cache size (e.g., "10GB", "500MB").
	// When exceeded, least recently used artifacts are evicted.
	// Empty or "0" means unlimited.
	MaxSize string `json:"max_size" yaml:"max_size"`

	// DirectServe enables redirecting cached artifact downloads to presigned
	// storage URLs (HTTP 302) instead of streaming bytes through the proxy.
	// Only effective for backends that support URL signing (S3, Azure).
	DirectServe bool `json:"direct_serve" yaml:"direct_serve"`

	// DirectServeTTL is how long presigned URLs remain valid.
	// Uses Go duration syntax (e.g. "5m", "1h"). Default: "15m".
	DirectServeTTL string `json:"direct_serve_ttl" yaml:"direct_serve_ttl"`

	// DirectServeBaseURL overrides the scheme and host of presigned URLs
	// before returning them to clients. Useful when the proxy reaches
	// storage at an internal address (e.g. 127.0.0.1 or a Docker hostname)
	// but clients must use a public one.
	DirectServeBaseURL string `json:"direct_serve_base_url" yaml:"direct_serve_base_url"`
}

StorageConfig configures artifact storage.

type UpstreamConfig 

type UpstreamConfig struct {
	// NPM is the upstream npm registry URL.
	// Default: https://registry.npmjs.org
	NPM string `json:"npm" yaml:"npm"`

	// Cargo is the upstream cargo index URL.
	// Default: https://index.crates.io
	Cargo string `json:"cargo" yaml:"cargo"`

	// CargoDownload is the upstream cargo download URL.
	// Default: https://static.crates.io/crates
	CargoDownload string `json:"cargo_download" yaml:"cargo_download"`

	// Auth configures authentication for upstream registries.
	// Keys are URL prefixes that are matched against request URLs.
	// Example: "https://npm.pkg.github.com" matches all requests to that host.
	Auth map[string]AuthConfig `json:"auth" yaml:"auth"`
}

UpstreamConfig configures upstream registry URLs and authentication. Leave empty to use defaults.

func (*UpstreamConfig) AuthForURL 

func (u *UpstreamConfig) AuthForURL(url string) *AuthConfig

AuthForURL returns the auth config that matches the given URL. Matches are based on URL prefix - the longest matching prefix wins.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.