config

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AuthModeLocal   = "local"
	AuthModeHTTPAPI = "http_api"
)

Authentication mode constants

View Source 
const (
	TokenProviderModeLocal   = "local"
	TokenProviderModeHTTPAPI = "http_api"
)

Token provider mode constants

View Source 
const (
	RateLimitStoreMemory = "memory"
	RateLimitStoreRedis  = "redis"
)

Rate limit store constants

View Source 
const (
	MetricsCacheTypeMemory     = "memory"
	MetricsCacheTypeRedis      = "redis"
	MetricsCacheTypeRedisAside = "redis-aside"
)

Metrics cache type constants

View Source 
const (
	UserCacheTypeMemory     = "memory"
	UserCacheTypeRedis      = "redis"
	UserCacheTypeRedisAside = "redis-aside"
)

User cache type constants

View Source 
const (
	ClientCountCacheTypeMemory     = "memory"
	ClientCountCacheTypeRedis      = "redis"
	ClientCountCacheTypeRedisAside = "redis-aside"
)

Client count cache type constants

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// Server settings
	ServerAddr string
	BaseURL    string

	// Environment detection
	IsProduction bool

	// JWT settings
	JWTSecret     string
	JWTExpiration time.Duration

	// Session settings
	SessionSecret        string
	SessionMaxAge        int  // Session max age in seconds (default: 3600 = 1 hour)
	SessionIdleTimeout   int  // Session idle timeout in seconds (0 = disabled, default: 1800 = 30 minutes)
	SessionFingerprint   bool // Enable session fingerprinting (IP + User-Agent validation, default: true)
	SessionFingerprintIP bool // Include IP address in fingerprint (default: false, due to dynamic IPs)

	// Device code settings
	DeviceCodeExpiration time.Duration
	PollingInterval      int // seconds

	// Database
	DatabaseDriver string // "sqlite" or "postgres"
	DatabaseDSN    string // Database connection string (DSN or path)

	// Database connection pool settings
	DBMaxOpenConns    int           // Maximum number of open connections (default: 25)
	DBMaxIdleConns    int           // Maximum number of idle connections (default: 10)
	DBConnMaxLifetime time.Duration // Maximum connection lifetime (default: 5 minutes)
	DBConnMaxIdleTime time.Duration // Maximum connection idle time (default: 10 minutes)

	// Default Admin User
	DefaultAdminPassword string // Default admin password (if empty, random password is generated)

	// Authentication
	AuthMode string // "local" or "http_api"

	// HTTP API Authentication
	HTTPAPIURL                string
	HTTPAPITimeout            time.Duration
	HTTPAPIInsecureSkipVerify bool
	HTTPAPIAuthMode           string // Authentication mode: "none", "simple", or "hmac"
	HTTPAPIAuthSecret         string // Shared secret for authentication
	HTTPAPIAuthHeader         string // Custom header name for simple mode (default: "X-API-Secret")
	HTTPAPIMaxRetries         int    // Maximum retry attempts (default: 3)
	HTTPAPIRetryDelay         time.Duration
	HTTPAPIMaxRetryDelay      time.Duration

	// Token Provider
	TokenProviderMode string // "local" or "http_api"

	// HTTP API Token Provider
	TokenAPIURL                string
	TokenAPITimeout            time.Duration
	TokenAPIInsecureSkipVerify bool
	TokenAPIAuthMode           string // Authentication mode: "none", "simple", or "hmac"
	TokenAPIAuthSecret         string // Shared secret for authentication
	TokenAPIAuthHeader         string // Custom header name for simple mode (default: "X-API-Secret")
	TokenAPIMaxRetries         int    // Maximum retry attempts (default: 3)
	TokenAPIRetryDelay         time.Duration
	TokenAPIMaxRetryDelay      time.Duration

	// Refresh Token settings
	RefreshTokenExpiration time.Duration // Refresh token lifetime (default: 720h = 30 days)
	EnableRefreshTokens    bool          // Feature flag to enable/disable refresh tokens (default: true)
	EnableTokenRotation    bool          // Enable token rotation mode (default: false, fixed mode)

	// Client Credentials Flow settings (RFC 6749 §4.4)
	ClientCredentialsTokenExpiration time.Duration // Access token lifetime for client_credentials grant (default: 1h, same as JWTExpiration)

	// OAuth settings
	// GitHub OAuth
	GitHubOAuthEnabled     bool
	GitHubClientID         string
	GitHubClientSecret     string
	GitHubOAuthRedirectURL string
	GitHubOAuthScopes      []string

	// Gitea OAuth
	GiteaOAuthEnabled     bool
	GiteaURL              string
	GiteaClientID         string
	GiteaClientSecret     string
	GiteaOAuthRedirectURL string
	GiteaOAuthScopes      []string

	// Microsoft Entra ID OAuth
	MicrosoftOAuthEnabled     bool
	MicrosoftTenantID         string // "common", "organizations", or tenant UUID
	MicrosoftClientID         string
	MicrosoftClientSecret     string
	MicrosoftOAuthRedirectURL string
	MicrosoftOAuthScopes      []string

	// GitLab OAuth
	GitLabOAuthEnabled     bool
	GitLabURL              string // Base URL; defaults to "https://gitlab.com" for cloud
	GitLabClientID         string
	GitLabClientSecret     string
	GitLabOAuthRedirectURL string
	GitLabOAuthScopes      []string

	// OAuth Auto Registration
	OAuthAutoRegister bool // Allow OAuth to auto-create accounts (default: true)

	// OAuth HTTP Client Settings
	OAuthTimeout            time.Duration // HTTP client timeout for OAuth requests (default: 15s)
	OAuthInsecureSkipVerify bool          // Skip TLS verification for OAuth (dev/testing only, default: false)

	// Rate Limiting settings
	EnableRateLimit          bool   // Enable rate limiting (default: true)
	RateLimitStore           string // Rate limit store: "memory" or "redis" (default: "memory")
	RateLimitCleanupInterval time.Duration
	LoginRateLimit           int // Requests per minute for /login endpoint (default: 5)
	DeviceCodeRateLimit      int // Requests per minute for /oauth/device/code (default: 10)
	TokenRateLimit           int // Requests per minute for /oauth/token (default: 20)
	DeviceVerifyRateLimit    int // Requests per minute for /device/verify (default: 10)

	// Redis settings (only used when RateLimitStore = "redis")
	RedisAddr     string // Redis address for rate limiting (e.g., "localhost:6379")
	RedisPassword string // Redis password (empty for no auth)
	RedisDB       int    // Redis database number (default: 0)

	// Audit Logging settings
	EnableAuditLogging      bool          // Enable audit logging (default: true)
	AuditLogRetention       time.Duration // Retention period for audit logs (default: 90 days)
	AuditLogBufferSize      int           // Async buffer size (default: 1000)
	AuditLogCleanupInterval time.Duration // Cleanup interval (default: 24 hours)

	// Token/Device Code cleanup settings
	EnableExpiredTokenCleanup   bool          // Enable periodic cleanup of expired tokens and device codes (default: false)
	ExpiredTokenCleanupInterval time.Duration // How often to purge expired rows (default: 1h)

	// Prometheus Metrics settings
	MetricsEnabled             bool          // Enable Prometheus metrics endpoint (default: false)
	MetricsToken               string        // Bearer token for /metrics (empty = no auth, recommended for production)
	MetricsGaugeUpdateEnabled  bool          // Enable gauge metric updates (default: true, disable on all but one replica)
	MetricsGaugeUpdateInterval time.Duration // Gauge update interval (default: 5m)
	MetricsCacheType           string        // Cache backend: memory, redis, redis-aside (default: memory)
	MetricsCacheClientTTL      time.Duration // Client-side cache TTL for redis-aside (default: 30s)
	MetricsCacheSizePerConn    int           // Client-side cache size per connection in MB for redis-aside (default: 32MB)

	// User Cache settings
	UserCacheType        string        // USER_CACHE_TYPE: memory|redis|redis-aside (default: memory)
	UserCacheTTL         time.Duration // USER_CACHE_TTL (default: 5m)
	UserCacheClientTTL   time.Duration // USER_CACHE_CLIENT_TTL for redis-aside client-side TTL (default: 30s)
	UserCacheSizePerConn int           // USER_CACHE_SIZE_PER_CONN: client-side cache size per connection in MB for redis-aside (default: 32MB)

	// Client Count Cache settings (pending badge in admin navbar)
	ClientCountCacheType        string        // CLIENT_COUNT_CACHE_TYPE: memory|redis|redis-aside (default: memory)
	ClientCountCacheTTL         time.Duration // CLIENT_COUNT_CACHE_TTL: server-side cache lifetime (default: 1h)
	ClientCountCacheClientTTL   time.Duration // CLIENT_COUNT_CACHE_CLIENT_TTL for redis-aside (default: 10m)
	ClientCountCacheSizePerConn int           // CLIENT_COUNT_CACHE_SIZE_PER_CONN for redis-aside in MB (default: 32MB)

	// Authorization Code Flow settings (RFC 6749)
	AuthCodeExpiration time.Duration // Authorization code lifetime (default: 10 minutes)
	PKCERequired       bool          // Force PKCE for all public clients (default: false)
	ConsentRemember    bool          // Skip consent page if user already authorized same scope (default: true)

	// Bootstrap and shutdown timeout settings
	DBInitTimeout         time.Duration // Database initialization timeout (default: 30s)
	RedisConnTimeout      time.Duration // Redis connection timeout (default: 5s)
	CacheInitTimeout      time.Duration // Cache initialization timeout (default: 5s)
	ServerShutdownTimeout time.Duration // HTTP server graceful shutdown timeout (default: 5s)
	AuditShutdownTimeout  time.Duration // Audit service shutdown timeout (default: 10s)
	RedisCloseTimeout     time.Duration // Redis close timeout (default: 5s)
	CacheCloseTimeout     time.Duration // Cache close timeout (default: 5s)
	DBCloseTimeout        time.Duration // Database close timeout (default: 5s)
}

func Load 

func Load() *Config

func (*Config) Validate 

func (c *Config) Validate() error

Validate checks the configuration for invalid values

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.