Documentation
¶
Index ¶
- Constants
- Variables
- func BrandFilePath() string
- func GetConfigBatchSize() int
- func GetConfigBool(key string) bool
- func GetConfigDataSourceName() string
- func GetConfigInt64(key string) (int64, error)
- func GetConfigString(key string) string
- func GetLanguage(language string) string
- func IsProduction() bool
- func ReloadBrand()
- func ReplaceDataSourceNameByDocker(dataSourceName string) string
- func SandboxOTPEnabled() bool
- type Brand
- type Quota
- type SuperadminDomainRule
- type WebConfig
Constants ¶
const ( DefaultAdminOrg = "admin" DefaultAdminApp = "iam" DefaultAdminUser = "root" )
Admin identity. Three orthogonal slots:
AdminOrg organization that owns IAM itself (default "admin") AdminApp the IAM application inside that org (default "iam") AdminUser bootstrap admin user inside that org (default "root")
Resolved once at package init. In production each may be overridden via env; if unset in production, requiredEnvOrDefault panics so a misconfig fails loud at boot rather than silently bootstrapping with weak names.
Variables ¶
var ( AdminOrg = requiredEnvOrDefault("IAM_ADMIN_ORG", DefaultAdminOrg) AdminApp = requiredEnvOrDefault("IAM_ADMIN_APP", DefaultAdminApp) AdminUser = requiredEnvOrDefault("IAM_ADMIN_USER", DefaultAdminUser) )
var WafConf string
Functions ¶
func BrandFilePath ¶ added in v1.18.1
func BrandFilePath() string
BrandFilePath returns the path IAM reads the brand contract from. Env var IAM_BRAND_FILE overrides the default.
func GetConfigBatchSize ¶
func GetConfigBatchSize() int
func GetConfigBool ¶
func GetConfigDataSourceName ¶
func GetConfigDataSourceName() string
func GetConfigInt64 ¶
func GetConfigString ¶
func GetLanguage ¶
func IsProduction ¶ added in v1.14.21
func IsProduction() bool
IsProduction reports whether the runtime environment is production-grade. Checks $ENV, $ENVIRONMENT, $GO_ENV, $BEEGO_RUNMODE, $RUN_MODE and the `environment` key in app.conf.
func ReloadBrand ¶ added in v1.18.1
func ReloadBrand()
ReloadBrand invalidates the cached brand for tests. Not safe for concurrent use with LoadBrand outside tests — production reads the file once at startup.
func SandboxOTPEnabled ¶ added in v1.14.18
func SandboxOTPEnabled() bool
SandboxOTPEnabled gates the phone-OTP shortcut: when true, non-E.164 phone numbers are accepted on signin (the country-code prefix is added inline) so seed scripts using sandbox phones like 1337000007 can complete OTP login. Enabled in any non-prod env. Read from ENV first (sandbox infra usually sets this), then `environment` in app.conf.
Production envs (production / prod / main / mainnet) hard-disable this — real phones MUST parse as E.164 or signin fails clearly.
(Replaces the older IsDemoMode() which braided two concerns — the OTP shortcut and the original demo-site UI hijack — into one boolean. The UI hijack is ripped; this function keeps only the OTP semantics under a name that reflects what it does.)
Types ¶
type Brand ¶ added in v1.18.1
type Brand struct {
Name string `json:"name"`
Domain string `json:"domain"`
SuperadminDomains []SuperadminDomainRule `json:"superadminDomains"`
}
Brand is the on-disk contract IAM reads from /etc/brand/brand.json (mounted from a ConfigMap by the deployment). It carries the per-env branding inputs that IAM needs to behave brand-neutrally — domain allow-lists for auto-promotion, primary brand domain, etc.
This file MUST live in /etc/brand/brand.json or wherever IAM_BRAND_FILE points. If neither exists, fallback defaults apply (defaultBrand).
JSON shape (intentionally small; add fields incrementally):
{
"name": "Hanzo",
"domain": "hanzo.ai",
"superadminDomains": [
{ "domain": "hanzo.ai", "org": "admin", "globalAdmin": true },
{ "domain": "zoo.ngo", "org": "admin", "globalAdmin": true },
{ "domain": "lux.network", "org": "admin", "globalAdmin": true },
{ "domain": "pars.network","org": "pars", "globalAdmin": false }
]
}
The "org" sentinel value "admin" (literal string) is treated as "resolve to the live AdminOrg at call time" — see brand.ResolveOrg.
func LoadBrand ¶ added in v1.18.1
LoadBrand reads /etc/brand/brand.json (or IAM_BRAND_FILE). On any error (including file-not-found) returns the defaultBrand and the error; callers should fall back to the default but may want to log the error.
Safe to call concurrently; lazy: the file is read once and cached.
type Quota ¶
type Quota struct {
Organization int `json:"organization"`
User int `json:"user"`
Application int `json:"application"`
Provider int `json:"provider"`
}
func GetConfigQuota ¶
func GetConfigQuota() *Quota
type SuperadminDomainRule ¶ added in v1.18.1
type SuperadminDomainRule struct {
Domain string `json:"domain"`
Org string `json:"org"`
GlobalAdmin bool `json:"globalAdmin"`
}
SuperadminDomainRule maps one email domain to a promotion outcome. Org="admin" is a sentinel — resolved against the live AdminOrg. Org="<orgName>" means "user is moved into that org but does not get global admin (unless GlobalAdmin is also true)".
func SuperadminRuleFor ¶ added in v1.18.1
func SuperadminRuleFor(email string) (SuperadminDomainRule, bool)
SuperadminRuleFor returns the rule matching the given email domain. Case-insensitive on the domain match. The returned rule has its Org resolved against the live AdminOrg (so "admin" sentinel becomes AdminOrg from env).
type WebConfig ¶
type WebConfig struct {
ShowGithubCorner bool `json:"showGithubCorner"`
ForceLanguage string `json:"forceLanguage"`
DefaultLanguage string `json:"defaultLanguage"`
StaticBaseUrl string `json:"staticBaseUrl"`
AiAssistantUrl string `json:"aiAssistantUrl"`
}
func GetWebConfig ¶
func GetWebConfig() *WebConfig
Source Files