Documentation
¶
Index ¶
- Variables
- type AssetsConfig
- type AuthorizationConfig
- type Config
- type CookieConfig
- type EmailAuthConfig
- type EmailTokenConfig
- type EncryptionConfig
- type FileLoader
- type FileLoggingConfig
- type FilterList
- type ForwardingConfig
- type ForwardingField
- type KVSConfig
- type Loader
- type LoggingConfig
- type NamespaceConfig
- type OAuth2Config
- type OAuth2Provider
- type OptimizationConfig
- type SMTPConfig
- type SendGridConfig
- type SendmailConfig
- type ServerConfig
- type ServiceConfig
- type SessionConfig
- type ValidationError
Constants ¶
This section is empty.
Variables ¶
var ( // ErrServiceNameRequired is returned when service name is not provided ErrServiceNameRequired = errors.New("service name is required") // ErrCookieSecretRequired is returned when cookie secret is not provided ErrCookieSecretRequired = errors.New("cookie secret is required") // ErrCookieSecretTooShort is returned when cookie secret is too short ErrCookieSecretTooShort = errors.New("cookie secret must be at least 32 characters") // ErrNoEnabledProviders is returned when no OAuth2 providers are enabled ErrNoEnabledProviders = errors.New("at least one OAuth2 provider must be enabled") // ErrNoAuthMethod is returned when no authentication method is enabled (OAuth2 or email) ErrNoAuthMethod = errors.New("at least one authentication method must be enabled (OAuth2 or email authentication)") // ErrConfigFileNotFound is returned when config file is not found ErrConfigFileNotFound = errors.New("configuration file not found") // ErrEncryptionKeyRequired is returned when encryption is enabled but key is not provided ErrEncryptionKeyRequired = errors.New("encryption key is required when encryption is enabled") // ErrEncryptionKeyTooShort is returned when encryption key is too short ErrEncryptionKeyTooShort = errors.New("encryption key must be at least 32 characters") // ErrEncryptionConfigRequired is returned when encrypt filter is used but encryption config is not provided ErrEncryptionConfigRequired = errors.New("encryption configuration is required when 'encrypt' filter is used") )
Functions ¶
This section is empty.
Types ¶
type AssetsConfig ¶
type AssetsConfig struct {
Optimization OptimizationConfig `yaml:"optimization" json:"optimization"` // Optimization settings
}
AssetsConfig contains assets configuration
type AuthorizationConfig ¶
type AuthorizationConfig struct {
Allowed []string `yaml:"allowed" json:"allowed"` // Email addresses or domains (domain starts with @)
}
AuthorizationConfig contains authorization settings
type Config ¶
type Config struct {
Service ServiceConfig `yaml:"service" json:"service"`
Server ServerConfig `yaml:"server" json:"server"`
Session SessionConfig `yaml:"session" json:"session"`
OAuth2 OAuth2Config `yaml:"oauth2" json:"oauth2"`
EmailAuth EmailAuthConfig `yaml:"email_auth" json:"email_auth"`
Authorization AuthorizationConfig `yaml:"authorization" json:"authorization"`
Logging LoggingConfig `yaml:"logging" json:"logging"`
KVS KVSConfig `yaml:"kvs" json:"kvs"` // KVS storage configuration
Forwarding ForwardingConfig `yaml:"forwarding" json:"forwarding"` // User info forwarding configuration
Rules rules.Config `yaml:"rules" json:"rules"` // Access control rules configuration
Assets AssetsConfig `yaml:"assets" json:"assets"` // Assets configuration
}
Config represents the application configuration
type CookieConfig ¶ added in v0.3.0
type CookieConfig struct {
Name string `yaml:"name" json:"name"`
Secret string `yaml:"secret" json:"secret"`
Expire string `yaml:"expire" json:"expire"`
Secure bool `yaml:"secure" json:"secure"`
HTTPOnly bool `yaml:"httponly" json:"httponly"`
SameSite string `yaml:"samesite" json:"samesite"`
}
CookieConfig contains session cookie settings
func (CookieConfig) GetExpireDuration ¶ added in v0.3.0
func (c CookieConfig) GetExpireDuration() (time.Duration, error)
GetExpireDuration returns the cookie expiration as a time.Duration
func (CookieConfig) GetSameSite ¶ added in v0.3.0
func (c CookieConfig) GetSameSite() http.SameSite
GetSameSite returns the SameSite cookie attribute based on configuration
type EmailAuthConfig ¶
type EmailAuthConfig struct {
Enabled bool `yaml:"enabled" json:"enabled"`
SenderType string `yaml:"sender_type" json:"sender_type"` // "smtp", "sendgrid", or "sendmail"
From string `yaml:"from" json:"from"` // From email address (can be RFC 5322 format: "Name <email@example.com>" or just "email@example.com")
FromName string `yaml:"from_name" json:"from_name"` // From display name (optional, used if From doesn't contain name)
SMTP SMTPConfig `yaml:"smtp" json:"smtp"`
SendGrid SendGridConfig `yaml:"sendgrid" json:"sendgrid"`
Sendmail SendmailConfig `yaml:"sendmail" json:"sendmail"`
Token EmailTokenConfig `yaml:"token" json:"token"`
}
EmailAuthConfig contains email authentication settings
func (EmailAuthConfig) GetFromAddress ¶ added in v0.3.0
func (e EmailAuthConfig) GetFromAddress() (string, string)
GetFromAddress parses the From field and returns the email address and display name Supports RFC 5322 format: "Display Name <email@example.com>" or just "email@example.com" Returns (email, displayName)
type EmailTokenConfig ¶
type EmailTokenConfig struct {
Expire string `yaml:"expire" json:"expire"`
}
EmailTokenConfig contains token expiration settings
func (EmailTokenConfig) GetTokenExpireDuration ¶
func (e EmailTokenConfig) GetTokenExpireDuration() (time.Duration, error)
GetTokenExpireDuration returns the token expiration as a time.Duration
type EncryptionConfig ¶
type EncryptionConfig struct {
Key string `yaml:"key" json:"key"` // Encryption key (required if encrypt filter is used)
Algorithm string `yaml:"algorithm,omitempty" json:"algorithm,omitempty"` // Encryption algorithm (default: "aes-256-gcm")
}
EncryptionConfig contains encryption settings
func (EncryptionConfig) GetAlgorithm ¶
func (e EncryptionConfig) GetAlgorithm() string
GetAlgorithm returns the encryption algorithm with default value
type FileLoader ¶
type FileLoader struct {
// contains filtered or unexported fields
}
FileLoader loads configuration from a YAML or JSON file
func NewFileLoader ¶
func NewFileLoader(path string) *FileLoader
NewFileLoader creates a new FileLoader
func (*FileLoader) Load ¶
func (l *FileLoader) Load() (*Config, error)
Load reads and parses the configuration file Supports both YAML (.yaml, .yml) and JSON (.json) formats Format is automatically detected from file extension
type FileLoggingConfig ¶ added in v0.3.0
type FileLoggingConfig struct {
Path string `yaml:"path" json:"path"` // Log file path (required)
MaxSizeMB int `yaml:"max_size_mb,omitempty" json:"max_size_mb,omitempty"` // Maximum size in megabytes before rotation (default: 100)
MaxBackups int `yaml:"max_backups,omitempty" json:"max_backups,omitempty"` // Maximum number of old log files to retain (default: 3)
MaxAge int `yaml:"max_age,omitempty" json:"max_age,omitempty"` // Maximum number of days to retain old log files (default: 28)
Compress bool `yaml:"compress,omitempty" json:"compress,omitempty"` // Whether to compress rotated log files (default: false)
}
FileLoggingConfig contains file logging and rotation settings
type FilterList ¶
type FilterList []string
FilterList represents a list of filters (can be comma-separated string or array)
func (*FilterList) UnmarshalYAML ¶
func (f *FilterList) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML implements custom YAML unmarshaling to support both string and array formats
type ForwardingConfig ¶
type ForwardingConfig struct {
Encryption *EncryptionConfig `yaml:"encryption,omitempty" json:"encryption,omitempty"` // Optional encryption settings
Fields []ForwardingField `yaml:"fields" json:"fields"` // Field forwarding definitions
}
ForwardingConfig contains user info forwarding settings
type ForwardingField ¶
type ForwardingField struct {
Path string `yaml:"path" json:"path"` // Dot-separated path to field (e.g., "email", "userinfo.avatar_url", "." for entire object)
Query string `yaml:"query,omitempty" json:"query,omitempty"` // Query parameter name for login redirect (optional)
Header string `yaml:"header,omitempty" json:"header,omitempty"` // HTTP header name for all requests (optional)
Filters FilterList `yaml:"filters,omitempty" json:"filters,omitempty"` // Filters to apply (e.g., "encrypt,zip" or ["encrypt", "zip"])
}
ForwardingField defines how to forward a single field
type KVSConfig ¶
type KVSConfig struct {
// Default KVS configuration (shared by all use cases)
Default kvs.Config `yaml:"default" json:"default"`
// Optional override for session storage
// If nil, uses Default with session namespace prefix
Session *kvs.Config `yaml:"session,omitempty" json:"session,omitempty"`
// Optional override for token storage
// If nil, uses Default with token namespace prefix
Token *kvs.Config `yaml:"token,omitempty" json:"token,omitempty"`
// Optional override for rate limit storage
// If nil, uses Default with ratelimit namespace prefix
RateLimit *kvs.Config `yaml:"ratelimit,omitempty" json:"ratelimit,omitempty"`
// Namespace prefixes for shared KVS (has defaults)
Namespaces NamespaceConfig `yaml:"namespaces" json:"namespaces"`
}
KVSConfig contains the unified KVS configuration with optional overrides. This design allows sharing a single KVS backend across multiple use cases with namespace isolation, while still supporting dedicated backends when needed.
type LoggingConfig ¶
type LoggingConfig struct {
Level string `yaml:"level" json:"level"`
ModuleLevel string `yaml:"module_level" json:"module_level"`
Color bool `yaml:"color" json:"color"`
File *FileLoggingConfig `yaml:"file,omitempty" json:"file,omitempty"` // Optional file logging configuration
}
LoggingConfig contains logging settings
type NamespaceConfig ¶
type NamespaceConfig struct {
Session string `yaml:"session" json:"session"` // Default: "session"
Token string `yaml:"token" json:"token"` // Default: "token"
RateLimit string `yaml:"ratelimit" json:"ratelimit"` // Default: "ratelimit"
}
NamespaceConfig defines the key prefixes for each use case when sharing a KVS
func (*NamespaceConfig) SetDefaults ¶
func (n *NamespaceConfig) SetDefaults()
SetDefaults sets default namespace names if not specified
type OAuth2Config ¶
type OAuth2Config struct {
Providers []OAuth2Provider `yaml:"providers" json:"providers"`
}
OAuth2Config contains OAuth2 provider settings
type OAuth2Provider ¶
type OAuth2Provider struct {
ID string `yaml:"id" json:"id"` // Unique identifier for this provider (required, must be unique)
Type string `yaml:"type" json:"type"` // Provider type: "google", "github", "microsoft", "custom"
DisplayName string `yaml:"display_name" json:"display_name"` // Display name shown in UI
ClientID string `yaml:"client_id" json:"client_id"`
ClientSecret string `yaml:"client_secret" json:"client_secret"`
Disabled bool `yaml:"disabled" json:"disabled"` // If true, provider is hidden from login page
IconURL string `yaml:"icon_url" json:"icon_url"` // Optional custom icon URL (if not set, uses default icon based on provider type)
// Custom provider settings (only used when Type is "custom")
AuthURL string `yaml:"auth_url" json:"auth_url"` // Custom authorization endpoint
TokenURL string `yaml:"token_url" json:"token_url"` // Custom token endpoint
UserInfoURL string `yaml:"userinfo_url" json:"userinfo_url"` // Custom userinfo endpoint
JWKSURL string `yaml:"jwks_url" json:"jwks_url"` // Optional OIDC JWKS URL
InsecureSkipVerify bool `yaml:"insecure_skip_verify" json:"insecure_skip_verify"` // Allow HTTP for testing (default: false)
// OAuth2 scopes to request
Scopes []string `yaml:"scopes" json:"scopes"` // OAuth2 scopes to request (e.g., ["openid", "email", "profile", "analytics"])
ResetScopes bool `yaml:"reset_scopes" json:"reset_scopes"` // If true, replaces default scopes; if false, adds to default scopes (default: false)
}
OAuth2Provider represents a single OAuth2 provider configuration
type OptimizationConfig ¶
type OptimizationConfig struct {
Dify bool `yaml:"dify" json:"dify"` // If true, load dify.css for iframe optimizations
}
OptimizationConfig contains optimization settings for assets
type SMTPConfig ¶
type SMTPConfig struct {
Host string `yaml:"host" json:"host"`
Port int `yaml:"port" json:"port"`
Username string `yaml:"username" json:"username"`
Password string `yaml:"password" json:"password"`
From string `yaml:"from,omitempty" json:"from,omitempty"` // Optional: Override email_auth.from
FromName string `yaml:"from_name,omitempty" json:"from_name,omitempty"` // Optional: Override email_auth.from_name
TLS bool `yaml:"tls" json:"tls"`
StartTLS bool `yaml:"starttls" json:"starttls"`
}
SMTPConfig contains SMTP server settings
func (SMTPConfig) GetFromAddress ¶ added in v0.3.0
func (s SMTPConfig) GetFromAddress(parentEmail, parentName string) (string, string)
GetFromAddress returns the From address and name, with fallback to parent config Returns (email, displayName)
type SendGridConfig ¶
type SendGridConfig struct {
APIKey string `yaml:"api_key" json:"api_key"`
From string `yaml:"from,omitempty" json:"from,omitempty"` // Optional: Override email_auth.from
FromName string `yaml:"from_name,omitempty" json:"from_name,omitempty"` // Optional: Override email_auth.from_name
EndpointURL string `yaml:"endpoint_url" json:"endpoint_url"` // Optional custom endpoint URL (default: https://api.sendgrid.com)
}
SendGridConfig contains SendGrid API settings
func (SendGridConfig) GetFromAddress ¶ added in v0.3.0
func (s SendGridConfig) GetFromAddress(parentEmail, parentName string) (string, string)
GetFromAddress returns the From address and name, with fallback to parent config Returns (email, displayName)
type SendmailConfig ¶ added in v0.2.0
type SendmailConfig struct {
Path string `yaml:"path" json:"path"` // Path to sendmail binary (default: /usr/sbin/sendmail)
From string `yaml:"from,omitempty" json:"from,omitempty"` // Optional: Override email_auth.from
FromName string `yaml:"from_name,omitempty" json:"from_name,omitempty"` // Optional: Override email_auth.from_name
}
SendmailConfig contains sendmail command settings
func (SendmailConfig) GetFromAddress ¶ added in v0.3.0
func (s SendmailConfig) GetFromAddress(parentEmail, parentName string) (string, string)
GetFromAddress returns the From address and name, with fallback to parent config Returns (email, displayName)
type ServerConfig ¶
type ServerConfig struct {
AuthPathPrefix string `yaml:"auth_path_prefix" json:"auth_path_prefix"` // Path prefix for authentication endpoints (default: "/_auth")
BaseURL string `yaml:"base_url" json:"base_url"` // Optional: Base URL for email links and OAuth2 callback (e.g., "https://example.com:8443" or "http://localhost:4181")
Development bool `yaml:"development" json:"development"` // Enable development mode (relaxes CSP for inline scripts, default: false)
}
ServerConfig contains authentication server settings
func (ServerConfig) GetAuthPathPrefix ¶
func (s ServerConfig) GetAuthPathPrefix() string
GetAuthPathPrefix returns the authentication path prefix If not set, returns the default "/_auth"
func (ServerConfig) GetCallbackURL ¶
func (s ServerConfig) GetCallbackURL(host string, port int) string
GetCallbackURL returns the OAuth2 callback URL Automatically generated from BaseURL and AuthPathPrefix Format: {base_url}{auth_path_prefix}/oauth2/callback If BaseURL is not set, defaults to http://host:port
type ServiceConfig ¶
type ServiceConfig struct {
Name string `yaml:"name" json:"name"`
Description string `yaml:"description" json:"description"`
IconURL string `yaml:"icon_url" json:"icon_url"` // Icon URL for auth header (48px icon)
LogoURL string `yaml:"logo_url" json:"logo_url"` // Logo URL for auth header (larger logo image)
LogoWidth string `yaml:"logo_width" json:"logo_width"` // Logo width (e.g., "100px", "150px", "200px", default: "200px")
}
ServiceConfig contains service-level settings
type SessionConfig ¶
type SessionConfig struct {
Cookie CookieConfig `yaml:"cookie" json:"cookie"`
}
SessionConfig contains session management settings Note: Session storage backend is configured via kvs.default or kvs.session
type ValidationError ¶
type ValidationError struct {
Errors []error
}
ValidationError represents multiple validation errors
func NewValidationError ¶
func NewValidationError() *ValidationError
NewValidationError creates a new ValidationError
func (*ValidationError) Add ¶
func (v *ValidationError) Add(err error)
Add adds an error to the validation error list
func (*ValidationError) Error ¶
func (v *ValidationError) Error() string
Error implements the error interface
func (*ValidationError) ErrorOrNil ¶
func (v *ValidationError) ErrorOrNil() error
ErrorOrNil returns the error if there are any validation errors, otherwise nil
func (*ValidationError) HasErrors ¶
func (v *ValidationError) HasErrors() bool
HasErrors returns true if there are any validation errors
func (*ValidationError) Is ¶
func (v *ValidationError) Is(target error) bool
Is implements the errors.Is interface for single error case
func (*ValidationError) Unwrap ¶
func (v *ValidationError) Unwrap() error
Unwrap implements the errors.Unwrap interface for single error case
Source Files