config

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2025 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrServiceNameRequired is returned when service name is not provided
	ErrServiceNameRequired = errors.New("service name is required")

	// ErrCookieSecretRequired is returned when cookie secret is not provided
	ErrCookieSecretRequired = errors.New("cookie secret is required")

	// ErrCookieSecretTooShort is returned when cookie secret is too short
	ErrCookieSecretTooShort = errors.New("cookie secret must be at least 32 characters")

	// ErrNoEnabledProviders is returned when no OAuth2 providers are enabled
	ErrNoEnabledProviders = errors.New("at least one OAuth2 provider must be enabled")

	// ErrNoAuthMethod is returned when no authentication method is enabled (OAuth2 or email)
	ErrNoAuthMethod = errors.New("at least one authentication method must be enabled (OAuth2 or email authentication)")

	// ErrConfigFileNotFound is returned when config file is not found
	ErrConfigFileNotFound = errors.New("configuration file not found")

	// ErrEncryptionKeyRequired is returned when encryption is enabled but key is not provided
	ErrEncryptionKeyRequired = errors.New("encryption key is required when encryption is enabled")

	// ErrEncryptionKeyTooShort is returned when encryption key is too short
	ErrEncryptionKeyTooShort = errors.New("encryption key must be at least 32 characters")

	// ErrEncryptionConfigRequired is returned when encrypt filter is used but encryption config is not provided
	ErrEncryptionConfigRequired = errors.New("encryption configuration is required when 'encrypt' filter is used")
)

Functions

This section is empty.

Types

type AccessControlConfig added in v0.8.0 

type AccessControlConfig struct {
	Emails []string     `yaml:"emails" json:"emails"` // Email addresses or domains (domain starts with @)
	Rules  rules.Config `yaml:"rules" json:"rules"`   // Access control rules configuration
}

AccessControlConfig contains access control settings

type AssetsConfig 

type AssetsConfig struct {
	Optimization OptimizationConfig `yaml:"optimization" json:"optimization"` // Optimization settings
}

AssetsConfig contains assets configuration

type Config 

type Config struct {
	Service       ServiceConfig       `yaml:"service" json:"service"`
	Server        ServerConfig        `yaml:"server" json:"server"`
	Session       SessionConfig       `yaml:"session" json:"session"`
	OAuth2        OAuth2Config        `yaml:"oauth2" json:"oauth2"`
	EmailAuth     EmailAuthConfig     `yaml:"email_auth" json:"email_auth"`
	PasswordAuth  PasswordAuthConfig  `yaml:"password_auth" json:"password_auth"`
	AccessControl AccessControlConfig `yaml:"access_control" json:"access_control"`
	Logging       LoggingConfig       `yaml:"logging" json:"logging"`
	KVS           KVSConfig           `yaml:"kvs" json:"kvs"`               // KVS storage configuration
	Forwarding    ForwardingConfig    `yaml:"forwarding" json:"forwarding"` // User info forwarding configuration
	Assets        AssetsConfig        `yaml:"assets" json:"assets"`         // Assets configuration
}

Config represents the application configuration

func (*Config) Validate 

func (c *Config) Validate() error

Validate checks if the configuration is valid Returns a ValidationError containing all validation errors found

type CookieConfig added in v0.3.0 

type CookieConfig struct {
	Name     string `yaml:"name" json:"name"`
	Secret   string `yaml:"secret" json:"secret"`
	Expire   string `yaml:"expire" json:"expire"`
	Secure   bool   `yaml:"secure" json:"secure"`
	HTTPOnly bool   `yaml:"httponly" json:"httponly"`
	SameSite string `yaml:"samesite" json:"samesite"`
}

CookieConfig contains session cookie settings

func (CookieConfig) GetExpireDuration added in v0.3.0 

func (c CookieConfig) GetExpireDuration() (time.Duration, error)

GetExpireDuration returns the cookie expiration as a time.Duration

func (CookieConfig) GetSameSite added in v0.3.0 

func (c CookieConfig) GetSameSite() http.SameSite

GetSameSite returns the SameSite cookie attribute based on configuration

type EmailAuthConfig 

type EmailAuthConfig struct {
	Enabled        bool             `yaml:"enabled" json:"enabled"`
	SenderType     string           `yaml:"sender_type" json:"sender_type"`           // "smtp", "sendgrid", or "sendmail"
	From           string           `yaml:"from" json:"from"`                         // From email address (can be RFC 5322 format: "Name <email@example.com>" or just "email@example.com")
	FromName       string           `yaml:"from_name" json:"from_name"`               // From display name (optional, used if From doesn't contain name)
	LimitPerMinute int              `yaml:"limit_per_minute" json:"limit_per_minute"` // Maximum number of emails per minute per address (default: 5)
	SMTP           SMTPConfig       `yaml:"smtp" json:"smtp"`
	SendGrid       SendGridConfig   `yaml:"sendgrid" json:"sendgrid"`
	Sendmail       SendmailConfig   `yaml:"sendmail" json:"sendmail"`
	Token          EmailTokenConfig `yaml:"token" json:"token"`
}

EmailAuthConfig contains email authentication settings

func (EmailAuthConfig) GetFromAddress added in v0.3.0 

func (e EmailAuthConfig) GetFromAddress() (string, string)

GetFromAddress parses the From field and returns the email address and display name Supports RFC 5322 format: "Display Name <email@example.com>" or just "email@example.com" Returns (email, displayName)

func (EmailAuthConfig) GetLimitPerMinute added in v0.8.0 

func (e EmailAuthConfig) GetLimitPerMinute() int

GetLimitPerMinute returns the rate limit per minute with default value Returns the configured limit or default (5) if not set or invalid

type EmailTokenConfig 

type EmailTokenConfig struct {
	Expire string `yaml:"expire" json:"expire"`
}

EmailTokenConfig contains token expiration settings

func (EmailTokenConfig) GetTokenExpireDuration 

func (e EmailTokenConfig) GetTokenExpireDuration() (time.Duration, error)

GetTokenExpireDuration returns the token expiration as a time.Duration

type EncryptionConfig 

type EncryptionConfig struct {
	Key       string `yaml:"key" json:"key"`                                 // Encryption key (required if encrypt filter is used)
	Algorithm string `yaml:"algorithm,omitempty" json:"algorithm,omitempty"` // Encryption algorithm (default: "aes-256-gcm")
}

EncryptionConfig contains encryption settings

func (EncryptionConfig) GetAlgorithm 

func (e EncryptionConfig) GetAlgorithm() string

GetAlgorithm returns the encryption algorithm with default value

type FileLoader 

type FileLoader struct {
	// contains filtered or unexported fields
}

FileLoader loads configuration from a YAML or JSON file

func NewFileLoader 

func NewFileLoader(path string) *FileLoader

NewFileLoader creates a new FileLoader

func (*FileLoader) Load 

func (l *FileLoader) Load() (*Config, error)

Load reads and parses the configuration file Supports both YAML (.yaml, .yml) and JSON (.json) formats Format is automatically detected from file extension Environment variables in the format ${VAR} or ${VAR:-default} are expanded

type FileLoggingConfig added in v0.3.0 

type FileLoggingConfig struct {
	Path       string `yaml:"path" json:"path"`                                   // Log file path (required)
	MaxSizeMB  int    `yaml:"max_size_mb,omitempty" json:"max_size_mb,omitempty"` // Maximum size in megabytes before rotation (default: 100)
	MaxBackups int    `yaml:"max_backups,omitempty" json:"max_backups,omitempty"` // Maximum number of old log files to retain (default: 3)
	MaxAge     int    `yaml:"max_age,omitempty" json:"max_age,omitempty"`         // Maximum number of days to retain old log files (default: 28)
	Compress   bool   `yaml:"compress,omitempty" json:"compress,omitempty"`       // Whether to compress rotated log files (default: false)
}

FileLoggingConfig contains file logging and rotation settings

type FilterList 

type FilterList []string

FilterList represents a list of filters (can be comma-separated string or array)

func (*FilterList) UnmarshalYAML 

func (f *FilterList) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML implements custom YAML unmarshaling to support both string and array formats

type ForwardingConfig 

type ForwardingConfig struct {
	Encryption *EncryptionConfig `yaml:"encryption,omitempty" json:"encryption,omitempty"` // Optional encryption settings
	Fields     []ForwardingField `yaml:"fields" json:"fields"`                             // Field forwarding definitions
}

ForwardingConfig contains user info forwarding settings

type ForwardingField 

type ForwardingField struct {
	Path    string     `yaml:"path" json:"path"`                           // Dot-separated path to field (e.g., "email", "userinfo.avatar_url", "." for entire object)
	Query   string     `yaml:"query,omitempty" json:"query,omitempty"`     // Query parameter name for login redirect (optional)
	Header  string     `yaml:"header,omitempty" json:"header,omitempty"`   // HTTP header name for all requests (optional)
	Filters FilterList `yaml:"filters,omitempty" json:"filters,omitempty"` // Filters to apply (e.g., "encrypt,zip" or ["encrypt", "zip"])
}

ForwardingField defines how to forward a single field

type KVSConfig 

type KVSConfig struct {
	// Default KVS configuration (shared by all use cases)
	Default kvs.Config `yaml:"default" json:"default"`

	// Optional override for session storage
	// If nil, uses Default with session namespace prefix
	Session *kvs.Config `yaml:"session,omitempty" json:"session,omitempty"`

	// Optional override for token storage
	// If nil, uses Default with token namespace prefix
	Token *kvs.Config `yaml:"token,omitempty" json:"token,omitempty"`

	// Optional override for email quota storage (email send rate limiting)
	// If nil, uses Default with email_quota namespace prefix
	EmailQuota *kvs.Config `yaml:"email_quota,omitempty" json:"email_quota,omitempty"`

	// Namespace prefixes for shared KVS (has defaults)
	Namespaces NamespaceConfig `yaml:"namespaces" json:"namespaces"`
}

KVSConfig contains the unified KVS configuration with optional overrides. This design allows sharing a single KVS backend across multiple use cases with namespace isolation, while still supporting dedicated backends when needed.

type Loader 

type Loader interface {
	Load() (*Config, error)
}

Loader is an interface for loading configuration

type LoggingConfig 

type LoggingConfig struct {
	Level string             `yaml:"level" json:"level"`
	Color bool               `yaml:"color" json:"color"`
	File  *FileLoggingConfig `yaml:"file,omitempty" json:"file,omitempty"` // Optional file logging configuration
}

LoggingConfig contains logging settings

type NamespaceConfig 

type NamespaceConfig struct {
	Session    string `yaml:"session" json:"session"`         // Default: "session"
	Token      string `yaml:"token" json:"token"`             // Default: "token"
	EmailQuota string `yaml:"email_quota" json:"email_quota"` // Default: "email_quota"
}

NamespaceConfig defines the key prefixes for each use case when sharing a KVS

func (*NamespaceConfig) SetDefaults 

func (n *NamespaceConfig) SetDefaults()

SetDefaults sets default namespace names if not specified

type OAuth2Config 

type OAuth2Config struct {
	Providers []OAuth2Provider `yaml:"providers" json:"providers"`
}

OAuth2Config contains OAuth2 provider settings

type OAuth2Provider 

type OAuth2Provider struct {
	ID           string `yaml:"id" json:"id"`                     // Unique identifier for this provider (required, must be unique)
	Type         string `yaml:"type" json:"type"`                 // Provider type: "google", "github", "microsoft", "custom"
	DisplayName  string `yaml:"display_name" json:"display_name"` // Display name shown in UI
	ClientID     string `yaml:"client_id" json:"client_id"`
	ClientSecret string `yaml:"client_secret" json:"client_secret"`
	Disabled     bool   `yaml:"disabled" json:"disabled"` // If true, provider is hidden from login page
	IconURL      string `yaml:"icon_url" json:"icon_url"` // Optional custom icon URL (if not set, uses default icon based on provider type)

	// Custom provider settings (only used when Type is "custom")
	AuthURL            string `yaml:"auth_url" json:"auth_url"`                         // Custom authorization endpoint
	TokenURL           string `yaml:"token_url" json:"token_url"`                       // Custom token endpoint
	UserInfoURL        string `yaml:"userinfo_url" json:"userinfo_url"`                 // Custom userinfo endpoint
	JWKSURL            string `yaml:"jwks_url" json:"jwks_url"`                         // Optional OIDC JWKS URL
	InsecureSkipVerify bool   `yaml:"insecure_skip_verify" json:"insecure_skip_verify"` // Allow HTTP for testing (default: false)

	// OAuth2 scopes to request
	Scopes      []string `yaml:"scopes" json:"scopes"`             // OAuth2 scopes to request (e.g., ["openid", "email", "profile", "analytics"])
	ResetScopes bool     `yaml:"reset_scopes" json:"reset_scopes"` // If true, replaces default scopes; if false, adds to default scopes (default: false)
}

OAuth2Provider represents a single OAuth2 provider configuration

type OptimizationConfig 

type OptimizationConfig struct {
	Dify bool `yaml:"dify" json:"dify"` // If true, load dify.css for iframe optimizations
}

OptimizationConfig contains optimization settings for assets

type PasswordAuthConfig added in v0.5.0 

type PasswordAuthConfig struct {
	Enabled  bool   `yaml:"enabled" json:"enabled"`   // Enable password authentication
	Password string `yaml:"password" json:"password"` // Password for authentication
}

PasswordAuthConfig contains password authentication settings This is a simple authentication method that requires a password Useful for initial setup and testing without requiring email or OAuth2 configuration

type SMTPConfig 

type SMTPConfig struct {
	Host     string `yaml:"host" json:"host"`
	Port     int    `yaml:"port" json:"port"`
	Username string `yaml:"username" json:"username"`
	Password string `yaml:"password" json:"password"`
	From     string `yaml:"from,omitempty" json:"from,omitempty"`           // Optional: Override email_auth.from
	FromName string `yaml:"from_name,omitempty" json:"from_name,omitempty"` // Optional: Override email_auth.from_name
	TLS      bool   `yaml:"tls" json:"tls"`
	StartTLS bool   `yaml:"starttls" json:"starttls"`
}

SMTPConfig contains SMTP server settings

func (SMTPConfig) GetFromAddress added in v0.3.0 

func (s SMTPConfig) GetFromAddress(parentEmail, parentName string) (string, string)

GetFromAddress returns the From address and name, with fallback to parent config Returns (email, displayName)

type SendGridConfig 

type SendGridConfig struct {
	APIKey      string `yaml:"api_key" json:"api_key"`
	From        string `yaml:"from,omitempty" json:"from,omitempty"`           // Optional: Override email_auth.from
	FromName    string `yaml:"from_name,omitempty" json:"from_name,omitempty"` // Optional: Override email_auth.from_name
	EndpointURL string `yaml:"endpoint_url" json:"endpoint_url"`               // Optional custom endpoint URL (default: https://api.sendgrid.com)
}

SendGridConfig contains SendGrid API settings

func (SendGridConfig) GetFromAddress added in v0.3.0 

func (s SendGridConfig) GetFromAddress(parentEmail, parentName string) (string, string)

GetFromAddress returns the From address and name, with fallback to parent config Returns (email, displayName)

type SendmailConfig added in v0.2.0 

type SendmailConfig struct {
	Path     string `yaml:"path" json:"path"`                               // Path to sendmail binary (default: /usr/sbin/sendmail)
	From     string `yaml:"from,omitempty" json:"from,omitempty"`           // Optional: Override email_auth.from
	FromName string `yaml:"from_name,omitempty" json:"from_name,omitempty"` // Optional: Override email_auth.from_name
}

SendmailConfig contains sendmail command settings

func (SendmailConfig) GetFromAddress added in v0.3.0 

func (s SendmailConfig) GetFromAddress(parentEmail, parentName string) (string, string)

GetFromAddress returns the From address and name, with fallback to parent config Returns (email, displayName)

type ServerConfig 

type ServerConfig struct {
	AuthPathPrefix string `yaml:"auth_path_prefix" json:"auth_path_prefix"` // Path prefix for authentication endpoints (default: "/_auth")
	BaseURL        string `yaml:"base_url" json:"base_url"`                 // Optional: Base URL for email links and OAuth2 callback (e.g., "https://example.com:8443" or "http://localhost:4181")
	Development    bool   `yaml:"development" json:"development"`           // Enable development mode (relaxes CSP for inline scripts, default: false)
}

ServerConfig contains authentication server settings

func (ServerConfig) GetAuthPathPrefix 

func (s ServerConfig) GetAuthPathPrefix() string

GetAuthPathPrefix returns the authentication path prefix If not set, returns the default "/_auth"

func (ServerConfig) GetCallbackURL 

func (s ServerConfig) GetCallbackURL(host string, port int) string

GetCallbackURL returns the OAuth2 callback URL Automatically generated from BaseURL and AuthPathPrefix Format: {base_url}{auth_path_prefix}/oauth2/callback If BaseURL is not set, defaults to http://host:port

type ServiceConfig 

type ServiceConfig struct {
	Name        string `yaml:"name" json:"name"`
	Description string `yaml:"description" json:"description"`
	IconURL     string `yaml:"icon_url" json:"icon_url"`     // Icon URL for auth header (48px icon)
	LogoURL     string `yaml:"logo_url" json:"logo_url"`     // Logo URL for auth header (larger logo image)
	LogoWidth   string `yaml:"logo_width" json:"logo_width"` // Logo width (e.g., "100px", "150px", "200px", default: "200px")
}

ServiceConfig contains service-level settings

type SessionConfig 

type SessionConfig struct {
	Cookie CookieConfig `yaml:"cookie" json:"cookie"`
}

SessionConfig contains session management settings Note: Session storage backend is configured via kvs.default or kvs.session

type StaticLoader added in v0.9.0 

type StaticLoader struct {
	// contains filtered or unexported fields
}

StaticLoader loads configuration from a pre-defined Config struct

func NewStaticLoader added in v0.9.0 

func NewStaticLoader(cfg *Config) *StaticLoader

NewStaticLoader creates a new StaticLoader with the given config

func (*StaticLoader) Load added in v0.9.0 

func (l *StaticLoader) Load() (*Config, error)

Load returns the pre-defined configuration

type ValidationError 

type ValidationError struct {
	Errors []error
}

ValidationError represents multiple validation errors

func NewValidationError 

func NewValidationError() *ValidationError

NewValidationError creates a new ValidationError

func (*ValidationError) Add 

func (v *ValidationError) Add(err error)

Add adds an error to the validation error list

func (*ValidationError) Error 

func (v *ValidationError) Error() string

Error implements the error interface

func (*ValidationError) ErrorOrNil 

func (v *ValidationError) ErrorOrNil() error

ErrorOrNil returns the error if there are any validation errors, otherwise nil

func (*ValidationError) HasErrors 

func (v *ValidationError) HasErrors() bool

HasErrors returns true if there are any validation errors

func (*ValidationError) Is 

func (v *ValidationError) Is(target error) bool

Is implements the errors.Is interface for single error case

func (*ValidationError) Unwrap 

func (v *ValidationError) Unwrap() error

Unwrap implements the errors.Unwrap interface for single error case

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.