Documentation
¶
Overview ¶
Package config loads runtime settings from environment variables.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Specification ¶
type Specification struct {
HTTPAddress string `env:"HTTP_ADDR" envDefault:"127.0.0.1:8080"`
HTTPSAddress string `env:"HTTPS_ADDR" envDefault:"127.0.0.1:8443"`
TLS tlscert.Config // Nested: env tags live on tlscert.Config itself.
SigningKeyFile string `env:"SIGNING_KEY_FILE"`
IssuerURL string `env:"ISSUER_URL" envDefault:"https://localhost:8443/"`
DefaultAudience string `env:"DEFAULT_AUDIENCE" envDefault:"https://localhost:8443/api/v2/"`
AccessTokenTTL time.Duration `env:"ACCESS_TOKEN_TTL" envDefault:"24h"`
IDTokenTTL time.Duration `env:"ID_TOKEN_TTL" envDefault:"24h"`
LogLevel string `env:"LOG_LEVEL" envDefault:"info"`
// Debug turns on the request/response dump middleware. Off by default;
// enables full method/path/query/headers/body logging for every
// request + response at INFO level. Authorization + Cookie headers are
// redacted; bodies are truncated at 8 KiB. Local-dev only — adds an
// allocation and a synchronous log write per request.
Debug bool `env:"DEBUG" envDefault:"false"`
SpecValidationStrict bool `env:"SPEC_VALIDATION_STRICT" envDefault:"true"`
ReadHeaderTimeout time.Duration `env:"READ_HEADER_TIMEOUT" envDefault:"5s"`
WriteTimeout time.Duration `env:"WRITE_TIMEOUT" envDefault:"30s"`
IdleTimeout time.Duration `env:"IDLE_TIMEOUT" envDefault:"120s"`
MaxRequestBodyBytes int64 `env:"MAX_REQUEST_BODY_BYTES" envDefault:"1048576"` // 1 MiB.
ShutdownTimeout time.Duration `env:"SHUTDOWN_TIMEOUT" envDefault:"5s"`
// EventsReplayBuffer caps the SSE replay ring buffer at GET /events.
// Reconnecting subscribers can resume from Last-Event-ID, ?from, or
// ?from_timestamp up to this many events back. <= 0 disables replay
// (the endpoint still works; resume params become no-ops).
EventsReplayBuffer int `env:"EVENTS_REPLAY_BUFFER" envDefault:"100"`
// LogoutAllowedURLs is the comma-separated allow-list of absolute
// returnTo URLs that /v2/logout will redirect to. Relative URLs are
// always allowed (they can't escape the mock's origin). Mirrors
// Auth0's "Allowed Logout URLs" tenant setting.
LogoutAllowedURLs []string `env:"LOGOUT_ALLOWED_URLS" envSeparator:","`
// AuthorizeAllowedCallbacks is the comma-separated allow-list of
// absolute redirect_uri values that /authorize will 302 to. Same
// threat model as LogoutAllowedURLs but on the higher-value endpoint:
// /authorize carries `code` / `access_token` in the URL, so an
// unvalidated redirect_uri leaks them to attacker-controlled hosts.
// Mirrors Auth0's per-application "Allowed Callback URLs" setting.
// Empty = no enforcement (the test-friendly default — clients can
// register any callback).
AuthorizeAllowedCallbacks []string `env:"AUTHORIZE_ALLOWED_CALLBACKS" envSeparator:","`
// BearerRequireAudience opts the Mgmt-API bearer middleware into Auth0-
// like strict audience binding. When non-empty, tokens whose `aud`
// claim doesn't contain this value get a 401. Empty (default) keeps
// the "echoed, not enforced" behaviour the README documents so test
// suites can swap audiences freely.
BearerRequireAudience string `env:"BEARER_REQUIRE_AUDIENCE"`
}
Specification holds all runtime settings.
func Load ¶
func Load() (*Specification, error)
Load populates a Specification from process environment and validates it. Errors out on impossible combinations like "both listeners disabled" so callers don't have to repeat the sanity checks (and so the process doesn't silently idle forever waiting for a signal that nothing's listening for).
func (*Specification) Validate ¶
func (s *Specification) Validate() error
Validate checks the loaded Specification for mutually-exclusive or nonsensical combinations. Run automatically by Load(); exported so callers building a Specification programmatically (tests, embeds) get the same sanity net.
Source Files
Click to show internal directories.
Click to hide internal directories.