Feat: removed comments and added sqlite db to config
This commit is contained in:
71
config.go
71
config.go
@@ -1,19 +1,3 @@
|
|||||||
// config.go — environment-driven configuration
|
|
||||||
//
|
|
||||||
// We read everything from environment variables so the container image stays
|
|
||||||
// generic. No config files to mount — just env vars and a single whitelist
|
|
||||||
// file (see --permanet-whitelist-file below).
|
|
||||||
//
|
|
||||||
// Why env vars instead of a config file?
|
|
||||||
//
|
|
||||||
// - Containers are meant to be configuration via env vars (12-factor).
|
|
||||||
// - It avoids an extra volume mount for a JSON/TOML config file.
|
|
||||||
// - The permanent whitelist file IS mounted as a volume, but that's
|
|
||||||
// intentional: it's data, not configuration.
|
|
||||||
//
|
|
||||||
// Defaults are sensible so the service can start even if the operator
|
|
||||||
// forgets to set some values.
|
|
||||||
|
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
@@ -21,73 +5,28 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Config holds the runtime configuration for the auth-gate service.
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
// Port is the HTTP listen address (no host — we rely on Docker port mapping).
|
|
||||||
Port string
|
Port string
|
||||||
|
|
||||||
// APIToken is the bearer token that authorises the /api/* endpoints.
|
|
||||||
// This is NOT the auth credential for clients — it's the admin token
|
|
||||||
// for the API. Keep it secret.
|
|
||||||
APIToken string
|
APIToken string
|
||||||
|
|
||||||
// BasicAuthUser and BasicAuthPass are the credentials for the
|
|
||||||
// /auth endpoint's HTTP Basic Auth challenge.
|
|
||||||
//
|
|
||||||
// Why Basic Auth instead of JWT/OAuth?
|
|
||||||
//
|
|
||||||
// - Simplicity: no library dependencies, no token signing.
|
|
||||||
// - Browsers natively support it (pop-up dialog).
|
|
||||||
// - curl, git, and most HTTP clients support it out of the box.
|
|
||||||
BasicAuthUser string
|
|
||||||
BasicAuthPass string
|
|
||||||
|
|
||||||
// PermanentWhitelistFile is the path to a text file containing
|
|
||||||
// permanently whitelisted IPs/CIDRs (one per line).
|
|
||||||
//
|
|
||||||
// The file is loaded at startup and reloaded by the watcher every
|
|
||||||
// cfg.WatchInterval seconds.
|
|
||||||
PermanentWhitelistFile string
|
PermanentWhitelistFile string
|
||||||
|
|
||||||
PermanentWhitelist *PermanentWhitelist
|
|
||||||
TemporaryWhitelist *tempWhitelist
|
|
||||||
|
|
||||||
// DataDir is the directory where the service stores the temporary
|
|
||||||
// whitelist in JSON format.
|
|
||||||
//
|
|
||||||
// Why store temp whitelists on disk?
|
|
||||||
//
|
|
||||||
// - We chose an in-memory approach (see tempWhitelist in auth.go)
|
|
||||||
// for simplicity. If you need persistence across restarts,
|
|
||||||
// add a disk-backed store later.
|
|
||||||
// - For now, this field is unused but kept for future extensibility.
|
|
||||||
DataDir string
|
DataDir string
|
||||||
|
|
||||||
// CleanupInterval is how often the cleanup goroutine runs to expire
|
|
||||||
// temporary whitelisted IPs.
|
|
||||||
CleanupInterval time.Duration
|
CleanupInterval time.Duration
|
||||||
|
|
||||||
// WatchInterval is how often the permanent-whitelist file watcher
|
|
||||||
// polls the file for changes.
|
|
||||||
WatchInterval time.Duration
|
WatchInterval time.Duration
|
||||||
|
DBPath string
|
||||||
}
|
}
|
||||||
|
|
||||||
// loadConfig reads configuration from environment variables with sensible defaults.
|
|
||||||
func loadConfig() Config {
|
func loadConfig() Config {
|
||||||
cfg := Config{
|
return Config{
|
||||||
Port: getEnv("AUTH_GATE_PORT", "8080"),
|
Port: getEnv("AUTH_GATE_PORT", "8080"),
|
||||||
APIToken: getEnv("AUTH_GATE_API_TOKEN", ""),
|
APIToken: getEnv("AUTH_GATE_API_TOKEN", ""),
|
||||||
BasicAuthUser: getEnv("AUTH_GATE_BASIC_USER", "admin"),
|
|
||||||
BasicAuthPass: getEnv("AUTH_GATE_BASIC_PASSWORD", "changeme"),
|
|
||||||
PermanentWhitelistFile: getEnv("PERMANENT_WHITELIST_FILE", "./config/permanent_whitelist.txt"),
|
PermanentWhitelistFile: getEnv("PERMANENT_WHITELIST_FILE", "./config/permanent_whitelist.txt"),
|
||||||
DataDir: getEnv("DATA_DIR", "/data"),
|
DataDir: getEnv("DATA_DIR", ". /data"),
|
||||||
CleanupInterval: parseDuration("CLEANUP_INTERVAL", 60*time.Second),
|
CleanupInterval: parseDuration("CLEANUP_INTERVAL", 60*time.Second),
|
||||||
WatchInterval: parseDuration("WATCH_INTERVAL", 30*time.Second),
|
WatchInterval: parseDuration("WATCH_INTERVAL", 30*time.Second),
|
||||||
|
DBPath: getEnv("AUTH_GATE_DB_PATH", ". /data/auth-gate.db"),
|
||||||
}
|
}
|
||||||
return cfg
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// getEnv returns os.Getenv(key) or defaultValue if key is unset or empty.
|
|
||||||
func getEnv(key, defaultValue string) string {
|
func getEnv(key, defaultValue string) string {
|
||||||
if v := os.Getenv(key); v != "" {
|
if v := os.Getenv(key); v != "" {
|
||||||
return v
|
return v
|
||||||
@@ -95,8 +34,6 @@ func getEnv(key, defaultValue string) string {
|
|||||||
return defaultValue
|
return defaultValue
|
||||||
}
|
}
|
||||||
|
|
||||||
// parseDuration reads a duration from the environment, falling back to
|
|
||||||
// the provided default.
|
|
||||||
func parseDuration(key string, defaultVal time.Duration) time.Duration {
|
func parseDuration(key string, defaultVal time.Duration) time.Duration {
|
||||||
if v := os.Getenv(key); v != "" {
|
if v := os.Getenv(key); v != "" {
|
||||||
d, err := time.ParseDuration(v)
|
d, err := time.ParseDuration(v)
|
||||||
|
|||||||
Reference in New Issue
Block a user