config

package
v1.21.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 21, 2024 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Plugin = iota
	ManagementClient
)

Variables

View Source
var Defaults = Config{
	Debug: Debug{
		Listen: ":9001",
	},
	Log: Log{
		Format:      "console",
		Level:       slog.LevelInfo,
		VPNClientIP: true,
	},
	HTTP: HTTP{
		BaseURL: &url.URL{
			Scheme: "http",
			Host:   "localhost:9000",
		},
		Listen: ":9000",
		TLS:    false,
		Check: HTTPCheck{
			IPAddr: false,
		},
		CallbackTemplate: template.Must(template.New("index.gohtml").ParseFS(ui.Template, "index.gohtml")),
	},
	OpenVpn: OpenVpn{
		Addr: &url.URL{
			Scheme:   "unix",
			Path:     "/run/openvpn/server.sock",
			OmitHost: true,
		},
		AuthTokenUser:      true,
		AuthPendingTimeout: 3 * time.Minute,
		CommonName: OpenVPNCommonName{
			EnvironmentVariableName: "common_name",
			Mode:                    CommonNameModePlain,
		},
		Bypass: OpenVpnBypass{
			CommonNames: make([]string, 0),
		},
		Passthrough: OpenVPNPassthrough{
			Enabled: false,
			Address: &url.URL{
				Scheme:   "unix",
				Path:     "/run/openvpn-auth-oauth2/server.sock",
				OmitHost: true,
			},
			SocketMode:  660,
			SocketGroup: "",
		},
	},
	OAuth2: OAuth2{
		AuthStyle: OAuth2AuthStyle(oauth2.AuthStyleInParams),
		Client:    OAuth2Client{},
		Endpoints: OAuth2Endpoints{
			Auth:      &url.URL{Scheme: "", Host: ""},
			Discovery: &url.URL{Scheme: "", Host: ""},
			Token:     &url.URL{Scheme: "", Host: ""},
		},
		Issuer:   &url.URL{Scheme: "", Host: ""},
		Nonce:    true,
		PKCE:     true,
		Provider: "generic",
		Refresh: OAuth2Refresh{
			Expires:      time.Hour * 8,
			ValidateUser: true,
		},
		Scopes: []string{},
		Validate: OAuth2Validate{
			Groups: make([]string, 0),
			IPAddr: false,
			Issuer: true,
			Roles:  make([]string, 0),
		},
	},
}
View Source
var ErrRequired = errors.New("required")

Functions

func FlagSet

func FlagSet(name string) *flag.FlagSet

FlagSet configure the command line parser using the flag library.

func IsURLEmpty

func IsURLEmpty(url *url.URL) bool

func StringToTemplateHookFunc

func StringToTemplateHookFunc() mapstructure.DecodeHookFuncType

StringToTemplateHookFunc parse a string to template.Template.

func StringToURLHookFunc

func StringToURLHookFunc() mapstructure.DecodeHookFuncType

StringToURLHookFunc parse a string to url.URL.

func Validate

func Validate(mode int, conf Config) error

Validate validates the config.

Types

type Config

type Config struct {
	ConfigFile string  `koanf:"config"`
	Debug      Debug   `koanf:"debug"`
	Log        Log     `koanf:"log"`
	HTTP       HTTP    `koanf:"http"`
	OpenVpn    OpenVpn `koanf:"openvpn"`
	OAuth2     OAuth2  `koanf:"oauth2"`
}

func Load

func Load(mode int, configFile string, flagSet *flag.FlagSet) (Config, error)

type Debug

type Debug struct {
	Pprof  bool   `koanf:"pprof"`
	Listen string `koanf:"listen"`
}

type HTTP

type HTTP struct {
	Listen             string             `koanf:"listen"`
	CertFile           string             `koanf:"cert"`
	KeyFile            string             `koanf:"key"`
	TLS                bool               `koanf:"tls"`
	Ciphers            string             `koanf:"ciphers"`
	BaseURL            *url.URL           `koanf:"baseurl"`
	Secret             Secret             `koanf:"secret"`
	CallbackTemplate   *template.Template `koanf:"template"`
	Check              HTTPCheck          `koanf:"check"`
	EnableProxyHeaders bool               `koanf:"enable-proxy-headers"`
	AssetPath          string             `koanf:"assets-path"`
}

type HTTPCheck

type HTTPCheck struct {
	IPAddr bool `koanf:"ipaddr"`
}

type Log

type Log struct {
	Format      string     `koanf:"format"`
	Level       slog.Level `koanf:"level"`
	VPNClientIP bool       `koanf:"vpn-client-ip"`
}

type OAuth2

type OAuth2 struct {
	AuthStyle       OAuth2AuthStyle `koanf:"auth-style"`
	AuthorizeParams string          `koanf:"authorize-params"`
	Client          OAuth2Client    `koanf:"client"`
	Endpoints       OAuth2Endpoints `koanf:"endpoint"`
	Issuer          *url.URL        `koanf:"issuer"`
	Nonce           bool            `koanf:"nonce"`
	PKCE            bool            `koanf:"pkce"`
	Provider        string          `koanf:"provider"`
	Refresh         OAuth2Refresh   `koanf:"refresh"`
	Scopes          StringSlice     `koanf:"scopes"`
	Validate        OAuth2Validate  `koanf:"validate"`
}

type OAuth2AuthStyle

type OAuth2AuthStyle oauth2.AuthStyle

func (OAuth2AuthStyle) AuthStyle

func (s OAuth2AuthStyle) AuthStyle() oauth2.AuthStyle

func (OAuth2AuthStyle) MarshalText

func (s OAuth2AuthStyle) MarshalText() ([]byte, error)

func (OAuth2AuthStyle) String

func (s OAuth2AuthStyle) String() string

func (*OAuth2AuthStyle) UnmarshalText

func (s *OAuth2AuthStyle) UnmarshalText(text []byte) error

type OAuth2Client

type OAuth2Client struct {
	ID     string `koanf:"id"`
	Secret Secret `koanf:"secret"`
}

type OAuth2Endpoints

type OAuth2Endpoints struct {
	Discovery *url.URL `koanf:"discovery"`
	Auth      *url.URL `koanf:"auth"`
	Token     *url.URL `koanf:"token"`
}

type OAuth2Refresh

type OAuth2Refresh struct {
	Enabled      bool          `koanf:"enabled"`
	Expires      time.Duration `koanf:"expires"`
	Secret       Secret        `koanf:"secret"`
	UseSessionID bool          `koanf:"use-session-id"`
	ValidateUser bool          `koanf:"validate-user"`
}

type OAuth2Validate

type OAuth2Validate struct {
	Acr                     StringSlice `koanf:"acr"`
	Groups                  StringSlice `koanf:"groups"`
	Roles                   StringSlice `koanf:"roles"`
	IPAddr                  bool        `koanf:"ipaddr"`
	Issuer                  bool        `koanf:"issuer"`
	CommonName              string      `koanf:"common-name"`
	CommonNameCaseSensitive bool        `koanf:"common-name-case-sensitive"`
}

type OpenVPNCommonName

type OpenVPNCommonName struct {
	EnvironmentVariableName string                `koanf:"environment-variable-name"`
	Mode                    OpenVPNCommonNameMode `koanf:"mode"`
}

type OpenVPNCommonNameMode

type OpenVPNCommonNameMode int
const (
	CommonNameModePlain OpenVPNCommonNameMode = iota
	CommonNameModeOmit
	CommonNameModeOmitValue = "-"
)

func (OpenVPNCommonNameMode) MarshalText

func (s OpenVPNCommonNameMode) MarshalText() ([]byte, error)

func (OpenVPNCommonNameMode) String

func (s OpenVPNCommonNameMode) String() string

func (*OpenVPNCommonNameMode) UnmarshalText

func (s *OpenVPNCommonNameMode) UnmarshalText(text []byte) error

type OpenVPNPassthrough

type OpenVPNPassthrough struct {
	Enabled     bool     `koanf:"enabled"`
	Address     *url.URL `koanf:"address"`
	Password    Secret   `koanf:"password"`
	SocketMode  uint     `koanf:"socket-mode"`
	SocketGroup string   `koanf:"socket-group"`
}

type OpenVpn

type OpenVpn struct {
	Addr               *url.URL           `koanf:"addr"`
	Password           Secret             `koanf:"password"`
	Bypass             OpenVpnBypass      `koanf:"bypass"`
	AuthTokenUser      bool               `koanf:"auth-token-user"`
	AuthPendingTimeout time.Duration      `koanf:"auth-pending-timeout"`
	CommonName         OpenVPNCommonName  `koanf:"common-name"`
	Passthrough        OpenVPNPassthrough `koanf:"pass-through"`
}

type OpenVpnBypass

type OpenVpnBypass struct {
	CommonNames StringSlice `koanf:"common-names"`
}

type Secret

type Secret string

Secret represents a secret value that can be a plain string or a file path. If the value starts with "file://", it is treated as a file path, and the secret value is read from the file. The "file://" syntax supports environment variables. For example, "file://$HOME/my_secret.txt" would read the secret from the "my_secret.txt" file in the user's home directory.

func (Secret) MarshalText

func (secret Secret) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler interface for Secret

func (Secret) String

func (secret Secret) String() string

String reassembles the Secret into a valid string.

func (*Secret) UnmarshalText

func (secret *Secret) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface for Secret

type StringSlice

type StringSlice []string

func (StringSlice) MarshalText

func (stringSlice StringSlice) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler interface for StringSlice

func (*StringSlice) UnmarshalText

func (stringSlice *StringSlice) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface for StringSlice

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL