Documentation ¶
Overview ¶
Package config defines the environment baased configuration for this project. Each server has a unique config type.
Index ¶
- Constants
- func ProcessWith(ctx context.Context, spec interface{}, l envconfig.Lookuper) error
- type APIServerConfig
- type AdminAPIServerConfig
- func (c *AdminAPIServerConfig) GetAllowedSymptomAge() time.Duration
- func (c *AdminAPIServerConfig) GetCollisionRetryCount() uint
- func (c *AdminAPIServerConfig) GetENXRedirectDomain() string
- func (c *AdminAPIServerConfig) GetEnforceRealmQuotas() bool
- func (c *AdminAPIServerConfig) GetRateLimitConfig() *ratelimit.Config
- func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config
- func (c *AdminAPIServerConfig) Validate() error
- type Base64ByteSlice
- type CertificateSigningConfig
- type CleanupConfig
- type E2ERunnerConfig
- type E2ETestConfig
- type FirebaseConfig
- type IntegrationTestConfig
- type IssueAPIConfig
- type Modeler
- type PasswordRequirementsConfig
- type RedirectConfig
- type ServerConfig
- func (c *ServerConfig) FirebaseConfig() *firebase.Config
- func (c *ServerConfig) GetAllowedSymptomAge() time.Duration
- func (c *ServerConfig) GetCollisionRetryCount() uint
- func (c *ServerConfig) GetENXRedirectDomain() string
- func (c *ServerConfig) GetEnforceRealmQuotas() bool
- func (c *ServerConfig) GetRateLimitConfig() *ratelimit.Config
- func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config
- func (c *ServerConfig) Validate() error
- type TokenSigningConfig
- type Validatable
Constants ¶
const ( VerificationTokenDuration = time.Second * 2 APIKeyCacheDuration = time.Second * 2 APISrvPort = "8080" AdminSrvPort = "8081" )
Variables ¶
This section is empty.
Functions ¶
func ProcessWith ¶
ProcessWith creates a new config with the given lookuper for parsing config.
Types ¶
type APIServerConfig ¶
type APIServerConfig struct { Database database.Config Observability observability.Config Cache cache.Config // DevMode produces additional debugging information. Do not enable in // production environments. DevMode bool `env:"DEV_MODE"` Port string `env:"PORT,default=8080"` APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"` // Verification Token Config VerificationTokenDuration time.Duration `env:"VERIFICATION_TOKEN_DURATION,default=24h"` // Token signing TokenSigning TokenSigningConfig // Certificate signing CertificateSigning CertificateSigningConfig // Rate limiting configuration RateLimit ratelimit.Config // contains filtered or unexported fields }
APIServerConfig represnets the environment based configuration for the API server.
func NewAPIServerConfig ¶
func NewAPIServerConfig(ctx context.Context) (*APIServerConfig, error)
NewAPIServerConfig returns the environment config for the API server. Only needs to be called once per instance, but may be called multiple times.
func (*APIServerConfig) AllowedTokenPublicKeys ¶ added in v0.5.1
func (c *APIServerConfig) AllowedTokenPublicKeys() map[string]string
AllowedTokenPublicKeys returns a map of 'kid' to the KMS KeyID reference. This represents the keys that are allowed to be used to verify tokens, the TokenSigningKey/TokenSigningKeyID.
func (*APIServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *APIServerConfig) ObservabilityExporterConfig() *observability.Config
func (*APIServerConfig) Validate ¶
func (c *APIServerConfig) Validate() error
type AdminAPIServerConfig ¶
type AdminAPIServerConfig struct { Database database.Config Observability observability.Config Cache cache.Config // DevMode produces additional debugging information. Do not enable in // production environments. DevMode bool `env:"DEV_MODE"` // Rate limiting configuration RateLimit ratelimit.Config Port string `env:"PORT,default=8080"` APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"` CollisionRetryCount uint `env:"COLLISION_RETRY_COUNT,default=6"` AllowedSymptomAge time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=336h"` // 336h is 14 days. EnforceRealmQuotas bool `env:"ENFORCE_REALM_QUOTAS, default=true"` // For EN Express, the link will be // https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode] // This repository contains a redirect service that can be used for this purpose. ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"` }
AdminAPIServerConfig represents the environment based config for the Admin API Server.
func NewAdminAPIServerConfig ¶
func NewAdminAPIServerConfig(ctx context.Context) (*AdminAPIServerConfig, error)
NewAdminAPIServerConfig returns the environment config for the Admin API server. Only needs to be called once per instance, but may be called multiple times.
func (*AdminAPIServerConfig) GetAllowedSymptomAge ¶
func (c *AdminAPIServerConfig) GetAllowedSymptomAge() time.Duration
func (*AdminAPIServerConfig) GetCollisionRetryCount ¶ added in v0.3.0
func (c *AdminAPIServerConfig) GetCollisionRetryCount() uint
func (*AdminAPIServerConfig) GetENXRedirectDomain ¶ added in v0.9.0
func (c *AdminAPIServerConfig) GetENXRedirectDomain() string
func (*AdminAPIServerConfig) GetEnforceRealmQuotas ¶ added in v0.9.0
func (c *AdminAPIServerConfig) GetEnforceRealmQuotas() bool
func (*AdminAPIServerConfig) GetRateLimitConfig ¶ added in v0.9.0
func (c *AdminAPIServerConfig) GetRateLimitConfig() *ratelimit.Config
func (*AdminAPIServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config
func (*AdminAPIServerConfig) Validate ¶
func (c *AdminAPIServerConfig) Validate() error
type Base64ByteSlice ¶
type Base64ByteSlice []envconfig.Base64Bytes
Base64ByteSlice is a slice of base64-encoded strings that we want to convert to bytes.
func (Base64ByteSlice) AsBytes ¶
func (c Base64ByteSlice) AsBytes() [][]byte
AsBytes returns the value as a slice of bytes instead of its main type.
type CertificateSigningConfig ¶ added in v0.5.0
type CertificateSigningConfig struct { // Keys determines the key manager configuration for this certificate signing // configuration. Keys keys.Config `env:",prefix=CERTIFICATE_"` PublicKeyCacheDuration time.Duration `env:"PUBLIC_KEY_CACHE_DURATION, default=15m"` SignerCacheDuration time.Duration `env:"CERTIFICATE_SIGNER_CACHE_DURATION, default=1m"` CertificateSigningKey string `env:"CERTIFICATE_SIGNING_KEY, required"` CertificateSigningKeyID string `env:"CERTIFICATE_SIGNING_KEY_ID, default=v1"` CertificateIssuer string `env:"CERTIFICATE_ISSUER, default=diagnosis-verification-example"` CertificateAudience string `env:"CERTIFICATE_AUDIENCE, default=exposure-notifications-server"` CertificateDuration time.Duration `env:"CERTIFICATE_DURATION, default=15m"` }
CertificateSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certifiate keys externally.
type CleanupConfig ¶
type CleanupConfig struct { Database database.Config Observability observability.Config // DevMode produces additional debugging information. Do not enable in // production environments. DevMode bool `env:"DEV_MODE"` Port string `env:"PORT,default=8080"` RateLimit uint64 `env:"RATE_LIMIT,default=60"` // Cleanup config CleanupPeriod time.Duration `env:"CLEANUP_PERIOD,default=15m"` VerificationCodeMaxAge time.Duration `env:"VERIFICATION_CODE_MAX_AGE,default=24h"` VerificationTokenMaxAge time.Duration `env:"VERIFICATION_TOKEN_MAX_AGE,default=24h"` MobileAppMaxAge time.Duration `env:"MOBILE_APP_MAX_AGE,default=168h"` AuditEntryMaxAge time.Duration `env:"AUDIT_ENTRY_MAX_AGE,default=720h"` }
CleanupConfig represents the environment based configuration for the Cleanup server.
func NewCleanupConfig ¶
func NewCleanupConfig(ctx context.Context) (*CleanupConfig, error)
NewCleanupConfig returns the environment config for the cleanup server. Only needs to be called once per instance, but may be called multiple times.
func (*CleanupConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *CleanupConfig) ObservabilityExporterConfig() *observability.Config
func (*CleanupConfig) Validate ¶
func (c *CleanupConfig) Validate() error
type E2ERunnerConfig ¶ added in v0.6.0
type E2ERunnerConfig struct { Database database.Config Observability *observability.Config // DevMode produces additional debugging information. Do not enable in // production environments. DevMode bool `env:"DEV_MODE"` Port string `env:"PORT,default=8080"` // Share config between server and command line versions. TestConfig E2ETestConfig }
E2ERunnerConfig represents the environment based configuration for the e2e-runner server.
func NewE2ERunnerConfig ¶ added in v0.6.0
func NewE2ERunnerConfig(ctx context.Context) (*E2ERunnerConfig, error)
NewE2ERunnerConfig returns the environment config for the e2e-runner server. Only needs to be called once per instance, but may be called multiple times.
func (*E2ERunnerConfig) Validate ¶ added in v0.6.0
func (c *E2ERunnerConfig) Validate() error
type E2ETestConfig ¶ added in v0.7.0
type E2ETestConfig struct { VerificationAdminAPIServer string `env:"VERIFICATION_ADMIN_API, default=http://localhost:8081"` VerificationAdminAPIKey string `env:"VERIFICATION_ADMIN_API_KEY"` VerificationAPIServer string `env:"VERIFICATION_SERVER_API, default=http://localhost:8082"` VerificationAPIServerKey string `env:"VERIFICATION_SERVER_API_KEY"` KeyServer string `env:"KEY_SERVER, default=http://localhost:8080"` HealthAuthorityCode string `env:"HEALTH_AUTHORITY_CODE,required"` DoRevise bool `env:"DO_REVISIONS"` }
func NewE2ETestConfig ¶ added in v0.7.0
func NewE2ETestConfig(ctx context.Context) (*E2ETestConfig, error)
NewE2ETestConfig contains just the necessary elements for command line execution.
type FirebaseConfig ¶
type FirebaseConfig struct { APIKey string `env:"FIREBASE_API_KEY,required"` AuthDomain string `env:"FIREBASE_AUTH_DOMAIN,required"` DatabaseURL string `env:"FIREBASE_DATABASE_URL,required"` ProjectID string `env:"FIREBASE_PROJECT_ID,required"` StorageBucket string `env:"FIREBASE_STORAGE_BUCKET,required"` MessageSenderID string `env:"FIREBASE_MESSAGE_SENDER_ID,required"` AppID string `env:"FIREBASE_APP_ID,required"` MeasurementID string `env:"FIREBASE_MEASUREMENT_ID,required"` TermsOfServiceURL string `env:"FIREBASE_TERMS_OF_SERVICE_URL"` PrivacyPolicyURL string `env:"FIREBASE_PRIVACY_POLICY_URL"` }
FirebaseConfig represents configuration specific to firebase auth.
type IntegrationTestConfig ¶ added in v0.11.1
type IntegrationTestConfig struct { Observability *observability.Config DBConfig *database.Config APISrvConfig APIServerConfig AdminAPISrvConfig AdminAPIServerConfig }
IntegrationTestConfig represents configurations to run server integration tests.
func NewIntegrationTestConfig ¶ added in v0.11.1
type IssueAPIConfig ¶
type IssueAPIConfig interface { GetCollisionRetryCount() uint GetAllowedSymptomAge() time.Duration GetEnforceRealmQuotas() bool GetRateLimitConfig() *ratelimit.Config GetENXRedirectDomain() string }
IssueAPIConfig is an interface that represents what is needed of the verification code issue API.
type Modeler ¶ added in v0.9.0
type Modeler struct { Cache cache.Config Database database.Config Observability observability.Config RateLimit ratelimit.Config // DevMode produces additional debugging information. Do not enable in // production environments. DevMode bool `env:"DEV_MODE"` Port string `env:"PORT, default=8080"` // MinValue and MaxValue determine the floor and ceiling limits for the // modeler. MinValue uint `env:"MODELER_MIN_VALUE, default=10"` MaxValue uint `env:"MODELER_MAX_VALUE, default=20000"` }
Modeler is the configuration for the modeler service.
func NewModeler ¶ added in v0.9.0
NewModeler returns the config for the modeler server.
func (*Modeler) ObservabilityExporterConfig ¶ added in v0.9.0
func (c *Modeler) ObservabilityExporterConfig() *observability.Config
type PasswordRequirementsConfig ¶ added in v0.9.0
type PasswordRequirementsConfig struct { Length int `env:"MIN_PWD_LENGTH,default=8"` Uppercase int `env:"MIN_PWD_UPPER,default=1"` Lowercase int `env:"MIN_PWD_LOWER,default=1"` Number int `env:"MIN_PWD_DIGITS,default=1"` Special int `env:"MIN_PWD_SPECIAL,default=1"` }
PasswordRequirementsConfig represents the password complexity requirements for the server.
func (*PasswordRequirementsConfig) HasRequirements ¶ added in v0.9.0
func (c *PasswordRequirementsConfig) HasRequirements() bool
HasRequirements is true if any requirements are set.
type RedirectConfig ¶ added in v0.9.0
type RedirectConfig struct { Database database.Config Observability observability.Config Cache cache.Config Port string `env:"PORT, default=8080"` AssetsPath string `env:"ASSETS_PATH, default=./cmd/enx-redirect/assets"` AppCacheTTL time.Duration `env:"APP_CACHE_TTL, default=5m"` // If Dev mode is true, extended logging is enabled and template // auto-reload is enabled. DevMode bool `env:"DEV_MODE"` // A map of hostnames to redirect to ens:// and a mapping to the region. // For example to redirect // region.example.com to region US-AA // otherregion.example.com to region US-BB // all matched hostnames are redirected to // "ens://" // The append region is added to the end // "US-AA,US-BB" // // The config for this is passed as a map, example: // HOSTNAME_TO_REGION="region.example.com:US-AA,otherregion.example.com:US-BB" HostnameConfig map[string]string `env:"HOSTNAME_TO_REGION"` }
RedirectConfig represents the environment based config for the redirect server.
func NewRedirectConfig ¶ added in v0.9.0
func NewRedirectConfig(ctx context.Context) (*RedirectConfig, error)
NewRedirectConfig initializes and validates a RedirectConfig struct.
func (*RedirectConfig) DatabaseConfig ¶ added in v0.10.0
func (c *RedirectConfig) DatabaseConfig() *database.Config
func (*RedirectConfig) HostnameToRegion ¶ added in v0.9.0
func (c *RedirectConfig) HostnameToRegion() (map[string]string, error)
HostnameToRegion returns a normalized map of the HOSTNAME_TO_REGION config value. Hostnames (key) are lowercased Regions (value) are uppercased
func (*RedirectConfig) ObservabilityExporterConfig ¶ added in v0.9.0
func (c *RedirectConfig) ObservabilityExporterConfig() *observability.Config
type ServerConfig ¶
type ServerConfig struct { Firebase FirebaseConfig Database database.Config Observability observability.Config Cache cache.Config Email email.Config Port string `env:"PORT,default=8080"` // Login Config SessionDuration time.Duration `env:"SESSION_DURATION, default=20h"` SessionIdleTimeout time.Duration `env:"SESSION_IDLE_TIMEOUT, default=20m"` RevokeCheckPeriod time.Duration `env:"REVOKE_CHECK_DURATION, default=5m"` // Password Config PasswordRequirements PasswordRequirementsConfig // CookieKeys is a slice of bytes. The first is 64 bytes, the second is 32. // They should be base64-encoded. CookieKeys Base64ByteSlice `env:"COOKIE_KEYS,required"` // CookieDomain is the domain for which cookie should be valid. CookieDomain string `env:"COOKIE_DOMAIN"` // CSRFAuthKey is the authentication key. It must be 32-bytes and can be // generated with tools/gen-secret. The value's should be base64 encoded. CSRFAuthKey envconfig.Base64Bytes `env:"CSRF_AUTH_KEY,required"` // Application Config ServerName string `env:"SERVER_NAME,default=Diagnosis Verification Server"` CollisionRetryCount uint `env:"COLLISION_RETRY_COUNT,default=6"` AllowedSymptomAge time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=336h"` // 336h is 14 days. EnforceRealmQuotas bool `env:"ENFORCE_REALM_QUOTAS, default=true"` AssetsPath string `env:"ASSETS_PATH,default=./cmd/server/assets"` // For EN Express, the link will be // https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode] // This repository contains a redirect service that can be used for this purpose. ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"` // Certificate signing key settings, needed for public key / settings display. CertificateSigning CertificateSigningConfig // If Dev mode is true, cookies aren't required to be sent over secure channels. // This includes CSRF protection base cookie. You want this false in production (the default). DevMode bool `env:"DEV_MODE"` // Rate limiting configuration RateLimit ratelimit.Config }
ServerConfig represents the environment based config for the server.
func NewServerConfig ¶
func NewServerConfig(ctx context.Context) (*ServerConfig, error)
NewServerConfig initializes and validates a ServerConfig struct.
func (*ServerConfig) FirebaseConfig ¶
func (c *ServerConfig) FirebaseConfig() *firebase.Config
FirebaseConfig returns the firebase SDK config based on the local env config.
func (*ServerConfig) GetAllowedSymptomAge ¶
func (c *ServerConfig) GetAllowedSymptomAge() time.Duration
func (*ServerConfig) GetCollisionRetryCount ¶ added in v0.3.0
func (c *ServerConfig) GetCollisionRetryCount() uint
func (*ServerConfig) GetENXRedirectDomain ¶ added in v0.9.0
func (c *ServerConfig) GetENXRedirectDomain() string
func (*ServerConfig) GetEnforceRealmQuotas ¶ added in v0.9.0
func (c *ServerConfig) GetEnforceRealmQuotas() bool
func (*ServerConfig) GetRateLimitConfig ¶ added in v0.9.0
func (c *ServerConfig) GetRateLimitConfig() *ratelimit.Config
func (*ServerConfig) ObservabilityExporterConfig ¶ added in v0.3.0
func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config
func (*ServerConfig) Validate ¶
func (c *ServerConfig) Validate() error
type TokenSigningConfig ¶ added in v0.5.1
type TokenSigningConfig struct { // Keys determines the key manager configuration for this token signing // configuration. Keys keys.Config `env:",prefix=TOKEN_"` TokenSigningKeys []string `env:"TOKEN_SIGNING_KEY, required"` TokenSigningKeyIDs []string `env:"TOKEN_SIGNING_KEY_ID, default=v1"` TokenIssuer string `env:"TOKEN_ISSUER, default=diagnosis-verification-example"` }
TokenSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certifiate keys externally.
func (*TokenSigningConfig) ActiveKey ¶ added in v0.5.1
func (t *TokenSigningConfig) ActiveKey() string
func (*TokenSigningConfig) ActiveKeyID ¶ added in v0.5.1
func (t *TokenSigningConfig) ActiveKeyID() string
func (*TokenSigningConfig) Validate ¶ added in v0.5.1
func (t *TokenSigningConfig) Validate() error
type Validatable ¶
type Validatable interface {
Validate() error
}
Validatable indicates that a type can be validated.