config

package
v0.19.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package config defines the environment baased configuration for this project. Each server has a unique config type.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProcessWith

func ProcessWith(ctx context.Context, spec interface{}, l envconfig.Lookuper) error

ProcessWith creates a new config with the given lookuper for parsing config.

Types

type APIServerConfig

type APIServerConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	Port string `env:"PORT,default=8080"`

	APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`

	// Verification Token Config
	VerificationTokenDuration time.Duration `env:"VERIFICATION_TOKEN_DURATION,default=24h"`

	// Token signing
	TokenSigning TokenSigningConfig

	// Certificate signing
	CertificateSigning CertificateSigningConfig

	// Rate limiting configuration
	RateLimit ratelimit.Config
	// contains filtered or unexported fields
}

APIServerConfig represnets the environment based configuration for the API server.

func NewAPIServerConfig

func NewAPIServerConfig(ctx context.Context) (*APIServerConfig, error)

NewAPIServerConfig returns the environment config for the API server. Only needs to be called once per instance, but may be called multiple times.

func (*APIServerConfig) AllowedTokenPublicKeys added in v0.5.1

func (c *APIServerConfig) AllowedTokenPublicKeys() map[string]string

AllowedTokenPublicKeys returns a map of 'kid' to the KMS KeyID reference. This represents the keys that are allowed to be used to verify tokens, the TokenSigningKey/TokenSigningKeyID.

func (*APIServerConfig) ObservabilityExporterConfig added in v0.3.0

func (c *APIServerConfig) ObservabilityExporterConfig() *observability.Config

func (*APIServerConfig) Validate

func (c *APIServerConfig) Validate() error

type AdminAPIServerConfig

type AdminAPIServerConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	// Rate limiting configuration
	RateLimit ratelimit.Config

	Port                string        `env:"PORT,default=8080"`
	APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`

	CollisionRetryCount uint          `env:"COLLISION_RETRY_COUNT,default=6"`
	AllowedSymptomAge   time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=672h"` // 672h is 28 days.
	EnforceRealmQuotas  bool          `env:"ENFORCE_REALM_QUOTAS, default=true"`

	// For EN Express, the link will be
	// https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode]
	// This repository contains a redirect service that can be used for this purpose.
	ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"`
}

AdminAPIServerConfig represents the environment based config for the Admin API Server.

func NewAdminAPIServerConfig

func NewAdminAPIServerConfig(ctx context.Context) (*AdminAPIServerConfig, error)

NewAdminAPIServerConfig returns the environment config for the Admin API server. Only needs to be called once per instance, but may be called multiple times.

func (*AdminAPIServerConfig) GetAllowedSymptomAge

func (c *AdminAPIServerConfig) GetAllowedSymptomAge() time.Duration

func (*AdminAPIServerConfig) GetCollisionRetryCount added in v0.3.0

func (c *AdminAPIServerConfig) GetCollisionRetryCount() uint

func (*AdminAPIServerConfig) GetENXRedirectDomain added in v0.9.0

func (c *AdminAPIServerConfig) GetENXRedirectDomain() string

func (*AdminAPIServerConfig) GetEnforceRealmQuotas added in v0.9.0

func (c *AdminAPIServerConfig) GetEnforceRealmQuotas() bool

func (*AdminAPIServerConfig) GetRateLimitConfig added in v0.9.0

func (c *AdminAPIServerConfig) GetRateLimitConfig() *ratelimit.Config

func (*AdminAPIServerConfig) IsMaintenanceMode added in v0.17.0

func (c *AdminAPIServerConfig) IsMaintenanceMode() bool

func (*AdminAPIServerConfig) ObservabilityExporterConfig added in v0.3.0

func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config

func (*AdminAPIServerConfig) Validate

func (c *AdminAPIServerConfig) Validate() error

type AppSyncConfig added in v0.17.0

type AppSyncConfig struct {
	Database      database.Config
	Observability observability.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT,default=8080"`

	RateLimit uint64 `env:"RATE_LIMIT,default=60"`

	// AppSync config
	AppSyncURL         string        `env:"APP_SYNC_URL"`
	FileSizeLimitBytes int64         `env:"APP_SYNC_SIZE_LIMIT, default=10240"`
	Timeout            time.Duration `env:"APP_SYNC_TIMEOUT, default=1m"`
}

AppSyncConfig represents the environment based configuration for the app sync server.

func NewAppSyncConfig added in v0.17.0

func NewAppSyncConfig(ctx context.Context) (*AppSyncConfig, error)

NewAppSyncConfig returns the environment config for the appsync server. Only needs to be called once per instance, but may be called multiple times.

func (*AppSyncConfig) ObservabilityExporterConfig added in v0.17.0

func (c *AppSyncConfig) ObservabilityExporterConfig() *observability.Config

func (*AppSyncConfig) Validate added in v0.17.0

func (c *AppSyncConfig) Validate() error

type Base64ByteSlice

type Base64ByteSlice []envconfig.Base64Bytes

Base64ByteSlice is a slice of base64-encoded strings that we want to convert to bytes.

func (Base64ByteSlice) AsBytes

func (c Base64ByteSlice) AsBytes() [][]byte

AsBytes returns the value as a slice of bytes instead of its main type.

type CertificateSigningConfig added in v0.5.0

type CertificateSigningConfig struct {
	// Keys determines the key manager configuration for this certificate signing
	// configuration.
	Keys keys.Config `env:",prefix=CERTIFICATE_"`

	PublicKeyCacheDuration  time.Duration `env:"PUBLIC_KEY_CACHE_DURATION, default=15m"`
	SignerCacheDuration     time.Duration `env:"CERTIFICATE_SIGNER_CACHE_DURATION, default=1m"`
	CertificateSigningKey   string        `env:"CERTIFICATE_SIGNING_KEY, required"`
	CertificateSigningKeyID string        `env:"CERTIFICATE_SIGNING_KEY_ID, default=v1"`
	CertificateIssuer       string        `env:"CERTIFICATE_ISSUER, default=diagnosis-verification-example"`
	CertificateAudience     string        `env:"CERTIFICATE_AUDIENCE, default=exposure-notifications-server"`
	CertificateDuration     time.Duration `env:"CERTIFICATE_DURATION, default=15m"`
}

CertificateSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certifiate keys externally.

type CleanupConfig

type CleanupConfig struct {
	Database      database.Config
	Observability observability.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT,default=8080"`

	RateLimit uint64 `env:"RATE_LIMIT,default=60"`

	// Cleanup config
	AuditEntryMaxAge    time.Duration `env:"AUDIT_ENTRY_MAX_AGE, default=720h"`
	AuthorizedAppMaxAge time.Duration `env:"AUTHORIZED_APP_MAX_AGE, default=336h"`
	CleanupPeriod       time.Duration `env:"CLEANUP_PERIOD, default=15m"`
	MobileAppMaxAge     time.Duration `env:"MOBILE_APP_MAX_AGE, default=168h"`
	UserPurgeMaxAge     time.Duration `env:"USER_PURGE_MAX_AGE, default=720h"`
	// VerificationCodeMaxAge is the period in which the full code should be available.
	// After this time it will be recycled. The code will be zeroed out, but its status persist.
	VerificationCodeMaxAge time.Duration `env:"VERIFICATION_CODE_MAX_AGE, default=48h"`
	// VerificationCodeStatusMaxAge is the time after which, even the status of the code will be deleted
	// and the entry will be purged. This value should be greater than VerificationCodeMaxAge
	VerificationCodeStatusMaxAge time.Duration `env:"VERIFICATION_CODE_STATUS_MAX_AGE, default=336h"`
	VerificationTokenMaxAge      time.Duration `env:"VERIFICATION_TOKEN_MAX_AGE, default=24h"`
}

CleanupConfig represents the environment based configuration for the Cleanup server.

func NewCleanupConfig

func NewCleanupConfig(ctx context.Context) (*CleanupConfig, error)

NewCleanupConfig returns the environment config for the cleanup server. Only needs to be called once per instance, but may be called multiple times.

func (*CleanupConfig) ObservabilityExporterConfig added in v0.3.0

func (c *CleanupConfig) ObservabilityExporterConfig() *observability.Config

func (*CleanupConfig) Validate

func (c *CleanupConfig) Validate() error

type E2ERunnerConfig added in v0.6.0

type E2ERunnerConfig struct {
	Database      database.Config
	Observability *observability.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT,default=8080"`

	// Share config between server and command line versions.
	TestConfig E2ETestConfig
}

E2ERunnerConfig represents the environment based configuration for the e2e-runner server.

func NewE2ERunnerConfig added in v0.6.0

func NewE2ERunnerConfig(ctx context.Context) (*E2ERunnerConfig, error)

NewE2ERunnerConfig returns the environment config for the e2e-runner server. Only needs to be called once per instance, but may be called multiple times.

func (*E2ERunnerConfig) Validate added in v0.6.0

func (c *E2ERunnerConfig) Validate() error

type E2ETestConfig added in v0.7.0

type E2ETestConfig struct {
	VerificationAdminAPIServer string `env:"VERIFICATION_ADMIN_API, default=http://localhost:8081"`
	VerificationAdminAPIKey    string `env:"VERIFICATION_ADMIN_API_KEY"`
	VerificationAPIServer      string `env:"VERIFICATION_SERVER_API, default=http://localhost:8082"`
	VerificationAPIServerKey   string `env:"VERIFICATION_SERVER_API_KEY"`
	KeyServer                  string `env:"KEY_SERVER, default=http://localhost:8080"`
	HealthAuthorityCode        string `env:"HEALTH_AUTHORITY_CODE,required"`
	DoRevise                   bool   `env:"DO_REVISIONS"`
}

func NewE2ETestConfig added in v0.7.0

func NewE2ETestConfig(ctx context.Context) (*E2ETestConfig, error)

NewE2ETestConfig contains just the necessary elements for command line execution.

type FirebaseConfig

type FirebaseConfig struct {
	APIKey          string `env:"FIREBASE_API_KEY,required"`
	AuthDomain      string `env:"FIREBASE_AUTH_DOMAIN,required"`
	DatabaseURL     string `env:"FIREBASE_DATABASE_URL,required"`
	ProjectID       string `env:"FIREBASE_PROJECT_ID,required"`
	StorageBucket   string `env:"FIREBASE_STORAGE_BUCKET,required"`
	MessageSenderID string `env:"FIREBASE_MESSAGE_SENDER_ID,required"`
	AppID           string `env:"FIREBASE_APP_ID,required"`
	MeasurementID   string `env:"FIREBASE_MEASUREMENT_ID,required"`

	TermsOfServiceURL string `env:"FIREBASE_TERMS_OF_SERVICE_URL"`
	PrivacyPolicyURL  string `env:"FIREBASE_PRIVACY_POLICY_URL"`
}

FirebaseConfig represents configuration specific to firebase auth.

type IssueAPIConfig

type IssueAPIConfig interface {
	GetCollisionRetryCount() uint
	GetAllowedSymptomAge() time.Duration
	GetEnforceRealmQuotas() bool
	GetRateLimitConfig() *ratelimit.Config
	GetENXRedirectDomain() string
	IsMaintenanceMode() bool
}

IssueAPIConfig is an interface that represents what is needed of the verification code issue API.

type Modeler added in v0.9.0

type Modeler struct {
	Cache         cache.Config
	Database      database.Config
	Observability observability.Config
	RateLimit     ratelimit.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT, default=8080"`

	// MinValue and MaxValue determine the floor and ceiling limits for the
	// modeler.
	MinValue uint `env:"MODELER_MIN_VALUE, default=10"`
	MaxValue uint `env:"MODELER_MAX_VALUE, default=20000"`
}

Modeler is the configuration for the modeler service.

func NewModeler added in v0.9.0

func NewModeler(ctx context.Context) (*Modeler, error)

NewModeler returns the config for the modeler server.

func (*Modeler) ObservabilityExporterConfig added in v0.9.0

func (c *Modeler) ObservabilityExporterConfig() *observability.Config

func (*Modeler) Validate added in v0.9.0

func (c *Modeler) Validate() error

type PasswordRequirementsConfig added in v0.9.0

type PasswordRequirementsConfig struct {
	Length    int `env:"MIN_PWD_LENGTH,default=8"`
	Uppercase int `env:"MIN_PWD_UPPER,default=1"`
	Lowercase int `env:"MIN_PWD_LOWER,default=1"`
	Number    int `env:"MIN_PWD_DIGITS,default=1"`
	Special   int `env:"MIN_PWD_SPECIAL,default=1"`
}

PasswordRequirementsConfig represents the password complexity requirements for the server.

func (*PasswordRequirementsConfig) HasRequirements added in v0.9.0

func (c *PasswordRequirementsConfig) HasRequirements() bool

HasRequirements is true if any requirements are set.

type RedirectConfig added in v0.9.0

type RedirectConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config

	Port string `env:"PORT, default=8080"`

	AssetsPath string `env:"ASSETS_PATH, default=./cmd/enx-redirect/assets"`

	AppCacheTTL time.Duration `env:"APP_CACHE_TTL, default=5m"`

	// If Dev mode is true, extended logging is enabled and template
	// auto-reload is enabled.
	DevMode bool `env:"DEV_MODE"`

	// A map of hostnames to redirect to ens:// and a mapping to the region.
	// For example to redirect
	//   region.example.com to region US-AA
	//   otherregion.example.com to region US-BB
	// all matched hostnames are redirected to
	// "ens://"
	// The append region is added to the end
	// "US-AA,US-BB"
	//
	// The config for this is passed as a map, example:
	// HOSTNAME_TO_REGION="region.example.com:US-AA,otherregion.example.com:US-BB"
	HostnameConfig map[string]string `env:"HOSTNAME_TO_REGION"`
}

RedirectConfig represents the environment based config for the redirect server.

func NewRedirectConfig added in v0.9.0

func NewRedirectConfig(ctx context.Context) (*RedirectConfig, error)

NewRedirectConfig initializes and validates a RedirectConfig struct.

func (*RedirectConfig) DatabaseConfig added in v0.10.0

func (c *RedirectConfig) DatabaseConfig() *database.Config

func (*RedirectConfig) HostnameToRegion added in v0.9.0

func (c *RedirectConfig) HostnameToRegion() (map[string]string, error)

HostnameToRegion returns a normalized map of the HOSTNAME_TO_REGION config value. Hostnames (key) are lowercased Regions (value) are uppercased

func (*RedirectConfig) ObservabilityExporterConfig added in v0.9.0

func (c *RedirectConfig) ObservabilityExporterConfig() *observability.Config

type ServerConfig

type ServerConfig struct {
	Firebase      FirebaseConfig
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config

	Port string `env:"PORT,default=8080"`

	// Login Config
	SessionDuration    time.Duration `env:"SESSION_DURATION, default=20h"`
	SessionIdleTimeout time.Duration `env:"SESSION_IDLE_TIMEOUT, default=20m"`
	RevokeCheckPeriod  time.Duration `env:"REVOKE_CHECK_DURATION, default=5m"`

	// Password Config
	PasswordRequirements PasswordRequirementsConfig

	// CookieKeys is a slice of bytes. The first is 64 bytes, the second is 32.
	// They should be base64-encoded.
	CookieKeys Base64ByteSlice `env:"COOKIE_KEYS,required"`

	// CookieDomain is the domain for which cookie should be valid.
	CookieDomain string `env:"COOKIE_DOMAIN"`

	// CSRFAuthKey is the authentication key. It must be 32-bytes and can be
	// generated with tools/gen-secret. The value's should be base64 encoded.
	CSRFAuthKey envconfig.Base64Bytes `env:"CSRF_AUTH_KEY,required"`

	// Application Config
	ServerName          string        `env:"SERVER_NAME,default=Diagnosis Verification Server"`
	CollisionRetryCount uint          `env:"COLLISION_RETRY_COUNT,default=6"`
	AllowedSymptomAge   time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=672h"` // 672h is 28 days.
	EnforceRealmQuotas  bool          `env:"ENFORCE_REALM_QUOTAS, default=true"`

	AssetsPath  string `env:"ASSETS_PATH, default=./cmd/server/assets"`
	LocalesPath string `env:"LOCALES_PATH, default=./internal/i18n/locales"`

	// For EN Express, the link will be
	// https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode]
	// This repository contains a redirect service that can be used for this purpose.
	ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"`

	// Certificate signing key settings, needed for public key / settings display.
	CertificateSigning CertificateSigningConfig

	// If Dev mode is true, cookies aren't required to be sent over secure channels.
	// This includes CSRF protection base cookie. You want this false in production (the default).
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	// Rate limiting configuration
	RateLimit ratelimit.Config
}

ServerConfig represents the environment based config for the server.

func NewServerConfig

func NewServerConfig(ctx context.Context) (*ServerConfig, error)

NewServerConfig initializes and validates a ServerConfig struct.

func (*ServerConfig) FirebaseConfig

func (c *ServerConfig) FirebaseConfig() *firebase.Config

FirebaseConfig returns the firebase SDK config based on the local env config.

func (*ServerConfig) GetAllowedSymptomAge

func (c *ServerConfig) GetAllowedSymptomAge() time.Duration

func (*ServerConfig) GetCollisionRetryCount added in v0.3.0

func (c *ServerConfig) GetCollisionRetryCount() uint

func (*ServerConfig) GetENXRedirectDomain added in v0.9.0

func (c *ServerConfig) GetENXRedirectDomain() string

func (*ServerConfig) GetEnforceRealmQuotas added in v0.9.0

func (c *ServerConfig) GetEnforceRealmQuotas() bool

func (*ServerConfig) GetRateLimitConfig added in v0.9.0

func (c *ServerConfig) GetRateLimitConfig() *ratelimit.Config

func (*ServerConfig) IsMaintenanceMode added in v0.17.0

func (c *ServerConfig) IsMaintenanceMode() bool

func (*ServerConfig) ObservabilityExporterConfig added in v0.3.0

func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config

func (*ServerConfig) Validate

func (c *ServerConfig) Validate() error

type TokenSigningConfig added in v0.5.1

type TokenSigningConfig struct {
	// Keys determines the key manager configuration for this token signing
	// configuration.
	Keys keys.Config `env:",prefix=TOKEN_"`

	TokenSigningKeys   []string `env:"TOKEN_SIGNING_KEY, required"`
	TokenSigningKeyIDs []string `env:"TOKEN_SIGNING_KEY_ID, default=v1"`
	TokenIssuer        string   `env:"TOKEN_ISSUER, default=diagnosis-verification-example"`
}

TokenSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certifiate keys externally.

func (*TokenSigningConfig) ActiveKey added in v0.5.1

func (t *TokenSigningConfig) ActiveKey() string

func (*TokenSigningConfig) ActiveKeyID added in v0.5.1

func (t *TokenSigningConfig) ActiveKeyID() string

func (*TokenSigningConfig) Validate added in v0.5.1

func (t *TokenSigningConfig) Validate() error

type Validatable

type Validatable interface {
	Validate() error
}

Validatable indicates that a type can be validated.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL