config

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package config defines the environment baased configuration for this project. Each server has a unique config type.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProcessWith

func ProcessWith(ctx context.Context, spec interface{}, l envconfig.Lookuper) error

ProcessWith creates a new config with the given lookuper for parsing config.

Types

type APIServerConfig

type APIServerConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	// SMSSigning defines the SMS signing configuration.
	SMSSigning SMSSigningConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	Port              string `env:"PORT,default=8080"`
	ChaffMaxLatencyMs uint64 `env:"CHAFF_MAX_LATENCY_MS, default=1000"`

	APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`

	// Verification Token Config
	VerificationTokenDuration time.Duration `env:"VERIFICATION_TOKEN_DURATION,default=24h"`

	// Token signing
	TokenSigning TokenSigningConfig

	// Certificate signing
	CertificateSigning CertificateSigningConfig

	// Rate limiting configuration
	RateLimit ratelimit.Config

	// variables for Issue API
	Issue IssueAPIVars
}

APIServerConfig represnets the environment based configuration for the API server.

func NewAPIServerConfig

func NewAPIServerConfig(ctx context.Context) (*APIServerConfig, error)

NewAPIServerConfig returns the environment config for the API server. Only needs to be called once per instance, but may be called multiple times.

func (*APIServerConfig) GetAuthenticatedSMSFailClosed added in v0.25.0

func (c *APIServerConfig) GetAuthenticatedSMSFailClosed() bool

func (*APIServerConfig) GetFeatureConfig added in v0.25.0

func (c *APIServerConfig) GetFeatureConfig() *FeatureConfig

func (*APIServerConfig) GetRateLimitConfig added in v0.25.0

func (c *APIServerConfig) GetRateLimitConfig() *ratelimit.Config

func (*APIServerConfig) IsMaintenanceMode added in v0.25.0

func (c *APIServerConfig) IsMaintenanceMode() bool

func (*APIServerConfig) IssueConfig added in v0.25.0

func (c *APIServerConfig) IssueConfig() *IssueAPIVars

func (*APIServerConfig) ObservabilityExporterConfig added in v0.3.0

func (c *APIServerConfig) ObservabilityExporterConfig() *observability.Config

func (*APIServerConfig) Validate

func (c *APIServerConfig) Validate() error

type AdminAPIServerConfig

type AdminAPIServerConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	// SMSSigning defines the SMS signing configuration.
	SMSSigning SMSSigningConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	// Rate limiting configuration
	RateLimit ratelimit.Config

	Port                string        `env:"PORT,default=8080"`
	APIKeyCacheDuration time.Duration `env:"API_KEY_CACHE_DURATION,default=5m"`

	Issue IssueAPIVars
}

AdminAPIServerConfig represents the environment based config for the Admin API Server.

func NewAdminAPIServerConfig

func NewAdminAPIServerConfig(ctx context.Context) (*AdminAPIServerConfig, error)

NewAdminAPIServerConfig returns the environment config for the Admin API server. Only needs to be called once per instance, but may be called multiple times.

func (*AdminAPIServerConfig) GetAuthenticatedSMSFailClosed added in v0.23.0

func (c *AdminAPIServerConfig) GetAuthenticatedSMSFailClosed() bool

func (*AdminAPIServerConfig) GetFeatureConfig added in v0.23.0

func (c *AdminAPIServerConfig) GetFeatureConfig() *FeatureConfig

func (*AdminAPIServerConfig) GetRateLimitConfig added in v0.9.0

func (c *AdminAPIServerConfig) GetRateLimitConfig() *ratelimit.Config

func (*AdminAPIServerConfig) IsMaintenanceMode added in v0.17.0

func (c *AdminAPIServerConfig) IsMaintenanceMode() bool

func (*AdminAPIServerConfig) IssueConfig added in v0.25.0

func (c *AdminAPIServerConfig) IssueConfig() *IssueAPIVars

func (*AdminAPIServerConfig) ObservabilityExporterConfig added in v0.3.0

func (c *AdminAPIServerConfig) ObservabilityExporterConfig() *observability.Config

func (*AdminAPIServerConfig) Validate

func (c *AdminAPIServerConfig) Validate() error

type AppSyncConfig added in v0.17.0

type AppSyncConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT,default=8080"`

	RateLimit uint64 `env:"RATE_LIMIT,default=60"`

	// AppSync config
	AppSyncURL         string        `env:"APP_SYNC_URL"`
	FileSizeLimitBytes int64         `env:"APP_SYNC_SIZE_LIMIT, default=4000000"`
	Timeout            time.Duration `env:"APP_SYNC_TIMEOUT, default=1m"`

	// AppSyncMinPeriod defines the period for which the app sync service will hold a lock
	// which prevents other calls from entering.
	AppSyncMinPeriod time.Duration `env:"APP_SYNC_MIN_PERIOD, default=5m"`
}

AppSyncConfig represents the environment based configuration for the app sync server.

func NewAppSyncConfig added in v0.17.0

func NewAppSyncConfig(ctx context.Context) (*AppSyncConfig, error)

NewAppSyncConfig returns the environment config for the appsync server. Only needs to be called once per instance, but may be called multiple times.

func (*AppSyncConfig) ObservabilityExporterConfig added in v0.17.0

func (c *AppSyncConfig) ObservabilityExporterConfig() *observability.Config

func (*AppSyncConfig) Validate added in v0.17.0

func (c *AppSyncConfig) Validate() error

type BackupConfig added in v0.25.0

type BackupConfig struct {
	Database      database.Config
	Observability observability.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// Port is the port on which to bind.
	Port string `env:"PORT, default=8080"`

	// MinTTL is the minimum amount of time that must elapse between attempting
	// backups. This is used to control whether the backup is actually executed
	// and to prevent concurrent backups.
	MinTTL time.Duration `env:"BACKUP_MIN_PERIOD, default=5m"`

	// Timeout is the maximum amount of time to wait for a backup operation to
	// complete.
	Timeout time.Duration `env:"BACKUP_TIMEOUT, default=10m"`

	// Bucket is the name of the Cloud Storage bucket where backups should be
	// stored.
	Bucket string `env:"BACKUP_BUCKET, required"`

	// DatabaseInstanceURL is the full self-link of the URL to the SQL instance.
	DatabaseInstanceURL string `env:"BACKUP_DATABASE_INSTANCE_URL, required"`

	// DatabaseName is the name of the database to backup.
	DatabaseName string `env:"BACKUP_DATABASE_NAME, required"`
}

BackupConfig is the configuration for backups.

func NewBackupConfig added in v0.25.0

func NewBackupConfig(ctx context.Context) (*BackupConfig, error)

NewBackupConfig returns the environment config for the backup server.

func (*BackupConfig) ObservabilityExporterConfig added in v0.25.0

func (c *BackupConfig) ObservabilityExporterConfig() *observability.Config

func (*BackupConfig) Validate added in v0.25.0

func (c *BackupConfig) Validate() error

type CertificateSigningConfig added in v0.5.0

type CertificateSigningConfig struct {
	// Keys determines the key manager configuration for this certificate signing
	// configuration.
	Keys keys.Config `env:",prefix=CERTIFICATE_"`

	// AllowedClockSkew impacts the "not before" or NBF time for certificates
	AllowedClockSkew time.Duration `env:"ALLOWED_CLOCK_SKEW,default=5s"`

	PublicKeyCacheDuration  time.Duration `env:"PUBLIC_KEY_CACHE_DURATION, default=15m"`
	SignerCacheDuration     time.Duration `env:"CERTIFICATE_SIGNER_CACHE_DURATION, default=1m"`
	CertificateSigningKey   string        `env:"CERTIFICATE_SIGNING_KEY, required"`
	CertificateSigningKeyID string        `env:"CERTIFICATE_SIGNING_KEY_ID, default=v1"`
	CertificateIssuer       string        `env:"CERTIFICATE_ISSUER, default=diagnosis-verification-example"`
	CertificateAudience     string        `env:"CERTIFICATE_AUDIENCE, default=exposure-notifications-server"`
	CertificateDuration     time.Duration `env:"CERTIFICATE_DURATION, default=15m"`
}

CertificateSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certificate keys externally.

type CleanupConfig

type CleanupConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig

	// TokenSigning is the token signing configuration to purge old keys in the
	// key manager when they are cleaned.
	TokenSigning TokenSigningConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// Port is the port on which to bind.
	Port string `env:"PORT,default=8080"`

	// Cleanup config
	AuditEntryMaxAge    time.Duration `env:"AUDIT_ENTRY_MAX_AGE, default=720h"`
	AuthorizedAppMaxAge time.Duration `env:"AUTHORIZED_APP_MAX_AGE, default=336h"`
	CleanupMinPeriod    time.Duration `env:"CLEANUP_MIN_PERIOD, default=5m"`
	MobileAppMaxAge     time.Duration `env:"MOBILE_APP_MAX_AGE, default=168h"`

	// StatsMaxAge is the maximum amount of time to retain statistics. The default
	// value is 91d. It can be extended up to 120 days and cannot be less than 30
	// days.
	StatsMaxAge time.Duration `env:"STATS_MAX_AGE, default=2184h"`

	// RealmChaffEventMaxAge is the maximum amount of time to store whether a
	// realm had received a chaff request.
	RealmChaffEventMaxAge time.Duration `env:"REALM_CHAFF_EVENT_MAX_AGE, default=168h"` // 7 days

	// SigningTokenKeyMaxAge is the maximum amount of time that a rotated signing
	// token key should remain unpurged.
	SigningTokenKeyMaxAge time.Duration `env:"SIGNING_TOKEN_KEY_MAX_AGE, default=36h"`

	// VerificationSigningKeyMaxAge is the maximum amount of time that an already soft
	// delted SigningKey will be kept in the database before being purged.
	VerificationSigningKeyMaxAge time.Duration `env:"VERIFICATION_SIGNING_KEY_MAX_AGE, default=36h"`

	UserPurgeMaxAge time.Duration `env:"USER_PURGE_MAX_AGE, default=720h"`
	// VerificationCodeMaxAge is the period in which the full code should be available.
	// After this time it will be recycled. The code will be zeroed out, but its status persist.
	VerificationCodeMaxAge time.Duration `env:"VERIFICATION_CODE_MAX_AGE, default=48h"`
	// VerificationCodeStatusMaxAge is the time after which, even the status of the code will be deleted
	// and the entry will be purged. This value should be greater than VerificationCodeMaxAge
	VerificationCodeStatusMaxAge time.Duration `env:"VERIFICATION_CODE_STATUS_MAX_AGE, default=336h"`
	VerificationTokenMaxAge      time.Duration `env:"VERIFICATION_TOKEN_MAX_AGE, default=24h"`

	// UserReportUnclaimedMaxAge is how long a user report phone hash will be kept if the record goes unclaimed.
	UserReportUnclaimedMaxAge time.Duration `env:"USER_REPORT_UNCLAIMED_MAX_AGE, default=30m"`
	// UserReportMaxAge is how long a claimed user report phone hash will be kept.
	UserReportMaxAge time.Duration `env:"USER_REPORT_MAX_AGE, default=2160h"` // 2160h = 90 days
}

CleanupConfig represents the environment based configuration for the Cleanup server.

func NewCleanupConfig

func NewCleanupConfig(ctx context.Context) (*CleanupConfig, error)

NewCleanupConfig returns the environment config for the cleanup server. Only needs to be called once per instance, but may be called multiple times.

func (*CleanupConfig) ObservabilityExporterConfig added in v0.3.0

func (c *CleanupConfig) ObservabilityExporterConfig() *observability.Config

func (*CleanupConfig) Validate

func (c *CleanupConfig) Validate() error

type E2ERunnerConfig added in v0.6.0

type E2ERunnerConfig struct {
	Database      database.Config
	Observability *observability.Config
	Features      FeatureConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT,default=8080"`

	VerificationAdminAPIServer string `env:"VERIFICATION_ADMIN_API, default=http://localhost:8081"`
	VerificationAdminAPIKey    string `env:"VERIFICATION_ADMIN_API_KEY"`
	VerificationAPIServer      string `env:"VERIFICATION_SERVER_API, default=http://localhost:8082"`
	VerificationAPIServerKey   string `env:"VERIFICATION_SERVER_API_KEY"`
	KeyServer                  string `env:"KEY_SERVER, default=http://localhost:8080"`
	HealthAuthorityCode        string `env:"HEALTH_AUTHORITY_CODE,required"`
	// Not environment vars, but set by each type of test run.
	DoRevise     bool
	DoUserReport bool

	// ENXRedirectURL is the host to use for testing the ENX redirector service.
	// This should be the value of the e2e realm's host, like
	// "https://e2e-realm.redirect-domain.com", where "redirect-domain.com" is
	// your enx redirect domain. The protocol is required. If this value is blank,
	// the enx redirect tests are not executed on the e2e-runner.
	ENXRedirectURL string `env:"ENX_REDIRECT_URL"`
}

E2ERunnerConfig represents the environment based configuration for the e2e-runner server.

func NewE2ERunnerConfig added in v0.6.0

func NewE2ERunnerConfig(ctx context.Context) (*E2ERunnerConfig, error)

NewE2ERunnerConfig returns the environment config for the e2e-runner server. Only needs to be called once per instance, but may be called multiple times.

type EmailerConfig added in v1.5.0

type EmailerConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig
	Secrets       secrets.Config

	// Port is the port upon which to bind.
	Port string `env:"PORT, default=8080"`

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// MinTTL is the minimum amount of time that must elapse between attempting
	// emailer events. This is used to control whether emails are actually sent at
	// the controller layer, independent of being invoked via a scheduler.
	MinTTL time.Duration `env:"MIN_TTL, default=4h"`

	// FromAddress is the address from which to send emails. This must be an
	// address that resides in the Google Workspace domain. It can be of the
	// format "user@example.com". The recommended value is
	// "no-reply@your-server.com".
	FromAddress string `env:"FROM_ADDRESS"`

	// MailDomain is the domain from which to send email. It should be just the
	// domain (no https:// or port).
	MailDomain string `env:"MAIL_DOMAIN"`

	// EmailCC and EmailBCC is the address to CC and BCC (respectively) on all
	// emails.
	CCAddresses  []string `env:"CC_ADDRESSES"`
	BCCAddresses []string `env:"BCC_ADDRESSES"`

	// ServerEndpoint is the URL to the main verification server component - the
	// UI server. It should be the full URL with no trailing slash.
	ServerEndpoint string `env:"SERVER_ENDPOINT"`

	// SMTPRelayHost and SMTPRelayPort are the URLs for the SMTP server. The
	// default values should be appropriate for most situations.
	SMTPRelayHost string `env:"SMTP_RELAY_HOST, default=smtp-relay.gmail.com"`
	SMTPRelayPort string `env:"SMTP_RELAY_PORT, default=587"`

	// SMSIgnoredErrorCodes is a list of SMS error codes to ignore.
	//
	// 30003 - Phone is off
	// 30004 - User blocked receiving messages from this number
	// 30005 - Invalid phone number
	// 30006 - Landline error
	SMSIgnoredErrorCodes []string `env:"SMS_IGNORED_ERROR_CODES, default=30003,30004,30005,30006"`

	// SMSErrorsEmailThreshold is the number of SMS errors in a given 24 hour UTC
	// period at which email alerts will begin being generated. This applies to
	// all realms on the system.
	SMSErrorsEmailThreshold int64 `env:"SMS_ERRORS_EMAIL_THRESHOLD, default=50"`
}

EmailerConfig represents the environment-based configuration for the emailer service.

func NewEmailerConfig added in v1.5.0

func NewEmailerConfig(ctx context.Context) (*EmailerConfig, error)

NewEmailerConfig returns the config for the emailer service.

func (*EmailerConfig) ObservabilityExporterConfig added in v1.5.0

func (c *EmailerConfig) ObservabilityExporterConfig() *observability.Config

func (*EmailerConfig) Validate added in v1.5.0

func (c *EmailerConfig) Validate() error

type FeatureConfig added in v0.21.0

type FeatureConfig struct {
	EnableEmailer bool `env:"ENABLE_EMAILER, default=false"`
}

FeatureConfig represents features that are introduced as off by default allowing for server operators to control their release.

func (*FeatureConfig) AddToTemplate added in v0.21.0

AddToTemplate takes TemplateMap and writes the status of all known feature flags for use in HTML templates.

type FirebaseConfig

type FirebaseConfig struct {
	APIKey          string `env:"FIREBASE_API_KEY,required"`
	AuthDomain      string `env:"FIREBASE_AUTH_DOMAIN,required"`
	DatabaseURL     string `env:"FIREBASE_DATABASE_URL,required"`
	ProjectID       string `env:"FIREBASE_PROJECT_ID,required"`
	StorageBucket   string `env:"FIREBASE_STORAGE_BUCKET,required"`
	MessageSenderID string `env:"FIREBASE_MESSAGE_SENDER_ID,required"`
	AppID           string `env:"FIREBASE_APP_ID,required"`
	MeasurementID   string `env:"FIREBASE_MEASUREMENT_ID,required"`

	TermsOfServiceURL string `env:"FIREBASE_TERMS_OF_SERVICE_URL"`
	PrivacyPolicyURL  string `env:"FIREBASE_PRIVACY_POLICY_URL"`
}

FirebaseConfig represents configuration specific to firebase auth.

type IssueAPIConfig

type IssueAPIConfig interface {
	IssueConfig() *IssueAPIVars

	GetRateLimitConfig() *ratelimit.Config
	GetFeatureConfig() *FeatureConfig
	IsMaintenanceMode() bool

	// GetAuthenticatedSMSFailClosed indicates how the system should behave when
	// authenticated SMS fails.
	GetAuthenticatedSMSFailClosed() bool
}

type IssueAPIVars added in v0.25.0

type IssueAPIVars struct {
	CollisionRetryCount uint          `env:"COLLISION_RETRY_COUNT,default=6"`
	AllowedSymptomAge   time.Duration `env:"ALLOWED_PAST_SYMPTOM_DAYS,default=672h"` // 672h is 28 days.
	EnforceRealmQuotas  bool          `env:"ENFORCE_REALM_QUOTAS, default=true"`

	// For EN Express, the link will be
	// https://[realm-region].[ENX_REDIRECT_DOMAIN]/v?c=[longcode]
	// This repository contains a redirect service that can be used for this purpose.
	ENExpressRedirectDomain string `env:"ENX_REDIRECT_DOMAIN"`
}

IssueAPIVars is an interface that represents what is needed of the verification code issue API.

func (*IssueAPIVars) Validate added in v0.25.0

func (c *IssueAPIVars) Validate() error

type MetricsRegistrarConfig added in v0.36.0

type MetricsRegistrarConfig struct {
	Observability observability.Config
	Features      FeatureConfig

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// Port is the port on which to bind.
	Port string `env:"PORT,default=8080"`
}

MetricsRegistrarConfig represents the environment based configuration for the metrics registration server.

func NewMetricsRegistrarConfig added in v0.36.0

func NewMetricsRegistrarConfig(ctx context.Context) (*MetricsRegistrarConfig, error)

NewMetricsRegistrarConfig returns the environment config for the metrics registration server. Only needs to be called once per instance, but may be called multiple times.

func (*MetricsRegistrarConfig) ObservabilityExporterConfig added in v0.36.0

func (c *MetricsRegistrarConfig) ObservabilityExporterConfig() *observability.Config

func (*MetricsRegistrarConfig) Validate added in v0.36.0

func (c *MetricsRegistrarConfig) Validate() error

type Modeler added in v0.9.0

type Modeler struct {
	Cache         cache.Config
	Database      database.Config
	Observability observability.Config
	RateLimit     ratelimit.Config

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	Port string `env:"PORT, default=8080"`

	// MinValue and MaxValue determine the floor and ceiling limits for the
	// modeler.
	MinValue uint `env:"MODELER_MIN_VALUE, default=10"`
	MaxValue uint `env:"MODELER_MAX_VALUE, default=20000"`
}

Modeler is the configuration for the modeler service.

func NewModeler added in v0.9.0

func NewModeler(ctx context.Context) (*Modeler, error)

NewModeler returns the config for the modeler server.

func (*Modeler) ObservabilityExporterConfig added in v0.9.0

func (c *Modeler) ObservabilityExporterConfig() *observability.Config

func (*Modeler) Validate added in v0.9.0

func (c *Modeler) Validate() error

type PasswordRequirementsConfig added in v0.9.0

type PasswordRequirementsConfig struct {
	Length    int `env:"MIN_PWD_LENGTH,default=8"`
	Uppercase int `env:"MIN_PWD_UPPER,default=1"`
	Lowercase int `env:"MIN_PWD_LOWER,default=1"`
	Number    int `env:"MIN_PWD_DIGITS,default=1"`
	Special   int `env:"MIN_PWD_SPECIAL,default=1"`
}

PasswordRequirementsConfig represents the password complexity requirements for the server.

func (*PasswordRequirementsConfig) HasRequirements added in v0.9.0

func (c *PasswordRequirementsConfig) HasRequirements() bool

HasRequirements is true if any requirements are set.

type RedirectConfig added in v0.9.0

type RedirectConfig struct {
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	Port string `env:"PORT, default=8080"`

	AppCacheTTL time.Duration `env:"APP_CACHE_TTL, default=5m"`

	// If Dev mode is true, extended logging is enabled and template
	// auto-reload is enabled.
	DevMode bool `env:"DEV_MODE"`

	// UserReportAllowQuery defines if a GET request with query params should
	// be allow for user report. This OR dev mode is needed.
	// DEV_MODE can't be used in a deployed environment, but this can.
	// This should NOT be enabled in production.
	UserReportAllowQuery bool `env:"USER_REPORT_DEBUG_QUERY_PARAMS, default=false"`

	SessionDuration    time.Duration `env:"SESSION_DURATION, default=1h"`
	SessionIdleTimeout time.Duration `env:"SESSION_IDLE_TIMEOUT, default=20m"`

	TranslationRefreshPeriod time.Duration `env:"TRANSLATION_REFRESH_PERIOD, default=30m"`

	// Issue config is pulled in for the ENX_REDIRECT_DOMAIN
	Issue IssueAPIVars

	// Rate limiting configuration
	RateLimit ratelimit.Config

	// SMSSigning defines the SMS signing configuration.
	SMSSigning SMSSigningConfig

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	// A map of hostnames to redirect to ens:// and a mapping to the region.
	// For example to redirect
	//   region.example.com to region US-AA
	//   otherregion.example.com to region US-BB
	// all matched hostnames are redirected to
	// "ens://"
	// The append region is added to the end
	// "US-AA,US-BB"
	//
	// The config for this is passed as a map, example:
	// HOSTNAME_TO_REGION="region.example.com:US-AA,otherregion.example.com:US-BB"
	HostnameConfig map[string]string `env:"HOSTNAME_TO_REGION"`
}

RedirectConfig represents the environment based config for the redirect server.

func NewRedirectConfig added in v0.9.0

func NewRedirectConfig(ctx context.Context) (*RedirectConfig, error)

NewRedirectConfig initializes and validates a RedirectConfig struct.

func (*RedirectConfig) DatabaseConfig added in v0.10.0

func (c *RedirectConfig) DatabaseConfig() *database.Config

func (*RedirectConfig) GetAuthenticatedSMSFailClosed added in v0.26.0

func (c *RedirectConfig) GetAuthenticatedSMSFailClosed() bool

func (*RedirectConfig) GetFeatureConfig added in v0.26.0

func (c *RedirectConfig) GetFeatureConfig() *FeatureConfig

func (*RedirectConfig) GetRateLimitConfig added in v0.26.0

func (c *RedirectConfig) GetRateLimitConfig() *ratelimit.Config

func (*RedirectConfig) HostnameToRegion added in v0.9.0

func (c *RedirectConfig) HostnameToRegion() (map[string]string, error)

HostnameToRegion returns a normalized map of the HOSTNAME_TO_REGION config value. Hostnames (key) are lowercased Regions (value) are uppercased

func (*RedirectConfig) IsMaintenanceMode added in v0.26.0

func (c *RedirectConfig) IsMaintenanceMode() bool

func (*RedirectConfig) IssueConfig added in v0.26.0

func (c *RedirectConfig) IssueConfig() *IssueAPIVars

func (*RedirectConfig) ObservabilityExporterConfig added in v0.9.0

func (c *RedirectConfig) ObservabilityExporterConfig() *observability.Config

type RotationConfig added in v0.20.0

type RotationConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig
	Secrets       secrets.Config

	// ProjectID is the Google Cloud project ID.
	ProjectID string `env:"PROJECT_ID, required"`

	// Port is the port upon which to bind.
	Port string `env:"PORT, default=8080"`

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// MinTTL is the minimum amount of time that must elapse between attempting
	// rotation events. This is used to control whether rotation is actually
	// attempted at the controller layer, independent of the data layer. In
	// effect, it rate limits the number of rotation requests.
	MinTTL time.Duration `env:"MIN_TTL, default=1m"`

	// SecretsParent is the parent directory where secrets should be written. This
	// is only used when creating new secret versions. On Google Cloud, this
	// should be "projects/$PROJECT_ID/secrets".
	SecretsParent string `env:"SECRETS_PARENT, default=projects/$PROJECT_ID/secrets"`

	// SecretActivationTTL is the amount of time a secret should have been
	// "created" before being moved to the "active" state. This is used to ensure
	// a secret has fully propagated to all instances before being promoted to
	// active.
	//
	// SecretDestroyTTL is the amount of time a secret should be soft-deleted
	// before being purged in the upstream secret manager.
	SecretActivationTTL time.Duration `env:"SECRET_ACTIVATION_TTL, default=30m"`
	SecretDestroyTTL    time.Duration `env:"SECRET_DESTROY_TTL, default=24h"`

	// CookieKeyMinAge is the TTL at which a new cookie key will be created.
	// CookieKeyMaxAge is the TTL at which a cookie key is deleted.
	CookieKeyMinAge time.Duration `env:"COOKIE_KEY_MIN_AGE, default=720h"`  // 30d
	CookieKeyMaxAge time.Duration `env:"COOKIE_KEY_MAX_AGE, default=1488h"` // 60d + 2d

	// APIKeyDatabaseHMACKeyMinAge is the age at which to generate a new HMAC
	// key for HMACing API keys. Revoking an old HMAC key revokes all API keys
	// HMACed with that key, so existing values are kept.
	APIKeyDatabaseHMACKeyMinAge time.Duration `env:"API_KEY_DATABASE_HMAC_KEY_MIN_AGE, default=4320h"` // 180d

	// APIKeySignatureHMACKeyMinAge is the age at which to generate a new HMAC
	// key for signing API keys. Revoking an old signing key revokes all API keys
	// signed with that key, so existing values are kept.
	APIKeySignatureHMACKeyMinAge time.Duration `env:"API_KEY_SIGNATURE_HMAC_KEY_MIN_AGE, default=4320h"` // 180d

	// PhoneNumberDatabaseHMACKeyMinAge is the age at which to generate a new HMAC
	// key for HMACing phone numbers. PhoneNumberDatabaseHMACKeyMaxAge is the age
	// at which an HMAC key is deleted (which is 90 days after the last time the
	// key was used).
	PhoneNumberDatabaseHMACKeyMinAge time.Duration `env:"PHONE_NUMBER_DATABASE_HMAC_MIN_AGE, default=720h"`  // 30d
	PhoneNumberDatabaseHMACKeyMaxAge time.Duration `env:"PHONE_NUMBER_DATABASE_HMAC_MAX_AGE, default=2928h"` // 30d + 90d + 2d

	// VerificationCodeDatabaseHMACKeyMinAge is the age at which to generate a new
	// HMAC key for HMACing verification codes in the database.
	// VerificationCodeDatabaseHMACKeyMaxAge is the age at which the HMAC key can
	// be safely deleted.
	VerificationCodeDatabaseHMACKeyMinAge time.Duration `env:"VERIFICATION_CODE_DATABASE_HMAC_KEY_MIN_AGE, default=24h"`
	VerificationCodeDatabaseHMACKeyMaxAge time.Duration `env:"VERIFICATION_CODE_DATABASE_HMAC_KEY_MAX_AGE, default=72h"` // 2d + 1d

	// TokenSigning is the token signing configuration. This defines the parent
	// key and common data like issuer, but the individual versions are controlled
	// by the database table.
	TokenSigning TokenSigningConfig

	// TokenSigningKeyMaxAge is the maximum age for a token signing key.
	TokenSigningKeyMaxAge time.Duration `env:"TOKEN_SIGNING_KEY_MAX_AGE, default=720h"` // 30 days

	// Verification rotation frequency.
	VerificationSigningKeyMaxAge time.Duration `env:"VERIFICATION_SIGNING_KEY_MAX_AGE, default=720h"` // 30 days
	// How long to wait to activate a new key after creation. This gives
	// the upstream key server time to import the new allowed public key.
	// A deactivated key will also be kept for this time period.
	VerificationActivationDelay time.Duration `env:"VERIFICATION_ACTIVATION_DELAY, default=1h"`
}

RotationConfig represents the environment-based configuration for the rotation service.

func NewRotationConfig added in v0.20.0

func NewRotationConfig(ctx context.Context) (*RotationConfig, error)

NewRotationConfig returns the config for the rotation service.

func (*RotationConfig) ObservabilityExporterConfig added in v0.20.0

func (c *RotationConfig) ObservabilityExporterConfig() *observability.Config

func (*RotationConfig) Validate added in v0.20.0

func (c *RotationConfig) Validate() error

type SMSSigningConfig added in v0.21.0

type SMSSigningConfig struct {
	// Keys determines the key manager configuration for this SMS signing
	// configuration.
	Keys keys.Config `env:", prefix=SMS_"`

	// FailClosed indicates whether authenticated SMS signature errors should fail
	// open (continue on error) or fail closed (halt and return error). In both
	// cases, a metric is logged and can be tracked for monitoring.
	//
	// This configuration only applies if authenticated SMS is enabled at the
	// system level AND a realm has configured authenticated SMS.
	//
	// The default behavior is to continue on error.
	FailClosed bool `env:"SMS_FAIL_CLOSED, default=false"`
}

SMSSigningConfig represents the settings for SMS-signing.

type ServerConfig

type ServerConfig struct {
	Firebase      FirebaseConfig
	Database      database.Config
	Observability observability.Config
	Cache         cache.Config
	Features      FeatureConfig

	// SystemNotice is an optional notice that will be presented at the top of all
	// pages on the UI if provided. It supports markdown syntax.
	SystemNotice string `env:"SYSTEM_NOTICE"`

	// Certificate signing key settings, needed for public key / settings display.
	CertificateSigning CertificateSigningConfig

	// SMSSigning defines the SMS signing configuration.
	SMSSigning SMSSigningConfig

	Port string `env:"PORT,default=8080"`

	// Login Config
	SessionDuration    time.Duration `env:"SESSION_DURATION, default=20h"`
	SessionIdleTimeout time.Duration `env:"SESSION_IDLE_TIMEOUT, default=20m"`
	RevokeCheckPeriod  time.Duration `env:"REVOKE_CHECK_DURATION, default=5m"`

	// Password Config
	PasswordRequirements PasswordRequirementsConfig

	// CookieDomain is the domain for which cookie should be valid.
	CookieDomain string `env:"COOKIE_DOMAIN"`

	// Application Config
	ServerName string `env:"SERVER_NAME,default=Exposure Notifications Verification Server"`

	// ServerEndpoint is the custom endpoint for the server (scheme + host [+
	// port]). If empty, the system will attempt to guess based on the request.
	ServerEndpoint string `env:"SERVER_ENDPOINT"`

	// Issue is configuration specific to the code issue APIs.
	Issue IssueAPIVars

	// If Dev mode is true, cookies aren't required to be sent over secure channels.
	// This includes CSRF protection base cookie. You want this false in production (the default).
	DevMode bool `env:"DEV_MODE"`

	// If MaintenanceMode is true, the server is temporarily read-only and will not issue codes.
	MaintenanceMode bool `env:"MAINTENANCE_MODE"`

	// Rate limiting configuration
	RateLimit ratelimit.Config
	// contains filtered or unexported fields
}

ServerConfig represents the environment based config for the server.

func NewServerConfig

func NewServerConfig(ctx context.Context) (*ServerConfig, error)

NewServerConfig initializes and validates a ServerConfig struct.

func (*ServerConfig) FirebaseConfig

func (c *ServerConfig) FirebaseConfig() *firebase.Config

FirebaseConfig returns the firebase SDK config based on the local env config.

func (*ServerConfig) GetAuthenticatedSMSFailClosed added in v0.23.0

func (c *ServerConfig) GetAuthenticatedSMSFailClosed() bool

func (*ServerConfig) GetFeatureConfig added in v0.23.0

func (c *ServerConfig) GetFeatureConfig() *FeatureConfig

func (*ServerConfig) GetRateLimitConfig added in v0.9.0

func (c *ServerConfig) GetRateLimitConfig() *ratelimit.Config

func (*ServerConfig) GetUserReportTimeout added in v0.25.0

func (c *ServerConfig) GetUserReportTimeout() *time.Duration

The server module doesn't handle self report.

func (*ServerConfig) IsMaintenanceMode added in v0.17.0

func (c *ServerConfig) IsMaintenanceMode() bool

func (*ServerConfig) IssueConfig added in v0.25.0

func (c *ServerConfig) IssueConfig() *IssueAPIVars

func (*ServerConfig) ObservabilityExporterConfig added in v0.3.0

func (c *ServerConfig) ObservabilityExporterConfig() *observability.Config

func (*ServerConfig) ParsedSystemNotice added in v0.23.0

func (c *ServerConfig) ParsedSystemNotice() string

func (*ServerConfig) Process added in v0.32.0

func (c *ServerConfig) Process(ctx context.Context) error

Process processes the config. This is an internal API, but is public for cross-package sharing.

func (*ServerConfig) Validate

func (c *ServerConfig) Validate() error

type StatsPullerConfig added in v0.20.0

type StatsPullerConfig struct {
	Database      database.Config
	Observability observability.Config
	Features      FeatureConfig

	// Certificate signing
	CertificateSigning CertificateSigningConfig

	// KeyServerURL is the default URL of the key server - individual realms may override it
	KeyServerURL string `env:"KEY_SERVER_URL, required"`
	// The audience value to send to the keyserver.
	// Default matches: https://github.com/google/exposure-notifications-server/blob/main/internal/verification/config.go
	KeyServerStatsAudience string        `env:"KEY_SERVER_STATS_AUDIENCE, default=keyserver"`
	FileSizeLimitBytes     int64         `env:"STATS_PULLER_SIZE_LIMIT, default=64000"`
	DownloadTimeout        time.Duration `env:"STATS_PULLER_DOWNLOAD_TIMEOUT, default=1m"`

	// Port is the port upon which to bind.
	Port string `env:"PORT, default=8080"`

	// DevMode produces additional debugging information. Do not enable in
	// production environments.
	DevMode bool `env:"DEV_MODE"`

	// MinTTL is the minimum amount of time that must elapse between attempting
	// stats-pull events. This is used to control whether the pull is actually
	// attempted at the controller layer, independent of the data layer. In
	// effect, it rate limits the number of rotation requests.
	MinTTL time.Duration `env:"MIN_TTL, default=5m"`

	// StatsPullerMinPeriod defines the period for which the stats puller will hold a lock
	// which prevents other calls from entering.
	StatsPullerMinPeriod time.Duration `env:"STATS_PULLER_MIN_PERIOD, default=5m"`

	// MaxWorkers is the maximum number of parallel workers to use when pulling
	// statistics. The value must be greater than 0.
	MaxWorkers int64 `env:"STATS_PULLER_MAX_WORKERS, default=5"`
}

StatsPullerConfig represents the environment-based configuration for the stats-puller service.

func NewStatsPullerConfig added in v0.20.0

func NewStatsPullerConfig(ctx context.Context) (*StatsPullerConfig, error)

NewStatsPullerConfig returns the config for the stats-puller service.

func (*StatsPullerConfig) ObservabilityExporterConfig added in v0.20.0

func (c *StatsPullerConfig) ObservabilityExporterConfig() *observability.Config

type TokenSigningConfig added in v0.5.1

type TokenSigningConfig struct {
	// Keys determines the key manager configuration for this token signing
	// configuration.
	Keys keys.Config `env:", prefix=TOKEN_"`

	// TokenSigningKey is the parent token signing key (not the actual signing
	// version).
	TokenSigningKey string `env:"TOKEN_SIGNING_KEY, required"`

	// TokenIssuer is the `iss` field on the JWT.
	TokenIssuer string `env:"TOKEN_ISSUER, default=diagnosis-verification-example"`
}

TokenSigningConfig represents the settings for system-wide certificate signing. These should be used if you are managing certificate keys externally.

func (*TokenSigningConfig) Validate added in v0.5.1

func (t *TokenSigningConfig) Validate() error

Validate validates the configuration.

type Validatable

type Validatable interface {
	Validate() error
}

Validatable indicates that a type can be validated.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL