steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity
Files
9cc0caff1e7e86de6bbf014a2728bd58dcfce044
restic-manager/internal/server/config/config.go
T
steve df2c584b23 phase 1: HTTP server + first-run bootstrap 
P1-01 chi router, slog request log, graceful shutdown via signal
  context. Health endpoint, /api/auth/login, /api/auth/logout,
  /api/bootstrap. Background sweeper for expired sessions and
  enrollment tokens (15 min cadence).

P1-04 (sessions half) HttpOnly Secure-when-TLS cookie carrying a
  base64url token; server stores SHA-256(token) so a stolen DB
  doesn't yield credentials. Unknown user and bad password collapse
  to the same 401 response code so a probe can't enumerate names.

P1-05 first-run admin bootstrap. On a fresh DB the server mints a
  one-time token and prints it to stderr inside a banner. The
  /api/bootstrap handler accepts {token, username, password},
  creates the first admin, then becomes a 409 forever.

P1-07 (partial) audit hooks fire on auth.login and auth.bootstrap.
  Full middleware-driven coverage lands with the rest of the API.

internal/server/config: env > YAML > defaults. RM_LISTEN /
  RM_DATA_DIR / RM_BASE_URL / RM_TLS_CERT / RM_TLS_KEY /
  RM_SECRET_KEY_FILE / RM_TRUSTED_PROXY (CIDR list, validated).

End-to-end smoke test passes: server boots on a fresh dir,
prints the bootstrap token, POST /api/bootstrap creates the admin,
POST /api/auth/login returns 200 with a session cookie.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 00:28:18 +01:00

115 lines
3.1 KiB
Go
Raw Blame History

// Package config loads server configuration from env vars (the
// canonical source) with optional YAML overlay. Documented vars are
// listed in spec.md §4.1.
package config
import (
"fmt"
"net"
"net/netip"
"os"
"strings"
"gopkg.in/yaml.v3"
)
// Config holds runtime parameters resolved from env + (optionally) a
// YAML file. Env wins over YAML so operators can tweak a single var
// without rewriting the file.
type Config struct {
Listen string `yaml:"listen"`
DataDir string `yaml:"data_dir"`
BaseURL string `yaml:"base_url"`
TLSCert string `yaml:"tls_cert"`
TLSKey string `yaml:"tls_key"`
SecretKeyFile string `yaml:"secret_key_file"`
TrustedProxies []string `yaml:"trusted_proxies"`
}
// Load resolves config in this order:
// 1. defaults
// 2. YAML at the given path (if non-empty and exists)
// 3. environment variables (RM_LISTEN, RM_DATA_DIR, …)
//
// The result is validated; a zero-error return means the server is
// safe to start.
func Load(yamlPath string) (Config, error) {
c := Config{
Listen: ":8443",
DataDir: "/data",
}
if yamlPath != "" {
body, err := os.ReadFile(yamlPath)
if err != nil && !os.IsNotExist(err) {
return c, fmt.Errorf("config: read %q: %w", yamlPath, err)
}
if err == nil {
if err := yaml.Unmarshal(body, &c); err != nil {
return c, fmt.Errorf("config: parse %q: %w", yamlPath, err)
}
}
}
if v, ok := os.LookupEnv("RM_LISTEN"); ok {
c.Listen = v
}
if v, ok := os.LookupEnv("RM_DATA_DIR"); ok {
c.DataDir = v
}
if v, ok := os.LookupEnv("RM_BASE_URL"); ok {
c.BaseURL = v
}
if v, ok := os.LookupEnv("RM_TLS_CERT"); ok {
c.TLSCert = v
}
if v, ok := os.LookupEnv("RM_TLS_KEY"); ok {
c.TLSKey = v
}
if v, ok := os.LookupEnv("RM_SECRET_KEY_FILE"); ok {
c.SecretKeyFile = v
}
if v, ok := os.LookupEnv("RM_TRUSTED_PROXY"); ok {
// Comma-separated CIDRs; allow whitespace for readability.
parts := strings.Split(v, ",")
c.TrustedProxies = c.TrustedProxies[:0]
for _, p := range parts {
p = strings.TrimSpace(p)
if p != "" {
c.TrustedProxies = append(c.TrustedProxies, p)
}
}
}
return c, c.validate()
}
func (c *Config) validate() error {
if c.Listen == "" {
return fmt.Errorf("config: RM_LISTEN must be set")
}
if _, _, err := net.SplitHostPort(c.Listen); err != nil {
return fmt.Errorf("config: RM_LISTEN %q invalid: %w", c.Listen, err)
}
if c.DataDir == "" {
return fmt.Errorf("config: RM_DATA_DIR must be set")
}
if c.SecretKeyFile == "" {
// Default to data dir.
c.SecretKeyFile = c.DataDir + "/secret.key"
}
for _, cidr := range c.TrustedProxies {
if _, err := netip.ParsePrefix(cidr); err != nil {
return fmt.Errorf("config: RM_TRUSTED_PROXY entry %q is not a valid CIDR: %w", cidr, err)
}
}
// TLS pair: either both set or both unset (HTTP-only mode for dev).
if (c.TLSCert == "") != (c.TLSKey == "") {
return fmt.Errorf("config: RM_TLS_CERT and RM_TLS_KEY must be set together (or both unset)")
}
return nil
}
// TLSEnabled is true when both cert and key are configured.
func (c Config) TLSEnabled() bool { return c.TLSCert != "" && c.TLSKey != "" }
Reference in New Issue View Git Blame Copy Permalink