h/golib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb6820f26931bece0cdad70d8e74bdd09dc8a20a
golib/hwsauth/config.go
Haelnorr 380e366891 updated to use new modules
2026-02-25 22:20:09 +11:00

56 lines
2.7 KiB
Go
Raw Blame History

package hwsauth
import (
"git.haelnorr.com/h/golib/env"
"git.haelnorr.com/h/golib/jwt"
"github.com/pkg/errors"
)
// Config holds the configuration settings for the authenticator.
// All time-based settings are in minutes.
type Config struct {
SSL bool `ezconf:"HWSAUTH_SSL,description:Enable SSL secure cookies,default:false"`
TrustedHost string `ezconf:"HWSAUTH_TRUSTED_HOST,description:Full server address for SSL,required:if SSL is true"`
SecretKey string `ezconf:"HWSAUTH_SECRET_KEY,description:Secret key for signing JWT tokens,required"`
AccessTokenExpiry int64 `ezconf:"HWSAUTH_ACCESS_TOKEN_EXPIRY,description:Access token expiry in minutes,default:5"`
RefreshTokenExpiry int64 `ezconf:"HWSAUTH_REFRESH_TOKEN_EXPIRY,description:Refresh token expiry in minutes,default:1440"`
TokenFreshTime int64 `ezconf:"HWSAUTH_TOKEN_FRESH_TIME,description:Token fresh time in minutes,default:5"`
LandingPage string `ezconf:"HWSAUTH_LANDING_PAGE,description:Redirect destination for authenticated users,default:/profile"`
DatabaseType string `ezconf:"HWSAUTH_DATABASE_TYPE,description:Database type (postgres mysql sqlite mariadb),default:postgres"`
DatabaseVersion string `ezconf:"HWSAUTH_DATABASE_VERSION,description:Database version string,default:15"`
JWTTableName string `ezconf:"HWSAUTH_JWT_TABLE_NAME,description:Custom JWT blacklist table name,default:jwtblacklist"`
}
// ConfigFromEnv loads configuration from environment variables.
//
// Required environment variables:
// - HWSAUTH_SECRET_KEY: Secret key for JWT signing
// - HWSAUTH_TRUSTED_HOST: Required if HWSAUTH_SSL is true
//
// Returns an error if required variables are missing or invalid.
func ConfigFromEnv() (*Config, error) {
ssl := env.Bool("HWSAUTH_SSL", false)
trustedHost := env.String("HWSAUTH_TRUSTED_HOST", "")
if ssl && trustedHost == "" {
return nil, errors.New("SSL is enabled and no HWS_TRUSTED_HOST set")
}
cfg := &Config{
SSL: ssl,
TrustedHost: trustedHost,
SecretKey: env.String("HWSAUTH_SECRET_KEY", ""),
AccessTokenExpiry: env.Int64("HWSAUTH_ACCESS_TOKEN_EXPIRY", 5),
RefreshTokenExpiry: env.Int64("HWSAUTH_REFRESH_TOKEN_EXPIRY", 1440),
TokenFreshTime: env.Int64("HWSAUTH_TOKEN_FRESH_TIME", 5),
LandingPage: env.String("HWSAUTH_LANDING_PAGE", "/profile"),
DatabaseType: env.String("HWSAUTH_DATABASE_TYPE", jwt.DatabasePostgreSQL),
DatabaseVersion: env.String("HWSAUTH_DATABASE_VERSION", "15"),
JWTTableName: env.String("HWSAUTH_JWT_TABLE_NAME", "jwtblacklist"),
}
if cfg.SecretKey == "" {
return nil, errors.New("Envar not set: HWSAUTH_SECRET_KEY")
}
return cfg, nil
}
Reference in New Issue View Git Blame Copy Permalink