Documentation
¶
Index ¶
- type Config
- func (c *Config) IsAdminEmail(email string) bool
- func (c *Config) IsDevLoginAllowed() bool
- func (c *Config) IsMasterEncryptionKeyConfigured() bool
- func (c *Config) IsProduction() bool
- func (c *Config) IsStorageEnabled() bool
- func (c *Config) ValidateSecurityDefaults() (warnings []string, fatal []string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Port string
Environment string
BaseURL string
DatabaseURL string
JWTSecret string
LicenseSigningKey string
StripeSecretKey string
StripeWebhookSecret string
// StripeLivemode tells the webhook handler which environment to
// trust. A mismatch between this flag and event.Livemode is a
// configuration error or a forged delivery; either way the
// handler must reject. Auto-derived from the secret key prefix
// (sk_live_ vs sk_test_) unless STRIPE_LIVEMODE is set explicitly.
StripeLivemode bool
WebhookMaxAttempts int
WebhookRetryInterval string
WebhookHTTPTimeout string
QuotaWarningThreshold float64
SMTPHost string
SMTPPort string
SMTPUsername string
SMTPPassword string
SMTPFrom string
RedisURL string
RateLimitAPI int
RateLimitAdmin int
RateLimitAuth int
// Brute-force protection on /license/* — caps repeated bad license
// keys per IP. In tests these defaults are too tight, so they're
// configurable via env: BF_MAX_FAILS=5 / BF_LOCKOUT=30s / etc.
BFMaxFails int
BFLockoutSeconds int
AdminEmails []string
// ─── Storage (release artifacts: R2 / S3 / S3-compatible) ───
// All fields are optional. The storage subsystem is enabled iff
// StorageBucket is non-empty and credentials are present. When disabled,
// release endpoints return 503 — license/billing functions are unaffected.
StorageEndpoint string // e.g. https://<account>.r2.cloudflarestorage.com (empty = AWS S3)
StorageRegion string // R2 uses "auto"; AWS S3 uses real region
StorageBucket string
StorageAccessKey string
StorageSecretKey string
StoragePublicURL string // optional CDN URL prefix for public reads (not used for license-gated downloads)
StorageForcePathStyle bool // true for MinIO and some self-hosted S3 gateways
// Presigned URL TTLs.
StorageUploadTTL string // default "1h"
StorageDownloadTTL string // default "10m"
// ReleaseKeyEncryptionKey is a 64-char hex string (32 bytes) used as the
// AES-256-GCM master key for encrypting product release-signing private
// keys at rest. Required when storage is enabled.
//
// Operational notes:
// - Generate via: openssl rand -hex 32
// - Rotation requires re-encrypting all release_signing_keys rows.
// There is no automatic migration on key change — the operator must
// run a re-encryption script, otherwise existing keys become
// undecryptable and signing fails.
// - Losing this key permanently locks all signed releases.
ReleaseKeyEncryptionKey string
// MaxReleaseSignSize caps the largest artifact we will sign server-side.
// Pure Ed25519 requires the full message in memory; 500 MB is a
// reasonable default that doesn't OOM modest VMs. Larger artifacts
// must use unsigned mode (Phase 3 will add streaming via tempfile).
MaxReleaseSignSize int64
}
func (*Config) IsAdminEmail ¶
IsAdminEmail checks if an email is in the ADMIN_EMAILS list. Used for backward compatibility and initial setup bootstrap. In normal operation, admin status is determined by the user's role in the database.
func (*Config) IsDevLoginAllowed ¶
func (*Config) IsMasterEncryptionKeyConfigured ¶ added in v0.1.1
IsMasterEncryptionKeyConfigured reports whether the operator supplied the AES-256 master key that's used to derive subkeys for:
- license_key at-rest encryption
- release artifact signing private keys
These two features are independently useful: a deployment that never distributes binaries can still benefit from license-key encryption. We therefore treat the master key as orthogonal to storage.
func (*Config) IsProduction ¶
func (*Config) IsStorageEnabled ¶ added in v0.1.1
IsStorageEnabled reports whether the storage subsystem (release artifacts) has the minimum required configuration. Endpoint/region/path-style are optional — only bucket+credentials are mandatory.
func (*Config) ValidateSecurityDefaults ¶
ValidateSecurityDefaults checks for common misconfigurations that could lead to security vulnerabilities in production deployments. Returns a list of warnings (non-fatal) and errors (fatal).