config

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 11, 2026 License: AGPL-3.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	Port        string
	Environment string
	BaseURL     string

	DatabaseURL string

	JWTSecret         string
	LicenseSigningKey string

	StripeSecretKey     string
	StripeWebhookSecret string
	// StripeLivemode tells the webhook handler which environment to
	// trust. A mismatch between this flag and event.Livemode is a
	// configuration error or a forged delivery; either way the
	// handler must reject. Auto-derived from the secret key prefix
	// (sk_live_ vs sk_test_) unless STRIPE_LIVEMODE is set explicitly.
	StripeLivemode bool

	WebhookMaxAttempts    int
	WebhookRetryInterval  string
	WebhookHTTPTimeout    string
	QuotaWarningThreshold float64

	SMTPHost     string
	SMTPPort     string
	SMTPUsername string
	SMTPPassword string
	SMTPFrom     string

	RedisURL string

	RateLimitAPI   int
	RateLimitAdmin int
	RateLimitAuth  int

	// Brute-force protection on /license/* — caps repeated bad license
	// keys per IP. In tests these defaults are too tight, so they're
	// configurable via env: BF_MAX_FAILS=5 / BF_LOCKOUT=30s / etc.
	BFMaxFails       int
	BFLockoutSeconds int

	AdminEmails []string

	// ─── Storage (release artifacts: R2 / S3 / S3-compatible) ───
	// All fields are optional. The storage subsystem is enabled iff
	// StorageBucket is non-empty and credentials are present. When disabled,
	// release endpoints return 503 — license/billing functions are unaffected.
	StorageEndpoint       string // e.g. https://<account>.r2.cloudflarestorage.com (empty = AWS S3)
	StorageRegion         string // R2 uses "auto"; AWS S3 uses real region
	StorageBucket         string
	StorageAccessKey      string
	StorageSecretKey      string
	StoragePublicURL      string // optional CDN URL prefix for public reads (not used for license-gated downloads)
	StorageForcePathStyle bool   // true for MinIO and some self-hosted S3 gateways

	// Presigned URL TTLs.
	StorageUploadTTL   string // default "1h"
	StorageDownloadTTL string // default "10m"

	// ReleaseKeyEncryptionKey is a 64-char hex string (32 bytes) used as the
	// AES-256-GCM master key for encrypting product release-signing private
	// keys at rest. Required when storage is enabled.
	//
	// Operational notes:
	//   - Generate via: openssl rand -hex 32
	//   - Rotation requires re-encrypting all release_signing_keys rows.
	//     There is no automatic migration on key change — the operator must
	//     run a re-encryption script, otherwise existing keys become
	//     undecryptable and signing fails.
	//   - Losing this key permanently locks all signed releases.
	ReleaseKeyEncryptionKey string

	// MaxReleaseSignSize caps the largest artifact we will sign server-side.
	// Pure Ed25519 requires the full message in memory; 500 MB is a
	// reasonable default that doesn't OOM modest VMs. Larger artifacts
	// must use unsigned mode (Phase 3 will add streaming via tempfile).
	MaxReleaseSignSize int64
}

func Load

func Load() (*Config, error)

func (*Config) IsAdminEmail

func (c *Config) IsAdminEmail(email string) bool

IsAdminEmail checks if an email is in the ADMIN_EMAILS list. Used for backward compatibility and initial setup bootstrap. In normal operation, admin status is determined by the user's role in the database.

func (*Config) IsDevLoginAllowed

func (c *Config) IsDevLoginAllowed() bool

func (*Config) IsMasterEncryptionKeyConfigured added in v0.1.1

func (c *Config) IsMasterEncryptionKeyConfigured() bool

IsMasterEncryptionKeyConfigured reports whether the operator supplied the AES-256 master key that's used to derive subkeys for:

  • license_key at-rest encryption
  • release artifact signing private keys

These two features are independently useful: a deployment that never distributes binaries can still benefit from license-key encryption. We therefore treat the master key as orthogonal to storage.

func (*Config) IsProduction

func (c *Config) IsProduction() bool

func (*Config) IsStorageEnabled added in v0.1.1

func (c *Config) IsStorageEnabled() bool

IsStorageEnabled reports whether the storage subsystem (release artifacts) has the minimum required configuration. Endpoint/region/path-style are optional — only bucket+credentials are mandatory.

func (*Config) ValidateSecurityDefaults

func (c *Config) ValidateSecurityDefaults() (warnings []string, fatal []string)

ValidateSecurityDefaults checks for common misconfigurations that could lead to security vulnerabilities in production deployments. Returns a list of warnings (non-fatal) and errors (fatal).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL