mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-03 02:39:52 -06:00
144 lines
5.2 KiB
Go
144 lines
5.2 KiB
Go
package config
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/owncloud/ocis/ocis-pkg/shared"
|
|
)
|
|
|
|
// Config combines all available configuration parts.
|
|
type Config struct {
|
|
*shared.Commons
|
|
|
|
Service Service
|
|
|
|
Tracing Tracing `ocisConfig:"tracing"`
|
|
Log *Log `ocisConfig:"log"`
|
|
Debug Debug `ocisConfig:"debug"`
|
|
|
|
HTTP HTTP `ocisConfig:"http"`
|
|
|
|
Reva Reva `ocisConfig:"reva"`
|
|
|
|
Policies []Policy `ocisConfig:"policies"`
|
|
OIDC OIDC `ocisConfig:"oidc"`
|
|
TokenManager TokenManager `ocisConfig:"token_manager"`
|
|
PolicySelector *PolicySelector `ocisConfig:"policy_selector"`
|
|
PreSignedURL PreSignedURL `ocisConfig:"pre_signed_url"`
|
|
AccountBackend string `ocisConfig:"account_backend" env:"PROXY_ACCOUNT_BACKEND_TYPE"`
|
|
UserOIDCClaim string `ocisConfig:"user_oidc_claim" env:"PROXY_USER_OIDC_CLAIM"`
|
|
UserCS3Claim string `ocisConfig:"user_cs3_claim" env:"PROXY_USER_CS3_CLAIM"`
|
|
MachineAuthAPIKey string `ocisConfig:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;PROXY_MACHINE_AUTH_API_KEY"`
|
|
AutoprovisionAccounts bool `ocisConfig:"auto_provision_accounts" env:"PROXY_AUTOPROVISION_ACCOUNTS"`
|
|
EnableBasicAuth bool `ocisConfig:"enable_basic_auth" env:"PROXY_ENABLE_BASIC_AUTH"`
|
|
InsecureBackends bool `ocisConfig:"insecure_backends" env:"PROXY_INSECURE_BACKENDS"`
|
|
AuthMiddleware AuthMiddleware `ocisConfig:"auth_middleware"`
|
|
|
|
Context context.Context
|
|
}
|
|
|
|
// Policy enables us to use multiple directors.
|
|
type Policy struct {
|
|
Name string `ocisConfig:"name"`
|
|
Routes []Route `ocisConfig:"routes"`
|
|
}
|
|
|
|
// Route define forwarding routes
|
|
type Route struct {
|
|
Type RouteType `ocisConfig:"type"`
|
|
Endpoint string `ocisConfig:"endpoint"`
|
|
Backend string `ocisConfig:"backend"`
|
|
ApacheVHost bool `ocisConfig:"apache-vhost"`
|
|
}
|
|
|
|
// RouteType defines the type of a route
|
|
type RouteType string
|
|
|
|
const (
|
|
// PrefixRoute are routes matched by a prefix
|
|
PrefixRoute RouteType = "prefix"
|
|
// QueryRoute are routes matched by a prefix and query parameters
|
|
QueryRoute RouteType = "query"
|
|
// RegexRoute are routes matched by a pattern
|
|
RegexRoute RouteType = "regex"
|
|
// DefaultRouteType is the PrefixRoute
|
|
DefaultRouteType RouteType = PrefixRoute
|
|
)
|
|
|
|
var (
|
|
// RouteTypes is an array of the available route types
|
|
RouteTypes = []RouteType{QueryRoute, RegexRoute, PrefixRoute}
|
|
)
|
|
|
|
// AuthMiddleware configures the proxy http auth middleware.
|
|
type AuthMiddleware struct {
|
|
CredentialsByUserAgent map[string]string `ocisConfig:"credentials_by_user_agent"`
|
|
}
|
|
|
|
// OIDC is the config for the OpenID-Connect middleware. If set the proxy will try to authenticate every request
|
|
// with the configured oidc-provider
|
|
type OIDC struct {
|
|
Issuer string `ocisConfig:"issuer" env:"OCIS_URL;PROXY_OIDC_ISSUER"`
|
|
Insecure bool `ocisConfig:"insecure" env:"OCIS_INSECURE;PROXY_OIDC_INSECURE"`
|
|
UserinfoCache UserinfoCache `ocisConfig:"user_info_cache"`
|
|
}
|
|
|
|
// UserinfoCache is a TTL cache configuration.
|
|
type UserinfoCache struct {
|
|
Size int `ocisConfig:"size" env:"PROXY_OIDC_USERINFO_CACHE_SIZE"`
|
|
TTL int `ocisConfig:"ttl" env:"PROXY_OIDC_USERINFO_CACHE_TTL"`
|
|
}
|
|
|
|
// PolicySelector is the toplevel-configuration for different selectors
|
|
type PolicySelector struct {
|
|
Static *StaticSelectorConf `ocisConfig:"static"`
|
|
Migration *MigrationSelectorConf `ocisConfig:"migration"`
|
|
Claims *ClaimsSelectorConf `ocisConfig:"claims"`
|
|
Regex *RegexSelectorConf `ocisConfig:"regex"`
|
|
}
|
|
|
|
// StaticSelectorConf is the config for the static-policy-selector
|
|
type StaticSelectorConf struct {
|
|
Policy string `ocisConfig:"policy"`
|
|
}
|
|
|
|
// TokenManager is the config for using the reva token manager
|
|
type TokenManager struct {
|
|
JWTSecret string `ocisConfig:"jwt_secret" env:"OCIS_JWT_SECRET;PROXY_JWT_SECRET"`
|
|
}
|
|
|
|
// PreSignedURL is the config for the presigned url middleware
|
|
type PreSignedURL struct {
|
|
AllowedHTTPMethods []string `ocisConfig:"allowed_http_methods"`
|
|
Enabled bool `ocisConfig:"enabled" env:"PROXY_ENABLE_PRESIGNEDURLS"`
|
|
}
|
|
|
|
// MigrationSelectorConf is the config for the migration-selector
|
|
type MigrationSelectorConf struct {
|
|
AccFoundPolicy string `ocisConfig:"acc_found_policy"`
|
|
AccNotFoundPolicy string `ocisConfig:"acc_not_found_policy"`
|
|
UnauthenticatedPolicy string `ocisConfig:"unauthenticated_policy"`
|
|
}
|
|
|
|
// ClaimsSelectorConf is the config for the claims-selector
|
|
type ClaimsSelectorConf struct {
|
|
DefaultPolicy string `ocisConfig:"default_policy"`
|
|
UnauthenticatedPolicy string `ocisConfig:"unauthenticated_policy"`
|
|
SelectorCookieName string `ocisConfig:"selector_cookie_name"`
|
|
}
|
|
|
|
// RegexSelectorConf is the config for the regex-selector
|
|
type RegexSelectorConf struct {
|
|
DefaultPolicy string `ocisConfig:"default_policy"`
|
|
MatchesPolicies []RegexRuleConf `ocisConfig:"matches_policies"`
|
|
UnauthenticatedPolicy string `ocisConfig:"unauthenticated_policy"`
|
|
SelectorCookieName string `ocisConfig:"selector_cookie_name"`
|
|
}
|
|
|
|
type RegexRuleConf struct {
|
|
Priority int `ocisConfig:"priority"`
|
|
Property string `ocisConfig:"property"`
|
|
Match string `ocisConfig:"match"`
|
|
Policy string `ocisConfig:"policy"`
|
|
}
|