generated from datumforge/go-template
/
config.go
101 lines (83 loc) · 2.99 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package config
import (
"crypto/tls"
"net/http"
"time"
echo "github.com/datumforge/echox"
"go.uber.org/zap"
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
"github.com/datumforge/datum/config"
"github.com/datumforge/datum/internal/httpserve/handlers"
"github.com/datumforge/datum/pkg/sessions"
)
var (
// DefaultConfigRefresh sets the default interval to refresh the config.
DefaultConfigRefresh = 10 * time.Minute
// DefaultTLSConfig is the default TLS config used when HTTPS is enabled
DefaultTLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
}
)
type (
// Config contains the configuration for the datum server
Config struct {
// add all the configuration settings for the datum server
Settings config.Config
// Logger contains the logger used by echo functions
Logger *zap.SugaredLogger
// Routes contains the handler functions
Routes []http.Handler
// DefaultMiddleware to enable on the echo server used on all requests
DefaultMiddleware []echo.MiddlewareFunc
// GraphMiddleware to enable on the echo server used on graph requests
GraphMiddleware []echo.MiddlewareFunc
// Handler contains the required settings for REST handlers including ready checks and JWT keys
Handler handlers.Handler
// SessionConfig manages sessions for users
SessionConfig *sessions.SessionConfig
}
)
// Ensure that *Config implements ConfigProvider interface.
var _ ConfigProvider = &Config{}
// GetConfig implements ConfigProvider.
func (c *Config) GetConfig() (*Config, error) {
return c, nil
}
// WithTLSDefaults sets tls default settings assuming a default cert and key file location.
func (c Config) WithTLSDefaults() Config {
c.WithDefaultTLSConfig()
return c
}
// WithDefaultTLSConfig sets the default TLS Configuration
func (c Config) WithDefaultTLSConfig() Config {
c.Settings.Server.TLS.Enabled = true
c.Settings.Server.TLS.Config = DefaultTLSConfig
return c
}
// WithTLSCerts sets the TLS Cert and Key locations
func (c *Config) WithTLSCerts(certFile, certKey string) *Config {
c.Settings.Server.TLS.CertFile = certFile
c.Settings.Server.TLS.CertKey = certKey
return c
}
// WithAutoCert generates a letsencrypt certificate, a valid host must be provided
func (c *Config) WithAutoCert(host string) *Config {
autoTLSManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
// Cache certificates to avoid issues with rate limits (https://letsencrypt.org/docs/rate-limits)
Cache: autocert.DirCache("/var/www/.cache"),
HostPolicy: autocert.HostWhitelist(host),
}
c.Settings.Server.TLS.Enabled = true
c.Settings.Server.TLS.Config = DefaultTLSConfig
c.Settings.Server.TLS.Config.GetCertificate = autoTLSManager.GetCertificate
c.Settings.Server.TLS.Config.NextProtos = []string{acme.ALPNProto}
return c
}