package schema import ( "net/url" "time" ) // ServerConfiguration represents the configuration of the http server. type ServerConfiguration struct { Address *AddressTCP `koanf:"address"` AssetPath string `koanf:"asset_path"` DisableHealthcheck bool `koanf:"disable_healthcheck"` DisableAutoHttpsRedirect bool `koanf:"disable_autho_https_redirect"` UseIPInsteadOfUserForBan bool `koanf:"use_ip_for_ban"` TLS ServerTLS `koanf:"tls"` Headers ServerHeaders `koanf:"headers"` Endpoints ServerEndpoints `koanf:"endpoints"` GRPC ServerGRPC `koanf:"grpc"` Buffers ServerBuffers `koanf:"buffers"` Timeouts ServerTimeouts `koanf:"timeouts"` // Deprecated: use address instead. Host string `koanf:"host"` // Deprecated: use address instead. Port int `koanf:"port"` // Deprecated: use address instead. Path string `koanf:"path"` } // ServerEndpoints is the endpoints configuration for the HTTP server. type ServerEndpoints struct { EnablePprof bool `koanf:"enable_pprof"` EnableExpvars bool `koanf:"enable_expvars"` Authz map[string]ServerAuthzEndpoint `koanf:"authz"` } // ServerAuthzEndpoint is the Authz endpoints configuration for the HTTP server. type ServerAuthzEndpoint struct { Implementation string `koanf:"implementation"` AuthnStrategies []ServerAuthzEndpointAuthnStrategy `koanf:"authn_strategies"` } // ServerAuthzEndpointAuthnStrategy is the Authz endpoints configuration for the HTTP server. type ServerAuthzEndpointAuthnStrategy struct { Name string `koanf:"name"` } // ServerTLS represents the configuration of the http servers TLS options. type ServerTLS struct { Certificate string `koanf:"certificate"` Key string `koanf:"key"` ClientCertificates []string `koanf:"client_certificates"` } // ServerHeaders represents the customization of the http server headers. type ServerHeaders struct { CSPTemplate string `koanf:"csp_template"` } // ServerGRCP contains configuration options for the gRCP server. type ServerGRPC struct { // Address with port to listen on. If this field is empty, no grcp server // will be spawned. Address *AddressTCP `koanf:"address"` DisableTLS bool `koanf:"disableTLS"` } // DefaultServerConfiguration represents the default values of the ServerConfiguration. var DefaultServerConfiguration = ServerConfiguration{ Address: &AddressTCP{Address{true, false, -1, 9091, &url.URL{Scheme: AddressSchemeTCP, Host: ":9091", Path: "/"}}}, Buffers: ServerBuffers{ Read: 4096, Write: 4096, }, Timeouts: ServerTimeouts{ Read: time.Second * 6, Write: time.Second * 6, Idle: time.Second * 30, }, Endpoints: ServerEndpoints{ Authz: map[string]ServerAuthzEndpoint{ "legacy": { Implementation: "Legacy", }, "auth-request": { Implementation: "AuthRequest", AuthnStrategies: []ServerAuthzEndpointAuthnStrategy{ { Name: "HeaderAuthRequestProxyAuthorization", }, { Name: "CookieSession", }, }, }, "forward-auth": { Implementation: "ForwardAuth", AuthnStrategies: []ServerAuthzEndpointAuthnStrategy{ { Name: "HeaderProxyAuthorization", }, { Name: "CookieSession", }, }, }, "ext-authz": { Implementation: "ExtAuthz", AuthnStrategies: []ServerAuthzEndpointAuthnStrategy{ { Name: "HeaderProxyAuthorization", }, { Name: "CookieSession", }, }, }, }, }, }