mirror of
https://github.com/h44z/wg-portal.git
synced 2025-09-15 07:11:15 +00:00
chore: get rid of static code warnings
This commit is contained in:
Christoph Haas
@@ -9,24 +9,37 @@ import (
|
||||
)
|
||||
|
||||
type Auth struct {
|
||||
// OpenIDConnect contains a list of OpenID Connect providers.
|
||||
OpenIDConnect []OpenIDConnectProvider `yaml:"oidc"`
|
||||
OAuth []OAuthProvider `yaml:"oauth"`
|
||||
Ldap []LdapProvider `yaml:"ldap"`
|
||||
// OAuth contains a list of plain OAuth providers.
|
||||
OAuth []OAuthProvider `yaml:"oauth"`
|
||||
// Ldap contains a list of LDAP providers.
|
||||
Ldap []LdapProvider `yaml:"ldap"`
|
||||
}
|
||||
|
||||
type BaseFields struct {
|
||||
// UserIdentifier is the name of the field that contains the user identifier.
|
||||
UserIdentifier string `yaml:"user_identifier"`
|
||||
Email string `yaml:"email"`
|
||||
Firstname string `yaml:"firstname"`
|
||||
Lastname string `yaml:"lastname"`
|
||||
Phone string `yaml:"phone"`
|
||||
Department string `yaml:"department"`
|
||||
// Email is the name of the field that contains the user's email address.
|
||||
Email string `yaml:"email"`
|
||||
// Firstname is the name of the field that contains the user's first name.
|
||||
Firstname string `yaml:"firstname"`
|
||||
// Lastname is the name of the field that contains the user's last name.
|
||||
Lastname string `yaml:"lastname"`
|
||||
// Phone is the name of the field that contains the user's phone number.
|
||||
Phone string `yaml:"phone"`
|
||||
// Department is the name of the field that contains the user's department.
|
||||
Department string `yaml:"department"`
|
||||
}
|
||||
|
||||
type OauthFields struct {
|
||||
BaseFields `yaml:",inline"`
|
||||
IsAdmin string `yaml:"is_admin"` // If the value is "true", the user is an admin.
|
||||
UserGroups string `yaml:"user_groups"` // This value specifies the claim name that contains the users groups.
|
||||
// IsAdmin is the name of the field that contains the admin flag.
|
||||
// If the value matches the admin_value_regex, the user is an admin. See OauthAdminMapping for more details.
|
||||
IsAdmin string `yaml:"is_admin"`
|
||||
// UserGroups is the name of the field that contains the user's groups.
|
||||
// If the value matches the admin_group_regex, the user is an admin. See OauthAdminMapping for more details.
|
||||
UserGroups string `yaml:"user_groups"`
|
||||
}
|
||||
|
||||
// OauthAdminMapping contains all necessary information to extract information about administrative privileges
|
||||
@@ -40,7 +53,7 @@ type OauthAdminMapping struct {
|
||||
// If the regex specified in that field matches the contents of the is_admin field, the user is an admin.
|
||||
AdminValueRegex string `yaml:"admin_value_regex"`
|
||||
|
||||
// If any of the groups listed in the groups field matches the group specified in the admin_group_regex field, ]
|
||||
// If any of the groups listed in the groups field matches the group specified in the admin_group_regex field,
|
||||
// the user is an admin.
|
||||
AdminGroupRegex string `yaml:"admin_group_regex"`
|
||||
|
||||
@@ -50,6 +63,8 @@ type OauthAdminMapping struct {
|
||||
adminGroupRegex *regexp.Regexp
|
||||
}
|
||||
|
||||
// GetAdminValueRegex returns the compiled regular expression for the admin_value_regex field.
|
||||
// If the field is empty, the default value "^true$" is used.
|
||||
func (o *OauthAdminMapping) GetAdminValueRegex() *regexp.Regexp {
|
||||
if o.adminValueRegex != nil {
|
||||
return o.adminValueRegex // return cached value
|
||||
@@ -69,6 +84,8 @@ func (o *OauthAdminMapping) GetAdminValueRegex() *regexp.Regexp {
|
||||
return o.adminValueRegex
|
||||
}
|
||||
|
||||
// GetAdminGroupRegex returns the compiled regular expression for the admin_group_regex field.
|
||||
// If the field is empty, the default value "^wg_portal_default_admin_group$" is used.
|
||||
func (o *OauthAdminMapping) GetAdminGroupRegex() *regexp.Regexp {
|
||||
if o.adminGroupRegex != nil {
|
||||
return o.adminGroupRegex // return cached value
|
||||
@@ -89,7 +106,8 @@ func (o *OauthAdminMapping) GetAdminGroupRegex() *regexp.Regexp {
|
||||
}
|
||||
|
||||
type LdapFields struct {
|
||||
BaseFields `yaml:",inline"`
|
||||
BaseFields `yaml:",inline"`
|
||||
// GroupMembership is the name of the LDAP field that contains the groups to which the user belongs.
|
||||
GroupMembership string `yaml:"memberof"`
|
||||
}
|
||||
|
||||
@@ -97,27 +115,43 @@ type LdapProvider struct {
|
||||
// ProviderName is an internal name that is used to distinguish LDAP servers. It must not contain spaces or special characters.
|
||||
ProviderName string `yaml:"provider_name"`
|
||||
|
||||
URL string `yaml:"url"`
|
||||
StartTLS bool `yaml:"start_tls"`
|
||||
CertValidation bool `yaml:"cert_validation"`
|
||||
// URL is the LDAP server URL, e.g. ldap://srv-ad01.company.local:389
|
||||
URL string `yaml:"url"`
|
||||
// StartTLS specifies whether STARTTLS should be used to secure the LDAP connection
|
||||
StartTLS bool `yaml:"start_tls"`
|
||||
// CertValidation specifies whether the LDAP server's TLS certificate should be validated
|
||||
CertValidation bool `yaml:"cert_validation"`
|
||||
// TlsCertificatePath is the path to a TLS certificate if needed for LDAP connections
|
||||
TlsCertificatePath string `yaml:"tls_certificate_path"`
|
||||
TlsKeyPath string `yaml:"tls_key_path"`
|
||||
// TlsKeyPath is the path to the corresponding TLS certificate key
|
||||
TlsKeyPath string `yaml:"tls_key_path"`
|
||||
|
||||
BaseDN string `yaml:"base_dn"`
|
||||
// BaseDN is the base DN for user searches
|
||||
BaseDN string `yaml:"base_dn"`
|
||||
// BindUser is the bind user for LDAP. It is used to search for users.
|
||||
BindUser string `yaml:"bind_user"`
|
||||
// BindPass is the bind password for LDAP
|
||||
BindPass string `yaml:"bind_pass"`
|
||||
|
||||
// FieldMap is used to map the names of the LDAP fields to wg-portal fields
|
||||
FieldMap LdapFields `yaml:"field_map"`
|
||||
|
||||
LoginFilter string `yaml:"login_filter"` // {{login_identifier}} gets replaced with the login email address / username
|
||||
AdminGroupDN string `yaml:"admin_group"` // Members of this group receive admin rights in WG-Portal
|
||||
// LoginFilter is used to select which users can log in.
|
||||
// Use the placeholder {{login_identifier}} to insert the username.
|
||||
LoginFilter string `yaml:"login_filter"`
|
||||
// AdminGroupDN is the DN of the group that contains the administrators.
|
||||
// Members of this group receive admin rights in wg-portal
|
||||
AdminGroupDN string `yaml:"admin_group"`
|
||||
// ParsedAdminGroupDN is the parsed version of AdminGroupDN
|
||||
ParsedAdminGroupDN *ldap.DN `yaml:"-"`
|
||||
|
||||
// If DisableMissing is true, missing users will be deactivated
|
||||
DisableMissing bool `yaml:"disable_missing"`
|
||||
// If AutoReEnable is true, users that where disabled because they were missing will be re-enabled once they are found again
|
||||
AutoReEnable bool `yaml:"auto_re_enable"`
|
||||
SyncFilter string `yaml:"sync_filter"`
|
||||
AutoReEnable bool `yaml:"auto_re_enable"`
|
||||
// SyncFilter is used to select which users get synchronized into wg-portal
|
||||
SyncFilter string `yaml:"sync_filter"`
|
||||
// SyncInterval is the interval between consecutive LDAP user syncs. If it is 0, sync is disabled.
|
||||
SyncInterval time.Duration `yaml:"sync_interval"`
|
||||
|
||||
// If RegistrationEnabled is set to true, wg-portal will create new users that do not exist in the database.
|
||||
@@ -134,6 +168,7 @@ type OpenIDConnectProvider struct {
|
||||
// DisplayName is shown to the user on the login page. If it is empty, ProviderName will be displayed.
|
||||
DisplayName string `yaml:"display_name"`
|
||||
|
||||
// BaseUrl is the base URL of the OIDC provider.
|
||||
BaseUrl string `yaml:"base_url"`
|
||||
|
||||
// ClientID is the application's ID.
|
||||
@@ -172,8 +207,11 @@ type OAuthProvider struct {
|
||||
// ClientSecret is the application's secret.
|
||||
ClientSecret string `yaml:"client_secret"`
|
||||
|
||||
AuthURL string `yaml:"auth_url"`
|
||||
TokenURL string `yaml:"token_url"`
|
||||
// AuthURL is the URL to request OAuth user authorization.
|
||||
AuthURL string `yaml:"auth_url"`
|
||||
// TokenURL is the URL to request a token.
|
||||
TokenURL string `yaml:"token_url"`
|
||||
// UserInfoURL is the URL to request user information.
|
||||
UserInfoURL string `yaml:"user_info_url"`
|
||||
|
||||
// Scope specifies optional requested permissions.
|
||||
|
||||
@@ -63,6 +63,7 @@ type Config struct {
|
||||
Web WebConfig `yaml:"web"`
|
||||
}
|
||||
|
||||
// LogStartupValues logs the startup values of the configuration in debug level
|
||||
func (c *Config) LogStartupValues() {
|
||||
logrus.Infof("Log Level: %s", c.Advanced.LogLevel)
|
||||
|
||||
@@ -89,6 +90,7 @@ func (c *Config) LogStartupValues() {
|
||||
logrus.Debugf(" - Ldap Providers: %d", len(c.Auth.Ldap))
|
||||
}
|
||||
|
||||
// defaultConfig returns the default configuration
|
||||
func defaultConfig() *Config {
|
||||
cfg := &Config{}
|
||||
|
||||
@@ -155,6 +157,8 @@ func defaultConfig() *Config {
|
||||
return cfg
|
||||
}
|
||||
|
||||
// GetConfig returns the configuration from the config file.
|
||||
// Environment variable substitution is supported.
|
||||
func GetConfig() (*Config, error) {
|
||||
cfg := defaultConfig()
|
||||
|
||||
|
||||
@@ -12,8 +12,14 @@ const (
|
||||
)
|
||||
|
||||
type DatabaseConfig struct {
|
||||
Debug bool `yaml:"debug"`
|
||||
SlowQueryThreshold time.Duration `yaml:"slow_query_threshold"` // 0 means no logging of slow queries
|
||||
Type SupportedDatabase `yaml:"type"`
|
||||
DSN string `yaml:"dsn"` // On SQLite: the database file-path, otherwise the dsn (see: https://gorm.io/docs/connecting_to_the_database.html)
|
||||
// Debug enables logging of all database statements
|
||||
Debug bool `yaml:"debug"`
|
||||
// SlowQueryThreshold enables logging of slow queries which take longer than the specified duration
|
||||
SlowQueryThreshold time.Duration `yaml:"slow_query_threshold"` // 0 means no logging of slow queries
|
||||
// Type is the database type. Supported: mysql, mssql, postgres, sqlite
|
||||
Type SupportedDatabase `yaml:"type"`
|
||||
// DSN is the database connection string.
|
||||
// For SQLite, it is the path to the database file.
|
||||
// For other databases, it is the connection string, see: https://gorm.io/docs/connecting_to_the_database.html
|
||||
DSN string `yaml:"dsn"`
|
||||
}
|
||||
|
||||
@@ -17,14 +17,23 @@ const (
|
||||
)
|
||||
|
||||
type MailConfig struct {
|
||||
Host string `yaml:"host"`
|
||||
Port int `yaml:"port"`
|
||||
Encryption MailEncryption `yaml:"encryption"`
|
||||
CertValidation bool `yaml:"cert_validation"`
|
||||
Username string `yaml:"username"`
|
||||
Password string `yaml:"password"`
|
||||
AuthType MailAuthType `yaml:"auth_type"`
|
||||
// Host is the hostname or IP of the SMTP server
|
||||
Host string `yaml:"host"`
|
||||
// Port is the port number for the SMTP server
|
||||
Port int `yaml:"port"`
|
||||
// Encryption is the SMTP encryption type
|
||||
Encryption MailEncryption `yaml:"encryption"`
|
||||
// CertValidation specifies whether the SMTP server certificate should be validated
|
||||
CertValidation bool `yaml:"cert_validation"`
|
||||
// Username is the optional SMTP username for authentication
|
||||
Username string `yaml:"username"`
|
||||
// Password is the optional SMTP password for authentication
|
||||
Password string `yaml:"password"`
|
||||
// AuthType is the SMTP authentication type
|
||||
AuthType MailAuthType `yaml:"auth_type"`
|
||||
|
||||
From string `yaml:"from"`
|
||||
LinkOnly bool `yaml:"link_only"`
|
||||
// From is the default "From" address when sending emails
|
||||
From string `yaml:"from"`
|
||||
// LinkOnly specifies whether emails should only contain a link to WireGuard Portal or attach the full configuration
|
||||
LinkOnly bool `yaml:"link_only"`
|
||||
}
|
||||
|
||||
@@ -1,14 +1,25 @@
|
||||
package config
|
||||
|
||||
type WebConfig struct {
|
||||
RequestLogging bool `yaml:"request_logging"`
|
||||
ExternalUrl string `yaml:"external_url"`
|
||||
ListeningAddress string `yaml:"listening_address"`
|
||||
// RequestLogging enables logging of all HTTP requests.
|
||||
RequestLogging bool `yaml:"request_logging"`
|
||||
// ExternalUrl is the URL where a client can access WireGuard Portal.
|
||||
// This is used for the callback URL of the OAuth providers.
|
||||
ExternalUrl string `yaml:"external_url"`
|
||||
// ListeningAddress is the address and port for the web server.
|
||||
ListeningAddress string `yaml:"listening_address"`
|
||||
// SessionIdentifier is the session identifier for the web frontend.
|
||||
SessionIdentifier string `yaml:"session_identifier"`
|
||||
SessionSecret string `yaml:"session_secret"`
|
||||
CsrfSecret string `yaml:"csrf_secret"`
|
||||
SiteTitle string `yaml:"site_title"`
|
||||
SiteCompanyName string `yaml:"site_company_name"`
|
||||
CertFile string `yaml:"cert_file"`
|
||||
KeyFile string `yaml:"key_file"`
|
||||
// SessionSecret is the session secret for the web frontend.
|
||||
SessionSecret string `yaml:"session_secret"`
|
||||
// CsrfSecret is the CSRF secret.
|
||||
CsrfSecret string `yaml:"csrf_secret"`
|
||||
// SiteTitle is the title that is shown in the web frontend.
|
||||
SiteTitle string `yaml:"site_title"`
|
||||
// SiteCompanyName is the company name that is shown at the bottom of the web frontend.
|
||||
SiteCompanyName string `yaml:"site_company_name"`
|
||||
// CertFile is the path to the TLS certificate file.
|
||||
CertFile string `yaml:"cert_file"`
|
||||
// KeyFile is the path to the TLS certificate key file.
|
||||
KeyFile string `yaml:"key_file"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user