83 lines
2.2 KiB
Go
83 lines
2.2 KiB
Go
package config
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
)
|
|
|
|
// SecurityConfig holds security-related configuration
|
|
type SecurityConfig struct {
|
|
// AllowedOrigins lists the allowed origins for WebSocket connections
|
|
// Empty list defaults to localhost-only in production mode
|
|
AllowedOrigins []string `yaml:"allowed_origins"`
|
|
|
|
// ProductionMode enables strict security checks
|
|
ProductionMode bool `yaml:"production_mode"`
|
|
|
|
// APIKeyRotationDays is the number of days before API keys should be rotated
|
|
APIKeyRotationDays int `yaml:"api_key_rotation_days"`
|
|
|
|
// AuditLogging configuration
|
|
AuditLogging AuditLoggingConfig `yaml:"audit_logging"`
|
|
|
|
// IPWhitelist for additional connection filtering
|
|
IPWhitelist []string `yaml:"ip_whitelist"`
|
|
}
|
|
|
|
// AuditLoggingConfig holds audit logging configuration
|
|
type AuditLoggingConfig struct {
|
|
Enabled bool `yaml:"enabled"`
|
|
LogPath string `yaml:"log_path"`
|
|
}
|
|
|
|
// MonitoringConfig holds monitoring-related configuration
|
|
type MonitoringConfig struct {
|
|
Prometheus PrometheusConfig `yaml:"prometheus"`
|
|
HealthChecks HealthChecksConfig `yaml:"health_checks"`
|
|
}
|
|
|
|
// PrometheusConfig holds Prometheus metrics configuration
|
|
type PrometheusConfig struct {
|
|
Enabled bool `yaml:"enabled"`
|
|
Port int `yaml:"port"`
|
|
Path string `yaml:"path"`
|
|
}
|
|
|
|
// HealthChecksConfig holds health check configuration
|
|
type HealthChecksConfig struct {
|
|
Enabled bool `yaml:"enabled"`
|
|
Interval time.Duration `yaml:"interval"`
|
|
}
|
|
|
|
// Validate validates the security configuration
|
|
func (s *SecurityConfig) Validate() error {
|
|
if s.ProductionMode {
|
|
if len(s.AllowedOrigins) == 0 {
|
|
return fmt.Errorf("production_mode requires at least one allowed_origin")
|
|
}
|
|
}
|
|
|
|
if s.APIKeyRotationDays < 0 {
|
|
return fmt.Errorf("api_key_rotation_days must be positive")
|
|
}
|
|
|
|
if s.AuditLogging.Enabled && s.AuditLogging.LogPath == "" {
|
|
return fmt.Errorf("audit_logging enabled but log_path not set")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Validate validates the monitoring configuration
|
|
func (m *MonitoringConfig) Validate() error {
|
|
if m.Prometheus.Enabled {
|
|
if m.Prometheus.Port <= 0 || m.Prometheus.Port > 65535 {
|
|
return fmt.Errorf("prometheus port must be between 1 and 65535")
|
|
}
|
|
if m.Prometheus.Path == "" {
|
|
m.Prometheus.Path = "/metrics" // Default
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|