config.go 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308
  1. package config
  2. import (
  3. "fmt"
  4. )
  5. // ReservedArgumentNamePrefix is reserved for OliveTin-injected system arguments.
  6. const ReservedArgumentNamePrefix = "ot_"
  7. // Action represents the core functionality of OliveTin - commands that show up
  8. // as buttons in the UI.
  9. type Action struct {
  10. ID string `koanf:"id"`
  11. Title string `koanf:"title"`
  12. Icon string `koanf:"icon"`
  13. Shell string `koanf:"shell"`
  14. Exec []string `koanf:"exec"`
  15. ShellAfterCompleted string `koanf:"shellAfterCompleted"`
  16. Timeout int `koanf:"timeout"`
  17. Acls []string `koanf:"acls"`
  18. Entity string `koanf:"entity"`
  19. Hidden bool `koanf:"hidden"`
  20. ExecOnStartup bool `koanf:"execOnStartup"`
  21. ExecOnCron []string `koanf:"execOnCron"`
  22. ExecOnFileCreatedInDir []string `koanf:"execOnFileCreatedInDir"`
  23. ExecOnFileChangedInDir []string `koanf:"execOnFileChangedInDir"`
  24. ExecOnCalendarFile string `koanf:"execOnCalendarFile"`
  25. ExecOnWebhook []WebhookConfig `koanf:"execOnWebhook"`
  26. Triggers []string `koanf:"triggers"`
  27. MaxConcurrent int `koanf:"maxConcurrent"`
  28. MaxRate []RateSpec `koanf:"maxRate"`
  29. Arguments []ActionArgument `koanf:"arguments"`
  30. PopupOnStart string `koanf:"popupOnStart"`
  31. SaveLogs SaveLogsConfig `koanf:"saveLogs"`
  32. EnabledExpression string `koanf:"enabledExpression"`
  33. }
  34. // ActionArgument objects appear on Actions.
  35. type ActionArgument struct {
  36. Name string `koanf:"name"`
  37. Title string `koanf:"title"`
  38. Description string `koanf:"description"`
  39. Type string `koanf:"type"`
  40. Default string `koanf:"default"`
  41. Choices []ActionArgumentChoice `koanf:"choices"`
  42. Entity string `koanf:"entity"`
  43. RejectNull bool `koanf:"rejectNull"`
  44. Suggestions map[string]string `koanf:"suggestions"`
  45. SuggestionsBrowserKey string `koanf:"suggestionsBrowserKey"`
  46. }
  47. // ActionArgumentChoice represents a predefined choice for an argument.
  48. type ActionArgumentChoice struct {
  49. Value string `koanf:"value"`
  50. Title string `koanf:"title"`
  51. }
  52. // RateSpec allows you to set a max frequency for an action.
  53. type RateSpec struct {
  54. Limit int `koanf:"limit"`
  55. Duration string `koanf:"duration"`
  56. }
  57. // WebhookConfig defines configuration for generic webhook triggers.
  58. type WebhookConfig struct {
  59. Secret string `koanf:"secret"` // Optional: secret for signature verification
  60. AuthType string `koanf:"authType"` // Optional: "hmac-sha256", "hmac-sha1", "bearer", "basic", "none"
  61. AuthHeader string `koanf:"authHeader"` // Optional: custom header name for auth (default: "X-Webhook-Signature")
  62. MatchHeaders map[string]string `koanf:"matchHeaders"` // Match HTTP headers
  63. MatchPath string `koanf:"matchPath"` // JSONPath expression to match in request body (format: "jsonpath=value" or just "jsonpath")
  64. MatchQuery map[string]string `koanf:"matchQuery"` // Match URL query parameters
  65. Extract map[string]string `koanf:"extract"` // Map action argument names to JSONPath expressions
  66. Template string `koanf:"template"` // Optional: template name (e.g., "github-push", "github-pr")
  67. }
  68. // Entity represents a "thing" that can have multiple actions associated with it.
  69. // for example, a media player with a start and stop action.
  70. type EntityFile struct {
  71. File string `koanf:"file"`
  72. Name string `koanf:"name"`
  73. Icon string `koanf:"icon"`
  74. }
  75. // PermissionsList defines what users can do with an action.
  76. type PermissionsList struct {
  77. View bool `koanf:"view"`
  78. Exec bool `koanf:"exec"`
  79. Logs bool `koanf:"logs"`
  80. Kill bool `koanf:"kill"`
  81. }
  82. // AccessControlList defines what permissions apply to a user or user group.
  83. type AccessControlList struct {
  84. Name string `koanf:"name"`
  85. AddToEveryAction bool `koanf:"addToEveryAction"`
  86. MatchUsergroups []string `koanf:"matchUsergroups"`
  87. MatchUsernames []string `koanf:"matchUsernames"`
  88. Permissions PermissionsList `koanf:"permissions"`
  89. Policy ConfigurationPolicy `koanf:"policy"`
  90. }
  91. // ConfigurationPolicy defines global settings which are overridden with an ACL.
  92. type ConfigurationPolicy struct {
  93. ShowDiagnostics bool `koanf:"showDiagnostics"`
  94. ShowLogList bool `koanf:"showLogList"`
  95. ShowVersionNumber bool `koanf:"showVersionNumber"`
  96. }
  97. type PrometheusConfig struct {
  98. Enabled bool `koanf:"enabled"`
  99. DefaultGoMetrics bool `koanf:"defaultGoMetrics"`
  100. }
  101. // SecurityConfig allows users to fine tune the security related HTTP headers and cookie options.
  102. type SecurityConfig struct {
  103. HeaderContentSecurityPolicy bool `koanf:"headerContentSecurityPolicy"`
  104. ContentSecurityPolicy string `koanf:"contentSecurityPolicy"`
  105. HeaderXContentTypeOptions bool `koanf:"headerXContentTypeOptions"`
  106. HeaderXFrameOptions bool `koanf:"headerXFrameOptions"`
  107. XFrameOptions string `koanf:"xFrameOptions"`
  108. ForceSecureCookies bool `koanf:"forceSecureCookies"`
  109. }
  110. // Config is the global config used through the whole app.
  111. type Config struct {
  112. UseSingleHTTPFrontend bool `koanf:"useSingleHTTPFrontend"`
  113. ThemeName string `koanf:"themeName"`
  114. ThemeCacheDisabled bool `koanf:"themeCacheDisabled"`
  115. ListenAddressSingleHTTPFrontend string `koanf:"listenAddressSingleHTTPFrontend"`
  116. ListenAddressWebUI string `koanf:"listenAddressWebUI"`
  117. ListenAddressRestActions string `koanf:"listenAddressRestActions"`
  118. ListenAddressPrometheus string `koanf:"listenAddressPrometheus"`
  119. ExternalRestAddress string `koanf:"externalRestAddress"`
  120. LogLevel string `koanf:"logLevel"`
  121. LogDebugOptions LogDebugOptions `koanf:"logDebugOptions"`
  122. LogHistoryPageSize int64 `koanf:"logHistoryPageSize"`
  123. Actions []*Action `koanf:"actions"`
  124. Entities []*EntityFile `koanf:"entities"`
  125. Dashboards []*DashboardComponent `koanf:"dashboards"`
  126. CheckForUpdates bool `koanf:"checkForUpdates"`
  127. PageTitle string `koanf:"pageTitle"`
  128. ShowFooter bool `koanf:"showFooter"`
  129. ShowNavigation bool `koanf:"showNavigation"`
  130. ShowNewVersions bool `koanf:"showNewVersions"`
  131. ShowNavigateOnStartIcons bool `koanf:"showNavigateOnStartIcons"`
  132. EnableCustomJs bool `koanf:"enableCustomJs"`
  133. AuthJwtCookieName string `koanf:"authJwtCookieName"`
  134. AuthJwtHeader string `koanf:"authJwtHeader"`
  135. AuthJwtAud string `koanf:"authJwtAud"`
  136. AuthJwtDomain string `koanf:"authJwtDomain"`
  137. AuthJwtCertsURL string `koanf:"authJwtCertsUrl"`
  138. AuthJwtHmacSecret string `koanf:"authJwtHmacSecret"` // mutually exclusive with pub key config fields
  139. AuthJwtClaimUsername string `koanf:"authJwtClaimUsername"`
  140. AuthJwtClaimUserGroup string `koanf:"authJwtClaimUserGroup"`
  141. AuthJwtPubKeyPath string `koanf:"authJwtPubKeyPath"` // will read pub key from file on disk
  142. AuthHttpHeaderUsername string `koanf:"authHttpHeaderUsername"`
  143. AuthHttpHeaderUserGroup string `koanf:"authHttpHeaderUserGroup"`
  144. AuthHttpHeaderUserGroupSep string `koanf:"authHttpHeaderUserGroupSep"`
  145. AuthLocalUsers AuthLocalUsersConfig `koanf:"authLocalUsers"`
  146. AuthLoginUrl string `koanf:"authLoginUrl"`
  147. AuthRequireGuestsToLogin bool `koanf:"authRequireGuestsToLogin"`
  148. AuthOAuth2RedirectURL string `koanf:"authOAuth2RedirectUrl"`
  149. AuthOAuth2Providers map[string]*OAuth2Provider `koanf:"authOAuth2Providers"`
  150. DefaultPermissions PermissionsList `koanf:"defaultPermissions"`
  151. DefaultPolicy ConfigurationPolicy `koanf:"defaultPolicy"`
  152. AccessControlLists []*AccessControlList `koanf:"accessControlLists"`
  153. WebUIDir string `koanf:"webUIDir"`
  154. CronSupportForSeconds bool `koanf:"cronSupportForSeconds"`
  155. SectionNavigationStyle string `koanf:"sectionNavigationStyle"`
  156. DefaultPopupOnStart string `koanf:"defaultPopupOnStart"`
  157. InsecureAllowDumpOAuth2UserData bool `koanf:"insecureAllowDumpOAuth2UserData"`
  158. InsecureAllowDumpVars bool `koanf:"insecureAllowDumpVars"`
  159. InsecureAllowDumpSos bool `koanf:"insecureAllowDumpSos"`
  160. InsecureAllowDumpActionMap bool `koanf:"insecureAllowDumpActionMap"`
  161. InsecureAllowDumpJwtClaims bool `koanf:"insecureAllowDumpJwtClaims"`
  162. Prometheus PrometheusConfig `koanf:"prometheus"`
  163. Security SecurityConfig `koanf:"security"`
  164. SaveLogs SaveLogsConfig `koanf:"saveLogs"`
  165. DefaultIconForActions string `koanf:"defaultIconForActions"`
  166. DefaultIconForDirectories string `koanf:"defaultIconForDirectories"`
  167. DefaultIconForBack string `koanf:"defaultIconForBack"`
  168. AdditionalNavigationLinks []*NavigationLink `koanf:"additionalNavigationLinks"`
  169. ServiceHostMode string `koanf:"serviceHostMode"`
  170. StyleMods []string `koanf:"styleMods"`
  171. BannerMessage string `koanf:"bannerMessage"`
  172. BannerCSS string `koanf:"bannerCss"`
  173. Include string `koanf:"include"`
  174. sourceFiles []string
  175. }
  176. type AuthLocalUsersConfig struct {
  177. Enabled bool `koanf:"enabled"`
  178. Users []*LocalUser `koanf:"users"`
  179. }
  180. type LocalUser struct {
  181. Username string `koanf:"username"`
  182. Usergroup string `koanf:"usergroup"`
  183. Password string `koanf:"password"`
  184. ApiKey string `koanf:"apiKey"`
  185. }
  186. type OAuth2Provider struct {
  187. Name string `koanf:"name"`
  188. Title string `koanf:"title"`
  189. ClientID string `koanf:"clientId"`
  190. ClientSecret string `koanf:"clientSecret"`
  191. Icon string `koanf:"icon"`
  192. Scopes []string `koanf:"scopes"`
  193. AuthUrl string `koanf:"authUrl"`
  194. TokenUrl string `koanf:"tokenUrl"`
  195. WhoamiUrl string `koanf:"whoamiUrl"`
  196. UsernameField string `koanf:"usernameField"`
  197. UserGroupField string `koanf:"userGroupField"`
  198. InsecureSkipVerify bool `koanf:"insecureSkipVerify"`
  199. CallbackTimeout int `koanf:"callbackTimeout"`
  200. CertBundlePath string `koanf:"certBundlePath"`
  201. AddToUsergroup string `koanf:"addToUsergroup"`
  202. }
  203. type NavigationLink struct {
  204. Title string `koanf:"title"`
  205. Url string `koanf:"url"`
  206. Target string `koanf:"target"`
  207. }
  208. type SaveLogsConfig struct {
  209. ResultsDirectory string `koanf:"resultsDirectory"`
  210. OutputDirectory string `koanf:"outputDirectory"`
  211. }
  212. type LogDebugOptions struct {
  213. SingleFrontendRequests bool `koanf:"singleFrontendRequests"`
  214. SingleFrontendRequestHeaders bool `koanf:"singleFrontendRequestHeaders"`
  215. AclCheckStarted bool `koanf:"aclCheckStarted"`
  216. AclMatched bool `koanf:"aclMatched"`
  217. AclNotMatched bool `koanf:"aclNotMatched"`
  218. AclNoneMatched bool `koanf:"aclNoneMatched"`
  219. }
  220. type DashboardComponent struct {
  221. Title string `koanf:"title"`
  222. Type string `koanf:"type"`
  223. Entity string `koanf:"entity"`
  224. Icon string `koanf:"icon"`
  225. CssClass string `koanf:"cssClass"`
  226. InlineAction *Action `koanf:"inlineAction"`
  227. Contents []*DashboardComponent `koanf:"contents"`
  228. }
  229. func DefaultConfig() *Config {
  230. return DefaultConfigWithBasePort(1337)
  231. }
  232. // DefaultConfig gets a new Config structure with sensible default values.
  233. func DefaultConfigWithBasePort(basePort int) *Config {
  234. config := Config{}
  235. config.UseSingleHTTPFrontend = true
  236. config.PageTitle = "OliveTin"
  237. config.ShowFooter = true
  238. config.ShowNavigation = true
  239. config.ShowNewVersions = true
  240. config.ShowNavigateOnStartIcons = true
  241. config.EnableCustomJs = false
  242. config.ExternalRestAddress = "."
  243. config.LogLevel = "INFO"
  244. config.LogHistoryPageSize = 10
  245. config.CheckForUpdates = false
  246. config.DefaultPermissions.Exec = true
  247. config.DefaultPermissions.View = true
  248. config.DefaultPermissions.Logs = true
  249. config.DefaultPermissions.Kill = true
  250. config.AuthJwtClaimUsername = "name"
  251. config.AuthJwtClaimUserGroup = "group"
  252. config.AuthRequireGuestsToLogin = false
  253. config.WebUIDir = "./webui"
  254. config.CronSupportForSeconds = false
  255. config.SectionNavigationStyle = "sidebar"
  256. config.DefaultPopupOnStart = "nothing"
  257. config.InsecureAllowDumpVars = false
  258. config.InsecureAllowDumpSos = false
  259. config.InsecureAllowDumpActionMap = false
  260. config.InsecureAllowDumpJwtClaims = false
  261. config.Prometheus.Enabled = false
  262. config.Prometheus.DefaultGoMetrics = false
  263. config.Security.HeaderContentSecurityPolicy = true
  264. config.Security.ContentSecurityPolicy = ContentSecurityPolicyDefault
  265. config.Security.HeaderXContentTypeOptions = true
  266. config.Security.HeaderXFrameOptions = true
  267. config.Security.XFrameOptions = "DENY"
  268. config.DefaultIconForActions = "hugeicons:CommandLineIcon"
  269. config.DefaultIconForDirectories = "&#128193"
  270. config.DefaultIconForBack = "«"
  271. config.ThemeCacheDisabled = false
  272. config.ServiceHostMode = ""
  273. config.ListenAddressSingleHTTPFrontend = fmt.Sprintf("0.0.0.0:%d", basePort)
  274. config.ListenAddressRestActions = fmt.Sprintf("localhost:%d", basePort+1)
  275. config.ListenAddressWebUI = fmt.Sprintf("localhost:%d", basePort+3)
  276. config.ListenAddressPrometheus = fmt.Sprintf("localhost:%d", basePort+4)
  277. config.DefaultPolicy.ShowDiagnostics = true
  278. config.DefaultPolicy.ShowLogList = true
  279. config.DefaultPolicy.ShowVersionNumber = true
  280. return &config
  281. }