config.go 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327
  1. package config
  2. import (
  3. "fmt"
  4. )
  5. // ReservedArgumentNamePrefix is reserved for OliveTin-injected system arguments.
  6. const ReservedArgumentNamePrefix = "ot_"
  7. // Action represents the core functionality of OliveTin - commands that show up
  8. // as buttons in the UI.
  9. type Action struct {
  10. ID string `koanf:"id"`
  11. Title string `koanf:"title"`
  12. Icon string `koanf:"icon"`
  13. Shell string `koanf:"shell"`
  14. Exec []string `koanf:"exec"`
  15. ShellAfterCompleted string `koanf:"shellAfterCompleted"`
  16. Timeout int `koanf:"timeout"`
  17. Acls []string `koanf:"acls"`
  18. Entity string `koanf:"entity"`
  19. Hidden bool `koanf:"hidden"`
  20. ExecOnStartup bool `koanf:"execOnStartup"`
  21. ExecOnCron []string `koanf:"execOnCron"`
  22. ExecOnFileCreatedInDir []string `koanf:"execOnFileCreatedInDir"`
  23. ExecOnFileChangedInDir []string `koanf:"execOnFileChangedInDir"`
  24. ExecOnCalendarFile string `koanf:"execOnCalendarFile"`
  25. ExecOnWebhook []WebhookConfig `koanf:"execOnWebhook"`
  26. Triggers []string `koanf:"triggers"`
  27. MaxConcurrent int `koanf:"maxConcurrent"`
  28. MaxRate []RateSpec `koanf:"maxRate"`
  29. Arguments []ActionArgument `koanf:"arguments"`
  30. OnClick string `koanf:"onclick"`
  31. PopupOnStart string `koanf:"popupOnStart"`
  32. SaveLogs SaveLogsConfig `koanf:"saveLogs"`
  33. EnabledExpression string `koanf:"enabledExpression"`
  34. Groups []string `koanf:"groups"`
  35. Justification bool `koanf:"justification"`
  36. }
  37. // ActionGroup defines shared limits and metadata for a set of actions.
  38. type ActionGroup struct {
  39. MaxConcurrent int `koanf:"maxConcurrent"`
  40. QueueSize int `koanf:"queueSize"`
  41. Icon string `koanf:"icon"`
  42. }
  43. // ActionArgument objects appear on Actions.
  44. type ActionArgument struct {
  45. Name string `koanf:"name"`
  46. Title string `koanf:"title"`
  47. Description string `koanf:"description"`
  48. Type string `koanf:"type"`
  49. Default string `koanf:"default"`
  50. Choices []ActionArgumentChoice `koanf:"choices"`
  51. Entity string `koanf:"entity"`
  52. RejectNull bool `koanf:"rejectNull"`
  53. Suggestions map[string]string `koanf:"suggestions"`
  54. SuggestionsBrowserKey string `koanf:"suggestionsBrowserKey"`
  55. }
  56. // ActionArgumentChoice represents a predefined choice for an argument.
  57. type ActionArgumentChoice struct {
  58. Value string `koanf:"value"`
  59. Title string `koanf:"title"`
  60. }
  61. // RateSpec allows you to set a max frequency for an action.
  62. type RateSpec struct {
  63. Limit int `koanf:"limit"`
  64. Duration string `koanf:"duration"`
  65. }
  66. // WebhookConfig defines configuration for generic webhook triggers.
  67. type WebhookConfig struct {
  68. Secret string `koanf:"secret"` // Optional: secret for signature verification
  69. AuthType string `koanf:"authType"` // Optional: "hmac-sha256", "hmac-sha1", "bearer", "basic", "none"
  70. AuthHeader string `koanf:"authHeader"` // Optional: custom header name for auth (default: "X-Webhook-Signature")
  71. MatchHeaders map[string]string `koanf:"matchHeaders"` // Match HTTP headers
  72. MatchPath string `koanf:"matchPath"` // JSONPath expression to match in request body (format: "jsonpath=value" or just "jsonpath")
  73. MatchQuery map[string]string `koanf:"matchQuery"` // Match URL query parameters
  74. Extract map[string]string `koanf:"extract"` // Map action argument names to JSONPath expressions
  75. Template string `koanf:"template"` // Optional: template name (e.g., "github-push", "github-pr")
  76. Justification string `koanf:"justification"` // Optional JSONPath to extract justification from webhook body
  77. }
  78. // Entity represents a "thing" that can have multiple actions associated with it.
  79. // for example, a media player with a start and stop action.
  80. type EntityFile struct {
  81. File string `koanf:"file"`
  82. Name string `koanf:"name"`
  83. Icon string `koanf:"icon"`
  84. }
  85. // PermissionsList defines what users can do with an action.
  86. type PermissionsList struct {
  87. View bool `koanf:"view"`
  88. Exec bool `koanf:"exec"`
  89. Logs bool `koanf:"logs"`
  90. Kill bool `koanf:"kill"`
  91. }
  92. // AccessControlList defines what permissions apply to a user or user group.
  93. type AccessControlList struct {
  94. Name string `koanf:"name"`
  95. AddToEveryAction bool `koanf:"addToEveryAction"`
  96. MatchUsergroups []string `koanf:"matchUsergroups"`
  97. MatchUsernames []string `koanf:"matchUsernames"`
  98. Permissions PermissionsList `koanf:"permissions"`
  99. Policy ConfigurationPolicy `koanf:"policy"`
  100. }
  101. // ConfigurationPolicy defines global settings which are overridden with an ACL.
  102. type ConfigurationPolicy struct {
  103. ShowDiagnostics bool `koanf:"showDiagnostics"`
  104. ShowLogList bool `koanf:"showLogList"`
  105. ShowVersionNumber bool `koanf:"showVersionNumber"`
  106. }
  107. type PrometheusConfig struct {
  108. Enabled bool `koanf:"enabled"`
  109. DefaultGoMetrics bool `koanf:"defaultGoMetrics"`
  110. }
  111. // SecurityConfig allows users to fine tune the security related HTTP headers and cookie options.
  112. type SecurityConfig struct {
  113. HeaderContentSecurityPolicy bool `koanf:"headerContentSecurityPolicy"`
  114. ContentSecurityPolicy string `koanf:"contentSecurityPolicy"`
  115. HeaderXContentTypeOptions bool `koanf:"headerXContentTypeOptions"`
  116. HeaderXFrameOptions bool `koanf:"headerXFrameOptions"`
  117. XFrameOptions string `koanf:"xFrameOptions"`
  118. ForceSecureCookies bool `koanf:"forceSecureCookies"`
  119. }
  120. // Config is the global config used through the whole app.
  121. type Config struct {
  122. UseSingleHTTPFrontend bool `koanf:"useSingleHTTPFrontend"`
  123. ThemeName string `koanf:"themeName"`
  124. ThemeCacheDisabled bool `koanf:"themeCacheDisabled"`
  125. ListenAddressSingleHTTPFrontend string `koanf:"listenAddressSingleHTTPFrontend"`
  126. ListenAddressWebUI string `koanf:"listenAddressWebUI"`
  127. ListenAddressRestActions string `koanf:"listenAddressRestActions"`
  128. ListenAddressPrometheus string `koanf:"listenAddressPrometheus"`
  129. ExternalRestAddress string `koanf:"externalRestAddress"`
  130. LogLevel string `koanf:"logLevel"`
  131. LogDebugOptions LogDebugOptions `koanf:"logDebugOptions"`
  132. LogHistoryPageSize int64 `koanf:"logHistoryPageSize"`
  133. ActionGroups map[string]*ActionGroup `koanf:"actionGroups"`
  134. Actions []*Action `koanf:"actions"`
  135. Entities []*EntityFile `koanf:"entities"`
  136. Dashboards []*DashboardComponent `koanf:"dashboards"`
  137. CheckForUpdates bool `koanf:"checkForUpdates"`
  138. PageTitle string `koanf:"pageTitle"`
  139. ShowFooter bool `koanf:"showFooter"`
  140. ShowNavigation bool `koanf:"showNavigation"`
  141. ShowNewVersions bool `koanf:"showNewVersions"`
  142. ShowNavigateOnStartIcons bool `koanf:"showNavigateOnStartIcons"`
  143. EnableCustomJs bool `koanf:"enableCustomJs"`
  144. AuthJwtCookieName string `koanf:"authJwtCookieName"`
  145. AuthJwtHeader string `koanf:"authJwtHeader"`
  146. AuthJwtAud string `koanf:"authJwtAud"`
  147. AuthJwtDomain string `koanf:"authJwtDomain"`
  148. AuthJwtCertsURL string `koanf:"authJwtCertsUrl"`
  149. AuthJwtHmacSecret string `koanf:"authJwtHmacSecret"` // mutually exclusive with pub key config fields
  150. AuthJwtClaimUsername string `koanf:"authJwtClaimUsername"`
  151. AuthJwtClaimUserGroup string `koanf:"authJwtClaimUserGroup"`
  152. AuthJwtPubKeyPath string `koanf:"authJwtPubKeyPath"` // will read pub key from file on disk
  153. AuthHttpHeaderUsername string `koanf:"authHttpHeaderUsername"`
  154. AuthHttpHeaderUserGroup string `koanf:"authHttpHeaderUserGroup"`
  155. AuthHttpHeaderUserGroupSep string `koanf:"authHttpHeaderUserGroupSep"`
  156. AuthLocalUsers AuthLocalUsersConfig `koanf:"authLocalUsers"`
  157. AuthLoginUrl string `koanf:"authLoginUrl"`
  158. AuthRequireGuestsToLogin bool `koanf:"authRequireGuestsToLogin"`
  159. AuthOAuth2RedirectURL string `koanf:"authOAuth2RedirectUrl"`
  160. AuthOAuth2Providers map[string]*OAuth2Provider `koanf:"authOAuth2Providers"`
  161. DefaultPermissions PermissionsList `koanf:"defaultPermissions"`
  162. DefaultPolicy ConfigurationPolicy `koanf:"defaultPolicy"`
  163. AccessControlLists []*AccessControlList `koanf:"accessControlLists"`
  164. WebUIDir string `koanf:"webUIDir"`
  165. CronSupportForSeconds bool `koanf:"cronSupportForSeconds"`
  166. SectionNavigationStyle string `koanf:"sectionNavigationStyle"`
  167. DefaultOnClick string `koanf:"defaultOnClick"`
  168. DefaultPopupOnStart string `koanf:"defaultPopupOnStart"`
  169. InsecureAllowDumpOAuth2UserData bool `koanf:"insecureAllowDumpOAuth2UserData"`
  170. InsecureAllowDumpVars bool `koanf:"insecureAllowDumpVars"`
  171. InsecureAllowDumpSos bool `koanf:"insecureAllowDumpSos"`
  172. InsecureAllowDumpActionMap bool `koanf:"insecureAllowDumpActionMap"`
  173. InsecureAllowDumpJwtClaims bool `koanf:"insecureAllowDumpJwtClaims"`
  174. Prometheus PrometheusConfig `koanf:"prometheus"`
  175. Security SecurityConfig `koanf:"security"`
  176. SaveLogs SaveLogsConfig `koanf:"saveLogs"`
  177. ServiceLogs ServiceLogsConfig `koanf:"serviceLogs"`
  178. DefaultIconForActions string `koanf:"defaultIconForActions"`
  179. DefaultIconForDirectories string `koanf:"defaultIconForDirectories"`
  180. DefaultIconForBack string `koanf:"defaultIconForBack"`
  181. AdditionalNavigationLinks []*NavigationLink `koanf:"additionalNavigationLinks"`
  182. ServiceHostMode string `koanf:"serviceHostMode"`
  183. StyleMods []string `koanf:"styleMods"`
  184. BannerMessage string `koanf:"bannerMessage"`
  185. BannerCSS string `koanf:"bannerCss"`
  186. Include string `koanf:"include"`
  187. sourceFiles []string
  188. }
  189. type AuthLocalUsersConfig struct {
  190. Enabled bool `koanf:"enabled"`
  191. Users []*LocalUser `koanf:"users"`
  192. }
  193. type LocalUser struct {
  194. Username string `koanf:"username"`
  195. Usergroup string `koanf:"usergroup"`
  196. Password string `koanf:"password"`
  197. ApiKey string `koanf:"apiKey"`
  198. }
  199. type OAuth2Provider struct {
  200. Name string `koanf:"name"`
  201. Title string `koanf:"title"`
  202. ClientID string `koanf:"clientId"`
  203. ClientSecret string `koanf:"clientSecret"`
  204. Icon string `koanf:"icon"`
  205. Scopes []string `koanf:"scopes"`
  206. AuthUrl string `koanf:"authUrl"`
  207. TokenUrl string `koanf:"tokenUrl"`
  208. WhoamiUrl string `koanf:"whoamiUrl"`
  209. UsernameField string `koanf:"usernameField"`
  210. UserGroupField string `koanf:"userGroupField"`
  211. InsecureSkipVerify bool `koanf:"insecureSkipVerify"`
  212. CallbackTimeout int `koanf:"callbackTimeout"`
  213. CertBundlePath string `koanf:"certBundlePath"`
  214. AddToUsergroup string `koanf:"addToUsergroup"`
  215. }
  216. type NavigationLink struct {
  217. Title string `koanf:"title"`
  218. Url string `koanf:"url"`
  219. Target string `koanf:"target"`
  220. }
  221. type SaveLogsConfig struct {
  222. ResultsDirectory string `koanf:"resultsDirectory"`
  223. OutputDirectory string `koanf:"outputDirectory"`
  224. }
  225. type ServiceLogsConfig struct {
  226. Directory string `koanf:"directory"`
  227. }
  228. type LogDebugOptions struct {
  229. SingleFrontendRequests bool `koanf:"singleFrontendRequests"`
  230. SingleFrontendRequestHeaders bool `koanf:"singleFrontendRequestHeaders"`
  231. AclCheckStarted bool `koanf:"aclCheckStarted"`
  232. AclMatched bool `koanf:"aclMatched"`
  233. AclNotMatched bool `koanf:"aclNotMatched"`
  234. AclNoneMatched bool `koanf:"aclNoneMatched"`
  235. }
  236. type DashboardComponent struct {
  237. Title string `koanf:"title"`
  238. Type string `koanf:"type"`
  239. Entity string `koanf:"entity"`
  240. Icon string `koanf:"icon"`
  241. CssClass string `koanf:"cssClass"`
  242. InlineAction *Action `koanf:"inlineAction"`
  243. Contents []*DashboardComponent `koanf:"contents"`
  244. }
  245. func DefaultConfig() *Config {
  246. return DefaultConfigWithBasePort(1337)
  247. }
  248. // DefaultConfig gets a new Config structure with sensible default values.
  249. func DefaultConfigWithBasePort(basePort int) *Config {
  250. config := Config{}
  251. config.UseSingleHTTPFrontend = true
  252. config.PageTitle = "OliveTin"
  253. config.ShowFooter = true
  254. config.ShowNavigation = true
  255. config.ShowNewVersions = true
  256. config.ShowNavigateOnStartIcons = true
  257. config.EnableCustomJs = false
  258. config.ExternalRestAddress = "."
  259. config.LogLevel = "INFO"
  260. config.LogHistoryPageSize = 10
  261. config.CheckForUpdates = false
  262. config.DefaultPermissions.Exec = true
  263. config.DefaultPermissions.View = true
  264. config.DefaultPermissions.Logs = true
  265. config.DefaultPermissions.Kill = true
  266. config.AuthJwtClaimUsername = "name"
  267. config.AuthJwtClaimUserGroup = "group"
  268. config.AuthRequireGuestsToLogin = false
  269. config.WebUIDir = "./webui"
  270. config.CronSupportForSeconds = false
  271. config.SectionNavigationStyle = "sidebar"
  272. config.DefaultOnClick = "nothing"
  273. config.DefaultPopupOnStart = "nothing"
  274. config.InsecureAllowDumpVars = false
  275. config.InsecureAllowDumpSos = false
  276. config.InsecureAllowDumpActionMap = false
  277. config.InsecureAllowDumpJwtClaims = false
  278. config.Prometheus.Enabled = false
  279. config.Prometheus.DefaultGoMetrics = false
  280. config.Security.HeaderContentSecurityPolicy = true
  281. config.Security.ContentSecurityPolicy = ContentSecurityPolicyDefault
  282. config.Security.HeaderXContentTypeOptions = true
  283. config.Security.HeaderXFrameOptions = true
  284. config.Security.XFrameOptions = "DENY"
  285. config.DefaultIconForActions = "hugeicons:CommandLineIcon"
  286. config.DefaultIconForDirectories = "&#128193"
  287. config.DefaultIconForBack = "«"
  288. config.ThemeCacheDisabled = false
  289. config.ServiceHostMode = ""
  290. config.ListenAddressSingleHTTPFrontend = fmt.Sprintf("0.0.0.0:%d", basePort)
  291. config.ListenAddressRestActions = fmt.Sprintf("localhost:%d", basePort+1)
  292. config.ListenAddressWebUI = fmt.Sprintf("localhost:%d", basePort+3)
  293. config.ListenAddressPrometheus = fmt.Sprintf("localhost:%d", basePort+4)
  294. config.DefaultPolicy.ShowDiagnostics = true
  295. config.DefaultPolicy.ShowLogList = true
  296. config.DefaultPolicy.ShowVersionNumber = true
  297. return &config
  298. }