Files
Курнат Андрей 2315f25754 Initial QSfera import
2026-06-07 10:20:04 +03:00

161 lines
5.0 KiB
Go

package defaults
import (
"net/http"
"path/filepath"
"strings"
"github.com/qsfera/server/pkg/config/defaults"
"github.com/qsfera/server/pkg/shared"
"github.com/qsfera/server/pkg/structs"
"github.com/qsfera/server/services/idp/pkg/config"
)
// FullDefaultConfig returns a fully initialized default configuration
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
// DefaultConfig returns a basic default configuration
func DefaultConfig() *config.Config {
return &config.Config{
Debug: config.Debug{
Addr: "127.0.0.1:9134",
},
HTTP: config.HTTP{
Addr: "127.0.0.1:9130",
Root: "/",
Namespace: "qsfera.web",
TLSCert: filepath.Join(defaults.BaseDataPath(), "idp", "server.crt"),
TLSKey: filepath.Join(defaults.BaseDataPath(), "idp", "server.key"),
TLS: false,
},
Reva: shared.DefaultRevaConfig(),
Service: config.Service{
Name: "idp",
},
IDP: config.Settings{
Iss: "https://localhost:9200",
IdentityManager: "ldap",
URIBasePath: "",
SignInURI: "",
SignedOutURI: "",
AuthorizationEndpointURI: "",
EndsessionEndpointURI: "",
Insecure: false,
TrustedProxy: nil,
AllowScope: nil,
AllowClientGuests: false,
AllowDynamicClientRegistration: false,
EncryptionSecretFile: filepath.Join(defaults.BaseDataPath(), "idp", "encryption.key"),
Listen: "",
IdentifierClientDisabled: true,
IdentifierClientPath: filepath.Join(defaults.BaseDataPath(), "idp"),
IdentifierRegistrationConf: filepath.Join(defaults.BaseDataPath(), "idp", "tmp", "identifier-registration.yaml"),
IdentifierScopesConf: "",
IdentifierDefaultBannerLogo: "",
IdentifierDefaultSignInPageText: "",
IdentifierDefaultLogoTargetURI: "",
IdentifierDefaultUsernameHintText: "",
SigningKid: "private-key",
SigningMethod: "PS256",
SigningPrivateKeyFiles: []string{filepath.Join(defaults.BaseDataPath(), "idp", "private-key.pem")},
ValidationKeysPath: "",
CookieBackendURI: "",
CookieNames: nil,
CookieSameSite: http.SameSiteStrictMode,
AccessTokenDurationSeconds: 60 * 5, // 5 minutes
IDTokenDurationSeconds: 60 * 5, // 5 minutes
RefreshTokenDurationSeconds: 60 * 60 * 24 * 30, // 30 days
DynamicClientSecretDurationSeconds: 0,
},
Clients: []config.Client{
{
ID: "web",
Name: "КуСфера Web App",
Trusted: true,
RedirectURIs: []string{
"{{OC_URL}}/",
"{{OC_URL}}/oidc-callback.html",
"{{OC_URL}}/oidc-silent-redirect.html",
},
Origins: []string{
"{{OC_URL}}",
},
},
{
ID: "QsferaDesktop",
Name: "КуСфера Desktop Client",
ApplicationType: "native",
RedirectURIs: []string{
"http://127.0.0.1",
"http://localhost",
},
},
{
ID: "QsferaAndroid",
Name: "КуСфера Android App",
ApplicationType: "native",
RedirectURIs: []string{
"oc://android.qsfera.eu",
},
PostLogoutRedirectURIs: []string{
"oc://android.qsfera.eu",
},
},
{
ID: "QsferaIOS",
Name: "КуСфера iOS App",
ApplicationType: "native",
RedirectURIs: []string{
"oc://ios.qsfera.eu",
},
PostLogoutRedirectURIs: []string{
"oc://ios.qsfera.eu",
},
},
},
Ldap: config.Ldap{
URI: "ldaps://localhost:9235",
TLSCACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
BindDN: "uid=idp,ou=sysusers,o=libregraph-idm",
BaseDN: "ou=users,o=libregraph-idm",
Scope: "sub",
LoginAttribute: "uid",
EmailAttribute: "mail",
NameAttribute: "displayName",
UUIDAttribute: "qsferaUUID",
UUIDAttributeType: "text",
Filter: "",
ObjectClass: "inetOrgPerson",
UserEnabledAttribute: "qsferaUserEnabled",
},
}
}
// EnsureDefaults adds default values to the configuration if they are not set yet
func EnsureDefaults(cfg *config.Config) {
if cfg.LogLevel == "" {
cfg.LogLevel = "error"
}
if cfg.Reva == nil && cfg.Commons != nil {
cfg.Reva = structs.CopyOrZeroValue(cfg.Commons.Reva)
}
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
}
// Sanitize sanitizes the configuration
func Sanitize(cfg *config.Config) {
// sanitize config
if cfg.HTTP.Root != "/" {
cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
}
}