feat: add experimental config file support

2025-12-21 23:52:29 +00:00 · 2025-12-21 11:21:11 +02:00
parent 0374370b0c
commit c4529be557
10 changed files with 215 additions and 103 deletions
--- a/config.example.yaml
+++ b/config.example.yaml
@@ -0,0 +1,88 @@
+# Tinyauth Example Configuration
+
+# The base URL where Tinyauth is accessible
+appUrl: "https://auth.example.com"
+# Log level: trace, debug, info, warn, error
+logLevel: "info"
+# Directory for static resources
+resourcesDir: "./resources"
+# Path to SQLite database file
+databasePath: "./tinyauth.db"
+# Disable usage analytics
+disableAnalytics: false
+# Disable static resource serving
+disableResources: false
+# Disable UI warning messages
+disableUIWarnings: false
+# Enable JSON formatted logs
+logJSON: false
+
+# Server Configuration
+server:
+  # Port to listen on
+  port: 3000
+  # Interface to bind to (0.0.0.0 for all interfaces)
+  address: "0.0.0.0"
+  # Unix socket path (optional, overrides port/address if set)
+  socketPath: ""
+  # Comma-separated list of trusted proxy IPs/CIDRs
+  trustedProxies: ""
+
+# Authentication Configuration
+auth:
+  # Format: username:bcrypt_hash (use bcrypt to generate hash)
+  users: "admin:$2a$10$example_bcrypt_hash_here"
+  # Path to external users file (optional)
+  usersFile: ""
+  # Enable secure cookies (requires HTTPS)
+  secureCookie: false
+  # Session expiry in seconds (3600 = 1 hour)
+  sessionExpiry: 3600
+  # Login timeout in seconds (300 = 5 minutes)
+  loginTimeout: 300
+  # Maximum login retries before lockout
+  loginMaxRetries: 3
+
+# OAuth Configuration
+oauth:
+  # Regex pattern for allowed email addresses (e.g., /@example\.com$/)
+  whitelist: ""
+  # Provider ID to auto-redirect to (skips login page)
+  autoRedirect: ""
+  # OAuth Provider Configuration (replace myprovider with your provider name)
+  providers:
+    myprovider:
+      clientId: "your_client_id_here"
+      clientSecret: "your_client_secret_here"
+      authUrl: "https://provider.example.com/oauth/authorize"
+      tokenUrl: "https://provider.example.com/oauth/token"
+      userInfoUrl: "https://provider.example.com/oauth/userinfo"
+      redirectUrl: "https://auth.example.com/api/oauth/callback/myprovider"
+      scopes: "openid email profile"
+      name: "My OAuth Provider"
+      # Allow insecure connections (self-signed certificates)
+      insecure: false
+
+# UI Customization
+ui:
+  # Custom title for login page
+  title: "Tinyauth"
+  # Message shown on forgot password page
+  forgotPasswordMessage: "Contact your administrator to reset your password"
+  # Background image URL for login page
+  backgroundImage: ""
+
+# LDAP Configuration (optional)
+ldap:
+  # LDAP server address
+  address: "ldap://ldap.example.com:389"
+  # DN for binding to LDAP server
+  bindDn: "cn=readonly,dc=example,dc=com"
+  # Password for bind DN
+  bindPassword: "your_bind_password"
+  # Base DN for user searches
+  baseDn: "dc=example,dc=com"
+  # Search filter (%s will be replaced with username)
+  searchFilter: "(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
+  # Allow insecure LDAP connections
+  insecure: false