feat: add initial implementation of a traefik like cli

2025-12-19 14:42:27 +00:00 · 2025-12-17 16:40:54 +02:00
parent 3555569a97
commit e4e99f4805
16 changed files with 1105 additions and 713 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -15,34 +15,55 @@ var RedirectCookieName = "tinyauth-redirect"
 // Main app config

 type Config struct {
-	Port                  int    `mapstructure:"port" validate:"required"`
-	Address               string `validate:"required,ip4_addr" mapstructure:"address"`
-	AppURL                string `validate:"required,url" mapstructure:"app-url"`
-	Users                 string `mapstructure:"users"`
-	UsersFile             string `mapstructure:"users-file"`
-	SecureCookie          bool   `mapstructure:"secure-cookie"`
-	OAuthWhitelist        string `mapstructure:"oauth-whitelist"`
-	OAuthAutoRedirect     string `mapstructure:"oauth-auto-redirect"`
-	SessionExpiry         int    `mapstructure:"session-expiry"`
-	LogLevel              string `mapstructure:"log-level" validate:"oneof=trace debug info warn error fatal panic"`
-	Title                 string `mapstructure:"app-title"`
-	LoginTimeout          int    `mapstructure:"login-timeout"`
-	LoginMaxRetries       int    `mapstructure:"login-max-retries"`
-	ForgotPasswordMessage string `mapstructure:"forgot-password-message"`
-	BackgroundImage       string `mapstructure:"background-image" validate:"required"`
-	LdapAddress           string `mapstructure:"ldap-address"`
-	LdapBindDN            string `mapstructure:"ldap-bind-dn"`
-	LdapBindPassword      string `mapstructure:"ldap-bind-password"`
-	LdapBaseDN            string `mapstructure:"ldap-base-dn"`
-	LdapInsecure          bool   `mapstructure:"ldap-insecure"`
-	LdapSearchFilter      string `mapstructure:"ldap-search-filter"`
-	ResourcesDir          string `mapstructure:"resources-dir"`
-	DatabasePath          string `mapstructure:"database-path"`
-	TrustedProxies        string `mapstructure:"trusted-proxies"`
-	DisableAnalytics      bool   `mapstructure:"disable-analytics"`
-	DisableResources      bool   `mapstructure:"disable-resources"`
-	DisableUIWarnings     bool   `mapstructure:"disable-ui-warnings"`
-	SocketPath            string `mapstructure:"socket-path"`
+	AppURL            string `description:"The base URL where the app is hosted."`
+	LogLevel          string `description:"Log level (trace, debug, info, warn, error)."`
+	ResourcesDir      string `description:"The directory where resources are stored."`
+	DatabasePath      string `description:"The path to the database file."`
+	DisableAnalytics  bool   `description:"Disable analytics."`
+	DisableResources  bool   `description:"Disable resources server."`
+	DisableUIWarnings bool   `description:"Disable UI warnings."`
+	Server            ServerConfig
+	Auth              AuthConfig
+	OAuth             OAuthConfig
+	UI                UIConfig
+	Ldap              LdapConfig
+}
+
+type ServerConfig struct {
+	Port           int    `description:"The port on which the server listens."`
+	Address        string `description:"The address on which the server listens."`
+	SocketPath     string `description:"The path to the Unix socket."`
+	TrustedProxies string `description:"Comma-separated list of trusted proxy addresses."`
+}
+
+type AuthConfig struct {
+	Users           string `description:"Comma-separated list of users (username:hashed_password)."`
+	UsersFile       string `description:"Path to the users file."`
+	SecureCookie    bool   `description:"Enable secure cookies."`
+	SessionExpiry   int    `description:"Session expiry time in seconds."`
+	LoginTimeout    int    `description:"Login timeout in seconds."`
+	LoginMaxRetries int    `description:"Maximum login retries."`
+}
+
+type OAuthConfig struct {
+	Whitelist    string `description:"Comma-separated list of allowed OAuth domains."`
+	AutoRedirect string `description:"The OAuth provider to use for automatic redirection."`
+	Providers    map[string]OAuthServiceConfig
+}
+
+type UIConfig struct {
+	Title                 string `description:"The title of the UI."`
+	ForgotPasswordMessage string `description:"Message displayed on the forgot password page."`
+	BackgroundImage       string `description:"Path to the background image."`
+}
+
+type LdapConfig struct {
+	Address      string `description:"LDAP server address."`
+	BindDN       string `description:"Bind DN for LDAP authentication."`
+	BindPassword string `description:"Bind password for LDAP authentication."`
+	BaseDN       string `description:"Base DN for LDAP searches."`
+	Insecure     bool   `description:"Allow insecure LDAP connections."`
+	SearchFilter string `description:"LDAP search filter."`
 }

 // OAuth/OIDC config
@@ -55,16 +76,16 @@ type Claims struct {
 }

 type OAuthServiceConfig struct {
-	ClientID           string `field:"client-id"`
-	ClientSecret       string
-	ClientSecretFile   string
-	Scopes             []string
-	RedirectURL        string `field:"redirect-url"`
-	AuthURL            string `field:"auth-url"`
-	TokenURL           string `field:"token-url"`
-	UserinfoURL        string `field:"user-info-url"`
-	InsecureSkipVerify bool
-	Name               string
+	ClientID         string   `description:"OAuth client ID."`
+	ClientSecret     string   `description:"OAuth client secret."`
+	ClientSecretFile string   `description:"Path to the file containing the OAuth client secret."`
+	Scopes           []string `description:"OAuth scopes."`
+	RedirectURL      string   `description:"OAuth redirect URL."`
+	AuthURL          string   `description:"OAuth authorization URL."`
+	TokenURL         string   `description:"OAuth token URL."`
+	UserinfoURL      string   `description:"OAuth userinfo URL."`
+	Insecure         bool     `description:"Allow insecure OAuth connections."`
+	Name             string   `description:"Provider name in UI."`
 }

 var OverrideProviders = map[string]string{