kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2185bbe56389b641be3edf6c3580244b5f1bd43e
eng-pad-server/internal/config/config.go
Kyle Isom 41839b7284 Add comprehensive config validation and race testing target 
Split config validation into validateFields() (pure logic) and
validateFiles() (filesystem checks) for testability. New validations:
TLS file existence, token TTL parseability/positivity, Argon2 params > 0,
valid log level, non-empty listen addresses. Added 18 tests covering all
validation paths. Added `make test-race` target. Resolves A-015 and A-017.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 20:49:16 -07:00

135 lines
3.2 KiB
Go
Raw Blame History

package config
import (
"fmt"
"os"
"time"
"github.com/pelletier/go-toml/v2"
)
type Config struct {
Server ServerConfig `toml:"server"`
Web WebConfig `toml:"web"`
Database DatabaseConfig `toml:"database"`
Auth AuthConfig `toml:"auth"`
WebAuthn WebAuthnConfig `toml:"webauthn"`
Log LogConfig `toml:"log"`
}
type ServerConfig struct {
ListenAddr string `toml:"listen_addr"`
GRPCAddr string `toml:"grpc_addr"`
TLSCert string `toml:"tls_cert"`
TLSKey string `toml:"tls_key"`
}
type WebConfig struct {
ListenAddr string `toml:"listen_addr"`
BaseURL string `toml:"base_url"`
}
type DatabaseConfig struct {
Path string `toml:"path"`
}
type AuthConfig struct {
TokenTTL string `toml:"token_ttl"`
Argon2Memory uint32 `toml:"argon2_memory"`
Argon2Time uint32 `toml:"argon2_time"`
Argon2Threads uint8 `toml:"argon2_threads"`
}
func (a AuthConfig) TokenDuration() (time.Duration, error) {
return time.ParseDuration(a.TokenTTL)
}
type WebAuthnConfig struct {
RPDisplayName string `toml:"rp_display_name"`
RPID string `toml:"rp_id"`
RPOrigins []string `toml:"rp_origins"`
}
type LogConfig struct {
Level string `toml:"level"`
}
func Load(path string) (*Config, error) {
data, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("read config: %w", err)
}
var cfg Config
if err := toml.Unmarshal(data, &cfg); err != nil {
return nil, fmt.Errorf("parse config: %w", err)
}
if err := cfg.validate(); err != nil {
return nil, fmt.Errorf("config validation: %w", err)
}
return &cfg, nil
}
func (c *Config) validate() error {
if err := c.validateFields(); err != nil {
return err
}
if err := c.validateFiles(); err != nil {
return err
}
return nil
}
// validateFields checks config values that don't require filesystem access.
func (c *Config) validateFields() error {
if c.Database.Path == "" {
return fmt.Errorf("database.path is required")
}
if c.Server.TLSCert == "" || c.Server.TLSKey == "" {
return fmt.Errorf("server.tls_cert and server.tls_key are required")
}
if c.Server.ListenAddr == "" {
return fmt.Errorf("server.listen_addr is required")
}
if c.Server.GRPCAddr == "" {
return fmt.Errorf("server.grpc_addr is required")
}
d, err := c.Auth.TokenDuration()
if err != nil {
return fmt.Errorf("auth.token_ttl is invalid: %w", err)
}
if d <= 0 {
return fmt.Errorf("auth.token_ttl must be positive")
}
if c.Auth.Argon2Memory == 0 {
return fmt.Errorf("auth.argon2_memory must be greater than zero")
}
if c.Auth.Argon2Time == 0 {
return fmt.Errorf("auth.argon2_time must be greater than zero")
}
if c.Auth.Argon2Threads == 0 {
return fmt.Errorf("auth.argon2_threads must be greater than zero")
}
switch c.Log.Level {
case "debug", "info", "warn", "error":
// valid
default:
return fmt.Errorf("log.level must be one of: debug, info, warn, error (got %q)", c.Log.Level)
}
return nil
}
// validateFiles checks that referenced files exist on disk.
func (c *Config) validateFiles() error {
if _, err := os.Stat(c.Server.TLSCert); err != nil {
return fmt.Errorf("server.tls_cert file not found: %w", err)
}
if _, err := os.Stat(c.Server.TLSKey); err != nil {
return fmt.Errorf("server.tls_key file not found: %w", err)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink