feat(server/ops-api): add operations console backend
Stand up an internal ops-api service with operator account, auth, and audit log subsystems backed by a dedicated migrations_ops migration set. Wire Makefile targets and the migrate Dockerfile stage so the new schema ships alongside the existing tenant + monitoring databases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,87 @@
|
||||
package config
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/spf13/viper"
|
||||
|
||||
sharedconfig "github.com/geo-platform/tenant-api/internal/shared/config"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
Server sharedconfig.ServerConfig `mapstructure:"server"`
|
||||
Database sharedconfig.DatabaseConfig `mapstructure:"database"`
|
||||
Log sharedconfig.LogConfig `mapstructure:"log"`
|
||||
JWT JWTConfig `mapstructure:"jwt"`
|
||||
DefaultAdmin DefaultAdminConfig `mapstructure:"default_admin"`
|
||||
}
|
||||
|
||||
type JWTConfig struct {
|
||||
Secret string `mapstructure:"secret"`
|
||||
AccessTTL time.Duration `mapstructure:"access_ttl"`
|
||||
}
|
||||
|
||||
type DefaultAdminConfig struct {
|
||||
Username string `mapstructure:"username"`
|
||||
Password string `mapstructure:"password"`
|
||||
DisplayName string `mapstructure:"display_name"`
|
||||
Email string `mapstructure:"email"`
|
||||
}
|
||||
|
||||
func Load(path string) (*Config, error) {
|
||||
v := viper.New()
|
||||
v.SetConfigFile(path)
|
||||
|
||||
v.SetEnvPrefix("OPS")
|
||||
v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
|
||||
v.AutomaticEnv()
|
||||
|
||||
v.SetDefault("server.port", 8090)
|
||||
v.SetDefault("server.mode", "debug")
|
||||
v.SetDefault("log.level", "info")
|
||||
v.SetDefault("log.format", "json")
|
||||
v.SetDefault("jwt.access_ttl", 8*time.Hour)
|
||||
v.SetDefault("default_admin.username", "admin")
|
||||
v.SetDefault("default_admin.display_name", "Administrator")
|
||||
|
||||
if err := v.ReadInConfig(); err != nil {
|
||||
return nil, fmt.Errorf("read config: %w", err)
|
||||
}
|
||||
|
||||
var cfg Config
|
||||
if err := v.Unmarshal(&cfg); err != nil {
|
||||
return nil, fmt.Errorf("unmarshal config: %w", err)
|
||||
}
|
||||
|
||||
if err := applyEnvOverrides(&cfg); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if cfg.JWT.Secret == "" {
|
||||
return nil, fmt.Errorf("jwt.secret is required (set jwt.secret in yaml or OPS_JWT_SECRET env)")
|
||||
}
|
||||
|
||||
return &cfg, nil
|
||||
}
|
||||
|
||||
func applyEnvOverrides(cfg *Config) error {
|
||||
if v := os.Getenv("OPS_JWT_SECRET"); v != "" {
|
||||
cfg.JWT.Secret = v
|
||||
}
|
||||
if v := os.Getenv("OPS_DEFAULT_ADMIN_USERNAME"); v != "" {
|
||||
cfg.DefaultAdmin.Username = v
|
||||
}
|
||||
if v := os.Getenv("OPS_DEFAULT_ADMIN_PASSWORD"); v != "" {
|
||||
cfg.DefaultAdmin.Password = v
|
||||
}
|
||||
if v := os.Getenv("OPS_DEFAULT_ADMIN_DISPLAY_NAME"); v != "" {
|
||||
cfg.DefaultAdmin.DisplayName = v
|
||||
}
|
||||
if v := os.Getenv("OPS_DEFAULT_ADMIN_EMAIL"); v != "" {
|
||||
cfg.DefaultAdmin.Email = v
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user