Files
geo/server/internal/ops/config/config.go
T
root c091ad7aed feat(server/ops-api): add operations console backend
Stand up an internal ops-api service with operator account, auth, and
audit log subsystems backed by a dedicated migrations_ops migration set.
Wire Makefile targets and the migrate Dockerfile stage so the new schema
ships alongside the existing tenant + monitoring databases.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 11:32:50 +08:00

88 lines
2.2 KiB
Go

package config
import (
"fmt"
"os"
"strings"
"time"
"github.com/spf13/viper"
sharedconfig "github.com/geo-platform/tenant-api/internal/shared/config"
)
type Config struct {
Server sharedconfig.ServerConfig `mapstructure:"server"`
Database sharedconfig.DatabaseConfig `mapstructure:"database"`
Log sharedconfig.LogConfig `mapstructure:"log"`
JWT JWTConfig `mapstructure:"jwt"`
DefaultAdmin DefaultAdminConfig `mapstructure:"default_admin"`
}
type JWTConfig struct {
Secret string `mapstructure:"secret"`
AccessTTL time.Duration `mapstructure:"access_ttl"`
}
type DefaultAdminConfig struct {
Username string `mapstructure:"username"`
Password string `mapstructure:"password"`
DisplayName string `mapstructure:"display_name"`
Email string `mapstructure:"email"`
}
func Load(path string) (*Config, error) {
v := viper.New()
v.SetConfigFile(path)
v.SetEnvPrefix("OPS")
v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
v.AutomaticEnv()
v.SetDefault("server.port", 8090)
v.SetDefault("server.mode", "debug")
v.SetDefault("log.level", "info")
v.SetDefault("log.format", "json")
v.SetDefault("jwt.access_ttl", 8*time.Hour)
v.SetDefault("default_admin.username", "admin")
v.SetDefault("default_admin.display_name", "Administrator")
if err := v.ReadInConfig(); err != nil {
return nil, fmt.Errorf("read config: %w", err)
}
var cfg Config
if err := v.Unmarshal(&cfg); err != nil {
return nil, fmt.Errorf("unmarshal config: %w", err)
}
if err := applyEnvOverrides(&cfg); err != nil {
return nil, err
}
if cfg.JWT.Secret == "" {
return nil, fmt.Errorf("jwt.secret is required (set jwt.secret in yaml or OPS_JWT_SECRET env)")
}
return &cfg, nil
}
func applyEnvOverrides(cfg *Config) error {
if v := os.Getenv("OPS_JWT_SECRET"); v != "" {
cfg.JWT.Secret = v
}
if v := os.Getenv("OPS_DEFAULT_ADMIN_USERNAME"); v != "" {
cfg.DefaultAdmin.Username = v
}
if v := os.Getenv("OPS_DEFAULT_ADMIN_PASSWORD"); v != "" {
cfg.DefaultAdmin.Password = v
}
if v := os.Getenv("OPS_DEFAULT_ADMIN_DISPLAY_NAME"); v != "" {
cfg.DefaultAdmin.DisplayName = v
}
if v := os.Getenv("OPS_DEFAULT_ADMIN_EMAIL"); v != "" {
cfg.DefaultAdmin.Email = v
}
return nil
}