c091ad7aed
Stand up an internal ops-api service with operator account, auth, and audit log subsystems backed by a dedicated migrations_ops migration set. Wire Makefile targets and the migrate Dockerfile stage so the new schema ships alongside the existing tenant + monitoring databases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
88 lines
2.2 KiB
Go
88 lines
2.2 KiB
Go
package config
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/spf13/viper"
|
|
|
|
sharedconfig "github.com/geo-platform/tenant-api/internal/shared/config"
|
|
)
|
|
|
|
type Config struct {
|
|
Server sharedconfig.ServerConfig `mapstructure:"server"`
|
|
Database sharedconfig.DatabaseConfig `mapstructure:"database"`
|
|
Log sharedconfig.LogConfig `mapstructure:"log"`
|
|
JWT JWTConfig `mapstructure:"jwt"`
|
|
DefaultAdmin DefaultAdminConfig `mapstructure:"default_admin"`
|
|
}
|
|
|
|
type JWTConfig struct {
|
|
Secret string `mapstructure:"secret"`
|
|
AccessTTL time.Duration `mapstructure:"access_ttl"`
|
|
}
|
|
|
|
type DefaultAdminConfig struct {
|
|
Username string `mapstructure:"username"`
|
|
Password string `mapstructure:"password"`
|
|
DisplayName string `mapstructure:"display_name"`
|
|
Email string `mapstructure:"email"`
|
|
}
|
|
|
|
func Load(path string) (*Config, error) {
|
|
v := viper.New()
|
|
v.SetConfigFile(path)
|
|
|
|
v.SetEnvPrefix("OPS")
|
|
v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
|
|
v.AutomaticEnv()
|
|
|
|
v.SetDefault("server.port", 8090)
|
|
v.SetDefault("server.mode", "debug")
|
|
v.SetDefault("log.level", "info")
|
|
v.SetDefault("log.format", "json")
|
|
v.SetDefault("jwt.access_ttl", 8*time.Hour)
|
|
v.SetDefault("default_admin.username", "admin")
|
|
v.SetDefault("default_admin.display_name", "Administrator")
|
|
|
|
if err := v.ReadInConfig(); err != nil {
|
|
return nil, fmt.Errorf("read config: %w", err)
|
|
}
|
|
|
|
var cfg Config
|
|
if err := v.Unmarshal(&cfg); err != nil {
|
|
return nil, fmt.Errorf("unmarshal config: %w", err)
|
|
}
|
|
|
|
if err := applyEnvOverrides(&cfg); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if cfg.JWT.Secret == "" {
|
|
return nil, fmt.Errorf("jwt.secret is required (set jwt.secret in yaml or OPS_JWT_SECRET env)")
|
|
}
|
|
|
|
return &cfg, nil
|
|
}
|
|
|
|
func applyEnvOverrides(cfg *Config) error {
|
|
if v := os.Getenv("OPS_JWT_SECRET"); v != "" {
|
|
cfg.JWT.Secret = v
|
|
}
|
|
if v := os.Getenv("OPS_DEFAULT_ADMIN_USERNAME"); v != "" {
|
|
cfg.DefaultAdmin.Username = v
|
|
}
|
|
if v := os.Getenv("OPS_DEFAULT_ADMIN_PASSWORD"); v != "" {
|
|
cfg.DefaultAdmin.Password = v
|
|
}
|
|
if v := os.Getenv("OPS_DEFAULT_ADMIN_DISPLAY_NAME"); v != "" {
|
|
cfg.DefaultAdmin.DisplayName = v
|
|
}
|
|
if v := os.Getenv("OPS_DEFAULT_ADMIN_EMAIL"); v != "" {
|
|
cfg.DefaultAdmin.Email = v
|
|
}
|
|
return nil
|
|
}
|