Port configuration to ccConfig scheme

Decentralize config validation Modularize configuration handling
2025-07-23 12:51:40 +02:00 · 2025-07-07 13:09:12 +02:00
parent dd48f5ab87
commit 0754ba5292
34 changed files with 860 additions and 302 deletions
--- a/internal/auth/schema.go
+++ b/internal/auth/schema.go
@@ -0,0 +1,95 @@
+// Copyright (C) NHR@FAU, University Erlangen-Nuremberg.
+// All rights reserved. This file is part of cc-backend.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+package auth
+
+var configSchema = `
+	{
+    "jwts": {
+      "description": "For JWT token authentication.",
+      "type": "object",
+      "properties": {
+        "max-age": {
+          "description": "Configure how long a token is valid. As string parsable by time.ParseDuration()",
+          "type": "string"
+        },
+        "cookieName": {
+          "description": "Cookie that should be checked for a JWT token.",
+          "type": "string"
+        },
+        "validateUser": {
+          "description": "Deny login for users not in database (but defined in JWT). Overwrite roles in JWT with database roles.",
+          "type": "boolean"
+        },
+        "trustedIssuer": {
+          "description": "Issuer that should be accepted when validating external JWTs ",
+          "type": "string"
+        },
+        "syncUserOnLogin": {
+          "description": "Add non-existent user to DB at login attempt with values provided in JWT.",
+          "type": "boolean"
+        }
+      },
+      "required": ["max-age"]
+    },
+    "oidc": {
+      "provider": {
+        "description": "",
+        "type": "string"
+      },
+      "syncUserOnLogin": {
+        "description": "",
+        "type": "boolean"
+      },
+      "updateUserOnLogin": {
+        "description": "",
+        "type": "boolean"
+      },
+      "required": ["provider"]
+    },
+    "ldap": {
+      "description": "For LDAP Authentication and user synchronisation.",
+      "type": "object",
+      "properties": {
+        "url": {
+          "description": "URL of LDAP directory server.",
+          "type": "string"
+        },
+        "user_base": {
+          "description": "Base DN of user tree root.",
+          "type": "string"
+        },
+        "search_dn": {
+          "description": "DN for authenticating LDAP admin account with general read rights.",
+          "type": "string"
+        },
+        "user_bind": {
+          "description": "Expression used to authenticate users via LDAP bind. Must contain uid={username}.",
+          "type": "string"
+        },
+        "user_filter": {
+          "description": "Filter to extract users for syncing.",
+          "type": "string"
+        },
+        "username_attr": {
+          "description": "Attribute with full username. Default: gecos",
+          "type": "string"
+        },
+        "sync_interval": {
+          "description": "Interval used for syncing local user table with LDAP directory. Parsed using time.ParseDuration.",
+          "type": "string"
+        },
+        "sync_del_old_users": {
+          "description": "Delete obsolete users in database.",
+          "type": "boolean"
+        },
+        "syncUserOnLogin": {
+          "description": "Add non-existent user to DB at login attempt if user exists in Ldap directory",
+          "type": "boolean"
+        }
+      },
+      "required": ["url", "user_base", "search_dn", "user_bind", "user_filter"]
+    },
+  "required": ["jwts"]
+	}`