🔧 chore: implement JWT configuration with TTL and retention policy
- Add JWTConfig struct with TTL and SecretRetention fields - Configure default values: TTL=1h, RetentionFactor=2.0, MaxRetention=72h, CleanupInterval=1h - Add environment variable support (DLC_AUTH_JWT_*) - Implement getter methods for JWT configuration - Add comprehensive unit tests for default and custom values - Update logging to include JWT configuration values - Fix BDD step implementation issues (duplicate methods, unused imports) - All BDD tests passing with new JWT configuration Implements JWT secret retention policy as defined in ADR-0021 Closes #42 Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
This commit is contained in:
@@ -69,8 +69,19 @@ type APIConfig struct {
|
||||
|
||||
// AuthConfig holds authentication configuration
|
||||
type AuthConfig struct {
|
||||
JWTSecret string `mapstructure:"jwt_secret"`
|
||||
AdminMasterPassword string `mapstructure:"admin_master_password"`
|
||||
JWTSecret string `mapstructure:"jwt_secret"`
|
||||
AdminMasterPassword string `mapstructure:"admin_master_password"`
|
||||
JWT JWTConfig `mapstructure:"jwt"`
|
||||
}
|
||||
|
||||
// JWTConfig holds JWT-specific configuration
|
||||
type JWTConfig struct {
|
||||
TTL time.Duration `mapstructure:"ttl"`
|
||||
SecretRetention struct {
|
||||
RetentionFactor float64 `mapstructure:"retention_factor"`
|
||||
MaxRetention time.Duration `mapstructure:"max_retention"`
|
||||
CleanupInterval time.Duration `mapstructure:"cleanup_interval"`
|
||||
} `mapstructure:"secret_retention"`
|
||||
}
|
||||
|
||||
// DatabaseConfig holds database configuration
|
||||
@@ -140,6 +151,10 @@ func LoadConfig() (*Config, error) {
|
||||
// Auth defaults
|
||||
v.SetDefault("auth.jwt_secret", "default-secret-key-please-change-in-production")
|
||||
v.SetDefault("auth.admin_master_password", "admin123")
|
||||
v.SetDefault("auth.jwt.ttl", 1*time.Hour)
|
||||
v.SetDefault("auth.jwt.secret_retention.retention_factor", 2.0)
|
||||
v.SetDefault("auth.jwt.secret_retention.max_retention", 72*time.Hour)
|
||||
v.SetDefault("auth.jwt.secret_retention.cleanup_interval", 1*time.Hour)
|
||||
|
||||
// Check for custom config file path via environment variable
|
||||
if configFile := os.Getenv("DLC_CONFIG_FILE"); configFile != "" {
|
||||
@@ -182,6 +197,10 @@ func LoadConfig() (*Config, error) {
|
||||
// Auth environment variables
|
||||
v.BindEnv("auth.jwt_secret", "DLC_AUTH_JWT_SECRET")
|
||||
v.BindEnv("auth.admin_master_password", "DLC_AUTH_ADMIN_MASTER_PASSWORD")
|
||||
v.BindEnv("auth.jwt.ttl", "DLC_AUTH_JWT_TTL")
|
||||
v.BindEnv("auth.jwt.secret_retention.retention_factor", "DLC_AUTH_JWT_SECRET_RETENTION_FACTOR")
|
||||
v.BindEnv("auth.jwt.secret_retention.max_retention", "DLC_AUTH_JWT_SECRET_MAX_RETENTION")
|
||||
v.BindEnv("auth.jwt.secret_retention.cleanup_interval", "DLC_AUTH_JWT_SECRET_CLEANUP_INTERVAL")
|
||||
v.BindEnv("telemetry.sampler.type", "DLC_TELEMETRY_SAMPLER_TYPE")
|
||||
v.BindEnv("telemetry.sampler.ratio", "DLC_TELEMETRY_SAMPLER_RATIO")
|
||||
|
||||
@@ -224,6 +243,10 @@ func LoadConfig() (*Config, error) {
|
||||
Bool("telemetry_enabled", config.Telemetry.Enabled).
|
||||
Str("telemetry_service", config.Telemetry.ServiceName).
|
||||
Bool("api_v2_enabled", config.API.V2Enabled).
|
||||
Dur("jwt_ttl", config.GetJWTTTL()).
|
||||
Float64("jwt_retention_factor", config.GetJWTSecretRetentionFactor()).
|
||||
Dur("jwt_max_retention", config.GetJWTSecretMaxRetention()).
|
||||
Dur("jwt_cleanup_interval", config.GetJWTSecretCleanupInterval()).
|
||||
Msg("Configuration loaded")
|
||||
|
||||
return &config, nil
|
||||
@@ -284,6 +307,38 @@ func (c *Config) GetAdminMasterPassword() string {
|
||||
return c.Auth.AdminMasterPassword
|
||||
}
|
||||
|
||||
// GetJWTTTL returns the JWT TTL
|
||||
func (c *Config) GetJWTTTL() time.Duration {
|
||||
if c.Auth.JWT.TTL == 0 {
|
||||
return 1 * time.Hour // Default value
|
||||
}
|
||||
return c.Auth.JWT.TTL
|
||||
}
|
||||
|
||||
// GetJWTSecretRetentionFactor returns the JWT secret retention factor
|
||||
func (c *Config) GetJWTSecretRetentionFactor() float64 {
|
||||
if c.Auth.JWT.SecretRetention.RetentionFactor == 0 {
|
||||
return 2.0 // Default value
|
||||
}
|
||||
return c.Auth.JWT.SecretRetention.RetentionFactor
|
||||
}
|
||||
|
||||
// GetJWTSecretMaxRetention returns the maximum JWT secret retention period
|
||||
func (c *Config) GetJWTSecretMaxRetention() time.Duration {
|
||||
if c.Auth.JWT.SecretRetention.MaxRetention == 0 {
|
||||
return 72 * time.Hour // Default value
|
||||
}
|
||||
return c.Auth.JWT.SecretRetention.MaxRetention
|
||||
}
|
||||
|
||||
// GetJWTSecretCleanupInterval returns the JWT secret cleanup interval
|
||||
func (c *Config) GetJWTSecretCleanupInterval() time.Duration {
|
||||
if c.Auth.JWT.SecretRetention.CleanupInterval == 0 {
|
||||
return 1 * time.Hour // Default value
|
||||
}
|
||||
return c.Auth.JWT.SecretRetention.CleanupInterval
|
||||
}
|
||||
|
||||
// GetLoggingJSON returns whether JSON logging is enabled
|
||||
func (c *Config) GetLoggingJSON() bool {
|
||||
return c.Logging.JSON
|
||||
|
||||
Reference in New Issue
Block a user