feat(config): implement multi-tenant config system (DAW/furt#89)

- nginx-style furt.conf configuration - Multi-tenant mail routing per API key - Custom SMTP support per customer - Backward compatibility via server.lua adapter WIP: Ready for testing on werner
2025-08-15 16:18:55 +02:00 · 2025-08-15 16:18:55 +02:00 · 3ed921312f
commit 3ed921312f
parent be3b9614d0
5 changed files with 625 additions and 86 deletions
--- a/config/furt.conf.example
+++ b/config/furt.conf.example
@ -0,0 +1,90 @@
+# furt.conf - Multi-Tenant Configuration Example
+# Dragons@Work Digital Sovereignty Project
+
+# Server configuration
+[server]
+host = 127.0.0.1
+port = 8080
+log_level = info
+
+# Default SMTP settings (used when API keys don't have custom SMTP)
+[smtp_default]
+host = mail.dragons-at-work.de
+port = 465
+user = noreply@dragons-at-work.de
+password = your-smtp-password-here
+use_ssl = true
+
+# Dragons@Work Website
+[api_key "daw-frontend-key"]
+name = "Dragons@Work Website"
+permissions = mail:send
+allowed_ips = 127.0.0.1, 10.0.0.0/8, 192.168.0.0/16
+mail_to = admin@dragons-at-work.de
+mail_from = noreply@dragons-at-work.de
+mail_subject_prefix = "[DAW Contact] "
+
+# Biocodie Website (same SMTP, different recipient)
+[api_key "bio-frontend-key"]
+name = "Biocodie Website"
+permissions = mail:send
+allowed_ips = 127.0.0.1, 10.0.0.0/8
+mail_to = contact@biocodie.de
+mail_from = noreply@biocodie.de
+mail_subject_prefix = "[Biocodie] "
+
+# Verlag Website
+[api_key "verlag-frontend-key"]
+name = "Verlag Dragons@Work"
+permissions = mail:send
+allowed_ips = 127.0.0.1, 10.0.0.0/8
+mail_to = verlag@dragons-at-work.de
+mail_from = noreply@verlag.dragons-at-work.de
+mail_subject_prefix = "[Verlag] "
+
+# Customer with custom SMTP
+[api_key "kunde-x-frontend-key"]
+name = "Kunde X Website"
+permissions = mail:send
+allowed_ips = 1.2.3.4/32, 5.6.7.8/32
+mail_to = info@kunde-x.de
+mail_from = noreply@kunde-x.de
+mail_subject_prefix = "[Kunde X] "
+# Custom SMTP for this customer
+mail_smtp_host = mail.kunde-x.de
+mail_smtp_port = 587
+mail_smtp_user = noreply@kunde-x.de
+mail_smtp_pass = kunde-x-smtp-password
+mail_smtp_ssl = true
+
+# Customer with external provider (e.g., Gmail)
+[api_key "kunde-y-frontend-key"]
+name = "Kunde Y Website"
+permissions = mail:send
+allowed_ips = 9.10.11.12/32
+mail_to = support@kunde-y.com
+mail_from = website@kunde-y.com
+mail_subject_prefix = "[Kunde Y Support] "
+# Gmail SMTP example
+mail_smtp_host = smtp.gmail.com
+mail_smtp_port = 587
+mail_smtp_user = website@kunde-y.com
+mail_smtp_pass = gmail-app-password
+mail_smtp_ssl = true
+
+# Admin API key (full access for management)
+[api_key "admin-management-key"]
+name = "Admin Access"
+permissions = *, mail:send, auth:status
+allowed_ips = 127.0.0.1, 10.0.0.0/8
+mail_to = admin@dragons-at-work.de
+mail_from = furt-admin@dragons-at-work.de
+mail_subject_prefix = "[Furt Admin] "
+
+# Monitoring key (limited access)
+[api_key "monitoring-health-key"]
+name = "Monitoring Service"
+permissions = health:check
+allowed_ips = 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12
+# No mail config needed for monitoring
+