DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/config/server.lua
michael 5c17c86fd4 feat(config): integrate rate limiting and CORS configuration from furt.conf 
- Add RateLimiter:configure() function to accept config-based limits
- Integrate security section parameters (rate_limit_api_key_max, ip_max, window)
- Add CORS configuration from config file with environment fallback
- Replace hardcoded rate limiting defaults with configurable values
- Add test endpoint control via config.security.enable_test_endpoint
- Update startup logging to show actual configured rate limits
- Add configuration validation and detailed startup information

Rate limiting now uses values from [security] section instead of hardcoded
defaults. CORS origins prioritize config file over environment variables.

Related to DAW/furt#89
2025-08-29 20:01:47 +02:00

133 lines
4.2 KiB
Lua
Raw Blame History

-- config/server.lua
-- Multi-Tenant server configuration using nginx-style config parser
-- Dragons@Work Digital Sovereignty Project
local ConfigParser = require("src.config_parser")
-- Load configuration from furt.conf
local config = ConfigParser.load_config()
-- Configure rate limiting from config
local RateLimiter = require("src.rate_limiter")
local rate_limits = {
api_key_max = config.security and config.security.rate_limit_api_key_max or 60,
ip_max = config.security and config.security.rate_limit_ip_max or 100,
window = config.security and config.security.rate_limit_window or 3600
}
RateLimiter:configure(rate_limits)
-- Parse CORS origins from config or environment
local function get_cors_origins()
-- 1. Try config file first
if config.server.cors_allowed_origins then
local origins = {}
for origin in config.server.cors_allowed_origins:gmatch("([^,]+)") do
table.insert(origins, origin:match("^%s*(.-)%s*$"))
end
return origins
end
-- 2. Try environment variable
local env_origins = os.getenv("CORS_ALLOWED_ORIGINS")
if env_origins then
local origins = {}
for origin in env_origins:gmatch("([^,]+)") do
table.insert(origins, origin:match("^%s*(.-)%s*$"))
end
return origins
end
-- 3. Development defaults
return {
"http://localhost:1313", -- Hugo dev server
"http://127.0.0.1:1313", -- Hugo dev server alternative
"http://localhost:3000", -- Common dev port
"http://127.0.0.1:3000" -- Common dev port alternative
}
end
-- Add legacy compatibility and runtime enhancements
local server_config = {
-- HTTP Server settings (from [server] section)
host = config.server.host,
port = config.server.port,
-- Timeouts and limits
client_timeout = config.server.client_timeout or 10,
-- CORS Configuration (prioritize config file over environment)
cors = {
allowed_origins = get_cors_origins()
},
-- Logging
log_level = config.server.log_level or "info",
log_requests = config.server.log_requests or true,
-- Security settings
security = {
enable_test_endpoint = config.security and config.security.enable_test_endpoint or false,
rate_limits = rate_limits
},
-- API Keys (converted from nginx-style to old format for backward compatibility)
api_keys = config.api_keys,
-- Default SMTP config (for legacy compatibility)
mail = config.smtp_default,
-- Multi-tenant mail configuration function
get_mail_config_for_api_key = function(api_key)
return ConfigParser.get_mail_config_for_api_key(config, api_key)
end,
-- Raw config access (for advanced usage)
raw_config = config
}
-- Print configuration summary on load
print("Furt Multi-Tenant Configuration Loaded:")
print(" Server: " .. server_config.host .. ":" .. server_config.port)
print(" Log Level: " .. server_config.log_level)
-- Print CORS configuration
print(" CORS Origins:")
for i, origin in ipairs(server_config.cors.allowed_origins) do
print(" " .. i .. ": " .. origin)
end
-- Print security configuration
print(" Test Endpoint: " .. (server_config.security.enable_test_endpoint and "enabled" or "disabled"))
print(" Default SMTP: " .. (config.smtp_default.host or "not configured"))
-- Print API key information
local api_key_count = 0
for key_name, key_config in pairs(config.api_keys) do
api_key_count = api_key_count + 1
-- Check if this API key has mail permissions
local has_mail_permission = false
if key_config.permissions then
for _, perm in ipairs(key_config.permissions) do
if perm == "mail:send" or perm == "*" then
has_mail_permission = true
break
end
end
end
local smtp_info = ""
if key_config.mail_smtp_host then
smtp_info = " (custom SMTP: " .. key_config.mail_smtp_host .. ")"
end
if has_mail_permission then
print(" API Key: " .. key_config.name .. " -> " .. key_config.mail_to .. smtp_info)
else
print(" API Key: " .. key_config.name .. " (no mail)" .. smtp_info)
end
end
print(" Total API Keys: " .. api_key_count)
return server_config
Reference in a new issue View git blame Copy permalink