diff --git a/server/src/infra/cli.rs b/server/src/infra/cli.rs index 6a42119..cd0be24 100644 --- a/server/src/infra/cli.rs +++ b/server/src/infra/cli.rs @@ -25,11 +25,11 @@ pub struct RunOpts { #[clap(short, long, default_value = "lldap_config.toml")] pub config_file: String, - /// Change ldap port. Default: 389 + /// Change ldap port. Default: 3890 #[clap(long)] pub ldap_port: Option, - /// Change ldap ssl port. Default: 636 + /// Change ldap ssl port. Default: 6360 #[clap(long)] pub ldaps_port: Option, diff --git a/server/src/infra/configuration.rs b/server/src/infra/configuration.rs index 9284cbe..cc68fce 100644 --- a/server/src/infra/configuration.rs +++ b/server/src/infra/configuration.rs @@ -12,19 +12,28 @@ use crate::infra::cli::RunOpts; #[derive(Clone, Debug, Deserialize, Serialize, derive_builder::Builder)] #[builder( pattern = "owned", - default = "Configuration::default()", build_fn(name = "private_build", validate = "Self::validate") )] pub struct Configuration { + #[builder(default = "3890")] pub ldap_port: u16, + #[builder(default = "6360")] pub ldaps_port: u16, + #[builder(default = "17170")] pub http_port: u16, + #[builder(default = r#"String::from("secretjwtsecret")"#)] pub jwt_secret: String, + #[builder(default = r#"String::from("dc=example,dc=com")"#)] pub ldap_base_dn: String, + #[builder(default = r#"String::from("admin")"#)] pub ldap_user_dn: String, + #[builder(default = r#"String::from("password")"#)] pub ldap_user_pass: String, + #[builder(default = r#"String::from("sqlite://users.db?mode=rwc")"#)] pub database_url: String, + #[builder(default = "false")] pub verbose: bool, + #[builder(default = r#"String::from("server_key")"#)] pub key_file: String, #[serde(skip)] #[builder(field(private), setter(strip_option))] @@ -32,7 +41,6 @@ pub struct Configuration { } impl ConfigurationBuilder { - #[cfg(test)] pub fn build(self) -> Result { let server_setup = get_server_setup(self.key_file.as_deref().unwrap_or("server_key"))?; Ok(self.server_setup(server_setup).private_build()?) @@ -71,23 +79,6 @@ impl Configuration { self } - - pub(super) fn default() -> Self { - Configuration { - ldap_port: 3890, - ldaps_port: 6360, - http_port: 17170, - jwt_secret: String::from("secretjwtsecret"), - ldap_base_dn: String::from("dc=example,dc=com"), - // cn=admin,dc=example,dc=com - ldap_user_dn: String::from("admin"), - ldap_user_pass: String::from("password"), - database_url: String::from("sqlite://users.db?mode=rwc"), - verbose: false, - key_file: String::from("server_key"), - server_setup: None, - } - } } fn get_server_setup(file_path: &str) -> Result { @@ -111,14 +102,22 @@ fn get_server_setup(file_path: &str) -> Result { pub fn init(cli_opts: RunOpts) -> Result { let config_file = cli_opts.config_file.clone(); - info!("Loading configuration from {}", cli_opts.config_file); + println!("Loading configuration from {}", cli_opts.config_file); - let config: Configuration = Figment::from(Serialized::defaults(Configuration::default())) - .merge(Toml::file(config_file)) - .merge(Env::prefixed("LLDAP_")) - .extract()?; + let config: Configuration = Figment::from(Serialized::defaults( + ConfigurationBuilder::default().build().unwrap(), + )) + .merge(Toml::file(config_file)) + .merge(Env::prefixed("LLDAP_")) + .extract()?; let mut config = config.merge_with_cli(cli_opts); config.server_setup = Some(get_server_setup(&config.key_file)?); + if config.jwt_secret == "secretjwtsecret" { + println!("WARNING: Default JWT secret used! This is highly unsafe and can allow attackers to log in as admin."); + } + if config.ldap_user_pass == "password" { + println!("WARNING: Unsecure default admin password is used."); + } Ok(config) } diff --git a/server/src/infra/logging.rs b/server/src/infra/logging.rs index 939ee9a..f4bd4a0 100644 --- a/server/src/infra/logging.rs +++ b/server/src/infra/logging.rs @@ -13,6 +13,7 @@ pub fn init(config: Configuration) -> anyhow::Result<()> { .finish(); LogTracer::init().context("Failed to set logger")?; set_global_default(subscriber).context("Failed to set subscriber")?; + // TODO: Only log SQL statements >= warn unless verbose. Ok(()) }