mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
configuration: move default values inline
This commit is contained in:
parent
c055c4e671
commit
adf088c74b
@ -25,11 +25,11 @@ pub struct RunOpts {
|
|||||||
#[clap(short, long, default_value = "lldap_config.toml")]
|
#[clap(short, long, default_value = "lldap_config.toml")]
|
||||||
pub config_file: String,
|
pub config_file: String,
|
||||||
|
|
||||||
/// Change ldap port. Default: 389
|
/// Change ldap port. Default: 3890
|
||||||
#[clap(long)]
|
#[clap(long)]
|
||||||
pub ldap_port: Option<u16>,
|
pub ldap_port: Option<u16>,
|
||||||
|
|
||||||
/// Change ldap ssl port. Default: 636
|
/// Change ldap ssl port. Default: 6360
|
||||||
#[clap(long)]
|
#[clap(long)]
|
||||||
pub ldaps_port: Option<u16>,
|
pub ldaps_port: Option<u16>,
|
||||||
|
|
||||||
|
@ -12,19 +12,28 @@ use crate::infra::cli::RunOpts;
|
|||||||
#[derive(Clone, Debug, Deserialize, Serialize, derive_builder::Builder)]
|
#[derive(Clone, Debug, Deserialize, Serialize, derive_builder::Builder)]
|
||||||
#[builder(
|
#[builder(
|
||||||
pattern = "owned",
|
pattern = "owned",
|
||||||
default = "Configuration::default()",
|
|
||||||
build_fn(name = "private_build", validate = "Self::validate")
|
build_fn(name = "private_build", validate = "Self::validate")
|
||||||
)]
|
)]
|
||||||
pub struct Configuration {
|
pub struct Configuration {
|
||||||
|
#[builder(default = "3890")]
|
||||||
pub ldap_port: u16,
|
pub ldap_port: u16,
|
||||||
|
#[builder(default = "6360")]
|
||||||
pub ldaps_port: u16,
|
pub ldaps_port: u16,
|
||||||
|
#[builder(default = "17170")]
|
||||||
pub http_port: u16,
|
pub http_port: u16,
|
||||||
|
#[builder(default = r#"String::from("secretjwtsecret")"#)]
|
||||||
pub jwt_secret: String,
|
pub jwt_secret: String,
|
||||||
|
#[builder(default = r#"String::from("dc=example,dc=com")"#)]
|
||||||
pub ldap_base_dn: String,
|
pub ldap_base_dn: String,
|
||||||
|
#[builder(default = r#"String::from("admin")"#)]
|
||||||
pub ldap_user_dn: String,
|
pub ldap_user_dn: String,
|
||||||
|
#[builder(default = r#"String::from("password")"#)]
|
||||||
pub ldap_user_pass: String,
|
pub ldap_user_pass: String,
|
||||||
|
#[builder(default = r#"String::from("sqlite://users.db?mode=rwc")"#)]
|
||||||
pub database_url: String,
|
pub database_url: String,
|
||||||
|
#[builder(default = "false")]
|
||||||
pub verbose: bool,
|
pub verbose: bool,
|
||||||
|
#[builder(default = r#"String::from("server_key")"#)]
|
||||||
pub key_file: String,
|
pub key_file: String,
|
||||||
#[serde(skip)]
|
#[serde(skip)]
|
||||||
#[builder(field(private), setter(strip_option))]
|
#[builder(field(private), setter(strip_option))]
|
||||||
@ -32,7 +41,6 @@ pub struct Configuration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
impl ConfigurationBuilder {
|
impl ConfigurationBuilder {
|
||||||
#[cfg(test)]
|
|
||||||
pub fn build(self) -> Result<Configuration> {
|
pub fn build(self) -> Result<Configuration> {
|
||||||
let server_setup = get_server_setup(self.key_file.as_deref().unwrap_or("server_key"))?;
|
let server_setup = get_server_setup(self.key_file.as_deref().unwrap_or("server_key"))?;
|
||||||
Ok(self.server_setup(server_setup).private_build()?)
|
Ok(self.server_setup(server_setup).private_build()?)
|
||||||
@ -71,23 +79,6 @@ impl Configuration {
|
|||||||
|
|
||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(super) fn default() -> Self {
|
|
||||||
Configuration {
|
|
||||||
ldap_port: 3890,
|
|
||||||
ldaps_port: 6360,
|
|
||||||
http_port: 17170,
|
|
||||||
jwt_secret: String::from("secretjwtsecret"),
|
|
||||||
ldap_base_dn: String::from("dc=example,dc=com"),
|
|
||||||
// cn=admin,dc=example,dc=com
|
|
||||||
ldap_user_dn: String::from("admin"),
|
|
||||||
ldap_user_pass: String::from("password"),
|
|
||||||
database_url: String::from("sqlite://users.db?mode=rwc"),
|
|
||||||
verbose: false,
|
|
||||||
key_file: String::from("server_key"),
|
|
||||||
server_setup: None,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_server_setup(file_path: &str) -> Result<ServerSetup> {
|
fn get_server_setup(file_path: &str) -> Result<ServerSetup> {
|
||||||
@ -111,14 +102,22 @@ fn get_server_setup(file_path: &str) -> Result<ServerSetup> {
|
|||||||
pub fn init(cli_opts: RunOpts) -> Result<Configuration> {
|
pub fn init(cli_opts: RunOpts) -> Result<Configuration> {
|
||||||
let config_file = cli_opts.config_file.clone();
|
let config_file = cli_opts.config_file.clone();
|
||||||
|
|
||||||
info!("Loading configuration from {}", cli_opts.config_file);
|
println!("Loading configuration from {}", cli_opts.config_file);
|
||||||
|
|
||||||
let config: Configuration = Figment::from(Serialized::defaults(Configuration::default()))
|
let config: Configuration = Figment::from(Serialized::defaults(
|
||||||
.merge(Toml::file(config_file))
|
ConfigurationBuilder::default().build().unwrap(),
|
||||||
.merge(Env::prefixed("LLDAP_"))
|
))
|
||||||
.extract()?;
|
.merge(Toml::file(config_file))
|
||||||
|
.merge(Env::prefixed("LLDAP_"))
|
||||||
|
.extract()?;
|
||||||
|
|
||||||
let mut config = config.merge_with_cli(cli_opts);
|
let mut config = config.merge_with_cli(cli_opts);
|
||||||
config.server_setup = Some(get_server_setup(&config.key_file)?);
|
config.server_setup = Some(get_server_setup(&config.key_file)?);
|
||||||
|
if config.jwt_secret == "secretjwtsecret" {
|
||||||
|
println!("WARNING: Default JWT secret used! This is highly unsafe and can allow attackers to log in as admin.");
|
||||||
|
}
|
||||||
|
if config.ldap_user_pass == "password" {
|
||||||
|
println!("WARNING: Unsecure default admin password is used.");
|
||||||
|
}
|
||||||
Ok(config)
|
Ok(config)
|
||||||
}
|
}
|
||||||
|
@ -13,6 +13,7 @@ pub fn init(config: Configuration) -> anyhow::Result<()> {
|
|||||||
.finish();
|
.finish();
|
||||||
LogTracer::init().context("Failed to set logger")?;
|
LogTracer::init().context("Failed to set logger")?;
|
||||||
set_global_default(subscriber).context("Failed to set subscriber")?;
|
set_global_default(subscriber).context("Failed to set subscriber")?;
|
||||||
|
// TODO: Only log SQL statements >= warn unless verbose.
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user