package authproxy import ( "database/sql" "flag" "fmt" "strings" "time" "github.com/gin-gonic/gin" "github.com/peterbourgon/ff/v3" "edge-infra.dev/pkg/edge/auth-proxy/session" "edge-infra.dev/pkg/lib/gcp/cloudsql" "edge-infra.dev/pkg/lib/runtime/metrics" ) // ProxyConfig type ProxyConfig struct { MetricsPort string UIProxyPort string Mode string BffEndpoint string Domain string DatabaseHost string DatabaseConnectionName string DatabaseName string DatabaseUsername string DatabasePassword string DatabasePort string DatabaseSchema string EAGatewayEndpoint string TokenSecret string SessionSecret string AllowedOrigins string SessionDuration time.Duration StripToken bool SessionLength int } func NewConfig(args []string) (*ProxyConfig, error) { config := ProxyConfig{} fs := flag.NewFlagSet("authproxy", flag.ExitOnError) fs.StringVar( &config.MetricsPort, "metrics_port", metrics.DefaultBindAddress, "Port number for metrics bind address for runnable manager", ) fs.StringVar( &config.UIProxyPort, "auth_proxy_port", "9003", "Port number for gin reverse proxy server", ) fs.StringVar( &config.Domain, "domain", "", "domain for cookie", ) fs.StringVar( &config.BffEndpoint, "bff_endpoint", "", "Bff endpoint URL for proxy target", ) fs.StringVar( &config.EAGatewayEndpoint, "ea_gateway_endpoint", "", "EA gateway endpoint URL for proxy target", ) fs.StringVar(&config.Mode, "mode", gin.ReleaseMode, "gin server mode", ) fs.StringVar(&config.DatabaseHost, "database_host", "", "Database Host", ) fs.StringVar(&config.DatabaseConnectionName, "database_connection_name", "", "Database Connection Name", ) fs.StringVar(&config.DatabaseName, "database_name", "", "Database Name", ) fs.StringVar(&config.DatabaseUsername, "database_username", "", "Database User Name", ) fs.StringVar(&config.DatabasePassword, "database_password", "", "Database Password", ) fs.StringVar(&config.DatabasePort, "database_port", "", "Database Port", ) fs.StringVar(&config.DatabaseSchema, "database_schema", "", "Optionally specify a search path for DB connection", ) fs.StringVar(&config.TokenSecret, "app_secret", "", "JWT Token Secret", ) fs.StringVar(&config.SessionSecret, "session_secret", "", "Session Secret", ) fs.StringVar(&config.AllowedOrigins, "allowed_origins", "http://localhost:3000", "Origins that CORS should allow", ) fs.DurationVar(&config.SessionDuration, "session_duration", session.DefaultDuration, "Duration a session should be active", ) fs.BoolVar(&config.StripToken, "strip_token", false, "Strip the jwt token from the login mutation", ) fs.IntVar(&config.SessionLength, "session_length", 1024*1024*1024, "The length of the session value in database", ) if err := ff.Parse(fs, args, ff.WithEnvVarNoPrefix()); err != nil { return &ProxyConfig{}, err } return &config, nil } func (c *ProxyConfig) allowedOrigins() []string { return strings.Split(c.AllowedOrigins, ",") } func (c *ProxyConfig) connectDatabase() (*sql.DB, error) { edgeDB := &cloudsql.EdgePostgres{} switch { case c.DatabaseConnectionName != "": edgeDB = cloudsql.GCPPostgresConnection(c.DatabaseConnectionName) case c.DatabaseConnectionName == "" && c.DatabaseHost != "": if c.DatabasePort == "" { return nil, fmt.Errorf("database port is required") } edgeDB = cloudsql.PostgresConnection(c.DatabaseHost, c.DatabasePort).Password(c.DatabasePassword) default: return nil, fmt.Errorf("database_connection_name or database_host must be provided") } // Only set search_path when the schema is a non-empty string if c.DatabaseSchema != "" { edgeDB = edgeDB.SearchPath(c.DatabaseSchema) } dbConnection, err := edgeDB. DBName(c.DatabaseName). Username(c.DatabaseUsername). NewConnection() if err != nil { return nil, err } if err := dbConnection.Ping(); err != nil { return nil, err } return dbConnection, nil }