Upgrades to Config

* Added config file and config tests * Configs per stack can be set up depending on their config/STACK folder and tested appropriately to add config redundancy
2022-08-14 12:55:11 +02:00
parent b198814aa7
commit 9cc37b0d0d
9 changed files with 170 additions and 14 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -2,21 +2,37 @@ package config

 import (
 	"encoding/json"
+	"log"
 	"os"
 )

 type StackConfiguration struct {
-	ConfigLoaded              bool
+	ConfigLoaded bool
+
 	AllowFreshAdminGeneration bool
 	AdminEmails               []string
 	AdminHmacEnv              string
 	UserHmacEnv               string
+	AuthedRateLimitConfig     string
+	UnauthedRateLimitConfig   string
 }

+var Environment = os.Getenv("STACK_ENVIRONMENT")
+
 var Config = StackConfiguration{}

+func GetConfigPath(filename string) string {
+	if Environment == "" {
+		Environment = "dev"
+	}
+	return Environment + "/" + filename
+}
+
 func LoadConfig() {
-	file, _ := os.Open("conf.json")
+	file, err := os.Open(GetConfigPath("conf.json"))
+	if err != nil {
+		panic(err)
+	}
 	defer file.Close()
 	dec := json.NewDecoder(file)
 	if err := dec.Decode(&Config); err != nil {
@@ -24,4 +40,6 @@ func LoadConfig() {
 	}

 	Config.ConfigLoaded = true
+
+	log.Printf("Loaded Config for stack " + Environment)
 }
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -0,0 +1,68 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestAllConfigs(t *testing.T) {
+	SingleStackTest(t, "dev", StackConfiguration{
+		AllowFreshAdminGeneration: true,
+		AdminEmails:               []string{"admin@admin.invalid"},
+		AdminHmacEnv:              "ADMIN_HMAC_ENV",
+		UserHmacEnv:               "USER_HMAC_ENV",
+		AuthedRateLimitConfig:     "ratelimit.auth.json",
+		UnauthedRateLimitConfig:   "ratelimit.unauth.json",
+	})
+}
+
+func SingleStackTest(t *testing.T, stack string, expected StackConfiguration) {
+	Config = StackConfiguration{}
+
+	if Config.ConfigLoaded {
+		t.Errorf("Config.ConfigLoaded should be false before any processing")
+	}
+
+	if len(Config.AdminEmails) > 0 ||
+		Config.AdminHmacEnv != "" ||
+		Config.UserHmacEnv != "" ||
+		Config.AllowFreshAdminGeneration ||
+		Config.AuthedRateLimitConfig != "" ||
+		Config.UnauthedRateLimitConfig != "" { // Extend this IF for any other config values
+		t.Errorf("Config already has values before loading")
+	}
+
+	Environment = stack
+	LoadConfig()
+
+	if !Config.ConfigLoaded {
+		t.Errorf("Config was not set to loaded")
+	}
+
+	// Finally test values
+	if Config.AllowFreshAdminGeneration != expected.AllowFreshAdminGeneration {
+		t.Errorf("AllowFreshAdminGeneration value not set properly")
+	}
+
+	for i, email := range Config.AdminEmails {
+		if expected.AdminEmails[i] != email {
+			t.Errorf("AdminEmails value not set properly, expected %v at %v, was %v", expected.AdminEmails[i], i, email)
+		}
+	}
+
+	if Config.AdminHmacEnv != expected.AdminHmacEnv {
+		t.Errorf("AdminHmacEnv value not set properly")
+	}
+
+	if Config.UserHmacEnv != expected.UserHmacEnv {
+		t.Errorf("UserHmacEnv value not set properly")
+	}
+
+	if Config.AuthedRateLimitConfig != expected.AuthedRateLimitConfig {
+		t.Errorf("AuthedRateLimitConfig value not set properly")
+	}
+
+	if Config.UnauthedRateLimitConfig != expected.UnauthedRateLimitConfig {
+		t.Errorf("UnauthedRateLimitConfig value not set properly")
+	}
+
+}
--- a/config/dev/conf.json
+++ b/config/dev/conf.json
@@ -0,0 +1,8 @@
+{
+    "AllowFreshAdminGeneration": true,
+    "AdminEmails": ["admin@admin.invalid"],
+    "AdminHmacEnv": "ADMIN_HMAC_ENV",
+    "UserHmacEnv": "USER_HMAC_ENV",
+	"AuthedRateLimitConfig": "ratelimit.auth.json",
+	"UnauthedRateLimitConfig": "ratelimit.unauth.json"
+}
--- a/config/dev/ratelimit.auth.json
+++ b/config/dev/ratelimit.auth.json
@@ -0,0 +1,17 @@
+{
+    "": {"seconds": 60, "max": 30, "_comment": "Global ratelimit."},
+
+    "/v1/sec/doot": 
+        {"seconds": 5, "max": 3, "_comment": "One DPS (Doot Per Second) for monitoring?"},
+
+    "/v1/sec/2fa-doot": 
+        {"seconds": 10, "max": 1, "_comment": "2FA doot probably doesn't need much usage at all, mainly exists as a proof of concept."},
+
+    "/v1/adm/doot": 
+        {"seconds": 5, "max": 3, "_comment": "One DPS (Doot Per Second) for monitoring?"},
+
+    "/v1/adm/2fa-doot": 
+        {"seconds": 10, "max": 1, "_comment": "2FA doot probably doesn't need much usage at all, mainly exists as a proof of concept."}
+    
+    
+}
--- a/config/dev/ratelimit.unauth.json
+++ b/config/dev/ratelimit.unauth.json
@@ -0,0 +1,19 @@
+{
+    "": 
+        {"seconds": 60, "max": 30, "_comment": "Global unauthenticated ratelimit."},
+
+    "/v1/doot": 
+        {"seconds": 5, "max": 5, "_comment": "Unauthenticated DOOT for server monitoring."},
+
+    "/v1/login": 
+        {"seconds": 60, "max": 3, "_comment": "Prevent bruteforce attacks on Login."},
+
+    "/v1/admin": 
+        {"seconds": 60, "max": 1, "_comment": "Prevent bruteforce attacks on Admin Login."},
+
+    "/v1/signup": 
+        {"seconds": 1800, "max": 1, "_comment": "Prevent spam account creation."},
+
+    "/v1/forgot": 
+        {"seconds": 60, "max": 1, "_comment": "Slow down 'forgot password' enumeration/spam."}
+}