jesus/Rustelo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: add config path
Some checks failed
CI/CD Pipeline / Test Suite (push) Has been cancelled
Details
CI/CD Pipeline / Security Audit (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Image (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / Performance Benchmarks (push) Has been cancelled
Details
CI/CD Pipeline / Cleanup (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jesús Pérex 2025-07-07 23:13:01 +01:00
parent 31ab424d9d
commit 515c9343f4
Signed by: jesus
GPG Key ID: 9F243E355E0BC939
41 changed files with 7964 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

335
config/README.md Normal file
View File

@ -0,0 +1,335 @@
# Rustelo Configuration System
A modular, environment-aware configuration system that separates concerns by features and environments.
## Overview
The Rustelo configuration system provides a flexible way to manage application configurations across different environments (development, production, example) while maintaining feature-specific settings in separate modules.
## Directory Structure
```
config/
├── base/ # Base configurations for each environment
│ ├── dev.toml # Development base settings
│ ├── prod.toml # Production base settings
│ └── example.toml # Example/template base settings
├── features/ # Feature-specific configurations
│ ├── auth/ # Authentication feature
│ │ ├── dev.toml # Auth settings for development
│ │ ├── prod.toml # Auth settings for production
│ │ └── example.toml # Auth example settings
│ ├── email/ # Email feature
│ │ ├── dev.toml # Email settings for development
│ │ ├── prod.toml # Email settings for production
│ │ └── example.toml # Email example settings
│ ├── tls/ # TLS/SSL feature
│ │ ├── dev.toml # TLS settings for development
│ │ ├── prod.toml # TLS settings for production
│ │ └── example.toml # TLS example settings
│ ├── content/ # Content management feature
│ │ ├── dev.toml # Content settings for development
│ │ ├── prod.toml # Content settings for production
│ │ └── example.toml # Content example settings
│ └── metrics/ # Metrics and monitoring feature
│ ├── dev.toml # Metrics settings for development
│ ├── prod.toml # Metrics settings for production
│ └── example.toml # Metrics example settings
├── scripts/ # Configuration management scripts
│ ├── build-config.sh # Shell script to build configurations
│ └── manage-config.sh # Configuration management utility
├── backups/ # Backup configurations (auto-created)
└── README.md # This file
```
## Quick Start
### 1. Build Configuration
Build a complete configuration for development:
```bash
./config/scripts/build-config.sh dev
```
Build configuration for production:
```bash
./config/scripts/build-config.sh prod config.prod.toml
```
### 2. Using the Management Script
The management script provides comprehensive configuration operations:
```bash
# Build configurations
./config/scripts/manage-config.sh build dev
./config/scripts/manage-config.sh build prod config.prod.toml
# Validate configurations
./config/scripts/manage-config.sh validate dev
./config/scripts/manage-config.sh validate prod
# List available features and environments
./config/scripts/manage-config.sh list-features
./config/scripts/manage-config.sh list-environments
# Compare configurations between environments
./config/scripts/manage-config.sh diff dev prod
# Create backups
./config/scripts/manage-config.sh backup prod
# Show configuration status
./config/scripts/manage-config.sh status
```
### 3. Using Python Builder (Advanced)
For more advanced TOML handling and validation:
```bash
# Build configuration
./config/scripts/build-config.sh dev
./config/scripts/build-config.sh prod config.prod.toml
# Validate only (no output file)
CONFIG_VALIDATE_ONLY=1 ./config/scripts/build-config.sh dev
```
## Configuration Structure
### Base Configurations
Base configurations (`config/base/`) contain core settings that apply to all features:
- **Server settings**: Protocol, host, port, workers
- **Database settings**: Connection strings, pool sizes
- **Session management**: Cookie settings, timeouts
- **CORS settings**: Allowed origins, methods, headers
- **Security settings**: CSRF, rate limiting, encryption
- **Logging settings**: Levels, formats, outputs
### Feature Configurations
Feature configurations (`config/features/`) contain settings specific to individual features:
- **Authentication**: JWT, OAuth, password policies, session management
- **Email**: SMTP, templates, queues, validation
- **TLS**: Certificates, protocols, security settings
- **Content**: Management, processing, validation, caching
- **Metrics**: Collection, export, alerting, performance tracking
### Environment-Specific Settings
Each environment has different optimization focuses:
#### Development (`dev.toml`)
- Relaxed security settings
- Verbose logging
- Hot reloading enabled
- Mock services
- Extended timeouts
- Debug features enabled
#### Production (`prod.toml`)
- Strict security settings
- Optimized performance
- Minimal logging
- Real services
- Short timeouts
- Debug features disabled
#### Example (`example.toml`)
- Complete feature documentation
- All available options shown
- Best practice configurations
- Commented examples
## How Configuration Building Works
1. **Load Base Configuration**: The base configuration for the target environment is loaded first
2. **Load Feature Configurations**: All available feature configurations for the environment are loaded
3. **Merge Configurations**: Features are merged into the base configuration using deep merging
4. **Add Build Information**: Metadata about the build process is added
5. **Validate Configuration**: The final configuration is validated for correctness
6. **Write Output**: The complete configuration is written to the output file
## Environment Variables
Configuration files support environment variable substitution using `${VARIABLE_NAME}` syntax:
```toml
[database]
url = "${DATABASE_URL}"
[auth.jwt]
secret = "${JWT_SECRET}"
[email.smtp]
password = "${SMTP_PASSWORD}"
```
## Creating New Features
### Using the Template Command
```bash
./config/scripts/manage-config.sh template my_feature
```
This creates a new feature directory with template files for all environments.
### Manual Creation
1. Create a new directory under `config/features/`
2. Create environment-specific TOML files (`dev.toml`, `prod.toml`, `example.toml`)
3. Define feature-specific settings in each file
Example feature structure:
```toml
# config/features/my_feature/dev.toml
[features]
my_feature = true
[my_feature]
enabled = true
debug_mode = true
# ... other settings
```
## Configuration Validation
The system includes built-in validation for:
- **TOML Syntax**: Ensures valid TOML structure
- **Required Sections**: Validates presence of essential configuration sections
- **Value Types**: Checks that configuration values are of expected types
- **Value Ranges**: Validates that numeric values are within acceptable ranges
- **Dependencies**: Ensures required dependencies are available when features are enabled
## Best Practices
### 1. Environment-Specific Optimization
- **Development**: Prioritize developer experience and debugging
- **Production**: Prioritize security, performance, and reliability
- **Example**: Show all available options with documentation
### 2. Feature Independence
- Keep feature configurations independent of each other
- Use feature flags to enable/disable functionality
- Provide sensible defaults for all settings
### 3. Security
- Never commit sensitive values to version control
- Use environment variables for secrets
- Implement proper validation for security-critical settings
### 4. Documentation
- Document all configuration options
- Provide examples for complex settings
- Include units and ranges for numeric values
## Backup and Recovery
### Automatic Backups
The build scripts automatically create backups of existing configurations before generating new ones:
```
config/backups/config_prod_20231201_143022.toml
```
### Manual Backups
```bash
# Create backup
./config/scripts/manage-config.sh backup prod
# Restore from backup
./config/scripts/manage-config.sh restore config/backups/config_prod_20231201_143022.toml
```
## Troubleshooting
### Common Issues
1. **Invalid TOML Syntax**
- Check for missing quotes, brackets, or commas
- Validate individual files before building
2. **Missing Environment Variables**
- Ensure all required environment variables are set
- Check variable names for typos
3. **Feature Conflicts**
- Review feature configurations for conflicting settings
- Use the diff command to compare configurations
### Debug Mode
Enable debug output for detailed information:
```bash
CONFIG_DEBUG=1 ./config/scripts/build-config.sh dev
```
Or with the management script:
```bash
./config/scripts/manage-config.sh --debug build dev
```
## Advanced Usage
### Custom Configuration Directories
```bash
CONFIG_DIR=/path/to/custom/config ./config/scripts/build-config.sh dev
```
### Validation Only
```bash
# Validate without building
./config/scripts/manage-config.sh validate dev
# Shell script validation
CONFIG_VALIDATE_ONLY=1 ./config/scripts/build-config.sh prod
```
### Dry Run Mode
```bash
# See what would be done without executing
./config/scripts/manage-config.sh --dry-run build prod
```
## Integration with Rustelo
The generated configuration files are designed to work seamlessly with Rustelo's configuration system:
1. **Feature Flags**: Control which features are compiled and enabled
2. **Environment Detection**: Automatic environment detection and configuration loading
3. **Hot Reloading**: Support for configuration hot reloading in development
4. **Validation**: Built-in configuration validation at runtime
## Contributing
When adding new features or modifying existing ones:
1. Update all three environment files (`dev.toml`, `prod.toml`, `example.toml`)
2. Add appropriate validation rules
3. Update documentation
4. Test configuration building and validation
5. Add examples to the example configuration
## License
This configuration system is part of the Rustelo project and follows the same license terms.

44
config/base/app.toml Normal file
View File

@ -0,0 +1,44 @@
# Base Application Configuration
# Core application settings that apply across all environments
# Root Path Configuration
# This sets the base directory for all relative paths in the configuration
# Set via ROOT_PATH environment variable or leave as default to use current directory
root_path = "."
# Application Settings
[app]
name = "Rustelo-app"
version = "0.1.0"
debug = false # Will be overridden per environment
max_request_size = 10485760 # 10MB in bytes
# Security Configuration
[security]
enable_csrf = true
csrf_token_name = "csrf_token"
rate_limit_requests = 100
rate_limit_window = 60 # seconds
bcrypt_cost = 12
# Session Configuration
[session]
cookie_name = "session_id"
cookie_http_only = true
cookie_same_site = "lax" # "strict", "lax", or "none"
max_age = 3600 # Session duration in seconds
# CORS Configuration
[cors]
allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
allowed_headers = ["Content-Type", "Authorization", "X-Requested-With"]
allow_credentials = true
max_age = 3600
# Logging Configuration
[logging]
format = "json" # "json" or "text"
max_file_size = 10485760 # 10MB
max_files = 5
enable_console = true
enable_file = false

29
config/base/database.toml Normal file
View File

@ -0,0 +1,29 @@
# Base Database Configuration
# Database connection and pool settings that apply across environments
[database]
# Default database URL - will be overridden per environment
url = "sqlite:database.db"
max_connections = 10
min_connections = 1
connect_timeout = 30
idle_timeout = 600
max_lifetime = 1800
# Database migration settings
[database.migrations]
auto_migrate = false
migration_dir = "migrations"
create_db_if_missing = true
# Connection pool health check
[database.health]
enable_ping = true
ping_timeout = 5
max_retries = 3
# Query logging and performance
[database.logging]
log_queries = false
log_slow_queries = true
slow_query_threshold = 1000 # milliseconds

147
config/base/dev.toml Normal file
View File

@ -0,0 +1,147 @@
# Base Configuration - Development Environment
# Core settings that apply to all features in development
# Root Path Configuration
root_path = "."
# Server Configuration - Development
[server]
protocol = "http"
host = "127.0.0.1"
port = 3030
environment = "development"
log_level = "debug"
workers = 1
max_connections = 100
# Database Configuration - Development
[database]
url = "sqlite:dev_database.db"
max_connections = 5
min_connections = 1
connect_timeout = 30
idle_timeout = 600
max_lifetime = 1800
enable_logging = true
log_slow_queries = true
slow_query_threshold = 100 # milliseconds
# Session Configuration - Development
[session]
secret = "dev-session-secret-change-in-production"
cookie_name = "rustelo_session_dev"
cookie_secure = false
cookie_http_only = true
cookie_same_site = "lax"
max_age = 7200 # 2 hours
domain = ""
path = "/"
# CORS Configuration - Development
[cors]
allowed_origins = [
"http://localhost:3030",
"http://127.0.0.1:3030",
"http://localhost:3000",
"http://localhost:8080"
]
allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"]
allowed_headers = ["*"]
allow_credentials = true
max_age = 3600
expose_headers = ["X-Total-Count", "X-Page-Count"]
# Static Files Configuration - Development
[static]
assets_dir = "public"
site_root = "target/site"
site_pkg_dir = "pkg"
enable_compression = false
enable_caching = false
cache_max_age = 0
# Server Directories Configuration - Development
[server_dirs]
public_dir = "public"
uploads_dir = "uploads"
logs_dir = "logs"
temp_dir = "tmp"
cache_dir = "cache"
config_dir = "config"
data_dir = "data"
backup_dir = "backups"
# Security Configuration - Development
[security]
enable_csrf = false
csrf_token_name = "csrf_token"
rate_limit_requests = 1000
rate_limit_window = 60
bcrypt_cost = 10
enable_request_id = true
request_id_header = "X-Request-ID"
# Application Settings - Development
[app]
name = "Rustelo-app-dev"
version = "0.1.0"
debug = true
enable_metrics = true
enable_health_check = true
enable_compression = false
max_request_size = 104857600 # 100MB for development
enable_hot_reload = true
auto_migrate = true
# Logging Configuration - Development
[logging]
format = "pretty"
level = "debug"
file_path = "logs/dev_app.log"
max_file_size = 10485760 # 10MB
max_files = 3
enable_console = true
enable_file = true
enable_structured_logging = false
log_request_body = true
log_response_body = false
# Redis Configuration - Development
[redis]
enabled = false
url = "redis://localhost:6379"
pool_size = 5
connection_timeout = 5
command_timeout = 5
database = 0
# Metrics Configuration - Development
[metrics]
enabled = true
endpoint = "/metrics"
collect_system_metrics = true
collect_process_metrics = true
collect_http_metrics = true
collect_database_metrics = true
prometheus_enabled = true
statsd_enabled = false
# Health Check Configuration - Development
[health]
enabled = true
endpoint = "/health"
detailed = true
check_database = true
check_redis = false
check_external_services = false
timeout = 5000 # milliseconds
# Development-specific settings
[development]
enable_reloading = true
enable_debug_routes = true
enable_profiling = true
enable_trace_logging = true
mock_external_services = true
seed_test_data = true
disable_auth_for_local = false

309
config/base/example.toml Normal file
View File

@ -0,0 +1,309 @@
# Base Configuration - Example Environment
# Complete example showing all available base configuration options
# Root Path Configuration
# This sets the base directory for all relative paths in the configuration
root_path = "."
# Server Configuration - Example with all options
[server]
protocol = "https" # "http" or "https"
host = "0.0.0.0" # "0.0.0.0" for all interfaces, "127.0.0.1" for localhost only
port = 443 # 443 for HTTPS, 80 for HTTP, 3030 for development
environment = "production" # "development", "production", "staging"
log_level = "info" # "trace", "debug", "info", "warn", "error"
workers = 4 # Number of worker threads (0 = auto-detect)
max_connections = 1000 # Maximum concurrent connections
graceful_shutdown_timeout = 30 # Seconds to wait for graceful shutdown
keepalive_timeout = 65 # HTTP keep-alive timeout in seconds
request_timeout = 30 # Request timeout in seconds
read_timeout = 30 # Read timeout in seconds
write_timeout = 30 # Write timeout in seconds
# Database Configuration - Example with multiple options
[database]
# PostgreSQL example
url = "postgresql://username:password@localhost:5432/database_name"
# SQLite example
# url = "sqlite:database.db"
# MySQL example
# url = "mysql://username:password@localhost:3306/database_name"
max_connections = 20 # Maximum connections in pool
min_connections = 5 # Minimum connections in pool
connect_timeout = 10 # Connection timeout in seconds
idle_timeout = 300 # Idle connection timeout in seconds
max_lifetime = 1800 # Maximum connection lifetime in seconds
enable_logging = false # Log database queries
log_slow_queries = true # Log slow queries only
slow_query_threshold = 1000 # Slow query threshold in milliseconds
ssl_mode = "require" # "disable", "allow", "prefer", "require"
statement_timeout = 30000 # Statement timeout in milliseconds
migration_timeout = 300 # Migration timeout in seconds
# Session Configuration - Example with all options
[session]
secret = "your-super-secure-session-secret-key-at-least-32-characters-long"
cookie_name = "rustelo_session"
cookie_secure = true # Set to true for HTTPS
cookie_http_only = true # Prevent JavaScript access
cookie_same_site = "strict" # "strict", "lax", "none"
max_age = 3600 # Session duration in seconds
domain = "example.com" # Cookie domain
path = "/" # Cookie path
rolling_timeout = true # Extend session on activity
cleanup_interval = 3600 # Session cleanup interval in seconds
# CORS Configuration - Example with comprehensive settings
[cors]
allowed_origins = [
"https://example.com",
"https://www.example.com",
"https://app.example.com"
]
allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"]
allowed_headers = [
"Content-Type",
"Authorization",
"X-Requested-With",
"X-CSRF-Token",
"Accept",
"Origin"
]
allow_credentials = true
max_age = 86400 # Preflight cache duration in seconds
expose_headers = ["X-Total-Count", "X-Page-Count", "X-Rate-Limit"]
vary_header = true # Add Vary header for caching
# Static Files Configuration - Example with all options
[static]
assets_dir = "public" # Static assets directory
site_root = "target/site" # Site root directory
site_pkg_dir = "pkg" # Package directory
enable_compression = true # Enable gzip compression
enable_caching = true # Enable browser caching
cache_max_age = 2592000 # Cache max age in seconds (30 days)
compression_level = 6 # Compression level (1-9)
compression_types = [ # File types to compress
"text/html",
"text/css",
"text/javascript",
"application/javascript",
"application/json",
"text/xml",
"application/xml"
]
# Server Directories Configuration - Example with all paths
[server_dirs]
public_dir = "/var/www/public" # Public files directory
uploads_dir = "/var/uploads" # File uploads directory
logs_dir = "/var/log/rustelo" # Log files directory
temp_dir = "/tmp/rustelo" # Temporary files directory
cache_dir = "/var/cache/rustelo" # Cache directory
config_dir = "/etc/rustelo" # Configuration directory
data_dir = "/var/lib/rustelo" # Application data directory
backup_dir = "/var/backups/rustelo" # Backup directory
templates_dir = "templates" # Template files directory
locale_dir = "locale" # Localization files directory
# Security Configuration - Example with comprehensive security settings
[security]
enable_csrf = true # Enable CSRF protection
csrf_token_name = "csrf_token" # CSRF token form field name
csrf_cookie_name = "__csrf_token" # CSRF token cookie name
rate_limit_requests = 100 # Requests per window
rate_limit_window = 60 # Rate limit window in seconds
bcrypt_cost = 12 # bcrypt hashing cost
enable_request_id = true # Add request ID to responses
request_id_header = "X-Request-ID" # Request ID header name
enable_security_headers = true # Enable security headers
content_security_policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
x_frame_options = "DENY" # X-Frame-Options header
x_content_type_options = "nosniff" # X-Content-Type-Options header
referrer_policy = "strict-origin-when-cross-origin" # Referrer-Policy header
# Application Settings - Example with all options
[app]
name = "Rustelo Application" # Application name
version = "1.0.0" # Application version
description = "A modern web application built with Rustelo"
author = "Your Name" # Application author
website = "https://example.com" # Application website
support_email = "support@example.com" # Support email
debug = false # Debug mode
enable_metrics = true # Enable metrics collection
enable_health_check = true # Enable health check endpoint
enable_compression = true # Enable response compression
max_request_size = 10485760 # Maximum request size in bytes (10MB)
enable_hot_reload = false # Enable hot reloading
auto_migrate = false # Auto-run database migrations
timezone = "UTC" # Application timezone
locale = "en" # Default locale
date_format = "%Y-%m-%d" # Date format
time_format = "%H:%M:%S" # Time format
datetime_format = "%Y-%m-%d %H:%M:%S" # DateTime format
# Logging Configuration - Example with comprehensive logging settings
[logging]
format = "json" # "json", "text", "pretty"
level = "info" # "trace", "debug", "info", "warn", "error"
file_path = "/var/log/rustelo/app.log" # Log file path
max_file_size = 104857600 # Maximum log file size in bytes (100MB)
max_files = 10 # Maximum number of log files to keep
enable_console = false # Enable console logging
enable_file = true # Enable file logging
enable_structured_logging = true # Enable structured logging
log_request_body = false # Log request bodies
log_response_body = false # Log response bodies
enable_audit_log = true # Enable audit logging
audit_log_path = "/var/log/rustelo/audit.log" # Audit log file path
enable_access_log = true # Enable access logging
access_log_path = "/var/log/rustelo/access.log" # Access log file path
log_rotation = "daily" # "daily", "weekly", "monthly", "size"
log_compression = true # Compress rotated logs
# Redis Configuration - Example with all options
[redis]
enabled = true # Enable Redis
url = "redis://localhost:6379" # Redis connection URL
pool_size = 20 # Connection pool size
connection_timeout = 5 # Connection timeout in seconds
command_timeout = 5 # Command timeout in seconds
database = 0 # Redis database number
enable_cluster = false # Enable Redis cluster mode
cluster_nodes = [] # Redis cluster nodes
ssl_enabled = false # Enable SSL/TLS
ssl_cert_path = "" # SSL certificate path
ssl_key_path = "" # SSL key path
ssl_ca_path = "" # SSL CA path
retry_attempts = 3 # Number of retry attempts
retry_delay = 1000 # Retry delay in milliseconds
# Metrics Configuration - Example with comprehensive metrics settings
[metrics]
enabled = true # Enable metrics collection
endpoint = "/metrics" # Metrics endpoint path
port = 9090 # Metrics server port (0 = use main port)
host = "127.0.0.1" # Metrics server host
collect_system_metrics = true # Collect system metrics
collect_process_metrics = true # Collect process metrics
collect_http_metrics = true # Collect HTTP metrics
collect_database_metrics = true # Collect database metrics
prometheus_enabled = true # Enable Prometheus format
statsd_enabled = false # Enable StatsD format
statsd_host = "localhost" # StatsD host
statsd_port = 8125 # StatsD port
scrape_interval = 15 # Metrics scrape interval in seconds
histogram_buckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0]
# Health Check Configuration - Example with all options
[health]
enabled = true # Enable health checks
endpoint = "/health" # Health check endpoint
detailed = false # Include detailed health information
check_database = true # Check database connectivity
check_redis = true # Check Redis connectivity
check_external_services = true # Check external service dependencies
timeout = 5000 # Health check timeout in milliseconds
interval = 30 # Health check interval in seconds
failure_threshold = 3 # Number of failures before marking unhealthy
success_threshold = 1 # Number of successes before marking healthy
# Monitoring Configuration - Example with external monitoring
[monitoring]
enabled = true # Enable monitoring
alert_manager_url = "http://localhost:9093" # AlertManager URL
prometheus_url = "http://localhost:9090" # Prometheus URL
grafana_url = "http://localhost:3000" # Grafana URL
enable_traces = true # Enable distributed tracing
trace_sampling_rate = 0.1 # Trace sampling rate (0.0-1.0)
jaeger_endpoint = "http://localhost:14268/api/traces" # Jaeger endpoint
zipkin_endpoint = "http://localhost:9411/api/v2/spans" # Zipkin endpoint
# Backup Configuration - Example with automated backups
[backup]
enabled = true # Enable automatic backups
schedule = "0 2 * * *" # Backup schedule (cron format)
retention_days = 30 # Backup retention in days
storage_path = "/var/backups/rustelo" # Backup storage path
compress_backups = true # Compress backup files
encryption_enabled = true # Enable backup encryption
encryption_key = "backup-encryption-key" # Backup encryption key
s3_enabled = false # Enable S3 backup storage
s3_bucket = "rustelo-backups" # S3 bucket name
s3_region = "us-east-1" # S3 region
s3_access_key = "" # S3 access key
s3_secret_key = "" # S3 secret key
# SSL/TLS Configuration - Example with security settings
[ssl]
force_https = true # Force HTTPS redirects
hsts_max_age = 31536000 # HSTS max age in seconds (1 year)
hsts_include_subdomains = true # Include subdomains in HSTS
hsts_preload = true # Enable HSTS preload
upgrade_insecure_requests = true # Upgrade insecure requests
# Cache Configuration - Example with caching settings
[cache]
enabled = true # Enable caching
type = "redis" # "memory", "redis", "file"
default_ttl = 3600 # Default TTL in seconds
max_memory = 134217728 # Maximum memory usage in bytes (128MB)
eviction_policy = "lru" # "lru", "lfu", "fifo", "random"
compression = true # Enable cache compression
encryption = false # Enable cache encryption
key_prefix = "rustelo:" # Cache key prefix
# Rate Limiting Configuration - Example with comprehensive rate limiting
[rate_limiting]
enabled = true # Enable rate limiting
global_limit = 1000 # Global requests per window
global_window = 60 # Global window in seconds
per_ip_limit = 100 # Per-IP requests per window
per_ip_window = 60 # Per-IP window in seconds
per_user_limit = 500 # Per-user requests per window
per_user_window = 60 # Per-user window in seconds
burst_limit = 10 # Burst limit
storage = "redis" # "memory", "redis"
key_prefix = "ratelimit:" # Rate limit key prefix
# WebSocket Configuration - Example with WebSocket settings
[websocket]
enabled = true # Enable WebSocket support
path = "/ws" # WebSocket endpoint path
max_connections = 1000 # Maximum concurrent connections
ping_interval = 30 # Ping interval in seconds
pong_timeout = 10 # Pong timeout in seconds
max_message_size = 1048576 # Maximum message size in bytes (1MB)
compression = true # Enable WebSocket compression
origin_check = true # Check WebSocket origin
allowed_origins = ["https://example.com"] # Allowed origins
# Background Jobs Configuration - Example with job processing
[jobs]
enabled = true # Enable background jobs
queue_name = "rustelo_jobs" # Job queue name
max_workers = 4 # Maximum worker threads
poll_interval = 5 # Queue polling interval in seconds
retry_attempts = 3 # Number of retry attempts
retry_delay = 60 # Retry delay in seconds
max_job_size = 1048576 # Maximum job size in bytes (1MB)
job_timeout = 300 # Job timeout in seconds
dead_letter_queue = true # Enable dead letter queue
storage = "redis" # "memory", "redis", "database"
# API Configuration - Example with API settings
[api]
enabled = true # Enable API
base_path = "/api/v1" # API base path
rate_limit = 1000 # API rate limit per hour
enable_cors = true # Enable CORS for API
enable_authentication = true # Require authentication
enable_pagination = true # Enable pagination
default_page_size = 20 # Default page size
max_page_size = 100 # Maximum page size
enable_filtering = true # Enable filtering
enable_sorting = true # Enable sorting
enable_search = true # Enable search
api_key_header = "X-API-Key" # API key header name

178
config/base/prod.toml Normal file
View File

@ -0,0 +1,178 @@
# Base Configuration - Production Environment
# Core settings that apply to all features in production
# Root Path Configuration
root_path = "."
# Server Configuration - Production
[server]
protocol = "https"
host = "0.0.0.0"
port = 443
environment = "production"
log_level = "info"
workers = 4
max_connections = 1000
graceful_shutdown_timeout = 30
keepalive_timeout = 65
# Database Configuration - Production
[database]
url = "${DATABASE_URL}"
max_connections = 20
min_connections = 5
connect_timeout = 10
idle_timeout = 300
max_lifetime = 1800
enable_logging = false
log_slow_queries = true
slow_query_threshold = 1000 # milliseconds
ssl_mode = "require"
statement_timeout = 30000
# Session Configuration - Production
[session]
secret = "${SESSION_SECRET}"
cookie_name = "rustelo_session"
cookie_secure = true
cookie_http_only = true
cookie_same_site = "strict"
max_age = 1800 # 30 minutes
domain = "${DOMAIN}"
path = "/"
# CORS Configuration - Production
[cors]
allowed_origins = ["${FRONTEND_URL}", "https://${DOMAIN}"]
allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
allowed_headers = ["Content-Type", "Authorization", "X-Requested-With", "X-CSRF-Token"]
allow_credentials = true
max_age = 86400 # 24 hours
expose_headers = ["X-Total-Count", "X-Page-Count"]
# Static Files Configuration - Production
[static]
assets_dir = "public"
site_root = "target/site"
site_pkg_dir = "pkg"
enable_compression = true
enable_caching = true
cache_max_age = 2592000 # 30 days
compression_level = 6
# Server Directories Configuration - Production
[server_dirs]
public_dir = "/var/www/public"
uploads_dir = "/var/uploads"
logs_dir = "/var/log/rustelo"
temp_dir = "/tmp/rustelo"
cache_dir = "/var/cache/rustelo"
config_dir = "/etc/rustelo"
data_dir = "/var/lib/rustelo"
backup_dir = "/var/backups/rustelo"
# Security Configuration - Production
[security]
enable_csrf = true
csrf_token_name = "csrf_token"
rate_limit_requests = 100
rate_limit_window = 60
bcrypt_cost = 12
enable_request_id = true
request_id_header = "X-Request-ID"
enable_security_headers = true
content_security_policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
# Application Settings - Production
[app]
name = "Rustelo-app"
version = "1.0.0"
debug = false
enable_metrics = true
enable_health_check = true
enable_compression = true
max_request_size = 10485760 # 10MB
enable_hot_reload = false
auto_migrate = false
# Logging Configuration - Production
[logging]
format = "json"
level = "info"
file_path = "/var/log/rustelo/app.log"
max_file_size = 104857600 # 100MB
max_files = 10
enable_console = false
enable_file = true
enable_structured_logging = true
log_request_body = false
log_response_body = false
enable_audit_log = true
audit_log_path = "/var/log/rustelo/audit.log"
# Redis Configuration - Production
[redis]
enabled = true
url = "${REDIS_URL}"
pool_size = 20
connection_timeout = 5
command_timeout = 5
database = 0
enable_cluster = false
ssl_enabled = true
# Metrics Configuration - Production
[metrics]
enabled = true
endpoint = "/metrics"
collect_system_metrics = true
collect_process_metrics = true
collect_http_metrics = true
collect_database_metrics = true
prometheus_enabled = true
statsd_enabled = false
scrape_interval = 15 # seconds
# Health Check Configuration - Production
[health]
enabled = true
endpoint = "/health"
detailed = false
check_database = true
check_redis = true
check_external_services = true
timeout = 5000 # milliseconds
# Monitoring Configuration - Production
[monitoring]
enabled = true
alert_manager_url = "${ALERT_MANAGER_URL}"
prometheus_url = "${PROMETHEUS_URL}"
grafana_url = "${GRAFANA_URL}"
enable_traces = true
trace_sampling_rate = 0.1
# Backup Configuration - Production
[backup]
enabled = true
schedule = "0 2 * * *" # Daily at 2 AM
retention_days = 30
storage_path = "/var/backups/rustelo"
compress_backups = true
encryption_enabled = true
# SSL/TLS Configuration - Production
[ssl]
force_https = true
hsts_max_age = 31536000 # 1 year
hsts_include_subdomains = true
hsts_preload = true
# Production-specific settings
[production]
enable_maintenance_mode = false
maintenance_message = "System is under maintenance. Please try again later."
enable_graceful_shutdown = true
shutdown_timeout = 30
enable_crash_reporting = true
crash_reporting_endpoint = "${CRASH_REPORTING_URL}"

30
config/base/server.toml Normal file
View File

@ -0,0 +1,30 @@
# Base Server Configuration
# This file contains the core server settings that are common across all environments
[server]
protocol = "http" # "http" or "https" - will be overridden in production
host = "127.0.0.1"
port = 3030
log_level = "info" # "trace", "debug", "info", "warn", "error"
# TLS Configuration (only used when protocol = "https")
[server.tls]
cert_path = "certs/server.crt"
key_path = "certs/server.key"
# Static Files Configuration
[static]
assets_dir = "public"
site_root = "target/site"
site_pkg_dir = "pkg"
# Server Directories Configuration
[server_dirs]
public_dir = "public"
uploads_dir = "uploads"
logs_dir = "logs"
temp_dir = "tmp"
cache_dir = "cache"
config_dir = "config"
data_dir = "data"
backup_dir = "backups"

41
config/environments/dev/main.toml Normal file
View File

@ -0,0 +1,41 @@
# Development Environment Configuration
# Settings optimized for local development and debugging
[server]
environment = "development"
log_level = "debug"
protocol = "http"
host = "127.0.0.1"
port = 3030
[app]
debug = true
enable_metrics = true
enable_health_check = true
enable_compression = false
[cors]
allowed_origins = ["http://localhost:3030", "http://127.0.0.1:3030", "http://localhost:3000"]
[session]
secret = "dev-session-secret-change-in-production"
cookie_secure = false
[database]
url = "sqlite:dev_database.db"
max_connections = 5
[logging]
level = "debug"
file_path = "logs/dev_app.log"
enable_console = true
enable_file = true
[features]
auth = true
tls = false
content_db = true
two_factor_auth = false
[build]
features = ["auth", "content-db", "crypto", "email", "metrics", "examples"]

65
config/environments/prod/main.toml Normal file
View File

@ -0,0 +1,65 @@
# Production Environment Configuration
# Settings optimized for production deployment with security and performance
[server]
environment = "production"
log_level = "info"
protocol = "https"
host = "0.0.0.0"
port = 443
[app]
debug = false
enable_metrics = true
enable_health_check = true
enable_compression = true
[cors]
allowed_origins = ["https://yourdomain.com", "https://www.yourdomain.com"]
[session]
secret = "@encrypted_session_secret"
cookie_secure = true
[database]
url = "postgresql://username:password@localhost:5432/rustelo_prod"
max_connections = 20
min_connections = 5
[logging]
level = "info"
file_path = "logs/prod_app.log"
enable_console = false
enable_file = true
[features]
auth = true
tls = true
content_db = true
two_factor_auth = true
[build]
features = ["auth", "content-db", "crypto", "email", "metrics", "tls"]
[security]
rate_limit_requests = 1000
rate_limit_window = 60
bcrypt_cost = 14
[tls]
enabled = true
cert_path = "certs/production.crt"
key_path = "certs/production.key"
[metrics]
enabled = true
collection_interval = 60
[auth]
max_login_attempts = 3
lockout_duration = 1800
session_timeout = 7200
[email]
enabled = true
default_provider = "smtp"

66
config/environments/staging/main.toml Normal file
View File

@ -0,0 +1,66 @@
# Staging Environment Configuration
# Settings optimized for staging deployment - production-like but with relaxed security for testing
[server]
environment = "staging"
log_level = "debug"
protocol = "https"
host = "0.0.0.0"
port = 443
[app]
debug = true
enable_metrics = true
enable_health_check = true
enable_compression = true
[cors]
allowed_origins = ["https://staging.yourdomain.com", "https://staging-api.yourdomain.com"]
[session]
secret = "@encrypted_staging_session_secret"
cookie_secure = true
[database]
url = "postgresql://username:password@localhost:5432/rustelo_staging"
max_connections = 15
min_connections = 3
[logging]
level = "debug"
file_path = "logs/staging_app.log"
enable_console = true
enable_file = true
[features]
auth = true
tls = true
content_db = true
two_factor_auth = false
[build]
features = ["auth", "content-db", "crypto", "email", "metrics", "tls"]
[security]
rate_limit_requests = 500
rate_limit_window = 60
bcrypt_cost = 12
[tls]
enabled = true
cert_path = "certs/staging.crt"
key_path = "certs/staging.key"
[metrics]
enabled = true
collection_interval = 30
[auth]
max_login_attempts = 5
lockout_duration = 900
session_timeout = 3600
require_email_verification = false
[email]
enabled = true
default_provider = "console"

584
config/examples/full-featured.toml Normal file
View File

@ -0,0 +1,584 @@
# Full-Featured Configuration Example
# This configuration demonstrates all available features and settings
# Use this as a reference for comprehensive deployments
[server]
protocol = "https"
host = "0.0.0.0"
port = 443
environment = "production"
log_level = "info"
[server.tls]
cert_path = "certs/server.crt"
key_path = "certs/server.key"
[app]
name = "Rustelo-full-featured"
version = "0.1.0"
debug = false
enable_metrics = true
enable_health_check = true
enable_compression = true
max_request_size = 52428800 # 50MB
[database]
url = "postgresql://rustelo:secure_password@localhost:5432/rustelo_full"
max_connections = 25
min_connections = 5
connect_timeout = 30
idle_timeout = 600
max_lifetime = 1800
[database.migrations]
auto_migrate = true
migration_dir = "migrations"
create_db_if_missing = true
[database.health]
enable_ping = true
ping_timeout = 5
max_retries = 3
[database.logging]
log_queries = false
log_slow_queries = true
slow_query_threshold = 500 # milliseconds
[session]
secret = "@encrypted_session_secret"
cookie_name = "rustelo_session"
cookie_secure = true
cookie_http_only = true
cookie_same_site = "strict"
max_age = 7200 # 2 hours
[security]
enable_csrf = true
csrf_token_name = "csrf_token"
rate_limit_requests = 1000
rate_limit_window = 60
bcrypt_cost = 14
[cors]
allowed_origins = ["https://yourdomain.com", "https://api.yourdomain.com", "https://admin.yourdomain.com"]
allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"]
allowed_headers = ["Content-Type", "Authorization", "X-Requested-With", "X-API-Key"]
allow_credentials = true
max_age = 86400
[static]
assets_dir = "public"
site_root = "target/site"
site_pkg_dir = "pkg"
[server_dirs]
public_dir = "public"
uploads_dir = "uploads"
logs_dir = "logs"
temp_dir = "tmp"
cache_dir = "cache"
config_dir = "config"
data_dir = "data"
backup_dir = "backups"
[logging]
format = "json"
level = "info"
file_path = "logs/full_app.log"
max_file_size = 52428800 # 50MB
max_files = 10
enable_console = false
enable_file = true
# Authentication Configuration
[auth]
enabled = true
[auth.jwt]
secret = "@encrypted_jwt_secret"
expiration = 86400 # 24 hours
refresh_token_expiration = 604800 # 7 days
algorithm = "HS256"
issuer = "rustelo-full"
audience = "rustelo-users"
[auth.password]
min_length = 12
require_uppercase = true
require_lowercase = true
require_numbers = true
require_special_chars = true
max_age_days = 90
history_count = 12
[auth.security]
max_login_attempts = 3
lockout_duration = 1800 # 30 minutes
session_timeout = 7200 # 2 hours
require_email_verification = true
password_reset_timeout = 3600 # 1 hour
[auth.two_factor]
enabled = true
backup_codes_count = 10
totp_issuer = "Rustelo Full Featured"
totp_digits = 6
totp_period = 30
[auth.registration]
enabled = true
require_email_verification = true
auto_approve = false
default_role = "user"
allowed_domains = ["yourdomain.com", "trusted-partner.com"]
[auth.sessions]
cleanup_interval = 1800 # 30 minutes
max_concurrent_sessions = 3
remember_me_duration = 2592000 # 30 days
[auth.rate_limiting]
login_attempts_per_minute = 3
registration_attempts_per_hour = 2
password_reset_attempts_per_hour = 2
# OAuth Configuration
[oauth]
enabled = true
[oauth.google]
client_id = "@encrypted_google_client_id"
client_secret = "@encrypted_google_client_secret"
redirect_uri = "https://yourdomain.com/auth/google/callback"
[oauth.github]
client_id = "@encrypted_github_client_id"
client_secret = "@encrypted_github_client_secret"
redirect_uri = "https://yourdomain.com/auth/github/callback"
# Email Configuration
[email]
enabled = true
from_email = "noreply@yourdomain.com"
from_name = "Rustelo Full Featured"
reply_to = "support@yourdomain.com"
default_provider = "smtp"
[email.smtp]
host = "smtp.yourdomain.com"
port = 587
username = "@encrypted_smtp_username"
password = "@encrypted_smtp_password"
use_tls = true
use_starttls = true
timeout = 30
pool_size = 10
[email.templates]
template_dir = "templates/email"
default_language = "en"
supported_languages = ["en", "es", "fr", "de", "ja"]
cache_templates = true
reload_on_change = false
[email.queue]
enabled = true
max_retry_attempts = 5
retry_delay = 120 # seconds
batch_size = 25
processing_interval = 15 # seconds
[email.rate_limiting]
max_emails_per_minute = 100
max_emails_per_hour = 5000
max_emails_per_day = 50000
burst_limit = 50
[email.validation]
check_mx_records = true
check_disposable_domains = true
allowed_domains = []
blocked_domains = ["tempmail.org", "10minutemail.com", "guerrillamail.com"]
[email.bounce_handling]
enabled = true
webhook_url = "/webhooks/email/bounce"
webhook_secret = "@encrypted_email_webhook_secret"
max_bounce_rate = 0.02 # 2%
auto_suppress_bounces = true
[email.security]
enable_dkim = true
dkim_selector = "default"
dkim_private_key_path = "certs/dkim_private.key"
enable_spf = true
enable_dmarc = true
# Content Management Configuration
[content]
enabled = true
content_dir = "content"
cache_enabled = true
cache_ttl = 7200 # 2 hours
max_file_size = 10485760 # 10MB
auto_save_interval = 30 # seconds
enable_versioning = true
max_versions = 25
[content.types.article]
enabled = true
template = "article.hbs"
slug_prefix = "articles"
allow_comments = true
enable_seo = true
max_length = 100000
[content.types.page]
enabled = true
template = "page.hbs"
slug_prefix = "pages"
allow_comments = false
enable_seo = true
max_length = 200000
[content.types.blog_post]
enabled = true
template = "blog_post.hbs"
slug_prefix = "blog"
allow_comments = true
enable_seo = true
max_length = 50000
enable_series = true
[content.markdown]
enable_syntax_highlighting = true
theme = "github"
enable_tables = true
enable_strikethrough = true
enable_autolinks = true
enable_task_lists = true
enable_footnotes = true
enable_math = true
heading_anchors = true
code_block_line_numbers = true
[content.seo]
auto_generate_meta = true
default_meta_description_length = 160
auto_generate_og_tags = true
enable_json_ld = true
sitemap_enabled = true
sitemap_path = "/sitemap.xml"
robots_txt_enabled = true
[content.publishing]
auto_publish = false
require_review = true
enable_drafts = true
enable_scheduling = true
default_status = "draft"
[content.taxonomy]
enable_categories = true
max_categories_per_content = 10
enable_tags = true
max_tags_per_content = 50
enable_hierarchical_categories = true
[content.media]
enabled = true
upload_dir = "uploads/content"
allowed_extensions = ["jpg", "jpeg", "png", "gif", "webp", "svg", "pdf", "doc", "docx", "mp4", "webm"]
max_file_size = 52428800 # 50MB
enable_image_optimization = true
generate_thumbnails = true
thumbnail_sizes = [150, 300, 600, 1200, 1920]
[content.media.images]
auto_optimize = true
quality = 90
progressive_jpeg = true
strip_metadata = true
enable_webp_conversion = true
enable_lazy_loading = true
[content.search]
enabled = true
search_engine = "database"
index_content = true
index_metadata = true
search_fields = ["title", "content", "excerpt", "tags", "categories", "author"]
min_search_length = 2
max_results = 100
[content.search.fulltext]
enable_stemming = true
enable_fuzzy_search = true
fuzzy_distance = 2
boost_title = 3.0
boost_tags = 2.0
boost_categories = 1.5
[content.cache]
enable_redis = true
redis_url = "redis://localhost:6379/1"
redis_prefix = "content:"
cache_rendered_content = true
cache_search_results = true
search_cache_ttl = 600 # 10 minutes
[content.api]
enabled = true
enable_public_api = true
enable_admin_api = true
api_prefix = "/api/content"
rate_limit_per_minute = 200
require_auth_for_write = true
enable_bulk_operations = true
[content.backup]
enabled = true
backup_interval = 43200 # 12 hours
backup_retention_days = 90
backup_dir = "backups/content"
include_media = true
compress_backups = true
[content.workflows]
enabled = true
require_approval = true
approval_roles = ["editor", "admin"]
notification_on_submission = true
notification_on_approval = true
auto_notify_authors = true
[content.comments]
enabled = true
require_approval = true
enable_replies = true
max_nesting_level = 5
enable_voting = true
enable_email_notifications = true
anti_spam_enabled = true
[content.analytics]
track_views = true
track_reading_time = true
track_popular_content = true
analytics_retention_days = 365
enable_heatmaps = true
[content.feeds]
enabled = true
rss_enabled = true
atom_enabled = true
feed_title = "Rustelo Full Featured Content"
feed_description = "Latest content from our full-featured Rustelo application"
max_items = 50
include_full_content = true
[content.security]
enable_content_sanitization = true
allowed_html_tags = ["p", "br", "strong", "em", "ul", "ol", "li", "h1", "h2", "h3", "h4", "h5", "h6", "blockquote", "code", "pre", "a", "img", "table", "thead", "tbody", "tr", "th", "td"]
enable_xss_protection = true
enable_csrf_protection = true
max_content_length = 5000000 # 5MB
[content.i18n]
enabled = true
default_language = "en"
supported_languages = ["en", "es", "fr", "de", "ja", "zh"]
fallback_to_default = true
auto_detect_language = true
[content.performance]
enable_lazy_loading = true
enable_pagination = true
default_page_size = 25
max_page_size = 100
enable_content_compression = true
minify_html = true
# Metrics Configuration
[metrics]
enabled = true
endpoint = "/metrics"
health_endpoint = "/metrics/health"
collection_interval = 30 # seconds
enable_process_metrics = true
enable_runtime_metrics = true
[metrics.prometheus]
namespace = "rustelo_full"
subsystem = ""
registry_type = "default"
enable_exemplars = true
histogram_buckets = [0.0005, 0.001, 0.0025, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0]
[metrics.http]
enabled = true
track_request_count = true
track_request_duration = true
track_requests_in_flight = true
track_response_size = true
track_request_size = true
include_user_agent = false
include_ip_address = false
slow_request_threshold = 0.5 # seconds
[metrics.database]
enabled = true
track_connection_pool = true
track_query_duration = true
track_query_count = true
track_connection_errors = true
track_migration_status = true
slow_query_threshold = 0.05 # seconds
include_query_tags = false
[metrics.auth]
enabled = true
track_login_attempts = true
track_login_failures = true
track_session_duration = true
track_active_sessions = true
track_token_generations = true
track_password_resets = true
track_registration_attempts = true
include_failure_reasons = true
[metrics.content]
enabled = true
track_content_requests = true
track_cache_performance = true
track_content_processing_time = true
track_search_queries = true
track_content_views = true
track_popular_content = true
[metrics.email]
enabled = true
track_emails_sent = true
track_email_failures = true
track_queue_size = true
track_processing_time = true
track_bounce_rate = true
track_delivery_rate = true
include_provider_metrics = true
[metrics.system]
enabled = true
track_memory_usage = true
track_cpu_usage = true
track_disk_usage = true
track_network_io = true
track_file_descriptors = true
track_uptime = true
collection_interval = 15 # seconds
[metrics.business]
enabled = true
track_user_registrations = true
track_user_logins = true
track_content_creation = true
track_api_usage = true
track_feature_usage = true
track_error_rates = true
track_conversion_metrics = true
[metrics.custom]
enabled = true
allow_custom_counters = true
allow_custom_gauges = true
allow_custom_histograms = true
max_custom_metrics = 500
custom_metric_prefix = "custom_"
[metrics.labels]
include_environment = true
include_version = true
include_instance_id = true
include_hostname = true
custom_labels = {datacenter = "us-west-1", team = "platform"}
[metrics.security]
enable_authentication = true
allowed_ips = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
api_key_header = "X-Metrics-API-Key"
api_key = "@encrypted_metrics_api_key"
# TLS Configuration
[tls]
enabled = true
port = 443
bind_address = "0.0.0.0"
protocols = ["TLSv1.2", "TLSv1.3"]
prefer_server_cipher_order = true
enable_http2 = true
enable_ocsp_stapling = true
[tls.certificates]
cert_path = "certs/production.crt"
key_path = "certs/production.key"
chain_path = "certs/chain.pem"
verify_client_certs = false
[tls.letsencrypt]
enabled = true
email = "admin@yourdomain.com"
domains = ["yourdomain.com", "www.yourdomain.com", "api.yourdomain.com"]
acme_server = "https://acme-v02.api.letsencrypt.org/directory"
challenge_type = "http-01"
cert_path = "certs/letsencrypt"
auto_renew = true
renew_days_before = 30
[tls.monitoring]
check_expiry = true
expiry_warning_days = 30
expiry_critical_days = 7
notify_on_expiry = true
health_check_enabled = true
[tls.ciphers]
allowed_ciphers = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256"
]
allow_legacy_ciphers = false
[tls.hsts]
enabled = true
max_age = 31536000 # 1 year
include_subdomains = true
preload = true
[tls.redirect]
enable_http_redirect = true
redirect_port = 80
permanent_redirect = true
redirect_status_code = 301
# Redis Configuration
[redis]
enabled = true
url = "redis://localhost:6379/0"
pool_size = 20
connection_timeout = 10
command_timeout = 10
# Feature Flags
[features]
auth = true
tls = true
content_db = true
two_factor_auth = true
# Build Configuration
[build]
features = ["auth", "content-db", "crypto", "email", "metrics", "tls"]

75
config/examples/minimal.toml Normal file
View File

@ -0,0 +1,75 @@
# Minimal Configuration Example
# This is the smallest possible configuration for running Rustelo
# Includes only essential features for basic functionality
[server]
protocol = "http"
host = "127.0.0.1"
port = 3030
environment = "development"
log_level = "info"
[app]
name = "Rustelo-minimal"
version = "0.1.0"
debug = false
enable_metrics = false
enable_health_check = true
enable_compression = false
max_request_size = 1048576 # 1MB
[database]
url = "sqlite:minimal.db"
max_connections = 3
min_connections = 1
connect_timeout = 10
idle_timeout = 300
max_lifetime = 900
[session]
secret = "minimal-session-secret-change-this"
cookie_name = "session_id"
cookie_http_only = true
cookie_same_site = "lax"
max_age = 1800 # 30 minutes
[security]
enable_csrf = true
csrf_token_name = "csrf_token"
rate_limit_requests = 50
rate_limit_window = 60
bcrypt_cost = 10
[cors]
allowed_origins = ["http://localhost:3030"]
allowed_methods = ["GET", "POST"]
allowed_headers = ["Content-Type"]
allow_credentials = true
max_age = 600
[static]
assets_dir = "public"
site_root = "target/site"
site_pkg_dir = "pkg"
[server_dirs]
public_dir = "public"
uploads_dir = "uploads"
logs_dir = "logs"
temp_dir = "tmp"
cache_dir = "cache"
[logging]
format = "text"
level = "info"
enable_console = true
enable_file = false
[features]
auth = false
tls = false
content_db = false
two_factor_auth = false
[build]
features = ["crypto"]

74
config/features/auth.toml Normal file
View File

@ -0,0 +1,74 @@
# Authentication Feature Configuration
# Settings for the authentication and authorization system
[features]
auth = true
# OAuth Configuration
[oauth]
enabled = false
[oauth.google]
client_id = "your-google-client-id"
client_secret = "your-google-client-secret"
redirect_uri = "http://localhost:3030/auth/google/callback"
[oauth.github]
client_id = "your-github-client-id"
client_secret = "your-github-client-secret"
redirect_uri = "http://localhost:3030/auth/github/callback"
# JWT Configuration
[auth.jwt]
secret = "change-this-in-production-to-a-secure-random-string"
expiration = 86400 # 24 hours in seconds
refresh_token_expiration = 604800 # 7 days in seconds
algorithm = "HS256"
issuer = "rustelo-app"
audience = "rustelo-users"
# Password Policy
[auth.password]
min_length = 8
require_uppercase = true
require_lowercase = true
require_numbers = true
require_special_chars = true
max_age_days = 90
history_count = 5
# Account Security
[auth.security]
max_login_attempts = 5
lockout_duration = 900 # 15 minutes in seconds
session_timeout = 3600 # 1 hour in seconds
require_email_verification = true
password_reset_timeout = 3600 # 1 hour in seconds
# Two-Factor Authentication
[auth.two_factor]
enabled = false
backup_codes_count = 10
totp_issuer = "Rustelo App"
totp_digits = 6
totp_period = 30
# User Registration
[auth.registration]
enabled = true
require_email_verification = true
auto_approve = true
default_role = "user"
allowed_domains = [] # Empty array means all domains allowed
# Session Management
[auth.sessions]
cleanup_interval = 3600 # 1 hour in seconds
max_concurrent_sessions = 5
remember_me_duration = 2592000 # 30 days in seconds
# Rate Limiting for Auth Endpoints
[auth.rate_limiting]
login_attempts_per_minute = 5
registration_attempts_per_hour = 3
password_reset_attempts_per_hour = 3

74
config/features/auth/dev.toml Normal file
View File

@ -0,0 +1,74 @@
# Authentication Feature Configuration - Development Environment
# Settings optimized for local development and debugging
[features]
auth = true
# OAuth Configuration - Development
[oauth]
enabled = false
[oauth.google]
client_id = "dev-google-client-id"
client_secret = "dev-google-client-secret"
redirect_uri = "http://localhost:3030/auth/google/callback"
[oauth.github]
client_id = "dev-github-client-id"
client_secret = "dev-github-client-secret"
redirect_uri = "http://localhost:3030/auth/github/callback"
# JWT Configuration - Development
[auth.jwt]
secret = "dev-jwt-secret-change-in-production"
expiration = 86400 # 24 hours in seconds
refresh_token_expiration = 604800 # 7 days in seconds
algorithm = "HS256"
issuer = "rustelo-app-dev"
audience = "rustelo-users-dev"
# Password Policy - Relaxed for development
[auth.password]
min_length = 6
require_uppercase = false
require_lowercase = true
require_numbers = true
require_special_chars = false
max_age_days = 365
history_count = 3
# Account Security - Relaxed for development
[auth.security]
max_login_attempts = 10
lockout_duration = 300 # 5 minutes in seconds
session_timeout = 7200 # 2 hours in seconds
require_email_verification = false
password_reset_timeout = 7200 # 2 hours in seconds
# Two-Factor Authentication - Disabled for development
[auth.two_factor]
enabled = false
backup_codes_count = 10
totp_issuer = "Rustelo App Dev"
totp_digits = 6
totp_period = 30
# User Registration - Open for development
[auth.registration]
enabled = true
require_email_verification = false
auto_approve = true
default_role = "user"
allowed_domains = [] # Empty array means all domains allowed
# Session Management - Extended for development
[auth.sessions]
cleanup_interval = 3600 # 1 hour in seconds
max_concurrent_sessions = 10
remember_me_duration = 2592000 # 30 days in seconds
# Rate Limiting - Relaxed for development
[auth.rate_limiting]
login_attempts_per_minute = 20
registration_attempts_per_hour = 10
password_reset_attempts_per_hour = 10

161
config/features/auth/example.toml Normal file
View File

@ -0,0 +1,161 @@
# Authentication Feature Configuration - Example
# Complete example showing all available authentication options
[features]
auth = true
# OAuth Configuration - Example with multiple providers
[oauth]
enabled = true
[oauth.google]
client_id = "your-google-client-id.apps.googleusercontent.com"
client_secret = "your-google-client-secret"
redirect_uri = "https://yourapp.com/auth/google/callback"
[oauth.github]
client_id = "your-github-client-id"
client_secret = "your-github-client-secret"
redirect_uri = "https://yourapp.com/auth/github/callback"
[oauth.microsoft]
client_id = "your-microsoft-client-id"
client_secret = "your-microsoft-client-secret"
redirect_uri = "https://yourapp.com/auth/microsoft/callback"
# JWT Configuration - Example with all options
[auth.jwt]
secret = "your-super-secure-jwt-secret-key-at-least-32-characters-long"
expiration = 3600 # 1 hour in seconds
refresh_token_expiration = 86400 # 24 hours in seconds
algorithm = "HS256" # HS256, HS384, HS512, RS256, RS384, RS512
issuer = "rustelo-app"
audience = "rustelo-users"
not_before_leeway = 0 # seconds
expiration_leeway = 0 # seconds
# Password Policy - Example with balanced security
[auth.password]
min_length = 10
require_uppercase = true
require_lowercase = true
require_numbers = true
require_special_chars = true
max_age_days = 180 # 6 months
history_count = 8
complexity_score = 3 # 1-5 scale
dictionary_check = true
common_password_check = true
# Account Security - Example with comprehensive settings
[auth.security]
max_login_attempts = 5
lockout_duration = 900 # 15 minutes in seconds
session_timeout = 3600 # 1 hour in seconds
require_email_verification = true
password_reset_timeout = 3600 # 1 hour in seconds
enable_captcha = true
captcha_after_attempts = 3
ip_tracking = true
device_fingerprinting = true
# Two-Factor Authentication - Example with all options
[auth.two_factor]
enabled = true
backup_codes_count = 10
totp_issuer = "Rustelo App"
totp_digits = 6
totp_period = 30
totp_skew = 1 # Allow 1 period before/after
sms_enabled = true
email_enabled = true
app_enabled = true
hardware_key_enabled = false
# User Registration - Example with moderation
[auth.registration]
enabled = true
require_email_verification = true
auto_approve = false
default_role = "user"
allowed_domains = ["company.com", "partner.org"]
blocked_domains = ["tempmail.org", "10minutemail.com"]
require_invitation = false
invitation_expiry = 604800 # 7 days
username_min_length = 3
username_max_length = 30
username_regex = "^[a-zA-Z0-9_-]+$"
# Session Management - Example with comprehensive settings
[auth.sessions]
cleanup_interval = 1800 # 30 minutes in seconds
max_concurrent_sessions = 5
remember_me_duration = 2592000 # 30 days in seconds
session_storage = "database" # "memory", "database", "redis"
secure_cookie = true
httponly_cookie = true
same_site = "strict" # "strict", "lax", "none"
session_regeneration = true
# Rate Limiting - Example with tiered limits
[auth.rate_limiting]
login_attempts_per_minute = 10
registration_attempts_per_hour = 5
password_reset_attempts_per_hour = 5
oauth_attempts_per_minute = 15
api_calls_per_minute = 100
burst_limit = 20
enable_progressive_delay = true
# Role-Based Access Control - Example
[auth.rbac]
enabled = true
default_permissions = ["read_profile", "update_profile"]
admin_permissions = ["*"]
moderator_permissions = ["read_*", "update_content", "delete_content"]
user_permissions = ["read_profile", "update_profile", "create_content"]
# Audit Logging - Example
[auth.audit]
enabled = true
log_successful_logins = true
log_failed_logins = true
log_password_changes = true
log_role_changes = true
log_permission_changes = true
retention_days = 365
export_format = "json"
# Advanced Security Features - Example
[auth.security.advanced]
enable_bruteforce_protection = true
enable_ip_whitelist = false
whitelist_ips = ["192.168.1.0/24", "10.0.0.0/8"]
enable_geolocation_check = true
allowed_countries = ["US", "CA", "GB"]
suspicious_activity_threshold = 10
account_lockout_escalation = true
password_breach_check = true
device_trust_duration = 2592000 # 30 days
# Integration Settings - Example
[auth.integrations]
ldap_enabled = false
ldap_server = "ldap://ldap.company.com"
ldap_bind_dn = "cn=admin,dc=company,dc=com"
ldap_bind_password = "ldap-password"
ldap_search_base = "ou=users,dc=company,dc=com"
ldap_user_filter = "(&(objectClass=person)(uid={username}))"
saml_enabled = false
saml_entity_id = "rustelo-app"
saml_sso_url = "https://sso.company.com/saml/sso"
saml_certificate_path = "certs/saml.crt"
# Development and Testing - Example
[auth.development]
bypass_email_verification = false
allow_weak_passwords = false
log_auth_tokens = false
enable_test_users = false
mock_oauth_providers = false

83
config/features/auth/prod.toml Normal file
View File

@ -0,0 +1,83 @@
# Authentication Feature Configuration - Production Environment
# Settings optimized for production security and performance
[features]
auth = true
# OAuth Configuration - Production
[oauth]
enabled = true
[oauth.google]
client_id = "${GOOGLE_CLIENT_ID}"
client_secret = "${GOOGLE_CLIENT_SECRET}"
redirect_uri = "${BASE_URL}/auth/google/callback"
[oauth.github]
client_id = "${GITHUB_CLIENT_ID}"
client_secret = "${GITHUB_CLIENT_SECRET}"
redirect_uri = "${BASE_URL}/auth/github/callback"
# JWT Configuration - Production
[auth.jwt]
secret = "${JWT_SECRET}"
expiration = 3600 # 1 hour in seconds
refresh_token_expiration = 86400 # 24 hours in seconds
algorithm = "HS256"
issuer = "rustelo-app"
audience = "rustelo-users"
# Password Policy - Strict for production
[auth.password]
min_length = 12
require_uppercase = true
require_lowercase = true
require_numbers = true
require_special_chars = true
max_age_days = 90
history_count = 12
# Account Security - Strict for production
[auth.security]
max_login_attempts = 3
lockout_duration = 1800 # 30 minutes in seconds
session_timeout = 1800 # 30 minutes in seconds
require_email_verification = true
password_reset_timeout = 1800 # 30 minutes in seconds
# Two-Factor Authentication - Enabled for production
[auth.two_factor]
enabled = true
backup_codes_count = 10
totp_issuer = "Rustelo App"
totp_digits = 6
totp_period = 30
# User Registration - Controlled for production
[auth.registration]
enabled = true
require_email_verification = true
auto_approve = false
default_role = "user"
allowed_domains = [] # Configure specific domains if needed
# Session Management - Secure for production
[auth.sessions]
cleanup_interval = 1800 # 30 minutes in seconds
max_concurrent_sessions = 3
remember_me_duration = 604800 # 7 days in seconds
# Rate Limiting - Strict for production
[auth.rate_limiting]
login_attempts_per_minute = 5
registration_attempts_per_hour = 3
password_reset_attempts_per_hour = 3
# Additional Production Security
[auth.security.advanced]
enable_bruteforce_protection = true
enable_ip_whitelist = false
whitelist_ips = []
enable_geolocation_check = false
suspicious_activity_threshold = 5
account_lockout_escalation = true

219
config/features/content.toml Normal file
View File

@ -0,0 +1,219 @@
# Content Management Feature Configuration
# Settings for the database-backed content management system
[features]
content_db = true
# Content Management Configuration
[content]
enabled = true
content_dir = "content"
cache_enabled = true
cache_ttl = 3600 # seconds
max_file_size = 5242880 # 5MB
auto_save_interval = 30 # seconds
enable_versioning = true
max_versions = 10
# Content Types
[content.types]
# Supported content types and their configurations
[content.types.article]
enabled = true
template = "article.hbs"
slug_prefix = "articles"
allow_comments = true
enable_seo = true
max_length = 50000
[content.types.page]
enabled = true
template = "page.hbs"
slug_prefix = "pages"
allow_comments = false
enable_seo = true
max_length = 100000
[content.types.blog_post]
enabled = true
template = "blog_post.hbs"
slug_prefix = "blog"
allow_comments = true
enable_seo = true
max_length = 30000
enable_series = true
# Markdown Configuration
[content.markdown]
enable_syntax_highlighting = true
theme = "github"
enable_tables = true
enable_strikethrough = true
enable_autolinks = true
enable_task_lists = true
enable_footnotes = true
enable_math = false
heading_anchors = true
code_block_line_numbers = true
# SEO Configuration
[content.seo]
auto_generate_meta = true
default_meta_description_length = 160
auto_generate_og_tags = true
enable_json_ld = true
sitemap_enabled = true
sitemap_path = "/sitemap.xml"
robots_txt_enabled = true
# Content Publishing
[content.publishing]
auto_publish = false
require_review = true
enable_drafts = true
enable_scheduling = true
default_status = "draft" # "draft", "published", "scheduled", "archived"
# Content Categories and Tags
[content.taxonomy]
enable_categories = true
max_categories_per_content = 5
enable_tags = true
max_tags_per_content = 20
enable_hierarchical_categories = true
# Media Management
[content.media]
enabled = true
upload_dir = "uploads/content"
allowed_extensions = ["jpg", "jpeg", "png", "gif", "webp", "svg", "pdf", "doc", "docx"]
max_file_size = 10485760 # 10MB
enable_image_optimization = true
generate_thumbnails = true
thumbnail_sizes = [150, 300, 600, 1200]
# Image Processing
[content.media.images]
auto_optimize = true
quality = 85
progressive_jpeg = true
strip_metadata = true
enable_webp_conversion = true
enable_lazy_loading = true
# Content Search
[content.search]
enabled = true
search_engine = "database" # "database", "elasticsearch", "algolia"
index_content = true
index_metadata = true
search_fields = ["title", "content", "excerpt", "tags", "categories"]
min_search_length = 3
max_results = 50
# Full-text Search Configuration
[content.search.fulltext]
enable_stemming = true
enable_fuzzy_search = true
fuzzy_distance = 2
boost_title = 2.0
boost_tags = 1.5
boost_categories = 1.3
# Content Cache
[content.cache]
enable_redis = false
redis_url = "redis://localhost:6379"
redis_prefix = "content:"
cache_rendered_content = true
cache_search_results = true
search_cache_ttl = 300 # 5 minutes
# Content API
[content.api]
enabled = true
enable_public_api = true
enable_admin_api = true
api_prefix = "/api/content"
rate_limit_per_minute = 100
require_auth_for_write = true
enable_bulk_operations = true
# Content Backup
[content.backup]
enabled = true
backup_interval = 86400 # 24 hours
backup_retention_days = 30
backup_dir = "backups/content"
include_media = true
compress_backups = true
# Content Workflows
[content.workflows]
enabled = false
require_approval = false
approval_roles = ["editor", "admin"]
notification_on_submission = true
notification_on_approval = true
auto_notify_authors = true
# Content Comments
[content.comments]
enabled = true
require_approval = false
enable_replies = true
max_nesting_level = 3
enable_voting = true
enable_email_notifications = true
anti_spam_enabled = true
# Content Analytics
[content.analytics]
track_views = true
track_reading_time = true
track_popular_content = true
analytics_retention_days = 90
enable_heatmaps = false
# RSS/Atom Feeds
[content.feeds]
enabled = true
rss_enabled = true
atom_enabled = true
feed_title = "Rustelo Content Feed"
feed_description = "Latest content from Rustelo"
max_items = 20
include_full_content = false
# Content Import/Export
[content.import_export]
enabled = true
supported_formats = ["markdown", "html", "json", "xml"]
enable_bulk_import = true
enable_export = true
export_formats = ["markdown", "json", "pdf"]
# Content Security
[content.security]
enable_content_sanitization = true
allowed_html_tags = ["p", "br", "strong", "em", "ul", "ol", "li", "h1", "h2", "h3", "h4", "h5", "h6", "blockquote", "code", "pre"]
enable_xss_protection = true
enable_csrf_protection = true
max_content_length = 1000000 # 1MB
# Content Localization
[content.i18n]
enabled = false
default_language = "en"
supported_languages = ["en", "es", "fr", "de"]
fallback_to_default = true
auto_detect_language = false
# Performance Optimization
[content.performance]
enable_lazy_loading = true
enable_pagination = true
default_page_size = 20
max_page_size = 100
enable_content_compression = true
minify_html = false

118
config/features/content/dev.toml Normal file
View File

@ -0,0 +1,118 @@
# Content Feature Configuration - Development Environment
# Settings optimized for local development and testing
[features]
content_db = true
# Content Management - Development
[content]
enabled = true
content_dir = "content"
cache_enabled = false # Disable caching for development
cache_ttl = 60 # Short TTL for development
max_file_size = 52428800 # 50MB for development
allowed_extensions = ["md", "txt", "html", "json", "yaml", "toml"]
auto_reload = true
enable_drafts = true
# Content Storage - Development
[content.storage]
type = "filesystem" # "filesystem", "database", "s3"
base_path = "content"
create_directories = true
backup_enabled = false
versioning_enabled = true
max_versions = 10
# Content Processing - Development
[content.processing]
markdown_enabled = true
syntax_highlighting = true
auto_linking = true
enable_math = true
enable_mermaid = true
enable_prism = true
process_includes = true
validate_frontmatter = true
# Content Validation - Relaxed for development
[content.validation]
strict_mode = false
validate_yaml_frontmatter = true
validate_markdown_links = false
validate_images = false
check_broken_links = false
allowed_protocols = ["http", "https", "ftp", "mailto"]
# Content Indexing - Development
[content.indexing]
enabled = true
full_text_search = true
index_content = true
index_metadata = true
rebuild_on_change = true
search_engine = "basic" # "basic", "elasticsearch", "solr"
# Content Templates - Development
[content.templates]
enabled = true
template_dir = "templates/content"
default_template = "default.hbs"
auto_detect_template = true
template_cache = false # Disable caching for development
# Content API - Development
[content.api]
enabled = true
base_path = "/api/content"
enable_crud = true
enable_search = true
enable_upload = true
enable_download = true
rate_limit = 1000 # requests per minute
max_query_results = 1000
# Content Security - Relaxed for development
[content.security]
sanitize_html = true
allow_raw_html = true
allow_scripts = false
allow_iframes = false
csrf_protection = false
xss_protection = true
# Content Metadata - Development
[content.metadata]
extract_metadata = true
auto_generate_slug = true
auto_generate_excerpt = true
excerpt_length = 150
auto_generate_toc = true
auto_generate_tags = false
# Content Workflow - Development
[content.workflow]
enabled = false
require_approval = false
auto_publish = true
draft_mode = true
revision_control = true
collaborative_editing = false
# Content Performance - Development
[content.performance]
lazy_loading = false
image_optimization = false
content_compression = false
cdn_enabled = false
cache_static_assets = false
# Development Settings
[content.development]
debug_mode = true
log_queries = true
log_processing = true
enable_content_preview = true
auto_save_drafts = true
show_processing_time = true
enable_hot_reload = true

229
config/features/content/example.toml Normal file
View File

@ -0,0 +1,229 @@
# Content Feature Configuration - Example Environment
# Complete documentation of all content management options
[features]
content = true
[content]
enabled = true
content_dir = "content" # Directory for content storage
cache_enabled = true # Enable content caching
cache_ttl = 3600 # Cache TTL in seconds (1 hour)
max_file_size = 52428800 # Maximum file size in bytes (50MB)
max_files_per_upload = 10 # Maximum files per upload request
allowed_file_types = [ # Allowed file extensions
"md", "txt", "html", "css", "js",
"json", "toml", "yaml", "yml",
"jpg", "jpeg", "png", "gif", "webp",
"svg", "pdf", "doc", "docx"
]
blocked_file_types = [ # Blocked file extensions for security
"exe", "bat", "cmd", "com", "scr",
"pif", "vbs", "js", "jar", "sh"
]
scan_uploads = true # Scan uploaded files for malware
quarantine_suspicious = true # Quarantine suspicious files
[content.markdown]
enabled = true # Enable Markdown processing
parser = "pulldown-cmark" # Markdown parser to use
syntax_highlighting = true # Enable code syntax highlighting
highlight_theme = "github" # Syntax highlighting theme
math_support = true # Enable LaTeX math rendering
math_renderer = "katex" # Math rendering engine
table_of_contents = true # Generate table of contents
auto_links = true # Automatically link URLs
smart_punctuation = true # Enable smart punctuation
footnotes = true # Enable footnotes
strikethrough = true # Enable strikethrough text
tasklists = true # Enable task lists
tables = true # Enable tables
heading_anchors = true # Generate heading anchors
[content.media]
enabled = true # Enable media file handling
max_image_size = 10485760 # Maximum image size (10MB)
max_video_size = 104857600 # Maximum video size (100MB)
max_audio_size = 20971520 # Maximum audio size (20MB)
image_processing = true # Enable image processing
thumbnail_generation = true # Generate thumbnails
thumbnail_sizes = [150, 300, 600] # Thumbnail sizes in pixels
image_optimization = true # Optimize images on upload
video_processing = false # Enable video processing (resource intensive)
allowed_image_types = [ # Allowed image formats
"jpg", "jpeg", "png", "gif", "webp", "svg"
]
allowed_video_types = [ # Allowed video formats
"mp4", "webm", "ogg", "avi", "mov"
]
allowed_audio_types = [ # Allowed audio formats
"mp3", "ogg", "wav", "flac", "aac"
]
[content.versioning]
enabled = true # Enable content versioning
max_versions = 10 # Maximum versions to keep per content
auto_save_enabled = true # Enable auto-save functionality
auto_save_interval = 30 # Auto-save interval in seconds
version_comparison = true # Enable version comparison
restore_versions = true # Allow version restoration
version_metadata = true # Store version metadata
[content.publishing]
draft_mode = true # Enable draft mode
scheduled_publishing = true # Enable scheduled publishing
approval_workflow = true # Require approval for publishing
approval_roles = ["editor", "admin"] # Roles that can approve content
publish_notifications = true # Send notifications on publish
unpublish_capability = true # Allow unpublishing content
bulk_operations = true # Enable bulk operations
content_templates = true # Enable content templates
[content.search]
enabled = true # Enable content search
full_text_search = true # Enable full-text search
search_engine = "tantivy" # Search engine to use
index_content = true # Index content for search
index_metadata = true # Index metadata for search
search_highlights = true # Enable search result highlights
fuzzy_search = true # Enable fuzzy search
search_suggestions = true # Enable search suggestions
search_filters = true # Enable search filters
[content.categories]
enabled = true # Enable content categories
hierarchical_categories = true # Allow nested categories
max_category_depth = 5 # Maximum category nesting depth
category_slugs = true # Generate category slugs
category_descriptions = true # Allow category descriptions
category_images = true # Allow category images
auto_categorization = false # Enable auto-categorization
[content.tags]
enabled = true # Enable content tags
max_tags_per_content = 20 # Maximum tags per content item
tag_suggestions = true # Enable tag suggestions
tag_autocomplete = true # Enable tag autocomplete
tag_cloud = true # Enable tag cloud generation
tag_popularity = true # Track tag popularity
tag_synonyms = true # Enable tag synonyms
[content.comments]
enabled = true # Enable comments system
moderation_required = true # Require comment moderation
spam_filtering = true # Enable spam filtering
comment_voting = true # Enable comment voting
nested_comments = true # Allow nested comments
max_comment_depth = 3 # Maximum comment nesting depth
comment_formatting = "markdown" # Comment formatting (markdown, html, plain)
comment_notifications = true # Send comment notifications
[content.seo]
enabled = true # Enable SEO features
meta_tags = true # Generate meta tags
open_graph = true # Generate Open Graph tags
twitter_cards = true # Generate Twitter Card tags
structured_data = true # Generate structured data
sitemaps = true # Generate sitemaps
robots_txt = true # Generate robots.txt
canonical_urls = true # Generate canonical URLs
breadcrumbs = true # Generate breadcrumbs
[content.analytics]
enabled = true # Enable content analytics
page_views = true # Track page views
popular_content = true # Track popular content
user_engagement = true # Track user engagement
reading_time = true # Calculate reading time
content_performance = true # Track content performance
analytics_retention = 90 # Analytics data retention in days
[content.backup]
enabled = true # Enable content backup
backup_schedule = "0 2 * * *" # Backup schedule (daily at 2 AM)
backup_retention = 30 # Backup retention in days
backup_format = "zip" # Backup format (zip, tar, json)
backup_location = "backups/content" # Backup storage location
incremental_backup = true # Enable incremental backups
backup_verification = true # Verify backup integrity
[content.performance]
lazy_loading = true # Enable lazy loading
image_lazy_loading = true # Enable image lazy loading
content_compression = true # Enable content compression
cdn_integration = false # Enable CDN integration
cache_headers = true # Set appropriate cache headers
preload_critical = true # Preload critical resources
minify_html = true # Minify HTML output
minify_css = true # Minify CSS output
minify_js = true # Minify JavaScript output
[content.security]
content_sanitization = true # Enable content sanitization
xss_protection = true # Enable XSS protection
csrf_protection = true # Enable CSRF protection
rate_limiting = true # Enable rate limiting
upload_scanning = true # Scan uploaded files
virus_scanning = false # Enable virus scanning (requires ClamAV)
content_validation = true # Validate content structure
permission_checks = true # Enforce permission checks
[content.api]
enabled = true # Enable content API
rest_api = true # Enable REST API
graphql_api = false # Enable GraphQL API
api_authentication = true # Require API authentication
api_rate_limiting = true # Enable API rate limiting
api_versioning = true # Enable API versioning
api_documentation = true # Generate API documentation
webhook_support = true # Enable webhook support
[content.export]
enabled = true # Enable content export
export_formats = ["json", "xml", "csv"] # Supported export formats
bulk_export = true # Enable bulk export
scheduled_export = true # Enable scheduled export
export_filtering = true # Enable export filtering
export_compression = true # Compress exported files
export_encryption = false # Encrypt exported files
[content.import]
enabled = true # Enable content import
import_formats = ["json", "xml", "csv", "markdown"] # Supported import formats
bulk_import = true # Enable bulk import
import_validation = true # Validate imported content
import_preview = true # Enable import preview
import_rollback = true # Enable import rollback
duplicate_handling = "skip" # How to handle duplicates (skip, overwrite, merge)
[content.workflows]
enabled = true # Enable content workflows
custom_workflows = true # Allow custom workflows
workflow_automation = true # Enable workflow automation
workflow_notifications = true # Send workflow notifications
workflow_history = true # Track workflow history
parallel_workflows = false # Enable parallel workflows
workflow_conditions = true # Enable workflow conditions
workflow_approvals = true # Enable workflow approvals
[content.localization]
enabled = false # Enable content localization
default_language = "en" # Default language
supported_languages = ["en", "es", "fr", "de"] # Supported languages
auto_translation = false # Enable automatic translation
translation_service = "google" # Translation service to use
rtl_support = false # Enable right-to-left language support
language_detection = true # Enable language detection
fallback_language = "en" # Fallback language
[content.monitoring]
enabled = true # Enable content monitoring
error_tracking = true # Track content errors
performance_monitoring = true # Monitor content performance
uptime_monitoring = true # Monitor content availability
alert_thresholds = [ # Alert thresholds
{ name = "error_rate", value = 5.0, unit = "%" }, # Error rate threshold (%)
{ name = "response_time", value = 2000, unit = "ms" }, # Response time threshold (ms)
{ name = "disk_usage", value = 80.0, unit = "%" } # Disk usage threshold (%)
]
notification_channels = ["email", "slack"] # Notification channels

212
config/features/content/prod.toml Normal file
View File

@ -0,0 +1,212 @@
# Content Feature Configuration - Production Environment
# Settings optimized for production security and performance
[features]
content_db = true
# Content Management - Production
[content]
enabled = true
content_dir = "/var/lib/rustelo/content"
cache_enabled = true
cache_ttl = 3600 # 1 hour
max_file_size = 10485760 # 10MB for production
allowed_extensions = ["md", "txt", "html", "json", "yaml"]
auto_reload = false
enable_drafts = true
strict_validation = true
# Content Storage - Production
[content.storage]
type = "database" # "filesystem", "database", "s3"
base_path = "/var/lib/rustelo/content"
create_directories = true
backup_enabled = true
versioning_enabled = true
max_versions = 5
backup_schedule = "0 3 * * *" # Daily at 3 AM
s3_bucket = "${CONTENT_S3_BUCKET}"
s3_region = "${AWS_REGION}"
s3_access_key = "${AWS_ACCESS_KEY_ID}"
s3_secret_key = "${AWS_SECRET_ACCESS_KEY}"
# Content Processing - Production
[content.processing]
markdown_enabled = true
syntax_highlighting = true
auto_linking = true
enable_math = true
enable_mermaid = false # Disabled for security
enable_prism = true
process_includes = true
validate_frontmatter = true
sanitize_html = true
strip_dangerous_tags = true
# Content Validation - Strict for production
[content.validation]
strict_mode = true
validate_yaml_frontmatter = true
validate_markdown_links = true
validate_images = true
check_broken_links = true
allowed_protocols = ["https", "mailto"]
max_content_size = 1048576 # 1MB
require_alt_text = true
validate_accessibility = true
# Content Indexing - Production
[content.indexing]
enabled = true
full_text_search = true
index_content = true
index_metadata = true
rebuild_on_change = false
search_engine = "elasticsearch" # "basic", "elasticsearch", "solr"
elasticsearch_url = "${ELASTICSEARCH_URL}"
elasticsearch_index = "rustelo_content"
batch_size = 100
index_compression = true
# Content Templates - Production
[content.templates]
enabled = true
template_dir = "/var/lib/rustelo/templates/content"
default_template = "default.hbs"
auto_detect_template = true
template_cache = true
cache_ttl = 3600 # 1 hour
precompile_templates = true
# Content API - Production
[content.api]
enabled = true
base_path = "/api/content"
enable_crud = true
enable_search = true
enable_upload = true
enable_download = true
rate_limit = 100 # requests per minute
max_query_results = 100
require_authentication = true
admin_only_operations = ["delete", "bulk_update"]
# Content Security - Strict for production
[content.security]
sanitize_html = true
allow_raw_html = false
allow_scripts = false
allow_iframes = false
csrf_protection = true
xss_protection = true
content_type_validation = true
file_type_validation = true
virus_scanning = true
quarantine_suspicious = true
# Content Metadata - Production
[content.metadata]
extract_metadata = true
auto_generate_slug = true
auto_generate_excerpt = true
excerpt_length = 150
auto_generate_toc = true
auto_generate_tags = true
ai_tag_generation = false
metadata_validation = true
# Content Workflow - Production
[content.workflow]
enabled = true
require_approval = true
auto_publish = false
draft_mode = true
revision_control = true
collaborative_editing = true
approval_workflow = "two_stage"
notify_reviewers = true
audit_trail = true
# Content Performance - Production
[content.performance]
lazy_loading = true
image_optimization = true
content_compression = true
cdn_enabled = true
cdn_url = "${CDN_URL}"
cache_static_assets = true
cache_ttl = 86400 # 24 hours
optimize_images = true
webp_conversion = true
progressive_jpeg = true
# Content Monitoring - Production
[content.monitoring]
enabled = true
track_views = true
track_downloads = true
track_search_queries = true
performance_metrics = true
error_tracking = true
alert_on_errors = true
alert_email = "${ADMIN_EMAIL}"
retention_days = 90
# Content CDN - Production
[content.cdn]
enabled = true
provider = "cloudflare" # "cloudflare", "aws", "azure"
url = "${CDN_URL}"
api_key = "${CDN_API_KEY}"
zone_id = "${CDN_ZONE_ID}"
auto_purge = true
purge_on_update = true
cache_everything = true
browser_cache_ttl = 86400 # 24 hours
edge_cache_ttl = 604800 # 7 days
# Content Backup - Production
[content.backup]
enabled = true
schedule = "0 2 * * *" # Daily at 2 AM
retention_days = 90
backup_location = "${BACKUP_LOCATION}"
compress_backups = true
encrypt_backups = true
encryption_key = "${BACKUP_ENCRYPTION_KEY}"
verify_backups = true
notification_email = "${ADMIN_EMAIL}"
# Content Analytics - Production
[content.analytics]
enabled = true
track_page_views = true
track_user_engagement = true
track_content_performance = true
analytics_provider = "google" # "google", "matomo", "custom"
google_analytics_id = "${GOOGLE_ANALYTICS_ID}"
respect_do_not_track = true
anonymize_ip = true
cookie_consent = true
# Content Compliance - Production
[content.compliance]
gdpr_enabled = true
data_retention_policy = 2555 # days (7 years)
audit_log_enabled = true
audit_log_retention = 2555 # days
right_to_be_forgotten = true
data_export_enabled = true
privacy_policy_url = "${BASE_URL}/privacy"
terms_of_service_url = "${BASE_URL}/terms"
cookie_policy_url = "${BASE_URL}/cookies"
# Development Settings - Disabled for production
[content.development]
debug_mode = false
log_queries = false
log_processing = false
enable_content_preview = false
auto_save_drafts = false
show_processing_time = false
enable_hot_reload = false

129
config/features/email.toml Normal file
View File

@ -0,0 +1,129 @@
# Email Feature Configuration
# Settings for the email sending system with multiple providers
[features]
email = true
# Email Configuration
[email]
enabled = true
from_email = "noreply@yourapp.com"
from_name = "Rustelo App"
reply_to = ""
default_provider = "console" # "smtp", "sendgrid", "console"
# SMTP Configuration
[email.smtp]
host = "smtp.gmail.com"
port = 587
username = "your-email@gmail.com"
password = "your-app-password"
use_tls = true
use_starttls = true
timeout = 30
pool_size = 5
# SendGrid Configuration
[email.sendgrid]
api_key = "your-sendgrid-api-key"
endpoint = "https://api.sendgrid.com/v3/mail/send"
timeout = 30
# Console Provider (Development)
[email.console]
enabled = true
log_level = "info"
save_to_file = true
output_dir = "logs/emails"
# Email Templates
[email.templates]
template_dir = "templates/email"
default_language = "en"
supported_languages = ["en", "es", "fr", "de"]
cache_templates = true
reload_on_change = false # Set to true in development
# Template Configuration
[email.templates.welcome]
subject = "Welcome to {{app_name}}"
template = "welcome.hbs"
text_template = "welcome.txt"
[email.templates.password_reset]
subject = "Password Reset Request"
template = "password_reset.hbs"
text_template = "password_reset.txt"
expiration = 3600 # 1 hour
[email.templates.email_verification]
subject = "Verify Your Email Address"
template = "email_verification.hbs"
text_template = "email_verification.txt"
expiration = 86400 # 24 hours
[email.templates.two_factor]
subject = "Two-Factor Authentication Code"
template = "two_factor.hbs"
text_template = "two_factor.txt"
expiration = 300 # 5 minutes
# Email Queue Configuration
[email.queue]
enabled = true
max_retry_attempts = 3
retry_delay = 60 # seconds
batch_size = 10
processing_interval = 30 # seconds
# Rate Limiting
[email.rate_limiting]
max_emails_per_minute = 60
max_emails_per_hour = 1000
max_emails_per_day = 10000
burst_limit = 10
# Email Validation
[email.validation]
check_mx_records = true
check_disposable_domains = true
allowed_domains = [] # Empty means all domains allowed
blocked_domains = ["tempmail.org", "10minutemail.com"]
# Bounce Handling
[email.bounce_handling]
enabled = true
webhook_url = "/webhooks/email/bounce"
webhook_secret = "your-webhook-secret"
max_bounce_rate = 0.05 # 5%
auto_suppress_bounces = true
# Email Analytics
[email.analytics]
track_opens = false
track_clicks = false
track_deliveries = true
track_bounces = true
track_complaints = true
# Security Settings
[email.security]
enable_dkim = false
dkim_selector = "default"
dkim_private_key_path = "certs/dkim_private.key"
enable_spf = true
enable_dmarc = false
# Internationalization
[email.i18n]
auto_detect_language = true
fallback_language = "en"
timezone = "UTC"
date_format = "%Y-%m-%d %H:%M:%S"
# Development Settings
[email.development]
intercept_emails = false
intercept_to = "developer@localhost"
log_all_emails = true
fake_send = false

131
config/features/email/dev.toml Normal file
View File

@ -0,0 +1,131 @@
# Email Feature Configuration - Development Environment
# Settings optimized for local development and testing
[features]
email = true
# Email Configuration - Development
[email]
enabled = true
from_email = "dev@localhost"
from_name = "Rustelo App Dev"
reply_to = "dev-noreply@localhost"
default_provider = "console" # "smtp", "sendgrid", "console"
# SMTP Configuration - Development (usually disabled)
[email.smtp]
host = "localhost"
port = 1025 # MailHog or similar local SMTP server
username = ""
password = ""
use_tls = false
use_starttls = false
timeout = 30
pool_size = 2
# SendGrid Configuration - Development (usually disabled)
[email.sendgrid]
api_key = "dev-sendgrid-key"
endpoint = "https://api.sendgrid.com/v3/mail/send"
timeout = 30
# Console Provider - Development (primary)
[email.console]
enabled = true
log_level = "debug"
save_to_file = true
output_dir = "logs/emails"
pretty_print = true
# Email Templates - Development
[email.templates]
template_dir = "templates/email"
default_language = "en"
supported_languages = ["en"]
cache_templates = false # Disable caching for development
reload_on_change = true # Enable hot reload
# Template Configuration - Development
[email.templates.welcome]
subject = "Welcome to {{app_name}} (DEV)"
template = "welcome.hbs"
text_template = "welcome.txt"
[email.templates.password_reset]
subject = "Password Reset Request (DEV)"
template = "password_reset.hbs"
text_template = "password_reset.txt"
expiration = 7200 # 2 hours for development
[email.templates.email_verification]
subject = "Verify Your Email Address (DEV)"
template = "email_verification.hbs"
text_template = "email_verification.txt"
expiration = 86400 # 24 hours
[email.templates.two_factor]
subject = "Two-Factor Authentication Code (DEV)"
template = "two_factor.hbs"
text_template = "two_factor.txt"
expiration = 600 # 10 minutes
# Email Queue Configuration - Development
[email.queue]
enabled = false # Disable queue for immediate sending in dev
max_retry_attempts = 1
retry_delay = 10 # seconds
batch_size = 5
processing_interval = 10 # seconds
# Rate Limiting - Relaxed for development
[email.rate_limiting]
max_emails_per_minute = 1000
max_emails_per_hour = 10000
max_emails_per_day = 100000
burst_limit = 100
# Email Validation - Relaxed for development
[email.validation]
check_mx_records = false
check_disposable_domains = false
allowed_domains = [] # Allow all domains
blocked_domains = [] # No blocked domains
# Bounce Handling - Disabled for development
[email.bounce_handling]
enabled = false
webhook_url = "/webhooks/email/bounce"
webhook_secret = "dev-webhook-secret"
max_bounce_rate = 1.0 # 100%
auto_suppress_bounces = false
# Email Analytics - Disabled for development
[email.analytics]
track_opens = false
track_clicks = false
track_deliveries = false
track_bounces = false
track_complaints = false
# Security Settings - Relaxed for development
[email.security]
enable_dkim = false
dkim_selector = "default"
dkim_private_key_path = ""
enable_spf = false
enable_dmarc = false
# Internationalization - Simple for development
[email.i18n]
auto_detect_language = false
fallback_language = "en"
timezone = "UTC"
date_format = "%Y-%m-%d %H:%M:%S"
# Development Settings
[email.development]
intercept_emails = false
intercept_to = "developer@localhost"
log_all_emails = true
fake_send = false
show_preview = true

262
config/features/email/example.toml Normal file
View File

@ -0,0 +1,262 @@
# Email Feature Configuration - Example Environment
# Complete documentation of all email system options
[features]
email = true
[email]
enabled = true
provider = "smtp" # Email provider: smtp, sendgrid, mailgun, ses, console
from_email = "noreply@example.com" # Default sender email address
from_name = "Example Application" # Default sender name
reply_to = "support@example.com" # Default reply-to address
bounce_address = "bounce@example.com" # Bounce handling address
templates_dir = "templates/email" # Email templates directory
queue_enabled = true # Enable email queue
max_retries = 3 # Maximum retry attempts for failed emails
retry_delay = 300 # Retry delay in seconds (5 minutes)
max_queue_size = 10000 # Maximum queue size
batch_size = 100 # Batch size for sending emails
rate_limit = 100 # Rate limit (emails per minute)
timeout = 30 # Email sending timeout in seconds
[email.smtp]
host = "smtp.example.com" # SMTP server hostname
port = 587 # SMTP server port
username = "your-username" # SMTP authentication username
password = "your-password" # SMTP authentication password (use env var)
use_tls = true # Use TLS encryption
use_starttls = true # Use STARTTLS
auth_mechanism = "login" # Authentication mechanism: login, plain, cram-md5
connection_timeout = 30 # Connection timeout in seconds
read_timeout = 30 # Read timeout in seconds
write_timeout = 30 # Write timeout in seconds
pool_size = 10 # Connection pool size
pool_timeout = 30 # Pool timeout in seconds
keepalive = true # Enable keepalive
verify_certificate = true # Verify SSL certificate
[email.sendgrid]
api_key = "your-sendgrid-api-key" # SendGrid API key (use env var)
endpoint = "https://api.sendgrid.com/v3/mail/send" # SendGrid API endpoint
sandbox_mode = false # Enable sandbox mode for testing
tracking_enabled = true # Enable email tracking
click_tracking = true # Enable click tracking
open_tracking = true # Enable open tracking
subscription_tracking = false # Enable subscription tracking
ganalytics_enabled = false # Enable Google Analytics tracking
[email.mailgun]
api_key = "your-mailgun-api-key" # Mailgun API key (use env var)
domain = "your-domain.com" # Mailgun domain
endpoint = "https://api.mailgun.net/v3" # Mailgun API endpoint
eu_region = false # Use EU region
test_mode = false # Enable test mode
tracking_enabled = true # Enable email tracking
click_tracking = true # Enable click tracking
open_tracking = true # Enable open tracking
delivery_time = false # Enable delivery time optimization
[email.ses]
region = "us-east-1" # AWS SES region
access_key_id = "your-access-key" # AWS access key ID (use env var)
secret_access_key = "your-secret-key" # AWS secret access key (use env var)
configuration_set = "" # SES configuration set
source_arn = "" # Source ARN for sending authorization
tags = {} # Default tags for emails
template_tags = {} # Default template tags
[email.console]
enabled_in_dev = true # Enable console output in development
log_level = "info" # Log level for console output
pretty_print = true # Pretty print email content
show_headers = true # Show email headers
show_body = true # Show email body
show_attachments = true # Show attachment info
[email.templates]
engine = "handlebars" # Template engine: handlebars, tera, minijinja
cache_enabled = true # Cache compiled templates
cache_ttl = 3600 # Template cache TTL in seconds
cache_size = 1000 # Maximum cached templates
auto_reload = true # Auto-reload templates in development
default_language = "en" # Default template language
supported_languages = ["en", "es", "fr", "de"] # Supported languages
fallback_language = "en" # Fallback language
template_validation = true # Validate templates on load
minify_html = true # Minify HTML templates
inline_css = true # Inline CSS in HTML emails
[email.queue]
backend = "redis" # Queue backend: redis, database, memory
redis_url = "redis://localhost:6379" # Redis URL for queue storage
redis_db = 2 # Redis database number
redis_key_prefix = "email_queue:" # Redis key prefix
database_table = "email_queue" # Database table for queue
max_attempts = 5 # Maximum delivery attempts
retry_backoff = "exponential" # Retry backoff strategy: linear, exponential
min_retry_delay = 60 # Minimum retry delay in seconds
max_retry_delay = 3600 # Maximum retry delay in seconds
dead_letter_queue = true # Enable dead letter queue
cleanup_interval = 3600 # Queue cleanup interval in seconds
job_timeout = 300 # Job timeout in seconds
[email.notifications]
enabled = true # Enable email notifications
delivery_notifications = true # Send delivery notifications
bounce_notifications = true # Send bounce notifications
complaint_notifications = true # Send complaint notifications
webhook_enabled = true # Enable webhook notifications
webhook_url = "https://example.com/webhook" # Webhook URL
webhook_secret = "your-webhook-secret" # Webhook secret for verification
webhook_events = [ # Webhook events to send
"delivered", "bounced", "complained", "clicked", "opened"
]
[email.tracking]
enabled = true # Enable email tracking
pixel_tracking = true # Enable pixel tracking for opens
link_tracking = true # Enable link tracking for clicks
bounce_tracking = true # Enable bounce tracking
complaint_tracking = true # Enable complaint tracking
unsubscribe_tracking = true # Enable unsubscribe tracking
analytics_integration = true # Enable analytics integration
retention_days = 90 # Tracking data retention in days
[email.security]
dkim_enabled = true # Enable DKIM signing
dkim_domain = "example.com" # DKIM domain
dkim_selector = "default" # DKIM selector
dkim_private_key_path = "/path/to/private.key" # DKIM private key path
spf_enabled = true # Enable SPF checking
dmarc_enabled = true # Enable DMARC
tls_required = true # Require TLS for sending
content_filtering = true # Enable content filtering
spam_filtering = true # Enable spam filtering
virus_scanning = false # Enable virus scanning
encryption_enabled = false # Enable email encryption
pgp_enabled = false # Enable PGP encryption
[email.validation]
enabled = true # Enable email validation
syntax_validation = true # Validate email syntax
domain_validation = true # Validate domain existence
mx_validation = true # Validate MX records
disposable_email_detection = true # Detect disposable emails
role_email_detection = true # Detect role-based emails
typo_detection = true # Detect common typos
blacklist_enabled = true # Enable email blacklist
whitelist_enabled = false # Enable email whitelist
blacklist_domains = [ # Blacklisted domains
"tempmail.com", "10minutemail.com", "guerrillamail.com"
]
[email.attachments]
enabled = true # Enable email attachments
max_size = 25165824 # Maximum attachment size (24MB)
max_count = 10 # Maximum number of attachments
allowed_types = [ # Allowed attachment types
"pdf", "doc", "docx", "txt", "jpg", "jpeg", "png", "gif"
]
blocked_types = [ # Blocked attachment types
"exe", "bat", "cmd", "com", "scr", "pif", "vbs", "js"
]
virus_scan = false # Scan attachments for viruses
compression = true # Enable attachment compression
encryption = false # Enable attachment encryption
storage_backend = "filesystem" # Storage backend: filesystem, s3, gcs
storage_path = "attachments" # Storage path for attachments
[email.lists]
enabled = true # Enable mailing lists
max_subscribers = 10000 # Maximum subscribers per list
double_opt_in = true # Require double opt-in
unsubscribe_link = true # Include unsubscribe link
list_unsubscribe_header = true # Include List-Unsubscribe header
bounce_handling = true # Handle bounces automatically
complaint_handling = true # Handle complaints automatically
segmentation = true # Enable list segmentation
personalization = true # Enable email personalization
a_b_testing = true # Enable A/B testing
automation = true # Enable email automation
[email.campaigns]
enabled = true # Enable email campaigns
scheduling = true # Enable campaign scheduling
recurring_campaigns = true # Enable recurring campaigns
drip_campaigns = true # Enable drip campaigns
trigger_campaigns = true # Enable trigger-based campaigns
analytics = true # Enable campaign analytics
reporting = true # Enable campaign reporting
export_data = true # Enable data export
archive_campaigns = true # Archive old campaigns
campaign_templates = true # Enable campaign templates
[email.compliance]
gdpr_compliance = true # Enable GDPR compliance
can_spam_compliance = true # Enable CAN-SPAM compliance
casl_compliance = false # Enable CASL compliance
data_retention_days = 2555 # Data retention period (7 years)
consent_tracking = true # Track consent
opt_out_handling = true # Handle opt-out requests
data_export = true # Enable data export for users
data_deletion = true # Enable data deletion for users
privacy_policy_link = "https://example.com/privacy" # Privacy policy link
terms_of_service_link = "https://example.com/terms" # Terms of service link
[email.monitoring]
enabled = true # Enable email monitoring
health_checks = true # Enable health checks
performance_monitoring = true # Monitor email performance
error_tracking = true # Track email errors
delivery_monitoring = true # Monitor delivery rates
bounce_monitoring = true # Monitor bounce rates
complaint_monitoring = true # Monitor complaint rates
reputation_monitoring = true # Monitor sender reputation
alerting = true # Enable alerting
[email.monitoring.alert_thresholds]
bounce_rate = 5.0 # Bounce rate threshold (%)
complaint_rate = 0.1 # Complaint rate threshold (%)
delivery_rate = 95.0 # Minimum delivery rate (%)
queue_size = 1000 # Queue size threshold
[email.testing]
test_mode = false # Enable test mode
test_recipients = ["test@example.com"] # Test recipients
test_prefix = "[TEST]" # Test email prefix
sandbox_mode = false # Enable sandbox mode
mock_delivery = false # Mock email delivery
test_templates = true # Enable template testing
preview_mode = true # Enable email preview
lint_templates = true # Lint email templates
validation_testing = true # Test email validation
load_testing = false # Enable load testing
[email.logging]
enabled = true # Enable email logging
log_level = "info" # Log level
log_format = "json" # Log format: json, plain
log_file = "logs/email.log" # Log file path
log_rotation = true # Enable log rotation
max_log_size = 104857600 # Maximum log file size (100MB)
max_log_files = 10 # Maximum log files to keep
log_emails = false # Log email content (privacy concern)
log_headers = true # Log email headers
log_delivery = true # Log delivery status
log_bounces = true # Log bounces
log_complaints = true # Log complaints
log_clicks = true # Log clicks
log_opens = true # Log opens
[email.performance]
connection_pooling = true # Enable connection pooling
persistent_connections = true # Use persistent connections
compression = true # Enable compression
caching = true # Enable response caching
async_sending = true # Enable async email sending
batch_sending = true # Enable batch sending
queue_optimization = true # Enable queue optimization
lazy_loading = true # Enable lazy loading
precompiled_templates = true # Use precompiled templates
cdn_integration = false # Enable CDN for email assets

176
config/features/email/prod.toml Normal file
View File

@ -0,0 +1,176 @@
# Email Feature Configuration - Production Environment
# Settings optimized for production security and reliability
[features]
email = true
# Email Configuration - Production
[email]
enabled = true
from_email = "${FROM_EMAIL}"
from_name = "${FROM_NAME}"
reply_to = "${REPLY_TO_EMAIL}"
default_provider = "sendgrid" # "smtp", "sendgrid", "ses"
# SMTP Configuration - Production
[email.smtp]
host = "${SMTP_HOST}"
port = 587
username = "${SMTP_USERNAME}"
password = "${SMTP_PASSWORD}"
use_tls = true
use_starttls = true
timeout = 30
pool_size = 10
# SendGrid Configuration - Production
[email.sendgrid]
api_key = "${SENDGRID_API_KEY}"
endpoint = "https://api.sendgrid.com/v3/mail/send"
timeout = 30
# AWS SES Configuration - Production
[email.ses]
region = "${AWS_REGION}"
access_key_id = "${AWS_ACCESS_KEY_ID}"
secret_access_key = "${AWS_SECRET_ACCESS_KEY}"
timeout = 30
# Console Provider - Disabled for production
[email.console]
enabled = false
log_level = "error"
save_to_file = false
output_dir = "logs/emails"
# Email Templates - Production
[email.templates]
template_dir = "templates/email"
default_language = "en"
supported_languages = ["en", "es", "fr", "de", "ja", "zh"]
cache_templates = true
reload_on_change = false
# Template Configuration - Production
[email.templates.welcome]
subject = "Welcome to {{app_name}}"
template = "welcome.hbs"
text_template = "welcome.txt"
[email.templates.password_reset]
subject = "Password Reset Request"
template = "password_reset.hbs"
text_template = "password_reset.txt"
expiration = 1800 # 30 minutes
[email.templates.email_verification]
subject = "Verify Your Email Address"
template = "email_verification.hbs"
text_template = "email_verification.txt"
expiration = 86400 # 24 hours
[email.templates.two_factor]
subject = "Two-Factor Authentication Code"
template = "two_factor.hbs"
text_template = "two_factor.txt"
expiration = 300 # 5 minutes
[email.templates.security_alert]
subject = "Security Alert - Account Activity"
template = "security_alert.hbs"
text_template = "security_alert.txt"
[email.templates.account_locked]
subject = "Account Temporarily Locked"
template = "account_locked.hbs"
text_template = "account_locked.txt"
# Email Queue Configuration - Production
[email.queue]
enabled = true
max_retry_attempts = 3
retry_delay = 60 # seconds
batch_size = 50
processing_interval = 30 # seconds
dead_letter_queue = true
max_queue_size = 10000
# Rate Limiting - Strict for production
[email.rate_limiting]
max_emails_per_minute = 100
max_emails_per_hour = 2000
max_emails_per_day = 20000
burst_limit = 20
per_user_limit = 10 # emails per user per hour
# Email Validation - Strict for production
[email.validation]
check_mx_records = true
check_disposable_domains = true
allowed_domains = [] # Configure specific domains if needed
blocked_domains = [
"tempmail.org",
"10minutemail.com",
"guerrillamail.com",
"mailinator.com",
"temp-mail.org"
]
# Bounce Handling - Enabled for production
[email.bounce_handling]
enabled = true
webhook_url = "/webhooks/email/bounce"
webhook_secret = "${EMAIL_WEBHOOK_SECRET}"
max_bounce_rate = 0.05 # 5%
auto_suppress_bounces = true
bounce_notification_email = "${ADMIN_EMAIL}"
# Email Analytics - Enabled for production
[email.analytics]
track_opens = true
track_clicks = true
track_deliveries = true
track_bounces = true
track_complaints = true
retention_days = 90
# Security Settings - Enabled for production
[email.security]
enable_dkim = true
dkim_selector = "default"
dkim_private_key_path = "${DKIM_PRIVATE_KEY_PATH}"
enable_spf = true
enable_dmarc = true
dmarc_policy = "quarantine"
# Internationalization - Full support for production
[email.i18n]
auto_detect_language = true
fallback_language = "en"
timezone = "UTC"
date_format = "%Y-%m-%d %H:%M:%S"
# Development Settings - Disabled for production
[email.development]
intercept_emails = false
intercept_to = ""
log_all_emails = false
fake_send = false
# Monitoring and Alerting - Production
[email.monitoring]
enabled = true
alert_on_high_bounce_rate = true
alert_on_high_complaint_rate = true
alert_on_delivery_failures = true
alert_on_quota_exceeded = true
alert_email = "${ADMIN_EMAIL}"
metrics_endpoint = "/metrics/email"
# Compliance - Production
[email.compliance]
gdpr_enabled = true
can_spam_compliant = true
unsubscribe_url = "${BASE_URL}/unsubscribe"
privacy_policy_url = "${BASE_URL}/privacy"
terms_of_service_url = "${BASE_URL}/terms"

178
config/features/metrics.toml Normal file
View File

@ -0,0 +1,178 @@
# Metrics Feature Configuration
# Settings for Prometheus metrics collection and monitoring
[features]
metrics = true
# Metrics Collection
[metrics]
enabled = true
endpoint = "/metrics"
health_endpoint = "/metrics/health"
collection_interval = 30 # seconds
enable_process_metrics = true
enable_runtime_metrics = true
# Prometheus Configuration
[metrics.prometheus]
namespace = "rustelo"
subsystem = ""
registry_type = "default" # "default" or "custom"
enable_exemplars = false
histogram_buckets = [0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0]
# HTTP Metrics
[metrics.http]
enabled = true
track_request_count = true
track_request_duration = true
track_requests_in_flight = true
track_response_size = true
track_request_size = true
include_user_agent = false
include_ip_address = false
slow_request_threshold = 1.0 # seconds
# Database Metrics
[metrics.database]
enabled = true
track_connection_pool = true
track_query_duration = true
track_query_count = true
track_connection_errors = true
track_migration_status = true
slow_query_threshold = 0.1 # seconds
include_query_tags = false # Can expose sensitive data
# Authentication Metrics
[metrics.auth]
enabled = true
track_login_attempts = true
track_login_failures = true
track_session_duration = true
track_active_sessions = true
track_token_generations = true
track_password_resets = true
track_registration_attempts = true
include_failure_reasons = true
# Content Metrics
[metrics.content]
enabled = true
track_content_requests = true
track_cache_performance = true
track_content_processing_time = true
track_search_queries = true
track_content_views = true
track_popular_content = true
# Email Metrics
[metrics.email]
enabled = true
track_emails_sent = true
track_email_failures = true
track_queue_size = true
track_processing_time = true
track_bounce_rate = true
track_delivery_rate = true
include_provider_metrics = true
# System Metrics
[metrics.system]
enabled = true
track_memory_usage = true
track_cpu_usage = true
track_disk_usage = true
track_network_io = true
track_file_descriptors = true
track_uptime = true
collection_interval = 15 # seconds
# Business Metrics
[metrics.business]
enabled = true
track_user_registrations = true
track_user_logins = true
track_content_creation = true
track_api_usage = true
track_feature_usage = true
track_error_rates = true
track_conversion_metrics = false
# Performance Metrics
[metrics.performance]
enabled = true
track_garbage_collection = true
track_thread_pool_usage = true
track_async_task_metrics = true
track_lock_contention = false
track_allocation_rate = false
# Custom Metrics
[metrics.custom]
enabled = true
allow_custom_counters = true
allow_custom_gauges = true
allow_custom_histograms = true
max_custom_metrics = 100
custom_metric_prefix = "custom_"
# Metric Labels
[metrics.labels]
include_environment = true
include_version = true
include_instance_id = true
include_hostname = false
custom_labels = {}
# Metric Filtering
[metrics.filters]
exclude_patterns = []
include_patterns = ["*"]
exclude_sensitive_data = true
max_label_count = 20
max_label_length = 100
# Aggregation Settings
[metrics.aggregation]
enable_summary_metrics = true
summary_objectives = [0.5, 0.9, 0.95, 0.99]
histogram_max_age = 600 # seconds
gauge_max_age = 300 # seconds
# Export Configuration
[metrics.export]
format = "prometheus" # "prometheus", "json", "statsd"
compression = "gzip"
timeout = 30 # seconds
include_help_text = true
include_type_info = true
# Rate Limiting for Metrics Endpoint
[metrics.rate_limiting]
enabled = true
requests_per_minute = 60
burst_limit = 10
exclude_internal_requests = true
# Security
[metrics.security]
enable_authentication = false
allowed_ips = [] # Empty means all IPs allowed
api_key_header = "X-Metrics-API-Key"
api_key = "" # Set in environment or use encrypted value
# Alerting Integration
[metrics.alerting]
enabled = false
webhook_url = ""
alert_threshold_errors = 10
alert_threshold_latency = 5.0 # seconds
alert_cooldown = 300 # seconds
# Development Settings
[metrics.development]
enable_debug_metrics = false
log_metric_collection = false
metric_collection_timeout = 5 # seconds
enable_metric_validation = true

171
config/features/metrics/dev.toml Normal file
View File

@ -0,0 +1,171 @@
# Metrics Feature Configuration - Development Environment
# Settings optimized for local development and debugging
[features]
metrics = true
# Metrics Configuration - Development
[metrics]
enabled = true
endpoint = "/metrics"
port = 9090
host = "127.0.0.1"
format = "prometheus" # "prometheus", "json", "statsd"
collection_interval = 15 # seconds
retention_period = 3600 # 1 hour for development
# Prometheus Configuration - Development
[metrics.prometheus]
enabled = true
endpoint = "/metrics"
include_default_metrics = true
include_process_metrics = true
include_runtime_metrics = true
histogram_buckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0]
# System Metrics - Development
[metrics.system]
enabled = true
collect_cpu = true
collect_memory = true
collect_disk = true
collect_network = true
collect_load = true
collect_processes = false
collection_interval = 10 # seconds
# HTTP Metrics - Development
[metrics.http]
enabled = true
track_requests = true
track_response_times = true
track_status_codes = true
track_request_size = true
track_response_size = true
track_user_agents = false
track_ip_addresses = false
histogram_buckets = [0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0]
# Database Metrics - Development
[metrics.database]
enabled = true
track_queries = true
track_query_duration = true
track_connection_pool = true
track_slow_queries = true
slow_query_threshold = 100 # milliseconds
track_query_types = true
log_queries = true
# Application Metrics - Development
[metrics.application]
enabled = true
track_business_metrics = true
track_custom_counters = true
track_custom_gauges = true
track_custom_histograms = true
track_feature_usage = true
track_errors = true
track_warnings = true
# Performance Metrics - Development
[metrics.performance]
enabled = true
track_memory_usage = true
track_cpu_usage = true
track_gc_metrics = true
track_thread_metrics = true
track_async_metrics = true
profile_slow_operations = true
profile_threshold = 50 # milliseconds
# Cache Metrics - Development
[metrics.cache]
enabled = true
track_hit_rate = true
track_miss_rate = true
track_eviction_rate = true
track_memory_usage = true
track_operation_times = true
# Security Metrics - Development
[metrics.security]
enabled = true
track_failed_logins = true
track_blocked_requests = true
track_rate_limit_hits = true
track_csrf_failures = true
track_auth_events = true
log_security_events = true
# Custom Metrics - Development
[metrics.custom]
enabled = true
user_registrations = true
user_logins = true
content_views = true
api_calls = true
feature_toggles = true
error_rates = true
# Alerting - Development (basic)
[metrics.alerting]
enabled = false
webhook_url = "http://localhost:3001/alerts"
alert_on_high_error_rate = false
error_rate_threshold = 0.1
alert_on_high_response_time = false
response_time_threshold = 1000 # milliseconds
alert_on_low_memory = false
memory_threshold = 0.1 # 10% available
# Export Configuration - Development
[metrics.export]
enabled = true
formats = ["prometheus", "json"]
file_export = true
export_dir = "metrics"
export_interval = 60 # seconds
compress_exports = false
# Grafana Integration - Development
[metrics.grafana]
enabled = false
url = "http://localhost:3000"
dashboard_enabled = false
auto_create_dashboards = false
api_key = ""
# StatsD Configuration - Development
[metrics.statsd]
enabled = false
host = "localhost"
port = 8125
prefix = "rustelo.dev"
tags_enabled = true
# Logging Configuration - Development
[metrics.logging]
enabled = true
log_level = "debug"
log_file = "logs/metrics.log"
log_to_console = true
log_slow_metrics = true
log_collection_errors = true
# Performance Settings - Development
[metrics.performance]
async_collection = true
buffer_size = 1000
batch_size = 100
collection_timeout = 5000 # milliseconds
max_memory_usage = 104857600 # 100MB
# Development Settings
[metrics.development]
debug_mode = true
verbose_logging = true
collect_debug_metrics = true
expose_internal_metrics = true
enable_metric_explorer = true
mock_external_metrics = true

264
config/features/metrics/example.toml Normal file
View File

@ -0,0 +1,264 @@
# Metrics Feature Configuration - Example Environment
# Complete documentation of all metrics and monitoring options
[features]
metrics = true
[metrics]
enabled = true
endpoint = "/metrics" # Metrics endpoint path
format = "prometheus" # Metrics format: prometheus, json, influxdb
namespace = "rustelo" # Metrics namespace
subsystem = "app" # Metrics subsystem
collect_interval = 15 # Collection interval in seconds
export_interval = 30 # Export interval in seconds
retention_days = 30 # Metrics retention period
buffer_size = 10000 # Metrics buffer size
flush_interval = 5 # Buffer flush interval in seconds
compression = true # Enable metrics compression
authentication_required = false # Require authentication for metrics endpoint
[metrics.prometheus]
enabled = true # Enable Prometheus metrics
port = 9090 # Prometheus server port
path = "/metrics" # Prometheus metrics path
registry = "default" # Prometheus registry name
default_labels = { service = "rustelo", version = "1.0.0", environment = "production" } # Default labels for all metrics
histogram_buckets = [ # Default histogram buckets
0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0
]
summary_objectives = [ # Summary quantiles
{ quantile = 0.5, error = 0.05 },
{ quantile = 0.9, error = 0.01 },
{ quantile = 0.99, error = 0.001 }
]
max_age = 600 # Maximum age for summary metrics
age_buckets = 5 # Number of age buckets for summaries
[metrics.influxdb]
enabled = false # Enable InfluxDB metrics
host = "localhost" # InfluxDB host
port = 8086 # InfluxDB port
database = "rustelo_metrics" # InfluxDB database name
username = "admin" # InfluxDB username
password = "password" # InfluxDB password (use env var)
measurement = "application_metrics" # InfluxDB measurement name
retention_policy = "autogen" # InfluxDB retention policy
precision = "s" # Timestamp precision: s, ms, us, ns
timeout = 10 # Connection timeout in seconds
max_retries = 3 # Maximum retry attempts
batch_size = 1000 # Batch size for writing points
flush_interval = 10 # Flush interval in seconds
[metrics.statsd]
enabled = false # Enable StatsD metrics
host = "localhost" # StatsD host
port = 8125 # StatsD port
prefix = "rustelo" # Metrics prefix
tags_enabled = true # Enable tags support
tag_format = "datadog" # Tag format: datadog, influxdb
buffer_size = 1000 # Buffer size for metrics
flush_interval = 5 # Flush interval in seconds
connection_timeout = 5 # Connection timeout in seconds
[metrics.system]
enabled = true # Collect system metrics
cpu_usage = true # Monitor CPU usage
memory_usage = true # Monitor memory usage
disk_usage = true # Monitor disk usage
disk_io = true # Monitor disk I/O
network_usage = true # Monitor network usage
network_io = true # Monitor network I/O
load_average = true # Monitor load average
open_files = true # Monitor open file descriptors
processes = true # Monitor process count
uptime = true # Monitor system uptime
collection_interval = 30 # System metrics collection interval
[metrics.application]
enabled = true # Collect application metrics
request_metrics = true # HTTP request metrics
response_metrics = true # HTTP response metrics
database_metrics = true # Database query metrics
cache_metrics = true # Cache hit/miss metrics
error_metrics = true # Error rate metrics
performance_metrics = true # Performance metrics
memory_metrics = true # Application memory metrics
gc_metrics = true # Garbage collection metrics
thread_metrics = true # Thread pool metrics
connection_metrics = true # Connection pool metrics
[metrics.http]
enabled = true # Enable HTTP metrics
track_requests = true # Track HTTP requests
track_responses = true # Track HTTP responses
track_duration = true # Track request duration
track_size = true # Track request/response size
track_status_codes = true # Track HTTP status codes
track_methods = true # Track HTTP methods
track_paths = true # Track request paths
track_user_agents = false # Track user agents
track_remote_addr = false # Track remote addresses
group_paths = true # Group similar paths
exclude_paths = ["/health", "/metrics"] # Exclude paths from tracking
slow_request_threshold = 1000 # Slow request threshold in milliseconds
[metrics.database]
enabled = true # Enable database metrics
track_queries = true # Track database queries
track_connections = true # Track database connections
track_transactions = true # Track database transactions
track_slow_queries = true # Track slow queries
slow_query_threshold = 1000 # Slow query threshold in milliseconds
track_query_types = true # Track query types (SELECT, INSERT, etc.)
track_tables = true # Track table access
track_errors = true # Track database errors
connection_pool_metrics = true # Connection pool metrics
query_cache_metrics = true # Query cache metrics
[metrics.cache]
enabled = true # Enable cache metrics
track_hits = true # Track cache hits
track_misses = true # Track cache misses
track_sets = true # Track cache sets
track_gets = true # Track cache gets
track_deletes = true # Track cache deletes
track_evictions = true # Track cache evictions
track_size = true # Track cache size
track_memory_usage = true # Track cache memory usage
track_ttl = true # Track TTL metrics
per_key_metrics = false # Track per-key metrics (high cardinality)
[metrics.business]
enabled = true # Enable business metrics
user_registrations = true # Track user registrations
user_logins = true # Track user logins
user_activity = true # Track user activity
content_created = true # Track content creation
content_views = true # Track content views
api_usage = true # Track API usage
feature_usage = true # Track feature usage
conversion_metrics = true # Track conversion metrics
revenue_metrics = false # Track revenue metrics
custom_events = true # Track custom events
[metrics.alerts]
enabled = true # Enable alerting
alert_manager_url = "http://localhost:9093" # AlertManager URL
webhook_url = "https://hooks.slack.com/services/xxx" # Webhook URL for alerts
email_notifications = true # Enable email notifications
slack_notifications = true # Enable Slack notifications
pagerduty_notifications = false # Enable PagerDuty notifications
alert_rules = [
{ name = "high_error_rate", condition = "error_rate > 5.0", duration = "5m", severity = "warning", description = "High error rate detected" },
{ name = "high_response_time", condition = "response_time_p95 > 2000", duration = "5m", severity = "warning", description = "High response time detected" },
{ name = "low_disk_space", condition = "disk_usage > 90", duration = "5m", severity = "critical", description = "Low disk space" }
]
[metrics.dashboards]
enabled = true # Enable dashboard integration
grafana_enabled = true # Enable Grafana integration
grafana_url = "http://localhost:3000" # Grafana URL
grafana_api_key = "your-api-key" # Grafana API key (use env var)
auto_create_dashboards = true # Auto-create dashboards
dashboard_templates = true # Use dashboard templates
default_dashboard = "rustelo-overview" # Default dashboard name
custom_dashboards = [
{ name = "application-overview", panels = ["cpu", "memory", "requests", "errors"] },
{ name = "database-performance", panels = ["query_time", "connections", "slow_queries"] },
{ name = "diagnostic-dashboard", panels = ["error_rates", "latency", "throughput", "system_health"] }
]
[metrics.exporters]
enabled = true # Enable metrics exporters
prometheus_exporter = true # Enable Prometheus exporter
influxdb_exporter = false # Enable InfluxDB exporter
statsd_exporter = false # Enable StatsD exporter
json_exporter = true # Enable JSON exporter
csv_exporter = false # Enable CSV exporter
export_directory = "exports" # Directory for exported metrics
export_schedule = "0 0 * * *" # Export schedule (daily at midnight)
export_retention = 30 # Export file retention in days
export_compression = true # Compress exported files
[metrics.sampling]
enabled = true # Enable metrics sampling
sample_rate = 1.0 # Sample rate (0.0 to 1.0)
high_cardinality_limit = 10000 # High cardinality limit
adaptive_sampling = true # Enable adaptive sampling
sampling_strategies = [
{ metric_pattern = "http_requests_*", sample_rate = 0.1, max_cardinality = 1000 },
{ metric_pattern = "database_queries_*", sample_rate = 0.05, max_cardinality = 500 }
] # Sampling strategies
[metrics.security]
enabled = true # Enable metrics security
authentication_required = true # Require authentication
authorization_enabled = true # Enable authorization
allowed_roles = ["admin", "operator"] # Allowed roles for metrics access
tls_enabled = true # Enable TLS for metrics endpoint
client_cert_required = false # Require client certificates
rate_limiting = true # Enable rate limiting
rate_limit_requests = 100 # Rate limit (requests per minute)
ip_whitelist = ["127.0.0.1", "::1"] # IP whitelist for metrics access
audit_logging = true # Enable audit logging
[metrics.performance]
enabled = true # Enable performance optimizations
async_collection = true # Enable async metrics collection
batch_processing = true # Enable batch processing
memory_optimization = true # Enable memory optimization
compression = true # Enable compression
lazy_initialization = true # Enable lazy initialization
connection_pooling = true # Enable connection pooling
cache_metrics = true # Cache computed metrics
parallel_processing = true # Enable parallel processing
buffer_optimization = true # Optimize buffer usage
gc_optimization = true # Optimize garbage collection
[metrics.debugging]
enabled = false # Enable debugging (development only)
verbose_logging = false # Enable verbose logging
debug_endpoint = "/debug/metrics" # Debug endpoint path
dump_metrics = false # Dump metrics to file
trace_collection = false # Trace metrics collection
profiling_enabled = false # Enable profiling
memory_profiling = false # Enable memory profiling
cpu_profiling = false # Enable CPU profiling
debug_labels = false # Add debug labels to metrics
validation_enabled = false # Enable metrics validation
[metrics.storage]
enabled = true # Enable metrics storage
storage_backend = "prometheus" # Storage backend: prometheus, influxdb, file
storage_path = "metrics_data" # Storage path for file backend
retention_policy = "30d" # Retention policy
compression_enabled = true # Enable storage compression
backup_enabled = true # Enable metrics backup
backup_schedule = "0 2 * * *" # Backup schedule (daily at 2 AM)
backup_retention = 7 # Backup retention in days
cleanup_enabled = true # Enable automatic cleanup
cleanup_schedule = "0 3 * * *" # Cleanup schedule (daily at 3 AM)
[metrics.integrations]
enabled = true # Enable external integrations
datadog_enabled = false # Enable Datadog integration
newrelic_enabled = false # Enable New Relic integration
dynatrace_enabled = false # Enable Dynatrace integration
splunk_enabled = false # Enable Splunk integration
elastic_enabled = false # Enable Elasticsearch integration
custom_integrations = [] # Custom integration configurations
webhook_integrations = [] # Webhook integration configurations
api_integrations = [] # API integration configurations
[metrics.compliance]
enabled = true # Enable compliance features
gdpr_compliance = true # Enable GDPR compliance
data_anonymization = true # Enable data anonymization
pii_scrubbing = true # Scrub PII from metrics
audit_trail = true # Maintain audit trail
data_retention_policy = true # Enforce data retention policy
consent_tracking = false # Track consent for metrics
right_to_deletion = true # Support right to deletion
data_export = true # Support data export
privacy_controls = true # Enable privacy controls

262
config/features/metrics/prod.toml Normal file
View File

@ -0,0 +1,262 @@
# Metrics Feature Configuration - Production Environment
# Settings optimized for production monitoring and performance
[features]
metrics = true
# Metrics Configuration - Production
[metrics]
enabled = true
endpoint = "/metrics"
port = 0 # Use main server port
host = "127.0.0.1"
format = "prometheus"
collection_interval = 15 # seconds
retention_period = 86400 # 24 hours
buffer_size = 10000
flush_interval = 30 # seconds
# Prometheus Configuration - Production
[metrics.prometheus]
enabled = true
endpoint = "/metrics"
include_default_metrics = true
include_process_metrics = true
include_runtime_metrics = true
histogram_buckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0]
enable_exemplars = true
exemplar_sample_rate = 0.01
# System Metrics - Production
[metrics.system]
enabled = true
collect_cpu = true
collect_memory = true
collect_disk = true
collect_network = true
collect_load = true
collect_processes = false # Disabled for performance
collection_interval = 30 # seconds
cpu_percent_precision = 2
memory_usage_threshold = 0.85 # Alert threshold
# HTTP Metrics - Production
[metrics.http]
enabled = true
track_requests = true
track_response_times = true
track_status_codes = true
track_request_size = true
track_response_size = true
track_user_agents = false # Disabled for privacy
track_ip_addresses = false # Disabled for privacy
histogram_buckets = [0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0]
exclude_paths = ["/health", "/metrics", "/favicon.ico"]
# Database Metrics - Production
[metrics.database]
enabled = true
track_queries = true
track_query_duration = true
track_connection_pool = true
track_slow_queries = true
slow_query_threshold = 500 # milliseconds
track_query_types = true
log_queries = false # Disabled for performance
track_transactions = true
track_locks = true
# Application Metrics - Production
[metrics.application]
enabled = true
track_business_metrics = true
track_custom_counters = true
track_custom_gauges = true
track_custom_histograms = true
track_feature_usage = true
track_errors = true
track_warnings = false # Disabled for noise reduction
track_user_actions = true
track_api_usage = true
# Performance Metrics - Production
[metrics.performance]
enabled = true
track_memory_usage = true
track_cpu_usage = true
track_gc_metrics = true
track_thread_metrics = true
track_async_metrics = true
profile_slow_operations = true
profile_threshold = 100 # milliseconds
enable_profiling = false # Disabled for performance
# Cache Metrics - Production
[metrics.cache]
enabled = true
track_hit_rate = true
track_miss_rate = true
track_eviction_rate = true
track_memory_usage = true
track_operation_times = true
track_key_distribution = false
track_size_distribution = true
# Security Metrics - Production
[metrics.security]
enabled = true
track_failed_logins = true
track_blocked_requests = true
track_rate_limit_hits = true
track_csrf_failures = true
track_auth_events = true
log_security_events = false # Separate security logging
track_suspicious_activity = true
track_intrusion_attempts = true
# Custom Metrics - Production
[metrics.custom]
enabled = true
user_registrations = true
user_logins = true
content_views = true
api_calls = true
feature_toggles = true
error_rates = true
conversion_rates = true
business_kpis = true
# Alerting - Production
[metrics.alerting]
enabled = true
webhook_url = "${ALERT_WEBHOOK_URL}"
alert_on_high_error_rate = true
error_rate_threshold = 0.05 # 5%
alert_on_high_response_time = true
response_time_threshold = 2000 # milliseconds
alert_on_low_memory = true
memory_threshold = 0.15 # 15% available
alert_on_high_cpu = true
cpu_threshold = 0.80 # 80% usage
alert_on_database_issues = true
alert_on_service_down = true
cooldown_period = 300 # seconds
# Export Configuration - Production
[metrics.export]
enabled = true
formats = ["prometheus"]
file_export = false
export_dir = "/var/lib/rustelo/metrics"
export_interval = 60 # seconds
compress_exports = true
retention_days = 7
# Grafana Integration - Production
[metrics.grafana]
enabled = true
url = "${GRAFANA_URL}"
dashboard_enabled = true
auto_create_dashboards = false
api_key = "${GRAFANA_API_KEY}"
organization_id = "${GRAFANA_ORG_ID}"
folder_name = "Rustelo"
datasource_name = "Prometheus"
# Prometheus Integration - Production
[metrics.prometheus]
server_url = "${PROMETHEUS_URL}"
pushgateway_url = "${PROMETHEUS_PUSHGATEWAY_URL}"
job_name = "rustelo"
instance_name = "${HOSTNAME}"
push_interval = 30 # seconds
basic_auth_username = "${PROMETHEUS_USERNAME}"
basic_auth_password = "${PROMETHEUS_PASSWORD}"
# StatsD Configuration - Production
[metrics.statsd]
enabled = false
host = "${STATSD_HOST}"
port = 8125
prefix = "rustelo.prod"
tags_enabled = true
flush_interval = 10 # seconds
max_packet_size = 1400
# Datadog Integration - Production
[metrics.datadog]
enabled = false
api_key = "${DATADOG_API_KEY}"
app_key = "${DATADOG_APP_KEY}"
site = "datadoghq.com" # or "datadoghq.eu"
service_name = "rustelo"
environment = "production"
tags = ["service:rustelo", "env:production"]
# New Relic Integration - Production
[metrics.newrelic]
enabled = false
license_key = "${NEWRELIC_LICENSE_KEY}"
app_name = "Rustelo Production"
log_level = "info"
audit_log_enabled = true
# Logging Configuration - Production
[metrics.logging]
enabled = true
log_level = "info"
log_file = "/var/log/rustelo/metrics.log"
log_to_console = false
log_slow_metrics = true
log_collection_errors = true
log_rotation = "daily"
log_retention_days = 30
# Performance Settings - Production
[metrics.performance]
async_collection = true
buffer_size = 10000
batch_size = 1000
collection_timeout = 5000 # milliseconds
max_memory_usage = 268435456 # 256MB
sampling_rate = 1.0 # 100% sampling
adaptive_sampling = true
high_cardinality_limit = 10000
# Security Settings - Production
[metrics.security]
require_authentication = true
allowed_ips = ["127.0.0.1", "::1"] # Localhost only
api_key_required = true
api_key_header = "X-Metrics-API-Key"
rate_limit_enabled = true
rate_limit_requests = 100
rate_limit_window = 60 # seconds
# Compliance Settings - Production
[metrics.compliance]
gdpr_compliant = true
anonymize_user_data = true
data_retention_days = 90
audit_log_enabled = true
export_enabled = true
right_to_be_forgotten = true
# Health Checks - Production
[metrics.health]
enabled = true
endpoint = "/metrics/health"
check_collectors = true
check_exporters = true
check_storage = true
timeout = 5000 # milliseconds
failure_threshold = 3
# Development Settings - Disabled for production
[metrics.development]
debug_mode = false
verbose_logging = false
collect_debug_metrics = false
expose_internal_metrics = false
enable_metric_explorer = false
mock_external_metrics = false

304
config/features/rbac.toml Normal file
View File

@ -0,0 +1,304 @@
# RBAC Configuration for Rustelo Framework
# This file defines access control rules for databases, files, and content
[rbac]
# Cache TTL in seconds (default: 300 = 5 minutes)
cache_ttl_seconds = 300
# Default permissions for resource types when no specific rules match
[rbac.default_permissions]
Database = ["read_content"]
File = ["read_file:public/*"]
Content = ["read_content"]
Api = []
# Category hierarchies - higher categories inherit lower category permissions
[rbac.category_hierarchies]
admin = ["editor", "viewer", "finance", "hr", "it"]
editor = ["viewer"]
finance = ["viewer"]
hr = ["viewer"]
it = ["admin"] # IT can access admin resources
# Tag hierarchies - higher tags inherit lower tag permissions
[rbac.tag_hierarchies]
public = ["internal"]
internal = ["confidential"]
confidential = ["restricted"]
# Access rules - evaluated in order of priority (higher numbers first)
[[rbac.rules]]
id = "admin_full_access"
resource_type = "database"
resource_name = "*"
allowed_roles = ["admin"]
allowed_permissions = []
required_categories = []
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 1000
[[rbac.rules]]
id = "admin_all_files"
resource_type = "file"
resource_name = "*"
allowed_roles = ["admin"]
allowed_permissions = []
required_categories = ["admin"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 1000
[[rbac.rules]]
id = "editor_content_access"
resource_type = "content"
resource_name = "*"
allowed_roles = ["moderator"]
allowed_permissions = ["write_content"]
required_categories = ["editor"]
required_tags = []
deny_categories = []
deny_tags = ["restricted"]
is_active = true
priority = 800
[[rbac.rules]]
id = "editor_database_content"
resource_type = "database"
resource_name = "content*"
allowed_roles = ["moderator"]
allowed_permissions = ["write_database:content*"]
required_categories = ["editor"]
required_tags = []
deny_categories = []
deny_tags = ["restricted"]
is_active = true
priority = 800
[[rbac.rules]]
id = "user_public_files"
resource_type = "file"
resource_name = "public/*"
allowed_roles = ["user"]
allowed_permissions = []
required_categories = []
required_tags = ["public"]
deny_categories = []
deny_tags = []
is_active = true
priority = 500
[[rbac.rules]]
id = "user_uploads"
resource_type = "file"
resource_name = "uploads/user/*"
allowed_roles = ["user"]
allowed_permissions = ["write_file:uploads/user/*"]
required_categories = []
required_tags = []
deny_categories = []
deny_tags = ["restricted"]
is_active = true
priority = 500
[[rbac.rules]]
id = "finance_financial_data"
resource_type = "database"
resource_name = "finance*"
allowed_roles = ["user"]
allowed_permissions = ["read_database:finance*"]
required_categories = ["finance"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 700
[[rbac.rules]]
id = "finance_reports"
resource_type = "file"
resource_name = "reports/financial/*"
allowed_roles = ["user"]
allowed_permissions = ["read_file:reports/financial/*"]
required_categories = ["finance"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 700
[[rbac.rules]]
id = "hr_employee_data"
resource_type = "database"
resource_name = "hr*"
allowed_roles = ["user"]
allowed_permissions = ["read_database:hr*", "write_database:hr*"]
required_categories = ["hr"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 700
[[rbac.rules]]
id = "sensitive_data_restriction"
resource_type = "database"
resource_name = "*sensitive*"
allowed_roles = ["admin"]
allowed_permissions = []
required_categories = ["admin"]
required_tags = ["sensitive"]
deny_categories = []
deny_tags = []
is_active = true
priority = 900
[[rbac.rules]]
id = "confidential_files"
resource_type = "file"
resource_name = "*confidential*"
allowed_roles = ["admin", "moderator"]
allowed_permissions = []
required_categories = ["admin"]
required_tags = ["confidential"]
deny_categories = []
deny_tags = []
is_active = true
priority = 900
[[rbac.rules]]
id = "api_admin_endpoints"
resource_type = "api"
resource_name = "/api/admin/*"
allowed_roles = ["admin"]
allowed_permissions = ["manage_system"]
required_categories = ["admin"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 1000
[[rbac.rules]]
id = "api_user_endpoints"
resource_type = "api"
resource_name = "/api/user/*"
allowed_roles = ["user"]
allowed_permissions = []
required_categories = []
required_tags = []
deny_categories = []
deny_tags = ["restricted"]
is_active = true
priority = 500
[[rbac.rules]]
id = "temporary_access_restriction"
resource_type = "database"
resource_name = "*"
allowed_roles = ["user"]
allowed_permissions = []
required_categories = []
required_tags = []
deny_categories = []
deny_tags = ["temporary"]
is_active = true
priority = 100
# Example rules for specific databases
[[rbac.rules]]
id = "analytics_db_read"
resource_type = "database"
resource_name = "analytics"
allowed_roles = ["user"]
allowed_permissions = ["read_database:analytics"]
required_categories = ["viewer"]
required_tags = ["internal"]
deny_categories = []
deny_tags = []
is_active = true
priority = 600
[[rbac.rules]]
id = "user_db_write"
resource_type = "database"
resource_name = "users"
allowed_roles = ["moderator"]
allowed_permissions = ["write_database:users"]
required_categories = ["editor"]
required_tags = []
deny_categories = []
deny_tags = ["restricted"]
is_active = true
priority = 800
# Example rules for file directories
[[rbac.rules]]
id = "logs_directory_access"
resource_type = "directory"
resource_name = "/var/log/*"
allowed_roles = ["admin"]
allowed_permissions = []
required_categories = ["it"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 900
[[rbac.rules]]
id = "backup_directory_access"
resource_type = "directory"
resource_name = "/backups/*"
allowed_roles = ["admin"]
allowed_permissions = []
required_categories = ["it"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 900
# Content-specific rules
[[rbac.rules]]
id = "blog_posts_write"
resource_type = "content"
resource_name = "blog/*"
allowed_roles = ["moderator"]
allowed_permissions = ["write_content"]
required_categories = ["editor"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 700
[[rbac.rules]]
id = "pages_write"
resource_type = "content"
resource_name = "pages/*"
allowed_roles = ["moderator"]
allowed_permissions = ["write_content"]
required_categories = ["editor"]
required_tags = []
deny_categories = []
deny_tags = []
is_active = true
priority = 700
[[rbac.rules]]
id = "guest_public_content"
resource_type = "content"
resource_name = "public/*"
allowed_roles = ["guest"]
allowed_permissions = []
required_categories = []
required_tags = ["public"]
deny_categories = []
deny_tags = []
is_active = true
priority = 300

183
config/features/tls.toml Normal file
View File

@ -0,0 +1,183 @@
# TLS Feature Configuration
# Settings for HTTPS/TLS support and SSL certificate management
[features]
tls = false # Enable TLS/HTTPS support
# TLS Configuration
[tls]
enabled = false
port = 443
bind_address = "0.0.0.0"
protocols = ["TLSv1.2", "TLSv1.3"]
prefer_server_cipher_order = true
enable_http2 = true
enable_ocsp_stapling = false
# Certificate Configuration
[tls.certificates]
# Primary certificate
cert_path = "certs/server.crt"
key_path = "certs/server.key"
chain_path = "certs/chain.pem"
password_file = "" # Path to file containing private key password
# Certificate validation
verify_client_certs = false
client_ca_path = ""
client_cert_optional = true
# Let's Encrypt Configuration
[tls.letsencrypt]
enabled = false
email = "admin@example.com"
domains = ["example.com", "www.example.com"]
acme_server = "https://acme-v02.api.letsencrypt.org/directory"
challenge_type = "http-01" # "http-01", "dns-01", "tls-alpn-01"
cert_path = "certs/letsencrypt"
auto_renew = true
renew_days_before = 30
# Self-Signed Certificate Generation
[tls.self_signed]
enabled = false
country = "US"
state = "California"
city = "San Francisco"
organization = "Rustelo"
organizational_unit = "IT Department"
common_name = "localhost"
alt_names = ["127.0.0.1", "::1", "localhost"]
validity_days = 365
key_size = 2048
# Certificate Monitoring
[tls.monitoring]
check_expiry = true
expiry_warning_days = 30
expiry_critical_days = 7
notify_on_expiry = true
health_check_enabled = true
# Cipher Suites Configuration
[tls.ciphers]
# Modern cipher suites (recommended for production)
allowed_ciphers = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256"
]
# Legacy support (use with caution)
allow_legacy_ciphers = false
legacy_ciphers = [
"ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES128-SHA256"
]
# Key Exchange
[tls.key_exchange]
ecdh_curves = ["X25519", "prime256v1", "secp384r1"]
dh_param_size = 2048
dh_param_file = "" # Path to custom DH parameters
# Session Management
[tls.session]
enable_session_resumption = true
session_timeout = 300 # seconds
session_cache_size = 1024
enable_session_tickets = true
ticket_key_rotation_interval = 3600 # seconds
# HSTS (HTTP Strict Transport Security)
[tls.hsts]
enabled = true
max_age = 31536000 # 1 year in seconds
include_subdomains = true
preload = false
# Certificate Transparency
[tls.ct]
enabled = false
log_servers = [
"https://ct.googleapis.com/rocketeer/",
"https://ct.googleapis.com/aviator/"
]
# Performance Optimization
[tls.performance]
enable_zero_rtt = false # TLS 1.3 0-RTT (use with caution)
enable_early_data = false
buffer_size = 16384
max_fragment_size = 16384
enable_compression = false # Disabled for security (CRIME attack)
# Security Headers (when TLS is enabled)
[tls.security_headers]
enable_hsts = true
enable_hpkp = false # HTTP Public Key Pinning (deprecated)
hpkp_pins = []
hpkp_max_age = 5184000 # 60 days
hpkp_include_subdomains = false
# HTTP to HTTPS Redirect
[tls.redirect]
enable_http_redirect = true
redirect_port = 80
permanent_redirect = true # Use 301 instead of 302
redirect_status_code = 301
# Certificate Store Configuration
[tls.cert_store]
type = "file" # "file", "vault", "aws_acm", "azure_keyvault"
auto_reload = true
reload_interval = 3600 # seconds
# AWS Certificate Manager Integration
[tls.cert_store.aws_acm]
region = "us-west-2"
certificate_arn = ""
use_iam_role = true
access_key_id = ""
secret_access_key = ""
# HashiCorp Vault Integration
[tls.cert_store.vault]
address = "https://vault.example.com:8200"
token = ""
mount_path = "pki"
role_name = "web-server"
common_name = "example.com"
ttl = "8760h" # 1 year
# TLS Logging
[tls.logging]
log_handshakes = false
log_errors = true
log_certificate_validation = false
log_cipher_negotiation = false
debug_level = "info" # "trace", "debug", "info", "warn", "error"
# Development Settings
[tls.development]
accept_invalid_certs = false
accept_self_signed = true
skip_cert_verification = false
log_all_tls_traffic = false
enable_tls_debug = false
# Load Balancer Integration
[tls.load_balancer]
proxy_protocol = false
real_ip_header = "X-Real-IP"
trusted_proxies = ["127.0.0.1", "::1"]
terminate_at_lb = false
# Rate Limiting for TLS Handshakes
[tls.rate_limiting]
max_handshakes_per_second = 100
max_handshakes_per_ip = 10
handshake_timeout = 10 # seconds

66
config/features/tls/dev.toml Normal file
View File

@ -0,0 +1,66 @@
# TLS Feature Configuration - Development Environment
# Settings optimized for local development (usually disabled)
[features]
tls = false
# TLS Configuration - Development
[server.tls]
enabled = false
cert_path = "certs/dev/server.crt"
key_path = "certs/dev/server.key"
ca_path = "certs/dev/ca.crt"
protocols = ["TLSv1.2", "TLSv1.3"]
ciphers = [] # Use default cipher suite
cert_chain_path = ""
# Self-signed certificate configuration for development
[tls.self_signed]
generate_on_startup = true
common_name = "localhost"
subject_alt_names = ["localhost", "127.0.0.1", "::1"]
key_size = 2048
valid_days = 365
organization = "Rustelo Dev"
country = "US"
state = "Development"
locality = "Local"
# ACME/Let's Encrypt - Disabled for development
[tls.acme]
enabled = false
directory_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
email = "dev@localhost"
domains = ["localhost"]
challenge_type = "http"
key_type = "rsa2048"
# mTLS (Mutual TLS) - Disabled for development
[tls.mtls]
enabled = false
client_ca_path = "certs/dev/client-ca.crt"
verify_client_cert = false
require_client_cert = false
# TLS Session Management - Basic for development
[tls.session]
timeout = 3600 # 1 hour
cache_size = 1000
resumption_enabled = false
# Security Settings - Relaxed for development
[tls.security]
min_version = "TLSv1.2"
max_version = "TLSv1.3"
prefer_server_ciphers = true
enable_sni = true
enable_ocsp_stapling = false
enable_hsts = false
hsts_max_age = 0
hsts_include_subdomains = false
# Development Settings
[tls.development]
allow_self_signed = true
skip_verification = true
log_handshake_errors = true

266
config/features/tls/example.toml Normal file
View File

@ -0,0 +1,266 @@
# TLS Feature Configuration - Example Environment
# Complete documentation of all SSL/TLS security options
[features]
tls = true
[tls]
enabled = true
force_https = true # Force HTTPS redirects
cert_file = "/etc/ssl/certs/example.crt" # TLS certificate file path
key_file = "/etc/ssl/private/example.key" # TLS private key file path
ca_file = "/etc/ssl/certs/ca-bundle.crt" # CA certificate bundle file path
cert_chain_file = "" # Certificate chain file (optional)
dhparam_file = "/etc/ssl/dhparam.pem" # Diffie-Hellman parameters file
protocols = ["TLSv1.2", "TLSv1.3"] # Supported TLS protocol versions
prefer_server_ciphers = true # Prefer server cipher order
session_timeout = 300 # TLS session timeout in seconds
session_cache_size = 20480 # TLS session cache size
session_tickets = false # Disable session tickets for security
renegotiation = false # Disable TLS renegotiation
compression = false # Disable TLS compression (CRIME attack)
[tls.ciphers]
# Modern cipher suites for TLS 1.2 and 1.3
cipher_suites = [
# TLS 1.3 ciphers (most secure)
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
# TLS 1.2 ciphers (secure)
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256"
]
# Cipher suite selection order
cipher_order = "server" # Use server cipher order preference
ecdh_curves = [ # Supported ECDH curves
"X25519", "prime256v1", "secp384r1"
]
signature_algorithms = [ # Supported signature algorithms
"rsa_pss_rsae_sha256",
"rsa_pss_rsae_sha384",
"rsa_pss_rsae_sha512",
"ecdsa_secp256r1_sha256",
"ecdsa_secp384r1_sha384",
"ecdsa_secp521r1_sha512",
"rsa_pkcs1_sha256",
"rsa_pkcs1_sha384",
"rsa_pkcs1_sha512"
]
[tls.security]
# HTTP Strict Transport Security (HSTS)
hsts_enabled = true # Enable HSTS
hsts_max_age = 31536000 # HSTS max age (1 year)
hsts_include_subdomains = true # Include subdomains in HSTS
hsts_preload = true # Enable HSTS preload
hsts_header = "Strict-Transport-Security" # HSTS header name
# Perfect Forward Secrecy
pfs_enabled = true # Enable Perfect Forward Secrecy
ephemeral_keys = true # Use ephemeral keys
key_exchange_algorithms = [ # Supported key exchange algorithms
"ECDHE", "DHE"
]
# OCSP (Online Certificate Status Protocol)
ocsp_enabled = true # Enable OCSP
ocsp_stapling = true # Enable OCSP stapling
ocsp_must_staple = true # Require OCSP must-staple
ocsp_responder_url = "" # OCSP responder URL (auto-detect if empty)
ocsp_cache_timeout = 3600 # OCSP response cache timeout
# Certificate Transparency
ct_enabled = true # Enable Certificate Transparency
ct_logs = [ # Certificate Transparency log URLs
"https://ct.googleapis.com/logs/argon2020/",
"https://ct.googleapis.com/logs/argon2021/",
"https://ct.googleapis.com/logs/argon2022/"
]
ct_sct_required = true # Require SCT (Signed Certificate Timestamp)
[tls.certificates]
# Certificate management and validation
cert_validation = true # Enable certificate validation
verify_hostname = true # Verify hostname in certificate
verify_expiration = true # Verify certificate expiration
expiration_warning_days = 30 # Warn when certificate expires in N days
check_revocation = true # Check certificate revocation status
allow_self_signed = false # Allow self-signed certificates (dev only)
cert_store_path = "/etc/ssl/certs" # Certificate store path
trusted_ca_file = "/etc/ssl/certs/ca-certificates.crt" # Trusted CA file
# Multi-domain certificates
sni_enabled = true # Enable Server Name Indication (SNI)
sni_strict = true # Strict SNI checking
default_cert = "/etc/ssl/certs/default.crt" # Default certificate
sni_certificates = [
{ hostname = "api.example.com", cert_file = "/etc/ssl/certs/api.example.com.crt", key_file = "/etc/ssl/private/api.example.com.key" },
{ hostname = "admin.example.com", cert_file = "/etc/ssl/certs/admin.example.com.crt", key_file = "/etc/ssl/private/admin.example.com.key" }
] # SNI certificate mappings
[tls.auto_renewal]
enabled = true # Enable automatic certificate renewal
provider = "lets_encrypt" # Certificate provider: lets_encrypt, internal_ca
acme_enabled = true # Enable ACME protocol
acme_directory = "https://acme-v02.api.letsencrypt.org/directory" # ACME directory URL
acme_email = "admin@example.com" # ACME account email
acme_key_type = "ec256" # ACME key type: rsa2048, rsa4096, ec256, ec384
acme_challenge = "http-01" # ACME challenge type: http-01, dns-01, tls-alpn-01
renewal_threshold = 2592000 # Renewal threshold in seconds (30 days)
renewal_schedule = "0 2 * * *" # Renewal check schedule (daily at 2 AM)
backup_old_certs = true # Backup old certificates before renewal
post_renewal_hooks = [ # Commands to run after renewal
"systemctl reload nginx",
"curl -X POST https://example.com/webhook/cert-renewed"
]
# DNS challenge configuration (for wildcard certificates)
dns_provider = "cloudflare" # DNS provider for DNS-01 challenge
dns_credentials = { api_token = "${CLOUDFLARE_API_TOKEN}", zone_id = "${CLOUDFLARE_ZONE_ID}" }
dns_propagation_timeout = 300 # DNS propagation timeout in seconds
[tls.client_auth]
enabled = false # Enable client certificate authentication
require_client_cert = false # Require client certificates
verify_client_cert = true # Verify client certificates
client_ca_file = "/etc/ssl/certs/client-ca.crt" # Client CA certificate file
client_cert_store = "/etc/ssl/client-certs" # Client certificate store
revocation_check = true # Check client certificate revocation
crl_file = "/etc/ssl/crl/client-crl.pem" # Certificate Revocation List file
ocsp_client_check = true # OCSP check for client certificates
# Client certificate policies
client_cert_policies = [
{ path = "/api/admin/*", require_cert = true, allowed_cas = ["internal-ca", "partner-ca"] },
{ path = "/api/public/*", require_cert = false, allowed_cas = [] }
]
[tls.monitoring]
enabled = true # Enable TLS monitoring
health_checks = true # Enable TLS health checks
cert_expiry_monitoring = true # Monitor certificate expiry
cipher_monitoring = true # Monitor cipher usage
protocol_monitoring = true # Monitor protocol usage
handshake_monitoring = true # Monitor TLS handshakes
error_monitoring = true # Monitor TLS errors
performance_monitoring = true # Monitor TLS performance
# Monitoring thresholds and alerts
# Monitoring thresholds and alerts
alert_thresholds = [
{ metric = "cert_expiry_days", value = 30, description = "Alert when certificate expires in N days" },
{ metric = "handshake_errors", value = 5.0, description = "Alert when handshake error rate > N%" },
{ metric = "weak_cipher_usage", value = 1.0, description = "Alert when weak cipher usage > N%" },
{ metric = "tls_version_compliance", value = 95.0, description = "Alert when modern TLS usage < N%" }
]
# Monitoring endpoints
metrics_endpoint = "/metrics/tls" # TLS metrics endpoint
health_endpoint = "/health/tls" # TLS health check endpoint
status_endpoint = "/status/tls" # TLS status endpoint
[tls.logging]
enabled = true # Enable TLS logging
log_level = "info" # Log level: error, warn, info, debug
log_file = "/var/log/rustelo/tls.log" # TLS log file path
log_format = "json" # Log format: json, plain
log_rotation = true # Enable log rotation
max_log_size = 104857600 # Maximum log file size (100MB)
max_log_files = 10 # Maximum log files to keep
# What to log
log_handshakes = true # Log TLS handshakes
log_certificate_events = true # Log certificate events
log_errors = true # Log TLS errors
log_cipher_usage = false # Log cipher usage (verbose)
log_client_certs = true # Log client certificate events
log_performance = false # Log performance metrics (verbose)
log_security_events = true # Log security-related events
[tls.performance]
enabled = true # Enable performance optimizations
session_resumption = true # Enable session resumption
session_cache = "shared" # Session cache type: off, builtin, shared
cache_size = 1048576 # Session cache size in bytes
cache_timeout = 300 # Session cache timeout in seconds
early_data = false # Enable TLS 1.3 early data (0-RTT)
max_early_data = 16384 # Maximum early data size
async_handshakes = true # Enable async TLS handshakes
handshake_timeout = 10 # Handshake timeout in seconds
buffer_size = 16384 # TLS buffer size
tcp_nodelay = true # Disable Nagle's algorithm for TLS
keepalive = true # Enable TCP keepalive for TLS connections
[tls.compatibility]
# Compatibility settings for older clients
legacy_support = false # Enable legacy TLS support (not recommended)
min_tls_version = "1.2" # Minimum TLS version
max_tls_version = "1.3" # Maximum TLS version
fallback_scsv = true # Enable Fallback SCSV (RFC 7507)
secure_renegotiation = true # Enable secure renegotiation
client_renegotiation = false # Allow client-initiated renegotiation
compression_disabled = true # Disable TLS compression
rc4_disabled = true # Disable RC4 ciphers
weak_dh_disabled = true # Disable weak DH parameters
export_ciphers_disabled = true # Disable export ciphers
null_ciphers_disabled = true # Disable NULL ciphers
anonymous_ciphers_disabled = true # Disable anonymous ciphers
[tls.testing]
enabled = false # Enable TLS testing (development only)
test_certificates = true # Use test certificates
self_signed_allowed = true # Allow self-signed certificates
weak_ciphers_allowed = false # Allow weak ciphers for testing
insecure_protocols_allowed = false # Allow insecure protocols for testing
certificate_validation_disabled = false # Disable certificate validation
hostname_verification_disabled = false # Disable hostname verification
test_client_certs = false # Use test client certificates
mock_ocsp_responses = false # Mock OCSP responses
ssl_labs_testing = false # Enable SSL Labs API testing
[tls.compliance]
# Compliance with security standards
pci_dss_compliance = true # Enable PCI DSS compliance
fips_mode = false # Enable FIPS mode
common_criteria = false # Enable Common Criteria compliance
fedramp_compliance = false # Enable FedRAMP compliance
hipaa_compliance = false # Enable HIPAA compliance
gdpr_compliance = true # Enable GDPR compliance
# Security policy enforcement
security_policy = "modern" # Security policy: modern, intermediate, legacy
policy_enforcement = "strict" # Policy enforcement: strict, moderate, relaxed
audit_mode = false # Enable audit mode (log violations only)
block_violations = true # Block policy violations
violation_logging = true # Log policy violations
[tls.advanced]
# Advanced TLS configuration options
custom_extensions = [] # Custom TLS extensions
alpn_protocols = ["h2", "http/1.1"] # ALPN protocol list
npn_protocols = [] # NPN protocol list (deprecated)
key_update_enabled = true # Enable TLS 1.3 key updates
post_handshake_auth = false # Enable post-handshake authentication
record_size_limit = 16384 # TLS record size limit
max_fragment_length = 16384 # Maximum fragment length
heartbeat_enabled = false # Enable heartbeat extension (disabled for security)
ticket_keys_rotation = true # Enable ticket key rotation
psk_enabled = false # Enable pre-shared keys
external_psk = false # Enable external PSK
hybrid_encryption = false # Enable hybrid encryption (quantum-resistant)
# Custom cipher suites for specific use cases
custom_cipher_suites = [] # Custom cipher suite configurations
cipher_suite_preferences = [] # Cipher suite preference overrides
protocol_preferences = [] # Protocol preference overrides

123
config/features/tls/prod.toml Normal file
View File

@ -0,0 +1,123 @@
# TLS Feature Configuration - Production Environment
# Settings optimized for production security and performance
[features]
tls = true
# TLS Configuration - Production
[server.tls]
enabled = true
cert_path = "${TLS_CERT_PATH}"
key_path = "${TLS_KEY_PATH}"
ca_path = "${TLS_CA_PATH}"
protocols = ["TLSv1.3"]
ciphers = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256"
]
cert_chain_path = "${TLS_CERT_CHAIN_PATH}"
dhparam_path = "${TLS_DHPARAM_PATH}"
# Self-signed certificate configuration - Disabled for production
[tls.self_signed]
generate_on_startup = false
common_name = ""
subject_alt_names = []
key_size = 4096
valid_days = 90
organization = "${COMPANY_NAME}"
country = "${COUNTRY_CODE}"
state = "${STATE}"
locality = "${CITY}"
# ACME/Let's Encrypt - Production
[tls.acme]
enabled = true
directory_url = "https://acme-v02.api.letsencrypt.org/directory"
email = "${ACME_EMAIL}"
domains = ["${DOMAIN}", "www.${DOMAIN}"]
challenge_type = "http"
key_type = "ecdsa256"
auto_renew = true
renew_days_before_expiry = 30
backup_count = 5
# mTLS (Mutual TLS) - Production
[tls.mtls]
enabled = false
client_ca_path = "${CLIENT_CA_PATH}"
verify_client_cert = false
require_client_cert = false
client_cert_header = "X-Client-Cert"
# TLS Session Management - Production
[tls.session]
timeout = 300 # 5 minutes
cache_size = 10000
resumption_enabled = true
session_tickets = true
session_ticket_key_rotation = 3600 # 1 hour
# Security Settings - Strict for production
[tls.security]
min_version = "TLSv1.3"
max_version = "TLSv1.3"
prefer_server_ciphers = true
enable_sni = true
enable_ocsp_stapling = true
enable_hsts = true
hsts_max_age = 31536000 # 1 year
hsts_include_subdomains = true
hsts_preload = true
# Certificate Monitoring - Production
[tls.monitoring]
enabled = true
check_expiry = true
expiry_warning_days = 30
alert_email = "${ADMIN_EMAIL}"
certificate_transparency_logs = true
# Performance Settings - Production
[tls.performance]
enable_http2 = true
enable_http3 = false
compression = false # Disabled for security (BREACH attack)
early_data = false # Disabled for security
buffer_size = 16384
connection_pool_size = 1000
# Certificate Rotation - Production
[tls.rotation]
enabled = true
backup_old_certs = true
backup_directory = "certs/backup"
rotation_schedule = "0 2 * * 0" # Weekly at 2 AM Sunday
max_backup_age_days = 90
# Development Settings - Disabled for production
[tls.development]
allow_self_signed = false
skip_verification = false
log_handshake_errors = false
# Compliance and Auditing - Production
[tls.compliance]
log_all_connections = true
log_certificate_details = true
audit_log_path = "logs/tls_audit.log"
retain_logs_days = 365
pci_dss_compliant = true
fips_140_2_compliant = false
# Load Balancer Integration - Production
[tls.load_balancer]
proxy_protocol = false
real_ip_header = "X-Real-IP"
forwarded_proto_header = "X-Forwarded-Proto"
trust_proxy_headers = true
trusted_proxies = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]

108
config/others/email.toml Normal file
View File

@ -0,0 +1,108 @@
# Email Configuration
# This file contains email service configuration for different providers and environments
[email]
# Enable/disable email functionality
enabled = true
# Email provider: "smtp", "sendgrid", or "console"
# - smtp: Use SMTP server (Gmail, Outlook, etc.)
# - sendgrid: Use SendGrid API
# - console: Print emails to console (development only)
provider = "console"
# Default sender information
from_email = "noreply@yourapp.com"
from_name = "Your App Name"
# Template directory for email templates
template_dir = "templates/email"
# SMTP Configuration (when provider = "smtp")
smtp_host = "smtp.gmail.com"
smtp_port = 587
smtp_username = "your-email@gmail.com"
smtp_password = "your-app-password"
smtp_use_tls = false
smtp_use_starttls = true
# SendGrid Configuration (when provider = "sendgrid")
sendgrid_api_key = ""
sendgrid_endpoint = "https://api.sendgrid.com/v3/mail/send"
# Environment-specific overrides
[environments.development]
email.enabled = true
email.provider = "console"
[environments.staging]
email.enabled = true
email.provider = "smtp"
email.smtp_host = "smtp.mailtrap.io"
email.smtp_port = 2525
email.smtp_username = "your-mailtrap-username"
email.smtp_password = "your-mailtrap-password"
[environments.production]
email.enabled = true
email.provider = "sendgrid"
email.sendgrid_api_key = "${SENDGRID_API_KEY}"
email.from_email = "noreply@yourdomain.com"
email.from_name = "Your Production App"
# Email provider examples and setup instructions
# === SMTP Providers ===
# Gmail SMTP (App Passwords required)
# smtp_host = "smtp.gmail.com"
# smtp_port = 587
# smtp_username = "your-email@gmail.com"
# smtp_password = "your-16-char-app-password"
# smtp_use_starttls = true
# Outlook/Hotmail SMTP
# smtp_host = "smtp-mail.outlook.com"
# smtp_port = 587
# smtp_username = "your-email@outlook.com"
# smtp_password = "your-password"
# smtp_use_starttls = true
# Custom SMTP Server
# smtp_host = "mail.yourdomain.com"
# smtp_port = 587
# smtp_username = "noreply@yourdomain.com"
# smtp_password = "your-password"
# smtp_use_starttls = true
# === SendGrid Setup ===
# 1. Sign up at https://sendgrid.com
# 2. Create an API key in Settings > API Keys
# 3. Set the API key in sendgrid_api_key or SENDGRID_API_KEY environment variable
# 4. Verify your sender identity in Marketing > Sender Authentication
# === Development Testing ===
# For development, you can use:
# - Console provider (prints emails to terminal)
# - Mailtrap (https://mailtrap.io) for SMTP testing
# - MailHog (local SMTP testing server)
# === Environment Variables ===
# You can use environment variables in this config:
# ${VARIABLE_NAME} will be replaced with the environment variable value
#
# Common environment variables:
# - SMTP_HOST
# - SMTP_PORT
# - SMTP_USERNAME
# - SMTP_PASSWORD
# - SENDGRID_API_KEY
# - EMAIL_FROM_ADDRESS
# - EMAIL_FROM_NAME
# === Security Notes ===
# - Never commit real passwords or API keys to version control
# - Use environment variables for sensitive data in production
# - Enable 2FA and use app passwords for Gmail
# - Regularly rotate API keys and passwords
# - Monitor email sending quotas and limits

313
config/others/rbac.env.example Normal file
View File

@ -0,0 +1,313 @@
# RBAC (Role-Based Access Control) Configuration
# Copy this file to .env and configure for your environment
# =============================================================================
# RBAC Feature Flags
# =============================================================================
# Enable/disable RBAC system entirely (default: false)
ENABLE_RBAC=false
# Database access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_DATABASE=false
# File system access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_FILES=false
# Content management access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_CONTENT=false
# API endpoint access control (requires ENABLE_RBAC=true)
ENABLE_RBAC_API=false
# User categories feature (requires ENABLE_RBAC=true)
ENABLE_RBAC_CATEGORIES=false
# User tags feature (requires ENABLE_RBAC=true)
ENABLE_RBAC_TAGS=false
# Permission caching (improves performance, requires ENABLE_RBAC=true)
ENABLE_RBAC_CACHING=false
# Access audit logging (requires ENABLE_RBAC=true)
ENABLE_RBAC_AUDIT=false
# TOML configuration file loading (requires ENABLE_RBAC=true)
ENABLE_RBAC_TOML_CONFIG=false
# Hierarchical permissions (categories/tags inheritance)
ENABLE_RBAC_HIERARCHICAL=false
# Dynamic rule evaluation
ENABLE_RBAC_DYNAMIC_RULES=false
# =============================================================================
# RBAC Configuration Paths
# =============================================================================
# Path to RBAC TOML configuration file
RBAC_CONFIG_PATH=config/rbac.toml
# Path to RBAC database migrations
RBAC_MIGRATIONS_PATH=migrations/rbac
# =============================================================================
# Core Authentication (always required)
# =============================================================================
# Enable basic authentication system
ENABLE_AUTH=true
# Enable JWT token authentication
ENABLE_JWT=true
# Enable OAuth providers (Google, GitHub, etc.)
ENABLE_OAUTH=false
# Enable two-factor authentication
ENABLE_2FA=false
# Enable session management
ENABLE_SESSIONS=true
# Enable password reset functionality
ENABLE_PASSWORD_RESET=true
# Enable email verification
ENABLE_EMAIL_VERIFICATION=false
# =============================================================================
# Database Configuration
# =============================================================================
# Database connection string
DATABASE_URL=postgresql://username:password@localhost:5432/rustelo_dev
# Database pool settings
DATABASE_MAX_CONNECTIONS=20
DATABASE_MIN_CONNECTIONS=5
DATABASE_CONNECTION_TIMEOUT=30
DATABASE_IDLE_TIMEOUT=600
DATABASE_MAX_LIFETIME=1800
# =============================================================================
# Server Configuration
# =============================================================================
# Server host and port
SERVER_HOST=127.0.0.1
SERVER_PORT=3030
SERVER_PROTOCOL=http
# Environment (development/production)
ENVIRONMENT=development
# =============================================================================
# Security Configuration
# =============================================================================
# JWT secret key (change in production!)
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
# Session secret (change in production!)
SESSION_SECRET=your-session-secret-key-change-this-in-production
# Enable CSRF protection
ENABLE_CSRF=true
# Enable rate limiting
ENABLE_RATE_LIMITING=true
# Rate limiting settings
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=60
# Bcrypt cost for password hashing
BCRYPT_COST=12
# =============================================================================
# Content Management Features
# =============================================================================
# Enable content management system
ENABLE_CONTENT=true
# Enable markdown rendering
ENABLE_MARKDOWN=true
# Enable syntax highlighting
ENABLE_SYNTAX_HIGHLIGHTING=false
# Enable file uploads
ENABLE_FILE_UPLOADS=true
# Enable content versioning
ENABLE_CONTENT_VERSIONING=false
# Enable content scheduling
ENABLE_CONTENT_SCHEDULING=false
# Enable SEO features
ENABLE_SEO=true
# =============================================================================
# Performance Features
# =============================================================================
# Enable response caching
ENABLE_CACHING=true
# Enable database query caching
ENABLE_QUERY_CACHING=true
# Enable compression
ENABLE_COMPRESSION=true
# Enable connection pooling
ENABLE_CONNECTION_POOLING=true
# Enable lazy loading
ENABLE_LAZY_LOADING=false
# Enable background tasks
ENABLE_BACKGROUND_TASKS=true
# =============================================================================
# Logging Configuration
# =============================================================================
# Log level (trace, debug, info, warn, error)
LOG_LEVEL=info
RUST_LOG=info
# Enable console logging
ENABLE_CONSOLE_LOGGING=true
# Enable file logging
ENABLE_FILE_LOGGING=false
# Log file path
LOG_FILE_PATH=logs/app.log
# =============================================================================
# TLS/HTTPS Configuration
# =============================================================================
# Enable TLS/HTTPS
ENABLE_TLS=false
# TLS certificate paths (when ENABLE_TLS=true)
TLS_CERT_PATH=certs/cert.pem
TLS_KEY_PATH=certs/key.pem
# =============================================================================
# OAuth Configuration (when ENABLE_OAUTH=true)
# =============================================================================
# Google OAuth
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_REDIRECT_URI=http://localhost:3030/auth/google/callback
# GitHub OAuth
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
GITHUB_REDIRECT_URI=http://localhost:3030/auth/github/callback
# =============================================================================
# Email Configuration (when email features are enabled)
# =============================================================================
# Enable email functionality
ENABLE_EMAIL=false
# SMTP settings
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password
FROM_EMAIL=noreply@yourapp.com
FROM_NAME=Your App
# =============================================================================
# Redis Configuration (optional)
# =============================================================================
# Enable Redis for caching/sessions
ENABLE_REDIS=false
# Redis connection
REDIS_URL=redis://localhost:6379
REDIS_POOL_SIZE=10
REDIS_CONNECTION_TIMEOUT=5
REDIS_COMMAND_TIMEOUT=5
# =============================================================================
# Custom Feature Flags
# =============================================================================
# Add your custom feature flags here
# ENABLE_MY_CUSTOM_FEATURE=false
# ENABLE_ANALYTICS=false
# ENABLE_NOTIFICATIONS=false
# =============================================================================
# RBAC Example Configurations
# =============================================================================
# Example 1: Minimal RBAC (only basic categories)
# ENABLE_RBAC=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_CACHING=true
# Example 2: Database-focused RBAC
# ENABLE_RBAC=true
# ENABLE_RBAC_DATABASE=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_TAGS=true
# ENABLE_RBAC_CACHING=true
# ENABLE_RBAC_AUDIT=true
# Example 3: Full RBAC with all features
# ENABLE_RBAC=true
# ENABLE_RBAC_DATABASE=true
# ENABLE_RBAC_FILES=true
# ENABLE_RBAC_CONTENT=true
# ENABLE_RBAC_API=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_TAGS=true
# ENABLE_RBAC_CACHING=true
# ENABLE_RBAC_AUDIT=true
# ENABLE_RBAC_TOML_CONFIG=true
# ENABLE_RBAC_HIERARCHICAL=true
# ENABLE_RBAC_DYNAMIC_RULES=true
# Example 4: Content management with RBAC
# ENABLE_RBAC=true
# ENABLE_RBAC_CONTENT=true
# ENABLE_RBAC_FILES=true
# ENABLE_RBAC_CATEGORIES=true
# ENABLE_RBAC_TAGS=true
# ENABLE_CONTENT=true
# ENABLE_FILE_UPLOADS=true
# =============================================================================
# Development vs Production Settings
# =============================================================================
# Development settings (copy these for development)
# ENVIRONMENT=development
# LOG_LEVEL=debug
# ENABLE_CSRF=false
# ENABLE_TLS=false
# DATABASE_URL=postgresql://dev:dev@localhost:5432/rustelo_dev
# Production settings (copy these for production)
# ENVIRONMENT=production
# LOG_LEVEL=warn
# ENABLE_CSRF=true
# ENABLE_TLS=true
# ENABLE_RATE_LIMITING=true
# DATABASE_URL=postgresql://prod_user:secure_password@db.example.com:5432/rustelo_prod
# JWT_SECRET=very-long-random-secure-key-for-production
# SESSION_SECRET=another-very-long-random-secure-key-for-production

331
config/scripts/build-config.sh Executable file
View File

@ -0,0 +1,331 @@
#!/bin/bash
# Configuration Builder Script
# Combines base configurations and feature configurations into a complete config.toml
# Usage: ./build-config.sh [environment] [output_file]
# Example: ./build-config.sh dev config.toml
set -e
# Default values
ENVIRONMENT="${1:-dev}"
OUTPUT_FILE="${2:-config.toml}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CONFIG_DIR="$(dirname "$SCRIPT_DIR")"
PROJECT_ROOT="$(dirname "$CONFIG_DIR")"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if environment is valid
check_environment() {
local env="$1"
case "$env" in
dev|prod|example)
return 0
;;
*)
log_error "Invalid environment: $env"
log_error "Valid environments: dev, prod, example"
exit 1
;;
esac
}
# Check if required tools are installed
check_dependencies() {
local missing_tools=()
if ! command -v toml &> /dev/null; then
missing_tools+=("toml")
fi
if [ ${#missing_tools[@]} -ne 0 ]; then
log_warning "Missing optional tools: ${missing_tools[*]}"
log_warning "For better TOML validation, install: cargo install toml-cli"
fi
}
# Create temporary directory for processing
create_temp_dir() {
TEMP_DIR=$(mktemp -d)
trap "rm -rf $TEMP_DIR" EXIT
log_info "Created temporary directory: $TEMP_DIR"
}
# Copy base configuration
copy_base_config() {
local env="$1"
local base_file="$CONFIG_DIR/base/${env}.toml"
if [ -f "$base_file" ]; then
log_info "Copying base configuration: $base_file"
cp "$base_file" "$TEMP_DIR/base.toml"
else
log_error "Base configuration not found: $base_file"
exit 1
fi
}
# Find and copy feature configurations
copy_feature_configs() {
local env="$1"
local features_dir="$CONFIG_DIR/features"
if [ ! -d "$features_dir" ]; then
log_error "Features directory not found: $features_dir"
exit 1
fi
log_info "Copying feature configurations for environment: $env"
# Create features directory in temp
mkdir -p "$TEMP_DIR/features"
# Find all feature directories
for feature_dir in "$features_dir"/*; do
if [ -d "$feature_dir" ]; then
local feature_name=$(basename "$feature_dir")
local feature_file="$feature_dir/${env}.toml"
if [ -f "$feature_file" ]; then
log_info " Found feature: $feature_name"
cp "$feature_file" "$TEMP_DIR/features/${feature_name}.toml"
else
log_warning " Feature configuration not found: $feature_file"
fi
fi
done
}
# Merge configurations using a simple approach
merge_configs() {
local output="$1"
log_info "Merging configurations..."
# Start with base configuration
cat "$TEMP_DIR/base.toml" > "$output"
# Add a separator comment
echo "" >> "$output"
echo "# =================================" >> "$output"
echo "# Feature Configurations" >> "$output"
echo "# =================================" >> "$output"
echo "" >> "$output"
# Append each feature configuration
for feature_file in "$TEMP_DIR/features"/*.toml; do
if [ -f "$feature_file" ]; then
local feature_name=$(basename "$feature_file" .toml)
echo "" >> "$output"
echo "# ${feature_name} Feature Configuration" >> "$output"
echo "# =================================" >> "$output"
cat "$feature_file" >> "$output"
echo "" >> "$output"
fi
done
# Add build information
echo "" >> "$output"
echo "# Build Information" >> "$output"
echo "# =================================" >> "$output"
echo "[build_info]" >> "$output"
echo "environment = \"$ENVIRONMENT\"" >> "$output"
echo "build_time = \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"" >> "$output"
echo "build_script = \"$(basename "$0")\"" >> "$output"
echo "config_version = \"1.0.0\"" >> "$output"
}
# Validate the generated configuration
validate_config() {
local config_file="$1"
log_info "Validating configuration..."
# Basic validation - check if file exists and is not empty
if [ ! -f "$config_file" ]; then
log_error "Configuration file not found: $config_file"
return 1
fi
if [ ! -s "$config_file" ]; then
log_error "Configuration file is empty: $config_file"
return 1
fi
# Advanced validation with toml tool if available
if command -v toml &> /dev/null; then
if toml get "$config_file" > /dev/null 2>&1; then
log_success "TOML syntax validation passed"
else
log_error "TOML syntax validation failed"
return 1
fi
else
log_warning "TOML validation tool not available, skipping syntax check"
fi
# Check for required sections
local required_sections=("server" "database" "app")
for section in "${required_sections[@]}"; do
if grep -q "^\[${section}\]" "$config_file"; then
log_info " Required section found: [$section]"
else
log_warning " Required section missing: [$section]"
fi
done
return 0
}
# Generate summary of the build
generate_summary() {
local config_file="$1"
log_info "Configuration build summary:"
log_info " Environment: $ENVIRONMENT"
log_info " Output file: $config_file"
log_info " File size: $(du -h "$config_file" | cut -f1)"
log_info " Line count: $(wc -l < "$config_file")"
# Count features
local feature_count=$(grep -c "# .* Feature Configuration" "$config_file" 2>/dev/null || echo "0")
log_info " Features included: $feature_count"
# List features
if [ "$feature_count" -gt 0 ]; then
log_info " Feature list:"
grep "# .* Feature Configuration" "$config_file" | sed 's/# \(.*\) Feature Configuration/ - \1/' || true
fi
}
# Backup existing configuration
backup_existing_config() {
local config_file="$1"
if [ -f "$config_file" ]; then
local backup_file="${config_file}.backup.$(date +%Y%m%d_%H%M%S)"
log_info "Backing up existing configuration to: $backup_file"
cp "$config_file" "$backup_file"
fi
}
# Show help
show_help() {
cat << EOF
Configuration Builder Script
USAGE:
$0 [ENVIRONMENT] [OUTPUT_FILE]
ARGUMENTS:
ENVIRONMENT Target environment (dev, prod, example). Default: dev
OUTPUT_FILE Output configuration file. Default: config.toml
EXAMPLES:
$0 # Build dev config to config.toml
$0 prod # Build prod config to config.toml
$0 dev config.dev.toml # Build dev config to config.dev.toml
$0 prod config.prod.toml # Build prod config to config.prod.toml
DESCRIPTION:
This script combines base configurations and feature-specific configurations
into a complete TOML configuration file for the specified environment.
The script looks for:
- Base configuration: config/base/[environment].toml
- Feature configurations: config/features/[feature]/[environment].toml
ENVIRONMENT VARIABLES:
CONFIG_DEBUG=1 Enable debug output
CONFIG_NO_BACKUP=1 Skip backup of existing configuration
CONFIG_VALIDATE_ONLY=1 Only validate, don't build
EOF
}
# Main function
main() {
# Parse arguments
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
show_help
exit 0
fi
# Enable debug if requested
if [ "${CONFIG_DEBUG:-0}" = "1" ]; then
set -x
fi
log_info "Starting configuration build process..."
log_info "Environment: $ENVIRONMENT"
log_info "Output file: $OUTPUT_FILE"
# Check environment
check_environment "$ENVIRONMENT"
# Check dependencies
check_dependencies
# Create temporary directory
create_temp_dir
# Copy base configuration
copy_base_config "$ENVIRONMENT"
# Copy feature configurations
copy_feature_configs "$ENVIRONMENT"
# Backup existing configuration if not disabled
if [ "${CONFIG_NO_BACKUP:-0}" != "1" ]; then
backup_existing_config "$OUTPUT_FILE"
fi
# If validation only, validate temp config and exit
if [ "${CONFIG_VALIDATE_ONLY:-0}" = "1" ]; then
merge_configs "$TEMP_DIR/validation.toml"
validate_config "$TEMP_DIR/validation.toml"
log_success "Configuration validation completed"
exit 0
fi
# Merge configurations
merge_configs "$OUTPUT_FILE"
# Validate the generated configuration
if ! validate_config "$OUTPUT_FILE"; then
log_error "Configuration validation failed"
exit 1
fi
# Generate summary
generate_summary "$OUTPUT_FILE"
log_success "Configuration build completed successfully!"
log_info "Configuration file: $OUTPUT_FILE"
}
# Run main function
main "$@"

223
config/scripts/debug-manage.sh Executable file
View File

@ -0,0 +1,223 @@
#!/bin/bash
# Debug version of configuration management script
set -e
# Script configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CONFIG_DIR="$(dirname "$SCRIPT_DIR")"
PROJECT_ROOT="$(dirname "$CONFIG_DIR")"
BACKUP_DIR="$CONFIG_DIR/backups"
ENVIRONMENTS=("dev" "prod" "example")
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Test function
test_basics() {
echo "=== Configuration Management Debug ==="
echo "SCRIPT_DIR: $SCRIPT_DIR"
echo "CONFIG_DIR: $CONFIG_DIR"
echo "PROJECT_ROOT: $PROJECT_ROOT"
echo "BACKUP_DIR: $BACKUP_DIR"
echo ""
}
# List available features
cmd_list_features() {
log_info "Available features:"
if [ -d "$CONFIG_DIR/features" ]; then
for feature_dir in "$CONFIG_DIR/features"/*; do
if [ -d "$feature_dir" ]; then
feature_name=$(basename "$feature_dir")
log_info " - $feature_name"
# Show available environments for this feature
envs=()
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$feature_dir/$env.toml" ]; then
envs+=("$env")
fi
done
if [ ${#envs[@]} -gt 0 ]; then
log_info " Environments: ${envs[*]}"
fi
fi
done
else
log_error "Features directory not found: $CONFIG_DIR/features"
return 1
fi
}
# List available environments
cmd_list_environments() {
log_info "Available environments:"
for env in "${ENVIRONMENTS[@]}"; do
log_info " - $env"
# Check if base configuration exists
if [ -f "$CONFIG_DIR/base/$env.toml" ]; then
log_info " Base config: ✓"
else
log_info " Base config: ✗"
fi
# Count available features
feature_count=0
if [ -d "$CONFIG_DIR/features" ]; then
for feature_dir in "$CONFIG_DIR/features"/*; do
if [ -d "$feature_dir" ] && [ -f "$feature_dir/$env.toml" ]; then
((feature_count++))
fi
done
fi
log_info " Available features: $feature_count"
done
}
# Build configuration
cmd_build() {
env="$1"
output="${2:-config.toml}"
if [ -z "$env" ]; then
log_error "Environment required for build command"
return 1
fi
log_info "Building configuration for environment: $env"
"$SCRIPT_DIR/build-config.sh" "$env" "$output"
}
# Show status
cmd_status() {
log_info "Configuration system status:"
# Check directories
log_info "Directories:"
for dir in base features scripts; do
if [ -d "$CONFIG_DIR/$dir" ]; then
log_info " $dir: ✓"
else
log_info " $dir: ✗"
fi
done
# Check base configurations
log_info "Base configurations:"
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$CONFIG_DIR/base/$env.toml" ]; then
log_info " $env: ✓"
else
log_info " $env: ✗"
fi
done
# Check features
log_info "Features:"
if [ -d "$CONFIG_DIR/features" ]; then
for feature_dir in "$CONFIG_DIR/features"/*; do
if [ -d "$feature_dir" ]; then
feature_name=$(basename "$feature_dir")
env_count=0
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$feature_dir/$env.toml" ]; then
((env_count++))
fi
done
log_info " $feature_name: $env_count/${#ENVIRONMENTS[@]} environments"
fi
done
fi
}
# Show help
show_help() {
cat << EOF
Debug Configuration Management Script
USAGE:
$0 [COMMAND]
COMMANDS:
list-features List available features
list-environments List available environments
build ENV [OUTPUT] Build configuration for environment
status Show configuration status
test Run basic tests
help Show this help message
EXAMPLES:
$0 list-features
$0 list-environments
$0 build dev
$0 status
$0 test
EOF
}
# Main function
main() {
command="$1"
shift
case "$command" in
list-features)
cmd_list_features
;;
list-environments)
cmd_list_environments
;;
build)
cmd_build "$@"
;;
status)
cmd_status
;;
test)
test_basics
cmd_list_features
echo ""
cmd_list_environments
echo ""
cmd_status
;;
help|"")
show_help
;;
*)
log_error "Unknown command: $command"
show_help
exit 1
;;
esac
}
# Run main function
main "$@"

293
config/scripts/demo-config.sh Executable file
View File

@ -0,0 +1,293 @@
#!/bin/bash
# Configuration System Demonstration Script
# Shows the new modular configuration system in action
# Usage: ./demo-config.sh
set -e
# Script configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CONFIG_DIR="$(dirname "$SCRIPT_DIR")"
PROJECT_ROOT="$(dirname "$CONFIG_DIR")"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
BOLD='\033[1m'
NC='\033[0m' # No Color
# Print functions
print_header() {
echo -e "\n${BOLD}${BLUE}================================${NC}"
echo -e "${BOLD}${BLUE}$1${NC}"
echo -e "${BOLD}${BLUE}================================${NC}\n"
}
print_section() {
echo -e "\n${BOLD}${CYAN}--- $1 ---${NC}"
}
print_success() {
echo -e "${GREEN}${NC} $1"
}
print_info() {
echo -e "${BLUE}${NC} $1"
}
print_warning() {
echo -e "${YELLOW}${NC} $1"
}
print_error() {
echo -e "${RED}${NC} $1"
}
# Main demonstration
main() {
print_header "Rustelo Configuration System Demo"
echo "This demonstration shows the new modular configuration system"
echo "that separates features into environment-specific configurations."
echo ""
echo "The system provides:"
echo " • Environment-specific settings (dev, prod, example)"
echo " • Feature-based configuration modules"
echo " • Automatic configuration building and validation"
echo " • Backup and management utilities"
print_section "Configuration Structure"
echo "Current configuration directory structure:"
echo ""
tree "$CONFIG_DIR" -I "__pycache__|*.pyc|*.backup*" 2>/dev/null || {
find "$CONFIG_DIR" -type f -name "*.toml" -o -name "*.sh" -o -name "*.py" | head -20
}
print_section "Available Features"
echo "Features configured in the system:"
echo ""
local features_dir="$CONFIG_DIR/features"
if [ -d "$features_dir" ]; then
for feature_dir in "$features_dir"/*; do
if [ -d "$feature_dir" ]; then
local feature_name=$(basename "$feature_dir")
local env_count=0
local env_list=""
for env_file in "$feature_dir"/*.toml; do
if [ -f "$env_file" ]; then
env_count=$((env_count + 1))
local env_name=$(basename "$env_file" .toml)
env_list="$env_list $env_name"
fi
done
printf " %-12s → %d environments (%s)\n" "$feature_name" "$env_count" "$env_list"
fi
done
fi
print_section "Building Development Configuration"
echo "Building configuration for development environment..."
echo ""
local dev_config="demo_config_dev.toml"
if "$SCRIPT_DIR/build-config.sh" dev "$dev_config"; then
print_success "Development configuration built successfully"
# Show some statistics
local file_size=$(du -h "$dev_config" | cut -f1)
local line_count=$(wc -l < "$dev_config")
local section_count=$(grep -c "^\[.*\]" "$dev_config")
echo ""
echo "Development Configuration Stats:"
echo " • File size: $file_size"
echo " • Lines: $line_count"
echo " • Sections: $section_count"
echo ""
echo "Sample configuration sections:"
echo ""
grep "^\[.*\]" "$dev_config" | head -10 | sed 's/^/ /'
else
print_error "Failed to build development configuration"
fi
print_section "Building Production Configuration"
echo "Building configuration for production environment..."
echo ""
local prod_config="demo_config_prod.toml"
if "$SCRIPT_DIR/build-config.sh" prod "$prod_config"; then
print_success "Production configuration built successfully"
# Show some statistics
local file_size=$(du -h "$prod_config" | cut -f1)
local line_count=$(wc -l < "$prod_config")
local section_count=$(grep -c "^\[.*\]" "$prod_config")
echo ""
echo "Production Configuration Stats:"
echo " • File size: $file_size"
echo " • Lines: $line_count"
echo " • Sections: $section_count"
else
print_error "Failed to build production configuration"
fi
print_section "Configuration Comparison"
echo "Comparing development vs production configurations:"
echo ""
if [ -f "$dev_config" ] && [ -f "$prod_config" ]; then
echo "Environment Differences:"
echo ""
# Extract key differences
echo "Development specific settings:"
grep -E "(debug|log_level|localhost|127\.0\.0\.1)" "$dev_config" | head -5 | sed 's/^/ /'
echo ""
echo "Production specific settings:"
grep -E "(https|ssl|encryption|backup)" "$prod_config" | head -5 | sed 's/^/ /'
echo ""
echo "Size comparison:"
echo " • Dev config: $(wc -l < "$dev_config") lines"
echo " • Prod config: $(wc -l < "$prod_config") lines"
echo " • Difference: $(($(wc -l < "$prod_config") - $(wc -l < "$dev_config"))) lines"
fi
print_section "Feature Configuration Examples"
echo "Sample feature configurations:"
echo ""
# Show auth feature differences
if [ -f "$CONFIG_DIR/features/auth/dev.toml" ] && [ -f "$CONFIG_DIR/features/auth/prod.toml" ]; then
echo "Authentication Feature:"
echo " Development:"
grep -E "(max_login_attempts|lockout_duration)" "$CONFIG_DIR/features/auth/dev.toml" | head -2 | sed 's/^/ /'
echo " Production:"
grep -E "(max_login_attempts|lockout_duration)" "$CONFIG_DIR/features/auth/prod.toml" | head -2 | sed 's/^/ /'
echo ""
fi
# Show TLS feature differences
if [ -f "$CONFIG_DIR/features/tls/dev.toml" ] && [ -f "$CONFIG_DIR/features/tls/prod.toml" ]; then
echo "TLS Feature:"
echo " Development:"
grep -E "(tls = |enabled = )" "$CONFIG_DIR/features/tls/dev.toml" | head -2 | sed 's/^/ /'
echo " Production:"
grep -E "(tls = |enabled = )" "$CONFIG_DIR/features/tls/prod.toml" | head -2 | sed 's/^/ /'
echo ""
fi
print_section "Configuration Validation"
echo "Validating built configurations..."
echo ""
# Basic validation
local validation_passed=0
local validation_total=0
for config in "$dev_config" "$prod_config"; do
if [ -f "$config" ]; then
validation_total=$((validation_total + 1))
# Check for required sections
local required_sections=("server" "database" "app")
local config_name=$(basename "$config" .toml)
echo "Validating $config_name:"
local section_issues=0
for section in "${required_sections[@]}"; do
if grep -q "^\[${section}\]" "$config"; then
echo " ✓ Section [$section] present"
else
echo " ✗ Section [$section] missing"
section_issues=$((section_issues + 1))
fi
done
if [ $section_issues -eq 0 ]; then
validation_passed=$((validation_passed + 1))
print_success "$config_name validation passed"
else
print_error "$config_name validation failed"
fi
echo ""
fi
done
print_section "Build Information"
echo "Configuration build metadata:"
echo ""
if [ -f "$dev_config" ]; then
echo "Development build info:"
grep -A 5 "^\[build_info\]" "$dev_config" | sed 's/^/ /'
echo ""
fi
print_section "Usage Examples"
echo "How to use the configuration system:"
echo ""
echo "1. Build configuration for development:"
echo " ./config/scripts/build-config.sh dev"
echo ""
echo "2. Build configuration for production:"
echo " ./config/scripts/build-config.sh prod config.prod.toml"
echo ""
echo "3. Validate configuration:"
echo " ./config/scripts/manage-config.sh validate dev"
echo ""
echo "4. Compare configurations:"
echo " ./config/scripts/manage-config.sh diff dev prod"
echo ""
echo "5. Create new feature:"
echo " ./config/scripts/manage-config.sh template my_feature"
echo ""
echo "6. Show system status:"
echo " ./config/scripts/manage-config.sh status"
print_section "Cleanup"
echo "Cleaning up demo files..."
# Clean up demo files
rm -f "$dev_config" "$prod_config"
print_success "Demo files cleaned up"
print_header "Demo Complete"
echo "The new configuration system provides:"
echo ""
echo "✓ Environment-specific configurations"
echo "✓ Feature-based modularity"
echo "✓ Automatic building and validation"
echo "✓ Easy management and maintenance"
echo "✓ Backup and recovery capabilities"
echo ""
echo "For more information, see:"
echo " • config/README.md - Complete documentation"
echo " • config/scripts/ - Available management scripts"
echo " • config/features/ - Feature configuration modules"
echo ""
print_success "Configuration system is ready to use!"
}
# Check if we're in the right directory
if [ ! -d "$CONFIG_DIR" ]; then
print_error "Configuration directory not found: $CONFIG_DIR"
echo "Please run this script from the project root directory."
exit 1
fi
# Run the demonstration
main "$@"

655
config/scripts/manage-config.sh Executable file
View File

@ -0,0 +1,655 @@
#!/bin/bash
# Configuration Management Script for Rustelo
# Provides commands to manage, validate, and deploy configurations
# Usage: ./manage-config.sh [command] [options]
set -e
# Script configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CONFIG_DIR="$(dirname "$SCRIPT_DIR")"
PROJECT_ROOT="$(dirname "$CONFIG_DIR")"
BACKUP_DIR="$CONFIG_DIR/backups"
ENVIRONMENTS=("dev" "prod" "example")
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_debug() {
if [ "${DEBUG:-0}" = "1" ]; then
echo -e "${PURPLE}[DEBUG]${NC} $1"
fi
}
# Show help
show_help() {
cat << EOF
Configuration Management Script for Rustelo
USAGE:
$0 [COMMAND] [OPTIONS]
COMMANDS:
build ENV [OUTPUT] Build configuration for environment
validate ENV Validate configuration for environment
list-features List available features
list-environments List available environments
backup ENV Backup existing configuration
restore BACKUP_FILE Restore configuration from backup
diff ENV1 ENV2 Compare configurations between environments
template FEATURE Create new feature template
clean Clean generated configurations
status Show configuration status
help Show this help message
ENVIRONMENTS:
dev Development environment
prod Production environment
example Example/template environment
OPTIONS:
--debug Enable debug output
--dry-run Show what would be done without executing
--force Force operation without confirmation
--quiet Suppress non-error output
--backup-dir DIR Use custom backup directory
EXAMPLES:
$0 build dev # Build dev configuration
$0 build prod config.prod.toml # Build prod config with custom name
$0 validate dev # Validate dev configuration
$0 diff dev prod # Compare dev and prod configurations
$0 backup prod # Backup prod configuration
$0 template auth # Create new auth feature template
$0 clean # Clean all generated configs
$0 status # Show configuration status
ENVIRONMENT VARIABLES:
CONFIG_DEBUG=1 Enable debug output
CONFIG_QUIET=1 Suppress non-error output
CONFIG_FORCE=1 Force operations without confirmation
CONFIG_BACKUP_DIR=path Custom backup directory
EOF
}
# Parse command line arguments
parse_args() {
COMMAND=""
ENV=""
OUTPUT=""
DEBUG="${DEBUG:-0}"
DRY_RUN="${DRY_RUN:-0}"
FORCE="${FORCE:-0}"
QUIET="${QUIET:-0}"
BACKUP_DIR_OVERRIDE=""
while [[ $# -gt 0 ]]; do
case $1 in
--debug)
DEBUG=1
shift
;;
--dry-run)
DRY_RUN=1
shift
;;
--force)
FORCE=1
shift
;;
--quiet)
QUIET=1
shift
;;
--backup-dir)
BACKUP_DIR_OVERRIDE="$2"
shift 2
;;
build|validate|backup|restore|diff|template|clean|status|list-features|list-environments|help)
COMMAND="$1"
shift
;;
*)
if [ -z "$ENV" ]; then
ENV="$1"
elif [ -z "$OUTPUT" ]; then
OUTPUT="$1"
else
log_error "Unknown argument: $1"
exit 1
fi
shift
;;
esac
done
# Override backup directory if specified
if [ -n "$BACKUP_DIR_OVERRIDE" ]; then
BACKUP_DIR="$BACKUP_DIR_OVERRIDE"
fi
# Apply environment variables
[ "${CONFIG_DEBUG:-0}" = "1" ] && DEBUG=1
[ "${CONFIG_QUIET:-0}" = "1" ] && QUIET=1
[ "${CONFIG_FORCE:-0}" = "1" ] && FORCE=1
[ -n "${CONFIG_BACKUP_DIR:-}" ] && BACKUP_DIR="$CONFIG_BACKUP_DIR"
}
# Check if environment is valid
validate_environment() {
local env="$1"
for valid_env in "${ENVIRONMENTS[@]}"; do
if [ "$env" = "$valid_env" ]; then
return 0
fi
done
log_error "Invalid environment: $env"
log_error "Valid environments: ${ENVIRONMENTS[*]}"
return 1
}
# Create backup directory if it doesn't exist
ensure_backup_dir() {
if [ ! -d "$BACKUP_DIR" ]; then
mkdir -p "$BACKUP_DIR"
log_debug "Created backup directory: $BACKUP_DIR"
fi
}
# Build configuration
cmd_build() {
local env="$1"
local output="${2:-config.toml}"
if [ -z "$env" ]; then
log_error "Environment required for build command"
return 1
fi
if ! validate_environment "$env"; then
return 1
fi
log_info "Building configuration for environment: $env"
# Use Python script if available, otherwise use bash script
if [ "$DRY_RUN" = "1" ]; then
log_info "Would build configuration using shell script"
return 0
fi
"$SCRIPT_DIR/build-config.sh" "$env" "$output"
}
# Validate configuration
cmd_validate() {
local env="$1"
if [ -z "$env" ]; then
log_error "Environment required for validate command"
return 1
fi
if ! validate_environment "$env"; then
return 1
fi
log_info "Validating configuration for environment: $env"
if [ "$DRY_RUN" = "1" ]; then
log_info "Would validate configuration"
return 0
fi
# Use Python script if available
CONFIG_VALIDATE_ONLY=1 "$SCRIPT_DIR/build-config.sh" "$env"
}
# List available features
cmd_list_features() {
log_info "Available features:"
if [ -d "$CONFIG_DIR/features" ]; then
for feature_dir in "$CONFIG_DIR/features"/*; do
if [ -d "$feature_dir" ]; then
local feature_name=$(basename "$feature_dir")
log_info " - $feature_name"
# Show available environments for this feature
local envs=()
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$feature_dir/$env.toml" ]; then
envs+=("$env")
fi
done
if [ ${#envs[@]} -gt 0 ]; then
log_info " Environments: ${envs[*]}"
fi
fi
done
else
log_error "Features directory not found: $CONFIG_DIR/features"
return 1
fi
}
# List available environments
cmd_list_environments() {
log_info "Available environments:"
for env in "${ENVIRONMENTS[@]}"; do
log_info " - $env"
# Check if base configuration exists
if [ -f "$CONFIG_DIR/base/$env.toml" ]; then
log_info " Base config: ✓"
else
log_info " Base config: ✗"
fi
# Count available features
local feature_count=0
if [ -d "$CONFIG_DIR/features" ]; then
for feature_dir in "$CONFIG_DIR/features"/*; do
if [ -d "$feature_dir" ] && [ -f "$feature_dir/$env.toml" ]; then
((feature_count++))
fi
done
fi
log_info " Available features: $feature_count"
done
}
# Compare configurations between environments
cmd_diff() {
local env1="$1"
local env2="$2"
if [ -z "$env1" ] || [ -z "$env2" ]; then
log_error "Two environments required for diff command"
return 1
fi
if ! validate_environment "$env1" || ! validate_environment "$env2"; then
return 1
fi
log_info "Comparing configurations: $env1 vs $env2"
# Create temporary files
local temp1=$(mktemp)
local temp2=$(mktemp)
trap "rm -f $temp1 $temp2" EXIT
# Build configurations
if ! cmd_build "$env1" "$temp1"; then
log_error "Failed to build configuration for $env1"
return 1
fi
if ! cmd_build "$env2" "$temp2"; then
log_error "Failed to build configuration for $env2"
return 1
fi
# Compare configurations
if command -v diff &> /dev/null; then
diff -u "$temp1" "$temp2" || true
else
log_warning "diff command not available, using basic comparison"
if cmp -s "$temp1" "$temp2"; then
log_info "Configurations are identical"
else
log_info "Configurations differ"
fi
fi
}
# Create backup of configuration
cmd_backup() {
local env="$1"
local config_file="${2:-config.toml}"
if [ -z "$env" ]; then
log_error "Environment required for backup command"
return 1
fi
if ! validate_environment "$env"; then
return 1
fi
ensure_backup_dir
local timestamp=$(date +%Y%m%d_%H%M%S)
local backup_file="$BACKUP_DIR/config_${env}_${timestamp}.toml"
if [ -f "$config_file" ]; then
if [ "$DRY_RUN" = "1" ]; then
log_info "Would backup $config_file to $backup_file"
return 0
fi
cp "$config_file" "$backup_file"
log_success "Configuration backed up to: $backup_file"
else
log_error "Configuration file not found: $config_file"
return 1
fi
}
# Restore configuration from backup
cmd_restore() {
local backup_file="$1"
local output_file="${2:-config.toml}"
if [ -z "$backup_file" ]; then
log_error "Backup file required for restore command"
return 1
fi
if [ ! -f "$backup_file" ]; then
log_error "Backup file not found: $backup_file"
return 1
fi
if [ "$DRY_RUN" = "1" ]; then
log_info "Would restore $backup_file to $output_file"
return 0
fi
# Create backup of current file if it exists
if [ -f "$output_file" ]; then
local timestamp=$(date +%Y%m%d_%H%M%S)
local current_backup="$BACKUP_DIR/config_current_${timestamp}.toml"
ensure_backup_dir
cp "$output_file" "$current_backup"
log_info "Current configuration backed up to: $current_backup"
fi
cp "$backup_file" "$output_file"
log_success "Configuration restored from: $backup_file"
}
# Create new feature template
cmd_template() {
local feature_name="$1"
if [ -z "$feature_name" ]; then
log_error "Feature name required for template command"
return 1
fi
local feature_dir="$CONFIG_DIR/features/$feature_name"
if [ -d "$feature_dir" ]; then
if [ "$FORCE" != "1" ]; then
log_error "Feature directory already exists: $feature_dir"
log_error "Use --force to overwrite"
return 1
fi
fi
if [ "$DRY_RUN" = "1" ]; then
log_info "Would create feature template: $feature_name"
return 0
fi
# Create feature directory
mkdir -p "$feature_dir"
# Create template files for each environment
for env in "${ENVIRONMENTS[@]}"; do
local template_file="$feature_dir/$env.toml"
cat > "$template_file" << EOF
# $feature_name Feature Configuration - $(echo $env | sed 's/./\U&/') Environment
# Settings for the $feature_name feature
[features]
$feature_name = true
[$feature_name]
enabled = true
# Add your feature-specific settings here
# Example configuration options:
# option1 = "value1"
# option2 = 42
# option3 = true
EOF
log_info "Created template file: $template_file"
done
# Create README for the feature
cat > "$feature_dir/README.md" << EOF
# $feature_name Feature
Description of the $feature_name feature.
## Configuration Options
### Environment-Specific Settings
#### Development (\`dev.toml\`)
- Optimized for development and debugging
- Relaxed security settings
- Verbose logging enabled
#### Production (\`prod.toml\`)
- Optimized for production performance
- Strict security settings
- Minimal logging
#### Example (\`example.toml\`)
- Complete documentation of all options
- Best practice configurations
- Commented examples
## Usage
Enable this feature by setting:
\`\`\`toml
[features]
$feature_name = true
\`\`\`
## Dependencies
List any features that this feature depends on.
## Security Considerations
Document any security implications of this feature.
EOF
log_success "Feature template created: $feature_name"
}
# Clean generated configurations
cmd_clean() {
log_info "Cleaning generated configurations..."
if [ "$DRY_RUN" = "1" ]; then
log_info "Would clean generated configuration files"
return 0
fi
local cleaned_count=0
# Remove generated config files
for config_file in config.toml config.*.toml; do
if [ -f "$config_file" ]; then
rm "$config_file"
log_info "Removed: $config_file"
((cleaned_count++))
fi
done
# Remove temporary files
for temp_file in /tmp/config_*.toml /tmp/rustelo_config_*.toml; do
if [ -f "$temp_file" ]; then
rm "$temp_file"
log_info "Removed: $temp_file"
((cleaned_count++))
fi
done
log_success "Cleaned $cleaned_count files"
}
# Show configuration status
cmd_status() {
log_info "Configuration system status:"
# Check directories
log_info "Directories:"
for dir in base features scripts; do
if [ -d "$CONFIG_DIR/$dir" ]; then
log_info " $dir: ✓"
else
log_info " $dir: ✗"
fi
done
# Check base configurations
log_info "Base configurations:"
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$CONFIG_DIR/base/$env.toml" ]; then
log_info " $env: ✓"
else
log_info " $env: ✗"
fi
done
# Check features
log_info "Features:"
if [ -d "$CONFIG_DIR/features" ]; then
for feature_dir in "$CONFIG_DIR/features"/*; do
if [ -d "$feature_dir" ]; then
local feature_name=$(basename "$feature_dir")
local env_count=0
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$feature_dir/$env.toml" ]; then
((env_count++))
fi
done
log_info " $feature_name: $env_count/${#ENVIRONMENTS[@]} environments"
fi
done
fi
# Check scripts
log_info "Scripts:"
for script in build-config.sh; do
if [ -f "$SCRIPT_DIR/$script" ]; then
log_info " $script: ✓"
else
log_error " $script: ✗"
fi
done
# Check tools
log_info "Tools:"
if command -v python3 &> /dev/null; then
log_info " python3: ✓"
if python3 -c "import toml" 2>/dev/null; then
log_info " toml (Python): ✓"
else
log_info " toml (Python): ✗"
fi
else
log_info " python3: ✗"
fi
if command -v toml &> /dev/null; then
log_info " toml (CLI): ✓"
else
log_info " toml (CLI): ✗"
fi
}
# Main function
main() {
parse_args "$@"
# Enable debug if requested
if [ "$DEBUG" = "1" ]; then
set -x
fi
# Handle quiet mode
if [ "$QUIET" = "1" ]; then
exec 1>/dev/null
fi
# Execute command
case "$COMMAND" in
build)
cmd_build "$ENV" "$OUTPUT"
;;
validate)
cmd_validate "$ENV"
;;
list-features)
cmd_list_features
;;
list-environments)
cmd_list_environments
;;
diff)
cmd_diff "$ENV" "$OUTPUT"
;;
backup)
cmd_backup "$ENV" "$OUTPUT"
;;
restore)
cmd_restore "$ENV" "$OUTPUT"
;;
template)
cmd_template "$ENV"
;;
clean)
cmd_clean
;;
status)
cmd_status
;;
help|"")
show_help
;;
*)
log_error "Unknown command: $COMMAND"
show_help
exit 1
;;
esac
}
# Run main function
main "$@"

405
config/scripts/test-config.sh Executable file
View File

@ -0,0 +1,405 @@
#!/bin/bash
# Configuration Test Script for Rustelo
# Tests the configuration building and validation system
# Usage: ./test-config.sh
set -e
# Script configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CONFIG_DIR="$(dirname "$SCRIPT_DIR")"
PROJECT_ROOT="$(dirname "$CONFIG_DIR")"
TEST_OUTPUT_DIR="$CONFIG_DIR/test_outputs"
ENVIRONMENTS=("dev" "prod" "example")
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
NC='\033[0m' # No Color
# Test counters
TESTS_PASSED=0
TESTS_FAILED=0
TESTS_TOTAL=0
# Logging functions
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_test() {
echo -e "${PURPLE}[TEST]${NC} $1"
}
# Test result functions
test_passed() {
local test_name="$1"
TESTS_PASSED=$((TESTS_PASSED + 1))
TESTS_TOTAL=$((TESTS_TOTAL + 1))
log_success "$test_name"
}
test_failed() {
local test_name="$1"
local error_msg="$2"
TESTS_FAILED=$((TESTS_FAILED + 1))
TESTS_TOTAL=$((TESTS_TOTAL + 1))
log_error "$test_name"
if [ -n "$error_msg" ]; then
log_error " Error: $error_msg"
fi
}
# Setup test environment
setup_test_environment() {
log_info "Setting up test environment..."
# Create test output directory
rm -rf "$TEST_OUTPUT_DIR"
mkdir -p "$TEST_OUTPUT_DIR"
# Check if required scripts exist
if [ ! -f "$SCRIPT_DIR/build-config.sh" ]; then
log_error "build-config.sh not found"
exit 1
fi
if [ ! -f "$SCRIPT_DIR/manage-config.sh" ]; then
log_error "manage-config.sh not found"
exit 1
fi
# Check if scripts are executable
if [ ! -x "$SCRIPT_DIR/build-config.sh" ]; then
chmod +x "$SCRIPT_DIR/build-config.sh"
fi
if [ ! -x "$SCRIPT_DIR/manage-config.sh" ]; then
chmod +x "$SCRIPT_DIR/manage-config.sh"
fi
log_success "Test environment setup complete"
}
# Test configuration building
test_build_configurations() {
log_info "Testing configuration building..."
for env in "${ENVIRONMENTS[@]}"; do
log_test "Building configuration for $env environment"
local output_file="$TEST_OUTPUT_DIR/config_${env}_test.toml"
if "$SCRIPT_DIR/build-config.sh" "$env" "$output_file" > /dev/null 2>&1; then
if [ -f "$output_file" ]; then
test_passed "Build $env configuration"
else
test_failed "Build $env configuration" "Output file not created"
fi
else
test_failed "Build $env configuration" "Build script failed"
fi
done
}
# Test configuration validation
test_validate_configurations() {
log_info "Testing configuration validation..."
for env in "${ENVIRONMENTS[@]}"; do
log_test "Validating configuration for $env environment"
if "$SCRIPT_DIR/manage-config.sh" validate "$env" > /dev/null 2>&1; then
test_passed "Validate $env configuration"
else
test_failed "Validate $env configuration" "Validation failed"
fi
done
}
# Test configuration file structure
test_configuration_structure() {
log_info "Testing configuration file structure..."
for env in "${ENVIRONMENTS[@]}"; do
log_test "Checking structure of $env configuration"
local config_file="$TEST_OUTPUT_DIR/config_${env}_test.toml"
if [ ! -f "$config_file" ]; then
test_failed "Check $env structure" "Configuration file not found"
continue
fi
# Check for required sections
local required_sections=("server" "database" "app" "build_info")
local missing_sections=()
for section in "${required_sections[@]}"; do
if ! grep -q "^\[${section}\]" "$config_file"; then
missing_sections+=("$section")
fi
done
if [ ${#missing_sections[@]} -eq 0 ]; then
test_passed "Check $env structure"
else
test_failed "Check $env structure" "Missing sections: ${missing_sections[*]}"
fi
done
}
# Test feature configurations
test_feature_configurations() {
log_info "Testing feature configurations..."
local features_dir="$CONFIG_DIR/features"
if [ ! -d "$features_dir" ]; then
test_failed "Check features directory" "Features directory not found"
return
fi
# Check if features directory has subdirectories
local feature_count=0
for feature_dir in "$features_dir"/*; do
if [ -d "$feature_dir" ]; then
feature_count=$((feature_count + 1))
local feature_name=$(basename "$feature_dir")
log_test "Checking feature: $feature_name"
# Check if feature has environment configs
local env_configs=0
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$feature_dir/$env.toml" ]; then
env_configs=$((env_configs + 1))
fi
done
if [ $env_configs -gt 0 ]; then
test_passed "Feature $feature_name has environment configs"
else
test_failed "Feature $feature_name has environment configs" "No environment configs found"
fi
fi
done
if [ $feature_count -gt 0 ]; then
test_passed "Features directory structure"
else
test_failed "Features directory structure" "No features found"
fi
}
# Test base configurations
test_base_configurations() {
log_info "Testing base configurations..."
local base_dir="$CONFIG_DIR/base"
if [ ! -d "$base_dir" ]; then
test_failed "Check base directory" "Base directory not found"
return
fi
for env in "${ENVIRONMENTS[@]}"; do
log_test "Checking base configuration for $env"
local base_file="$base_dir/$env.toml"
if [ -f "$base_file" ]; then
# Check if file is valid TOML (basic check)
if grep -q "^\[.*\]" "$base_file"; then
test_passed "Base $env configuration exists and has sections"
else
test_failed "Base $env configuration exists and has sections" "No TOML sections found"
fi
else
test_failed "Base $env configuration exists" "File not found"
fi
done
}
# Test management script commands
test_management_commands() {
log_info "Testing management script commands..."
# Test list-features command
log_test "Testing list-features command"
if "$SCRIPT_DIR/manage-config.sh" list-features > /dev/null 2>&1; then
test_passed "list-features command"
else
test_failed "list-features command" "Command failed"
fi
# Test list-environments command
log_test "Testing list-environments command"
if "$SCRIPT_DIR/manage-config.sh" list-environments > /dev/null 2>&1; then
test_passed "list-environments command"
else
test_failed "list-environments command" "Command failed"
fi
# Test status command
log_test "Testing status command"
if "$SCRIPT_DIR/manage-config.sh" status > /dev/null 2>&1; then
test_passed "status command"
else
test_failed "status command" "Command failed"
fi
}
# Test Python configuration builder (if available)
test_python_builder() {
log_info "Testing shell configuration builder (Python builder removed)..."
test_skipped "Python builder" "Python builder has been removed from the project"
}
# Test configuration comparison
test_configuration_comparison() {
log_info "Testing configuration comparison..."
log_test "Testing configuration diff between dev and prod"
if "$SCRIPT_DIR/manage-config.sh" diff dev prod > /dev/null 2>&1; then
test_passed "Configuration diff"
else
test_failed "Configuration diff" "Diff command failed"
fi
}
# Test backup and restore functionality
test_backup_restore() {
log_info "Testing backup and restore functionality..."
# Create a test config file
local test_config="$TEST_OUTPUT_DIR/test_config.toml"
echo "[test]" > "$test_config"
echo "value = \"test\"" >> "$test_config"
# Change to test directory
cd "$TEST_OUTPUT_DIR"
cp "$test_config" "config.toml"
log_test "Testing backup creation"
if "$SCRIPT_DIR/manage-config.sh" backup dev > /dev/null 2>&1; then
test_passed "Backup creation"
else
test_failed "Backup creation" "Backup command failed"
fi
# Return to original directory
cd - > /dev/null
}
# Test error handling
test_error_handling() {
log_info "Testing error handling..."
# Test invalid environment
log_test "Testing invalid environment handling"
if ! "$SCRIPT_DIR/build-config.sh" "invalid_env" "/tmp/test.toml" > /dev/null 2>&1; then
test_passed "Invalid environment handling"
else
test_failed "Invalid environment handling" "Should have failed with invalid environment"
fi
# Test missing base config
log_test "Testing missing base config handling"
local backup_base="$CONFIG_DIR/base/dev.toml.backup"
if [ -f "$CONFIG_DIR/base/dev.toml" ]; then
mv "$CONFIG_DIR/base/dev.toml" "$backup_base"
if ! "$SCRIPT_DIR/build-config.sh" "dev" "/tmp/test.toml" > /dev/null 2>&1; then
test_passed "Missing base config handling"
else
test_failed "Missing base config handling" "Should have failed with missing base config"
fi
# Restore backup
mv "$backup_base" "$CONFIG_DIR/base/dev.toml"
else
test_failed "Missing base config handling" "Base config already missing"
fi
}
# Cleanup test environment
cleanup_test_environment() {
log_info "Cleaning up test environment..."
# Remove test output directory
if [ -d "$TEST_OUTPUT_DIR" ]; then
rm -rf "$TEST_OUTPUT_DIR"
fi
log_success "Test environment cleanup complete"
}
# Show test summary
show_test_summary() {
echo ""
echo "========================================"
echo "Configuration Test Summary"
echo "========================================"
echo "Total Tests: $TESTS_TOTAL"
echo "Passed: $TESTS_PASSED"
echo "Failed: $TESTS_FAILED"
if [ $TESTS_FAILED -eq 0 ]; then
log_success "All tests passed! ✓"
echo ""
echo "The configuration system is working correctly."
else
log_error "Some tests failed! ✗"
echo ""
echo "Please review the failed tests and fix any issues."
exit 1
fi
}
# Main function
main() {
echo "========================================"
echo "Rustelo Configuration System Test Suite"
echo "========================================"
echo ""
# Check if we're in the right directory
if [ ! -d "$CONFIG_DIR" ]; then
log_error "Configuration directory not found: $CONFIG_DIR"
exit 1
fi
# Run tests
setup_test_environment
test_base_configurations
test_feature_configurations
test_build_configurations
test_validate_configurations
test_configuration_structure
test_management_commands
test_python_builder
test_configuration_comparison
test_backup_restore
test_error_handling
cleanup_test_environment
show_test_summary
}
# Run main function
main "$@"

48
config/scripts/test-manage.sh Executable file
View File

@ -0,0 +1,48 @@
#!/bin/bash
# Test script to debug the management script issue
echo "Starting test..."
# Set basic variables
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CONFIG_DIR="$(dirname "$SCRIPT_DIR")"
PROJECT_ROOT="$(dirname "$CONFIG_DIR")"
BACKUP_DIR="$CONFIG_DIR/backups"
ENVIRONMENTS=("dev" "prod" "example")
echo "SCRIPT_DIR: $SCRIPT_DIR"
echo "CONFIG_DIR: $CONFIG_DIR"
echo "PROJECT_ROOT: $PROJECT_ROOT"
echo "BACKUP_DIR: $BACKUP_DIR"
# Test list-features function
echo "Testing list-features..."
echo "Available features:"
if [ -d "$CONFIG_DIR/features" ]; then
echo "Features directory found: $CONFIG_DIR/features"
for feature_dir in "$CONFIG_DIR/features"/*; do
if [ -d "$feature_dir" ]; then
feature_name=$(basename "$feature_dir")
echo " - $feature_name"
# Show available environments for this feature
envs=()
for env in "${ENVIRONMENTS[@]}"; do
if [ -f "$feature_dir/$env.toml" ]; then
envs+=("$env")
fi
done
if [ ${#envs[@]} -gt 0 ]; then
echo " Environments: ${envs[*]}"
fi
fi
done
else
echo "Features directory not found: $CONFIG_DIR/features"
fi
echo "Test completed."