diff --git a/config/README.md b/config/README.md new file mode 100644 index 0000000..9120649 --- /dev/null +++ b/config/README.md @@ -0,0 +1,335 @@ +# Rustelo Configuration System + +A modular, environment-aware configuration system that separates concerns by features and environments. + +## Overview + +The Rustelo configuration system provides a flexible way to manage application configurations across different environments (development, production, example) while maintaining feature-specific settings in separate modules. + +## Directory Structure + +``` +config/ +├── base/ # Base configurations for each environment +│ ├── dev.toml # Development base settings +│ ├── prod.toml # Production base settings +│ └── example.toml # Example/template base settings +├── features/ # Feature-specific configurations +│ ├── auth/ # Authentication feature +│ │ ├── dev.toml # Auth settings for development +│ │ ├── prod.toml # Auth settings for production +│ │ └── example.toml # Auth example settings +│ ├── email/ # Email feature +│ │ ├── dev.toml # Email settings for development +│ │ ├── prod.toml # Email settings for production +│ │ └── example.toml # Email example settings +│ ├── tls/ # TLS/SSL feature +│ │ ├── dev.toml # TLS settings for development +│ │ ├── prod.toml # TLS settings for production +│ │ └── example.toml # TLS example settings +│ ├── content/ # Content management feature +│ │ ├── dev.toml # Content settings for development +│ │ ├── prod.toml # Content settings for production +│ │ └── example.toml # Content example settings +│ └── metrics/ # Metrics and monitoring feature +│ ├── dev.toml # Metrics settings for development +│ ├── prod.toml # Metrics settings for production +│ └── example.toml # Metrics example settings +├── scripts/ # Configuration management scripts +│ ├── build-config.sh # Shell script to build configurations +│ └── manage-config.sh # Configuration management utility +├── backups/ # Backup configurations (auto-created) +└── README.md # This file +``` + +## Quick Start + +### 1. Build Configuration + +Build a complete configuration for development: + +```bash +./config/scripts/build-config.sh dev +``` + +Build configuration for production: + +```bash +./config/scripts/build-config.sh prod config.prod.toml +``` + +### 2. Using the Management Script + +The management script provides comprehensive configuration operations: + +```bash +# Build configurations +./config/scripts/manage-config.sh build dev +./config/scripts/manage-config.sh build prod config.prod.toml + +# Validate configurations +./config/scripts/manage-config.sh validate dev +./config/scripts/manage-config.sh validate prod + +# List available features and environments +./config/scripts/manage-config.sh list-features +./config/scripts/manage-config.sh list-environments + +# Compare configurations between environments +./config/scripts/manage-config.sh diff dev prod + +# Create backups +./config/scripts/manage-config.sh backup prod + +# Show configuration status +./config/scripts/manage-config.sh status +``` + +### 3. Using Python Builder (Advanced) + +For more advanced TOML handling and validation: + +```bash +# Build configuration +./config/scripts/build-config.sh dev +./config/scripts/build-config.sh prod config.prod.toml + +# Validate only (no output file) +CONFIG_VALIDATE_ONLY=1 ./config/scripts/build-config.sh dev +``` + +## Configuration Structure + +### Base Configurations + +Base configurations (`config/base/`) contain core settings that apply to all features: + +- **Server settings**: Protocol, host, port, workers +- **Database settings**: Connection strings, pool sizes +- **Session management**: Cookie settings, timeouts +- **CORS settings**: Allowed origins, methods, headers +- **Security settings**: CSRF, rate limiting, encryption +- **Logging settings**: Levels, formats, outputs + +### Feature Configurations + +Feature configurations (`config/features/`) contain settings specific to individual features: + +- **Authentication**: JWT, OAuth, password policies, session management +- **Email**: SMTP, templates, queues, validation +- **TLS**: Certificates, protocols, security settings +- **Content**: Management, processing, validation, caching +- **Metrics**: Collection, export, alerting, performance tracking + +### Environment-Specific Settings + +Each environment has different optimization focuses: + +#### Development (`dev.toml`) +- Relaxed security settings +- Verbose logging +- Hot reloading enabled +- Mock services +- Extended timeouts +- Debug features enabled + +#### Production (`prod.toml`) +- Strict security settings +- Optimized performance +- Minimal logging +- Real services +- Short timeouts +- Debug features disabled + +#### Example (`example.toml`) +- Complete feature documentation +- All available options shown +- Best practice configurations +- Commented examples + +## How Configuration Building Works + +1. **Load Base Configuration**: The base configuration for the target environment is loaded first +2. **Load Feature Configurations**: All available feature configurations for the environment are loaded +3. **Merge Configurations**: Features are merged into the base configuration using deep merging +4. **Add Build Information**: Metadata about the build process is added +5. **Validate Configuration**: The final configuration is validated for correctness +6. **Write Output**: The complete configuration is written to the output file + +## Environment Variables + +Configuration files support environment variable substitution using `${VARIABLE_NAME}` syntax: + +```toml +[database] +url = "${DATABASE_URL}" + +[auth.jwt] +secret = "${JWT_SECRET}" + +[email.smtp] +password = "${SMTP_PASSWORD}" +``` + +## Creating New Features + +### Using the Template Command + +```bash +./config/scripts/manage-config.sh template my_feature +``` + +This creates a new feature directory with template files for all environments. + +### Manual Creation + +1. Create a new directory under `config/features/` +2. Create environment-specific TOML files (`dev.toml`, `prod.toml`, `example.toml`) +3. Define feature-specific settings in each file + +Example feature structure: + +```toml +# config/features/my_feature/dev.toml +[features] +my_feature = true + +[my_feature] +enabled = true +debug_mode = true +# ... other settings +``` + +## Configuration Validation + +The system includes built-in validation for: + +- **TOML Syntax**: Ensures valid TOML structure +- **Required Sections**: Validates presence of essential configuration sections +- **Value Types**: Checks that configuration values are of expected types +- **Value Ranges**: Validates that numeric values are within acceptable ranges +- **Dependencies**: Ensures required dependencies are available when features are enabled + +## Best Practices + +### 1. Environment-Specific Optimization + +- **Development**: Prioritize developer experience and debugging +- **Production**: Prioritize security, performance, and reliability +- **Example**: Show all available options with documentation + +### 2. Feature Independence + +- Keep feature configurations independent of each other +- Use feature flags to enable/disable functionality +- Provide sensible defaults for all settings + +### 3. Security + +- Never commit sensitive values to version control +- Use environment variables for secrets +- Implement proper validation for security-critical settings + +### 4. Documentation + +- Document all configuration options +- Provide examples for complex settings +- Include units and ranges for numeric values + +## Backup and Recovery + +### Automatic Backups + +The build scripts automatically create backups of existing configurations before generating new ones: + +``` +config/backups/config_prod_20231201_143022.toml +``` + +### Manual Backups + +```bash +# Create backup +./config/scripts/manage-config.sh backup prod + +# Restore from backup +./config/scripts/manage-config.sh restore config/backups/config_prod_20231201_143022.toml +``` + +## Troubleshooting + +### Common Issues + +1. **Invalid TOML Syntax** + - Check for missing quotes, brackets, or commas + - Validate individual files before building + +2. **Missing Environment Variables** + - Ensure all required environment variables are set + - Check variable names for typos + +3. **Feature Conflicts** + - Review feature configurations for conflicting settings + - Use the diff command to compare configurations + +### Debug Mode + +Enable debug output for detailed information: + +```bash +CONFIG_DEBUG=1 ./config/scripts/build-config.sh dev +``` + +Or with the management script: + +```bash +./config/scripts/manage-config.sh --debug build dev +``` + +## Advanced Usage + +### Custom Configuration Directories + +```bash +CONFIG_DIR=/path/to/custom/config ./config/scripts/build-config.sh dev +``` + +### Validation Only + +```bash +# Validate without building +./config/scripts/manage-config.sh validate dev + +# Shell script validation +CONFIG_VALIDATE_ONLY=1 ./config/scripts/build-config.sh prod +``` + +### Dry Run Mode + +```bash +# See what would be done without executing +./config/scripts/manage-config.sh --dry-run build prod +``` + +## Integration with Rustelo + +The generated configuration files are designed to work seamlessly with Rustelo's configuration system: + +1. **Feature Flags**: Control which features are compiled and enabled +2. **Environment Detection**: Automatic environment detection and configuration loading +3. **Hot Reloading**: Support for configuration hot reloading in development +4. **Validation**: Built-in configuration validation at runtime + +## Contributing + +When adding new features or modifying existing ones: + +1. Update all three environment files (`dev.toml`, `prod.toml`, `example.toml`) +2. Add appropriate validation rules +3. Update documentation +4. Test configuration building and validation +5. Add examples to the example configuration + +## License + +This configuration system is part of the Rustelo project and follows the same license terms. \ No newline at end of file diff --git a/config/base/app.toml b/config/base/app.toml new file mode 100644 index 0000000..7cd1904 --- /dev/null +++ b/config/base/app.toml @@ -0,0 +1,44 @@ +# Base Application Configuration +# Core application settings that apply across all environments + +# Root Path Configuration +# This sets the base directory for all relative paths in the configuration +# Set via ROOT_PATH environment variable or leave as default to use current directory +root_path = "." + +# Application Settings +[app] +name = "Rustelo-app" +version = "0.1.0" +debug = false # Will be overridden per environment +max_request_size = 10485760 # 10MB in bytes + +# Security Configuration +[security] +enable_csrf = true +csrf_token_name = "csrf_token" +rate_limit_requests = 100 +rate_limit_window = 60 # seconds +bcrypt_cost = 12 + +# Session Configuration +[session] +cookie_name = "session_id" +cookie_http_only = true +cookie_same_site = "lax" # "strict", "lax", or "none" +max_age = 3600 # Session duration in seconds + +# CORS Configuration +[cors] +allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"] +allowed_headers = ["Content-Type", "Authorization", "X-Requested-With"] +allow_credentials = true +max_age = 3600 + +# Logging Configuration +[logging] +format = "json" # "json" or "text" +max_file_size = 10485760 # 10MB +max_files = 5 +enable_console = true +enable_file = false diff --git a/config/base/database.toml b/config/base/database.toml new file mode 100644 index 0000000..97fb78d --- /dev/null +++ b/config/base/database.toml @@ -0,0 +1,29 @@ +# Base Database Configuration +# Database connection and pool settings that apply across environments + +[database] +# Default database URL - will be overridden per environment +url = "sqlite:database.db" +max_connections = 10 +min_connections = 1 +connect_timeout = 30 +idle_timeout = 600 +max_lifetime = 1800 + +# Database migration settings +[database.migrations] +auto_migrate = false +migration_dir = "migrations" +create_db_if_missing = true + +# Connection pool health check +[database.health] +enable_ping = true +ping_timeout = 5 +max_retries = 3 + +# Query logging and performance +[database.logging] +log_queries = false +log_slow_queries = true +slow_query_threshold = 1000 # milliseconds diff --git a/config/base/dev.toml b/config/base/dev.toml new file mode 100644 index 0000000..733ddcd --- /dev/null +++ b/config/base/dev.toml @@ -0,0 +1,147 @@ +# Base Configuration - Development Environment +# Core settings that apply to all features in development + +# Root Path Configuration +root_path = "." + +# Server Configuration - Development +[server] +protocol = "http" +host = "127.0.0.1" +port = 3030 +environment = "development" +log_level = "debug" +workers = 1 +max_connections = 100 + +# Database Configuration - Development +[database] +url = "sqlite:dev_database.db" +max_connections = 5 +min_connections = 1 +connect_timeout = 30 +idle_timeout = 600 +max_lifetime = 1800 +enable_logging = true +log_slow_queries = true +slow_query_threshold = 100 # milliseconds + +# Session Configuration - Development +[session] +secret = "dev-session-secret-change-in-production" +cookie_name = "rustelo_session_dev" +cookie_secure = false +cookie_http_only = true +cookie_same_site = "lax" +max_age = 7200 # 2 hours +domain = "" +path = "/" + +# CORS Configuration - Development +[cors] +allowed_origins = [ + "http://localhost:3030", + "http://127.0.0.1:3030", + "http://localhost:3000", + "http://localhost:8080" +] +allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"] +allowed_headers = ["*"] +allow_credentials = true +max_age = 3600 +expose_headers = ["X-Total-Count", "X-Page-Count"] + +# Static Files Configuration - Development +[static] +assets_dir = "public" +site_root = "target/site" +site_pkg_dir = "pkg" +enable_compression = false +enable_caching = false +cache_max_age = 0 + +# Server Directories Configuration - Development +[server_dirs] +public_dir = "public" +uploads_dir = "uploads" +logs_dir = "logs" +temp_dir = "tmp" +cache_dir = "cache" +config_dir = "config" +data_dir = "data" +backup_dir = "backups" + +# Security Configuration - Development +[security] +enable_csrf = false +csrf_token_name = "csrf_token" +rate_limit_requests = 1000 +rate_limit_window = 60 +bcrypt_cost = 10 +enable_request_id = true +request_id_header = "X-Request-ID" + +# Application Settings - Development +[app] +name = "Rustelo-app-dev" +version = "0.1.0" +debug = true +enable_metrics = true +enable_health_check = true +enable_compression = false +max_request_size = 104857600 # 100MB for development +enable_hot_reload = true +auto_migrate = true + +# Logging Configuration - Development +[logging] +format = "pretty" +level = "debug" +file_path = "logs/dev_app.log" +max_file_size = 10485760 # 10MB +max_files = 3 +enable_console = true +enable_file = true +enable_structured_logging = false +log_request_body = true +log_response_body = false + +# Redis Configuration - Development +[redis] +enabled = false +url = "redis://localhost:6379" +pool_size = 5 +connection_timeout = 5 +command_timeout = 5 +database = 0 + +# Metrics Configuration - Development +[metrics] +enabled = true +endpoint = "/metrics" +collect_system_metrics = true +collect_process_metrics = true +collect_http_metrics = true +collect_database_metrics = true +prometheus_enabled = true +statsd_enabled = false + +# Health Check Configuration - Development +[health] +enabled = true +endpoint = "/health" +detailed = true +check_database = true +check_redis = false +check_external_services = false +timeout = 5000 # milliseconds + +# Development-specific settings +[development] +enable_reloading = true +enable_debug_routes = true +enable_profiling = true +enable_trace_logging = true +mock_external_services = true +seed_test_data = true +disable_auth_for_local = false diff --git a/config/base/example.toml b/config/base/example.toml new file mode 100644 index 0000000..4d8aff2 --- /dev/null +++ b/config/base/example.toml @@ -0,0 +1,309 @@ +# Base Configuration - Example Environment +# Complete example showing all available base configuration options + +# Root Path Configuration +# This sets the base directory for all relative paths in the configuration +root_path = "." + +# Server Configuration - Example with all options +[server] +protocol = "https" # "http" or "https" +host = "0.0.0.0" # "0.0.0.0" for all interfaces, "127.0.0.1" for localhost only +port = 443 # 443 for HTTPS, 80 for HTTP, 3030 for development +environment = "production" # "development", "production", "staging" +log_level = "info" # "trace", "debug", "info", "warn", "error" +workers = 4 # Number of worker threads (0 = auto-detect) +max_connections = 1000 # Maximum concurrent connections +graceful_shutdown_timeout = 30 # Seconds to wait for graceful shutdown +keepalive_timeout = 65 # HTTP keep-alive timeout in seconds +request_timeout = 30 # Request timeout in seconds +read_timeout = 30 # Read timeout in seconds +write_timeout = 30 # Write timeout in seconds + +# Database Configuration - Example with multiple options +[database] +# PostgreSQL example +url = "postgresql://username:password@localhost:5432/database_name" +# SQLite example +# url = "sqlite:database.db" +# MySQL example +# url = "mysql://username:password@localhost:3306/database_name" + +max_connections = 20 # Maximum connections in pool +min_connections = 5 # Minimum connections in pool +connect_timeout = 10 # Connection timeout in seconds +idle_timeout = 300 # Idle connection timeout in seconds +max_lifetime = 1800 # Maximum connection lifetime in seconds +enable_logging = false # Log database queries +log_slow_queries = true # Log slow queries only +slow_query_threshold = 1000 # Slow query threshold in milliseconds +ssl_mode = "require" # "disable", "allow", "prefer", "require" +statement_timeout = 30000 # Statement timeout in milliseconds +migration_timeout = 300 # Migration timeout in seconds + +# Session Configuration - Example with all options +[session] +secret = "your-super-secure-session-secret-key-at-least-32-characters-long" +cookie_name = "rustelo_session" +cookie_secure = true # Set to true for HTTPS +cookie_http_only = true # Prevent JavaScript access +cookie_same_site = "strict" # "strict", "lax", "none" +max_age = 3600 # Session duration in seconds +domain = "example.com" # Cookie domain +path = "/" # Cookie path +rolling_timeout = true # Extend session on activity +cleanup_interval = 3600 # Session cleanup interval in seconds + +# CORS Configuration - Example with comprehensive settings +[cors] +allowed_origins = [ + "https://example.com", + "https://www.example.com", + "https://app.example.com" +] +allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"] +allowed_headers = [ + "Content-Type", + "Authorization", + "X-Requested-With", + "X-CSRF-Token", + "Accept", + "Origin" +] +allow_credentials = true +max_age = 86400 # Preflight cache duration in seconds +expose_headers = ["X-Total-Count", "X-Page-Count", "X-Rate-Limit"] +vary_header = true # Add Vary header for caching + +# Static Files Configuration - Example with all options +[static] +assets_dir = "public" # Static assets directory +site_root = "target/site" # Site root directory +site_pkg_dir = "pkg" # Package directory +enable_compression = true # Enable gzip compression +enable_caching = true # Enable browser caching +cache_max_age = 2592000 # Cache max age in seconds (30 days) +compression_level = 6 # Compression level (1-9) +compression_types = [ # File types to compress + "text/html", + "text/css", + "text/javascript", + "application/javascript", + "application/json", + "text/xml", + "application/xml" +] + +# Server Directories Configuration - Example with all paths +[server_dirs] +public_dir = "/var/www/public" # Public files directory +uploads_dir = "/var/uploads" # File uploads directory +logs_dir = "/var/log/rustelo" # Log files directory +temp_dir = "/tmp/rustelo" # Temporary files directory +cache_dir = "/var/cache/rustelo" # Cache directory +config_dir = "/etc/rustelo" # Configuration directory +data_dir = "/var/lib/rustelo" # Application data directory +backup_dir = "/var/backups/rustelo" # Backup directory +templates_dir = "templates" # Template files directory +locale_dir = "locale" # Localization files directory + +# Security Configuration - Example with comprehensive security settings +[security] +enable_csrf = true # Enable CSRF protection +csrf_token_name = "csrf_token" # CSRF token form field name +csrf_cookie_name = "__csrf_token" # CSRF token cookie name +rate_limit_requests = 100 # Requests per window +rate_limit_window = 60 # Rate limit window in seconds +bcrypt_cost = 12 # bcrypt hashing cost +enable_request_id = true # Add request ID to responses +request_id_header = "X-Request-ID" # Request ID header name +enable_security_headers = true # Enable security headers +content_security_policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" +x_frame_options = "DENY" # X-Frame-Options header +x_content_type_options = "nosniff" # X-Content-Type-Options header +referrer_policy = "strict-origin-when-cross-origin" # Referrer-Policy header + +# Application Settings - Example with all options +[app] +name = "Rustelo Application" # Application name +version = "1.0.0" # Application version +description = "A modern web application built with Rustelo" +author = "Your Name" # Application author +website = "https://example.com" # Application website +support_email = "support@example.com" # Support email +debug = false # Debug mode +enable_metrics = true # Enable metrics collection +enable_health_check = true # Enable health check endpoint +enable_compression = true # Enable response compression +max_request_size = 10485760 # Maximum request size in bytes (10MB) +enable_hot_reload = false # Enable hot reloading +auto_migrate = false # Auto-run database migrations +timezone = "UTC" # Application timezone +locale = "en" # Default locale +date_format = "%Y-%m-%d" # Date format +time_format = "%H:%M:%S" # Time format +datetime_format = "%Y-%m-%d %H:%M:%S" # DateTime format + +# Logging Configuration - Example with comprehensive logging settings +[logging] +format = "json" # "json", "text", "pretty" +level = "info" # "trace", "debug", "info", "warn", "error" +file_path = "/var/log/rustelo/app.log" # Log file path +max_file_size = 104857600 # Maximum log file size in bytes (100MB) +max_files = 10 # Maximum number of log files to keep +enable_console = false # Enable console logging +enable_file = true # Enable file logging +enable_structured_logging = true # Enable structured logging +log_request_body = false # Log request bodies +log_response_body = false # Log response bodies +enable_audit_log = true # Enable audit logging +audit_log_path = "/var/log/rustelo/audit.log" # Audit log file path +enable_access_log = true # Enable access logging +access_log_path = "/var/log/rustelo/access.log" # Access log file path +log_rotation = "daily" # "daily", "weekly", "monthly", "size" +log_compression = true # Compress rotated logs + +# Redis Configuration - Example with all options +[redis] +enabled = true # Enable Redis +url = "redis://localhost:6379" # Redis connection URL +pool_size = 20 # Connection pool size +connection_timeout = 5 # Connection timeout in seconds +command_timeout = 5 # Command timeout in seconds +database = 0 # Redis database number +enable_cluster = false # Enable Redis cluster mode +cluster_nodes = [] # Redis cluster nodes +ssl_enabled = false # Enable SSL/TLS +ssl_cert_path = "" # SSL certificate path +ssl_key_path = "" # SSL key path +ssl_ca_path = "" # SSL CA path +retry_attempts = 3 # Number of retry attempts +retry_delay = 1000 # Retry delay in milliseconds + +# Metrics Configuration - Example with comprehensive metrics settings +[metrics] +enabled = true # Enable metrics collection +endpoint = "/metrics" # Metrics endpoint path +port = 9090 # Metrics server port (0 = use main port) +host = "127.0.0.1" # Metrics server host +collect_system_metrics = true # Collect system metrics +collect_process_metrics = true # Collect process metrics +collect_http_metrics = true # Collect HTTP metrics +collect_database_metrics = true # Collect database metrics +prometheus_enabled = true # Enable Prometheus format +statsd_enabled = false # Enable StatsD format +statsd_host = "localhost" # StatsD host +statsd_port = 8125 # StatsD port +scrape_interval = 15 # Metrics scrape interval in seconds +histogram_buckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0] + +# Health Check Configuration - Example with all options +[health] +enabled = true # Enable health checks +endpoint = "/health" # Health check endpoint +detailed = false # Include detailed health information +check_database = true # Check database connectivity +check_redis = true # Check Redis connectivity +check_external_services = true # Check external service dependencies +timeout = 5000 # Health check timeout in milliseconds +interval = 30 # Health check interval in seconds +failure_threshold = 3 # Number of failures before marking unhealthy +success_threshold = 1 # Number of successes before marking healthy + +# Monitoring Configuration - Example with external monitoring +[monitoring] +enabled = true # Enable monitoring +alert_manager_url = "http://localhost:9093" # AlertManager URL +prometheus_url = "http://localhost:9090" # Prometheus URL +grafana_url = "http://localhost:3000" # Grafana URL +enable_traces = true # Enable distributed tracing +trace_sampling_rate = 0.1 # Trace sampling rate (0.0-1.0) +jaeger_endpoint = "http://localhost:14268/api/traces" # Jaeger endpoint +zipkin_endpoint = "http://localhost:9411/api/v2/spans" # Zipkin endpoint + +# Backup Configuration - Example with automated backups +[backup] +enabled = true # Enable automatic backups +schedule = "0 2 * * *" # Backup schedule (cron format) +retention_days = 30 # Backup retention in days +storage_path = "/var/backups/rustelo" # Backup storage path +compress_backups = true # Compress backup files +encryption_enabled = true # Enable backup encryption +encryption_key = "backup-encryption-key" # Backup encryption key +s3_enabled = false # Enable S3 backup storage +s3_bucket = "rustelo-backups" # S3 bucket name +s3_region = "us-east-1" # S3 region +s3_access_key = "" # S3 access key +s3_secret_key = "" # S3 secret key + +# SSL/TLS Configuration - Example with security settings +[ssl] +force_https = true # Force HTTPS redirects +hsts_max_age = 31536000 # HSTS max age in seconds (1 year) +hsts_include_subdomains = true # Include subdomains in HSTS +hsts_preload = true # Enable HSTS preload +upgrade_insecure_requests = true # Upgrade insecure requests + +# Cache Configuration - Example with caching settings +[cache] +enabled = true # Enable caching +type = "redis" # "memory", "redis", "file" +default_ttl = 3600 # Default TTL in seconds +max_memory = 134217728 # Maximum memory usage in bytes (128MB) +eviction_policy = "lru" # "lru", "lfu", "fifo", "random" +compression = true # Enable cache compression +encryption = false # Enable cache encryption +key_prefix = "rustelo:" # Cache key prefix + +# Rate Limiting Configuration - Example with comprehensive rate limiting +[rate_limiting] +enabled = true # Enable rate limiting +global_limit = 1000 # Global requests per window +global_window = 60 # Global window in seconds +per_ip_limit = 100 # Per-IP requests per window +per_ip_window = 60 # Per-IP window in seconds +per_user_limit = 500 # Per-user requests per window +per_user_window = 60 # Per-user window in seconds +burst_limit = 10 # Burst limit +storage = "redis" # "memory", "redis" +key_prefix = "ratelimit:" # Rate limit key prefix + +# WebSocket Configuration - Example with WebSocket settings +[websocket] +enabled = true # Enable WebSocket support +path = "/ws" # WebSocket endpoint path +max_connections = 1000 # Maximum concurrent connections +ping_interval = 30 # Ping interval in seconds +pong_timeout = 10 # Pong timeout in seconds +max_message_size = 1048576 # Maximum message size in bytes (1MB) +compression = true # Enable WebSocket compression +origin_check = true # Check WebSocket origin +allowed_origins = ["https://example.com"] # Allowed origins + +# Background Jobs Configuration - Example with job processing +[jobs] +enabled = true # Enable background jobs +queue_name = "rustelo_jobs" # Job queue name +max_workers = 4 # Maximum worker threads +poll_interval = 5 # Queue polling interval in seconds +retry_attempts = 3 # Number of retry attempts +retry_delay = 60 # Retry delay in seconds +max_job_size = 1048576 # Maximum job size in bytes (1MB) +job_timeout = 300 # Job timeout in seconds +dead_letter_queue = true # Enable dead letter queue +storage = "redis" # "memory", "redis", "database" + +# API Configuration - Example with API settings +[api] +enabled = true # Enable API +base_path = "/api/v1" # API base path +rate_limit = 1000 # API rate limit per hour +enable_cors = true # Enable CORS for API +enable_authentication = true # Require authentication +enable_pagination = true # Enable pagination +default_page_size = 20 # Default page size +max_page_size = 100 # Maximum page size +enable_filtering = true # Enable filtering +enable_sorting = true # Enable sorting +enable_search = true # Enable search +api_key_header = "X-API-Key" # API key header name diff --git a/config/base/prod.toml b/config/base/prod.toml new file mode 100644 index 0000000..ff49ea7 --- /dev/null +++ b/config/base/prod.toml @@ -0,0 +1,178 @@ +# Base Configuration - Production Environment +# Core settings that apply to all features in production + +# Root Path Configuration +root_path = "." + +# Server Configuration - Production +[server] +protocol = "https" +host = "0.0.0.0" +port = 443 +environment = "production" +log_level = "info" +workers = 4 +max_connections = 1000 +graceful_shutdown_timeout = 30 +keepalive_timeout = 65 + +# Database Configuration - Production +[database] +url = "${DATABASE_URL}" +max_connections = 20 +min_connections = 5 +connect_timeout = 10 +idle_timeout = 300 +max_lifetime = 1800 +enable_logging = false +log_slow_queries = true +slow_query_threshold = 1000 # milliseconds +ssl_mode = "require" +statement_timeout = 30000 + +# Session Configuration - Production +[session] +secret = "${SESSION_SECRET}" +cookie_name = "rustelo_session" +cookie_secure = true +cookie_http_only = true +cookie_same_site = "strict" +max_age = 1800 # 30 minutes +domain = "${DOMAIN}" +path = "/" + +# CORS Configuration - Production +[cors] +allowed_origins = ["${FRONTEND_URL}", "https://${DOMAIN}"] +allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"] +allowed_headers = ["Content-Type", "Authorization", "X-Requested-With", "X-CSRF-Token"] +allow_credentials = true +max_age = 86400 # 24 hours +expose_headers = ["X-Total-Count", "X-Page-Count"] + +# Static Files Configuration - Production +[static] +assets_dir = "public" +site_root = "target/site" +site_pkg_dir = "pkg" +enable_compression = true +enable_caching = true +cache_max_age = 2592000 # 30 days +compression_level = 6 + +# Server Directories Configuration - Production +[server_dirs] +public_dir = "/var/www/public" +uploads_dir = "/var/uploads" +logs_dir = "/var/log/rustelo" +temp_dir = "/tmp/rustelo" +cache_dir = "/var/cache/rustelo" +config_dir = "/etc/rustelo" +data_dir = "/var/lib/rustelo" +backup_dir = "/var/backups/rustelo" + +# Security Configuration - Production +[security] +enable_csrf = true +csrf_token_name = "csrf_token" +rate_limit_requests = 100 +rate_limit_window = 60 +bcrypt_cost = 12 +enable_request_id = true +request_id_header = "X-Request-ID" +enable_security_headers = true +content_security_policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" + +# Application Settings - Production +[app] +name = "Rustelo-app" +version = "1.0.0" +debug = false +enable_metrics = true +enable_health_check = true +enable_compression = true +max_request_size = 10485760 # 10MB +enable_hot_reload = false +auto_migrate = false + +# Logging Configuration - Production +[logging] +format = "json" +level = "info" +file_path = "/var/log/rustelo/app.log" +max_file_size = 104857600 # 100MB +max_files = 10 +enable_console = false +enable_file = true +enable_structured_logging = true +log_request_body = false +log_response_body = false +enable_audit_log = true +audit_log_path = "/var/log/rustelo/audit.log" + +# Redis Configuration - Production +[redis] +enabled = true +url = "${REDIS_URL}" +pool_size = 20 +connection_timeout = 5 +command_timeout = 5 +database = 0 +enable_cluster = false +ssl_enabled = true + +# Metrics Configuration - Production +[metrics] +enabled = true +endpoint = "/metrics" +collect_system_metrics = true +collect_process_metrics = true +collect_http_metrics = true +collect_database_metrics = true +prometheus_enabled = true +statsd_enabled = false +scrape_interval = 15 # seconds + +# Health Check Configuration - Production +[health] +enabled = true +endpoint = "/health" +detailed = false +check_database = true +check_redis = true +check_external_services = true +timeout = 5000 # milliseconds + +# Monitoring Configuration - Production +[monitoring] +enabled = true +alert_manager_url = "${ALERT_MANAGER_URL}" +prometheus_url = "${PROMETHEUS_URL}" +grafana_url = "${GRAFANA_URL}" +enable_traces = true +trace_sampling_rate = 0.1 + +# Backup Configuration - Production +[backup] +enabled = true +schedule = "0 2 * * *" # Daily at 2 AM +retention_days = 30 +storage_path = "/var/backups/rustelo" +compress_backups = true +encryption_enabled = true + +# SSL/TLS Configuration - Production +[ssl] +force_https = true +hsts_max_age = 31536000 # 1 year +hsts_include_subdomains = true +hsts_preload = true + +# Production-specific settings +[production] +enable_maintenance_mode = false +maintenance_message = "System is under maintenance. Please try again later." +enable_graceful_shutdown = true +shutdown_timeout = 30 +enable_crash_reporting = true +crash_reporting_endpoint = "${CRASH_REPORTING_URL}" diff --git a/config/base/server.toml b/config/base/server.toml new file mode 100644 index 0000000..7492b87 --- /dev/null +++ b/config/base/server.toml @@ -0,0 +1,30 @@ +# Base Server Configuration +# This file contains the core server settings that are common across all environments + +[server] +protocol = "http" # "http" or "https" - will be overridden in production +host = "127.0.0.1" +port = 3030 +log_level = "info" # "trace", "debug", "info", "warn", "error" + +# TLS Configuration (only used when protocol = "https") +[server.tls] +cert_path = "certs/server.crt" +key_path = "certs/server.key" + +# Static Files Configuration +[static] +assets_dir = "public" +site_root = "target/site" +site_pkg_dir = "pkg" + +# Server Directories Configuration +[server_dirs] +public_dir = "public" +uploads_dir = "uploads" +logs_dir = "logs" +temp_dir = "tmp" +cache_dir = "cache" +config_dir = "config" +data_dir = "data" +backup_dir = "backups" diff --git a/config/environments/dev/main.toml b/config/environments/dev/main.toml new file mode 100644 index 0000000..0b47819 --- /dev/null +++ b/config/environments/dev/main.toml @@ -0,0 +1,41 @@ +# Development Environment Configuration +# Settings optimized for local development and debugging + +[server] +environment = "development" +log_level = "debug" +protocol = "http" +host = "127.0.0.1" +port = 3030 + +[app] +debug = true +enable_metrics = true +enable_health_check = true +enable_compression = false + +[cors] +allowed_origins = ["http://localhost:3030", "http://127.0.0.1:3030", "http://localhost:3000"] + +[session] +secret = "dev-session-secret-change-in-production" +cookie_secure = false + +[database] +url = "sqlite:dev_database.db" +max_connections = 5 + +[logging] +level = "debug" +file_path = "logs/dev_app.log" +enable_console = true +enable_file = true + +[features] +auth = true +tls = false +content_db = true +two_factor_auth = false + +[build] +features = ["auth", "content-db", "crypto", "email", "metrics", "examples"] diff --git a/config/environments/prod/main.toml b/config/environments/prod/main.toml new file mode 100644 index 0000000..e83536e --- /dev/null +++ b/config/environments/prod/main.toml @@ -0,0 +1,65 @@ +# Production Environment Configuration +# Settings optimized for production deployment with security and performance + +[server] +environment = "production" +log_level = "info" +protocol = "https" +host = "0.0.0.0" +port = 443 + +[app] +debug = false +enable_metrics = true +enable_health_check = true +enable_compression = true + +[cors] +allowed_origins = ["https://yourdomain.com", "https://www.yourdomain.com"] + +[session] +secret = "@encrypted_session_secret" +cookie_secure = true + +[database] +url = "postgresql://username:password@localhost:5432/rustelo_prod" +max_connections = 20 +min_connections = 5 + +[logging] +level = "info" +file_path = "logs/prod_app.log" +enable_console = false +enable_file = true + +[features] +auth = true +tls = true +content_db = true +two_factor_auth = true + +[build] +features = ["auth", "content-db", "crypto", "email", "metrics", "tls"] + +[security] +rate_limit_requests = 1000 +rate_limit_window = 60 +bcrypt_cost = 14 + +[tls] +enabled = true +cert_path = "certs/production.crt" +key_path = "certs/production.key" + +[metrics] +enabled = true +collection_interval = 60 + +[auth] +max_login_attempts = 3 +lockout_duration = 1800 +session_timeout = 7200 + +[email] +enabled = true +default_provider = "smtp" diff --git a/config/environments/staging/main.toml b/config/environments/staging/main.toml new file mode 100644 index 0000000..8a050e1 --- /dev/null +++ b/config/environments/staging/main.toml @@ -0,0 +1,66 @@ +# Staging Environment Configuration +# Settings optimized for staging deployment - production-like but with relaxed security for testing + +[server] +environment = "staging" +log_level = "debug" +protocol = "https" +host = "0.0.0.0" +port = 443 + +[app] +debug = true +enable_metrics = true +enable_health_check = true +enable_compression = true + +[cors] +allowed_origins = ["https://staging.yourdomain.com", "https://staging-api.yourdomain.com"] + +[session] +secret = "@encrypted_staging_session_secret" +cookie_secure = true + +[database] +url = "postgresql://username:password@localhost:5432/rustelo_staging" +max_connections = 15 +min_connections = 3 + +[logging] +level = "debug" +file_path = "logs/staging_app.log" +enable_console = true +enable_file = true + +[features] +auth = true +tls = true +content_db = true +two_factor_auth = false + +[build] +features = ["auth", "content-db", "crypto", "email", "metrics", "tls"] + +[security] +rate_limit_requests = 500 +rate_limit_window = 60 +bcrypt_cost = 12 + +[tls] +enabled = true +cert_path = "certs/staging.crt" +key_path = "certs/staging.key" + +[metrics] +enabled = true +collection_interval = 30 + +[auth] +max_login_attempts = 5 +lockout_duration = 900 +session_timeout = 3600 +require_email_verification = false + +[email] +enabled = true +default_provider = "console" diff --git a/config/examples/full-featured.toml b/config/examples/full-featured.toml new file mode 100644 index 0000000..3b0e799 --- /dev/null +++ b/config/examples/full-featured.toml @@ -0,0 +1,584 @@ +# Full-Featured Configuration Example +# This configuration demonstrates all available features and settings +# Use this as a reference for comprehensive deployments + +[server] +protocol = "https" +host = "0.0.0.0" +port = 443 +environment = "production" +log_level = "info" + +[server.tls] +cert_path = "certs/server.crt" +key_path = "certs/server.key" + +[app] +name = "Rustelo-full-featured" +version = "0.1.0" +debug = false +enable_metrics = true +enable_health_check = true +enable_compression = true +max_request_size = 52428800 # 50MB + +[database] +url = "postgresql://rustelo:secure_password@localhost:5432/rustelo_full" +max_connections = 25 +min_connections = 5 +connect_timeout = 30 +idle_timeout = 600 +max_lifetime = 1800 + +[database.migrations] +auto_migrate = true +migration_dir = "migrations" +create_db_if_missing = true + +[database.health] +enable_ping = true +ping_timeout = 5 +max_retries = 3 + +[database.logging] +log_queries = false +log_slow_queries = true +slow_query_threshold = 500 # milliseconds + +[session] +secret = "@encrypted_session_secret" +cookie_name = "rustelo_session" +cookie_secure = true +cookie_http_only = true +cookie_same_site = "strict" +max_age = 7200 # 2 hours + +[security] +enable_csrf = true +csrf_token_name = "csrf_token" +rate_limit_requests = 1000 +rate_limit_window = 60 +bcrypt_cost = 14 + +[cors] +allowed_origins = ["https://yourdomain.com", "https://api.yourdomain.com", "https://admin.yourdomain.com"] +allowed_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"] +allowed_headers = ["Content-Type", "Authorization", "X-Requested-With", "X-API-Key"] +allow_credentials = true +max_age = 86400 + +[static] +assets_dir = "public" +site_root = "target/site" +site_pkg_dir = "pkg" + +[server_dirs] +public_dir = "public" +uploads_dir = "uploads" +logs_dir = "logs" +temp_dir = "tmp" +cache_dir = "cache" +config_dir = "config" +data_dir = "data" +backup_dir = "backups" + +[logging] +format = "json" +level = "info" +file_path = "logs/full_app.log" +max_file_size = 52428800 # 50MB +max_files = 10 +enable_console = false +enable_file = true + +# Authentication Configuration +[auth] +enabled = true + +[auth.jwt] +secret = "@encrypted_jwt_secret" +expiration = 86400 # 24 hours +refresh_token_expiration = 604800 # 7 days +algorithm = "HS256" +issuer = "rustelo-full" +audience = "rustelo-users" + +[auth.password] +min_length = 12 +require_uppercase = true +require_lowercase = true +require_numbers = true +require_special_chars = true +max_age_days = 90 +history_count = 12 + +[auth.security] +max_login_attempts = 3 +lockout_duration = 1800 # 30 minutes +session_timeout = 7200 # 2 hours +require_email_verification = true +password_reset_timeout = 3600 # 1 hour + +[auth.two_factor] +enabled = true +backup_codes_count = 10 +totp_issuer = "Rustelo Full Featured" +totp_digits = 6 +totp_period = 30 + +[auth.registration] +enabled = true +require_email_verification = true +auto_approve = false +default_role = "user" +allowed_domains = ["yourdomain.com", "trusted-partner.com"] + +[auth.sessions] +cleanup_interval = 1800 # 30 minutes +max_concurrent_sessions = 3 +remember_me_duration = 2592000 # 30 days + +[auth.rate_limiting] +login_attempts_per_minute = 3 +registration_attempts_per_hour = 2 +password_reset_attempts_per_hour = 2 + +# OAuth Configuration +[oauth] +enabled = true + +[oauth.google] +client_id = "@encrypted_google_client_id" +client_secret = "@encrypted_google_client_secret" +redirect_uri = "https://yourdomain.com/auth/google/callback" + +[oauth.github] +client_id = "@encrypted_github_client_id" +client_secret = "@encrypted_github_client_secret" +redirect_uri = "https://yourdomain.com/auth/github/callback" + +# Email Configuration +[email] +enabled = true +from_email = "noreply@yourdomain.com" +from_name = "Rustelo Full Featured" +reply_to = "support@yourdomain.com" +default_provider = "smtp" + +[email.smtp] +host = "smtp.yourdomain.com" +port = 587 +username = "@encrypted_smtp_username" +password = "@encrypted_smtp_password" +use_tls = true +use_starttls = true +timeout = 30 +pool_size = 10 + +[email.templates] +template_dir = "templates/email" +default_language = "en" +supported_languages = ["en", "es", "fr", "de", "ja"] +cache_templates = true +reload_on_change = false + +[email.queue] +enabled = true +max_retry_attempts = 5 +retry_delay = 120 # seconds +batch_size = 25 +processing_interval = 15 # seconds + +[email.rate_limiting] +max_emails_per_minute = 100 +max_emails_per_hour = 5000 +max_emails_per_day = 50000 +burst_limit = 50 + +[email.validation] +check_mx_records = true +check_disposable_domains = true +allowed_domains = [] +blocked_domains = ["tempmail.org", "10minutemail.com", "guerrillamail.com"] + +[email.bounce_handling] +enabled = true +webhook_url = "/webhooks/email/bounce" +webhook_secret = "@encrypted_email_webhook_secret" +max_bounce_rate = 0.02 # 2% +auto_suppress_bounces = true + +[email.security] +enable_dkim = true +dkim_selector = "default" +dkim_private_key_path = "certs/dkim_private.key" +enable_spf = true +enable_dmarc = true + +# Content Management Configuration +[content] +enabled = true +content_dir = "content" +cache_enabled = true +cache_ttl = 7200 # 2 hours +max_file_size = 10485760 # 10MB +auto_save_interval = 30 # seconds +enable_versioning = true +max_versions = 25 + +[content.types.article] +enabled = true +template = "article.hbs" +slug_prefix = "articles" +allow_comments = true +enable_seo = true +max_length = 100000 + +[content.types.page] +enabled = true +template = "page.hbs" +slug_prefix = "pages" +allow_comments = false +enable_seo = true +max_length = 200000 + +[content.types.blog_post] +enabled = true +template = "blog_post.hbs" +slug_prefix = "blog" +allow_comments = true +enable_seo = true +max_length = 50000 +enable_series = true + +[content.markdown] +enable_syntax_highlighting = true +theme = "github" +enable_tables = true +enable_strikethrough = true +enable_autolinks = true +enable_task_lists = true +enable_footnotes = true +enable_math = true +heading_anchors = true +code_block_line_numbers = true + +[content.seo] +auto_generate_meta = true +default_meta_description_length = 160 +auto_generate_og_tags = true +enable_json_ld = true +sitemap_enabled = true +sitemap_path = "/sitemap.xml" +robots_txt_enabled = true + +[content.publishing] +auto_publish = false +require_review = true +enable_drafts = true +enable_scheduling = true +default_status = "draft" + +[content.taxonomy] +enable_categories = true +max_categories_per_content = 10 +enable_tags = true +max_tags_per_content = 50 +enable_hierarchical_categories = true + +[content.media] +enabled = true +upload_dir = "uploads/content" +allowed_extensions = ["jpg", "jpeg", "png", "gif", "webp", "svg", "pdf", "doc", "docx", "mp4", "webm"] +max_file_size = 52428800 # 50MB +enable_image_optimization = true +generate_thumbnails = true +thumbnail_sizes = [150, 300, 600, 1200, 1920] + +[content.media.images] +auto_optimize = true +quality = 90 +progressive_jpeg = true +strip_metadata = true +enable_webp_conversion = true +enable_lazy_loading = true + +[content.search] +enabled = true +search_engine = "database" +index_content = true +index_metadata = true +search_fields = ["title", "content", "excerpt", "tags", "categories", "author"] +min_search_length = 2 +max_results = 100 + +[content.search.fulltext] +enable_stemming = true +enable_fuzzy_search = true +fuzzy_distance = 2 +boost_title = 3.0 +boost_tags = 2.0 +boost_categories = 1.5 + +[content.cache] +enable_redis = true +redis_url = "redis://localhost:6379/1" +redis_prefix = "content:" +cache_rendered_content = true +cache_search_results = true +search_cache_ttl = 600 # 10 minutes + +[content.api] +enabled = true +enable_public_api = true +enable_admin_api = true +api_prefix = "/api/content" +rate_limit_per_minute = 200 +require_auth_for_write = true +enable_bulk_operations = true + +[content.backup] +enabled = true +backup_interval = 43200 # 12 hours +backup_retention_days = 90 +backup_dir = "backups/content" +include_media = true +compress_backups = true + +[content.workflows] +enabled = true +require_approval = true +approval_roles = ["editor", "admin"] +notification_on_submission = true +notification_on_approval = true +auto_notify_authors = true + +[content.comments] +enabled = true +require_approval = true +enable_replies = true +max_nesting_level = 5 +enable_voting = true +enable_email_notifications = true +anti_spam_enabled = true + +[content.analytics] +track_views = true +track_reading_time = true +track_popular_content = true +analytics_retention_days = 365 +enable_heatmaps = true + +[content.feeds] +enabled = true +rss_enabled = true +atom_enabled = true +feed_title = "Rustelo Full Featured Content" +feed_description = "Latest content from our full-featured Rustelo application" +max_items = 50 +include_full_content = true + +[content.security] +enable_content_sanitization = true +allowed_html_tags = ["p", "br", "strong", "em", "ul", "ol", "li", "h1", "h2", "h3", "h4", "h5", "h6", "blockquote", "code", "pre", "a", "img", "table", "thead", "tbody", "tr", "th", "td"] +enable_xss_protection = true +enable_csrf_protection = true +max_content_length = 5000000 # 5MB + +[content.i18n] +enabled = true +default_language = "en" +supported_languages = ["en", "es", "fr", "de", "ja", "zh"] +fallback_to_default = true +auto_detect_language = true + +[content.performance] +enable_lazy_loading = true +enable_pagination = true +default_page_size = 25 +max_page_size = 100 +enable_content_compression = true +minify_html = true + +# Metrics Configuration +[metrics] +enabled = true +endpoint = "/metrics" +health_endpoint = "/metrics/health" +collection_interval = 30 # seconds +enable_process_metrics = true +enable_runtime_metrics = true + +[metrics.prometheus] +namespace = "rustelo_full" +subsystem = "" +registry_type = "default" +enable_exemplars = true +histogram_buckets = [0.0005, 0.001, 0.0025, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0] + +[metrics.http] +enabled = true +track_request_count = true +track_request_duration = true +track_requests_in_flight = true +track_response_size = true +track_request_size = true +include_user_agent = false +include_ip_address = false +slow_request_threshold = 0.5 # seconds + +[metrics.database] +enabled = true +track_connection_pool = true +track_query_duration = true +track_query_count = true +track_connection_errors = true +track_migration_status = true +slow_query_threshold = 0.05 # seconds +include_query_tags = false + +[metrics.auth] +enabled = true +track_login_attempts = true +track_login_failures = true +track_session_duration = true +track_active_sessions = true +track_token_generations = true +track_password_resets = true +track_registration_attempts = true +include_failure_reasons = true + +[metrics.content] +enabled = true +track_content_requests = true +track_cache_performance = true +track_content_processing_time = true +track_search_queries = true +track_content_views = true +track_popular_content = true + +[metrics.email] +enabled = true +track_emails_sent = true +track_email_failures = true +track_queue_size = true +track_processing_time = true +track_bounce_rate = true +track_delivery_rate = true +include_provider_metrics = true + +[metrics.system] +enabled = true +track_memory_usage = true +track_cpu_usage = true +track_disk_usage = true +track_network_io = true +track_file_descriptors = true +track_uptime = true +collection_interval = 15 # seconds + +[metrics.business] +enabled = true +track_user_registrations = true +track_user_logins = true +track_content_creation = true +track_api_usage = true +track_feature_usage = true +track_error_rates = true +track_conversion_metrics = true + +[metrics.custom] +enabled = true +allow_custom_counters = true +allow_custom_gauges = true +allow_custom_histograms = true +max_custom_metrics = 500 +custom_metric_prefix = "custom_" + +[metrics.labels] +include_environment = true +include_version = true +include_instance_id = true +include_hostname = true +custom_labels = {datacenter = "us-west-1", team = "platform"} + +[metrics.security] +enable_authentication = true +allowed_ips = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"] +api_key_header = "X-Metrics-API-Key" +api_key = "@encrypted_metrics_api_key" + +# TLS Configuration +[tls] +enabled = true +port = 443 +bind_address = "0.0.0.0" +protocols = ["TLSv1.2", "TLSv1.3"] +prefer_server_cipher_order = true +enable_http2 = true +enable_ocsp_stapling = true + +[tls.certificates] +cert_path = "certs/production.crt" +key_path = "certs/production.key" +chain_path = "certs/chain.pem" +verify_client_certs = false + +[tls.letsencrypt] +enabled = true +email = "admin@yourdomain.com" +domains = ["yourdomain.com", "www.yourdomain.com", "api.yourdomain.com"] +acme_server = "https://acme-v02.api.letsencrypt.org/directory" +challenge_type = "http-01" +cert_path = "certs/letsencrypt" +auto_renew = true +renew_days_before = 30 + +[tls.monitoring] +check_expiry = true +expiry_warning_days = 30 +expiry_critical_days = 7 +notify_on_expiry = true +health_check_enabled = true + +[tls.ciphers] +allowed_ciphers = [ + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "TLS_AES_128_GCM_SHA256", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-AES128-GCM-SHA256" +] +allow_legacy_ciphers = false + +[tls.hsts] +enabled = true +max_age = 31536000 # 1 year +include_subdomains = true +preload = true + +[tls.redirect] +enable_http_redirect = true +redirect_port = 80 +permanent_redirect = true +redirect_status_code = 301 + +# Redis Configuration +[redis] +enabled = true +url = "redis://localhost:6379/0" +pool_size = 20 +connection_timeout = 10 +command_timeout = 10 + +# Feature Flags +[features] +auth = true +tls = true +content_db = true +two_factor_auth = true + +# Build Configuration +[build] +features = ["auth", "content-db", "crypto", "email", "metrics", "tls"] diff --git a/config/examples/minimal.toml b/config/examples/minimal.toml new file mode 100644 index 0000000..31cd534 --- /dev/null +++ b/config/examples/minimal.toml @@ -0,0 +1,75 @@ +# Minimal Configuration Example +# This is the smallest possible configuration for running Rustelo +# Includes only essential features for basic functionality + +[server] +protocol = "http" +host = "127.0.0.1" +port = 3030 +environment = "development" +log_level = "info" + +[app] +name = "Rustelo-minimal" +version = "0.1.0" +debug = false +enable_metrics = false +enable_health_check = true +enable_compression = false +max_request_size = 1048576 # 1MB + +[database] +url = "sqlite:minimal.db" +max_connections = 3 +min_connections = 1 +connect_timeout = 10 +idle_timeout = 300 +max_lifetime = 900 + +[session] +secret = "minimal-session-secret-change-this" +cookie_name = "session_id" +cookie_http_only = true +cookie_same_site = "lax" +max_age = 1800 # 30 minutes + +[security] +enable_csrf = true +csrf_token_name = "csrf_token" +rate_limit_requests = 50 +rate_limit_window = 60 +bcrypt_cost = 10 + +[cors] +allowed_origins = ["http://localhost:3030"] +allowed_methods = ["GET", "POST"] +allowed_headers = ["Content-Type"] +allow_credentials = true +max_age = 600 + +[static] +assets_dir = "public" +site_root = "target/site" +site_pkg_dir = "pkg" + +[server_dirs] +public_dir = "public" +uploads_dir = "uploads" +logs_dir = "logs" +temp_dir = "tmp" +cache_dir = "cache" + +[logging] +format = "text" +level = "info" +enable_console = true +enable_file = false + +[features] +auth = false +tls = false +content_db = false +two_factor_auth = false + +[build] +features = ["crypto"] diff --git a/config/features/auth.toml b/config/features/auth.toml new file mode 100644 index 0000000..4157d33 --- /dev/null +++ b/config/features/auth.toml @@ -0,0 +1,74 @@ +# Authentication Feature Configuration +# Settings for the authentication and authorization system + +[features] +auth = true + +# OAuth Configuration +[oauth] +enabled = false + +[oauth.google] +client_id = "your-google-client-id" +client_secret = "your-google-client-secret" +redirect_uri = "http://localhost:3030/auth/google/callback" + +[oauth.github] +client_id = "your-github-client-id" +client_secret = "your-github-client-secret" +redirect_uri = "http://localhost:3030/auth/github/callback" + +# JWT Configuration +[auth.jwt] +secret = "change-this-in-production-to-a-secure-random-string" +expiration = 86400 # 24 hours in seconds +refresh_token_expiration = 604800 # 7 days in seconds +algorithm = "HS256" +issuer = "rustelo-app" +audience = "rustelo-users" + +# Password Policy +[auth.password] +min_length = 8 +require_uppercase = true +require_lowercase = true +require_numbers = true +require_special_chars = true +max_age_days = 90 +history_count = 5 + +# Account Security +[auth.security] +max_login_attempts = 5 +lockout_duration = 900 # 15 minutes in seconds +session_timeout = 3600 # 1 hour in seconds +require_email_verification = true +password_reset_timeout = 3600 # 1 hour in seconds + +# Two-Factor Authentication +[auth.two_factor] +enabled = false +backup_codes_count = 10 +totp_issuer = "Rustelo App" +totp_digits = 6 +totp_period = 30 + +# User Registration +[auth.registration] +enabled = true +require_email_verification = true +auto_approve = true +default_role = "user" +allowed_domains = [] # Empty array means all domains allowed + +# Session Management +[auth.sessions] +cleanup_interval = 3600 # 1 hour in seconds +max_concurrent_sessions = 5 +remember_me_duration = 2592000 # 30 days in seconds + +# Rate Limiting for Auth Endpoints +[auth.rate_limiting] +login_attempts_per_minute = 5 +registration_attempts_per_hour = 3 +password_reset_attempts_per_hour = 3 diff --git a/config/features/auth/dev.toml b/config/features/auth/dev.toml new file mode 100644 index 0000000..13069bc --- /dev/null +++ b/config/features/auth/dev.toml @@ -0,0 +1,74 @@ +# Authentication Feature Configuration - Development Environment +# Settings optimized for local development and debugging + +[features] +auth = true + +# OAuth Configuration - Development +[oauth] +enabled = false + +[oauth.google] +client_id = "dev-google-client-id" +client_secret = "dev-google-client-secret" +redirect_uri = "http://localhost:3030/auth/google/callback" + +[oauth.github] +client_id = "dev-github-client-id" +client_secret = "dev-github-client-secret" +redirect_uri = "http://localhost:3030/auth/github/callback" + +# JWT Configuration - Development +[auth.jwt] +secret = "dev-jwt-secret-change-in-production" +expiration = 86400 # 24 hours in seconds +refresh_token_expiration = 604800 # 7 days in seconds +algorithm = "HS256" +issuer = "rustelo-app-dev" +audience = "rustelo-users-dev" + +# Password Policy - Relaxed for development +[auth.password] +min_length = 6 +require_uppercase = false +require_lowercase = true +require_numbers = true +require_special_chars = false +max_age_days = 365 +history_count = 3 + +# Account Security - Relaxed for development +[auth.security] +max_login_attempts = 10 +lockout_duration = 300 # 5 minutes in seconds +session_timeout = 7200 # 2 hours in seconds +require_email_verification = false +password_reset_timeout = 7200 # 2 hours in seconds + +# Two-Factor Authentication - Disabled for development +[auth.two_factor] +enabled = false +backup_codes_count = 10 +totp_issuer = "Rustelo App Dev" +totp_digits = 6 +totp_period = 30 + +# User Registration - Open for development +[auth.registration] +enabled = true +require_email_verification = false +auto_approve = true +default_role = "user" +allowed_domains = [] # Empty array means all domains allowed + +# Session Management - Extended for development +[auth.sessions] +cleanup_interval = 3600 # 1 hour in seconds +max_concurrent_sessions = 10 +remember_me_duration = 2592000 # 30 days in seconds + +# Rate Limiting - Relaxed for development +[auth.rate_limiting] +login_attempts_per_minute = 20 +registration_attempts_per_hour = 10 +password_reset_attempts_per_hour = 10 diff --git a/config/features/auth/example.toml b/config/features/auth/example.toml new file mode 100644 index 0000000..336d5b5 --- /dev/null +++ b/config/features/auth/example.toml @@ -0,0 +1,161 @@ +# Authentication Feature Configuration - Example +# Complete example showing all available authentication options + +[features] +auth = true + +# OAuth Configuration - Example with multiple providers +[oauth] +enabled = true + +[oauth.google] +client_id = "your-google-client-id.apps.googleusercontent.com" +client_secret = "your-google-client-secret" +redirect_uri = "https://yourapp.com/auth/google/callback" + +[oauth.github] +client_id = "your-github-client-id" +client_secret = "your-github-client-secret" +redirect_uri = "https://yourapp.com/auth/github/callback" + +[oauth.microsoft] +client_id = "your-microsoft-client-id" +client_secret = "your-microsoft-client-secret" +redirect_uri = "https://yourapp.com/auth/microsoft/callback" + +# JWT Configuration - Example with all options +[auth.jwt] +secret = "your-super-secure-jwt-secret-key-at-least-32-characters-long" +expiration = 3600 # 1 hour in seconds +refresh_token_expiration = 86400 # 24 hours in seconds +algorithm = "HS256" # HS256, HS384, HS512, RS256, RS384, RS512 +issuer = "rustelo-app" +audience = "rustelo-users" +not_before_leeway = 0 # seconds +expiration_leeway = 0 # seconds + +# Password Policy - Example with balanced security +[auth.password] +min_length = 10 +require_uppercase = true +require_lowercase = true +require_numbers = true +require_special_chars = true +max_age_days = 180 # 6 months +history_count = 8 +complexity_score = 3 # 1-5 scale +dictionary_check = true +common_password_check = true + +# Account Security - Example with comprehensive settings +[auth.security] +max_login_attempts = 5 +lockout_duration = 900 # 15 minutes in seconds +session_timeout = 3600 # 1 hour in seconds +require_email_verification = true +password_reset_timeout = 3600 # 1 hour in seconds +enable_captcha = true +captcha_after_attempts = 3 +ip_tracking = true +device_fingerprinting = true + +# Two-Factor Authentication - Example with all options +[auth.two_factor] +enabled = true +backup_codes_count = 10 +totp_issuer = "Rustelo App" +totp_digits = 6 +totp_period = 30 +totp_skew = 1 # Allow 1 period before/after +sms_enabled = true +email_enabled = true +app_enabled = true +hardware_key_enabled = false + +# User Registration - Example with moderation +[auth.registration] +enabled = true +require_email_verification = true +auto_approve = false +default_role = "user" +allowed_domains = ["company.com", "partner.org"] +blocked_domains = ["tempmail.org", "10minutemail.com"] +require_invitation = false +invitation_expiry = 604800 # 7 days +username_min_length = 3 +username_max_length = 30 +username_regex = "^[a-zA-Z0-9_-]+$" + +# Session Management - Example with comprehensive settings +[auth.sessions] +cleanup_interval = 1800 # 30 minutes in seconds +max_concurrent_sessions = 5 +remember_me_duration = 2592000 # 30 days in seconds +session_storage = "database" # "memory", "database", "redis" +secure_cookie = true +httponly_cookie = true +same_site = "strict" # "strict", "lax", "none" +session_regeneration = true + +# Rate Limiting - Example with tiered limits +[auth.rate_limiting] +login_attempts_per_minute = 10 +registration_attempts_per_hour = 5 +password_reset_attempts_per_hour = 5 +oauth_attempts_per_minute = 15 +api_calls_per_minute = 100 +burst_limit = 20 +enable_progressive_delay = true + +# Role-Based Access Control - Example +[auth.rbac] +enabled = true +default_permissions = ["read_profile", "update_profile"] +admin_permissions = ["*"] +moderator_permissions = ["read_*", "update_content", "delete_content"] +user_permissions = ["read_profile", "update_profile", "create_content"] + +# Audit Logging - Example +[auth.audit] +enabled = true +log_successful_logins = true +log_failed_logins = true +log_password_changes = true +log_role_changes = true +log_permission_changes = true +retention_days = 365 +export_format = "json" + +# Advanced Security Features - Example +[auth.security.advanced] +enable_bruteforce_protection = true +enable_ip_whitelist = false +whitelist_ips = ["192.168.1.0/24", "10.0.0.0/8"] +enable_geolocation_check = true +allowed_countries = ["US", "CA", "GB"] +suspicious_activity_threshold = 10 +account_lockout_escalation = true +password_breach_check = true +device_trust_duration = 2592000 # 30 days + +# Integration Settings - Example +[auth.integrations] +ldap_enabled = false +ldap_server = "ldap://ldap.company.com" +ldap_bind_dn = "cn=admin,dc=company,dc=com" +ldap_bind_password = "ldap-password" +ldap_search_base = "ou=users,dc=company,dc=com" +ldap_user_filter = "(&(objectClass=person)(uid={username}))" + +saml_enabled = false +saml_entity_id = "rustelo-app" +saml_sso_url = "https://sso.company.com/saml/sso" +saml_certificate_path = "certs/saml.crt" + +# Development and Testing - Example +[auth.development] +bypass_email_verification = false +allow_weak_passwords = false +log_auth_tokens = false +enable_test_users = false +mock_oauth_providers = false diff --git a/config/features/auth/prod.toml b/config/features/auth/prod.toml new file mode 100644 index 0000000..523188b --- /dev/null +++ b/config/features/auth/prod.toml @@ -0,0 +1,83 @@ +# Authentication Feature Configuration - Production Environment +# Settings optimized for production security and performance + +[features] +auth = true + +# OAuth Configuration - Production +[oauth] +enabled = true + +[oauth.google] +client_id = "${GOOGLE_CLIENT_ID}" +client_secret = "${GOOGLE_CLIENT_SECRET}" +redirect_uri = "${BASE_URL}/auth/google/callback" + +[oauth.github] +client_id = "${GITHUB_CLIENT_ID}" +client_secret = "${GITHUB_CLIENT_SECRET}" +redirect_uri = "${BASE_URL}/auth/github/callback" + +# JWT Configuration - Production +[auth.jwt] +secret = "${JWT_SECRET}" +expiration = 3600 # 1 hour in seconds +refresh_token_expiration = 86400 # 24 hours in seconds +algorithm = "HS256" +issuer = "rustelo-app" +audience = "rustelo-users" + +# Password Policy - Strict for production +[auth.password] +min_length = 12 +require_uppercase = true +require_lowercase = true +require_numbers = true +require_special_chars = true +max_age_days = 90 +history_count = 12 + +# Account Security - Strict for production +[auth.security] +max_login_attempts = 3 +lockout_duration = 1800 # 30 minutes in seconds +session_timeout = 1800 # 30 minutes in seconds +require_email_verification = true +password_reset_timeout = 1800 # 30 minutes in seconds + +# Two-Factor Authentication - Enabled for production +[auth.two_factor] +enabled = true +backup_codes_count = 10 +totp_issuer = "Rustelo App" +totp_digits = 6 +totp_period = 30 + +# User Registration - Controlled for production +[auth.registration] +enabled = true +require_email_verification = true +auto_approve = false +default_role = "user" +allowed_domains = [] # Configure specific domains if needed + +# Session Management - Secure for production +[auth.sessions] +cleanup_interval = 1800 # 30 minutes in seconds +max_concurrent_sessions = 3 +remember_me_duration = 604800 # 7 days in seconds + +# Rate Limiting - Strict for production +[auth.rate_limiting] +login_attempts_per_minute = 5 +registration_attempts_per_hour = 3 +password_reset_attempts_per_hour = 3 + +# Additional Production Security +[auth.security.advanced] +enable_bruteforce_protection = true +enable_ip_whitelist = false +whitelist_ips = [] +enable_geolocation_check = false +suspicious_activity_threshold = 5 +account_lockout_escalation = true diff --git a/config/features/content.toml b/config/features/content.toml new file mode 100644 index 0000000..1d010ed --- /dev/null +++ b/config/features/content.toml @@ -0,0 +1,219 @@ +# Content Management Feature Configuration +# Settings for the database-backed content management system + +[features] +content_db = true + +# Content Management Configuration +[content] +enabled = true +content_dir = "content" +cache_enabled = true +cache_ttl = 3600 # seconds +max_file_size = 5242880 # 5MB +auto_save_interval = 30 # seconds +enable_versioning = true +max_versions = 10 + +# Content Types +[content.types] +# Supported content types and their configurations +[content.types.article] +enabled = true +template = "article.hbs" +slug_prefix = "articles" +allow_comments = true +enable_seo = true +max_length = 50000 + +[content.types.page] +enabled = true +template = "page.hbs" +slug_prefix = "pages" +allow_comments = false +enable_seo = true +max_length = 100000 + +[content.types.blog_post] +enabled = true +template = "blog_post.hbs" +slug_prefix = "blog" +allow_comments = true +enable_seo = true +max_length = 30000 +enable_series = true + +# Markdown Configuration +[content.markdown] +enable_syntax_highlighting = true +theme = "github" +enable_tables = true +enable_strikethrough = true +enable_autolinks = true +enable_task_lists = true +enable_footnotes = true +enable_math = false +heading_anchors = true +code_block_line_numbers = true + +# SEO Configuration +[content.seo] +auto_generate_meta = true +default_meta_description_length = 160 +auto_generate_og_tags = true +enable_json_ld = true +sitemap_enabled = true +sitemap_path = "/sitemap.xml" +robots_txt_enabled = true + +# Content Publishing +[content.publishing] +auto_publish = false +require_review = true +enable_drafts = true +enable_scheduling = true +default_status = "draft" # "draft", "published", "scheduled", "archived" + +# Content Categories and Tags +[content.taxonomy] +enable_categories = true +max_categories_per_content = 5 +enable_tags = true +max_tags_per_content = 20 +enable_hierarchical_categories = true + +# Media Management +[content.media] +enabled = true +upload_dir = "uploads/content" +allowed_extensions = ["jpg", "jpeg", "png", "gif", "webp", "svg", "pdf", "doc", "docx"] +max_file_size = 10485760 # 10MB +enable_image_optimization = true +generate_thumbnails = true +thumbnail_sizes = [150, 300, 600, 1200] + +# Image Processing +[content.media.images] +auto_optimize = true +quality = 85 +progressive_jpeg = true +strip_metadata = true +enable_webp_conversion = true +enable_lazy_loading = true + +# Content Search +[content.search] +enabled = true +search_engine = "database" # "database", "elasticsearch", "algolia" +index_content = true +index_metadata = true +search_fields = ["title", "content", "excerpt", "tags", "categories"] +min_search_length = 3 +max_results = 50 + +# Full-text Search Configuration +[content.search.fulltext] +enable_stemming = true +enable_fuzzy_search = true +fuzzy_distance = 2 +boost_title = 2.0 +boost_tags = 1.5 +boost_categories = 1.3 + +# Content Cache +[content.cache] +enable_redis = false +redis_url = "redis://localhost:6379" +redis_prefix = "content:" +cache_rendered_content = true +cache_search_results = true +search_cache_ttl = 300 # 5 minutes + +# Content API +[content.api] +enabled = true +enable_public_api = true +enable_admin_api = true +api_prefix = "/api/content" +rate_limit_per_minute = 100 +require_auth_for_write = true +enable_bulk_operations = true + +# Content Backup +[content.backup] +enabled = true +backup_interval = 86400 # 24 hours +backup_retention_days = 30 +backup_dir = "backups/content" +include_media = true +compress_backups = true + +# Content Workflows +[content.workflows] +enabled = false +require_approval = false +approval_roles = ["editor", "admin"] +notification_on_submission = true +notification_on_approval = true +auto_notify_authors = true + +# Content Comments +[content.comments] +enabled = true +require_approval = false +enable_replies = true +max_nesting_level = 3 +enable_voting = true +enable_email_notifications = true +anti_spam_enabled = true + +# Content Analytics +[content.analytics] +track_views = true +track_reading_time = true +track_popular_content = true +analytics_retention_days = 90 +enable_heatmaps = false + +# RSS/Atom Feeds +[content.feeds] +enabled = true +rss_enabled = true +atom_enabled = true +feed_title = "Rustelo Content Feed" +feed_description = "Latest content from Rustelo" +max_items = 20 +include_full_content = false + +# Content Import/Export +[content.import_export] +enabled = true +supported_formats = ["markdown", "html", "json", "xml"] +enable_bulk_import = true +enable_export = true +export_formats = ["markdown", "json", "pdf"] + +# Content Security +[content.security] +enable_content_sanitization = true +allowed_html_tags = ["p", "br", "strong", "em", "ul", "ol", "li", "h1", "h2", "h3", "h4", "h5", "h6", "blockquote", "code", "pre"] +enable_xss_protection = true +enable_csrf_protection = true +max_content_length = 1000000 # 1MB + +# Content Localization +[content.i18n] +enabled = false +default_language = "en" +supported_languages = ["en", "es", "fr", "de"] +fallback_to_default = true +auto_detect_language = false + +# Performance Optimization +[content.performance] +enable_lazy_loading = true +enable_pagination = true +default_page_size = 20 +max_page_size = 100 +enable_content_compression = true +minify_html = false diff --git a/config/features/content/dev.toml b/config/features/content/dev.toml new file mode 100644 index 0000000..f7c5afd --- /dev/null +++ b/config/features/content/dev.toml @@ -0,0 +1,118 @@ +# Content Feature Configuration - Development Environment +# Settings optimized for local development and testing + +[features] +content_db = true + +# Content Management - Development +[content] +enabled = true +content_dir = "content" +cache_enabled = false # Disable caching for development +cache_ttl = 60 # Short TTL for development +max_file_size = 52428800 # 50MB for development +allowed_extensions = ["md", "txt", "html", "json", "yaml", "toml"] +auto_reload = true +enable_drafts = true + +# Content Storage - Development +[content.storage] +type = "filesystem" # "filesystem", "database", "s3" +base_path = "content" +create_directories = true +backup_enabled = false +versioning_enabled = true +max_versions = 10 + +# Content Processing - Development +[content.processing] +markdown_enabled = true +syntax_highlighting = true +auto_linking = true +enable_math = true +enable_mermaid = true +enable_prism = true +process_includes = true +validate_frontmatter = true + +# Content Validation - Relaxed for development +[content.validation] +strict_mode = false +validate_yaml_frontmatter = true +validate_markdown_links = false +validate_images = false +check_broken_links = false +allowed_protocols = ["http", "https", "ftp", "mailto"] + +# Content Indexing - Development +[content.indexing] +enabled = true +full_text_search = true +index_content = true +index_metadata = true +rebuild_on_change = true +search_engine = "basic" # "basic", "elasticsearch", "solr" + +# Content Templates - Development +[content.templates] +enabled = true +template_dir = "templates/content" +default_template = "default.hbs" +auto_detect_template = true +template_cache = false # Disable caching for development + +# Content API - Development +[content.api] +enabled = true +base_path = "/api/content" +enable_crud = true +enable_search = true +enable_upload = true +enable_download = true +rate_limit = 1000 # requests per minute +max_query_results = 1000 + +# Content Security - Relaxed for development +[content.security] +sanitize_html = true +allow_raw_html = true +allow_scripts = false +allow_iframes = false +csrf_protection = false +xss_protection = true + +# Content Metadata - Development +[content.metadata] +extract_metadata = true +auto_generate_slug = true +auto_generate_excerpt = true +excerpt_length = 150 +auto_generate_toc = true +auto_generate_tags = false + +# Content Workflow - Development +[content.workflow] +enabled = false +require_approval = false +auto_publish = true +draft_mode = true +revision_control = true +collaborative_editing = false + +# Content Performance - Development +[content.performance] +lazy_loading = false +image_optimization = false +content_compression = false +cdn_enabled = false +cache_static_assets = false + +# Development Settings +[content.development] +debug_mode = true +log_queries = true +log_processing = true +enable_content_preview = true +auto_save_drafts = true +show_processing_time = true +enable_hot_reload = true diff --git a/config/features/content/example.toml b/config/features/content/example.toml new file mode 100644 index 0000000..a17c266 --- /dev/null +++ b/config/features/content/example.toml @@ -0,0 +1,229 @@ +# Content Feature Configuration - Example Environment +# Complete documentation of all content management options + +[features] +content = true + +[content] +enabled = true +content_dir = "content" # Directory for content storage +cache_enabled = true # Enable content caching +cache_ttl = 3600 # Cache TTL in seconds (1 hour) +max_file_size = 52428800 # Maximum file size in bytes (50MB) +max_files_per_upload = 10 # Maximum files per upload request +allowed_file_types = [ # Allowed file extensions + "md", "txt", "html", "css", "js", + "json", "toml", "yaml", "yml", + "jpg", "jpeg", "png", "gif", "webp", + "svg", "pdf", "doc", "docx" +] +blocked_file_types = [ # Blocked file extensions for security + "exe", "bat", "cmd", "com", "scr", + "pif", "vbs", "js", "jar", "sh" +] +scan_uploads = true # Scan uploaded files for malware +quarantine_suspicious = true # Quarantine suspicious files + +[content.markdown] +enabled = true # Enable Markdown processing +parser = "pulldown-cmark" # Markdown parser to use +syntax_highlighting = true # Enable code syntax highlighting +highlight_theme = "github" # Syntax highlighting theme +math_support = true # Enable LaTeX math rendering +math_renderer = "katex" # Math rendering engine +table_of_contents = true # Generate table of contents +auto_links = true # Automatically link URLs +smart_punctuation = true # Enable smart punctuation +footnotes = true # Enable footnotes +strikethrough = true # Enable strikethrough text +tasklists = true # Enable task lists +tables = true # Enable tables +heading_anchors = true # Generate heading anchors + +[content.media] +enabled = true # Enable media file handling +max_image_size = 10485760 # Maximum image size (10MB) +max_video_size = 104857600 # Maximum video size (100MB) +max_audio_size = 20971520 # Maximum audio size (20MB) +image_processing = true # Enable image processing +thumbnail_generation = true # Generate thumbnails +thumbnail_sizes = [150, 300, 600] # Thumbnail sizes in pixels +image_optimization = true # Optimize images on upload +video_processing = false # Enable video processing (resource intensive) +allowed_image_types = [ # Allowed image formats + "jpg", "jpeg", "png", "gif", "webp", "svg" +] +allowed_video_types = [ # Allowed video formats + "mp4", "webm", "ogg", "avi", "mov" +] +allowed_audio_types = [ # Allowed audio formats + "mp3", "ogg", "wav", "flac", "aac" +] + +[content.versioning] +enabled = true # Enable content versioning +max_versions = 10 # Maximum versions to keep per content +auto_save_enabled = true # Enable auto-save functionality +auto_save_interval = 30 # Auto-save interval in seconds +version_comparison = true # Enable version comparison +restore_versions = true # Allow version restoration +version_metadata = true # Store version metadata + +[content.publishing] +draft_mode = true # Enable draft mode +scheduled_publishing = true # Enable scheduled publishing +approval_workflow = true # Require approval for publishing +approval_roles = ["editor", "admin"] # Roles that can approve content +publish_notifications = true # Send notifications on publish +unpublish_capability = true # Allow unpublishing content +bulk_operations = true # Enable bulk operations +content_templates = true # Enable content templates + +[content.search] +enabled = true # Enable content search +full_text_search = true # Enable full-text search +search_engine = "tantivy" # Search engine to use +index_content = true # Index content for search +index_metadata = true # Index metadata for search +search_highlights = true # Enable search result highlights +fuzzy_search = true # Enable fuzzy search +search_suggestions = true # Enable search suggestions +search_filters = true # Enable search filters + +[content.categories] +enabled = true # Enable content categories +hierarchical_categories = true # Allow nested categories +max_category_depth = 5 # Maximum category nesting depth +category_slugs = true # Generate category slugs +category_descriptions = true # Allow category descriptions +category_images = true # Allow category images +auto_categorization = false # Enable auto-categorization + +[content.tags] +enabled = true # Enable content tags +max_tags_per_content = 20 # Maximum tags per content item +tag_suggestions = true # Enable tag suggestions +tag_autocomplete = true # Enable tag autocomplete +tag_cloud = true # Enable tag cloud generation +tag_popularity = true # Track tag popularity +tag_synonyms = true # Enable tag synonyms + +[content.comments] +enabled = true # Enable comments system +moderation_required = true # Require comment moderation +spam_filtering = true # Enable spam filtering +comment_voting = true # Enable comment voting +nested_comments = true # Allow nested comments +max_comment_depth = 3 # Maximum comment nesting depth +comment_formatting = "markdown" # Comment formatting (markdown, html, plain) +comment_notifications = true # Send comment notifications + +[content.seo] +enabled = true # Enable SEO features +meta_tags = true # Generate meta tags +open_graph = true # Generate Open Graph tags +twitter_cards = true # Generate Twitter Card tags +structured_data = true # Generate structured data +sitemaps = true # Generate sitemaps +robots_txt = true # Generate robots.txt +canonical_urls = true # Generate canonical URLs +breadcrumbs = true # Generate breadcrumbs + +[content.analytics] +enabled = true # Enable content analytics +page_views = true # Track page views +popular_content = true # Track popular content +user_engagement = true # Track user engagement +reading_time = true # Calculate reading time +content_performance = true # Track content performance +analytics_retention = 90 # Analytics data retention in days + +[content.backup] +enabled = true # Enable content backup +backup_schedule = "0 2 * * *" # Backup schedule (daily at 2 AM) +backup_retention = 30 # Backup retention in days +backup_format = "zip" # Backup format (zip, tar, json) +backup_location = "backups/content" # Backup storage location +incremental_backup = true # Enable incremental backups +backup_verification = true # Verify backup integrity + +[content.performance] +lazy_loading = true # Enable lazy loading +image_lazy_loading = true # Enable image lazy loading +content_compression = true # Enable content compression +cdn_integration = false # Enable CDN integration +cache_headers = true # Set appropriate cache headers +preload_critical = true # Preload critical resources +minify_html = true # Minify HTML output +minify_css = true # Minify CSS output +minify_js = true # Minify JavaScript output + +[content.security] +content_sanitization = true # Enable content sanitization +xss_protection = true # Enable XSS protection +csrf_protection = true # Enable CSRF protection +rate_limiting = true # Enable rate limiting +upload_scanning = true # Scan uploaded files +virus_scanning = false # Enable virus scanning (requires ClamAV) +content_validation = true # Validate content structure +permission_checks = true # Enforce permission checks + +[content.api] +enabled = true # Enable content API +rest_api = true # Enable REST API +graphql_api = false # Enable GraphQL API +api_authentication = true # Require API authentication +api_rate_limiting = true # Enable API rate limiting +api_versioning = true # Enable API versioning +api_documentation = true # Generate API documentation +webhook_support = true # Enable webhook support + +[content.export] +enabled = true # Enable content export +export_formats = ["json", "xml", "csv"] # Supported export formats +bulk_export = true # Enable bulk export +scheduled_export = true # Enable scheduled export +export_filtering = true # Enable export filtering +export_compression = true # Compress exported files +export_encryption = false # Encrypt exported files + +[content.import] +enabled = true # Enable content import +import_formats = ["json", "xml", "csv", "markdown"] # Supported import formats +bulk_import = true # Enable bulk import +import_validation = true # Validate imported content +import_preview = true # Enable import preview +import_rollback = true # Enable import rollback +duplicate_handling = "skip" # How to handle duplicates (skip, overwrite, merge) + +[content.workflows] +enabled = true # Enable content workflows +custom_workflows = true # Allow custom workflows +workflow_automation = true # Enable workflow automation +workflow_notifications = true # Send workflow notifications +workflow_history = true # Track workflow history +parallel_workflows = false # Enable parallel workflows +workflow_conditions = true # Enable workflow conditions +workflow_approvals = true # Enable workflow approvals + +[content.localization] +enabled = false # Enable content localization +default_language = "en" # Default language +supported_languages = ["en", "es", "fr", "de"] # Supported languages +auto_translation = false # Enable automatic translation +translation_service = "google" # Translation service to use +rtl_support = false # Enable right-to-left language support +language_detection = true # Enable language detection +fallback_language = "en" # Fallback language + +[content.monitoring] +enabled = true # Enable content monitoring +error_tracking = true # Track content errors +performance_monitoring = true # Monitor content performance +uptime_monitoring = true # Monitor content availability +alert_thresholds = [ # Alert thresholds + { name = "error_rate", value = 5.0, unit = "%" }, # Error rate threshold (%) + { name = "response_time", value = 2000, unit = "ms" }, # Response time threshold (ms) + { name = "disk_usage", value = 80.0, unit = "%" } # Disk usage threshold (%) +] +notification_channels = ["email", "slack"] # Notification channels diff --git a/config/features/content/prod.toml b/config/features/content/prod.toml new file mode 100644 index 0000000..0f9dc1b --- /dev/null +++ b/config/features/content/prod.toml @@ -0,0 +1,212 @@ +# Content Feature Configuration - Production Environment +# Settings optimized for production security and performance + +[features] +content_db = true + +# Content Management - Production +[content] +enabled = true +content_dir = "/var/lib/rustelo/content" +cache_enabled = true +cache_ttl = 3600 # 1 hour +max_file_size = 10485760 # 10MB for production +allowed_extensions = ["md", "txt", "html", "json", "yaml"] +auto_reload = false +enable_drafts = true +strict_validation = true + +# Content Storage - Production +[content.storage] +type = "database" # "filesystem", "database", "s3" +base_path = "/var/lib/rustelo/content" +create_directories = true +backup_enabled = true +versioning_enabled = true +max_versions = 5 +backup_schedule = "0 3 * * *" # Daily at 3 AM +s3_bucket = "${CONTENT_S3_BUCKET}" +s3_region = "${AWS_REGION}" +s3_access_key = "${AWS_ACCESS_KEY_ID}" +s3_secret_key = "${AWS_SECRET_ACCESS_KEY}" + +# Content Processing - Production +[content.processing] +markdown_enabled = true +syntax_highlighting = true +auto_linking = true +enable_math = true +enable_mermaid = false # Disabled for security +enable_prism = true +process_includes = true +validate_frontmatter = true +sanitize_html = true +strip_dangerous_tags = true + +# Content Validation - Strict for production +[content.validation] +strict_mode = true +validate_yaml_frontmatter = true +validate_markdown_links = true +validate_images = true +check_broken_links = true +allowed_protocols = ["https", "mailto"] +max_content_size = 1048576 # 1MB +require_alt_text = true +validate_accessibility = true + +# Content Indexing - Production +[content.indexing] +enabled = true +full_text_search = true +index_content = true +index_metadata = true +rebuild_on_change = false +search_engine = "elasticsearch" # "basic", "elasticsearch", "solr" +elasticsearch_url = "${ELASTICSEARCH_URL}" +elasticsearch_index = "rustelo_content" +batch_size = 100 +index_compression = true + +# Content Templates - Production +[content.templates] +enabled = true +template_dir = "/var/lib/rustelo/templates/content" +default_template = "default.hbs" +auto_detect_template = true +template_cache = true +cache_ttl = 3600 # 1 hour +precompile_templates = true + +# Content API - Production +[content.api] +enabled = true +base_path = "/api/content" +enable_crud = true +enable_search = true +enable_upload = true +enable_download = true +rate_limit = 100 # requests per minute +max_query_results = 100 +require_authentication = true +admin_only_operations = ["delete", "bulk_update"] + +# Content Security - Strict for production +[content.security] +sanitize_html = true +allow_raw_html = false +allow_scripts = false +allow_iframes = false +csrf_protection = true +xss_protection = true +content_type_validation = true +file_type_validation = true +virus_scanning = true +quarantine_suspicious = true + +# Content Metadata - Production +[content.metadata] +extract_metadata = true +auto_generate_slug = true +auto_generate_excerpt = true +excerpt_length = 150 +auto_generate_toc = true +auto_generate_tags = true +ai_tag_generation = false +metadata_validation = true + +# Content Workflow - Production +[content.workflow] +enabled = true +require_approval = true +auto_publish = false +draft_mode = true +revision_control = true +collaborative_editing = true +approval_workflow = "two_stage" +notify_reviewers = true +audit_trail = true + +# Content Performance - Production +[content.performance] +lazy_loading = true +image_optimization = true +content_compression = true +cdn_enabled = true +cdn_url = "${CDN_URL}" +cache_static_assets = true +cache_ttl = 86400 # 24 hours +optimize_images = true +webp_conversion = true +progressive_jpeg = true + +# Content Monitoring - Production +[content.monitoring] +enabled = true +track_views = true +track_downloads = true +track_search_queries = true +performance_metrics = true +error_tracking = true +alert_on_errors = true +alert_email = "${ADMIN_EMAIL}" +retention_days = 90 + +# Content CDN - Production +[content.cdn] +enabled = true +provider = "cloudflare" # "cloudflare", "aws", "azure" +url = "${CDN_URL}" +api_key = "${CDN_API_KEY}" +zone_id = "${CDN_ZONE_ID}" +auto_purge = true +purge_on_update = true +cache_everything = true +browser_cache_ttl = 86400 # 24 hours +edge_cache_ttl = 604800 # 7 days + +# Content Backup - Production +[content.backup] +enabled = true +schedule = "0 2 * * *" # Daily at 2 AM +retention_days = 90 +backup_location = "${BACKUP_LOCATION}" +compress_backups = true +encrypt_backups = true +encryption_key = "${BACKUP_ENCRYPTION_KEY}" +verify_backups = true +notification_email = "${ADMIN_EMAIL}" + +# Content Analytics - Production +[content.analytics] +enabled = true +track_page_views = true +track_user_engagement = true +track_content_performance = true +analytics_provider = "google" # "google", "matomo", "custom" +google_analytics_id = "${GOOGLE_ANALYTICS_ID}" +respect_do_not_track = true +anonymize_ip = true +cookie_consent = true + +# Content Compliance - Production +[content.compliance] +gdpr_enabled = true +data_retention_policy = 2555 # days (7 years) +audit_log_enabled = true +audit_log_retention = 2555 # days +right_to_be_forgotten = true +data_export_enabled = true +privacy_policy_url = "${BASE_URL}/privacy" +terms_of_service_url = "${BASE_URL}/terms" +cookie_policy_url = "${BASE_URL}/cookies" + +# Development Settings - Disabled for production +[content.development] +debug_mode = false +log_queries = false +log_processing = false +enable_content_preview = false +auto_save_drafts = false +show_processing_time = false +enable_hot_reload = false diff --git a/config/features/email.toml b/config/features/email.toml new file mode 100644 index 0000000..fd9c66f --- /dev/null +++ b/config/features/email.toml @@ -0,0 +1,129 @@ +# Email Feature Configuration +# Settings for the email sending system with multiple providers + +[features] +email = true + +# Email Configuration +[email] +enabled = true +from_email = "noreply@yourapp.com" +from_name = "Rustelo App" +reply_to = "" +default_provider = "console" # "smtp", "sendgrid", "console" + +# SMTP Configuration +[email.smtp] +host = "smtp.gmail.com" +port = 587 +username = "your-email@gmail.com" +password = "your-app-password" +use_tls = true +use_starttls = true +timeout = 30 +pool_size = 5 + +# SendGrid Configuration +[email.sendgrid] +api_key = "your-sendgrid-api-key" +endpoint = "https://api.sendgrid.com/v3/mail/send" +timeout = 30 + +# Console Provider (Development) +[email.console] +enabled = true +log_level = "info" +save_to_file = true +output_dir = "logs/emails" + +# Email Templates +[email.templates] +template_dir = "templates/email" +default_language = "en" +supported_languages = ["en", "es", "fr", "de"] +cache_templates = true +reload_on_change = false # Set to true in development + +# Template Configuration +[email.templates.welcome] +subject = "Welcome to {{app_name}}" +template = "welcome.hbs" +text_template = "welcome.txt" + +[email.templates.password_reset] +subject = "Password Reset Request" +template = "password_reset.hbs" +text_template = "password_reset.txt" +expiration = 3600 # 1 hour + +[email.templates.email_verification] +subject = "Verify Your Email Address" +template = "email_verification.hbs" +text_template = "email_verification.txt" +expiration = 86400 # 24 hours + +[email.templates.two_factor] +subject = "Two-Factor Authentication Code" +template = "two_factor.hbs" +text_template = "two_factor.txt" +expiration = 300 # 5 minutes + +# Email Queue Configuration +[email.queue] +enabled = true +max_retry_attempts = 3 +retry_delay = 60 # seconds +batch_size = 10 +processing_interval = 30 # seconds + +# Rate Limiting +[email.rate_limiting] +max_emails_per_minute = 60 +max_emails_per_hour = 1000 +max_emails_per_day = 10000 +burst_limit = 10 + +# Email Validation +[email.validation] +check_mx_records = true +check_disposable_domains = true +allowed_domains = [] # Empty means all domains allowed +blocked_domains = ["tempmail.org", "10minutemail.com"] + +# Bounce Handling +[email.bounce_handling] +enabled = true +webhook_url = "/webhooks/email/bounce" +webhook_secret = "your-webhook-secret" +max_bounce_rate = 0.05 # 5% +auto_suppress_bounces = true + +# Email Analytics +[email.analytics] +track_opens = false +track_clicks = false +track_deliveries = true +track_bounces = true +track_complaints = true + +# Security Settings +[email.security] +enable_dkim = false +dkim_selector = "default" +dkim_private_key_path = "certs/dkim_private.key" +enable_spf = true +enable_dmarc = false + +# Internationalization +[email.i18n] +auto_detect_language = true +fallback_language = "en" +timezone = "UTC" +date_format = "%Y-%m-%d %H:%M:%S" + +# Development Settings +[email.development] +intercept_emails = false +intercept_to = "developer@localhost" +log_all_emails = true +fake_send = false diff --git a/config/features/email/dev.toml b/config/features/email/dev.toml new file mode 100644 index 0000000..4ad5b45 --- /dev/null +++ b/config/features/email/dev.toml @@ -0,0 +1,131 @@ +# Email Feature Configuration - Development Environment +# Settings optimized for local development and testing + +[features] +email = true + +# Email Configuration - Development +[email] +enabled = true +from_email = "dev@localhost" +from_name = "Rustelo App Dev" +reply_to = "dev-noreply@localhost" +default_provider = "console" # "smtp", "sendgrid", "console" + +# SMTP Configuration - Development (usually disabled) +[email.smtp] +host = "localhost" +port = 1025 # MailHog or similar local SMTP server +username = "" +password = "" +use_tls = false +use_starttls = false +timeout = 30 +pool_size = 2 + +# SendGrid Configuration - Development (usually disabled) +[email.sendgrid] +api_key = "dev-sendgrid-key" +endpoint = "https://api.sendgrid.com/v3/mail/send" +timeout = 30 + +# Console Provider - Development (primary) +[email.console] +enabled = true +log_level = "debug" +save_to_file = true +output_dir = "logs/emails" +pretty_print = true + +# Email Templates - Development +[email.templates] +template_dir = "templates/email" +default_language = "en" +supported_languages = ["en"] +cache_templates = false # Disable caching for development +reload_on_change = true # Enable hot reload + +# Template Configuration - Development +[email.templates.welcome] +subject = "Welcome to {{app_name}} (DEV)" +template = "welcome.hbs" +text_template = "welcome.txt" + +[email.templates.password_reset] +subject = "Password Reset Request (DEV)" +template = "password_reset.hbs" +text_template = "password_reset.txt" +expiration = 7200 # 2 hours for development + +[email.templates.email_verification] +subject = "Verify Your Email Address (DEV)" +template = "email_verification.hbs" +text_template = "email_verification.txt" +expiration = 86400 # 24 hours + +[email.templates.two_factor] +subject = "Two-Factor Authentication Code (DEV)" +template = "two_factor.hbs" +text_template = "two_factor.txt" +expiration = 600 # 10 minutes + +# Email Queue Configuration - Development +[email.queue] +enabled = false # Disable queue for immediate sending in dev +max_retry_attempts = 1 +retry_delay = 10 # seconds +batch_size = 5 +processing_interval = 10 # seconds + +# Rate Limiting - Relaxed for development +[email.rate_limiting] +max_emails_per_minute = 1000 +max_emails_per_hour = 10000 +max_emails_per_day = 100000 +burst_limit = 100 + +# Email Validation - Relaxed for development +[email.validation] +check_mx_records = false +check_disposable_domains = false +allowed_domains = [] # Allow all domains +blocked_domains = [] # No blocked domains + +# Bounce Handling - Disabled for development +[email.bounce_handling] +enabled = false +webhook_url = "/webhooks/email/bounce" +webhook_secret = "dev-webhook-secret" +max_bounce_rate = 1.0 # 100% +auto_suppress_bounces = false + +# Email Analytics - Disabled for development +[email.analytics] +track_opens = false +track_clicks = false +track_deliveries = false +track_bounces = false +track_complaints = false + +# Security Settings - Relaxed for development +[email.security] +enable_dkim = false +dkim_selector = "default" +dkim_private_key_path = "" +enable_spf = false +enable_dmarc = false + +# Internationalization - Simple for development +[email.i18n] +auto_detect_language = false +fallback_language = "en" +timezone = "UTC" +date_format = "%Y-%m-%d %H:%M:%S" + +# Development Settings +[email.development] +intercept_emails = false +intercept_to = "developer@localhost" +log_all_emails = true +fake_send = false +show_preview = true diff --git a/config/features/email/example.toml b/config/features/email/example.toml new file mode 100644 index 0000000..d947995 --- /dev/null +++ b/config/features/email/example.toml @@ -0,0 +1,262 @@ +# Email Feature Configuration - Example Environment +# Complete documentation of all email system options + +[features] +email = true + +[email] +enabled = true +provider = "smtp" # Email provider: smtp, sendgrid, mailgun, ses, console +from_email = "noreply@example.com" # Default sender email address +from_name = "Example Application" # Default sender name +reply_to = "support@example.com" # Default reply-to address +bounce_address = "bounce@example.com" # Bounce handling address +templates_dir = "templates/email" # Email templates directory +queue_enabled = true # Enable email queue +max_retries = 3 # Maximum retry attempts for failed emails +retry_delay = 300 # Retry delay in seconds (5 minutes) +max_queue_size = 10000 # Maximum queue size +batch_size = 100 # Batch size for sending emails +rate_limit = 100 # Rate limit (emails per minute) +timeout = 30 # Email sending timeout in seconds + +[email.smtp] +host = "smtp.example.com" # SMTP server hostname +port = 587 # SMTP server port +username = "your-username" # SMTP authentication username +password = "your-password" # SMTP authentication password (use env var) +use_tls = true # Use TLS encryption +use_starttls = true # Use STARTTLS +auth_mechanism = "login" # Authentication mechanism: login, plain, cram-md5 +connection_timeout = 30 # Connection timeout in seconds +read_timeout = 30 # Read timeout in seconds +write_timeout = 30 # Write timeout in seconds +pool_size = 10 # Connection pool size +pool_timeout = 30 # Pool timeout in seconds +keepalive = true # Enable keepalive +verify_certificate = true # Verify SSL certificate + +[email.sendgrid] +api_key = "your-sendgrid-api-key" # SendGrid API key (use env var) +endpoint = "https://api.sendgrid.com/v3/mail/send" # SendGrid API endpoint +sandbox_mode = false # Enable sandbox mode for testing +tracking_enabled = true # Enable email tracking +click_tracking = true # Enable click tracking +open_tracking = true # Enable open tracking +subscription_tracking = false # Enable subscription tracking +ganalytics_enabled = false # Enable Google Analytics tracking + +[email.mailgun] +api_key = "your-mailgun-api-key" # Mailgun API key (use env var) +domain = "your-domain.com" # Mailgun domain +endpoint = "https://api.mailgun.net/v3" # Mailgun API endpoint +eu_region = false # Use EU region +test_mode = false # Enable test mode +tracking_enabled = true # Enable email tracking +click_tracking = true # Enable click tracking +open_tracking = true # Enable open tracking +delivery_time = false # Enable delivery time optimization + +[email.ses] +region = "us-east-1" # AWS SES region +access_key_id = "your-access-key" # AWS access key ID (use env var) +secret_access_key = "your-secret-key" # AWS secret access key (use env var) +configuration_set = "" # SES configuration set +source_arn = "" # Source ARN for sending authorization +tags = {} # Default tags for emails +template_tags = {} # Default template tags + +[email.console] +enabled_in_dev = true # Enable console output in development +log_level = "info" # Log level for console output +pretty_print = true # Pretty print email content +show_headers = true # Show email headers +show_body = true # Show email body +show_attachments = true # Show attachment info + +[email.templates] +engine = "handlebars" # Template engine: handlebars, tera, minijinja +cache_enabled = true # Cache compiled templates +cache_ttl = 3600 # Template cache TTL in seconds +cache_size = 1000 # Maximum cached templates +auto_reload = true # Auto-reload templates in development +default_language = "en" # Default template language +supported_languages = ["en", "es", "fr", "de"] # Supported languages +fallback_language = "en" # Fallback language +template_validation = true # Validate templates on load +minify_html = true # Minify HTML templates +inline_css = true # Inline CSS in HTML emails + +[email.queue] +backend = "redis" # Queue backend: redis, database, memory +redis_url = "redis://localhost:6379" # Redis URL for queue storage +redis_db = 2 # Redis database number +redis_key_prefix = "email_queue:" # Redis key prefix +database_table = "email_queue" # Database table for queue +max_attempts = 5 # Maximum delivery attempts +retry_backoff = "exponential" # Retry backoff strategy: linear, exponential +min_retry_delay = 60 # Minimum retry delay in seconds +max_retry_delay = 3600 # Maximum retry delay in seconds +dead_letter_queue = true # Enable dead letter queue +cleanup_interval = 3600 # Queue cleanup interval in seconds +job_timeout = 300 # Job timeout in seconds + +[email.notifications] +enabled = true # Enable email notifications +delivery_notifications = true # Send delivery notifications +bounce_notifications = true # Send bounce notifications +complaint_notifications = true # Send complaint notifications +webhook_enabled = true # Enable webhook notifications +webhook_url = "https://example.com/webhook" # Webhook URL +webhook_secret = "your-webhook-secret" # Webhook secret for verification +webhook_events = [ # Webhook events to send + "delivered", "bounced", "complained", "clicked", "opened" +] + +[email.tracking] +enabled = true # Enable email tracking +pixel_tracking = true # Enable pixel tracking for opens +link_tracking = true # Enable link tracking for clicks +bounce_tracking = true # Enable bounce tracking +complaint_tracking = true # Enable complaint tracking +unsubscribe_tracking = true # Enable unsubscribe tracking +analytics_integration = true # Enable analytics integration +retention_days = 90 # Tracking data retention in days + +[email.security] +dkim_enabled = true # Enable DKIM signing +dkim_domain = "example.com" # DKIM domain +dkim_selector = "default" # DKIM selector +dkim_private_key_path = "/path/to/private.key" # DKIM private key path +spf_enabled = true # Enable SPF checking +dmarc_enabled = true # Enable DMARC +tls_required = true # Require TLS for sending +content_filtering = true # Enable content filtering +spam_filtering = true # Enable spam filtering +virus_scanning = false # Enable virus scanning +encryption_enabled = false # Enable email encryption +pgp_enabled = false # Enable PGP encryption + +[email.validation] +enabled = true # Enable email validation +syntax_validation = true # Validate email syntax +domain_validation = true # Validate domain existence +mx_validation = true # Validate MX records +disposable_email_detection = true # Detect disposable emails +role_email_detection = true # Detect role-based emails +typo_detection = true # Detect common typos +blacklist_enabled = true # Enable email blacklist +whitelist_enabled = false # Enable email whitelist +blacklist_domains = [ # Blacklisted domains + "tempmail.com", "10minutemail.com", "guerrillamail.com" +] + +[email.attachments] +enabled = true # Enable email attachments +max_size = 25165824 # Maximum attachment size (24MB) +max_count = 10 # Maximum number of attachments +allowed_types = [ # Allowed attachment types + "pdf", "doc", "docx", "txt", "jpg", "jpeg", "png", "gif" +] +blocked_types = [ # Blocked attachment types + "exe", "bat", "cmd", "com", "scr", "pif", "vbs", "js" +] +virus_scan = false # Scan attachments for viruses +compression = true # Enable attachment compression +encryption = false # Enable attachment encryption +storage_backend = "filesystem" # Storage backend: filesystem, s3, gcs +storage_path = "attachments" # Storage path for attachments + +[email.lists] +enabled = true # Enable mailing lists +max_subscribers = 10000 # Maximum subscribers per list +double_opt_in = true # Require double opt-in +unsubscribe_link = true # Include unsubscribe link +list_unsubscribe_header = true # Include List-Unsubscribe header +bounce_handling = true # Handle bounces automatically +complaint_handling = true # Handle complaints automatically +segmentation = true # Enable list segmentation +personalization = true # Enable email personalization +a_b_testing = true # Enable A/B testing +automation = true # Enable email automation + +[email.campaigns] +enabled = true # Enable email campaigns +scheduling = true # Enable campaign scheduling +recurring_campaigns = true # Enable recurring campaigns +drip_campaigns = true # Enable drip campaigns +trigger_campaigns = true # Enable trigger-based campaigns +analytics = true # Enable campaign analytics +reporting = true # Enable campaign reporting +export_data = true # Enable data export +archive_campaigns = true # Archive old campaigns +campaign_templates = true # Enable campaign templates + +[email.compliance] +gdpr_compliance = true # Enable GDPR compliance +can_spam_compliance = true # Enable CAN-SPAM compliance +casl_compliance = false # Enable CASL compliance +data_retention_days = 2555 # Data retention period (7 years) +consent_tracking = true # Track consent +opt_out_handling = true # Handle opt-out requests +data_export = true # Enable data export for users +data_deletion = true # Enable data deletion for users +privacy_policy_link = "https://example.com/privacy" # Privacy policy link +terms_of_service_link = "https://example.com/terms" # Terms of service link + +[email.monitoring] +enabled = true # Enable email monitoring +health_checks = true # Enable health checks +performance_monitoring = true # Monitor email performance +error_tracking = true # Track email errors +delivery_monitoring = true # Monitor delivery rates +bounce_monitoring = true # Monitor bounce rates +complaint_monitoring = true # Monitor complaint rates +reputation_monitoring = true # Monitor sender reputation +alerting = true # Enable alerting + +[email.monitoring.alert_thresholds] +bounce_rate = 5.0 # Bounce rate threshold (%) +complaint_rate = 0.1 # Complaint rate threshold (%) +delivery_rate = 95.0 # Minimum delivery rate (%) +queue_size = 1000 # Queue size threshold + +[email.testing] +test_mode = false # Enable test mode +test_recipients = ["test@example.com"] # Test recipients +test_prefix = "[TEST]" # Test email prefix +sandbox_mode = false # Enable sandbox mode +mock_delivery = false # Mock email delivery +test_templates = true # Enable template testing +preview_mode = true # Enable email preview +lint_templates = true # Lint email templates +validation_testing = true # Test email validation +load_testing = false # Enable load testing + +[email.logging] +enabled = true # Enable email logging +log_level = "info" # Log level +log_format = "json" # Log format: json, plain +log_file = "logs/email.log" # Log file path +log_rotation = true # Enable log rotation +max_log_size = 104857600 # Maximum log file size (100MB) +max_log_files = 10 # Maximum log files to keep +log_emails = false # Log email content (privacy concern) +log_headers = true # Log email headers +log_delivery = true # Log delivery status +log_bounces = true # Log bounces +log_complaints = true # Log complaints +log_clicks = true # Log clicks +log_opens = true # Log opens + +[email.performance] +connection_pooling = true # Enable connection pooling +persistent_connections = true # Use persistent connections +compression = true # Enable compression +caching = true # Enable response caching +async_sending = true # Enable async email sending +batch_sending = true # Enable batch sending +queue_optimization = true # Enable queue optimization +lazy_loading = true # Enable lazy loading +precompiled_templates = true # Use precompiled templates +cdn_integration = false # Enable CDN for email assets diff --git a/config/features/email/prod.toml b/config/features/email/prod.toml new file mode 100644 index 0000000..1894b8d --- /dev/null +++ b/config/features/email/prod.toml @@ -0,0 +1,176 @@ +# Email Feature Configuration - Production Environment +# Settings optimized for production security and reliability + +[features] +email = true + +# Email Configuration - Production +[email] +enabled = true +from_email = "${FROM_EMAIL}" +from_name = "${FROM_NAME}" +reply_to = "${REPLY_TO_EMAIL}" +default_provider = "sendgrid" # "smtp", "sendgrid", "ses" + +# SMTP Configuration - Production +[email.smtp] +host = "${SMTP_HOST}" +port = 587 +username = "${SMTP_USERNAME}" +password = "${SMTP_PASSWORD}" +use_tls = true +use_starttls = true +timeout = 30 +pool_size = 10 + +# SendGrid Configuration - Production +[email.sendgrid] +api_key = "${SENDGRID_API_KEY}" +endpoint = "https://api.sendgrid.com/v3/mail/send" +timeout = 30 + +# AWS SES Configuration - Production +[email.ses] +region = "${AWS_REGION}" +access_key_id = "${AWS_ACCESS_KEY_ID}" +secret_access_key = "${AWS_SECRET_ACCESS_KEY}" +timeout = 30 + +# Console Provider - Disabled for production +[email.console] +enabled = false +log_level = "error" +save_to_file = false +output_dir = "logs/emails" + +# Email Templates - Production +[email.templates] +template_dir = "templates/email" +default_language = "en" +supported_languages = ["en", "es", "fr", "de", "ja", "zh"] +cache_templates = true +reload_on_change = false + +# Template Configuration - Production +[email.templates.welcome] +subject = "Welcome to {{app_name}}" +template = "welcome.hbs" +text_template = "welcome.txt" + +[email.templates.password_reset] +subject = "Password Reset Request" +template = "password_reset.hbs" +text_template = "password_reset.txt" +expiration = 1800 # 30 minutes + +[email.templates.email_verification] +subject = "Verify Your Email Address" +template = "email_verification.hbs" +text_template = "email_verification.txt" +expiration = 86400 # 24 hours + +[email.templates.two_factor] +subject = "Two-Factor Authentication Code" +template = "two_factor.hbs" +text_template = "two_factor.txt" +expiration = 300 # 5 minutes + +[email.templates.security_alert] +subject = "Security Alert - Account Activity" +template = "security_alert.hbs" +text_template = "security_alert.txt" + +[email.templates.account_locked] +subject = "Account Temporarily Locked" +template = "account_locked.hbs" +text_template = "account_locked.txt" + +# Email Queue Configuration - Production +[email.queue] +enabled = true +max_retry_attempts = 3 +retry_delay = 60 # seconds +batch_size = 50 +processing_interval = 30 # seconds +dead_letter_queue = true +max_queue_size = 10000 + +# Rate Limiting - Strict for production +[email.rate_limiting] +max_emails_per_minute = 100 +max_emails_per_hour = 2000 +max_emails_per_day = 20000 +burst_limit = 20 +per_user_limit = 10 # emails per user per hour + +# Email Validation - Strict for production +[email.validation] +check_mx_records = true +check_disposable_domains = true +allowed_domains = [] # Configure specific domains if needed +blocked_domains = [ + "tempmail.org", + "10minutemail.com", + "guerrillamail.com", + "mailinator.com", + "temp-mail.org" +] + +# Bounce Handling - Enabled for production +[email.bounce_handling] +enabled = true +webhook_url = "/webhooks/email/bounce" +webhook_secret = "${EMAIL_WEBHOOK_SECRET}" +max_bounce_rate = 0.05 # 5% +auto_suppress_bounces = true +bounce_notification_email = "${ADMIN_EMAIL}" + +# Email Analytics - Enabled for production +[email.analytics] +track_opens = true +track_clicks = true +track_deliveries = true +track_bounces = true +track_complaints = true +retention_days = 90 + +# Security Settings - Enabled for production +[email.security] +enable_dkim = true +dkim_selector = "default" +dkim_private_key_path = "${DKIM_PRIVATE_KEY_PATH}" +enable_spf = true +enable_dmarc = true +dmarc_policy = "quarantine" + +# Internationalization - Full support for production +[email.i18n] +auto_detect_language = true +fallback_language = "en" +timezone = "UTC" +date_format = "%Y-%m-%d %H:%M:%S" + +# Development Settings - Disabled for production +[email.development] +intercept_emails = false +intercept_to = "" +log_all_emails = false +fake_send = false + +# Monitoring and Alerting - Production +[email.monitoring] +enabled = true +alert_on_high_bounce_rate = true +alert_on_high_complaint_rate = true +alert_on_delivery_failures = true +alert_on_quota_exceeded = true +alert_email = "${ADMIN_EMAIL}" +metrics_endpoint = "/metrics/email" + +# Compliance - Production +[email.compliance] +gdpr_enabled = true +can_spam_compliant = true +unsubscribe_url = "${BASE_URL}/unsubscribe" +privacy_policy_url = "${BASE_URL}/privacy" +terms_of_service_url = "${BASE_URL}/terms" diff --git a/config/features/metrics.toml b/config/features/metrics.toml new file mode 100644 index 0000000..5244fa8 --- /dev/null +++ b/config/features/metrics.toml @@ -0,0 +1,178 @@ +# Metrics Feature Configuration +# Settings for Prometheus metrics collection and monitoring + +[features] +metrics = true + +# Metrics Collection +[metrics] +enabled = true +endpoint = "/metrics" +health_endpoint = "/metrics/health" +collection_interval = 30 # seconds +enable_process_metrics = true +enable_runtime_metrics = true + +# Prometheus Configuration +[metrics.prometheus] +namespace = "rustelo" +subsystem = "" +registry_type = "default" # "default" or "custom" +enable_exemplars = false +histogram_buckets = [0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0] + +# HTTP Metrics +[metrics.http] +enabled = true +track_request_count = true +track_request_duration = true +track_requests_in_flight = true +track_response_size = true +track_request_size = true +include_user_agent = false +include_ip_address = false +slow_request_threshold = 1.0 # seconds + +# Database Metrics +[metrics.database] +enabled = true +track_connection_pool = true +track_query_duration = true +track_query_count = true +track_connection_errors = true +track_migration_status = true +slow_query_threshold = 0.1 # seconds +include_query_tags = false # Can expose sensitive data + +# Authentication Metrics +[metrics.auth] +enabled = true +track_login_attempts = true +track_login_failures = true +track_session_duration = true +track_active_sessions = true +track_token_generations = true +track_password_resets = true +track_registration_attempts = true +include_failure_reasons = true + +# Content Metrics +[metrics.content] +enabled = true +track_content_requests = true +track_cache_performance = true +track_content_processing_time = true +track_search_queries = true +track_content_views = true +track_popular_content = true + +# Email Metrics +[metrics.email] +enabled = true +track_emails_sent = true +track_email_failures = true +track_queue_size = true +track_processing_time = true +track_bounce_rate = true +track_delivery_rate = true +include_provider_metrics = true + +# System Metrics +[metrics.system] +enabled = true +track_memory_usage = true +track_cpu_usage = true +track_disk_usage = true +track_network_io = true +track_file_descriptors = true +track_uptime = true +collection_interval = 15 # seconds + +# Business Metrics +[metrics.business] +enabled = true +track_user_registrations = true +track_user_logins = true +track_content_creation = true +track_api_usage = true +track_feature_usage = true +track_error_rates = true +track_conversion_metrics = false + +# Performance Metrics +[metrics.performance] +enabled = true +track_garbage_collection = true +track_thread_pool_usage = true +track_async_task_metrics = true +track_lock_contention = false +track_allocation_rate = false + +# Custom Metrics +[metrics.custom] +enabled = true +allow_custom_counters = true +allow_custom_gauges = true +allow_custom_histograms = true +max_custom_metrics = 100 +custom_metric_prefix = "custom_" + +# Metric Labels +[metrics.labels] +include_environment = true +include_version = true +include_instance_id = true +include_hostname = false +custom_labels = {} + +# Metric Filtering +[metrics.filters] +exclude_patterns = [] +include_patterns = ["*"] +exclude_sensitive_data = true +max_label_count = 20 +max_label_length = 100 + +# Aggregation Settings +[metrics.aggregation] +enable_summary_metrics = true +summary_objectives = [0.5, 0.9, 0.95, 0.99] +histogram_max_age = 600 # seconds +gauge_max_age = 300 # seconds + +# Export Configuration +[metrics.export] +format = "prometheus" # "prometheus", "json", "statsd" +compression = "gzip" +timeout = 30 # seconds +include_help_text = true +include_type_info = true + +# Rate Limiting for Metrics Endpoint +[metrics.rate_limiting] +enabled = true +requests_per_minute = 60 +burst_limit = 10 +exclude_internal_requests = true + +# Security +[metrics.security] +enable_authentication = false +allowed_ips = [] # Empty means all IPs allowed +api_key_header = "X-Metrics-API-Key" +api_key = "" # Set in environment or use encrypted value + +# Alerting Integration +[metrics.alerting] +enabled = false +webhook_url = "" +alert_threshold_errors = 10 +alert_threshold_latency = 5.0 # seconds +alert_cooldown = 300 # seconds + +# Development Settings +[metrics.development] +enable_debug_metrics = false +log_metric_collection = false +metric_collection_timeout = 5 # seconds +enable_metric_validation = true diff --git a/config/features/metrics/dev.toml b/config/features/metrics/dev.toml new file mode 100644 index 0000000..8af7e57 --- /dev/null +++ b/config/features/metrics/dev.toml @@ -0,0 +1,171 @@ +# Metrics Feature Configuration - Development Environment +# Settings optimized for local development and debugging + +[features] +metrics = true + +# Metrics Configuration - Development +[metrics] +enabled = true +endpoint = "/metrics" +port = 9090 +host = "127.0.0.1" +format = "prometheus" # "prometheus", "json", "statsd" +collection_interval = 15 # seconds +retention_period = 3600 # 1 hour for development + +# Prometheus Configuration - Development +[metrics.prometheus] +enabled = true +endpoint = "/metrics" +include_default_metrics = true +include_process_metrics = true +include_runtime_metrics = true +histogram_buckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0] + +# System Metrics - Development +[metrics.system] +enabled = true +collect_cpu = true +collect_memory = true +collect_disk = true +collect_network = true +collect_load = true +collect_processes = false +collection_interval = 10 # seconds + +# HTTP Metrics - Development +[metrics.http] +enabled = true +track_requests = true +track_response_times = true +track_status_codes = true +track_request_size = true +track_response_size = true +track_user_agents = false +track_ip_addresses = false +histogram_buckets = [0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0] + +# Database Metrics - Development +[metrics.database] +enabled = true +track_queries = true +track_query_duration = true +track_connection_pool = true +track_slow_queries = true +slow_query_threshold = 100 # milliseconds +track_query_types = true +log_queries = true + +# Application Metrics - Development +[metrics.application] +enabled = true +track_business_metrics = true +track_custom_counters = true +track_custom_gauges = true +track_custom_histograms = true +track_feature_usage = true +track_errors = true +track_warnings = true + +# Performance Metrics - Development +[metrics.performance] +enabled = true +track_memory_usage = true +track_cpu_usage = true +track_gc_metrics = true +track_thread_metrics = true +track_async_metrics = true +profile_slow_operations = true +profile_threshold = 50 # milliseconds + +# Cache Metrics - Development +[metrics.cache] +enabled = true +track_hit_rate = true +track_miss_rate = true +track_eviction_rate = true +track_memory_usage = true +track_operation_times = true + +# Security Metrics - Development +[metrics.security] +enabled = true +track_failed_logins = true +track_blocked_requests = true +track_rate_limit_hits = true +track_csrf_failures = true +track_auth_events = true +log_security_events = true + +# Custom Metrics - Development +[metrics.custom] +enabled = true +user_registrations = true +user_logins = true +content_views = true +api_calls = true +feature_toggles = true +error_rates = true + +# Alerting - Development (basic) +[metrics.alerting] +enabled = false +webhook_url = "http://localhost:3001/alerts" +alert_on_high_error_rate = false +error_rate_threshold = 0.1 +alert_on_high_response_time = false +response_time_threshold = 1000 # milliseconds +alert_on_low_memory = false +memory_threshold = 0.1 # 10% available + +# Export Configuration - Development +[metrics.export] +enabled = true +formats = ["prometheus", "json"] +file_export = true +export_dir = "metrics" +export_interval = 60 # seconds +compress_exports = false + +# Grafana Integration - Development +[metrics.grafana] +enabled = false +url = "http://localhost:3000" +dashboard_enabled = false +auto_create_dashboards = false +api_key = "" + +# StatsD Configuration - Development +[metrics.statsd] +enabled = false +host = "localhost" +port = 8125 +prefix = "rustelo.dev" +tags_enabled = true + +# Logging Configuration - Development +[metrics.logging] +enabled = true +log_level = "debug" +log_file = "logs/metrics.log" +log_to_console = true +log_slow_metrics = true +log_collection_errors = true + +# Performance Settings - Development +[metrics.performance] +async_collection = true +buffer_size = 1000 +batch_size = 100 +collection_timeout = 5000 # milliseconds +max_memory_usage = 104857600 # 100MB + +# Development Settings +[metrics.development] +debug_mode = true +verbose_logging = true +collect_debug_metrics = true +expose_internal_metrics = true +enable_metric_explorer = true +mock_external_metrics = true diff --git a/config/features/metrics/example.toml b/config/features/metrics/example.toml new file mode 100644 index 0000000..017b8e1 --- /dev/null +++ b/config/features/metrics/example.toml @@ -0,0 +1,264 @@ +# Metrics Feature Configuration - Example Environment +# Complete documentation of all metrics and monitoring options + +[features] +metrics = true + +[metrics] +enabled = true +endpoint = "/metrics" # Metrics endpoint path +format = "prometheus" # Metrics format: prometheus, json, influxdb +namespace = "rustelo" # Metrics namespace +subsystem = "app" # Metrics subsystem +collect_interval = 15 # Collection interval in seconds +export_interval = 30 # Export interval in seconds +retention_days = 30 # Metrics retention period +buffer_size = 10000 # Metrics buffer size +flush_interval = 5 # Buffer flush interval in seconds +compression = true # Enable metrics compression +authentication_required = false # Require authentication for metrics endpoint + +[metrics.prometheus] +enabled = true # Enable Prometheus metrics +port = 9090 # Prometheus server port +path = "/metrics" # Prometheus metrics path +registry = "default" # Prometheus registry name +default_labels = { service = "rustelo", version = "1.0.0", environment = "production" } # Default labels for all metrics +histogram_buckets = [ # Default histogram buckets + 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0 +] +summary_objectives = [ # Summary quantiles + { quantile = 0.5, error = 0.05 }, + { quantile = 0.9, error = 0.01 }, + { quantile = 0.99, error = 0.001 } +] +max_age = 600 # Maximum age for summary metrics +age_buckets = 5 # Number of age buckets for summaries + +[metrics.influxdb] +enabled = false # Enable InfluxDB metrics +host = "localhost" # InfluxDB host +port = 8086 # InfluxDB port +database = "rustelo_metrics" # InfluxDB database name +username = "admin" # InfluxDB username +password = "password" # InfluxDB password (use env var) +measurement = "application_metrics" # InfluxDB measurement name +retention_policy = "autogen" # InfluxDB retention policy +precision = "s" # Timestamp precision: s, ms, us, ns +timeout = 10 # Connection timeout in seconds +max_retries = 3 # Maximum retry attempts +batch_size = 1000 # Batch size for writing points +flush_interval = 10 # Flush interval in seconds + +[metrics.statsd] +enabled = false # Enable StatsD metrics +host = "localhost" # StatsD host +port = 8125 # StatsD port +prefix = "rustelo" # Metrics prefix +tags_enabled = true # Enable tags support +tag_format = "datadog" # Tag format: datadog, influxdb +buffer_size = 1000 # Buffer size for metrics +flush_interval = 5 # Flush interval in seconds +connection_timeout = 5 # Connection timeout in seconds + +[metrics.system] +enabled = true # Collect system metrics +cpu_usage = true # Monitor CPU usage +memory_usage = true # Monitor memory usage +disk_usage = true # Monitor disk usage +disk_io = true # Monitor disk I/O +network_usage = true # Monitor network usage +network_io = true # Monitor network I/O +load_average = true # Monitor load average +open_files = true # Monitor open file descriptors +processes = true # Monitor process count +uptime = true # Monitor system uptime +collection_interval = 30 # System metrics collection interval + +[metrics.application] +enabled = true # Collect application metrics +request_metrics = true # HTTP request metrics +response_metrics = true # HTTP response metrics +database_metrics = true # Database query metrics +cache_metrics = true # Cache hit/miss metrics +error_metrics = true # Error rate metrics +performance_metrics = true # Performance metrics +memory_metrics = true # Application memory metrics +gc_metrics = true # Garbage collection metrics +thread_metrics = true # Thread pool metrics +connection_metrics = true # Connection pool metrics + +[metrics.http] +enabled = true # Enable HTTP metrics +track_requests = true # Track HTTP requests +track_responses = true # Track HTTP responses +track_duration = true # Track request duration +track_size = true # Track request/response size +track_status_codes = true # Track HTTP status codes +track_methods = true # Track HTTP methods +track_paths = true # Track request paths +track_user_agents = false # Track user agents +track_remote_addr = false # Track remote addresses +group_paths = true # Group similar paths +exclude_paths = ["/health", "/metrics"] # Exclude paths from tracking +slow_request_threshold = 1000 # Slow request threshold in milliseconds + +[metrics.database] +enabled = true # Enable database metrics +track_queries = true # Track database queries +track_connections = true # Track database connections +track_transactions = true # Track database transactions +track_slow_queries = true # Track slow queries +slow_query_threshold = 1000 # Slow query threshold in milliseconds +track_query_types = true # Track query types (SELECT, INSERT, etc.) +track_tables = true # Track table access +track_errors = true # Track database errors +connection_pool_metrics = true # Connection pool metrics +query_cache_metrics = true # Query cache metrics + +[metrics.cache] +enabled = true # Enable cache metrics +track_hits = true # Track cache hits +track_misses = true # Track cache misses +track_sets = true # Track cache sets +track_gets = true # Track cache gets +track_deletes = true # Track cache deletes +track_evictions = true # Track cache evictions +track_size = true # Track cache size +track_memory_usage = true # Track cache memory usage +track_ttl = true # Track TTL metrics +per_key_metrics = false # Track per-key metrics (high cardinality) + +[metrics.business] +enabled = true # Enable business metrics +user_registrations = true # Track user registrations +user_logins = true # Track user logins +user_activity = true # Track user activity +content_created = true # Track content creation +content_views = true # Track content views +api_usage = true # Track API usage +feature_usage = true # Track feature usage +conversion_metrics = true # Track conversion metrics +revenue_metrics = false # Track revenue metrics +custom_events = true # Track custom events + +[metrics.alerts] +enabled = true # Enable alerting +alert_manager_url = "http://localhost:9093" # AlertManager URL +webhook_url = "https://hooks.slack.com/services/xxx" # Webhook URL for alerts +email_notifications = true # Enable email notifications +slack_notifications = true # Enable Slack notifications +pagerduty_notifications = false # Enable PagerDuty notifications +alert_rules = [ + { name = "high_error_rate", condition = "error_rate > 5.0", duration = "5m", severity = "warning", description = "High error rate detected" }, + { name = "high_response_time", condition = "response_time_p95 > 2000", duration = "5m", severity = "warning", description = "High response time detected" }, + { name = "low_disk_space", condition = "disk_usage > 90", duration = "5m", severity = "critical", description = "Low disk space" } +] + +[metrics.dashboards] +enabled = true # Enable dashboard integration +grafana_enabled = true # Enable Grafana integration +grafana_url = "http://localhost:3000" # Grafana URL +grafana_api_key = "your-api-key" # Grafana API key (use env var) +auto_create_dashboards = true # Auto-create dashboards +dashboard_templates = true # Use dashboard templates +default_dashboard = "rustelo-overview" # Default dashboard name +custom_dashboards = [ + { name = "application-overview", panels = ["cpu", "memory", "requests", "errors"] }, + { name = "database-performance", panels = ["query_time", "connections", "slow_queries"] }, + { name = "diagnostic-dashboard", panels = ["error_rates", "latency", "throughput", "system_health"] } +] + +[metrics.exporters] +enabled = true # Enable metrics exporters +prometheus_exporter = true # Enable Prometheus exporter +influxdb_exporter = false # Enable InfluxDB exporter +statsd_exporter = false # Enable StatsD exporter +json_exporter = true # Enable JSON exporter +csv_exporter = false # Enable CSV exporter +export_directory = "exports" # Directory for exported metrics +export_schedule = "0 0 * * *" # Export schedule (daily at midnight) +export_retention = 30 # Export file retention in days +export_compression = true # Compress exported files + +[metrics.sampling] +enabled = true # Enable metrics sampling +sample_rate = 1.0 # Sample rate (0.0 to 1.0) +high_cardinality_limit = 10000 # High cardinality limit +adaptive_sampling = true # Enable adaptive sampling +sampling_strategies = [ + { metric_pattern = "http_requests_*", sample_rate = 0.1, max_cardinality = 1000 }, + { metric_pattern = "database_queries_*", sample_rate = 0.05, max_cardinality = 500 } +] # Sampling strategies + +[metrics.security] +enabled = true # Enable metrics security +authentication_required = true # Require authentication +authorization_enabled = true # Enable authorization +allowed_roles = ["admin", "operator"] # Allowed roles for metrics access +tls_enabled = true # Enable TLS for metrics endpoint +client_cert_required = false # Require client certificates +rate_limiting = true # Enable rate limiting +rate_limit_requests = 100 # Rate limit (requests per minute) +ip_whitelist = ["127.0.0.1", "::1"] # IP whitelist for metrics access +audit_logging = true # Enable audit logging + +[metrics.performance] +enabled = true # Enable performance optimizations +async_collection = true # Enable async metrics collection +batch_processing = true # Enable batch processing +memory_optimization = true # Enable memory optimization +compression = true # Enable compression +lazy_initialization = true # Enable lazy initialization +connection_pooling = true # Enable connection pooling +cache_metrics = true # Cache computed metrics +parallel_processing = true # Enable parallel processing +buffer_optimization = true # Optimize buffer usage +gc_optimization = true # Optimize garbage collection + +[metrics.debugging] +enabled = false # Enable debugging (development only) +verbose_logging = false # Enable verbose logging +debug_endpoint = "/debug/metrics" # Debug endpoint path +dump_metrics = false # Dump metrics to file +trace_collection = false # Trace metrics collection +profiling_enabled = false # Enable profiling +memory_profiling = false # Enable memory profiling +cpu_profiling = false # Enable CPU profiling +debug_labels = false # Add debug labels to metrics +validation_enabled = false # Enable metrics validation + +[metrics.storage] +enabled = true # Enable metrics storage +storage_backend = "prometheus" # Storage backend: prometheus, influxdb, file +storage_path = "metrics_data" # Storage path for file backend +retention_policy = "30d" # Retention policy +compression_enabled = true # Enable storage compression +backup_enabled = true # Enable metrics backup +backup_schedule = "0 2 * * *" # Backup schedule (daily at 2 AM) +backup_retention = 7 # Backup retention in days +cleanup_enabled = true # Enable automatic cleanup +cleanup_schedule = "0 3 * * *" # Cleanup schedule (daily at 3 AM) + +[metrics.integrations] +enabled = true # Enable external integrations +datadog_enabled = false # Enable Datadog integration +newrelic_enabled = false # Enable New Relic integration +dynatrace_enabled = false # Enable Dynatrace integration +splunk_enabled = false # Enable Splunk integration +elastic_enabled = false # Enable Elasticsearch integration +custom_integrations = [] # Custom integration configurations +webhook_integrations = [] # Webhook integration configurations +api_integrations = [] # API integration configurations + +[metrics.compliance] +enabled = true # Enable compliance features +gdpr_compliance = true # Enable GDPR compliance +data_anonymization = true # Enable data anonymization +pii_scrubbing = true # Scrub PII from metrics +audit_trail = true # Maintain audit trail +data_retention_policy = true # Enforce data retention policy +consent_tracking = false # Track consent for metrics +right_to_deletion = true # Support right to deletion +data_export = true # Support data export +privacy_controls = true # Enable privacy controls diff --git a/config/features/metrics/prod.toml b/config/features/metrics/prod.toml new file mode 100644 index 0000000..6da83d2 --- /dev/null +++ b/config/features/metrics/prod.toml @@ -0,0 +1,262 @@ +# Metrics Feature Configuration - Production Environment +# Settings optimized for production monitoring and performance + +[features] +metrics = true + +# Metrics Configuration - Production +[metrics] +enabled = true +endpoint = "/metrics" +port = 0 # Use main server port +host = "127.0.0.1" +format = "prometheus" +collection_interval = 15 # seconds +retention_period = 86400 # 24 hours +buffer_size = 10000 +flush_interval = 30 # seconds + +# Prometheus Configuration - Production +[metrics.prometheus] +enabled = true +endpoint = "/metrics" +include_default_metrics = true +include_process_metrics = true +include_runtime_metrics = true +histogram_buckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0] +enable_exemplars = true +exemplar_sample_rate = 0.01 + +# System Metrics - Production +[metrics.system] +enabled = true +collect_cpu = true +collect_memory = true +collect_disk = true +collect_network = true +collect_load = true +collect_processes = false # Disabled for performance +collection_interval = 30 # seconds +cpu_percent_precision = 2 +memory_usage_threshold = 0.85 # Alert threshold + +# HTTP Metrics - Production +[metrics.http] +enabled = true +track_requests = true +track_response_times = true +track_status_codes = true +track_request_size = true +track_response_size = true +track_user_agents = false # Disabled for privacy +track_ip_addresses = false # Disabled for privacy +histogram_buckets = [0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0, 10.0] +exclude_paths = ["/health", "/metrics", "/favicon.ico"] + +# Database Metrics - Production +[metrics.database] +enabled = true +track_queries = true +track_query_duration = true +track_connection_pool = true +track_slow_queries = true +slow_query_threshold = 500 # milliseconds +track_query_types = true +log_queries = false # Disabled for performance +track_transactions = true +track_locks = true + +# Application Metrics - Production +[metrics.application] +enabled = true +track_business_metrics = true +track_custom_counters = true +track_custom_gauges = true +track_custom_histograms = true +track_feature_usage = true +track_errors = true +track_warnings = false # Disabled for noise reduction +track_user_actions = true +track_api_usage = true + +# Performance Metrics - Production +[metrics.performance] +enabled = true +track_memory_usage = true +track_cpu_usage = true +track_gc_metrics = true +track_thread_metrics = true +track_async_metrics = true +profile_slow_operations = true +profile_threshold = 100 # milliseconds +enable_profiling = false # Disabled for performance + +# Cache Metrics - Production +[metrics.cache] +enabled = true +track_hit_rate = true +track_miss_rate = true +track_eviction_rate = true +track_memory_usage = true +track_operation_times = true +track_key_distribution = false +track_size_distribution = true + +# Security Metrics - Production +[metrics.security] +enabled = true +track_failed_logins = true +track_blocked_requests = true +track_rate_limit_hits = true +track_csrf_failures = true +track_auth_events = true +log_security_events = false # Separate security logging +track_suspicious_activity = true +track_intrusion_attempts = true + +# Custom Metrics - Production +[metrics.custom] +enabled = true +user_registrations = true +user_logins = true +content_views = true +api_calls = true +feature_toggles = true +error_rates = true +conversion_rates = true +business_kpis = true + +# Alerting - Production +[metrics.alerting] +enabled = true +webhook_url = "${ALERT_WEBHOOK_URL}" +alert_on_high_error_rate = true +error_rate_threshold = 0.05 # 5% +alert_on_high_response_time = true +response_time_threshold = 2000 # milliseconds +alert_on_low_memory = true +memory_threshold = 0.15 # 15% available +alert_on_high_cpu = true +cpu_threshold = 0.80 # 80% usage +alert_on_database_issues = true +alert_on_service_down = true +cooldown_period = 300 # seconds + +# Export Configuration - Production +[metrics.export] +enabled = true +formats = ["prometheus"] +file_export = false +export_dir = "/var/lib/rustelo/metrics" +export_interval = 60 # seconds +compress_exports = true +retention_days = 7 + +# Grafana Integration - Production +[metrics.grafana] +enabled = true +url = "${GRAFANA_URL}" +dashboard_enabled = true +auto_create_dashboards = false +api_key = "${GRAFANA_API_KEY}" +organization_id = "${GRAFANA_ORG_ID}" +folder_name = "Rustelo" +datasource_name = "Prometheus" + +# Prometheus Integration - Production +[metrics.prometheus] +server_url = "${PROMETHEUS_URL}" +pushgateway_url = "${PROMETHEUS_PUSHGATEWAY_URL}" +job_name = "rustelo" +instance_name = "${HOSTNAME}" +push_interval = 30 # seconds +basic_auth_username = "${PROMETHEUS_USERNAME}" +basic_auth_password = "${PROMETHEUS_PASSWORD}" + +# StatsD Configuration - Production +[metrics.statsd] +enabled = false +host = "${STATSD_HOST}" +port = 8125 +prefix = "rustelo.prod" +tags_enabled = true +flush_interval = 10 # seconds +max_packet_size = 1400 + +# Datadog Integration - Production +[metrics.datadog] +enabled = false +api_key = "${DATADOG_API_KEY}" +app_key = "${DATADOG_APP_KEY}" +site = "datadoghq.com" # or "datadoghq.eu" +service_name = "rustelo" +environment = "production" +tags = ["service:rustelo", "env:production"] + +# New Relic Integration - Production +[metrics.newrelic] +enabled = false +license_key = "${NEWRELIC_LICENSE_KEY}" +app_name = "Rustelo Production" +log_level = "info" +audit_log_enabled = true + +# Logging Configuration - Production +[metrics.logging] +enabled = true +log_level = "info" +log_file = "/var/log/rustelo/metrics.log" +log_to_console = false +log_slow_metrics = true +log_collection_errors = true +log_rotation = "daily" +log_retention_days = 30 + +# Performance Settings - Production +[metrics.performance] +async_collection = true +buffer_size = 10000 +batch_size = 1000 +collection_timeout = 5000 # milliseconds +max_memory_usage = 268435456 # 256MB +sampling_rate = 1.0 # 100% sampling +adaptive_sampling = true +high_cardinality_limit = 10000 + +# Security Settings - Production +[metrics.security] +require_authentication = true +allowed_ips = ["127.0.0.1", "::1"] # Localhost only +api_key_required = true +api_key_header = "X-Metrics-API-Key" +rate_limit_enabled = true +rate_limit_requests = 100 +rate_limit_window = 60 # seconds + +# Compliance Settings - Production +[metrics.compliance] +gdpr_compliant = true +anonymize_user_data = true +data_retention_days = 90 +audit_log_enabled = true +export_enabled = true +right_to_be_forgotten = true + +# Health Checks - Production +[metrics.health] +enabled = true +endpoint = "/metrics/health" +check_collectors = true +check_exporters = true +check_storage = true +timeout = 5000 # milliseconds +failure_threshold = 3 + +# Development Settings - Disabled for production +[metrics.development] +debug_mode = false +verbose_logging = false +collect_debug_metrics = false +expose_internal_metrics = false +enable_metric_explorer = false +mock_external_metrics = false diff --git a/config/features/rbac.toml b/config/features/rbac.toml new file mode 100644 index 0000000..2e2e62f --- /dev/null +++ b/config/features/rbac.toml @@ -0,0 +1,304 @@ +# RBAC Configuration for Rustelo Framework +# This file defines access control rules for databases, files, and content + +[rbac] +# Cache TTL in seconds (default: 300 = 5 minutes) +cache_ttl_seconds = 300 + +# Default permissions for resource types when no specific rules match +[rbac.default_permissions] +Database = ["read_content"] +File = ["read_file:public/*"] +Content = ["read_content"] +Api = [] + +# Category hierarchies - higher categories inherit lower category permissions +[rbac.category_hierarchies] +admin = ["editor", "viewer", "finance", "hr", "it"] +editor = ["viewer"] +finance = ["viewer"] +hr = ["viewer"] +it = ["admin"] # IT can access admin resources + +# Tag hierarchies - higher tags inherit lower tag permissions +[rbac.tag_hierarchies] +public = ["internal"] +internal = ["confidential"] +confidential = ["restricted"] + +# Access rules - evaluated in order of priority (higher numbers first) +[[rbac.rules]] +id = "admin_full_access" +resource_type = "database" +resource_name = "*" +allowed_roles = ["admin"] +allowed_permissions = [] +required_categories = [] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 1000 + +[[rbac.rules]] +id = "admin_all_files" +resource_type = "file" +resource_name = "*" +allowed_roles = ["admin"] +allowed_permissions = [] +required_categories = ["admin"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 1000 + +[[rbac.rules]] +id = "editor_content_access" +resource_type = "content" +resource_name = "*" +allowed_roles = ["moderator"] +allowed_permissions = ["write_content"] +required_categories = ["editor"] +required_tags = [] +deny_categories = [] +deny_tags = ["restricted"] +is_active = true +priority = 800 + +[[rbac.rules]] +id = "editor_database_content" +resource_type = "database" +resource_name = "content*" +allowed_roles = ["moderator"] +allowed_permissions = ["write_database:content*"] +required_categories = ["editor"] +required_tags = [] +deny_categories = [] +deny_tags = ["restricted"] +is_active = true +priority = 800 + +[[rbac.rules]] +id = "user_public_files" +resource_type = "file" +resource_name = "public/*" +allowed_roles = ["user"] +allowed_permissions = [] +required_categories = [] +required_tags = ["public"] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 500 + +[[rbac.rules]] +id = "user_uploads" +resource_type = "file" +resource_name = "uploads/user/*" +allowed_roles = ["user"] +allowed_permissions = ["write_file:uploads/user/*"] +required_categories = [] +required_tags = [] +deny_categories = [] +deny_tags = ["restricted"] +is_active = true +priority = 500 + +[[rbac.rules]] +id = "finance_financial_data" +resource_type = "database" +resource_name = "finance*" +allowed_roles = ["user"] +allowed_permissions = ["read_database:finance*"] +required_categories = ["finance"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 700 + +[[rbac.rules]] +id = "finance_reports" +resource_type = "file" +resource_name = "reports/financial/*" +allowed_roles = ["user"] +allowed_permissions = ["read_file:reports/financial/*"] +required_categories = ["finance"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 700 + +[[rbac.rules]] +id = "hr_employee_data" +resource_type = "database" +resource_name = "hr*" +allowed_roles = ["user"] +allowed_permissions = ["read_database:hr*", "write_database:hr*"] +required_categories = ["hr"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 700 + +[[rbac.rules]] +id = "sensitive_data_restriction" +resource_type = "database" +resource_name = "*sensitive*" +allowed_roles = ["admin"] +allowed_permissions = [] +required_categories = ["admin"] +required_tags = ["sensitive"] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 900 + +[[rbac.rules]] +id = "confidential_files" +resource_type = "file" +resource_name = "*confidential*" +allowed_roles = ["admin", "moderator"] +allowed_permissions = [] +required_categories = ["admin"] +required_tags = ["confidential"] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 900 + +[[rbac.rules]] +id = "api_admin_endpoints" +resource_type = "api" +resource_name = "/api/admin/*" +allowed_roles = ["admin"] +allowed_permissions = ["manage_system"] +required_categories = ["admin"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 1000 + +[[rbac.rules]] +id = "api_user_endpoints" +resource_type = "api" +resource_name = "/api/user/*" +allowed_roles = ["user"] +allowed_permissions = [] +required_categories = [] +required_tags = [] +deny_categories = [] +deny_tags = ["restricted"] +is_active = true +priority = 500 + +[[rbac.rules]] +id = "temporary_access_restriction" +resource_type = "database" +resource_name = "*" +allowed_roles = ["user"] +allowed_permissions = [] +required_categories = [] +required_tags = [] +deny_categories = [] +deny_tags = ["temporary"] +is_active = true +priority = 100 + +# Example rules for specific databases +[[rbac.rules]] +id = "analytics_db_read" +resource_type = "database" +resource_name = "analytics" +allowed_roles = ["user"] +allowed_permissions = ["read_database:analytics"] +required_categories = ["viewer"] +required_tags = ["internal"] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 600 + +[[rbac.rules]] +id = "user_db_write" +resource_type = "database" +resource_name = "users" +allowed_roles = ["moderator"] +allowed_permissions = ["write_database:users"] +required_categories = ["editor"] +required_tags = [] +deny_categories = [] +deny_tags = ["restricted"] +is_active = true +priority = 800 + +# Example rules for file directories +[[rbac.rules]] +id = "logs_directory_access" +resource_type = "directory" +resource_name = "/var/log/*" +allowed_roles = ["admin"] +allowed_permissions = [] +required_categories = ["it"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 900 + +[[rbac.rules]] +id = "backup_directory_access" +resource_type = "directory" +resource_name = "/backups/*" +allowed_roles = ["admin"] +allowed_permissions = [] +required_categories = ["it"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 900 + +# Content-specific rules +[[rbac.rules]] +id = "blog_posts_write" +resource_type = "content" +resource_name = "blog/*" +allowed_roles = ["moderator"] +allowed_permissions = ["write_content"] +required_categories = ["editor"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 700 + +[[rbac.rules]] +id = "pages_write" +resource_type = "content" +resource_name = "pages/*" +allowed_roles = ["moderator"] +allowed_permissions = ["write_content"] +required_categories = ["editor"] +required_tags = [] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 700 + +[[rbac.rules]] +id = "guest_public_content" +resource_type = "content" +resource_name = "public/*" +allowed_roles = ["guest"] +allowed_permissions = [] +required_categories = [] +required_tags = ["public"] +deny_categories = [] +deny_tags = [] +is_active = true +priority = 300 diff --git a/config/features/tls.toml b/config/features/tls.toml new file mode 100644 index 0000000..5383da2 --- /dev/null +++ b/config/features/tls.toml @@ -0,0 +1,183 @@ +# TLS Feature Configuration +# Settings for HTTPS/TLS support and SSL certificate management + +[features] +tls = false # Enable TLS/HTTPS support + +# TLS Configuration +[tls] +enabled = false +port = 443 +bind_address = "0.0.0.0" +protocols = ["TLSv1.2", "TLSv1.3"] +prefer_server_cipher_order = true +enable_http2 = true +enable_ocsp_stapling = false + +# Certificate Configuration +[tls.certificates] +# Primary certificate +cert_path = "certs/server.crt" +key_path = "certs/server.key" +chain_path = "certs/chain.pem" +password_file = "" # Path to file containing private key password + +# Certificate validation +verify_client_certs = false +client_ca_path = "" +client_cert_optional = true + +# Let's Encrypt Configuration +[tls.letsencrypt] +enabled = false +email = "admin@example.com" +domains = ["example.com", "www.example.com"] +acme_server = "https://acme-v02.api.letsencrypt.org/directory" +challenge_type = "http-01" # "http-01", "dns-01", "tls-alpn-01" +cert_path = "certs/letsencrypt" +auto_renew = true +renew_days_before = 30 + +# Self-Signed Certificate Generation +[tls.self_signed] +enabled = false +country = "US" +state = "California" +city = "San Francisco" +organization = "Rustelo" +organizational_unit = "IT Department" +common_name = "localhost" +alt_names = ["127.0.0.1", "::1", "localhost"] +validity_days = 365 +key_size = 2048 + +# Certificate Monitoring +[tls.monitoring] +check_expiry = true +expiry_warning_days = 30 +expiry_critical_days = 7 +notify_on_expiry = true +health_check_enabled = true + +# Cipher Suites Configuration +[tls.ciphers] +# Modern cipher suites (recommended for production) +allowed_ciphers = [ + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "TLS_AES_128_GCM_SHA256", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-AES128-GCM-SHA256" +] + +# Legacy support (use with caution) +allow_legacy_ciphers = false +legacy_ciphers = [ + "ECDHE-RSA-AES256-SHA384", + "ECDHE-RSA-AES128-SHA256" +] + +# Key Exchange +[tls.key_exchange] +ecdh_curves = ["X25519", "prime256v1", "secp384r1"] +dh_param_size = 2048 +dh_param_file = "" # Path to custom DH parameters + +# Session Management +[tls.session] +enable_session_resumption = true +session_timeout = 300 # seconds +session_cache_size = 1024 +enable_session_tickets = true +ticket_key_rotation_interval = 3600 # seconds + +# HSTS (HTTP Strict Transport Security) +[tls.hsts] +enabled = true +max_age = 31536000 # 1 year in seconds +include_subdomains = true +preload = false + +# Certificate Transparency +[tls.ct] +enabled = false +log_servers = [ + "https://ct.googleapis.com/rocketeer/", + "https://ct.googleapis.com/aviator/" +] + +# Performance Optimization +[tls.performance] +enable_zero_rtt = false # TLS 1.3 0-RTT (use with caution) +enable_early_data = false +buffer_size = 16384 +max_fragment_size = 16384 +enable_compression = false # Disabled for security (CRIME attack) + +# Security Headers (when TLS is enabled) +[tls.security_headers] +enable_hsts = true +enable_hpkp = false # HTTP Public Key Pinning (deprecated) +hpkp_pins = [] +hpkp_max_age = 5184000 # 60 days +hpkp_include_subdomains = false + +# HTTP to HTTPS Redirect +[tls.redirect] +enable_http_redirect = true +redirect_port = 80 +permanent_redirect = true # Use 301 instead of 302 +redirect_status_code = 301 + +# Certificate Store Configuration +[tls.cert_store] +type = "file" # "file", "vault", "aws_acm", "azure_keyvault" +auto_reload = true +reload_interval = 3600 # seconds + +# AWS Certificate Manager Integration +[tls.cert_store.aws_acm] +region = "us-west-2" +certificate_arn = "" +use_iam_role = true +access_key_id = "" +secret_access_key = "" + +# HashiCorp Vault Integration +[tls.cert_store.vault] +address = "https://vault.example.com:8200" +token = "" +mount_path = "pki" +role_name = "web-server" +common_name = "example.com" +ttl = "8760h" # 1 year + +# TLS Logging +[tls.logging] +log_handshakes = false +log_errors = true +log_certificate_validation = false +log_cipher_negotiation = false +debug_level = "info" # "trace", "debug", "info", "warn", "error" + +# Development Settings +[tls.development] +accept_invalid_certs = false +accept_self_signed = true +skip_cert_verification = false +log_all_tls_traffic = false +enable_tls_debug = false + +# Load Balancer Integration +[tls.load_balancer] +proxy_protocol = false +real_ip_header = "X-Real-IP" +trusted_proxies = ["127.0.0.1", "::1"] +terminate_at_lb = false + +# Rate Limiting for TLS Handshakes +[tls.rate_limiting] +max_handshakes_per_second = 100 +max_handshakes_per_ip = 10 +handshake_timeout = 10 # seconds diff --git a/config/features/tls/dev.toml b/config/features/tls/dev.toml new file mode 100644 index 0000000..65a3485 --- /dev/null +++ b/config/features/tls/dev.toml @@ -0,0 +1,66 @@ +# TLS Feature Configuration - Development Environment +# Settings optimized for local development (usually disabled) + +[features] +tls = false + +# TLS Configuration - Development +[server.tls] +enabled = false +cert_path = "certs/dev/server.crt" +key_path = "certs/dev/server.key" +ca_path = "certs/dev/ca.crt" +protocols = ["TLSv1.2", "TLSv1.3"] +ciphers = [] # Use default cipher suite +cert_chain_path = "" + +# Self-signed certificate configuration for development +[tls.self_signed] +generate_on_startup = true +common_name = "localhost" +subject_alt_names = ["localhost", "127.0.0.1", "::1"] +key_size = 2048 +valid_days = 365 +organization = "Rustelo Dev" +country = "US" +state = "Development" +locality = "Local" + +# ACME/Let's Encrypt - Disabled for development +[tls.acme] +enabled = false +directory_url = "https://acme-staging-v02.api.letsencrypt.org/directory" +email = "dev@localhost" +domains = ["localhost"] +challenge_type = "http" +key_type = "rsa2048" + +# mTLS (Mutual TLS) - Disabled for development +[tls.mtls] +enabled = false +client_ca_path = "certs/dev/client-ca.crt" +verify_client_cert = false +require_client_cert = false + +# TLS Session Management - Basic for development +[tls.session] +timeout = 3600 # 1 hour +cache_size = 1000 +resumption_enabled = false + +# Security Settings - Relaxed for development +[tls.security] +min_version = "TLSv1.2" +max_version = "TLSv1.3" +prefer_server_ciphers = true +enable_sni = true +enable_ocsp_stapling = false +enable_hsts = false +hsts_max_age = 0 +hsts_include_subdomains = false + +# Development Settings +[tls.development] +allow_self_signed = true +skip_verification = true +log_handshake_errors = true diff --git a/config/features/tls/example.toml b/config/features/tls/example.toml new file mode 100644 index 0000000..f231d57 --- /dev/null +++ b/config/features/tls/example.toml @@ -0,0 +1,266 @@ +# TLS Feature Configuration - Example Environment +# Complete documentation of all SSL/TLS security options + +[features] +tls = true + +[tls] +enabled = true +force_https = true # Force HTTPS redirects +cert_file = "/etc/ssl/certs/example.crt" # TLS certificate file path +key_file = "/etc/ssl/private/example.key" # TLS private key file path +ca_file = "/etc/ssl/certs/ca-bundle.crt" # CA certificate bundle file path +cert_chain_file = "" # Certificate chain file (optional) +dhparam_file = "/etc/ssl/dhparam.pem" # Diffie-Hellman parameters file +protocols = ["TLSv1.2", "TLSv1.3"] # Supported TLS protocol versions +prefer_server_ciphers = true # Prefer server cipher order +session_timeout = 300 # TLS session timeout in seconds +session_cache_size = 20480 # TLS session cache size +session_tickets = false # Disable session tickets for security +renegotiation = false # Disable TLS renegotiation +compression = false # Disable TLS compression (CRIME attack) + +[tls.ciphers] +# Modern cipher suites for TLS 1.2 and 1.3 +cipher_suites = [ + # TLS 1.3 ciphers (most secure) + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "TLS_AES_128_GCM_SHA256", + + # TLS 1.2 ciphers (secure) + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-RSA-AES256-SHA384", + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256" +] + +# Cipher suite selection order +cipher_order = "server" # Use server cipher order preference +ecdh_curves = [ # Supported ECDH curves + "X25519", "prime256v1", "secp384r1" +] +signature_algorithms = [ # Supported signature algorithms + "rsa_pss_rsae_sha256", + "rsa_pss_rsae_sha384", + "rsa_pss_rsae_sha512", + "ecdsa_secp256r1_sha256", + "ecdsa_secp384r1_sha384", + "ecdsa_secp521r1_sha512", + "rsa_pkcs1_sha256", + "rsa_pkcs1_sha384", + "rsa_pkcs1_sha512" +] + +[tls.security] +# HTTP Strict Transport Security (HSTS) +hsts_enabled = true # Enable HSTS +hsts_max_age = 31536000 # HSTS max age (1 year) +hsts_include_subdomains = true # Include subdomains in HSTS +hsts_preload = true # Enable HSTS preload +hsts_header = "Strict-Transport-Security" # HSTS header name + +# Perfect Forward Secrecy +pfs_enabled = true # Enable Perfect Forward Secrecy +ephemeral_keys = true # Use ephemeral keys +key_exchange_algorithms = [ # Supported key exchange algorithms + "ECDHE", "DHE" +] + +# OCSP (Online Certificate Status Protocol) +ocsp_enabled = true # Enable OCSP +ocsp_stapling = true # Enable OCSP stapling +ocsp_must_staple = true # Require OCSP must-staple +ocsp_responder_url = "" # OCSP responder URL (auto-detect if empty) +ocsp_cache_timeout = 3600 # OCSP response cache timeout + +# Certificate Transparency +ct_enabled = true # Enable Certificate Transparency +ct_logs = [ # Certificate Transparency log URLs + "https://ct.googleapis.com/logs/argon2020/", + "https://ct.googleapis.com/logs/argon2021/", + "https://ct.googleapis.com/logs/argon2022/" +] +ct_sct_required = true # Require SCT (Signed Certificate Timestamp) + +[tls.certificates] +# Certificate management and validation +cert_validation = true # Enable certificate validation +verify_hostname = true # Verify hostname in certificate +verify_expiration = true # Verify certificate expiration +expiration_warning_days = 30 # Warn when certificate expires in N days +check_revocation = true # Check certificate revocation status +allow_self_signed = false # Allow self-signed certificates (dev only) +cert_store_path = "/etc/ssl/certs" # Certificate store path +trusted_ca_file = "/etc/ssl/certs/ca-certificates.crt" # Trusted CA file + +# Multi-domain certificates +sni_enabled = true # Enable Server Name Indication (SNI) +sni_strict = true # Strict SNI checking +default_cert = "/etc/ssl/certs/default.crt" # Default certificate +sni_certificates = [ + { hostname = "api.example.com", cert_file = "/etc/ssl/certs/api.example.com.crt", key_file = "/etc/ssl/private/api.example.com.key" }, + { hostname = "admin.example.com", cert_file = "/etc/ssl/certs/admin.example.com.crt", key_file = "/etc/ssl/private/admin.example.com.key" } +] # SNI certificate mappings + +[tls.auto_renewal] +enabled = true # Enable automatic certificate renewal +provider = "lets_encrypt" # Certificate provider: lets_encrypt, internal_ca +acme_enabled = true # Enable ACME protocol +acme_directory = "https://acme-v02.api.letsencrypt.org/directory" # ACME directory URL +acme_email = "admin@example.com" # ACME account email +acme_key_type = "ec256" # ACME key type: rsa2048, rsa4096, ec256, ec384 +acme_challenge = "http-01" # ACME challenge type: http-01, dns-01, tls-alpn-01 +renewal_threshold = 2592000 # Renewal threshold in seconds (30 days) +renewal_schedule = "0 2 * * *" # Renewal check schedule (daily at 2 AM) +backup_old_certs = true # Backup old certificates before renewal +post_renewal_hooks = [ # Commands to run after renewal + "systemctl reload nginx", + "curl -X POST https://example.com/webhook/cert-renewed" +] + +# DNS challenge configuration (for wildcard certificates) +dns_provider = "cloudflare" # DNS provider for DNS-01 challenge +dns_credentials = { api_token = "${CLOUDFLARE_API_TOKEN}", zone_id = "${CLOUDFLARE_ZONE_ID}" } +dns_propagation_timeout = 300 # DNS propagation timeout in seconds + +[tls.client_auth] +enabled = false # Enable client certificate authentication +require_client_cert = false # Require client certificates +verify_client_cert = true # Verify client certificates +client_ca_file = "/etc/ssl/certs/client-ca.crt" # Client CA certificate file +client_cert_store = "/etc/ssl/client-certs" # Client certificate store +revocation_check = true # Check client certificate revocation +crl_file = "/etc/ssl/crl/client-crl.pem" # Certificate Revocation List file +ocsp_client_check = true # OCSP check for client certificates + +# Client certificate policies +client_cert_policies = [ + { path = "/api/admin/*", require_cert = true, allowed_cas = ["internal-ca", "partner-ca"] }, + { path = "/api/public/*", require_cert = false, allowed_cas = [] } +] + +[tls.monitoring] +enabled = true # Enable TLS monitoring +health_checks = true # Enable TLS health checks +cert_expiry_monitoring = true # Monitor certificate expiry +cipher_monitoring = true # Monitor cipher usage +protocol_monitoring = true # Monitor protocol usage +handshake_monitoring = true # Monitor TLS handshakes +error_monitoring = true # Monitor TLS errors +performance_monitoring = true # Monitor TLS performance + +# Monitoring thresholds and alerts +# Monitoring thresholds and alerts +alert_thresholds = [ + { metric = "cert_expiry_days", value = 30, description = "Alert when certificate expires in N days" }, + { metric = "handshake_errors", value = 5.0, description = "Alert when handshake error rate > N%" }, + { metric = "weak_cipher_usage", value = 1.0, description = "Alert when weak cipher usage > N%" }, + { metric = "tls_version_compliance", value = 95.0, description = "Alert when modern TLS usage < N%" } +] + +# Monitoring endpoints +metrics_endpoint = "/metrics/tls" # TLS metrics endpoint +health_endpoint = "/health/tls" # TLS health check endpoint +status_endpoint = "/status/tls" # TLS status endpoint + +[tls.logging] +enabled = true # Enable TLS logging +log_level = "info" # Log level: error, warn, info, debug +log_file = "/var/log/rustelo/tls.log" # TLS log file path +log_format = "json" # Log format: json, plain +log_rotation = true # Enable log rotation +max_log_size = 104857600 # Maximum log file size (100MB) +max_log_files = 10 # Maximum log files to keep + +# What to log +log_handshakes = true # Log TLS handshakes +log_certificate_events = true # Log certificate events +log_errors = true # Log TLS errors +log_cipher_usage = false # Log cipher usage (verbose) +log_client_certs = true # Log client certificate events +log_performance = false # Log performance metrics (verbose) +log_security_events = true # Log security-related events + +[tls.performance] +enabled = true # Enable performance optimizations +session_resumption = true # Enable session resumption +session_cache = "shared" # Session cache type: off, builtin, shared +cache_size = 1048576 # Session cache size in bytes +cache_timeout = 300 # Session cache timeout in seconds +early_data = false # Enable TLS 1.3 early data (0-RTT) +max_early_data = 16384 # Maximum early data size +async_handshakes = true # Enable async TLS handshakes +handshake_timeout = 10 # Handshake timeout in seconds +buffer_size = 16384 # TLS buffer size +tcp_nodelay = true # Disable Nagle's algorithm for TLS +keepalive = true # Enable TCP keepalive for TLS connections + +[tls.compatibility] +# Compatibility settings for older clients +legacy_support = false # Enable legacy TLS support (not recommended) +min_tls_version = "1.2" # Minimum TLS version +max_tls_version = "1.3" # Maximum TLS version +fallback_scsv = true # Enable Fallback SCSV (RFC 7507) +secure_renegotiation = true # Enable secure renegotiation +client_renegotiation = false # Allow client-initiated renegotiation +compression_disabled = true # Disable TLS compression +rc4_disabled = true # Disable RC4 ciphers +weak_dh_disabled = true # Disable weak DH parameters +export_ciphers_disabled = true # Disable export ciphers +null_ciphers_disabled = true # Disable NULL ciphers +anonymous_ciphers_disabled = true # Disable anonymous ciphers + +[tls.testing] +enabled = false # Enable TLS testing (development only) +test_certificates = true # Use test certificates +self_signed_allowed = true # Allow self-signed certificates +weak_ciphers_allowed = false # Allow weak ciphers for testing +insecure_protocols_allowed = false # Allow insecure protocols for testing +certificate_validation_disabled = false # Disable certificate validation +hostname_verification_disabled = false # Disable hostname verification +test_client_certs = false # Use test client certificates +mock_ocsp_responses = false # Mock OCSP responses +ssl_labs_testing = false # Enable SSL Labs API testing + +[tls.compliance] +# Compliance with security standards +pci_dss_compliance = true # Enable PCI DSS compliance +fips_mode = false # Enable FIPS mode +common_criteria = false # Enable Common Criteria compliance +fedramp_compliance = false # Enable FedRAMP compliance +hipaa_compliance = false # Enable HIPAA compliance +gdpr_compliance = true # Enable GDPR compliance + +# Security policy enforcement +security_policy = "modern" # Security policy: modern, intermediate, legacy +policy_enforcement = "strict" # Policy enforcement: strict, moderate, relaxed +audit_mode = false # Enable audit mode (log violations only) +block_violations = true # Block policy violations +violation_logging = true # Log policy violations + +[tls.advanced] +# Advanced TLS configuration options +custom_extensions = [] # Custom TLS extensions +alpn_protocols = ["h2", "http/1.1"] # ALPN protocol list +npn_protocols = [] # NPN protocol list (deprecated) +key_update_enabled = true # Enable TLS 1.3 key updates +post_handshake_auth = false # Enable post-handshake authentication +record_size_limit = 16384 # TLS record size limit +max_fragment_length = 16384 # Maximum fragment length +heartbeat_enabled = false # Enable heartbeat extension (disabled for security) +ticket_keys_rotation = true # Enable ticket key rotation +psk_enabled = false # Enable pre-shared keys +external_psk = false # Enable external PSK +hybrid_encryption = false # Enable hybrid encryption (quantum-resistant) + +# Custom cipher suites for specific use cases +custom_cipher_suites = [] # Custom cipher suite configurations +cipher_suite_preferences = [] # Cipher suite preference overrides +protocol_preferences = [] # Protocol preference overrides diff --git a/config/features/tls/prod.toml b/config/features/tls/prod.toml new file mode 100644 index 0000000..97aeb43 --- /dev/null +++ b/config/features/tls/prod.toml @@ -0,0 +1,123 @@ +# TLS Feature Configuration - Production Environment +# Settings optimized for production security and performance + +[features] +tls = true + +# TLS Configuration - Production +[server.tls] +enabled = true +cert_path = "${TLS_CERT_PATH}" +key_path = "${TLS_KEY_PATH}" +ca_path = "${TLS_CA_PATH}" +protocols = ["TLSv1.3"] +ciphers = [ + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "TLS_AES_128_GCM_SHA256", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-AES128-GCM-SHA256" +] +cert_chain_path = "${TLS_CERT_CHAIN_PATH}" +dhparam_path = "${TLS_DHPARAM_PATH}" + +# Self-signed certificate configuration - Disabled for production +[tls.self_signed] +generate_on_startup = false +common_name = "" +subject_alt_names = [] +key_size = 4096 +valid_days = 90 +organization = "${COMPANY_NAME}" +country = "${COUNTRY_CODE}" +state = "${STATE}" +locality = "${CITY}" + +# ACME/Let's Encrypt - Production +[tls.acme] +enabled = true +directory_url = "https://acme-v02.api.letsencrypt.org/directory" +email = "${ACME_EMAIL}" +domains = ["${DOMAIN}", "www.${DOMAIN}"] +challenge_type = "http" +key_type = "ecdsa256" +auto_renew = true +renew_days_before_expiry = 30 +backup_count = 5 + +# mTLS (Mutual TLS) - Production +[tls.mtls] +enabled = false +client_ca_path = "${CLIENT_CA_PATH}" +verify_client_cert = false +require_client_cert = false +client_cert_header = "X-Client-Cert" + +# TLS Session Management - Production +[tls.session] +timeout = 300 # 5 minutes +cache_size = 10000 +resumption_enabled = true +session_tickets = true +session_ticket_key_rotation = 3600 # 1 hour + +# Security Settings - Strict for production +[tls.security] +min_version = "TLSv1.3" +max_version = "TLSv1.3" +prefer_server_ciphers = true +enable_sni = true +enable_ocsp_stapling = true +enable_hsts = true +hsts_max_age = 31536000 # 1 year +hsts_include_subdomains = true +hsts_preload = true + +# Certificate Monitoring - Production +[tls.monitoring] +enabled = true +check_expiry = true +expiry_warning_days = 30 +alert_email = "${ADMIN_EMAIL}" +certificate_transparency_logs = true + +# Performance Settings - Production +[tls.performance] +enable_http2 = true +enable_http3 = false +compression = false # Disabled for security (BREACH attack) +early_data = false # Disabled for security +buffer_size = 16384 +connection_pool_size = 1000 + +# Certificate Rotation - Production +[tls.rotation] +enabled = true +backup_old_certs = true +backup_directory = "certs/backup" +rotation_schedule = "0 2 * * 0" # Weekly at 2 AM Sunday +max_backup_age_days = 90 + +# Development Settings - Disabled for production +[tls.development] +allow_self_signed = false +skip_verification = false +log_handshake_errors = false + +# Compliance and Auditing - Production +[tls.compliance] +log_all_connections = true +log_certificate_details = true +audit_log_path = "logs/tls_audit.log" +retain_logs_days = 365 +pci_dss_compliant = true +fips_140_2_compliant = false + +# Load Balancer Integration - Production +[tls.load_balancer] +proxy_protocol = false +real_ip_header = "X-Real-IP" +forwarded_proto_header = "X-Forwarded-Proto" +trust_proxy_headers = true +trusted_proxies = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"] diff --git a/config/others/email.toml b/config/others/email.toml new file mode 100644 index 0000000..03bbeed --- /dev/null +++ b/config/others/email.toml @@ -0,0 +1,108 @@ +# Email Configuration +# This file contains email service configuration for different providers and environments + +[email] +# Enable/disable email functionality +enabled = true + +# Email provider: "smtp", "sendgrid", or "console" +# - smtp: Use SMTP server (Gmail, Outlook, etc.) +# - sendgrid: Use SendGrid API +# - console: Print emails to console (development only) +provider = "console" + +# Default sender information +from_email = "noreply@yourapp.com" +from_name = "Your App Name" + +# Template directory for email templates +template_dir = "templates/email" + +# SMTP Configuration (when provider = "smtp") +smtp_host = "smtp.gmail.com" +smtp_port = 587 +smtp_username = "your-email@gmail.com" +smtp_password = "your-app-password" +smtp_use_tls = false +smtp_use_starttls = true + +# SendGrid Configuration (when provider = "sendgrid") +sendgrid_api_key = "" +sendgrid_endpoint = "https://api.sendgrid.com/v3/mail/send" + +# Environment-specific overrides +[environments.development] +email.enabled = true +email.provider = "console" + +[environments.staging] +email.enabled = true +email.provider = "smtp" +email.smtp_host = "smtp.mailtrap.io" +email.smtp_port = 2525 +email.smtp_username = "your-mailtrap-username" +email.smtp_password = "your-mailtrap-password" + +[environments.production] +email.enabled = true +email.provider = "sendgrid" +email.sendgrid_api_key = "${SENDGRID_API_KEY}" +email.from_email = "noreply@yourdomain.com" +email.from_name = "Your Production App" + +# Email provider examples and setup instructions + +# === SMTP Providers === + +# Gmail SMTP (App Passwords required) +# smtp_host = "smtp.gmail.com" +# smtp_port = 587 +# smtp_username = "your-email@gmail.com" +# smtp_password = "your-16-char-app-password" +# smtp_use_starttls = true + +# Outlook/Hotmail SMTP +# smtp_host = "smtp-mail.outlook.com" +# smtp_port = 587 +# smtp_username = "your-email@outlook.com" +# smtp_password = "your-password" +# smtp_use_starttls = true + +# Custom SMTP Server +# smtp_host = "mail.yourdomain.com" +# smtp_port = 587 +# smtp_username = "noreply@yourdomain.com" +# smtp_password = "your-password" +# smtp_use_starttls = true + +# === SendGrid Setup === +# 1. Sign up at https://sendgrid.com +# 2. Create an API key in Settings > API Keys +# 3. Set the API key in sendgrid_api_key or SENDGRID_API_KEY environment variable +# 4. Verify your sender identity in Marketing > Sender Authentication + +# === Development Testing === +# For development, you can use: +# - Console provider (prints emails to terminal) +# - Mailtrap (https://mailtrap.io) for SMTP testing +# - MailHog (local SMTP testing server) + +# === Environment Variables === +# You can use environment variables in this config: +# ${VARIABLE_NAME} will be replaced with the environment variable value +# +# Common environment variables: +# - SMTP_HOST +# - SMTP_PORT +# - SMTP_USERNAME +# - SMTP_PASSWORD +# - SENDGRID_API_KEY +# - EMAIL_FROM_ADDRESS +# - EMAIL_FROM_NAME + +# === Security Notes === +# - Never commit real passwords or API keys to version control +# - Use environment variables for sensitive data in production +# - Enable 2FA and use app passwords for Gmail +# - Regularly rotate API keys and passwords +# - Monitor email sending quotas and limits diff --git a/config/others/rbac.env.example b/config/others/rbac.env.example new file mode 100644 index 0000000..59123f9 --- /dev/null +++ b/config/others/rbac.env.example @@ -0,0 +1,313 @@ +# RBAC (Role-Based Access Control) Configuration +# Copy this file to .env and configure for your environment + +# ============================================================================= +# RBAC Feature Flags +# ============================================================================= + +# Enable/disable RBAC system entirely (default: false) +ENABLE_RBAC=false + +# Database access control (requires ENABLE_RBAC=true) +ENABLE_RBAC_DATABASE=false + +# File system access control (requires ENABLE_RBAC=true) +ENABLE_RBAC_FILES=false + +# Content management access control (requires ENABLE_RBAC=true) +ENABLE_RBAC_CONTENT=false + +# API endpoint access control (requires ENABLE_RBAC=true) +ENABLE_RBAC_API=false + +# User categories feature (requires ENABLE_RBAC=true) +ENABLE_RBAC_CATEGORIES=false + +# User tags feature (requires ENABLE_RBAC=true) +ENABLE_RBAC_TAGS=false + +# Permission caching (improves performance, requires ENABLE_RBAC=true) +ENABLE_RBAC_CACHING=false + +# Access audit logging (requires ENABLE_RBAC=true) +ENABLE_RBAC_AUDIT=false + +# TOML configuration file loading (requires ENABLE_RBAC=true) +ENABLE_RBAC_TOML_CONFIG=false + +# Hierarchical permissions (categories/tags inheritance) +ENABLE_RBAC_HIERARCHICAL=false + +# Dynamic rule evaluation +ENABLE_RBAC_DYNAMIC_RULES=false + +# ============================================================================= +# RBAC Configuration Paths +# ============================================================================= + +# Path to RBAC TOML configuration file +RBAC_CONFIG_PATH=config/rbac.toml + +# Path to RBAC database migrations +RBAC_MIGRATIONS_PATH=migrations/rbac + +# ============================================================================= +# Core Authentication (always required) +# ============================================================================= + +# Enable basic authentication system +ENABLE_AUTH=true + +# Enable JWT token authentication +ENABLE_JWT=true + +# Enable OAuth providers (Google, GitHub, etc.) +ENABLE_OAUTH=false + +# Enable two-factor authentication +ENABLE_2FA=false + +# Enable session management +ENABLE_SESSIONS=true + +# Enable password reset functionality +ENABLE_PASSWORD_RESET=true + +# Enable email verification +ENABLE_EMAIL_VERIFICATION=false + +# ============================================================================= +# Database Configuration +# ============================================================================= + +# Database connection string +DATABASE_URL=postgresql://username:password@localhost:5432/rustelo_dev + +# Database pool settings +DATABASE_MAX_CONNECTIONS=20 +DATABASE_MIN_CONNECTIONS=5 +DATABASE_CONNECTION_TIMEOUT=30 +DATABASE_IDLE_TIMEOUT=600 +DATABASE_MAX_LIFETIME=1800 + +# ============================================================================= +# Server Configuration +# ============================================================================= + +# Server host and port +SERVER_HOST=127.0.0.1 +SERVER_PORT=3030 +SERVER_PROTOCOL=http + +# Environment (development/production) +ENVIRONMENT=development + +# ============================================================================= +# Security Configuration +# ============================================================================= + +# JWT secret key (change in production!) +JWT_SECRET=your-super-secret-jwt-key-change-this-in-production + +# Session secret (change in production!) +SESSION_SECRET=your-session-secret-key-change-this-in-production + +# Enable CSRF protection +ENABLE_CSRF=true + +# Enable rate limiting +ENABLE_RATE_LIMITING=true + +# Rate limiting settings +RATE_LIMIT_REQUESTS=100 +RATE_LIMIT_WINDOW=60 + +# Bcrypt cost for password hashing +BCRYPT_COST=12 + +# ============================================================================= +# Content Management Features +# ============================================================================= + +# Enable content management system +ENABLE_CONTENT=true + +# Enable markdown rendering +ENABLE_MARKDOWN=true + +# Enable syntax highlighting +ENABLE_SYNTAX_HIGHLIGHTING=false + +# Enable file uploads +ENABLE_FILE_UPLOADS=true + +# Enable content versioning +ENABLE_CONTENT_VERSIONING=false + +# Enable content scheduling +ENABLE_CONTENT_SCHEDULING=false + +# Enable SEO features +ENABLE_SEO=true + +# ============================================================================= +# Performance Features +# ============================================================================= + +# Enable response caching +ENABLE_CACHING=true + +# Enable database query caching +ENABLE_QUERY_CACHING=true + +# Enable compression +ENABLE_COMPRESSION=true + +# Enable connection pooling +ENABLE_CONNECTION_POOLING=true + +# Enable lazy loading +ENABLE_LAZY_LOADING=false + +# Enable background tasks +ENABLE_BACKGROUND_TASKS=true + +# ============================================================================= +# Logging Configuration +# ============================================================================= + +# Log level (trace, debug, info, warn, error) +LOG_LEVEL=info +RUST_LOG=info + +# Enable console logging +ENABLE_CONSOLE_LOGGING=true + +# Enable file logging +ENABLE_FILE_LOGGING=false + +# Log file path +LOG_FILE_PATH=logs/app.log + +# ============================================================================= +# TLS/HTTPS Configuration +# ============================================================================= + +# Enable TLS/HTTPS +ENABLE_TLS=false + +# TLS certificate paths (when ENABLE_TLS=true) +TLS_CERT_PATH=certs/cert.pem +TLS_KEY_PATH=certs/key.pem + +# ============================================================================= +# OAuth Configuration (when ENABLE_OAUTH=true) +# ============================================================================= + +# Google OAuth +GOOGLE_CLIENT_ID=your-google-client-id +GOOGLE_CLIENT_SECRET=your-google-client-secret +GOOGLE_REDIRECT_URI=http://localhost:3030/auth/google/callback + +# GitHub OAuth +GITHUB_CLIENT_ID=your-github-client-id +GITHUB_CLIENT_SECRET=your-github-client-secret +GITHUB_REDIRECT_URI=http://localhost:3030/auth/github/callback + +# ============================================================================= +# Email Configuration (when email features are enabled) +# ============================================================================= + +# Enable email functionality +ENABLE_EMAIL=false + +# SMTP settings +SMTP_HOST=smtp.gmail.com +SMTP_PORT=587 +SMTP_USERNAME=your-email@gmail.com +SMTP_PASSWORD=your-app-password +FROM_EMAIL=noreply@yourapp.com +FROM_NAME=Your App + +# ============================================================================= +# Redis Configuration (optional) +# ============================================================================= + +# Enable Redis for caching/sessions +ENABLE_REDIS=false + +# Redis connection +REDIS_URL=redis://localhost:6379 +REDIS_POOL_SIZE=10 +REDIS_CONNECTION_TIMEOUT=5 +REDIS_COMMAND_TIMEOUT=5 + +# ============================================================================= +# Custom Feature Flags +# ============================================================================= + +# Add your custom feature flags here +# ENABLE_MY_CUSTOM_FEATURE=false +# ENABLE_ANALYTICS=false +# ENABLE_NOTIFICATIONS=false + +# ============================================================================= +# RBAC Example Configurations +# ============================================================================= + +# Example 1: Minimal RBAC (only basic categories) +# ENABLE_RBAC=true +# ENABLE_RBAC_CATEGORIES=true +# ENABLE_RBAC_CACHING=true + +# Example 2: Database-focused RBAC +# ENABLE_RBAC=true +# ENABLE_RBAC_DATABASE=true +# ENABLE_RBAC_CATEGORIES=true +# ENABLE_RBAC_TAGS=true +# ENABLE_RBAC_CACHING=true +# ENABLE_RBAC_AUDIT=true + +# Example 3: Full RBAC with all features +# ENABLE_RBAC=true +# ENABLE_RBAC_DATABASE=true +# ENABLE_RBAC_FILES=true +# ENABLE_RBAC_CONTENT=true +# ENABLE_RBAC_API=true +# ENABLE_RBAC_CATEGORIES=true +# ENABLE_RBAC_TAGS=true +# ENABLE_RBAC_CACHING=true +# ENABLE_RBAC_AUDIT=true +# ENABLE_RBAC_TOML_CONFIG=true +# ENABLE_RBAC_HIERARCHICAL=true +# ENABLE_RBAC_DYNAMIC_RULES=true + +# Example 4: Content management with RBAC +# ENABLE_RBAC=true +# ENABLE_RBAC_CONTENT=true +# ENABLE_RBAC_FILES=true +# ENABLE_RBAC_CATEGORIES=true +# ENABLE_RBAC_TAGS=true +# ENABLE_CONTENT=true +# ENABLE_FILE_UPLOADS=true + +# ============================================================================= +# Development vs Production Settings +# ============================================================================= + +# Development settings (copy these for development) +# ENVIRONMENT=development +# LOG_LEVEL=debug +# ENABLE_CSRF=false +# ENABLE_TLS=false +# DATABASE_URL=postgresql://dev:dev@localhost:5432/rustelo_dev + +# Production settings (copy these for production) +# ENVIRONMENT=production +# LOG_LEVEL=warn +# ENABLE_CSRF=true +# ENABLE_TLS=true +# ENABLE_RATE_LIMITING=true +# DATABASE_URL=postgresql://prod_user:secure_password@db.example.com:5432/rustelo_prod +# JWT_SECRET=very-long-random-secure-key-for-production +# SESSION_SECRET=another-very-long-random-secure-key-for-production diff --git a/config/scripts/build-config.sh b/config/scripts/build-config.sh new file mode 100755 index 0000000..4b05c0e --- /dev/null +++ b/config/scripts/build-config.sh @@ -0,0 +1,331 @@ +#!/bin/bash + +# Configuration Builder Script +# Combines base configurations and feature configurations into a complete config.toml +# Usage: ./build-config.sh [environment] [output_file] +# Example: ./build-config.sh dev config.toml + +set -e + +# Default values +ENVIRONMENT="${1:-dev}" +OUTPUT_FILE="${2:-config.toml}" +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONFIG_DIR="$(dirname "$SCRIPT_DIR")" +PROJECT_ROOT="$(dirname "$CONFIG_DIR")" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Logging functions +log_info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${NC} $1" +} + +log_warning() { + echo -e "${YELLOW}[WARNING]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# Check if environment is valid +check_environment() { + local env="$1" + case "$env" in + dev|prod|example) + return 0 + ;; + *) + log_error "Invalid environment: $env" + log_error "Valid environments: dev, prod, example" + exit 1 + ;; + esac +} + +# Check if required tools are installed +check_dependencies() { + local missing_tools=() + + if ! command -v toml &> /dev/null; then + missing_tools+=("toml") + fi + + if [ ${#missing_tools[@]} -ne 0 ]; then + log_warning "Missing optional tools: ${missing_tools[*]}" + log_warning "For better TOML validation, install: cargo install toml-cli" + fi +} + +# Create temporary directory for processing +create_temp_dir() { + TEMP_DIR=$(mktemp -d) + trap "rm -rf $TEMP_DIR" EXIT + log_info "Created temporary directory: $TEMP_DIR" +} + +# Copy base configuration +copy_base_config() { + local env="$1" + local base_file="$CONFIG_DIR/base/${env}.toml" + + if [ -f "$base_file" ]; then + log_info "Copying base configuration: $base_file" + cp "$base_file" "$TEMP_DIR/base.toml" + else + log_error "Base configuration not found: $base_file" + exit 1 + fi +} + +# Find and copy feature configurations +copy_feature_configs() { + local env="$1" + local features_dir="$CONFIG_DIR/features" + + if [ ! -d "$features_dir" ]; then + log_error "Features directory not found: $features_dir" + exit 1 + fi + + log_info "Copying feature configurations for environment: $env" + + # Create features directory in temp + mkdir -p "$TEMP_DIR/features" + + # Find all feature directories + for feature_dir in "$features_dir"/*; do + if [ -d "$feature_dir" ]; then + local feature_name=$(basename "$feature_dir") + local feature_file="$feature_dir/${env}.toml" + + if [ -f "$feature_file" ]; then + log_info " Found feature: $feature_name" + cp "$feature_file" "$TEMP_DIR/features/${feature_name}.toml" + else + log_warning " Feature configuration not found: $feature_file" + fi + fi + done +} + +# Merge configurations using a simple approach +merge_configs() { + local output="$1" + + log_info "Merging configurations..." + + # Start with base configuration + cat "$TEMP_DIR/base.toml" > "$output" + + # Add a separator comment + echo "" >> "$output" + echo "# =================================" >> "$output" + echo "# Feature Configurations" >> "$output" + echo "# =================================" >> "$output" + echo "" >> "$output" + + # Append each feature configuration + for feature_file in "$TEMP_DIR/features"/*.toml; do + if [ -f "$feature_file" ]; then + local feature_name=$(basename "$feature_file" .toml) + echo "" >> "$output" + echo "# ${feature_name} Feature Configuration" >> "$output" + echo "# =================================" >> "$output" + cat "$feature_file" >> "$output" + echo "" >> "$output" + fi + done + + # Add build information + echo "" >> "$output" + echo "# Build Information" >> "$output" + echo "# =================================" >> "$output" + echo "[build_info]" >> "$output" + echo "environment = \"$ENVIRONMENT\"" >> "$output" + echo "build_time = \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"" >> "$output" + echo "build_script = \"$(basename "$0")\"" >> "$output" + echo "config_version = \"1.0.0\"" >> "$output" +} + +# Validate the generated configuration +validate_config() { + local config_file="$1" + + log_info "Validating configuration..." + + # Basic validation - check if file exists and is not empty + if [ ! -f "$config_file" ]; then + log_error "Configuration file not found: $config_file" + return 1 + fi + + if [ ! -s "$config_file" ]; then + log_error "Configuration file is empty: $config_file" + return 1 + fi + + # Advanced validation with toml tool if available + if command -v toml &> /dev/null; then + if toml get "$config_file" > /dev/null 2>&1; then + log_success "TOML syntax validation passed" + else + log_error "TOML syntax validation failed" + return 1 + fi + else + log_warning "TOML validation tool not available, skipping syntax check" + fi + + # Check for required sections + local required_sections=("server" "database" "app") + for section in "${required_sections[@]}"; do + if grep -q "^\[${section}\]" "$config_file"; then + log_info " Required section found: [$section]" + else + log_warning " Required section missing: [$section]" + fi + done + + return 0 +} + +# Generate summary of the build +generate_summary() { + local config_file="$1" + + log_info "Configuration build summary:" + log_info " Environment: $ENVIRONMENT" + log_info " Output file: $config_file" + log_info " File size: $(du -h "$config_file" | cut -f1)" + log_info " Line count: $(wc -l < "$config_file")" + + # Count features + local feature_count=$(grep -c "# .* Feature Configuration" "$config_file" 2>/dev/null || echo "0") + log_info " Features included: $feature_count" + + # List features + if [ "$feature_count" -gt 0 ]; then + log_info " Feature list:" + grep "# .* Feature Configuration" "$config_file" | sed 's/# \(.*\) Feature Configuration/ - \1/' || true + fi +} + +# Backup existing configuration +backup_existing_config() { + local config_file="$1" + + if [ -f "$config_file" ]; then + local backup_file="${config_file}.backup.$(date +%Y%m%d_%H%M%S)" + log_info "Backing up existing configuration to: $backup_file" + cp "$config_file" "$backup_file" + fi +} + +# Show help +show_help() { + cat << EOF +Configuration Builder Script + +USAGE: + $0 [ENVIRONMENT] [OUTPUT_FILE] + +ARGUMENTS: + ENVIRONMENT Target environment (dev, prod, example). Default: dev + OUTPUT_FILE Output configuration file. Default: config.toml + +EXAMPLES: + $0 # Build dev config to config.toml + $0 prod # Build prod config to config.toml + $0 dev config.dev.toml # Build dev config to config.dev.toml + $0 prod config.prod.toml # Build prod config to config.prod.toml + +DESCRIPTION: + This script combines base configurations and feature-specific configurations + into a complete TOML configuration file for the specified environment. + + The script looks for: + - Base configuration: config/base/[environment].toml + - Feature configurations: config/features/[feature]/[environment].toml + +ENVIRONMENT VARIABLES: + CONFIG_DEBUG=1 Enable debug output + CONFIG_NO_BACKUP=1 Skip backup of existing configuration + CONFIG_VALIDATE_ONLY=1 Only validate, don't build + +EOF +} + +# Main function +main() { + # Parse arguments + if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + show_help + exit 0 + fi + + # Enable debug if requested + if [ "${CONFIG_DEBUG:-0}" = "1" ]; then + set -x + fi + + log_info "Starting configuration build process..." + log_info "Environment: $ENVIRONMENT" + log_info "Output file: $OUTPUT_FILE" + + # Check environment + check_environment "$ENVIRONMENT" + + # Check dependencies + check_dependencies + + # Create temporary directory + create_temp_dir + + # Copy base configuration + copy_base_config "$ENVIRONMENT" + + # Copy feature configurations + copy_feature_configs "$ENVIRONMENT" + + # Backup existing configuration if not disabled + if [ "${CONFIG_NO_BACKUP:-0}" != "1" ]; then + backup_existing_config "$OUTPUT_FILE" + fi + + # If validation only, validate temp config and exit + if [ "${CONFIG_VALIDATE_ONLY:-0}" = "1" ]; then + merge_configs "$TEMP_DIR/validation.toml" + validate_config "$TEMP_DIR/validation.toml" + log_success "Configuration validation completed" + exit 0 + fi + + # Merge configurations + merge_configs "$OUTPUT_FILE" + + # Validate the generated configuration + if ! validate_config "$OUTPUT_FILE"; then + log_error "Configuration validation failed" + exit 1 + fi + + # Generate summary + generate_summary "$OUTPUT_FILE" + + log_success "Configuration build completed successfully!" + log_info "Configuration file: $OUTPUT_FILE" +} + +# Run main function +main "$@" diff --git a/config/scripts/debug-manage.sh b/config/scripts/debug-manage.sh new file mode 100755 index 0000000..4c8397c --- /dev/null +++ b/config/scripts/debug-manage.sh @@ -0,0 +1,223 @@ +#!/bin/bash + +# Debug version of configuration management script +set -e + +# Script configuration +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONFIG_DIR="$(dirname "$SCRIPT_DIR")" +PROJECT_ROOT="$(dirname "$CONFIG_DIR")" +BACKUP_DIR="$CONFIG_DIR/backups" +ENVIRONMENTS=("dev" "prod" "example") + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Logging functions +log_info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${NC} $1" +} + +log_warning() { + echo -e "${YELLOW}[WARNING]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# Test function +test_basics() { + echo "=== Configuration Management Debug ===" + echo "SCRIPT_DIR: $SCRIPT_DIR" + echo "CONFIG_DIR: $CONFIG_DIR" + echo "PROJECT_ROOT: $PROJECT_ROOT" + echo "BACKUP_DIR: $BACKUP_DIR" + echo "" +} + +# List available features +cmd_list_features() { + log_info "Available features:" + + if [ -d "$CONFIG_DIR/features" ]; then + for feature_dir in "$CONFIG_DIR/features"/*; do + if [ -d "$feature_dir" ]; then + feature_name=$(basename "$feature_dir") + log_info " - $feature_name" + + # Show available environments for this feature + envs=() + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$feature_dir/$env.toml" ]; then + envs+=("$env") + fi + done + + if [ ${#envs[@]} -gt 0 ]; then + log_info " Environments: ${envs[*]}" + fi + fi + done + else + log_error "Features directory not found: $CONFIG_DIR/features" + return 1 + fi +} + +# List available environments +cmd_list_environments() { + log_info "Available environments:" + + for env in "${ENVIRONMENTS[@]}"; do + log_info " - $env" + + # Check if base configuration exists + if [ -f "$CONFIG_DIR/base/$env.toml" ]; then + log_info " Base config: ✓" + else + log_info " Base config: ✗" + fi + + # Count available features + feature_count=0 + if [ -d "$CONFIG_DIR/features" ]; then + for feature_dir in "$CONFIG_DIR/features"/*; do + if [ -d "$feature_dir" ] && [ -f "$feature_dir/$env.toml" ]; then + ((feature_count++)) + fi + done + fi + log_info " Available features: $feature_count" + done +} + +# Build configuration +cmd_build() { + env="$1" + output="${2:-config.toml}" + + if [ -z "$env" ]; then + log_error "Environment required for build command" + return 1 + fi + + log_info "Building configuration for environment: $env" + "$SCRIPT_DIR/build-config.sh" "$env" "$output" +} + +# Show status +cmd_status() { + log_info "Configuration system status:" + + # Check directories + log_info "Directories:" + for dir in base features scripts; do + if [ -d "$CONFIG_DIR/$dir" ]; then + log_info " $dir: ✓" + else + log_info " $dir: ✗" + fi + done + + # Check base configurations + log_info "Base configurations:" + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$CONFIG_DIR/base/$env.toml" ]; then + log_info " $env: ✓" + else + log_info " $env: ✗" + fi + done + + # Check features + log_info "Features:" + if [ -d "$CONFIG_DIR/features" ]; then + for feature_dir in "$CONFIG_DIR/features"/*; do + if [ -d "$feature_dir" ]; then + feature_name=$(basename "$feature_dir") + env_count=0 + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$feature_dir/$env.toml" ]; then + ((env_count++)) + fi + done + log_info " $feature_name: $env_count/${#ENVIRONMENTS[@]} environments" + fi + done + fi +} + +# Show help +show_help() { + cat << EOF +Debug Configuration Management Script + +USAGE: + $0 [COMMAND] + +COMMANDS: + list-features List available features + list-environments List available environments + build ENV [OUTPUT] Build configuration for environment + status Show configuration status + test Run basic tests + help Show this help message + +EXAMPLES: + $0 list-features + $0 list-environments + $0 build dev + $0 status + $0 test + +EOF +} + +# Main function +main() { + command="$1" + shift + + case "$command" in + list-features) + cmd_list_features + ;; + list-environments) + cmd_list_environments + ;; + build) + cmd_build "$@" + ;; + status) + cmd_status + ;; + test) + test_basics + cmd_list_features + echo "" + cmd_list_environments + echo "" + cmd_status + ;; + help|"") + show_help + ;; + *) + log_error "Unknown command: $command" + show_help + exit 1 + ;; + esac +} + +# Run main function +main "$@" diff --git a/config/scripts/demo-config.sh b/config/scripts/demo-config.sh new file mode 100755 index 0000000..3510df7 --- /dev/null +++ b/config/scripts/demo-config.sh @@ -0,0 +1,293 @@ +#!/bin/bash + +# Configuration System Demonstration Script +# Shows the new modular configuration system in action +# Usage: ./demo-config.sh + +set -e + +# Script configuration +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONFIG_DIR="$(dirname "$SCRIPT_DIR")" +PROJECT_ROOT="$(dirname "$CONFIG_DIR")" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +PURPLE='\033[0;35m' +CYAN='\033[0;36m' +BOLD='\033[1m' +NC='\033[0m' # No Color + +# Print functions +print_header() { + echo -e "\n${BOLD}${BLUE}================================${NC}" + echo -e "${BOLD}${BLUE}$1${NC}" + echo -e "${BOLD}${BLUE}================================${NC}\n" +} + +print_section() { + echo -e "\n${BOLD}${CYAN}--- $1 ---${NC}" +} + +print_success() { + echo -e "${GREEN}✓${NC} $1" +} + +print_info() { + echo -e "${BLUE}ℹ${NC} $1" +} + +print_warning() { + echo -e "${YELLOW}⚠${NC} $1" +} + +print_error() { + echo -e "${RED}✗${NC} $1" +} + +# Main demonstration +main() { + print_header "Rustelo Configuration System Demo" + + echo "This demonstration shows the new modular configuration system" + echo "that separates features into environment-specific configurations." + echo "" + echo "The system provides:" + echo " • Environment-specific settings (dev, prod, example)" + echo " • Feature-based configuration modules" + echo " • Automatic configuration building and validation" + echo " • Backup and management utilities" + + print_section "Configuration Structure" + echo "Current configuration directory structure:" + echo "" + tree "$CONFIG_DIR" -I "__pycache__|*.pyc|*.backup*" 2>/dev/null || { + find "$CONFIG_DIR" -type f -name "*.toml" -o -name "*.sh" -o -name "*.py" | head -20 + } + + print_section "Available Features" + echo "Features configured in the system:" + echo "" + + local features_dir="$CONFIG_DIR/features" + if [ -d "$features_dir" ]; then + for feature_dir in "$features_dir"/*; do + if [ -d "$feature_dir" ]; then + local feature_name=$(basename "$feature_dir") + local env_count=0 + local env_list="" + + for env_file in "$feature_dir"/*.toml; do + if [ -f "$env_file" ]; then + env_count=$((env_count + 1)) + local env_name=$(basename "$env_file" .toml) + env_list="$env_list $env_name" + fi + done + + printf " %-12s → %d environments (%s)\n" "$feature_name" "$env_count" "$env_list" + fi + done + fi + + print_section "Building Development Configuration" + echo "Building configuration for development environment..." + echo "" + + local dev_config="demo_config_dev.toml" + if "$SCRIPT_DIR/build-config.sh" dev "$dev_config"; then + print_success "Development configuration built successfully" + + # Show some statistics + local file_size=$(du -h "$dev_config" | cut -f1) + local line_count=$(wc -l < "$dev_config") + local section_count=$(grep -c "^\[.*\]" "$dev_config") + + echo "" + echo "Development Configuration Stats:" + echo " • File size: $file_size" + echo " • Lines: $line_count" + echo " • Sections: $section_count" + + echo "" + echo "Sample configuration sections:" + echo "" + grep "^\[.*\]" "$dev_config" | head -10 | sed 's/^/ /' + else + print_error "Failed to build development configuration" + fi + + print_section "Building Production Configuration" + echo "Building configuration for production environment..." + echo "" + + local prod_config="demo_config_prod.toml" + if "$SCRIPT_DIR/build-config.sh" prod "$prod_config"; then + print_success "Production configuration built successfully" + + # Show some statistics + local file_size=$(du -h "$prod_config" | cut -f1) + local line_count=$(wc -l < "$prod_config") + local section_count=$(grep -c "^\[.*\]" "$prod_config") + + echo "" + echo "Production Configuration Stats:" + echo " • File size: $file_size" + echo " • Lines: $line_count" + echo " • Sections: $section_count" + else + print_error "Failed to build production configuration" + fi + + print_section "Configuration Comparison" + echo "Comparing development vs production configurations:" + echo "" + + if [ -f "$dev_config" ] && [ -f "$prod_config" ]; then + echo "Environment Differences:" + echo "" + + # Extract key differences + echo "Development specific settings:" + grep -E "(debug|log_level|localhost|127\.0\.0\.1)" "$dev_config" | head -5 | sed 's/^/ /' + + echo "" + echo "Production specific settings:" + grep -E "(https|ssl|encryption|backup)" "$prod_config" | head -5 | sed 's/^/ /' + + echo "" + echo "Size comparison:" + echo " • Dev config: $(wc -l < "$dev_config") lines" + echo " • Prod config: $(wc -l < "$prod_config") lines" + echo " • Difference: $(($(wc -l < "$prod_config") - $(wc -l < "$dev_config"))) lines" + fi + + print_section "Feature Configuration Examples" + echo "Sample feature configurations:" + echo "" + + # Show auth feature differences + if [ -f "$CONFIG_DIR/features/auth/dev.toml" ] && [ -f "$CONFIG_DIR/features/auth/prod.toml" ]; then + echo "Authentication Feature:" + echo " Development:" + grep -E "(max_login_attempts|lockout_duration)" "$CONFIG_DIR/features/auth/dev.toml" | head -2 | sed 's/^/ /' + echo " Production:" + grep -E "(max_login_attempts|lockout_duration)" "$CONFIG_DIR/features/auth/prod.toml" | head -2 | sed 's/^/ /' + echo "" + fi + + # Show TLS feature differences + if [ -f "$CONFIG_DIR/features/tls/dev.toml" ] && [ -f "$CONFIG_DIR/features/tls/prod.toml" ]; then + echo "TLS Feature:" + echo " Development:" + grep -E "(tls = |enabled = )" "$CONFIG_DIR/features/tls/dev.toml" | head -2 | sed 's/^/ /' + echo " Production:" + grep -E "(tls = |enabled = )" "$CONFIG_DIR/features/tls/prod.toml" | head -2 | sed 's/^/ /' + echo "" + fi + + print_section "Configuration Validation" + echo "Validating built configurations..." + echo "" + + # Basic validation + local validation_passed=0 + local validation_total=0 + + for config in "$dev_config" "$prod_config"; do + if [ -f "$config" ]; then + validation_total=$((validation_total + 1)) + + # Check for required sections + local required_sections=("server" "database" "app") + local config_name=$(basename "$config" .toml) + + echo "Validating $config_name:" + + local section_issues=0 + for section in "${required_sections[@]}"; do + if grep -q "^\[${section}\]" "$config"; then + echo " ✓ Section [$section] present" + else + echo " ✗ Section [$section] missing" + section_issues=$((section_issues + 1)) + fi + done + + if [ $section_issues -eq 0 ]; then + validation_passed=$((validation_passed + 1)) + print_success "$config_name validation passed" + else + print_error "$config_name validation failed" + fi + echo "" + fi + done + + print_section "Build Information" + echo "Configuration build metadata:" + echo "" + + if [ -f "$dev_config" ]; then + echo "Development build info:" + grep -A 5 "^\[build_info\]" "$dev_config" | sed 's/^/ /' + echo "" + fi + + print_section "Usage Examples" + echo "How to use the configuration system:" + echo "" + echo "1. Build configuration for development:" + echo " ./config/scripts/build-config.sh dev" + echo "" + echo "2. Build configuration for production:" + echo " ./config/scripts/build-config.sh prod config.prod.toml" + echo "" + echo "3. Validate configuration:" + echo " ./config/scripts/manage-config.sh validate dev" + echo "" + echo "4. Compare configurations:" + echo " ./config/scripts/manage-config.sh diff dev prod" + echo "" + echo "5. Create new feature:" + echo " ./config/scripts/manage-config.sh template my_feature" + echo "" + echo "6. Show system status:" + echo " ./config/scripts/manage-config.sh status" + + print_section "Cleanup" + echo "Cleaning up demo files..." + + # Clean up demo files + rm -f "$dev_config" "$prod_config" + print_success "Demo files cleaned up" + + print_header "Demo Complete" + echo "The new configuration system provides:" + echo "" + echo "✓ Environment-specific configurations" + echo "✓ Feature-based modularity" + echo "✓ Automatic building and validation" + echo "✓ Easy management and maintenance" + echo "✓ Backup and recovery capabilities" + echo "" + echo "For more information, see:" + echo " • config/README.md - Complete documentation" + echo " • config/scripts/ - Available management scripts" + echo " • config/features/ - Feature configuration modules" + echo "" + print_success "Configuration system is ready to use!" +} + +# Check if we're in the right directory +if [ ! -d "$CONFIG_DIR" ]; then + print_error "Configuration directory not found: $CONFIG_DIR" + echo "Please run this script from the project root directory." + exit 1 +fi + +# Run the demonstration +main "$@" diff --git a/config/scripts/manage-config.sh b/config/scripts/manage-config.sh new file mode 100755 index 0000000..106193a --- /dev/null +++ b/config/scripts/manage-config.sh @@ -0,0 +1,655 @@ +#!/bin/bash + +# Configuration Management Script for Rustelo +# Provides commands to manage, validate, and deploy configurations +# Usage: ./manage-config.sh [command] [options] + +set -e + +# Script configuration +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONFIG_DIR="$(dirname "$SCRIPT_DIR")" +PROJECT_ROOT="$(dirname "$CONFIG_DIR")" +BACKUP_DIR="$CONFIG_DIR/backups" +ENVIRONMENTS=("dev" "prod" "example") + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +PURPLE='\033[0;35m' +CYAN='\033[0;36m' +NC='\033[0m' # No Color + +# Logging functions +log_info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${NC} $1" +} + +log_warning() { + echo -e "${YELLOW}[WARNING]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +log_debug() { + if [ "${DEBUG:-0}" = "1" ]; then + echo -e "${PURPLE}[DEBUG]${NC} $1" + fi +} + +# Show help +show_help() { + cat << EOF +Configuration Management Script for Rustelo + +USAGE: + $0 [COMMAND] [OPTIONS] + +COMMANDS: + build ENV [OUTPUT] Build configuration for environment + validate ENV Validate configuration for environment + list-features List available features + list-environments List available environments + backup ENV Backup existing configuration + restore BACKUP_FILE Restore configuration from backup + diff ENV1 ENV2 Compare configurations between environments + template FEATURE Create new feature template + clean Clean generated configurations + status Show configuration status + help Show this help message + +ENVIRONMENTS: + dev Development environment + prod Production environment + example Example/template environment + +OPTIONS: + --debug Enable debug output + --dry-run Show what would be done without executing + --force Force operation without confirmation + --quiet Suppress non-error output + --backup-dir DIR Use custom backup directory + +EXAMPLES: + $0 build dev # Build dev configuration + $0 build prod config.prod.toml # Build prod config with custom name + $0 validate dev # Validate dev configuration + $0 diff dev prod # Compare dev and prod configurations + $0 backup prod # Backup prod configuration + $0 template auth # Create new auth feature template + $0 clean # Clean all generated configs + $0 status # Show configuration status + +ENVIRONMENT VARIABLES: + CONFIG_DEBUG=1 Enable debug output + CONFIG_QUIET=1 Suppress non-error output + CONFIG_FORCE=1 Force operations without confirmation + CONFIG_BACKUP_DIR=path Custom backup directory + +EOF +} + +# Parse command line arguments +parse_args() { + COMMAND="" + ENV="" + OUTPUT="" + DEBUG="${DEBUG:-0}" + DRY_RUN="${DRY_RUN:-0}" + FORCE="${FORCE:-0}" + QUIET="${QUIET:-0}" + BACKUP_DIR_OVERRIDE="" + + while [[ $# -gt 0 ]]; do + case $1 in + --debug) + DEBUG=1 + shift + ;; + --dry-run) + DRY_RUN=1 + shift + ;; + --force) + FORCE=1 + shift + ;; + --quiet) + QUIET=1 + shift + ;; + --backup-dir) + BACKUP_DIR_OVERRIDE="$2" + shift 2 + ;; + build|validate|backup|restore|diff|template|clean|status|list-features|list-environments|help) + COMMAND="$1" + shift + ;; + *) + if [ -z "$ENV" ]; then + ENV="$1" + elif [ -z "$OUTPUT" ]; then + OUTPUT="$1" + else + log_error "Unknown argument: $1" + exit 1 + fi + shift + ;; + esac + done + + # Override backup directory if specified + if [ -n "$BACKUP_DIR_OVERRIDE" ]; then + BACKUP_DIR="$BACKUP_DIR_OVERRIDE" + fi + + # Apply environment variables + [ "${CONFIG_DEBUG:-0}" = "1" ] && DEBUG=1 + [ "${CONFIG_QUIET:-0}" = "1" ] && QUIET=1 + [ "${CONFIG_FORCE:-0}" = "1" ] && FORCE=1 + [ -n "${CONFIG_BACKUP_DIR:-}" ] && BACKUP_DIR="$CONFIG_BACKUP_DIR" +} + +# Check if environment is valid +validate_environment() { + local env="$1" + for valid_env in "${ENVIRONMENTS[@]}"; do + if [ "$env" = "$valid_env" ]; then + return 0 + fi + done + log_error "Invalid environment: $env" + log_error "Valid environments: ${ENVIRONMENTS[*]}" + return 1 +} + +# Create backup directory if it doesn't exist +ensure_backup_dir() { + if [ ! -d "$BACKUP_DIR" ]; then + mkdir -p "$BACKUP_DIR" + log_debug "Created backup directory: $BACKUP_DIR" + fi +} + +# Build configuration +cmd_build() { + local env="$1" + local output="${2:-config.toml}" + + if [ -z "$env" ]; then + log_error "Environment required for build command" + return 1 + fi + + if ! validate_environment "$env"; then + return 1 + fi + + log_info "Building configuration for environment: $env" + + # Use Python script if available, otherwise use bash script + if [ "$DRY_RUN" = "1" ]; then + log_info "Would build configuration using shell script" + return 0 + fi + "$SCRIPT_DIR/build-config.sh" "$env" "$output" +} + +# Validate configuration +cmd_validate() { + local env="$1" + + if [ -z "$env" ]; then + log_error "Environment required for validate command" + return 1 + fi + + if ! validate_environment "$env"; then + return 1 + fi + + log_info "Validating configuration for environment: $env" + + if [ "$DRY_RUN" = "1" ]; then + log_info "Would validate configuration" + return 0 + fi + + # Use Python script if available + CONFIG_VALIDATE_ONLY=1 "$SCRIPT_DIR/build-config.sh" "$env" +} + +# List available features +cmd_list_features() { + log_info "Available features:" + + if [ -d "$CONFIG_DIR/features" ]; then + for feature_dir in "$CONFIG_DIR/features"/*; do + if [ -d "$feature_dir" ]; then + local feature_name=$(basename "$feature_dir") + log_info " - $feature_name" + + # Show available environments for this feature + local envs=() + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$feature_dir/$env.toml" ]; then + envs+=("$env") + fi + done + + if [ ${#envs[@]} -gt 0 ]; then + log_info " Environments: ${envs[*]}" + fi + fi + done + else + log_error "Features directory not found: $CONFIG_DIR/features" + return 1 + fi +} + +# List available environments +cmd_list_environments() { + log_info "Available environments:" + + for env in "${ENVIRONMENTS[@]}"; do + log_info " - $env" + + # Check if base configuration exists + if [ -f "$CONFIG_DIR/base/$env.toml" ]; then + log_info " Base config: ✓" + else + log_info " Base config: ✗" + fi + + # Count available features + local feature_count=0 + if [ -d "$CONFIG_DIR/features" ]; then + for feature_dir in "$CONFIG_DIR/features"/*; do + if [ -d "$feature_dir" ] && [ -f "$feature_dir/$env.toml" ]; then + ((feature_count++)) + fi + done + fi + log_info " Available features: $feature_count" + done +} + +# Compare configurations between environments +cmd_diff() { + local env1="$1" + local env2="$2" + + if [ -z "$env1" ] || [ -z "$env2" ]; then + log_error "Two environments required for diff command" + return 1 + fi + + if ! validate_environment "$env1" || ! validate_environment "$env2"; then + return 1 + fi + + log_info "Comparing configurations: $env1 vs $env2" + + # Create temporary files + local temp1=$(mktemp) + local temp2=$(mktemp) + trap "rm -f $temp1 $temp2" EXIT + + # Build configurations + if ! cmd_build "$env1" "$temp1"; then + log_error "Failed to build configuration for $env1" + return 1 + fi + + if ! cmd_build "$env2" "$temp2"; then + log_error "Failed to build configuration for $env2" + return 1 + fi + + # Compare configurations + if command -v diff &> /dev/null; then + diff -u "$temp1" "$temp2" || true + else + log_warning "diff command not available, using basic comparison" + if cmp -s "$temp1" "$temp2"; then + log_info "Configurations are identical" + else + log_info "Configurations differ" + fi + fi +} + +# Create backup of configuration +cmd_backup() { + local env="$1" + local config_file="${2:-config.toml}" + + if [ -z "$env" ]; then + log_error "Environment required for backup command" + return 1 + fi + + if ! validate_environment "$env"; then + return 1 + fi + + ensure_backup_dir + + local timestamp=$(date +%Y%m%d_%H%M%S) + local backup_file="$BACKUP_DIR/config_${env}_${timestamp}.toml" + + if [ -f "$config_file" ]; then + if [ "$DRY_RUN" = "1" ]; then + log_info "Would backup $config_file to $backup_file" + return 0 + fi + + cp "$config_file" "$backup_file" + log_success "Configuration backed up to: $backup_file" + else + log_error "Configuration file not found: $config_file" + return 1 + fi +} + +# Restore configuration from backup +cmd_restore() { + local backup_file="$1" + local output_file="${2:-config.toml}" + + if [ -z "$backup_file" ]; then + log_error "Backup file required for restore command" + return 1 + fi + + if [ ! -f "$backup_file" ]; then + log_error "Backup file not found: $backup_file" + return 1 + fi + + if [ "$DRY_RUN" = "1" ]; then + log_info "Would restore $backup_file to $output_file" + return 0 + fi + + # Create backup of current file if it exists + if [ -f "$output_file" ]; then + local timestamp=$(date +%Y%m%d_%H%M%S) + local current_backup="$BACKUP_DIR/config_current_${timestamp}.toml" + ensure_backup_dir + cp "$output_file" "$current_backup" + log_info "Current configuration backed up to: $current_backup" + fi + + cp "$backup_file" "$output_file" + log_success "Configuration restored from: $backup_file" +} + +# Create new feature template +cmd_template() { + local feature_name="$1" + + if [ -z "$feature_name" ]; then + log_error "Feature name required for template command" + return 1 + fi + + local feature_dir="$CONFIG_DIR/features/$feature_name" + + if [ -d "$feature_dir" ]; then + if [ "$FORCE" != "1" ]; then + log_error "Feature directory already exists: $feature_dir" + log_error "Use --force to overwrite" + return 1 + fi + fi + + if [ "$DRY_RUN" = "1" ]; then + log_info "Would create feature template: $feature_name" + return 0 + fi + + # Create feature directory + mkdir -p "$feature_dir" + + # Create template files for each environment + for env in "${ENVIRONMENTS[@]}"; do + local template_file="$feature_dir/$env.toml" + cat > "$template_file" << EOF +# $feature_name Feature Configuration - $(echo $env | sed 's/./\U&/') Environment +# Settings for the $feature_name feature + +[features] +$feature_name = true + +[$feature_name] +enabled = true +# Add your feature-specific settings here + +# Example configuration options: +# option1 = "value1" +# option2 = 42 +# option3 = true +EOF + log_info "Created template file: $template_file" + done + + # Create README for the feature + cat > "$feature_dir/README.md" << EOF +# $feature_name Feature + +Description of the $feature_name feature. + +## Configuration Options + +### Environment-Specific Settings + +#### Development (\`dev.toml\`) +- Optimized for development and debugging +- Relaxed security settings +- Verbose logging enabled + +#### Production (\`prod.toml\`) +- Optimized for production performance +- Strict security settings +- Minimal logging + +#### Example (\`example.toml\`) +- Complete documentation of all options +- Best practice configurations +- Commented examples + +## Usage + +Enable this feature by setting: + +\`\`\`toml +[features] +$feature_name = true +\`\`\` + +## Dependencies + +List any features that this feature depends on. + +## Security Considerations + +Document any security implications of this feature. +EOF + + log_success "Feature template created: $feature_name" +} + +# Clean generated configurations +cmd_clean() { + log_info "Cleaning generated configurations..." + + if [ "$DRY_RUN" = "1" ]; then + log_info "Would clean generated configuration files" + return 0 + fi + + local cleaned_count=0 + + # Remove generated config files + for config_file in config.toml config.*.toml; do + if [ -f "$config_file" ]; then + rm "$config_file" + log_info "Removed: $config_file" + ((cleaned_count++)) + fi + done + + # Remove temporary files + for temp_file in /tmp/config_*.toml /tmp/rustelo_config_*.toml; do + if [ -f "$temp_file" ]; then + rm "$temp_file" + log_info "Removed: $temp_file" + ((cleaned_count++)) + fi + done + + log_success "Cleaned $cleaned_count files" +} + +# Show configuration status +cmd_status() { + log_info "Configuration system status:" + + # Check directories + log_info "Directories:" + for dir in base features scripts; do + if [ -d "$CONFIG_DIR/$dir" ]; then + log_info " $dir: ✓" + else + log_info " $dir: ✗" + fi + done + + # Check base configurations + log_info "Base configurations:" + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$CONFIG_DIR/base/$env.toml" ]; then + log_info " $env: ✓" + else + log_info " $env: ✗" + fi + done + + # Check features + log_info "Features:" + if [ -d "$CONFIG_DIR/features" ]; then + for feature_dir in "$CONFIG_DIR/features"/*; do + if [ -d "$feature_dir" ]; then + local feature_name=$(basename "$feature_dir") + local env_count=0 + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$feature_dir/$env.toml" ]; then + ((env_count++)) + fi + done + log_info " $feature_name: $env_count/${#ENVIRONMENTS[@]} environments" + fi + done + fi + + # Check scripts + log_info "Scripts:" + for script in build-config.sh; do + if [ -f "$SCRIPT_DIR/$script" ]; then + log_info " $script: ✓" + else + log_error " $script: ✗" + fi + done + + # Check tools + log_info "Tools:" + if command -v python3 &> /dev/null; then + log_info " python3: ✓" + if python3 -c "import toml" 2>/dev/null; then + log_info " toml (Python): ✓" + else + log_info " toml (Python): ✗" + fi + else + log_info " python3: ✗" + fi + + if command -v toml &> /dev/null; then + log_info " toml (CLI): ✓" + else + log_info " toml (CLI): ✗" + fi +} + +# Main function +main() { + parse_args "$@" + + # Enable debug if requested + if [ "$DEBUG" = "1" ]; then + set -x + fi + + # Handle quiet mode + if [ "$QUIET" = "1" ]; then + exec 1>/dev/null + fi + + # Execute command + case "$COMMAND" in + build) + cmd_build "$ENV" "$OUTPUT" + ;; + validate) + cmd_validate "$ENV" + ;; + list-features) + cmd_list_features + ;; + list-environments) + cmd_list_environments + ;; + diff) + cmd_diff "$ENV" "$OUTPUT" + ;; + backup) + cmd_backup "$ENV" "$OUTPUT" + ;; + restore) + cmd_restore "$ENV" "$OUTPUT" + ;; + template) + cmd_template "$ENV" + ;; + clean) + cmd_clean + ;; + status) + cmd_status + ;; + help|"") + show_help + ;; + *) + log_error "Unknown command: $COMMAND" + show_help + exit 1 + ;; + esac +} + +# Run main function +main "$@" diff --git a/config/scripts/test-config.sh b/config/scripts/test-config.sh new file mode 100755 index 0000000..7dad287 --- /dev/null +++ b/config/scripts/test-config.sh @@ -0,0 +1,405 @@ +#!/bin/bash + +# Configuration Test Script for Rustelo +# Tests the configuration building and validation system +# Usage: ./test-config.sh + +set -e + +# Script configuration +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONFIG_DIR="$(dirname "$SCRIPT_DIR")" +PROJECT_ROOT="$(dirname "$CONFIG_DIR")" +TEST_OUTPUT_DIR="$CONFIG_DIR/test_outputs" +ENVIRONMENTS=("dev" "prod" "example") + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +PURPLE='\033[0;35m' +NC='\033[0m' # No Color + +# Test counters +TESTS_PASSED=0 +TESTS_FAILED=0 +TESTS_TOTAL=0 + +# Logging functions +log_info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${NC} $1" +} + +log_warning() { + echo -e "${YELLOW}[WARNING]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +log_test() { + echo -e "${PURPLE}[TEST]${NC} $1" +} + +# Test result functions +test_passed() { + local test_name="$1" + TESTS_PASSED=$((TESTS_PASSED + 1)) + TESTS_TOTAL=$((TESTS_TOTAL + 1)) + log_success "✓ $test_name" +} + +test_failed() { + local test_name="$1" + local error_msg="$2" + TESTS_FAILED=$((TESTS_FAILED + 1)) + TESTS_TOTAL=$((TESTS_TOTAL + 1)) + log_error "✗ $test_name" + if [ -n "$error_msg" ]; then + log_error " Error: $error_msg" + fi +} + +# Setup test environment +setup_test_environment() { + log_info "Setting up test environment..." + + # Create test output directory + rm -rf "$TEST_OUTPUT_DIR" + mkdir -p "$TEST_OUTPUT_DIR" + + # Check if required scripts exist + if [ ! -f "$SCRIPT_DIR/build-config.sh" ]; then + log_error "build-config.sh not found" + exit 1 + fi + + if [ ! -f "$SCRIPT_DIR/manage-config.sh" ]; then + log_error "manage-config.sh not found" + exit 1 + fi + + # Check if scripts are executable + if [ ! -x "$SCRIPT_DIR/build-config.sh" ]; then + chmod +x "$SCRIPT_DIR/build-config.sh" + fi + + if [ ! -x "$SCRIPT_DIR/manage-config.sh" ]; then + chmod +x "$SCRIPT_DIR/manage-config.sh" + fi + + log_success "Test environment setup complete" +} + +# Test configuration building +test_build_configurations() { + log_info "Testing configuration building..." + + for env in "${ENVIRONMENTS[@]}"; do + log_test "Building configuration for $env environment" + + local output_file="$TEST_OUTPUT_DIR/config_${env}_test.toml" + + if "$SCRIPT_DIR/build-config.sh" "$env" "$output_file" > /dev/null 2>&1; then + if [ -f "$output_file" ]; then + test_passed "Build $env configuration" + else + test_failed "Build $env configuration" "Output file not created" + fi + else + test_failed "Build $env configuration" "Build script failed" + fi + done +} + +# Test configuration validation +test_validate_configurations() { + log_info "Testing configuration validation..." + + for env in "${ENVIRONMENTS[@]}"; do + log_test "Validating configuration for $env environment" + + if "$SCRIPT_DIR/manage-config.sh" validate "$env" > /dev/null 2>&1; then + test_passed "Validate $env configuration" + else + test_failed "Validate $env configuration" "Validation failed" + fi + done +} + +# Test configuration file structure +test_configuration_structure() { + log_info "Testing configuration file structure..." + + for env in "${ENVIRONMENTS[@]}"; do + log_test "Checking structure of $env configuration" + + local config_file="$TEST_OUTPUT_DIR/config_${env}_test.toml" + + if [ ! -f "$config_file" ]; then + test_failed "Check $env structure" "Configuration file not found" + continue + fi + + # Check for required sections + local required_sections=("server" "database" "app" "build_info") + local missing_sections=() + + for section in "${required_sections[@]}"; do + if ! grep -q "^\[${section}\]" "$config_file"; then + missing_sections+=("$section") + fi + done + + if [ ${#missing_sections[@]} -eq 0 ]; then + test_passed "Check $env structure" + else + test_failed "Check $env structure" "Missing sections: ${missing_sections[*]}" + fi + done +} + +# Test feature configurations +test_feature_configurations() { + log_info "Testing feature configurations..." + + local features_dir="$CONFIG_DIR/features" + + if [ ! -d "$features_dir" ]; then + test_failed "Check features directory" "Features directory not found" + return + fi + + # Check if features directory has subdirectories + local feature_count=0 + for feature_dir in "$features_dir"/*; do + if [ -d "$feature_dir" ]; then + feature_count=$((feature_count + 1)) + local feature_name=$(basename "$feature_dir") + log_test "Checking feature: $feature_name" + + # Check if feature has environment configs + local env_configs=0 + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$feature_dir/$env.toml" ]; then + env_configs=$((env_configs + 1)) + fi + done + + if [ $env_configs -gt 0 ]; then + test_passed "Feature $feature_name has environment configs" + else + test_failed "Feature $feature_name has environment configs" "No environment configs found" + fi + fi + done + + if [ $feature_count -gt 0 ]; then + test_passed "Features directory structure" + else + test_failed "Features directory structure" "No features found" + fi +} + +# Test base configurations +test_base_configurations() { + log_info "Testing base configurations..." + + local base_dir="$CONFIG_DIR/base" + + if [ ! -d "$base_dir" ]; then + test_failed "Check base directory" "Base directory not found" + return + fi + + for env in "${ENVIRONMENTS[@]}"; do + log_test "Checking base configuration for $env" + + local base_file="$base_dir/$env.toml" + + if [ -f "$base_file" ]; then + # Check if file is valid TOML (basic check) + if grep -q "^\[.*\]" "$base_file"; then + test_passed "Base $env configuration exists and has sections" + else + test_failed "Base $env configuration exists and has sections" "No TOML sections found" + fi + else + test_failed "Base $env configuration exists" "File not found" + fi + done +} + +# Test management script commands +test_management_commands() { + log_info "Testing management script commands..." + + # Test list-features command + log_test "Testing list-features command" + if "$SCRIPT_DIR/manage-config.sh" list-features > /dev/null 2>&1; then + test_passed "list-features command" + else + test_failed "list-features command" "Command failed" + fi + + # Test list-environments command + log_test "Testing list-environments command" + if "$SCRIPT_DIR/manage-config.sh" list-environments > /dev/null 2>&1; then + test_passed "list-environments command" + else + test_failed "list-environments command" "Command failed" + fi + + # Test status command + log_test "Testing status command" + if "$SCRIPT_DIR/manage-config.sh" status > /dev/null 2>&1; then + test_passed "status command" + else + test_failed "status command" "Command failed" + fi +} + +# Test Python configuration builder (if available) +test_python_builder() { + log_info "Testing shell configuration builder (Python builder removed)..." + test_skipped "Python builder" "Python builder has been removed from the project" +} + +# Test configuration comparison +test_configuration_comparison() { + log_info "Testing configuration comparison..." + + log_test "Testing configuration diff between dev and prod" + if "$SCRIPT_DIR/manage-config.sh" diff dev prod > /dev/null 2>&1; then + test_passed "Configuration diff" + else + test_failed "Configuration diff" "Diff command failed" + fi +} + +# Test backup and restore functionality +test_backup_restore() { + log_info "Testing backup and restore functionality..." + + # Create a test config file + local test_config="$TEST_OUTPUT_DIR/test_config.toml" + echo "[test]" > "$test_config" + echo "value = \"test\"" >> "$test_config" + + # Change to test directory + cd "$TEST_OUTPUT_DIR" + cp "$test_config" "config.toml" + + log_test "Testing backup creation" + if "$SCRIPT_DIR/manage-config.sh" backup dev > /dev/null 2>&1; then + test_passed "Backup creation" + else + test_failed "Backup creation" "Backup command failed" + fi + + # Return to original directory + cd - > /dev/null +} + +# Test error handling +test_error_handling() { + log_info "Testing error handling..." + + # Test invalid environment + log_test "Testing invalid environment handling" + if ! "$SCRIPT_DIR/build-config.sh" "invalid_env" "/tmp/test.toml" > /dev/null 2>&1; then + test_passed "Invalid environment handling" + else + test_failed "Invalid environment handling" "Should have failed with invalid environment" + fi + + # Test missing base config + log_test "Testing missing base config handling" + local backup_base="$CONFIG_DIR/base/dev.toml.backup" + if [ -f "$CONFIG_DIR/base/dev.toml" ]; then + mv "$CONFIG_DIR/base/dev.toml" "$backup_base" + + if ! "$SCRIPT_DIR/build-config.sh" "dev" "/tmp/test.toml" > /dev/null 2>&1; then + test_passed "Missing base config handling" + else + test_failed "Missing base config handling" "Should have failed with missing base config" + fi + + # Restore backup + mv "$backup_base" "$CONFIG_DIR/base/dev.toml" + else + test_failed "Missing base config handling" "Base config already missing" + fi +} + +# Cleanup test environment +cleanup_test_environment() { + log_info "Cleaning up test environment..." + + # Remove test output directory + if [ -d "$TEST_OUTPUT_DIR" ]; then + rm -rf "$TEST_OUTPUT_DIR" + fi + + log_success "Test environment cleanup complete" +} + +# Show test summary +show_test_summary() { + echo "" + echo "========================================" + echo "Configuration Test Summary" + echo "========================================" + echo "Total Tests: $TESTS_TOTAL" + echo "Passed: $TESTS_PASSED" + echo "Failed: $TESTS_FAILED" + + if [ $TESTS_FAILED -eq 0 ]; then + log_success "All tests passed! ✓" + echo "" + echo "The configuration system is working correctly." + else + log_error "Some tests failed! ✗" + echo "" + echo "Please review the failed tests and fix any issues." + exit 1 + fi +} + +# Main function +main() { + echo "========================================" + echo "Rustelo Configuration System Test Suite" + echo "========================================" + echo "" + + # Check if we're in the right directory + if [ ! -d "$CONFIG_DIR" ]; then + log_error "Configuration directory not found: $CONFIG_DIR" + exit 1 + fi + + # Run tests + setup_test_environment + test_base_configurations + test_feature_configurations + test_build_configurations + test_validate_configurations + test_configuration_structure + test_management_commands + test_python_builder + test_configuration_comparison + test_backup_restore + test_error_handling + cleanup_test_environment + show_test_summary +} + +# Run main function +main "$@" diff --git a/config/scripts/test-manage.sh b/config/scripts/test-manage.sh new file mode 100755 index 0000000..e1da847 --- /dev/null +++ b/config/scripts/test-manage.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# Test script to debug the management script issue + +echo "Starting test..." + +# Set basic variables +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONFIG_DIR="$(dirname "$SCRIPT_DIR")" +PROJECT_ROOT="$(dirname "$CONFIG_DIR")" +BACKUP_DIR="$CONFIG_DIR/backups" +ENVIRONMENTS=("dev" "prod" "example") + +echo "SCRIPT_DIR: $SCRIPT_DIR" +echo "CONFIG_DIR: $CONFIG_DIR" +echo "PROJECT_ROOT: $PROJECT_ROOT" +echo "BACKUP_DIR: $BACKUP_DIR" + +# Test list-features function +echo "Testing list-features..." + +echo "Available features:" + +if [ -d "$CONFIG_DIR/features" ]; then + echo "Features directory found: $CONFIG_DIR/features" + for feature_dir in "$CONFIG_DIR/features"/*; do + if [ -d "$feature_dir" ]; then + feature_name=$(basename "$feature_dir") + echo " - $feature_name" + + # Show available environments for this feature + envs=() + for env in "${ENVIRONMENTS[@]}"; do + if [ -f "$feature_dir/$env.toml" ]; then + envs+=("$env") + fi + done + + if [ ${#envs[@]} -gt 0 ]; then + echo " Environments: ${envs[*]}" + fi + fi + done +else + echo "Features directory not found: $CONFIG_DIR/features" +fi + +echo "Test completed."