98 lines
2.7 KiB
Go
98 lines
2.7 KiB
Go
// config/config.go
|
|
package config
|
|
|
|
import (
|
|
"log"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
type Config struct {
|
|
// 认证
|
|
Username string
|
|
Password string
|
|
SessionSecret string
|
|
SessionTimeout time.Duration
|
|
|
|
// 安全
|
|
RateLimit int
|
|
RateLimitWindow time.Duration
|
|
MaxResponseSize int64
|
|
|
|
// 代理
|
|
AllowedSchemes []string
|
|
BlockedDomains map[string]bool
|
|
BlockedCIDRs []string
|
|
UserAgent string
|
|
|
|
// 缓存
|
|
CacheEnabled bool
|
|
CacheMaxSize int64
|
|
CacheTTL time.Duration
|
|
}
|
|
|
|
func LoadFromEnv() *Config {
|
|
cfg := &Config{
|
|
Username: getEnv("AUTH_USERNAME", "admin"),
|
|
Password: getEnv("AUTH_PASSWORD", "changeme"),
|
|
SessionSecret: getEnv("SESSION_SECRET", generateRandomString(64)),
|
|
SessionTimeout: parseDuration(getEnv("SESSION_TIMEOUT", "30m")),
|
|
|
|
RateLimit: parseInt(getEnv("RATE_LIMIT_REQUESTS", "100")),
|
|
RateLimitWindow: parseDuration(getEnv("RATE_LIMIT_WINDOW", "1m")),
|
|
MaxResponseSize: parseInt64(getEnv("MAX_RESPONSE_SIZE", "52428800")), // 50MB
|
|
|
|
AllowedSchemes: strings.Split(getEnv("ALLOWED_SCHEMES", "http,https"), ","),
|
|
BlockedDomains: parseBlockedDomains(getEnv("BLOCKED_DOMAINS", "localhost,127.0.0.1,0.0.0.0,internal,*.local")),
|
|
BlockedCIDRs: strings.Split(getEnv("BLOCKED_CIDRS", "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10"), ","),
|
|
UserAgent: getEnv("USER_AGENT", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"),
|
|
|
|
CacheEnabled: getEnv("CACHE_ENABLED", "true") == "true",
|
|
CacheMaxSize: parseInt64(getEnv("CACHE_MAX_SIZE", "104857600")), // 100MB
|
|
CacheTTL: parseDuration(getEnv("CACHE_TTL", "1h")),
|
|
}
|
|
|
|
if cfg.Password == "changeme" {
|
|
log.Fatal("Please set AUTH_PASSWORD in .env file")
|
|
}
|
|
|
|
return cfg
|
|
}
|
|
|
|
func getEnv(key, defaultValue string) string {
|
|
if value := os.Getenv(key); value != "" {
|
|
return value
|
|
}
|
|
return defaultValue
|
|
}
|
|
|
|
func parseInt(s string) int {
|
|
v, _ := strconv.Atoi(s)
|
|
return v
|
|
}
|
|
|
|
func parseInt64(s string) int64 {
|
|
v, _ := strconv.ParseInt(s, 10, 64)
|
|
return v
|
|
}
|
|
|
|
func parseDuration(s string) time.Duration {
|
|
d, _ := time.ParseDuration(s)
|
|
return d
|
|
}
|
|
|
|
func parseBlockedDomains(s string) map[string]bool {
|
|
domains := make(map[string]bool)
|
|
for _, d := range strings.Split(s, ",") {
|
|
domains[strings.TrimSpace(d)] = true
|
|
}
|
|
return domains
|
|
}
|
|
|
|
func generateRandomString(n int) string {
|
|
// 简单实现,生产环境应使用 crypto/rand
|
|
return "change_this_to_random_string_in_production"
|
|
}
|