cloudillo_idp/
settings.rs

1//! Identity Provider settings registration
2
3use cloudillo_core::settings::{
4	PermissionLevel, SettingDefinition, SettingScope, SettingValue, SettingsRegistry,
5};
6
7use crate::prelude::*;
8
9/// Register all IDP settings
10pub fn register_settings(registry: &mut SettingsRegistry) -> ClResult<()> {
11	// IDP enabled flag
12	registry.register(
13		SettingDefinition::builder("idp.enabled")
14			.description("Enable Identity Provider functionality for this tenant")
15			.default(SettingValue::Bool(false))
16			.scope(SettingScope::Tenant)
17			.permission(PermissionLevel::Admin)
18			.build()?,
19	)?;
20
21	// IDP list - comma-separated list of trusted identity provider domains
22	registry.register(
23		SettingDefinition::builder("idp.list")
24			.description("Comma-separated list of trusted identity provider domains")
25			.default(SettingValue::String(String::new()))
26			.scope(SettingScope::Global)
27			.permission(PermissionLevel::Admin)
28			.build()?,
29	)?;
30
31	// IDP renewal interval - how long identity credentials are valid (in days)
32	// Default: 365 days (1 year)
33	registry.register(
34		SettingDefinition::builder("idp.renewal_interval")
35			.description("Identity renewal interval in days (default 365)")
36			.default(SettingValue::Int(365))
37			.scope(SettingScope::Tenant)
38			.permission(PermissionLevel::Admin)
39			.validator(|v| {
40				if let SettingValue::Int(interval) = v {
41					if *interval <= 0 {
42						return Err(Error::ValidationError(
43							"Renewal interval must be positive".into(),
44						));
45					} else if *interval > 50 * 365 {
46						// Reasonable upper limit: 50 years
47						return Err(Error::ValidationError(
48							"Renewal interval cannot exceed 50 years (18250 days)".into(),
49						));
50					}
51					Ok(())
52				} else {
53					Err(Error::ValidationError("Renewal interval must be an integer".into()))
54				}
55			})
56			.build()?,
57	)?;
58
59	// IDP public info settings (for /api/idp/info endpoint)
60	// These are displayed to users during registration to help them choose a provider
61
62	// IDP name - Display name of the identity provider
63	registry.register(
64		SettingDefinition::builder("idp.name")
65			.description("Display name of the Identity Provider (e.g., 'Cloudillo')")
66			.default(SettingValue::String(String::new()))
67			.scope(SettingScope::Tenant)
68			.permission(PermissionLevel::Admin)
69			.build()?,
70	)?;
71
72	// IDP info - Short description text (pricing, terms, etc.)
73	registry.register(
74		SettingDefinition::builder("idp.info")
75			.description("Short info text about the provider (pricing, terms, etc.)")
76			.default(SettingValue::String(String::new()))
77			.scope(SettingScope::Tenant)
78			.permission(PermissionLevel::Admin)
79			.build()?,
80	)?;
81
82	// IDP url - Optional URL for more information
83	registry.register(
84		SettingDefinition::builder("idp.url")
85			.description("Optional URL for more information about the provider")
86			.default(SettingValue::String(String::new()))
87			.scope(SettingScope::Tenant)
88			.permission(PermissionLevel::Admin)
89			.build()?,
90	)?;
91
92	Ok(())
93}
94
95// vim: ts=4
cloudillo_idp/settings.rs

cloudillo_idp/
settings.rs
