bssh 2.1.2

// Copyright 2025 Lablup Inc. and Jeongkyu Shin
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Server configuration module.
//!
//! This module provides both the original builder-based configuration API
//! and a new comprehensive YAML file-based configuration system.
//!
//! # Configuration Systems
//!
//! ## Builder-Based Configuration (Original)
//!
//! The [`ServerConfig`] and [`ServerConfigBuilder`] provide a programmatic
//! way to configure the server:
//!
//! ```
//! use bssh::server::config::{ServerConfig, ServerConfigBuilder};
//!
//! let config = ServerConfig::builder()
//!     .host_key("/etc/ssh/ssh_host_ed25519_key")
//!     .listen_address("0.0.0.0:2222")
//!     .max_connections(100)
//!     .build();
//! ```
//!
//! ## File-Based Configuration (New)
//!
//! The new configuration system supports loading from YAML files with
//! environment variable and CLI argument overrides:
//!
//! ```no_run
//! use bssh::server::config::load_config;
//!
//! # fn main() -> anyhow::Result<()> {
//! // Load from default locations or environment
//! let file_config = load_config(None)?;
//!
//! // Convert to ServerConfig for use with BsshServer
//! let server_config = file_config.into_server_config();
//! # Ok(())
//! # }
//! ```
//!
//! # Configuration File Format
//!
//! Configuration files use YAML format. Generate a template with:
//!
//! ```
//! use bssh::server::config::generate_config_template;
//!
//! let template = generate_config_template();
//! println!("{}", template);
//! ```

mod loader;
mod types;

// Re-export the new configuration types and functions
pub use loader::{generate_config_template, load_config};
pub use types::*;

// Re-export the original config types for backward compatibility
use super::auth::{
    AuthProvider, CompositeAuthProvider, PasswordAuthConfig, PublicKeyAuthConfig, PublicKeyVerifier,
};
use super::exec::ExecConfig;
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
use std::sync::Arc;
use std::time::Duration;

/// Configuration for the SSH server (original builder-based API).
///
/// This is the original configuration type used by [`BsshServer`].
/// For file-based configuration, use [`ServerFileConfig`] and convert
/// it using [`into_server_config()`](ServerFileConfig::into_server_config).
///
/// # Example
///
/// ```
/// use bssh::server::config::ServerConfig;
///
/// let config = ServerConfig::builder()
///     .host_key("/etc/ssh/ssh_host_ed25519_key")
///     .listen_address("0.0.0.0:2222")
///     .build();
/// ```
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ServerConfig {
    /// Paths to host key files (e.g., SSH private keys).
    #[serde(default)]
    pub host_keys: Vec<PathBuf>,

    /// Address to listen on (e.g., "0.0.0.0:2222").
    #[serde(default = "default_listen_address")]
    pub listen_address: String,

    /// Maximum number of concurrent connections.
    #[serde(default = "default_max_connections")]
    pub max_connections: usize,

    /// Maximum number of authentication attempts per connection.
    #[serde(default = "default_max_auth_attempts")]
    pub max_auth_attempts: u32,

    /// Timeout for authentication in seconds.
    #[serde(default = "default_auth_timeout_secs")]
    pub auth_timeout_secs: u64,

    /// Connection idle timeout in seconds.
    #[serde(default = "default_idle_timeout_secs")]
    pub idle_timeout_secs: u64,

    /// Enable password authentication.
    #[serde(default)]
    pub allow_password_auth: bool,

    /// Enable public key authentication.
    #[serde(default = "default_true")]
    pub allow_publickey_auth: bool,

    /// Enable keyboard-interactive authentication.
    #[serde(default)]
    pub allow_keyboard_interactive: bool,

    /// Banner message displayed to clients before authentication.
    #[serde(default)]
    pub banner: Option<String>,

    /// Configuration for public key authentication.
    #[serde(default)]
    pub publickey_auth: PublicKeyAuthConfigSerde,

    /// Configuration for password authentication.
    #[serde(default)]
    pub password_auth: PasswordAuthConfigSerde,

    /// Configuration for command execution.
    #[serde(default)]
    pub exec: ExecConfig,

    /// Enable SCP protocol support.
    #[serde(default = "default_true")]
    pub scp_enabled: bool,

    /// Time window for counting authentication attempts in seconds.
    ///
    /// Default: 300 (5 minutes)
    #[serde(default = "default_auth_window_secs")]
    pub auth_window_secs: u64,

    /// Ban duration in seconds after exceeding max auth attempts.
    ///
    /// Default: 300 (5 minutes)
    #[serde(default = "default_ban_time_secs")]
    pub ban_time_secs: u64,

    /// IP addresses that are never banned (whitelist).
    #[serde(default)]
    pub whitelist_ips: Vec<String>,

    /// Allowed IP ranges in CIDR notation for connection filtering.
    ///
    /// If non-empty, only connections from these ranges are allowed.
    /// Empty list means all IPs are allowed (subject to blocked_ips).
    #[serde(default)]
    pub allowed_ips: Vec<String>,

    /// Blocked IP ranges in CIDR notation for connection filtering.
    ///
    /// Connections from these ranges are always denied.
    /// Blocked IPs take priority over allowed IPs.
    #[serde(default)]
    pub blocked_ips: Vec<String>,

    /// Maximum number of concurrent sessions per user.
    ///
    /// Default: 10
    #[serde(default = "default_max_sessions_per_user")]
    pub max_sessions_per_user: usize,

    /// Maximum session duration in seconds (optional).
    ///
    /// If set to 0, sessions have no maximum duration.
    /// Default: 0 (disabled)
    #[serde(default)]
    pub session_timeout_secs: u64,
}

fn default_max_sessions_per_user() -> usize {
    10
}

/// Serializable configuration for public key authentication.
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct PublicKeyAuthConfigSerde {
    /// Directory containing authorized_keys files.
    pub authorized_keys_dir: Option<PathBuf>,

    /// Alternative: file path pattern with `{user}` placeholder.
    pub authorized_keys_pattern: Option<String>,
}

impl From<PublicKeyAuthConfigSerde> for PublicKeyAuthConfig {
    fn from(serde_config: PublicKeyAuthConfigSerde) -> Self {
        if let Some(dir) = serde_config.authorized_keys_dir {
            PublicKeyAuthConfig::with_directory(dir)
        } else if let Some(pattern) = serde_config.authorized_keys_pattern {
            PublicKeyAuthConfig::with_pattern(pattern)
        } else {
            PublicKeyAuthConfig::default()
        }
    }
}

/// Serializable configuration for password authentication.
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct PasswordAuthConfigSerde {
    /// Path to YAML file containing user definitions.
    pub users_file: Option<PathBuf>,

    /// Inline user definitions.
    #[serde(default)]
    pub users: Vec<UserDefinition>,
}

impl From<PasswordAuthConfigSerde> for PasswordAuthConfig {
    fn from(serde_config: PasswordAuthConfigSerde) -> Self {
        PasswordAuthConfig {
            users_file: serde_config.users_file,
            users: serde_config.users,
        }
    }
}

fn default_listen_address() -> String {
    "0.0.0.0:2222".to_string()
}

fn default_max_connections() -> usize {
    100
}

fn default_max_auth_attempts() -> u32 {
    5
}

fn default_auth_timeout_secs() -> u64 {
    120
}

fn default_idle_timeout_secs() -> u64 {
    0 // 0 means no timeout
}

fn default_auth_window_secs() -> u64 {
    300 // 5 minutes
}

fn default_ban_time_secs() -> u64 {
    300 // 5 minutes
}

fn default_true() -> bool {
    true
}

impl Default for ServerConfig {
    fn default() -> Self {
        Self {
            host_keys: Vec::new(),
            listen_address: default_listen_address(),
            max_connections: default_max_connections(),
            max_auth_attempts: default_max_auth_attempts(),
            auth_timeout_secs: default_auth_timeout_secs(),
            idle_timeout_secs: default_idle_timeout_secs(),
            allow_password_auth: false,
            allow_publickey_auth: true,
            allow_keyboard_interactive: false,
            banner: None,
            publickey_auth: PublicKeyAuthConfigSerde::default(),
            password_auth: PasswordAuthConfigSerde::default(),
            exec: ExecConfig::default(),
            scp_enabled: true,
            auth_window_secs: default_auth_window_secs(),
            ban_time_secs: default_ban_time_secs(),
            whitelist_ips: Vec::new(),
            allowed_ips: Vec::new(),
            blocked_ips: Vec::new(),
            max_sessions_per_user: default_max_sessions_per_user(),
            session_timeout_secs: 0,
        }
    }
}

impl ServerConfig {
    /// Create a new server configuration with default values.
    pub fn new() -> Self {
        Self::default()
    }

    /// Create a builder for constructing server configuration.
    pub fn builder() -> ServerConfigBuilder {
        ServerConfigBuilder::default()
    }

    /// Get the authentication timeout as a Duration.
    pub fn auth_timeout(&self) -> Duration {
        Duration::from_secs(self.auth_timeout_secs)
    }

    /// Get the idle timeout as a Duration.
    ///
    /// Returns `None` if idle timeout is disabled (set to 0).
    pub fn idle_timeout(&self) -> Option<Duration> {
        if self.idle_timeout_secs == 0 {
            None
        } else {
            Some(Duration::from_secs(self.idle_timeout_secs))
        }
    }

    /// Get the session timeout as a Duration.
    ///
    /// Returns `None` if session timeout is disabled (set to 0).
    pub fn session_timeout(&self) -> Option<Duration> {
        if self.session_timeout_secs == 0 {
            None
        } else {
            Some(Duration::from_secs(self.session_timeout_secs))
        }
    }

    /// Create a SessionConfig from the server configuration.
    pub fn session_config(&self) -> super::session::SessionConfig {
        let mut config = super::session::SessionConfig::new()
            .with_max_sessions_per_user(self.max_sessions_per_user)
            .with_max_total_sessions(self.max_connections);

        if self.idle_timeout_secs > 0 {
            config = config.with_idle_timeout(Duration::from_secs(self.idle_timeout_secs));
        }

        if self.session_timeout_secs > 0 {
            config = config.with_session_timeout(Duration::from_secs(self.session_timeout_secs));
        }

        config
    }

    /// Check if any host keys are configured.
    pub fn has_host_keys(&self) -> bool {
        !self.host_keys.is_empty()
    }

    /// Add a host key path.
    pub fn add_host_key(&mut self, path: impl Into<PathBuf>) {
        self.host_keys.push(path.into());
    }

    /// Create an auth provider based on the configuration.
    ///
    /// This creates a composite auth provider that supports:
    /// - Public key authentication (if `allow_publickey_auth` is true)
    /// - Password authentication (if `allow_password_auth` is true)
    ///
    /// The provider is created synchronously using a blocking runtime.
    /// For async creation, use `create_auth_provider_async`.
    pub fn create_auth_provider(&self) -> Arc<dyn AuthProvider> {
        // If neither method is enabled, return a public key only provider (will reject all)
        if !self.allow_publickey_auth && !self.allow_password_auth {
            let config: PublicKeyAuthConfig = self.publickey_auth.clone().into();
            return Arc::new(PublicKeyVerifier::new(config));
        }

        // If only public key auth is enabled, use simple provider
        if self.allow_publickey_auth && !self.allow_password_auth {
            let config: PublicKeyAuthConfig = self.publickey_auth.clone().into();
            return Arc::new(PublicKeyVerifier::new(config));
        }

        // If password auth is enabled, we need to create a composite provider
        // Use blocking call since this is called during server startup
        let publickey_config = if self.allow_publickey_auth {
            Some(self.publickey_auth.clone().into())
        } else {
            None
        };

        let password_config = if self.allow_password_auth {
            Some(self.password_auth.clone().into())
        } else {
            None
        };

        // Create the composite provider using blocking runtime
        // This is safe because this is only called during server initialization
        match tokio::runtime::Handle::try_current() {
            Ok(handle) => {
                match tokio::task::block_in_place(|| {
                    handle.block_on(CompositeAuthProvider::new(
                        publickey_config,
                        password_config,
                    ))
                }) {
                    Ok(provider) => Arc::new(provider),
                    Err(e) => {
                        tracing::error!(error = %e, "Failed to create composite auth provider, falling back to publickey only");
                        let config: PublicKeyAuthConfig = self.publickey_auth.clone().into();
                        Arc::new(PublicKeyVerifier::new(config))
                    }
                }
            }
            Err(_) => {
                // No async runtime, create a new one
                let rt = tokio::runtime::Runtime::new().expect("Failed to create runtime");
                match rt.block_on(CompositeAuthProvider::new(
                    publickey_config,
                    password_config,
                )) {
                    Ok(provider) => Arc::new(provider),
                    Err(e) => {
                        tracing::error!(error = %e, "Failed to create composite auth provider, falling back to publickey only");
                        let config: PublicKeyAuthConfig = self.publickey_auth.clone().into();
                        Arc::new(PublicKeyVerifier::new(config))
                    }
                }
            }
        }
    }
}

/// Builder for constructing ServerConfig.
#[derive(Debug, Default)]
pub struct ServerConfigBuilder {
    config: ServerConfig,
}

impl ServerConfigBuilder {
    /// Set the host key paths.
    pub fn host_keys(mut self, keys: Vec<PathBuf>) -> Self {
        self.config.host_keys = keys;
        self
    }

    /// Add a host key path.
    pub fn host_key(mut self, key: impl Into<PathBuf>) -> Self {
        self.config.host_keys.push(key.into());
        self
    }

    /// Set the listen address.
    pub fn listen_address(mut self, addr: impl Into<String>) -> Self {
        self.config.listen_address = addr.into();
        self
    }

    /// Set the maximum number of connections.
    pub fn max_connections(mut self, max: usize) -> Self {
        self.config.max_connections = max;
        self
    }

    /// Set the maximum authentication attempts.
    pub fn max_auth_attempts(mut self, max: u32) -> Self {
        self.config.max_auth_attempts = max;
        self
    }

    /// Set the authentication timeout in seconds.
    pub fn auth_timeout_secs(mut self, secs: u64) -> Self {
        self.config.auth_timeout_secs = secs;
        self
    }

    /// Set the idle timeout in seconds.
    pub fn idle_timeout_secs(mut self, secs: u64) -> Self {
        self.config.idle_timeout_secs = secs;
        self
    }

    /// Enable or disable password authentication.
    pub fn allow_password_auth(mut self, allow: bool) -> Self {
        self.config.allow_password_auth = allow;
        self
    }

    /// Enable or disable public key authentication.
    pub fn allow_publickey_auth(mut self, allow: bool) -> Self {
        self.config.allow_publickey_auth = allow;
        self
    }

    /// Enable or disable keyboard-interactive authentication.
    pub fn allow_keyboard_interactive(mut self, allow: bool) -> Self {
        self.config.allow_keyboard_interactive = allow;
        self
    }

    /// Set the banner message.
    pub fn banner(mut self, banner: impl Into<String>) -> Self {
        self.config.banner = Some(banner.into());
        self
    }

    /// Set the authorized_keys directory.
    pub fn authorized_keys_dir(mut self, dir: impl Into<PathBuf>) -> Self {
        self.config.publickey_auth.authorized_keys_dir = Some(dir.into());
        self.config.publickey_auth.authorized_keys_pattern = None;
        self
    }

    /// Set the authorized_keys file pattern.
    pub fn authorized_keys_pattern(mut self, pattern: impl Into<String>) -> Self {
        self.config.publickey_auth.authorized_keys_pattern = Some(pattern.into());
        self.config.publickey_auth.authorized_keys_dir = None;
        self
    }

    /// Set the password users file path.
    pub fn password_users_file(mut self, path: impl Into<PathBuf>) -> Self {
        self.config.password_auth.users_file = Some(path.into());
        self
    }

    /// Set inline password users.
    pub fn password_users(mut self, users: Vec<UserDefinition>) -> Self {
        self.config.password_auth.users = users;
        self
    }

    /// Set the exec configuration.
    pub fn exec(mut self, exec_config: ExecConfig) -> Self {
        self.config.exec = exec_config;
        self
    }

    /// Set the command execution timeout in seconds.
    pub fn exec_timeout_secs(mut self, secs: u64) -> Self {
        self.config.exec.timeout_secs = secs;
        self
    }

    /// Set the default shell for command execution.
    pub fn exec_shell(mut self, shell: impl Into<PathBuf>) -> Self {
        self.config.exec.default_shell = shell.into();
        self
    }

    /// Enable or disable SCP protocol support.
    pub fn scp_enabled(mut self, enabled: bool) -> Self {
        self.config.scp_enabled = enabled;
        self
    }

    /// Set the maximum sessions per user.
    pub fn max_sessions_per_user(mut self, max: usize) -> Self {
        self.config.max_sessions_per_user = max;
        self
    }

    /// Set the session timeout in seconds.
    pub fn session_timeout_secs(mut self, secs: u64) -> Self {
        self.config.session_timeout_secs = secs;
        self
    }

    /// Build the ServerConfig.
    pub fn build(self) -> ServerConfig {
        self.config
    }
}

/// Extension trait for converting file-based config to builder-based config.
impl ServerFileConfig {
    /// Convert a file-based configuration to a builder-based ServerConfig.
    ///
    /// This enables using file-based configuration with the existing BsshServer API.
    ///
    /// # Example
    ///
    /// ```no_run
    /// use bssh::server::{BsshServer, config::load_config};
    ///
    /// # fn main() -> anyhow::Result<()> {
    /// let file_config = load_config(None)?;
    /// let server_config = file_config.into_server_config();
    /// let server = BsshServer::new(server_config);
    /// # Ok(())
    /// # }
    /// ```
    pub fn into_server_config(self) -> ServerConfig {
        let listen_address = format!("{}:{}", self.server.bind_address, self.server.port);

        // Determine which auth methods are enabled
        let allow_publickey = self.auth.methods.contains(&AuthMethod::PublicKey);
        let allow_password = self.auth.methods.contains(&AuthMethod::Password);

        ServerConfig {
            host_keys: self.server.host_keys,
            listen_address,
            max_connections: self.server.max_connections,
            max_auth_attempts: self.security.max_auth_attempts,
            auth_timeout_secs: self.server.timeout,
            idle_timeout_secs: self.security.idle_timeout,
            allow_password_auth: allow_password,
            allow_publickey_auth: allow_publickey,
            allow_keyboard_interactive: false,
            banner: None,
            publickey_auth: PublicKeyAuthConfigSerde {
                authorized_keys_dir: self.auth.publickey.authorized_keys_dir,
                authorized_keys_pattern: self.auth.publickey.authorized_keys_pattern,
            },
            password_auth: PasswordAuthConfigSerde {
                users_file: self.auth.password.users_file,
                users: self.auth.password.users,
            },
            exec: ExecConfig {
                default_shell: self.shell.default,
                timeout_secs: self.shell.command_timeout,
                env: self.shell.env,
                working_dir: None,
                allowed_commands: None,
                blocked_commands: Vec::new(),
            },
            scp_enabled: self.scp.enabled,
            auth_window_secs: self.security.auth_window,
            ban_time_secs: self.security.ban_time,
            whitelist_ips: self.security.whitelist_ips,
            allowed_ips: self.security.allowed_ips,
            blocked_ips: self.security.blocked_ips,
            max_sessions_per_user: self.security.max_sessions_per_user,
            session_timeout_secs: self.security.session_timeout,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_default_config() {
        let config = ServerConfig::default();
        assert!(config.host_keys.is_empty());
        assert_eq!(config.listen_address, "0.0.0.0:2222");
        assert_eq!(config.max_connections, 100);
        assert_eq!(config.max_auth_attempts, 5);
        assert!(!config.allow_password_auth);
        assert!(config.allow_publickey_auth);
        assert!(config.scp_enabled);
    }

    #[test]
    fn test_config_builder() {
        let config = ServerConfig::builder()
            .host_key("/etc/ssh/ssh_host_ed25519_key")
            .listen_address("127.0.0.1:22")
            .max_connections(50)
            .max_auth_attempts(3)
            .allow_password_auth(true)
            .banner("Welcome to bssh server!")
            .build();

        assert_eq!(config.host_keys.len(), 1);
        assert_eq!(config.listen_address, "127.0.0.1:22");
        assert_eq!(config.max_connections, 50);
        assert_eq!(config.max_auth_attempts, 3);
        assert!(config.allow_password_auth);
        assert_eq!(config.banner, Some("Welcome to bssh server!".to_string()));
    }

    #[test]
    fn test_file_config_to_server_config_conversion() {
        let mut file_config = ServerFileConfig::default();
        file_config.server.bind_address = "127.0.0.1".to_string();
        file_config.server.port = 2223;
        file_config.server.host_keys = vec![PathBuf::from("/test/key")];
        file_config.auth.methods = vec![AuthMethod::PublicKey, AuthMethod::Password];
        file_config.security.max_auth_attempts = 3;
        file_config.security.idle_timeout = 600;

        let server_config = file_config.into_server_config();

        assert_eq!(server_config.listen_address, "127.0.0.1:2223");
        assert_eq!(server_config.host_keys.len(), 1);
        assert_eq!(server_config.max_auth_attempts, 3);
        assert_eq!(server_config.idle_timeout_secs, 600);
        assert!(server_config.allow_publickey_auth);
        assert!(server_config.allow_password_auth);
    }

    #[test]
    fn test_config_new() {
        let config = ServerConfig::new();
        assert!(config.host_keys.is_empty());
        assert_eq!(config.listen_address, "0.0.0.0:2222");
    }

    #[test]
    fn test_auth_timeout() {
        let config = ServerConfig::default();
        assert_eq!(config.auth_timeout(), Duration::from_secs(120));
    }

    #[test]
    fn test_idle_timeout() {
        let mut config = ServerConfig::default();
        assert!(config.idle_timeout().is_none());

        config.idle_timeout_secs = 300;
        assert_eq!(config.idle_timeout(), Some(Duration::from_secs(300)));
    }

    #[test]
    fn test_has_host_keys() {
        let mut config = ServerConfig::default();
        assert!(!config.has_host_keys());

        config.add_host_key("/path/to/key");
        assert!(config.has_host_keys());
    }
}