use serde::{Deserialize, Serialize};
use std::collections::HashSet;
use std::time::Duration;
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct AppConfig {
pub port: String,
pub backend_url: String,
pub request_timeout: Duration,
pub max_body_size: usize,
pub key_rotation_interval: Duration,
pub key_retention_period: Duration,
pub key_rotation_enabled: bool,
pub allowed_target_origins: Option<HashSet<String>>,
pub target_rewrites: Option<TargetRewriteConfig>,
pub rate_limit: Option<RateLimitConfig>,
pub metrics_enabled: bool,
pub debug_mode: bool,
pub log_format: LogFormat,
pub log_level: String,
pub custom_request_type: Option<String>,
pub custom_response_type: Option<String>,
pub seed_secret_key: Option<String>,
}
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct TargetRewriteConfig {
pub rewrites: std::collections::HashMap<String, TargetRewrite>,
}
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct TargetRewrite {
pub scheme: String,
pub host: String,
}
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct RateLimitConfig {
pub requests_per_second: u32,
pub burst_size: u32,
pub by_ip: bool,
}
#[derive(Clone, Debug, Deserialize, Serialize)]
#[serde(rename_all = "lowercase")]
pub enum LogFormat {
Default,
Json,
}
impl Default for AppConfig {
fn default() -> Self {
Self {
port: "0.0.0.0:8000".to_string(),
backend_url: "http://localhost:8080".to_string(),
request_timeout: Duration::from_secs(30),
max_body_size: 10 * 1024 * 1024, key_rotation_interval: Duration::from_secs(30 * 24 * 60 * 60), key_retention_period: Duration::from_secs(7 * 24 * 60 * 60), key_rotation_enabled: true,
allowed_target_origins: None,
target_rewrites: None,
rate_limit: None,
metrics_enabled: true,
debug_mode: false,
log_format: LogFormat::Default,
log_level: "info".to_string(),
custom_request_type: None,
custom_response_type: None,
seed_secret_key: None,
}
}
}
impl AppConfig {
pub fn from_env() -> Result<Self, Box<dyn std::error::Error>> {
let mut config = Self::default();
if let Ok(port) = std::env::var("PORT") {
config.port = format!("0.0.0.0:{port}");
}
if let Ok(url) = std::env::var("BACKEND_URL") {
config.backend_url = url;
}
if let Ok(timeout) = std::env::var("REQUEST_TIMEOUT") {
config.request_timeout = Duration::from_secs(timeout.parse()?);
}
if let Ok(size) = std::env::var("MAX_BODY_SIZE") {
config.max_body_size = size.parse()?;
}
if let Ok(interval) = std::env::var("KEY_ROTATION_INTERVAL") {
config.key_rotation_interval = Duration::from_secs(interval.parse()?);
}
if let Ok(period) = std::env::var("KEY_RETENTION_PERIOD") {
config.key_retention_period = Duration::from_secs(period.parse()?);
}
if let Ok(enabled) = std::env::var("KEY_ROTATION_ENABLED") {
config.key_rotation_enabled = enabled.parse()?;
}
if let Ok(origins) = std::env::var("ALLOWED_TARGET_ORIGINS") {
let origins_set: HashSet<String> = origins
.split(',')
.map(|s| s.trim().to_string())
.filter(|s| !s.is_empty())
.collect();
if !origins_set.is_empty() {
config.allowed_target_origins = Some(origins_set);
}
}
if let Ok(rewrites_json) = std::env::var("TARGET_REWRITES") {
let rewrites: std::collections::HashMap<String, TargetRewrite> =
serde_json::from_str(&rewrites_json)?;
config.target_rewrites = Some(TargetRewriteConfig { rewrites });
}
if let Ok(rps) = std::env::var("RATE_LIMIT_RPS") {
let rate_limit = RateLimitConfig {
requests_per_second: rps.parse()?,
burst_size: std::env::var("RATE_LIMIT_BURST")
.ok()
.and_then(|s| s.parse().ok())
.unwrap_or(100),
by_ip: std::env::var("RATE_LIMIT_BY_IP")
.ok()
.and_then(|s| s.parse().ok())
.unwrap_or(true),
};
config.rate_limit = Some(rate_limit);
}
if let Ok(enabled) = std::env::var("METRICS_ENABLED") {
config.metrics_enabled = enabled.parse()?;
}
if let Ok(debug) = std::env::var("GATEWAY_DEBUG") {
config.debug_mode = debug.parse()?;
}
if let Ok(format) = std::env::var("LOG_FORMAT") {
config.log_format = match format.to_lowercase().as_str() {
"json" => LogFormat::Json,
_ => LogFormat::Default,
};
}
if let Ok(level) = std::env::var("LOG_LEVEL") {
config.log_level = level;
}
if let Ok(req_type) = std::env::var("CUSTOM_REQUEST_TYPE") {
config.custom_request_type = Some(req_type);
}
if let Ok(resp_type) = std::env::var("CUSTOM_RESPONSE_TYPE") {
config.custom_response_type = Some(resp_type);
}
if let Ok(seed) = std::env::var("SEED_SECRET_KEY") {
config.seed_secret_key = Some(seed);
}
config.validate()?;
Ok(config)
}
fn validate(&self) -> Result<(), Box<dyn std::error::Error>> {
if self.key_retention_period > self.key_rotation_interval {
return Err("Key retention period cannot be longer than rotation interval".into());
}
match (&self.custom_request_type, &self.custom_response_type) {
(Some(req), Some(resp)) if req == resp => {
return Err("Request and response content types must be different".into());
}
(Some(_), None) | (None, Some(_)) => {
return Err("Both custom request and response types must be specified".into());
}
_ => {}
}
if let Some(seed) = &self.seed_secret_key {
let decoded =
hex::decode(seed).map_err(|_| "SEED_SECRET_KEY must be a hex-encoded string")?;
if decoded.len() < 32 {
return Err("SEED_SECRET_KEY must be at least 32 bytes (64 hex characters)".into());
}
}
Ok(())
}
pub fn is_origin_allowed(&self, origin: &str) -> bool {
match &self.allowed_target_origins {
Some(allowed) => allowed.contains(origin),
None => true, }
}
pub fn get_rewrite(&self, host: &str) -> Option<&TargetRewrite> {
self.target_rewrites
.as_ref()
.and_then(|config| config.rewrites.get(host))
}
}