systemprompt_models/profile/
from_env.rs1use super::{
9 ContentNegotiationConfig, DatabaseConfig, ExtensionsConfig, PathsConfig, Profile, ProfileError,
10 ProfileResult, ProfileType, RateLimitsConfig, RuntimeConfig, SecurityConfig,
11 SecurityHeadersConfig, ServerConfig, SiteConfig, TierMultipliers, default_agent_registry,
12 default_agents, default_artifacts, default_burst, default_content, default_contexts,
13 default_mcp, default_mcp_registry, default_oauth_auth, default_oauth_public, default_stream,
14 default_tasks,
15};
16use crate::services::SystemAdminConfig;
17
18impl Profile {
19 pub fn from_env(profile_name: &str, display_name: &str) -> ProfileResult<Self> {
20 let db_type = require_env("DATABASE_TYPE")?;
21
22 Ok(Self {
23 name: profile_name.to_owned(),
24 display_name: display_name.to_owned(),
25 target: ProfileType::Cloud,
26 site: site_config_from_env()?,
27 database: DatabaseConfig {
28 db_type,
29 external_db_access: false,
30 },
31 server: server_config_from_env()?,
32 paths: paths_config_from_env()?,
33 security: security_config_from_env()?,
34 rate_limits: rate_limits_from_env(),
35 system_admin: SystemAdminConfig {
36 username: require_env("SYSTEM_ADMIN_USERNAME")?,
37 },
38 runtime: runtime_config_from_env()?,
39 cloud: None,
40 secrets: None,
41 extensions: ExtensionsConfig::default(),
42 providers: crate::profile::ProviderRegistry::default(),
43 gateway: None,
44 governance: None,
45 })
46 }
47}
48
49fn get_env(key: &str) -> Option<String> {
50 std::env::var(key).ok()
51}
52
53fn require_env(name: &'static str) -> ProfileResult<String> {
54 std::env::var(name).map_err(|_e| ProfileError::MissingEnvVar { name })
55}
56
57fn site_config_from_env() -> ProfileResult<SiteConfig> {
58 Ok(SiteConfig {
59 name: require_env("SITENAME")?,
60 github_link: get_env("GITHUB_LINK"),
61 })
62}
63
64fn server_config_from_env() -> ProfileResult<ServerConfig> {
65 let port = require_env("PORT")?
66 .parse()
67 .map_err(|e: std::num::ParseIntError| ProfileError::InvalidEnvVar {
68 name: "PORT",
69 message: e.to_string(),
70 })?;
71
72 Ok(ServerConfig {
73 host: require_env("HOST")?,
74 port,
75 api_server_url: require_env("API_SERVER_URL")?,
76 api_internal_url: require_env("API_INTERNAL_URL")?,
77 api_external_url: require_env("API_EXTERNAL_URL")?,
78 use_https: get_env("USE_HTTPS").is_some_and(|v| v.to_lowercase() == "true"),
79 cors_allowed_origins: get_env("CORS_ALLOWED_ORIGINS").map_or_else(Vec::new, |s| {
80 s.split(',').map(|s| s.trim().to_owned()).collect()
81 }),
82 content_negotiation: ContentNegotiationConfig {
83 enabled: get_env("CONTENT_NEGOTIATION_ENABLED")
84 .is_some_and(|v| v.to_lowercase() == "true"),
85 ..Default::default()
86 },
87 security_headers: SecurityHeadersConfig::default(),
88 instance_id: None,
89 max_concurrent_streams: crate::config::DEFAULT_MAX_CONCURRENT_STREAMS,
90 trusted_proxies: Vec::new(),
91 })
92}
93
94fn paths_config_from_env() -> ProfileResult<PathsConfig> {
95 Ok(PathsConfig {
96 system: require_env("SYSTEM_PATH")?,
97 services: require_env("SYSTEMPROMPT_SERVICES_PATH")?,
98 bin: require_env("BIN_PATH")?,
99 storage: get_env("STORAGE_PATH"),
100 geoip_database: get_env("GEOIP_DATABASE_PATH"),
101 web_path: get_env("SYSTEMPROMPT_WEB_PATH"),
102 })
103}
104
105fn security_config_from_env() -> ProfileResult<SecurityConfig> {
106 use crate::auth::JwtAudience;
107
108 let issuer = require_env("JWT_ISSUER")?;
109
110 let access_token_expiration = require_env("JWT_ACCESS_TOKEN_EXPIRATION")?
111 .parse()
112 .map_err(|e: std::num::ParseIntError| ProfileError::InvalidEnvVar {
113 name: "JWT_ACCESS_TOKEN_EXPIRATION",
114 message: e.to_string(),
115 })?;
116
117 let refresh_token_expiration = require_env("JWT_REFRESH_TOKEN_EXPIRATION")?
118 .parse()
119 .map_err(|e: std::num::ParseIntError| ProfileError::InvalidEnvVar {
120 name: "JWT_REFRESH_TOKEN_EXPIRATION",
121 message: e.to_string(),
122 })?;
123
124 let audiences_raw = require_env("JWT_AUDIENCES")?;
125 let audiences = audiences_raw
126 .split(',')
127 .map(|s| {
128 s.trim()
129 .parse::<JwtAudience>()
130 .map_err(|e| ProfileError::InvalidEnvVar {
131 name: "JWT_AUDIENCES",
132 message: e.to_string(),
133 })
134 })
135 .collect::<ProfileResult<Vec<_>>>()?;
136
137 let allow_registration =
138 get_env("ALLOW_REGISTRATION").is_none_or(|s| s.eq_ignore_ascii_case("true"));
139
140 Ok(SecurityConfig {
141 issuer,
142 access_token_expiration,
143 refresh_token_expiration,
144 audiences,
145 allowed_resource_audiences: super::default_resource_audiences(),
146 allow_registration,
147 signing_key_path: std::path::PathBuf::from("signing_key.pem"),
148 trusted_issuers: Vec::new(),
149 })
150}
151
152fn rate_limits_from_env() -> RateLimitsConfig {
153 let parse_rate = |key: &str, default: fn() -> u64| -> u64 {
154 get_env(key)
155 .and_then(|s| {
156 s.parse()
157 .map_err(|e| {
158 tracing::warn!(key = %key, value = %s, error = %e, "Failed to parse rate limit value");
159 e
160 })
161 .ok()
162 })
163 .unwrap_or_else(default)
164 };
165
166 RateLimitsConfig {
167 disabled: get_env("RATE_LIMIT_DISABLED").is_some_and(|v| v.to_lowercase() == "true"),
168 oauth_public_per_second: parse_rate(
169 "RATE_LIMIT_OAUTH_PUBLIC_PER_SECOND",
170 default_oauth_public,
171 ),
172 oauth_auth_per_second: parse_rate("RATE_LIMIT_OAUTH_AUTH_PER_SECOND", default_oauth_auth),
173 contexts_per_second: parse_rate("RATE_LIMIT_CONTEXTS_PER_SECOND", default_contexts),
174 tasks_per_second: parse_rate("RATE_LIMIT_TASKS_PER_SECOND", default_tasks),
175 artifacts_per_second: parse_rate("RATE_LIMIT_ARTIFACTS_PER_SECOND", default_artifacts),
176 agent_registry_per_second: parse_rate(
177 "RATE_LIMIT_AGENT_REGISTRY_PER_SECOND",
178 default_agent_registry,
179 ),
180 agents_per_second: parse_rate("RATE_LIMIT_AGENTS_PER_SECOND", default_agents),
181 mcp_registry_per_second: parse_rate(
182 "RATE_LIMIT_MCP_REGISTRY_PER_SECOND",
183 default_mcp_registry,
184 ),
185 mcp_per_second: parse_rate("RATE_LIMIT_MCP_PER_SECOND", default_mcp),
186 stream_per_second: parse_rate("RATE_LIMIT_STREAM_PER_SECOND", default_stream),
187 content_per_second: parse_rate("RATE_LIMIT_CONTENT_PER_SECOND", default_content),
188 burst_multiplier: parse_rate("RATE_LIMIT_BURST_MULTIPLIER", default_burst),
189 tier_multipliers: TierMultipliers::default(),
190 }
191}
192
193fn runtime_config_from_env() -> ProfileResult<RuntimeConfig> {
194 let environment = get_env("SYSTEMPROMPT_ENV")
195 .unwrap_or_else(|| "development".to_owned())
196 .parse()
197 .map_err(|e: String| ProfileError::InvalidEnvVar {
198 name: "SYSTEMPROMPT_ENV",
199 message: e,
200 })?;
201
202 let log_level = get_env("SYSTEMPROMPT_LOG_LEVEL")
203 .unwrap_or_else(|| "normal".to_owned())
204 .parse()
205 .map_err(|e: String| ProfileError::InvalidEnvVar {
206 name: "SYSTEMPROMPT_LOG_LEVEL",
207 message: e,
208 })?;
209
210 let output_format = get_env("SYSTEMPROMPT_OUTPUT_FORMAT")
211 .unwrap_or_else(|| "text".to_owned())
212 .parse()
213 .map_err(|e: String| ProfileError::InvalidEnvVar {
214 name: "SYSTEMPROMPT_OUTPUT_FORMAT",
215 message: e,
216 })?;
217
218 Ok(RuntimeConfig {
219 environment,
220 log_level,
221 output_format,
222 no_color: get_env("NO_COLOR").is_some(),
223 non_interactive: get_env("CI").is_some(),
224 })
225}