Welcome to mirror list, hosted at ThFree Co, Russian Federation.

validate.go « config « internal - gitlab.com/gitlab-org/gitlab-pages.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/internal/config/validate.go
blob: bb247287c1441bce8b1b370268e5e7531631620a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

package config

import (
	"errors"
	"fmt"
	"net/url"

	"github.com/hashicorp/go-multierror"
)

var (
	errNoListener                       = errors.New("no listener defined, please specify at least one --listen-* flag")
	errAuthNoSecret                     = errors.New("auth-secret must be defined if authentication is supported")
	errAuthNoClientID                   = errors.New("auth-client-id must be defined if authentication is supported")
	errAuthNoClientSecret               = errors.New("auth-client-secret must be defined if authentication is supported")
	errAuthNoGitlabServer               = errors.New("gitlab-server must be defined if authentication is supported")
	errAuthNoRedirect                   = errors.New("auth-redirect-uri must be defined if authentication is supported")
	errArtifactsServerUnsupportedScheme = errors.New("artifacts-server scheme must be either http:// or https://")
	errArtifactsServerInvalidTimeout    = errors.New("artifacts-server-timeout must be greater than or equal to 1")
	errEmptyListener                    = errors.New("listener must not be empty")
)

// Validate values populated in Config
func Validate(config *Config) error {
	var result *multierror.Error

	result = multierror.Append(result,
		validateListeners(config),
		validateAuthConfig(config),
		validateArtifactsServerConfig(config),
		validateTLSVersions(*tlsMinVersion, *tlsMaxVersion),
	)

	return result.ErrorOrNil()
}

func validateListeners(config *Config) error {
	if config.ListenHTTPStrings.Len() == 0 &&
		config.ListenHTTPSStrings.Len() == 0 &&
		config.ListenHTTPSProxyv2Strings.Len() == 0 &&
		config.ListenProxyStrings.Len() == 0 {
		return errNoListener
	}

	var result *multierror.Error

	result = multierror.Append(result,
		validateListenerAddr(config.ListenHTTPStrings, "http"),
		validateListenerAddr(config.ListenHTTPSStrings, "https"),
		validateListenerAddr(config.ListenHTTPSProxyv2Strings, "proxyv2"),
		validateListenerAddr(config.ListenProxyStrings, "proxy"),
	)

	return result.ErrorOrNil()
}

func validateListenerAddr(listeners MultiStringFlag, name string) error {
	var result *multierror.Error
	for i, s := range listeners.Split() {
		if s == "" {
			result = multierror.Append(result, fmt.Errorf("empty %s listener at index %d: %w", name, i, errEmptyListener))
		}
	}

	return result.ErrorOrNil()
}

func validateAuthConfig(config *Config) error {
	if config.Authentication.Secret == "" && config.Authentication.ClientID == "" &&
		config.Authentication.ClientSecret == "" && config.Authentication.RedirectURI == "" {
		return nil
	}

	var result *multierror.Error
	if config.Authentication.Secret == "" {
		result = multierror.Append(result, errAuthNoSecret)
	}
	if config.Authentication.ClientID == "" {
		result = multierror.Append(result, errAuthNoClientID)
	}
	if config.Authentication.ClientSecret == "" {
		result = multierror.Append(result, errAuthNoClientSecret)
	}
	if config.GitLab.PublicServer == "" {
		result = multierror.Append(result, errAuthNoGitlabServer)
	}
	if config.Authentication.RedirectURI == "" {
		result = multierror.Append(result, errAuthNoRedirect)
	}
	return result.ErrorOrNil()
}

func validateArtifactsServerConfig(config *Config) error {
	if config.ArtifactsServer.URL == "" {
		return nil
	}

	u, err := url.Parse(config.ArtifactsServer.URL)
	if err != nil {
		return err
	}

	var result *multierror.Error

	// url.Parse ensures that the Scheme attribute is always lower case.
	if u.Scheme != "http" && u.Scheme != "https" {
		result = multierror.Append(result, errArtifactsServerUnsupportedScheme)
	}

	if config.ArtifactsServer.TimeoutSeconds < 1 {
		result = multierror.Append(result, errArtifactsServerInvalidTimeout)
	}

	return result.ErrorOrNil()
}

// validateTLSVersions returns error if the provided TLS versions config values are not valid
func validateTLSVersions(min, max string) error {
	tlsMin, tlsMinOk := allTLSVersions[min]
	tlsMax, tlsMaxOk := allTLSVersions[max]

	if !tlsMinOk {
		return fmt.Errorf("invalid minimum TLS version: %s", min)
	}
	if !tlsMaxOk {
		return fmt.Errorf("invalid maximum TLS version: %s", max)
	}
	if tlsMin > tlsMax && tlsMax > 0 {
		return fmt.Errorf("invalid maximum TLS version: %s; should be at least %s", max, min)
	}

	return nil
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 06:32:20 +0300