package app

import (
	"time"
)

type GitHubOauthCreds struct {
	ClientId     string `mapstructure:"client-id"`
	ClientSecret string `mapstructure:"client-secret"`
}

type Config struct {
	Bind                  []string      `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"`
	Debug                 bool          `flag:"debug" flag-help:"Enable debug mode"`
	MongoDbUri            string        `flag:"mongodb-uri" flag-help:"URI for connection to mongodb"`
	LogFile               string        `flag:"log-file" flag-scope:"web" flag-help:"Log file for combined host logs"`
	TrustedIPRanges       []string      `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"`
	Hostnames             []string      `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"`
	DisableBackgroundJobs bool          `flag:"disable-bg-jobs" flag-help:"Disable background jobs and only serve web pages"`
	RateLimit             time.Duration `flag:"rate-limit" flag-help:"Number seconds between requests for credential resources"`
	RateLimitBurst        int           `flag:"rate-limit-burst" flag-help:"Number of burst requests allowed to credential endpoints"`
	IssuerEndpoint        string        `flag:"issuer-endpoint" flag-help:"Oauth issuer endpoint"`
	JWTAudience           string        `flag:"jwt-audience" flag-help:"Audience for issued JWTs"`
	AuthCookieDuration    time.Duration `flag:"auth-cookie-duration" flag-help:"Expiration duration of the auth cookies"`
	GitHubOauthCreds      string        `flag:"github-oauth-vault-path" flag-help:"Vault material name for GitHub auth credentials"`
	DNSApiKeyVaultPath    string        `flag:"dns-api-vault-path" flag-help:"Vault material for DNS API key"`
	AutocertEmail         string        `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"`
	AutocertHost          string        `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"`
	NetboxHost            string        `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"`
	NetboxApiKeyVaultPath string        `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"`
}

var DefaultConfig = &Config{
	Bind:                  []string{":8169"},
	Debug:                 false,
	MongoDbUri:            "cloud-id-broker-prod-dynamic@mongodb.sea4.crute.me/cloud-id-broker-prod",
	LogFile:               "",
	TrustedIPRanges:       []string{"172.19.0.0/22", "2602:803:4072::/48"},
	Hostnames:             []string{"aws-access.crute.me"},
	DisableBackgroundJobs: false,
	RateLimit:             30 * time.Second,
	RateLimitBurst:        30,
	IssuerEndpoint:        "https://aws-access.crute.me",
	JWTAudience:           "aws-access",
	AuthCookieDuration:    24 * time.Hour,
	GitHubOauthCreds:      "service/aws-access/github-oauth",
	DNSApiKeyVaultPath:    "service/aws-access/dns-api-key",
	AutocertEmail:         "letsencrypt-certs@pomonaconsulting.com",
	AutocertHost:          "https://dns-manage.crute.me/acmev2",
	NetboxHost:            "https://netbox.crute.me",
	NetboxApiKeyVaultPath: "infra/netbox-readonly",
}