env tweaks

2025-09-08 17:06:42 +00:00 · 2025-08-16 16:03:36 +02:00
parent e47abbbbee
commit a138378f19
4 changed files with 103 additions and 10 deletions
--- a/env.go
+++ b/env.go
@@ -1,13 +1,19 @@
 package main

 import (
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
 	"errors"
+	"io"
 	"os"

 	"github.com/goccy/go-yaml"
+	"golang.org/x/crypto/bcrypt"
 )

 type EnvTokens struct {
+	Secret     string `json:"secret"`
 	OpenRouter string `json:"openrouter"`
 	Exa        string `json:"exa"`
 }
@@ -17,10 +23,21 @@ type EnvSettings struct {
 	MaxIterations uint `json:"iterations"`
 }

+type EnvUser struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type EnvAuthentication struct {
+	Enabled bool      `json:"enabled"`
+	Users   []EnvUser `json:"users"`
+}
+
 type Environment struct {
-	Debug    bool        `json:"debug"`
-	Tokens   EnvTokens   `json:"tokens"`
-	Settings EnvSettings `json:"settings"`
+	Debug          bool              `json:"debug"`
+	Tokens         EnvTokens         `json:"tokens"`
+	Settings       EnvSettings       `json:"settings"`
+	Authentication EnvAuthentication `json:"authentication"`
 }

 var env Environment
@@ -46,6 +63,27 @@ func (e *Environment) Init() error {
 	// check max iterations
 	e.Settings.MaxIterations = max(e.Settings.MaxIterations, 1)

+	// check if server secret is set
+	if e.Tokens.Secret == "" {
+		log.Warning("Missing tokens.secret, generating new...")
+
+		key := make([]byte, 32)
+
+		_, err := io.ReadFull(rand.Reader, key)
+		if err != nil {
+			return err
+		}
+
+		e.Tokens.Secret = base64.StdEncoding.EncodeToString(key)
+
+		err = e.Store()
+		if err != nil {
+			return err
+		}
+
+		log.Info("Stored new tokens.secret")
+	}
+
 	// check if openrouter token is set
 	if e.Tokens.OpenRouter == "" {
 		return errors.New("missing tokens.openrouter")
@@ -53,8 +91,50 @@ func (e *Environment) Init() error {

 	// check if exa token is set
 	if e.Tokens.Exa == "" {
-		log.Warning("missing token.exa, web search unavailable")
+		log.Warning("Missing token.exa, web search unavailable")
 	}

 	return nil
 }
+
+func (e *Environment) Authenticate(username, password string) bool {
+	for _, user := range e.Authentication.Users {
+		if user.Username == username {
+			return bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) == nil
+		}
+	}
+
+	return false
+}
+
+func (e *Environment) Store() error {
+	var (
+		buffer   bytes.Buffer
+		comments = yaml.CommentMap{
+			"$.debug": {yaml.HeadComment(" enable verbose logging and diagnostics")},
+
+			"$.tokens":         {yaml.HeadComment("")},
+			"$.settings":       {yaml.HeadComment("")},
+			"$.authentication": {yaml.HeadComment("")},
+
+			"$.tokens.secret":     {yaml.HeadComment(" server secret for signing auth tokens; auto-generated if empty")},
+			"$.tokens.openrouter": {yaml.HeadComment(" openrouter.ai api token (required)")},
+			"$.tokens.exa":        {yaml.HeadComment(" exa search api token (optional; used by search tools)")},
+
+			"$.settings.cleanup":    {yaml.HeadComment(" normalize unicode in assistant output (optional; default: false)")},
+			"$.settings.iterations": {yaml.HeadComment(" max model turns per request (optional; default: 3)")},
+
+			"$.authentication.enabled": {yaml.HeadComment(" require login with username and password")},
+			"$.authentication.users":   {yaml.HeadComment(" list of users with bcrypt password hashes")},
+		}
+	)
+
+	err := yaml.NewEncoder(&buffer, yaml.WithComment(comments)).Encode(e)
+	if err != nil {
+		return err
+	}
+
+	body := bytes.ReplaceAll(buffer.Bytes(), []byte("#\n"), []byte("\n"))
+
+	return os.WriteFile("config.yml", body, 0644)
+}