chore: move the go code into a subfolder

apps/api/internal/config/config.go

@@ -0,0 +1,77 @@
+package config
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+
+	"github.com/BurntSushi/toml"
+	"sigs.k8s.io/yaml"
+
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type ValidatableConfiguration interface {
+	Validate() error
+}
+
+type ReaderFunc func(data []byte, o interface{}) error
+
+var (
+	JSONReader = json.Unmarshal
+	TOMLReader = toml.Unmarshal
+	YAMLReader = func(data []byte, o interface{}) error { return yaml.Unmarshal(data, o) }
+)
+
+// Read deserializes each config file to the target obj
+// using a Reader (depending on file extension)
+// env vars are replaced in the config file as well as the file path
+func Read(obj interface{}, configFiles ...string) error {
+	for _, cf := range configFiles {
+		readerFunc, err := readerFuncForFile(cf)
+		if err != nil {
+			return err
+		}
+		if err := readConfigFile(readerFunc, cf, obj); err != nil {
+			return err
+		}
+	}
+
+	if validatable, ok := obj.(ValidatableConfiguration); ok {
+		if err := validatable.Validate(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func readConfigFile(readerFunc ReaderFunc, configFile string, obj interface{}) error {
+	configFile = os.ExpandEnv(configFile)
+
+	configStr, err := os.ReadFile(configFile)
+	if err != nil {
+		return zerrors.ThrowInternalf(err, "CONFI-nJk2a", "failed to read config file %s", configFile)
+	}
+
+	configStr = []byte(os.ExpandEnv(string(configStr)))
+
+	if err := readerFunc(configStr, obj); err != nil {
+		return zerrors.ThrowInternalf(err, "CONFI-2Mc3c", "error parse config file %s", configFile)
+	}
+
+	return nil
+}
+
+func readerFuncForFile(configFile string) (ReaderFunc, error) {
+	ext := filepath.Ext(configFile)
+	switch ext {
+	case ".yaml", ".yml":
+		return YAMLReader, nil
+	case ".json":
+		return JSONReader, nil
+	case ".toml":
+		return TOMLReader, nil
+	}
+	return nil, zerrors.ThrowUnimplementedf(nil, "CONFI-ZLk4u", "file extension (%s) not supported", ext)
+}

apps/api/internal/config/config_test.go

@@ -0,0 +1,231 @@
+package config
+
+import (
+	"errors"
+	"reflect"
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type test struct {
+	Test bool
+}
+
+type validatable struct {
+	Test bool
+}
+
+type multiple struct {
+	Test     bool
+	MoreData string
+}
+
+func (v *validatable) Validate() error {
+	if v.Test {
+		return nil
+	}
+	return errors.New("invalid")
+}
+
+func TestRead(t *testing.T) {
+	type args struct {
+		obj         interface{}
+		configFiles []string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+		want    interface{}
+	}{
+		{
+			"not supoorted config file error",
+			args{
+				configFiles: []string{"notsupported.unknown"},
+				obj:         &test{},
+			},
+			true,
+			&test{},
+		},
+		{
+			"non existing config file error",
+			args{
+				configFiles: []string{"nonexisting.yaml"},
+				obj:         &test{},
+			},
+			true,
+			&test{},
+		},
+		{
+			"non parsable config file error",
+			args{
+				configFiles: []string{"./testdata/non_parsable.json"},
+				obj:         &test{},
+			},
+			true,
+			&test{},
+		},
+		{
+			"invalid parsable config file error",
+			args{
+				configFiles: []string{"./testdata/invalid.json"},
+				obj:         &validatable{},
+			},
+			true,
+			&validatable{},
+		},
+		{
+			"multiple files, one non parsable error ",
+			args{
+				configFiles: []string{"./testdata/non_parsable.json", "./testdata/more_data.yaml"},
+				obj:         &multiple{},
+			},
+			true,
+			&multiple{},
+		},
+		{
+			"parsable config file ok",
+			args{
+				configFiles: []string{"./testdata/valid.json"},
+				obj:         &test{},
+			},
+			false,
+			&test{Test: true},
+		},
+		{
+			"multiple parsable config files ok",
+			args{
+				configFiles: []string{"./testdata/valid.json", "./testdata/more_data.yaml"},
+				obj:         &multiple{},
+			},
+			false,
+			&multiple{Test: true, MoreData: "data"},
+		},
+		{
+			"valid parsable config file ok",
+			args{
+				configFiles: []string{"./testdata/valid.json"},
+				obj:         &validatable{},
+			},
+			false,
+			&validatable{Test: true},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := Read(tt.args.obj, tt.args.configFiles...); (err != nil) != tt.wantErr {
+				t.Errorf("Read() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if !reflect.DeepEqual(tt.args.obj, tt.want) {
+				t.Errorf("Read() got = %v, want = %v", tt.args.obj, tt.want)
+			}
+		})
+	}
+}
+
+func Test_readerFuncForFile(t *testing.T) {
+	type args struct {
+		configFile string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    ReaderFunc
+		wantErr bool
+	}{
+		{
+			"unknown extension error",
+			args{configFile: "test.unknown"},
+			nil,
+			true,
+		},
+		{
+			"toml",
+			args{configFile: "test.toml"},
+			TOMLReader,
+			false,
+		},
+		{
+			"json",
+			args{configFile: "test.json"},
+			JSONReader,
+			false,
+		},
+		{
+			"yaml",
+			args{configFile: "test.yaml"},
+			YAMLReader,
+			false,
+		},
+		{
+			"yml",
+			args{configFile: "test.yml"},
+			YAMLReader,
+			false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := readerFuncForFile(tt.args.configFile)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("configReaderForFile() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			funcName1 := runtime.FuncForPC(reflect.ValueOf(got).Pointer()).Name()
+			funcName2 := runtime.FuncForPC(reflect.ValueOf(tt.want).Pointer()).Name()
+			if !assert.Equal(t, funcName1, funcName2) {
+				t.Errorf("configReaderForFile() got = %v, want %v", funcName1, funcName2)
+			}
+		})
+	}
+}
+
+func Test_readConfigFile(t *testing.T) {
+	type args struct {
+		configReader ReaderFunc
+		configFile   string
+		obj          interface{}
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			"non existing config file error",
+			args{
+				configReader: YAMLReader,
+				configFile:   "nonexisting.json",
+				obj:          nil,
+			},
+			true,
+		},
+		{
+			"non parsable config file error",
+			args{
+				configReader: YAMLReader,
+				configFile:   "./testdata/non_parsable.json",
+				obj:          &test{},
+			},
+			true,
+		},
+		{
+			"parsable config file no error",
+			args{
+				configReader: YAMLReader,
+				configFile:   "./testdata/valid.json",
+				obj:          &test{},
+			},
+			false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := readConfigFile(tt.args.configReader, tt.args.configFile, tt.args.obj); (err != nil) != tt.wantErr {
+				t.Errorf("readConfigFile() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}

apps/api/internal/config/hook/base64_to_bytes.go

@@ -0,0 +1,26 @@
+package hook
+
+import (
+	"encoding/base64"
+	"reflect"
+
+	"github.com/mitchellh/mapstructure"
+)
+
+func Base64ToBytesHookFunc() mapstructure.DecodeHookFuncType {
+	return func(
+		f reflect.Type,
+		t reflect.Type,
+		data interface{},
+	) (interface{}, error) {
+		if f.Kind() != reflect.String {
+			return data, nil
+		}
+
+		if t != reflect.TypeOf([]byte{}) {
+			return data, nil
+		}
+
+		return base64.StdEncoding.DecodeString(data.(string))
+	}
+}

apps/api/internal/config/hook/enum.go

@@ -0,0 +1,24 @@
+package hook
+
+import (
+	"reflect"
+
+	"github.com/mitchellh/mapstructure"
+	"golang.org/x/exp/constraints"
+)
+
+func EnumHookFunc[T constraints.Integer](resolve func(string) (T, error)) mapstructure.DecodeHookFuncType {
+	return func(
+		f reflect.Type,
+		t reflect.Type,
+		data interface{},
+	) (interface{}, error) {
+		if f.Kind() != reflect.String {
+			return data, nil
+		}
+		if t != reflect.TypeOf(T(0)) {
+			return data, nil
+		}
+		return resolve(data.(string))
+	}
+}

apps/api/internal/config/hook/tag_to_language.go

@@ -0,0 +1,29 @@
+package hook
+
+import (
+	"reflect"
+
+	"github.com/mitchellh/mapstructure"
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+func TagToLanguageHookFunc() mapstructure.DecodeHookFuncType {
+	return func(
+		f reflect.Type,
+		t reflect.Type,
+		data interface{},
+	) (interface{}, error) {
+		if f.Kind() != reflect.String {
+			return data, nil
+		}
+
+		if t != reflect.TypeOf(language.Tag{}) {
+			return data, nil
+		}
+
+		lang, err := domain.ParseLanguage(data.(string))
+		return lang[0], err
+	}
+}

apps/api/internal/config/network/config.go

@@ -0,0 +1,56 @@
+package network
+
+import (
+	"crypto/tls"
+	"errors"
+	"os"
+)
+
+var (
+	ErrMissingConfig = errors.New("TLS is enabled: please specify a key (path) and a cert (path) or disable TLS if needed (e.g. by setting flag `--tlsMode external` or `--tlsMode disabled")
+)
+
+type TLS struct {
+	//If enabled, ZITADEL will serve all traffic over TLS (HTTPS and gRPC)
+	//you must then also provide a private key and certificate to be used for the connection
+	//either directly or by a path to the corresponding file
+	Enabled bool
+	//Path to the private key of the TLS certificate, it will be loaded into the Key
+	//and overwrite any exising value
+	KeyPath string
+	//Path to the certificate for the TLS connection, it will be loaded into the Cert
+	//and overwrite any exising value
+	CertPath string
+	//Private key of the TLS certificate (KeyPath will this overwrite, if specified)
+	Key []byte
+	//Certificate for the TLS connection (CertPath will this overwrite, if specified)
+	Cert []byte
+}
+
+func (t *TLS) Config() (_ *tls.Config, err error) {
+	if !t.Enabled {
+		return nil, nil
+	}
+	if t.KeyPath != "" {
+		t.Key, err = os.ReadFile(t.KeyPath)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if t.CertPath != "" {
+		t.Cert, err = os.ReadFile(t.CertPath)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if t.Key == nil || t.Cert == nil {
+		return nil, ErrMissingConfig
+	}
+	tlsCert, err := tls.X509KeyPair(t.Cert, t.Key)
+	if err != nil {
+		return nil, err
+	}
+	return &tls.Config{
+		Certificates: []tls.Certificate{tlsCert},
+	}, nil
+}

apps/api/internal/config/systemdefaults/system_defaults.go

@@ -0,0 +1,49 @@
+package systemdefaults
+
+import (
+	"time"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+)
+
+type SystemDefaults struct {
+	SecretGenerators     SecretGenerators
+	PasswordHasher       crypto.HashConfig
+	SecretHasher         crypto.HashConfig
+	Multifactors         MultifactorConfig
+	DomainVerification   DomainVerification
+	Notifications        Notifications
+	KeyConfig            KeyConfig
+	DefaultQueryLimit    uint64
+	MaxQueryLimit        uint64
+	MaxIdPIntentLifetime time.Duration
+}
+
+type SecretGenerators struct {
+	MachineKeySize     uint32
+	ApplicationKeySize uint32
+}
+
+type MultifactorConfig struct {
+	OTP OTPConfig
+}
+
+type OTPConfig struct {
+	Issuer string
+}
+
+type DomainVerification struct {
+	VerificationGenerator crypto.GeneratorConfig
+}
+
+type Notifications struct {
+	FileSystemPath string
+}
+
+type KeyConfig struct {
+	Size                int
+	PrivateKeyLifetime  time.Duration
+	PublicKeyLifetime   time.Duration
+	CertificateSize     int
+	CertificateLifetime time.Duration
+}

apps/api/internal/config/testdata/invalid.json

@@ -0,0 +1,3 @@
+{
+  "Test" : false
+}

apps/api/internal/config/testdata/more_data.yaml

@@ -0,0 +1 @@
+MoreData: data

apps/api/internal/config/testdata/non_parsable.json

@@ -0,0 +1 @@
+Test

apps/api/internal/config/testdata/valid.json

@@ -0,0 +1,3 @@
+{
+  "Test" : true
+}