config: fix replace from env vars for some sub list

ensure to merge configuration from files with configuration from env Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-09 16:25:15 +03:00 · 2022-06-28 19:17:16 +02:00
parent 5610b98d19
commit e244ba37b2
4 changed files with 222 additions and 55 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -957,9 +957,7 @@ func getPluginsFromEnv(idx int) {
 }

 func getSFTPDBindindFromEnv(idx int) {
-	binding := sftpd.Binding{
-		ApplyProxyConfig: true,
-	}
+	binding := defaultSFTPDBinding
 	if len(globalConf.SFTPD.Bindings) > idx {
 		binding = globalConf.SFTPD.Bindings[idx]
 	}
@@ -995,9 +993,17 @@ func getSFTPDBindindFromEnv(idx int) {

 func getFTPDPassiveIPOverridesFromEnv(idx int) []ftpd.PassiveIPOverride {
 	var overrides []ftpd.PassiveIPOverride
+	if len(globalConf.FTPD.Bindings) > idx {
+		overrides = globalConf.FTPD.Bindings[idx].PassiveIPOverrides
+	}

 	for subIdx := 0; subIdx < 10; subIdx++ {
 		var override ftpd.PassiveIPOverride
+		var replace bool
+		if len(globalConf.FTPD.Bindings) > idx && len(globalConf.FTPD.Bindings[idx].PassiveIPOverrides) > subIdx {
+			override = globalConf.FTPD.Bindings[idx].PassiveIPOverrides[subIdx]
+			replace = true
+		}

 		ip, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_IP_OVERRIDES__%v__IP", idx, subIdx))
 		if ok {
@@ -1011,7 +1017,11 @@ func getFTPDPassiveIPOverridesFromEnv(idx int) []ftpd.PassiveIPOverride {
 		}

 		if len(override.Networks) > 0 {
-			overrides = append(overrides, override)
+			if replace {
+				overrides[subIdx] = override
+			} else {
+				overrides = append(overrides, override)
+			}
 		}
 	}

@@ -1019,10 +1029,7 @@ func getFTPDPassiveIPOverridesFromEnv(idx int) []ftpd.PassiveIPOverride {
 }

 func getDefaultFTPDBinding(idx int) ftpd.Binding {
-	binding := ftpd.Binding{
-		ApplyProxyConfig: true,
-		MinTLSVersion:    12,
-	}
+	binding := defaultFTPDBinding
 	if len(globalConf.FTPD.Bindings) > idx {
 		binding = globalConf.FTPD.Bindings[idx]
 	}
@@ -1155,9 +1162,7 @@ func getWebDAVDBindingProxyConfigsFromEnv(idx int, binding *webdavd.Binding) boo
 }

 func getWebDAVDBindingFromEnv(idx int) {
-	binding := webdavd.Binding{
-		MinTLSVersion: 12,
-	}
+	binding := defaultWebDAVDBinding
 	if len(globalConf.WebDAVD.Bindings) > idx {
 		binding = globalConf.WebDAVD.Bindings[idx]
 	}
@@ -1233,22 +1238,44 @@ func getWebDAVDBindingFromEnv(idx int) {

 func getHTTPDSecurityProxyHeadersFromEnv(idx int) []httpd.HTTPSProxyHeader {
 	var httpsProxyHeaders []httpd.HTTPSProxyHeader
+	if len(globalConf.HTTPDConfig.Bindings) > idx {
+		httpsProxyHeaders = globalConf.HTTPDConfig.Bindings[idx].Security.HTTPSProxyHeaders
+	}

 	for subIdx := 0; subIdx < 10; subIdx++ {
-		proxyKey, _ := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__HTTPS_PROXY_HEADERS__%v__KEY", idx, subIdx))
-		proxyVal, _ := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__HTTPS_PROXY_HEADERS__%v__VALUE", idx, subIdx))
-		if proxyKey != "" && proxyVal != "" {
-			httpsProxyHeaders = append(httpsProxyHeaders, httpd.HTTPSProxyHeader{
-				Key:   proxyKey,
-				Value: proxyVal,
-			})
+		var httpsProxyHeader httpd.HTTPSProxyHeader
+		var replace bool
+		if len(globalConf.HTTPDConfig.Bindings) > idx &&
+			len(globalConf.HTTPDConfig.Bindings[idx].Security.HTTPSProxyHeaders) > subIdx {
+			httpsProxyHeader = httpsProxyHeaders[subIdx]
+			replace = true
+		}
+		proxyKey, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__HTTPS_PROXY_HEADERS__%v__KEY",
+			idx, subIdx))
+		if ok {
+			httpsProxyHeader.Key = proxyKey
+		}
+		proxyVal, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__HTTPS_PROXY_HEADERS__%v__VALUE",
+			idx, subIdx))
+		if ok {
+			httpsProxyHeader.Value = proxyVal
+		}
+		if httpsProxyHeader.Key != "" && httpsProxyHeader.Value != "" {
+			if replace {
+				httpsProxyHeaders[subIdx] = httpsProxyHeader
+			} else {
+				httpsProxyHeaders = append(httpsProxyHeaders, httpsProxyHeader)
+			}
 		}
 	}
 	return httpsProxyHeaders
 }

 func getHTTPDSecurityConfFromEnv(idx int) (httpd.SecurityConf, bool) { //nolint:gocyclo
-	var result httpd.SecurityConf
+	result := defaultHTTPDBinding.Security
+	if len(globalConf.HTTPDConfig.Bindings) > idx {
+		result = globalConf.HTTPDConfig.Bindings[idx].Security
+	}
 	isSet := false

 	enabled, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__ENABLED", idx))
@@ -1296,6 +1323,7 @@ func getHTTPDSecurityConfFromEnv(idx int) (httpd.SecurityConf, bool) { //nolint:
 	stsSeconds, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__STS_SECONDS", idx))
 	if ok {
 		result.STSSeconds = stsSeconds
+		isSet = true
 	}

 	stsIncludeSubDomains, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__SECURITY__STS_INCLUDE_SUBDOMAINS", idx))
@@ -1344,7 +1372,10 @@ func getHTTPDSecurityConfFromEnv(idx int) (httpd.SecurityConf, bool) { //nolint:
 }

 func getHTTPDOIDCFromEnv(idx int) (httpd.OIDC, bool) {
-	var result httpd.OIDC
+	result := defaultHTTPDBinding.OIDC
+	if len(globalConf.HTTPDConfig.Bindings) > idx {
+		result = globalConf.HTTPDConfig.Bindings[idx].OIDC
+	}
 	isSet := false

 	clientID, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__OIDC__CLIENT_ID", idx))
@@ -1398,78 +1429,81 @@ func getHTTPDOIDCFromEnv(idx int) (httpd.OIDC, bool) {
 	return result, isSet
 }

-func getHTTPDUIBrandingFromEnv(prefix string) (httpd.UIBranding, bool) {
-	var result httpd.UIBranding
+func getHTTPDUIBrandingFromEnv(prefix string, branding httpd.UIBranding) (httpd.UIBranding, bool) {
 	isSet := false

 	name, ok := os.LookupEnv(fmt.Sprintf("%s__NAME", prefix))
 	if ok {
-		result.Name = name
+		branding.Name = name
 		isSet = true
 	}

 	shortName, ok := os.LookupEnv(fmt.Sprintf("%s__SHORT_NAME", prefix))
 	if ok {
-		result.ShortName = shortName
+		branding.ShortName = shortName
 		isSet = true
 	}

 	faviconPath, ok := os.LookupEnv(fmt.Sprintf("%s__FAVICON_PATH", prefix))
 	if ok {
-		result.FaviconPath = faviconPath
+		branding.FaviconPath = faviconPath
 		isSet = true
 	}

 	logoPath, ok := os.LookupEnv(fmt.Sprintf("%s__LOGO_PATH", prefix))
 	if ok {
-		result.LogoPath = logoPath
+		branding.LogoPath = logoPath
 		isSet = true
 	}

 	loginImagePath, ok := os.LookupEnv(fmt.Sprintf("%s__LOGIN_IMAGE_PATH", prefix))
 	if ok {
-		result.LoginImagePath = loginImagePath
+		branding.LoginImagePath = loginImagePath
 		isSet = true
 	}

 	disclaimerName, ok := os.LookupEnv(fmt.Sprintf("%s__DISCLAIMER_NAME", prefix))
 	if ok {
-		result.DisclaimerName = disclaimerName
+		branding.DisclaimerName = disclaimerName
 		isSet = true
 	}

 	disclaimerPath, ok := os.LookupEnv(fmt.Sprintf("%s__DISCLAIMER_PATH", prefix))
 	if ok {
-		result.DisclaimerPath = disclaimerPath
+		branding.DisclaimerPath = disclaimerPath
 		isSet = true
 	}

 	defaultCSSPath, ok := os.LookupEnv(fmt.Sprintf("%s__DEFAULT_CSS", prefix))
 	if ok {
-		result.DefaultCSS = defaultCSSPath
+		branding.DefaultCSS = defaultCSSPath
 		isSet = true
 	}

 	extraCSS, ok := lookupStringListFromEnv(fmt.Sprintf("%s__EXTRA_CSS", prefix))
 	if ok {
-		result.ExtraCSS = extraCSS
+		branding.ExtraCSS = extraCSS
 		isSet = true
 	}
-
-	return result, isSet
+	return branding, isSet
 }

 func getHTTPDBrandingFromEnv(idx int) (httpd.Branding, bool) {
-	var result httpd.Branding
+	result := defaultHTTPDBinding.Branding
+	if len(globalConf.HTTPDConfig.Bindings) > idx {
+		result = globalConf.HTTPDConfig.Bindings[idx].Branding
+	}
 	isSet := false

-	webAdmin, ok := getHTTPDUIBrandingFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__BRANDING__WEB_ADMIN", idx))
+	webAdmin, ok := getHTTPDUIBrandingFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__BRANDING__WEB_ADMIN", idx),
+		result.WebAdmin)
 	if ok {
 		result.WebAdmin = webAdmin
 		isSet = true
 	}

-	webClient, ok := getHTTPDUIBrandingFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__BRANDING__WEB_CLIENT", idx))
+	webClient, ok := getHTTPDUIBrandingFromEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__BRANDING__WEB_CLIENT", idx),
+		result.WebClient)
 	if ok {
 		result.WebClient = webClient
 		isSet = true
@@ -1480,9 +1514,18 @@ func getHTTPDBrandingFromEnv(idx int) (httpd.Branding, bool) {

 func getHTTPDWebClientIntegrationsFromEnv(idx int) []httpd.WebClientIntegration {
 	var integrations []httpd.WebClientIntegration
+	if len(globalConf.HTTPDConfig.Bindings) > idx {
+		integrations = globalConf.HTTPDConfig.Bindings[idx].WebClientIntegrations
+	}

 	for subIdx := 0; subIdx < 10; subIdx++ {
 		var integration httpd.WebClientIntegration
+		var replace bool
+		if len(globalConf.HTTPDConfig.Bindings) > idx &&
+			len(globalConf.HTTPDConfig.Bindings[idx].WebClientIntegrations) > subIdx {
+			integration = integrations[subIdx]
+			replace = true
+		}

 		url, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__WEB_CLIENT_INTEGRATIONS__%v__URL", idx, subIdx))
 		if ok {
@@ -1495,8 +1538,12 @@ func getHTTPDWebClientIntegrationsFromEnv(idx int) []httpd.WebClientIntegration
 			integration.FileExtensions = extensions
 		}

-		if url != "" && len(extensions) > 0 {
-			integrations = append(integrations, integration)
+		if integration.URL != "" && len(integration.FileExtensions) > 0 {
+			if replace {
+				integrations[subIdx] = integration
+			} else {
+				integrations = append(integrations, integration)
+			}
 		}
 	}

@@ -1504,12 +1551,7 @@ func getHTTPDWebClientIntegrationsFromEnv(idx int) []httpd.WebClientIntegration
 }

 func getDefaultHTTPBinding(idx int) httpd.Binding {
-	binding := httpd.Binding{
-		EnableWebAdmin:  true,
-		EnableWebClient: true,
-		RenderOpenAPI:   true,
-		MinTLSVersion:   12,
-	}
+	binding := defaultHTTPDBinding
 	if len(globalConf.HTTPDConfig.Bindings) > idx {
 		binding = globalConf.HTTPDConfig.Bindings[idx]
 	}
@@ -1669,6 +1711,9 @@ func setHTTPDBinding(isSet bool, binding httpd.Binding, idx int) {

 func getHTTPClientCertificatesFromEnv(idx int) {
 	tlsCert := httpclient.TLSKeyPair{}
+	if len(globalConf.HTTPConfig.Certificates) > idx {
+		tlsCert = globalConf.HTTPConfig.Certificates[idx]
+	}

 	cert, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTP__CERTIFICATES__%v__CERT", idx))
 	if ok {
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -485,6 +485,126 @@ func TestDisabledMFAConfig(t *testing.T) {
 	assert.NoError(t, err)
 }

+func TestFTPDOverridesFromEnv(t *testing.T) {
+	reset()
+
+	os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__0__IP", "192.168.1.1")
+	os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__0__NETWORKS", "192.168.1.0/24, 192.168.3.0/25")
+	os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__1__IP", "192.168.2.1")
+	os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__1__NETWORKS", "192.168.2.0/24")
+	cleanup := func() {
+		os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__0__IP")
+		os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__0__NETWORKS")
+		os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__1__IP")
+		os.Unsetenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__1__NETWORKS")
+	}
+	t.Cleanup(cleanup)
+
+	configDir := ".."
+	err := config.LoadConfig(configDir, "")
+	assert.NoError(t, err)
+	ftpdConf := config.GetFTPDConfig()
+	require.Len(t, ftpdConf.Bindings, 1)
+	require.Len(t, ftpdConf.Bindings[0].PassiveIPOverrides, 2)
+	require.Equal(t, "192.168.1.1", ftpdConf.Bindings[0].PassiveIPOverrides[0].IP)
+	require.Len(t, ftpdConf.Bindings[0].PassiveIPOverrides[0].Networks, 2)
+	require.Equal(t, "192.168.2.1", ftpdConf.Bindings[0].PassiveIPOverrides[1].IP)
+	require.Len(t, ftpdConf.Bindings[0].PassiveIPOverrides[1].Networks, 1)
+
+	cleanup()
+	cfg := make(map[string]any)
+	cfg["ftpd"] = ftpdConf
+	configAsJSON, err := json.Marshal(cfg)
+	require.NoError(t, err)
+	confName := tempConfigName + ".json"
+	configFilePath := filepath.Join(configDir, confName)
+	err = os.WriteFile(configFilePath, configAsJSON, os.ModePerm)
+	assert.NoError(t, err)
+	os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__0__IP", "192.168.1.2")
+	os.Setenv("SFTPGO_FTPD__BINDINGS__0__PASSIVE_IP_OVERRIDES__1__NETWORKS", "192.168.2.0/24,192.168.4.0/25")
+	err = config.LoadConfig(configDir, confName)
+	assert.NoError(t, err)
+	ftpdConf = config.GetFTPDConfig()
+	require.Len(t, ftpdConf.Bindings, 1)
+	require.Len(t, ftpdConf.Bindings[0].PassiveIPOverrides, 2)
+	require.Equal(t, "192.168.1.2", ftpdConf.Bindings[0].PassiveIPOverrides[0].IP)
+	require.Len(t, ftpdConf.Bindings[0].PassiveIPOverrides[0].Networks, 2)
+	require.Equal(t, "192.168.2.1", ftpdConf.Bindings[0].PassiveIPOverrides[1].IP)
+	require.Len(t, ftpdConf.Bindings[0].PassiveIPOverrides[1].Networks, 2)
+
+	err = os.Remove(configFilePath)
+	assert.NoError(t, err)
+}
+
+func TestHTTPDSubObjectsFromEnv(t *testing.T) {
+	reset()
+
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__SECURITY__HTTPS_PROXY_HEADERS__0__KEY", "X-Forwarded-Proto")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__SECURITY__HTTPS_PROXY_HEADERS__0__VALUE", "https")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__WEB_CLIENT_INTEGRATIONS__0__URL", "http://127.0.0.1/")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__WEB_CLIENT_INTEGRATIONS__0__FILE_EXTENSIONS", ".pdf, .txt")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__CLIENT_ID", "client_id")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__CLIENT_SECRET", "client_secret")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__CONFIG_URL", "config_url")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__REDIRECT_BASE_URL", "redirect_base_url")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__USERNAME_FIELD", "email")
+	cleanup := func() {
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__SECURITY__HTTPS_PROXY_HEADERS__0__KEY")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__SECURITY__HTTPS_PROXY_HEADERS__0__VALUE")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__WEB_CLIENT_INTEGRATIONS__0__URL")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__WEB_CLIENT_INTEGRATIONS__0__FILE_EXTENSIONS")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__CLIENT_ID")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__CLIENT_SECRET")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__CONFIG_URL")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__REDIRECT_BASE_URL")
+		os.Unsetenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__USERNAME_FIELD")
+	}
+	t.Cleanup(cleanup)
+
+	configDir := ".."
+	err := config.LoadConfig(configDir, "")
+	assert.NoError(t, err)
+	httpdConf := config.GetHTTPDConfig()
+	require.Len(t, httpdConf.Bindings, 1)
+	require.Len(t, httpdConf.Bindings[0].Security.HTTPSProxyHeaders, 1)
+	require.Len(t, httpdConf.Bindings[0].WebClientIntegrations, 1)
+	require.Equal(t, "client_id", httpdConf.Bindings[0].OIDC.ClientID)
+	require.Equal(t, "client_secret", httpdConf.Bindings[0].OIDC.ClientSecret)
+	require.Equal(t, "config_url", httpdConf.Bindings[0].OIDC.ConfigURL)
+	require.Equal(t, "redirect_base_url", httpdConf.Bindings[0].OIDC.RedirectBaseURL)
+	require.Equal(t, "email", httpdConf.Bindings[0].OIDC.UsernameField)
+
+	cleanup()
+	cfg := make(map[string]any)
+	cfg["httpd"] = httpdConf
+	configAsJSON, err := json.Marshal(cfg)
+	require.NoError(t, err)
+	confName := tempConfigName + ".json"
+	configFilePath := filepath.Join(configDir, confName)
+	err = os.WriteFile(configFilePath, configAsJSON, os.ModePerm)
+	assert.NoError(t, err)
+
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__SECURITY__HTTPS_PROXY_HEADERS__0__VALUE", "http")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__WEB_CLIENT_INTEGRATIONS__0__URL", "http://127.0.1.1/")
+	os.Setenv("SFTPGO_HTTPD__BINDINGS__0__OIDC__CLIENT_SECRET", "new_client_secret")
+	err = config.LoadConfig(configDir, confName)
+	assert.NoError(t, err)
+	httpdConf = config.GetHTTPDConfig()
+	require.Len(t, httpdConf.Bindings, 1)
+	require.Len(t, httpdConf.Bindings[0].Security.HTTPSProxyHeaders, 1)
+	require.Equal(t, "http", httpdConf.Bindings[0].Security.HTTPSProxyHeaders[0].Value)
+	require.Len(t, httpdConf.Bindings[0].WebClientIntegrations, 1)
+	require.Equal(t, "http://127.0.1.1/", httpdConf.Bindings[0].WebClientIntegrations[0].URL)
+	require.Equal(t, "client_id", httpdConf.Bindings[0].OIDC.ClientID)
+	require.Equal(t, "new_client_secret", httpdConf.Bindings[0].OIDC.ClientSecret)
+	require.Equal(t, "config_url", httpdConf.Bindings[0].OIDC.ConfigURL)
+	require.Equal(t, "redirect_base_url", httpdConf.Bindings[0].OIDC.RedirectBaseURL)
+	require.Equal(t, "email", httpdConf.Bindings[0].OIDC.UsernameField)
+
+	err = os.Remove(configFilePath)
+	assert.NoError(t, err)
+}
+
 func TestPluginsFromEnv(t *testing.T) {
 	reset()

@@ -545,7 +665,9 @@ func TestPluginsFromEnv(t *testing.T) {
 	require.Equal(t, kms.SecretStatusAWS, pluginConf.KMSOptions.EncryptedStatus)
 	require.Equal(t, 14, pluginConf.AuthOptions.Scope)

-	configAsJSON, err := json.Marshal(pluginsConf)
+	cfg := make(map[string]any)
+	cfg["plugins"] = pluginConf
+	configAsJSON, err := json.Marshal(cfg)
 	require.NoError(t, err)
 	confName := tempConfigName + ".json"
 	configFilePath := filepath.Join(configDir, confName)