@@ -12,7 +12,7 @@ import (
1212)
1313
1414// Cfg is the singleton instance of Config
15- var Cfg * Config = NewConfig ()
15+ var Cfg = NewConfig ()
1616
1717// Config holds all the configuration for both authboss and it's modules.
1818type Config struct {
@@ -50,36 +50,66 @@ type Config struct {
5050 RecoverOKPath string
5151 RecoverTokenDuration time.Duration
5252
53- Policies []Validator
53+ // Policies control validation of form fields and are automatically run
54+ // against form posts that include the fields.
55+ Policies []Validator
56+ // ConfirmFields are fields that are supposed to be submitted with confirmation
57+ // fields alongside them, passwords, emails etc.
5458 ConfirmFields []string
5559
60+ // ExpireAfter controls the time an account is idle before being logged out
61+ // by the ExpireMiddleware.
5662 ExpireAfter time.Duration
5763
58- LockAfter int
59- LockWindow time.Duration
64+ // LockAfter this many tries.
65+ LockAfter int
66+ // LockWindow is the waiting time before the number of attemps are reset.
67+ LockWindow time.Duration
68+ // LockDuration is how long an account is locked for.
6069 LockDuration time.Duration
6170
62- EmailFrom string
71+ // EmailFrom is the email address authboss e-mails come from.
72+ EmailFrom string
73+ // EmailSubjectPrefix is used to add something to the front of the authboss
74+ // email subjects.
6375 EmailSubjectPrefix string
64- SMTPAddress string
65- SMTPAuth smtp.Auth
66-
67- XSRFName string
76+ // SMTPAddress is the address of the SMTP server.
77+ SMTPAddress string
78+ // SMTPAuth is authentication details for the SMTP server, can be nil and if not
79+ // will repeat the SMTPAddress, this is intentional.
80+ SMTPAuth smtp.Auth
81+
82+ // XSRFName is the name of the xsrf token to put in the hidden form fields.
83+ XSRFName string
84+ // XSRFMaker is a function that returns an xsrf token for the current non-POST request.
6885 XSRFMaker XSRF
6986
70- Storer Storer
71- OAuth2Storer OAuth2Storer
72- CookieStoreMaker CookieStoreMaker
87+ // Storer is the interface through which Authboss accesses the web apps database.
88+ Storer Storer
89+ // OAuth2Storer is a different kind of storer only meant for OAuth2.
90+ OAuth2Storer OAuth2Storer
91+ // CookieStoreMaker must be defined to provide an interface capapable of storing cookies
92+ // for the given response, and reading them from the request.
93+ CookieStoreMaker CookieStoreMaker
94+ // SessionStoreMaker must be defined to provide an interface capable of storing session-only
95+ // values for the given response, and reading them from the request.
7396 SessionStoreMaker SessionStoreMaker
74- LogWriter io.Writer
75- Callbacks * Callbacks
76- Mailer Mailer
97+ // LogWriter is written to when errors occur, as well as on startup to show which modules are loaded
98+ // and which routes they registered. By default writes to io.Discard.
99+ LogWriter io.Writer
100+ // Callbacks is an internal mechanism that can be used by implementers and will be set automatically.
101+ Callbacks * Callbacks
102+ // Mailer is the mailer being used to send e-mails out. Authboss defines two loggers for use
103+ // LogMailer and SMTPMailer, the default is a LogMailer to io.Discard.
104+ Mailer Mailer
77105}
78106
107+ // NewConfig creates a config full of healthy default values.
108+ // Notable exceptions to default values are the Storers.
79109func NewConfig () * Config {
80110 return & Config {
81111 MountPath : "/" ,
82- ViewsPath : "/" ,
112+ ViewsPath : ". /" ,
83113 RootURL : "http://localhost:8080" ,
84114 BCryptCost : bcrypt .DefaultCost ,
85115
@@ -116,6 +146,10 @@ func NewConfig() *Config {
116146
117147 ExpireAfter : 60 * time .Minute ,
118148
149+ LockAfter : 3 ,
150+ LockWindow : 5 * time .Minute ,
151+ LockDuration : 5 * time .Hour ,
152+
119153 RecoverOKPath : "/" ,
120154 RecoverTokenDuration : time .Duration (24 ) * time .Hour ,
121155
0 commit comments