Good foundations

1 files changed, 67 insertions, 0 deletions

diff --git a/internal/db/data_validation.go b/internal/db/data_validation.go
new file mode 100644
index 0000000..1883dc0
--- /dev/null
+++ b/internal/db/data_validation.go
@@ -0,0 +1,67 @@
+package db
+
+import (
+	"context"
+	"database/sql"
+	"log/slog"
+)
+
+const (
+	PublicUserSignupKey = "ACCEPT_PUBLIC_USERS"
+	EnforceHttpsKey     = "ENFORCE_HTTPS"
+	MaxUsersKey         = "MAX_USERS"
+)
+
+var settingValidations = [...]struct {
+	key        string // key to look for in the settings
+	defaultVal string // Default value to init if not set
+}{
+	{ // Only admins can create users when false
+		PublicUserSignupKey,
+		"FALSE",
+	},
+	{ // If something like traefik manages https, this can be set to
+		// false. But there MUST be https in your stack otherwise
+		// credentials are sent in the clear
+		EnforceHttpsKey,
+		"TRUE",
+	},
+	{ // Safeguard to avoid account creation spamming.
+		// An admin can still create users over the limit
+		MaxUsersKey,
+		"25",
+	},
+}
+
+func ValidateSettings(ctx context.Context, db *sql.DB) error {
+	valTx, err := db.PrepareContext(ctx, "SELECT value FROM Settings WHERE key=?")
+	if err != nil {
+		return err
+	}
+	defer valTx.Close()
+
+	newTx, err := db.PrepareContext(ctx, "INSERT INTO Settings (key, value) VALUES (?, ?)")
+	if err != nil {
+		return err
+	}
+	defer newTx.Close()
+
+	for _, s := range settingValidations {
+		var val string
+		err := valTx.QueryRowContext(ctx, s.key).Scan(&val)
+		if err != nil {
+			return err
+		}
+		if val == "" {
+			slog.WarnContext(ctx, "Missing configuration, setting the default",
+				"setting", s.key,
+				"value", s.defaultVal,
+			)
+			_, err := newTx.ExecContext(ctx, s.key, s.defaultVal)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}