Config to db merge

.github/workflows/ci.yml

@@ -40,7 +40,6 @@ jobs:
 
     env:
       CARGO_TERM_COLOR: always
-      DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94
       DEFGUARD_DB_HOST: postgres
       DEFGUARD_DB_PORT: 5432
       DEFGUARD_DB_NAME: defguard

crates/defguard/src/main.rs

@@ -97,16 +97,12 @@ async fn main() -> Result<(), anyhow::Error> {
         info!("Using HMAC OpenID signing key");
     }
 
-    // initialize default settings
-    Settings::init_defaults(&pool).await?;
-    Settings::ensure_secret_key(&pool, &config).await?;
-    let mut ini_server_config = true;
     // initialize global settings struct
     initialize_current_settings(&pool).await?;
 
     let has_auto_adopt_flags = config.adopt_edge.is_some() || config.adopt_gateway.is_some();
     let wizard = Wizard::init(&pool, has_auto_adopt_flags).await?;
-    // FIXME: Merge logic conflict, migration wizard depended on WizardFlags, move this logic to Wizard
+    let mut ini_server_config = true;
 
     if !wizard.completed {
         match wizard.active_wizard {
@@ -128,6 +124,8 @@ async fn main() -> Result<(), anyhow::Error> {
                 let mut settings = Settings::get_current_settings();
                 settings.update_from_config(&pool, &config).await?;
 
+                Settings::initialize_runtime_defaults(&pool).await?;
+
                 config.initialize_post_settings();
                 SERVER_CONFIG
                     .set(config.clone())
@@ -148,6 +146,8 @@ async fn main() -> Result<(), anyhow::Error> {
         }
     }
 
+    Settings::initialize_runtime_defaults(&pool).await?;
+
     if ini_server_config {
         config.initialize_post_settings();
 

crates/defguard_common/src/config.rs

@@ -37,10 +37,10 @@ pub struct DefGuardConfig {
     #[arg(long, env = "DEFGUARD_LOG_FILE")]
     pub log_file: Option<String>,
 
-    #[arg(long, env = "DEFGUARD_AUTH_COOKIE_TIMEOUT", default_value = "7d")]
+    #[arg(long, env = "DEFGUARD_AUTH_COOKIE_TIMEOUT")]
     #[serde(skip_serializing)]
-    #[deprecated(since = "2.0.0", note = "Use Settings.default_authentication instead")]
-    pub auth_cookie_timeout: Duration,
+    #[deprecated(since = "2.0.0", note = "Use Settings.auth_cookie_timeout instead")]
+    pub auth_cookie_timeout: Option<Duration>,
 
     #[arg(long, env = "DEFGUARD_SECRET_KEY")]
     #[serde(skip_serializing)]
@@ -76,16 +76,6 @@ pub struct DefGuardConfig {
     #[arg(long, env = "DEFGUARD_GRPC_KEY")]
     pub grpc_key: Option<String>,
 
-    #[arg(
-        long,
-        env = "DEFGUARD_DEFAULT_ADMIN_PASSWORD",
-        default_value = "pass123"
-    )]
-    #[serde(skip_serializing)]
-    // TODO: Deprecate this, since we have initial setup now.
-    // We use it in some dev/test scenarios still so the approach will need to be changed there.
-    pub default_admin_password: SecretString,
-
     #[arg(long, env = "DEFGUARD_OPENID_KEY", value_parser = Self::parse_openid_key)]
     #[serde(skip_serializing)]
     pub openid_signing_key: Option<RsaPrivateKey>,
@@ -100,10 +90,6 @@ pub struct DefGuardConfig {
     #[deprecated(since = "2.0.0", note = "Use Settings.defguard_url instead")]
     pub url: Url,
 
-    #[arg(long, env = "DEFGUARD_GRPC_URL", value_parser = Url::parse)]
-    #[deprecated(since = "2.0.0", note = "Use Settings.grpc_url instead")]
-    pub grpc_url: Option<Url>,
-
     #[arg(long, env = "DEFGUARD_DISABLE_STATS_PURGE")]
     #[deprecated(since = "2.0.0", note = "Use Settings.disable_stats_purge instead")]
     pub disable_stats_purge: Option<bool>,
@@ -118,7 +104,7 @@ pub struct DefGuardConfig {
     #[deprecated(since = "2.0.0", note = "Use Settings.stats_purge_threshold instead")]
     pub stats_purge_threshold: Option<Duration>,
 
-    #[arg(long, env = "DEFGUARD_ENROLLMENT_URL", value_parser = Url::parse, default_value = "http://localhost:8080")]
+    #[arg(long, env = "DEFGUARD_ENROLLMENT_URL", value_parser = Url::parse)]
     #[serde(skip_serializing)]
     #[deprecated(since = "2.0.0", note = "Use Settings.public_proxy_url instead")]
     pub enrollment_url: Option<Url>,
@@ -261,21 +247,9 @@ impl DefGuardConfig {
     /// Initialize values that depend on Settings.
     pub fn initialize_post_settings(&mut self) {
         let url = Settings::url().expect("Unable to parse Defguard URL.");
-        // TODO(jck)
-        // self.initialize_rp_id(&url);
         self.initialize_cookie_domain(&url);
     }
 
-    // fn initialize_rp_id(&mut self, url: &Url) {
-    //     if self.webauthn_rp_id.is_none() {
-    //         self.webauthn_rp_id = Some(
-    //             url.domain()
-    //                 .expect("Unable to get domain for server URL.")
-    //                 .to_string(),
-    //         );
-    //     }
-    // }
-
     fn initialize_cookie_domain(&mut self, url: &Url) {
         if self.cookie_domain.is_none() {
             self.cookie_domain = Some(
@@ -325,30 +299,6 @@ mod tests {
         DefGuardConfig::command().debug_assert();
     }
 
-    // #[test]
-    // fn test_generate_rp_id() {
-    //     unsafe {
-    //         env::remove_var("DEFGUARD_WEBAUTHN_RP_ID");
-    //     }
-
-    //     let url = Url::parse("https://defguard.example.com").unwrap();
-    //     let mut config = DefGuardConfig::new();
-    //     config.initialize_rp_id(&url);
-
-    //     assert_eq!(
-    //         config.webauthn_rp_id,
-    //         Some("defguard.example.com".to_string())
-    //     );
-
-    //     unsafe {
-    //         env::set_var("DEFGUARD_WEBAUTHN_RP_ID", "example.com");
-    //     }
-
-    //     let config = DefGuardConfig::new();
-
-    //     assert_eq!(config.webauthn_rp_id, Some("example.com".to_string()));
-    // }
-
     #[test]
     fn test_generate_cookie_domain() {
         unsafe {