App Logo
Plugins

Config Manager Plugin

The Config Manager plugin enables dynamic configuration management for Authula. It allows storing, updating, and retrieving app settings from a database in real-time, with encryption for sensitive data.

Features

  • Dynamic Updates: Change configuration without restarting the app using dot-notation (e.g., logger.level).
  • Encryption: Automatically encrypts sensitive fields like secrets, URLs, and credentials using ChaCha20Poly1305.
  • Validation: Ensures updates match the expected schema.
  • Notifications: Alerts other plugins of changes via a watcher system.
  • Polling: Checks for updates every 5 seconds for near real-time detection.
  • Database Support: Works with PostgreSQL, MySQL, and SQLite.

Usage

Standalone Mode

Enable the plugin in your config.toml:

[plugins.config_manager]
enabled = true

Library Mode

Instantiate the plugin in your Go code:

import (
  authula "github.com/Authula/authula"
  authulaconfig "github.com/Authula/authula/config"
  authulamodels "github.com/Authula/authula/models"
  configmanagerplugin "github.com/Authula/authula/plugins/config-manager"
  configmanagerplugintypes "github.com/Authula/authula/plugins/config-manager/types"
)

config := authulaconfig.NewConfig(/* ... */)
authula.New(&authula.AuthConfig{
  Config: config,
  Plugins: []authulamodels.Plugin{
    configmanagerplugin.New(configmanagerplugintypes.ConfigManagerPluginConfig{
  		Enabled: true,
  	}),
  },
})

API Endpoints

Both endpoints require an admin API key in the X-API-KEY header (set via ADMIN_API_KEY env var).

GET /config

Retrieves the current configuration.

Response:

{
  "message": "config retrieved successfully",
  "data": {
    /* full config */
  }
}

PATCH /config

Updates configuration values.

Request Body:

{
  "logger": { "level": "debug" },
  "session": { "trusted_origins": ["https://example.com"] }
}

Response:

{
  "message": "configuration updated successfully",
  "data": {
    /* updated config */
  }
}

Database Support

The plugin includes migration scripts for each database:

  • PostgreSQL: Uses JSONB, triggers for timestamps, and sequences.
  • MySQL: Uses JSON, auto-increment, and proper encoding.
  • SQLite: Uses TEXT, integers, and indexes.

Security & Best Practices

  • Sensitive data is encrypted at rest.
  • API access requires authentication.
  • Validate inputs to prevent issues.
  • Use API endpoints for updates, not direct DB access.
  • Secure and rotate the admin API key.
  • Monitor changes and test in staging.
  • Back up configuration data.

Technical Notes

  • Data Model: Stored in auth_settings table with version control.
  • Integration: Registers in service registry; integrates with plugin lifecycle.
  • Error Handling: Rejects invalid updates; handles DB issues gracefully.
  • Performance: Atomic reads, selective encryption, efficient polling.

Bearer Plugin

Previous Page

CSRF Plugin

Next Page

On this page

FeaturesUsageStandalone ModeLibrary ModeAPI EndpointsGET /configPATCH /configDatabase SupportSecurity & Best PracticesTechnical Notes