nix-cache-login/internal/config/config.go

package config

import (
	"fmt"
	"os"
	"path/filepath"
	"strings"

	"github.com/adrg/xdg"
	toml "github.com/pelletier/go-toml/v2"
)

type Config struct {
	Issuer           string `toml:"issuer"`
	ClientID         string `toml:"client_id"`
	ClientSecretFile string `toml:"client_secret_file,omitempty"`
	CacheHost        string `toml:"cache_host"`
	NetrcPath        string `toml:"netrc_path"`

	// ClientSecret is populated at load time by reading ClientSecretFile.
	ClientSecret string `toml:"-"`
}

// Load reads the config from the given path, or from the default XDG location.
func Load(path string) (*Config, error) {
	if path == "" {
		path = filepath.Join(xdg.ConfigHome, "nix-cache-login", "config.toml")
	}

	data, err := os.ReadFile(path)
	if err != nil {
		return nil, fmt.Errorf("reading config file: %w", err)
	}

	var cfg Config
	if err := toml.Unmarshal(data, &cfg); err != nil {
		return nil, fmt.Errorf("parsing config file: %w", err)
	}

	cfg.NetrcPath = os.ExpandEnv(cfg.NetrcPath)
	cfg.ClientSecretFile = os.ExpandEnv(cfg.ClientSecretFile)

	if cfg.ClientSecretFile != "" {
		secret, err := os.ReadFile(cfg.ClientSecretFile)
		if err != nil {
			return nil, fmt.Errorf("reading client_secret_file: %w", err)
		}
		cfg.ClientSecret = strings.TrimSpace(string(secret))
	}

	if err := cfg.validate(); err != nil {
		return nil, err
	}

	return &cfg, nil
}

func (c *Config) validate() error {
	if c.Issuer == "" {
		return fmt.Errorf("config: issuer is required")
	}
	if c.ClientID == "" {
		return fmt.Errorf("config: client_id is required")
	}
	if c.CacheHost == "" {
		return fmt.Errorf("config: cache_host is required")
	}
	if c.NetrcPath == "" {
		return fmt.Errorf("config: netrc_path is required")
	}
	return nil
}

// RefreshTokenPath returns the path to the stored refresh token.
func RefreshTokenPath() string {
	return filepath.Join(xdg.ConfigHome, "nix-cache-login", "refresh-token")
}