sshecret/packages/sshecret-sshd/src/sshecret_sshd/settings.py

"""SSH Server settings."""

import ipaddress
from typing import Annotated, Any
from pydantic import AnyHttpUrl, BaseModel, Field, IPvAnyNetwork, field_validator
from pydantic_settings import BaseSettings, ForceDecode, SettingsConfigDict


DEFAULT_LISTEN_PORT = 2222


class ClientRegistrationSettings(BaseModel):
    """Client registration settings."""

    enabled: bool = False
    allow_from: Annotated[list[IPvAnyNetwork], ForceDecode] = Field(
        default_factory=list
    )

    @field_validator("allow_from", mode="before")
    @classmethod
    def ensure_allow_from_list(cls, value: Any) -> list[IPvAnyNetwork]:
        """Convert allow_from to a list."""
        allow_from: list[IPvAnyNetwork] = []
        if isinstance(value, list):
            entries = value
        elif isinstance(value, str):
            entries = value.split(",")
        else:
            raise ValueError("Error: Unknown format for allowed_from.")

        for entry in entries:
            if isinstance(entry, str):
                allow_from.append(ipaddress.ip_network(entry))
            elif isinstance(entry, (ipaddress.IPv4Network, ipaddress.IPv6Network)):
                allow_from.append(entry)
        return allow_from


class ServerSettings(BaseSettings):
    """Server Settings."""

    model_config = SettingsConfigDict(
        env_file=".sshd.env", env_prefix="sshecret_sshd_", env_nested_delimiter="_"
    )

    backend_url: AnyHttpUrl = Field(alias="sshecret_backend_url")
    backend_token: str
    listen_address: str = Field(default="127.0.0.1")
    port: int = DEFAULT_LISTEN_PORT
    registration: ClientRegistrationSettings = Field(
        default_factory=ClientRegistrationSettings
    )
    debug: bool = False
    enable_ping_command: bool = False