some more cleanup

compose/docker-compose.yml

@@ -16,18 +16,13 @@ services:
       tags:
         - uyulala
     volumes:
-      - ./uyulala.compose.yml:/etc/uyulala/uyulala.yml
+      - ./uyulala.yml:/etc/uyulala/uyulala.yml
     depends_on:
       - mariadb
   grafana:
     image: grafana/grafana:11.4.0
     ports:
       - "3000:3000"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.grafana.entrypoints=grafana"
-      - "traefik.http.routers.grafana.service=grafana"
-      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
     profiles:
       - use-case
     environment:

compose/uyulala.compose.yml → compose/uyulala.yml

@@ -1,3 +1,5 @@
+# Used in docker-compose.yml
+
 # Issuer
 issuer: "https://localhost:8080"
 

scripts/bootstrap.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+go build -o uyulala
+./uyulala create key
+./uyulala create app --demo demo

uyulala.yml

@@ -1,45 +1,86 @@
+# Issuer
+issuer: htts://localhost:8080
+
+# HTTP settings
 http:
+  # The path to the static files, should point to a location with the front-end authenticator.
+  staticPath: /www/
+  # The address to listen on
   addr: ":8080"
-  staticPath: frontend/dist
+
+  # Referer setting
+  refererPolicy: "origin"
+  # Cache control setting
+  cacheControl: "no-cache, no-store, must-revalidate"
+
+  # Timeouts
+  readTimeout: 5s
+  readHeaderTimeout: 5s
+  writeTimeout: 5s
+  idleTimeout: 5s
+
+  # Maximum header size (1MB)
+  maxHeaderBytes: 1048576
+
+# Database settings
 database:
+  # The database connection DSN
   dsn: "root:root@tcp(127.0.0.1:3306)/uyulala?charset=utf8mb4&parseTime=True&multiStatements=true&collation=utf8mb4_unicode_ci"
+
+# webauthn settings
 webauthn:
+  # The ID of the Relying Party
   id: localhost
+  # The display name of the Relying Party
   display_name: uyulala
+  # The origins of the Relying Party
   origins:
     - https://localhost
     - http://localhost:8080
     - https://localhost:8080
     - http://localhost:5173
     - https://localhost:5173
+  # The attestation mode
   attestation: direct
-  debug: true
-  mds3: https://mds.fidoalliance.org
-
+  # Attachment
+  # platform or cross-platform or empty
+  attachment: ""
 
-issuer: "http://localhost:8080"
-
-ciba:
-  qrTemplate: "http://localhost:8080/authenticator?id={.challengeId}"
+challenge:
+  # Max time difference for the get challenge token
+  maxTimeDiff: 5s
 
+# userApi settings
 userApi:
+  # Trusted issuer for the user API.
+  # If set, the issuer of the JWT issuer must match this value.
+  # If not set, the user API is disabled.
   trustedIssuer: ""
 
+# idToken settings
 idToken:
+  # How long an id token should be valid
   length: 1h
 
+# Refresh token settings
 refreshToken:
+  # How long a refresh token should be valid
   length: 3h
+  # Extend refresh token when used
   extendOnUse: true
 
+# Access token settings
 accessToken:
-  length: 1h
+  # How long an access token should be valid before a refresh is required
+  length: 300s
+  # Embed the extension values in the access token claims
   extension:
     scope:
       - authorization
 
+# TLS Settings
 tls:
-  enable: true
+  enabled: true
   generate: true
   cert: "tls/server.crt"
   key: "tls/server.key"