using System; using System.Linq; namespace StellaOps.Notify.WebService.Options; internal static class NotifyWebServiceOptionsValidator { public static void Validate(NotifyWebServiceOptions options) { ArgumentNullException.ThrowIfNull(options); ValidateStorage(options.Storage); ValidateAuthority(options.Authority); ValidateApi(options.Api); } private static void ValidateStorage(NotifyWebServiceOptions.StorageOptions storage) { ArgumentNullException.ThrowIfNull(storage); var driver = storage.Driver ?? string.Empty; if (!string.Equals(driver, "mongo", StringComparison.OrdinalIgnoreCase) && !string.Equals(driver, "memory", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException($"Unsupported storage driver '{storage.Driver}'."); } if (string.Equals(driver, "mongo", StringComparison.OrdinalIgnoreCase)) { if (string.IsNullOrWhiteSpace(storage.ConnectionString)) { throw new InvalidOperationException("notify:storage:connectionString must be provided."); } if (string.IsNullOrWhiteSpace(storage.Database)) { throw new InvalidOperationException("notify:storage:database must be provided."); } if (storage.CommandTimeoutSeconds <= 0) { throw new InvalidOperationException("notify:storage:commandTimeoutSeconds must be positive."); } } } private static void ValidateAuthority(NotifyWebServiceOptions.AuthorityOptions authority) { ArgumentNullException.ThrowIfNull(authority); if (authority.Enabled) { if (string.IsNullOrWhiteSpace(authority.Issuer)) { throw new InvalidOperationException("notify:authority:issuer must be provided when authority is enabled."); } if (authority.Audiences is null || authority.Audiences.Count == 0) { throw new InvalidOperationException("notify:authority:audiences must include at least one value."); } if (string.IsNullOrWhiteSpace(authority.AdminScope) || string.IsNullOrWhiteSpace(authority.OperatorScope) || string.IsNullOrWhiteSpace(authority.ViewerScope)) { throw new InvalidOperationException("notify:authority admin, operator, and viewer scopes must be configured."); } } else { if (string.IsNullOrWhiteSpace(authority.DevelopmentSigningKey) || authority.DevelopmentSigningKey.Length < 32) { throw new InvalidOperationException("notify:authority:developmentSigningKey must be at least 32 characters when authority is disabled."); } } } private static void ValidateApi(NotifyWebServiceOptions.ApiOptions api) { ArgumentNullException.ThrowIfNull(api); if (!api.BasePath.StartsWith("/", StringComparison.Ordinal)) { throw new InvalidOperationException("notify:api:basePath must start with '/'."); } if (!api.InternalBasePath.StartsWith("/", StringComparison.Ordinal)) { throw new InvalidOperationException("notify:api:internalBasePath must start with '/'."); } if (string.IsNullOrWhiteSpace(api.TenantHeader)) { throw new InvalidOperationException("notify:api:tenantHeader must be provided."); } ValidateRateLimits(api.RateLimits); } private static void ValidateRateLimits(NotifyWebServiceOptions.RateLimitOptions rateLimits) { ArgumentNullException.ThrowIfNull(rateLimits); ValidatePolicy(rateLimits.DeliveryHistory, "notify:api:rateLimits:deliveryHistory"); ValidatePolicy(rateLimits.TestSend, "notify:api:rateLimits:testSend"); static void ValidatePolicy(NotifyWebServiceOptions.RateLimitPolicyOptions options, string prefix) { ArgumentNullException.ThrowIfNull(options); if (!options.Enabled) { return; } if (options.TokenLimit <= 0) { throw new InvalidOperationException($"{prefix}:tokenLimit must be positive when enabled."); } if (options.TokensPerPeriod <= 0) { throw new InvalidOperationException($"{prefix}:tokensPerPeriod must be positive when enabled."); } if (options.ReplenishmentPeriodSeconds <= 0) { throw new InvalidOperationException($"{prefix}:replenishmentPeriodSeconds must be positive when enabled."); } if (options.QueueLimit < 0) { throw new InvalidOperationException($"{prefix}:queueLimit cannot be negative."); } } } }