AccessLogsConfig defines the type of transactions logs printed to stdout.

type AccessLogsConfig struct {
	// Enabled controls the generation of access logs by the Gateway. Default: false.
	Enabled	bool	`json:"enabled"`

	// Template configures which fields to include in the access log.
	// If no template is configured, all available fields will be logged.
	//
	// Example: ["client_ip", "path"].
	//
	// Template Options:
	//
	// - `api_key` will include they obfuscated or hashed key.
	// - `client_ip` will include the ip of the request.
	// - `host` will include the host of the request.
	// - `method` will include the request method.
	// - `path` will include the path of the request.
	// - `protocol` will include the protocol of the request.
	// - `remote_addr` will include the remote address of the request.
	// - `upstream_addr` will include the upstream address (scheme, host and path)
	// - `upstream_latency` will include the upstream latency of the request.
	// - `latency_total` will include the total latency of the request.
	// - `user_agent` will include the user agent of the request.
	// - `status` will include the response status code.
	Template	[]string	`json:"template"`
}

This type doesn't have documentation.

type AnalyticsConfigConfig struct {
	// Set empty for a Self-Managed installation or `rpc` for multi-cloud.
	Type	string	`json:"type"`

	// Adding IP addresses to this list will cause Tyk to ignore these IPs in the analytics data. These IP addresses will not produce an analytics log record.
	// This is useful for health checks and other samplers that might skew usage data.
	// The IP addresses must be provided as a JSON array, with the values being single IPs. CIDR values are not supported.
	IgnoredIPs	[]string	`json:"ignored_ips"`

	// Set this value to `true` to have Tyk store the inbound request and outbound response data in HTTP Wire format as part of the Analytics data.
	// Please note, this will greatly increase your analytics DB size and can cause performance degradation on analytics processing by the Dashboard.
	// This setting can be overridden with an organization flag, enabed at an API level, or on individual Key level.
	EnableDetailedRecording	bool	`json:"enable_detailed_recording"`

	// Tyk can store GeoIP information based on MaxMind DB’s to enable GeoIP tracking on inbound request analytics. Set this value to `true` and assign a DB using the `geo_ip_db_path` setting.
	EnableGeoIP	bool	`json:"enable_geo_ip"`

	// Path to a MaxMind GeoIP database
	// The analytics GeoIP DB can be replaced on disk. It will cleanly auto-reload every hour.
	GeoIPDBLocation	string	`json:"geo_ip_db_path"`

	// This section describes methods that enable you to normalise inbound URLs in your analytics to have more meaningful per-path data.
	NormaliseUrls	NormalisedURLConfig	`json:"normalise_urls"`

	// Number of workers used to process analytics. Defaults to number of CPU cores.
	PoolSize	int	`json:"pool_size"`

	// Number of records in analytics queue, per worker. Default: 1000.
	RecordsBufferSize	uint64	`json:"records_buffer_size"`

	// You can set a time (in seconds) to configure how long analytics are kept if they are not processed. The default is 60 seconds.
	// This is used to prevent the potential infinite growth of Redis analytics storage.
	StorageExpirationTime	int	`json:"storage_expiration_time"`

	// Set this to `true` to have Tyk automatically divide the analytics records in multiple analytics keys.
	// This is especially useful when `storage.enable_cluster` is set to `true` since it will distribute the analytic keys across all the cluster nodes.
	EnableMultipleAnalyticsKeys	bool	`json:"enable_multiple_analytics_keys"`

	// You can set the interval length on how often the tyk Gateway will purge analytics data. This value is in seconds and defaults to 10 seconds.
	PurgeInterval	float32	`json:"purge_interval"`

	ignoredIPsCompiled	map[string]bool

	// Determines the serialization engine for analytics. Available options: msgpack, and protobuf. By default, msgpack.
	SerializerType	string	`json:"serializer_type"`
}

This type doesn't have documentation.

type AuthOverrideConf struct {
	ForceAuthProvider	bool				`json:"force_auth_provider"`
	AuthProvider		apidef.AuthProviderMeta		`json:"auth_provider"`
	ForceSessionProvider	bool				`json:"force_session_provider"`
	SessionProvider		apidef.SessionProviderMeta	`json:"session_provider"`
}

This type doesn't have documentation.

type CertData struct {
	// Domain name
	Name	string	`json:"domain_name"`
	// Path to certificate file
	CertFile	string	`json:"cert_file"`
	// Path to private key file
	KeyFile	string	`json:"key_file"`
}

This type doesn't have documentation.

type CertificatesConfig struct {
	API	[]string	`json:"apis"`
	// Upstream is used to specify the certificates to be used in mutual TLS connections to upstream services. These are set at gateway level as a map of domain -> certificate id or path.
	// For example if you want Tyk to use the certificate `ab23ef123` for requests to the `example.com` upstream and `/certs/default.pem` for all other upstreams then:
	// In `tyk.conf` you would configure `"security": {"certificates": {"upstream": {"*": "/certs/default.pem", "example.com": "ab23ef123"}}}`
	// And if using environment variables you would set this to `*:/certs/default.pem,example.com:ab23ef123`.
	Upstream	map[string]string	`json:"upstream"`
	// Certificates used for Control API Mutual TLS
	ControlAPI	[]string	`json:"control_api"`
	// Used for communicating with the Dashboard if it is configured to use Mutual TLS
	Dashboard	[]string	`json:"dashboard_api"`
	// Certificates used for MDCB Mutual TLS
	MDCB	[]string	`json:"mdcb_api"`
}

This type doesn't have documentation.

type CertsData []CertData

This type doesn't have documentation.

type CoProcessConfig struct {
	// Enable gRPC and Python plugins
	EnableCoProcess	bool	`json:"enable_coprocess"`

	// Address of gRPC user
	CoProcessGRPCServer	string	`json:"coprocess_grpc_server"`

	// Maximum message which can be received from a gRPC server
	GRPCRecvMaxSize	int	`json:"grpc_recv_max_size"`

	// Maximum message which can be sent to gRPC server
	GRPCSendMaxSize	int	`json:"grpc_send_max_size"`

	// Authority used in GRPC connection
	GRPCAuthority	string	`json:"grpc_authority"`

	// Sets the path to built-in Tyk modules. This will be part of the Python module lookup path. The value used here is the default one for most installations.
	PythonPathPrefix	string	`json:"python_path_prefix"`

	// If you have multiple Python versions installed you can specify your version.
	PythonVersion	string	`json:"python_version"`
}

Config is the configuration object used by Tyk to set up various parameters.

"monitor": {
  "enable_trigger_monitors": true,
  "configuration": {
   "method": "POST",
   "target_path": "http://domain.com/notify/quota-trigger",
   "template_path": "templates/monitor_template.json",
   "header_map": {
     "some-secret": "89787855"
   },
   "event_timeout": 10
 },
 "global_trigger_limit": 80.0,
 "monitor_user_keys": false,
 "monitor_org_keys": true
},

"dns_cache": {
  "enabled": true, //Turned off by default
  "ttl": 60, //Time in seconds before the record will be removed from cache
  "multiple_ips_handle_strategy": "random" //A strategy, which will be used when dns query will reply with more than 1 ip address per single host.
}

"enable_bundle_downloader": true,
"bundle_base_url": "http://my-bundle-server.com/bundles/",
"public_key_path": "/path/to/my/pubkey",

"override_messages": {
  "oauth.auth_field_missing" : {
   "code": 401,
   "message": "Token is not authorized"
 }
}

type Config struct {
	// Force your Gateway to work only on a specific domain name. Can be overridden by API custom domain.
	HostName	string	`json:"hostname"`

	// If your machine has multiple network devices or IPs you can force the Gateway to use the IP address you want.
	ListenAddress	string	`json:"listen_address"`

	// Setting this value will change the port that Tyk listens on. Default: 8080.
	ListenPort	int	`json:"listen_port"`

	// Custom hostname for the Control API
	ControlAPIHostname	string	`json:"control_api_hostname"`

	// Set this to expose the Tyk Gateway API on a separate port. You can protect it behind a firewall if needed. Please make sure you follow this guide when setting the control port https://tyk.io/docs/tyk-self-managed/#change-your-control-port.
	ControlAPIPort	int	`json:"control_api_port"`

	// This should be changed as soon as Tyk is installed on your system.
	// This value is used in every interaction with the Tyk Gateway API. It should be passed along as the X-Tyk-Authorization header in any requests made.
	// Tyk assumes that you are sensible enough not to expose the management endpoints publicly and to keep this configuration value to yourself.
	Secret	string	`json:"secret"`

	// The shared secret between the Gateway and the Dashboard to ensure that API Definition downloads, heartbeat and Policy loads are from a valid source.
	NodeSecret	string	`json:"node_secret"`

	// Linux PID file location. Do not change unless you know what you are doing. Default: /var/run/tyk/tyk-gateway.pid
	PIDFileLocation	string	`json:"pid_file_location"`

	// Can be set to disable Dashboard message signature verification. When set to `true`, `public_key_path` can be ignored.
	AllowInsecureConfigs	bool	`json:"allow_insecure_configs"`

	// While communicating with the Dashboard. By default, all messages are signed by a private/public key pair. Set path to public key.
	PublicKeyPath	string	`json:"public_key_path"`

	// Allow your Dashboard to remotely set Gateway configuration via the Nodes screen.
	AllowRemoteConfig	bool	`bson:"allow_remote_config" json:"allow_remote_config"`

	// Global Certificate configuration
	Security	SecurityConfig	`json:"security"`

	// Gateway HTTP server configuration
	HttpServerOptions	HttpServerOptionsConfig	`json:"http_server_options"`

	// Expose version header with a given name. Works only for versioned APIs.
	VersionHeader	string	`json:"version_header"`

	// Disable dynamic API and Policy reloads, e.g. it will load new changes only on procecss start.
	SuppressRedisSignalReload	bool	`json:"suppress_redis_signal_reload"`

	// ReloadInterval defines a duration in seconds within which the gateway responds to a reload event.
	// The value defaults to 1, values lower than 1 are ignored.
	ReloadInterval	int64	`json:"reload_interval"`

	// Enable Key hashing
	HashKeys	bool	`json:"hash_keys"`

	// DisableKeyActionsByUsername disables key search by username.
	// When this is set to `true` you are able to search for keys only by keyID or key hash (if `hash_keys` is also set to `true`)
	// Note that if `hash_keys` is also set to `true` then the keyID will not be provided for APIs secured using basic auth. In this scenario the only search option would be to use key hash
	// If you are using the Tyk Dashboard, you must configure this setting with the same value in both Gateway and Dashboard
	DisableKeyActionsByUsername	bool	`json:"disable_key_actions_by_username"`

	// Specify the Key hashing algorithm. Possible values: murmur64, murmur128, sha256.
	HashKeyFunction	string	`json:"hash_key_function"`

	// Specify the Key hashing algorithm for "basic auth". Possible values: murmur64, murmur128, sha256, bcrypt.
	// Will default to "bcrypt" if not set.
	BasicAuthHashKeyFunction	string	`json:"basic_auth_hash_key_function"`

	// Specify your previous key hashing algorithm if you migrated from one algorithm to another.
	HashKeyFunctionFallback	[]string	`json:"hash_key_function_fallback"`

	// Allows the listing of hashed API keys
	EnableHashedKeysListing	bool	`json:"enable_hashed_keys_listing"`

	// Minimum API token length
	MinTokenLength	int	`json:"min_token_length"`

	// Path to error and webhook templates. Defaults to the current binary path.
	TemplatePath	string	`json:"template_path"`

	// The policies section allows you to define where Tyk can find its policy templates. Policy templates are similar to key definitions in that they allow you to set quotas, access rights and rate limits for keys.
	// Policies are loaded when Tyk starts and if changed require a hot-reload so they are loaded into memory.
	// A policy can be defined in a file (Open Source installations) or from the same database as the Dashboard.
	Policies	PoliciesConfig	`json:"policies"`

	// Defines the ports that will be available for the API services to bind to in the format
	// documented here https://tyk.io/docs/api-management/non-http-protocols/#allowing-specific-ports.
	// Ports can be configured per protocol, e.g. https, tls etc.
	// If configuring via environment variable `TYK_GW_PORTWHITELIST` then remember to escape
	// JSON strings.
	PortWhiteList	PortsWhiteList	`json:"ports_whitelist"`

	// Disable port whilisting, essentially allowing you to use any port for your API.
	DisablePortWhiteList	bool	`json:"disable_ports_whitelist"`

	// If Tyk is being used in its standard configuration (Open Source installations), then API definitions are stored in the apps folder (by default in /opt/tyk-gateway/apps).
	// This location is scanned for .json files and re-scanned at startup or reload.
	// See the API section of the Tyk Gateway API for more details.
	AppPath	string	`json:"app_path"`

	// If you are a Tyk Pro user, this option will enable polling the Dashboard service for API definitions.
	// On startup Tyk will attempt to connect and download any relevant application configurations from from your Dashboard instance.
	// The files are exactly the same as the JSON files on disk with the exception of a BSON ID supplied by the Dashboard service.
	UseDBAppConfigs	bool	`json:"use_db_app_configs"`

	// This section defines API loading and shard options. Enable these settings to selectively load API definitions on a node from your Dashboard service.
	DBAppConfOptions	DBAppConfOptionsConfig	`json:"db_app_conf_options"`

	// This section defines your Redis configuration.
	Storage	StorageOptionsConf	`json:"storage"`

	// Disable the capability of the Gateway to `autodiscover` the Dashboard through heartbeat messages via Redis.
	// The goal of zeroconf is auto-discovery, so you do not have to specify the Tyk Dashboard address in your Gateway`tyk.conf` file.
	// In some specific cases, for example, when the Dashboard is bound to a public domain, not accessible inside an internal network, or similar, `disable_dashboard_zeroconf` can be set to `true`, in favor of directly specifying a Tyk Dashboard address.
	DisableDashboardZeroConf	bool	`json:"disable_dashboard_zeroconf"`

	// The `slave_options` allow you to configure the RPC slave connection required for MDCB installations.
	// These settings must be configured for every RPC slave/worker node.
	SlaveOptions	SlaveOptionsConfig	`json:"slave_options"`

	// If set to `true`, distributed rate limiter will be disabled for this node, and it will be excluded from any rate limit calculation.
	//
	// Note:
	//   If you set `db_app_conf_options.node_is_segmented` to `true` for multiple Gateway nodes, you should ensure that `management_node` is set to `false`.
	//   This is to ensure visibility for the management node across all APIs.
	//
	//   For pro installations, `management_node` is not a valid configuration option.
	//   Always set `management_node` to `false` in pro environments.
	ManagementNode	bool	`json:"management_node"`

	// This is used as part of the RPC / Hybrid back-end configuration in a Tyk Enterprise installation and isn’t used anywhere else.
	AuthOverride	AuthOverrideConf	`json:"auth_override"`

	// RateLimit encapsulates rate limit configuration definitions.
	RateLimit

	// Allows you to dynamically configure analytics expiration on a per organization level
	EnforceOrgDataAge	bool	`json:"enforce_org_data_age"`

	// Allows you to dynamically configure detailed logging on a per organization level
	EnforceOrgDataDetailLogging	bool	`json:"enforce_org_data_detail_logging"`

	// Allows you to dynamically configure organization quotas on a per organization level
	EnforceOrgQuotas	bool	`json:"enforce_org_quotas"`

	ExperimentalProcessOrgOffThread	bool	`json:"experimental_process_org_off_thread"`

	// The monitor section is useful if you wish to enforce a global trigger limit on organization and user quotas.
	// This feature will trigger a webhook event to fire when specific triggers are reached.
	// Triggers can be global (set in the node), by organization (set in the organization session object) or by key (set in the key session object)
	//
	// While Organization-level and Key-level triggers can be tiered (e.g. trigger at 10%, trigger at 20%, trigger at 80%), in the node-level configuration only a global value can be set.
	// If a global value and specific trigger level are the same the trigger will only fire once:
	//
	// ```
	// "monitor": {
	//   "enable_trigger_monitors": true,
	//   "configuration": {
	//    "method": "POST",
	//    "target_path": "http://domain.com/notify/quota-trigger",
	//    "template_path": "templates/monitor_template.json",
	//    "header_map": {
	//      "some-secret": "89787855"
	//    },
	//    "event_timeout": 10
	//  },
	//  "global_trigger_limit": 80.0,
	//  "monitor_user_keys": false,
	//  "monitor_org_keys": true
	// },
	// ```
	Monitor	MonitorConfig	`json:"monitor"`

	// Maximum idle connections, per API, between Tyk and Upstream. By default not limited.
	MaxIdleConns	int	`bson:"max_idle_connections" json:"max_idle_connections"`
	// Maximum idle connections, per API, per upstream, between Tyk and Upstream. Default:100
	MaxIdleConnsPerHost	int	`bson:"max_idle_connections_per_host" json:"max_idle_connections_per_host"`
	// Maximum connection time. If set it will force gateway reconnect to the upstream.
	MaxConnTime	int64	`json:"max_conn_time"`

	// If set, disable keepalive between User and Tyk
	CloseConnections	bool	`json:"close_connections"`

	// Allows you to use custom domains
	EnableCustomDomains	bool	`json:"enable_custom_domains"`

	// If AllowMasterKeys is set to true, session objects (key definitions) that do not have explicit access rights set
	// will be allowed by Tyk. This means that keys that are created have access to ALL APIs, which in many cases is
	// unwanted behavior unless you are sure about what you are doing.
	AllowMasterKeys	bool	`json:"allow_master_keys"`

	ServiceDiscovery	ServiceDiscoveryConf	`json:"service_discovery"`

	// Globally ignore TLS verification between Tyk and your Upstream services
	ProxySSLInsecureSkipVerify	bool	`json:"proxy_ssl_insecure_skip_verify"`

	// Enable HTTP2 support between Tyk and your upstream service. Required for gRPC.
	ProxyEnableHttp2	bool	`json:"proxy_enable_http2"`

	// Minimum TLS version for connection between Tyk and your upstream service.
	ProxySSLMinVersion	uint16	`json:"proxy_ssl_min_version"`

	// Maximum TLS version for connection between Tyk and your upstream service.
	ProxySSLMaxVersion	uint16	`json:"proxy_ssl_max_version"`

	// Allow list of ciphers for connection between Tyk and your upstream service.
	ProxySSLCipherSuites	[]string	`json:"proxy_ssl_ciphers"`

	// This can specify a default timeout in seconds for upstream API requests.
	// Default: 30 seconds
	ProxyDefaultTimeout	float64	`json:"proxy_default_timeout"`

	// Disable TLS renegotiation.
	ProxySSLDisableRenegotiation	bool	`json:"proxy_ssl_disable_renegotiation"`

	// Disable keepalives between Tyk and your upstream service.
	// Set this value to `true` to force Tyk to close the connection with the server, otherwise the connections will remain open for as long as your OS keeps TCP connections open.
	// This can cause a file-handler limit to be exceeded. Setting to false can have performance benefits as the connection can be reused.
	ProxyCloseConnections	bool	`json:"proxy_close_connections"`

	// Tyk nodes can provide uptime awareness, uptime testing and analytics for your underlying APIs uptime and availability.
	// Tyk can also notify you when a service goes down.
	UptimeTests	UptimeTestsConfig	`json:"uptime_tests"`

	// This section enables the configuration of the health-check API endpoint and the size of the sample data cache (in seconds).
	HealthCheck	HealthCheckConfig	`json:"health_check"`

	// HealthCheckEndpointName Enables you to change the liveness endpoint.
	// Default is "/hello"
	HealthCheckEndpointName	string	`json:"health_check_endpoint_name"`

	// ReadinessCheckEndpointName Enables you to change the readiness endpoint
	// Default is "/ready"
	ReadinessCheckEndpointName	string	`json:"readiness_check_endpoint_name"`

	// GracefulShutdownTimeoutDuration sets how many seconds the gateway should wait for an existing connection
	//to finish before shutting down the server. Defaults to 30 seconds.
	GracefulShutdownTimeoutDuration	int	`json:"graceful_shutdown_timeout_duration"`

	// Change the expiry time of a refresh token. By default 14 days (in seconds).
	OauthRefreshExpire	int64	`json:"oauth_refresh_token_expire"`

	// Change the expiry time of OAuth tokens (in seconds).
	OauthTokenExpire	int32	`json:"oauth_token_expire"`

	// Specifies how long expired tokens are stored in Redis. The value is in seconds and the default is 0. Using the default means expired tokens are never removed from Redis.
	OauthTokenExpiredRetainPeriod	int32	`json:"oauth_token_expired_retain_period"`

	// Character which should be used as a separator for OAuth redirect URI URLs. Default: ;.
	OauthRedirectUriSeparator	string	`json:"oauth_redirect_uri_separator"`

	// Configures the OAuth error status code returned. If not set, it defaults to a 403 error.
	OauthErrorStatusCode	int	`json:"oauth_error_status_code"`

	// By default all key IDs in logs are hidden. Set to `true` if you want to see them for debugging reasons.
	EnableKeyLogging	bool	`json:"enable_key_logging"`

	// Force the validation of the hostname against the common name, even if TLS verification is disabled.
	SSLForceCommonNameCheck	bool	`json:"ssl_force_common_name_check"`

	// Tyk is capable of recording every hit to your API to a database with various filtering parameters. Set this value to `true` and fill in the sub-section below to enable logging.
	//
	// Note:
	//   For performance reasons, Tyk will store traffic data to Redis initially and then purge the data from Redis to MongoDB or other data stores on a regular basis as determined by the purge_delay setting in your Tyk Pump configuration.
	EnableAnalytics	bool	`json:"enable_analytics"`

	// This section defines options on what analytics data to store.
	AnalyticsConfig	AnalyticsConfigConfig	`json:"analytics_config"`

	// Enable separate analytics storage. Used together with `analytics_storage`.
	EnableSeperateAnalyticsStore	bool			`json:"enable_separate_analytics_store"`
	AnalyticsStorage		StorageOptionsConf	`json:"analytics_storage"`

	LivenessCheck	LivenessCheckConfig	`json:"liveness_check"`

	// This section enables the global configuration of the expireable DNS records caching for your Gateway API endpoints.
	// By design caching affects only http(s), ws(s) protocols APIs and doesn’t affect any plugin/middleware DNS queries.
	//
	// ```
	// "dns_cache": {
	//   "enabled": true, //Turned off by default
	//   "ttl": 60, //Time in seconds before the record will be removed from cache
	//   "multiple_ips_handle_strategy": "random" //A strategy, which will be used when dns query will reply with more than 1 ip address per single host.
	// }
	// ```
	DnsCache	DnsCacheConfig	`json:"dns_cache"`

	// If set to `true` this allows you to disable the regular expression cache. The default setting is `false`.
	DisableRegexpCache	bool	`json:"disable_regexp_cache"`

	// If you set `disable_regexp_cache` to `false`, you can use this setting to limit how long the regular expression cache is kept for in seconds.
	// The default is 60 seconds. This must be a positive value. If you set to 0 this uses the default value.
	RegexpCacheExpire	int32	`json:"regexp_cache_expire"`

	// Tyk can cache some data locally, this can speed up lookup times on a single node and lower the number of connections and operations being done on Redis. It will however introduce a slight delay when updating or modifying keys as the cache must expire.
	// This does not affect rate limiting.
	LocalSessionCache	LocalSessionCacheConf	`json:"local_session_cache"`

	// Enable to use a separate Redis for cache storage
	EnableSeperateCacheStore	bool			`json:"enable_separate_cache_store"`
	CacheStorage			StorageOptionsConf	`json:"cache_storage"`

	// Enable downloading Plugin bundles
	// Example:
	// ```
	// "enable_bundle_downloader": true,
	// "bundle_base_url": "http://my-bundle-server.com/bundles/",
	// "public_key_path": "/path/to/my/pubkey",
	// ```
	EnableBundleDownloader	bool	`bson:"enable_bundle_downloader" json:"enable_bundle_downloader"`

	// Is a base URL that will be used to download the bundle. In this example we have `bundle-latest.zip` specified in the API settings, Tyk will fetch the following URL: http://my-bundle-server.com/bundles/bundle-latest.zip (see the next section for details).
	BundleBaseURL	string	`bson:"bundle_base_url" json:"bundle_base_url"`

	// Disable TLS validation for bundle URLs
	BundleInsecureSkipVerify	bool	`bson:"bundle_insecure_skip_verify" json:"bundle_insecure_skip_verify"`

	// Set to true if you are using JSVM custom middleware or virtual endpoints.
	EnableJSVM	bool	`json:"enable_jsvm"`

	// Set the execution timeout for JSVM plugins and virtal endpoints
	JSVMTimeout	int	`json:"jsvm_timeout"`

	// Disable virtual endpoints and the code will not be loaded into the VM when the API definition initialises.
	// This is useful for systems where you want to avoid having third-party code run.
	DisableVirtualPathBlobs	bool	`json:"disable_virtual_path_blobs"`

	// Path to the JavaScript file which will be pre-loaded for any JSVM middleware or virtual endpoint. Useful for defining global shared functions.
	TykJSPath	string	`json:"tyk_js_path"`

	// Path to the plugins dirrectory. By default is ``./middleware`.
	MiddlewarePath	string	`json:"middleware_path"`

	// Configuration options for Python and gRPC plugins.
	CoProcessOptions	CoProcessConfig	`json:"coprocess_options"`

	// Ignore the case of any endpoints for APIs managed by Tyk. Setting this to `true` will override any individual API and Ignore, Blacklist and Whitelist plugin endpoint settings.
	IgnoreEndpointCase	bool	`json:"ignore_endpoint_case"`

	// When enabled Tyk ignores the canonical format of the MIME header keys.
	//
	// For example when a request header with a “my-header” key is injected using “global_headers”, the upstream would typically get it as “My-Header”. When this flag is enabled it will be sent as “my-header” instead.
	//
	// Current support is limited to JavaScript plugins, global header injection, virtual endpoint and JQ transform header rewrites.
	// This functionality doesn’t affect headers that are sent by the HTTP client and the default formatting will apply in this case.
	//
	// For technical details refer to the [CanonicalMIMEHeaderKey](https://golang.org/pkg/net/textproto/#CanonicalMIMEHeaderKey) functionality in the Go documentation.
	IgnoreCanonicalMIMEHeaderKey	bool	`json:"ignore_canonical_mime_header_key"`

	// You can now set a logging level (log_level). The following levels can be set: debug, info, warn, error.
	// If not set or left empty, it will default to `info`.
	LogLevel	string	`json:"log_level"`

	// You can now configure the log format to be either the standard or json format
	// If not set or left empty, it will default to `standard`.
	LogFormat	string	`json:"log_format"`

	// AccessLogs configures the output for access logs.
	// If not configured, the access log is disabled.
	AccessLogs	AccessLogsConfig	`json:"access_logs"`

	// Section for configuring OpenTracing support
	// Deprecated: use OpenTelemetry instead.
	Tracer	Tracer	`json:"tracing"`

	// Section for configuring OpenTelemetry.
	OpenTelemetry	otel.OpenTelemetry	`json:"opentelemetry"`

	NewRelic	NewRelicConfig	`json:"newrelic"`

	// Enable debugging of your Tyk Gateway by exposing profiling information through https://tyk.io/docs/api-management/troubleshooting-debugging
	HTTPProfile	bool	`json:"enable_http_profiler"`

	// Enables the real-time Gateway log view in the Dashboard.
	UseRedisLog	bool	`json:"use_redis_log"`

	// Enable Sentry logging
	UseSentry	bool	`json:"use_sentry"`
	// Sentry API code
	SentryCode	string	`json:"sentry_code"`
	// Log verbosity for Sentry logging
	SentryLogLevel	string	`json:"sentry_log_level"`

	// Enable Syslog log output
	UseSyslog	bool	`json:"use_syslog"`
	// Syslong transport to use. Values: tcp or udp.
	SyslogTransport	string	`json:"syslog_transport"`
	// Graylog server address
	SyslogNetworkAddr	string	`json:"syslog_network_addr"`

	// Use Graylog log output
	UseGraylog	bool	`json:"use_graylog"`
	// Graylog server address
	GraylogNetworkAddr	string	`json:"graylog_network_addr"`

	// Use logstash log output
	UseLogstash	bool	`json:"use_logstash"`
	// Logstash network transport. Values: tcp or udp.
	LogstashTransport	string	`json:"logstash_transport"`
	// Logstash server address
	LogstashNetworkAddr	string	`json:"logstash_network_addr"`

	// Show 404 HTTP errors in your Gateway application logs
	Track404Logs	bool	`json:"track_404_logs"`

	// Address of StatsD server. If set enable statsd monitoring.
	StatsdConnectionString	string	`json:"statsd_connection_string"`
	// StatsD prefix
	StatsdPrefix	string	`json:"statsd_prefix"`

	// Event System
	EventHandlers		apidef.EventHandlerMetaConfig		`json:"event_handlers"`
	EventTriggers		map[apidef.TykEvent][]TykEventHandler	`json:"event_trigers_defunct"`	// Deprecated: Config.GetEventTriggers instead.
	EventTriggersDefunct	map[apidef.TykEvent][]TykEventHandler	`json:"event_triggers_defunct"`	// Deprecated: Config.GetEventTriggers instead.

	// HideGeneratorHeader will mask the 'X-Generator' and 'X-Mascot-...' headers, if set to true.
	HideGeneratorHeader	bool	`json:"hide_generator_header"`

	SupressDefaultOrgStore		bool	`json:"suppress_default_org_store"`
	LegacyEnableAllowanceCountdown	bool	`bson:"legacy_enable_allowance_countdown" json:"legacy_enable_allowance_countdown"`

	// Enable global API token expiration. Can be needed if all your APIs using JWT or oAuth 2.0 auth methods with dynamically generated keys.
	ForceGlobalSessionLifetime	bool	`bson:"force_global_session_lifetime" json:"force_global_session_lifetime"`
	// SessionLifetimeRespectsKeyExpiration respects the key expiration time when the session lifetime is less than the key expiration. That is, Redis waits the key expiration for physical removal.
	SessionLifetimeRespectsKeyExpiration	bool	`bson:"session_lifetime_respects_key_expiration" json:"session_lifetime_respects_key_expiration"`
	// global session lifetime, in seconds.
	GlobalSessionLifetime	int64	`bson:"global_session_lifetime" json:"global_session_lifetime"`

	// This section enables the use of the KV capabilities to substitute configuration values.
	// See more details https://tyk.io/docs/tyk-self-managed/#store-configuration-with-key-value-store
	KV	struct {
		Consul	ConsulConfig	`json:"consul"`
		Vault	VaultConfig	`json:"vault"`
	}	`json:"kv"`

	// Secrets configures a list of key/value pairs for the gateway.
	// When configuring it via environment variable, the expected value
	// is a comma separated list of key-value pairs delimited with a colon.
	//
	// Example: `TYK_GW_SECRETS=key1:value1,key2:/value2`
	// Produces: `{"key1": "value1", "key2": "/value2"}`
	//
	// The secret value may be used as `secrets://key1` from the API definition.
	// In versions before gateway 5.3, only `listen_path` and `target_url` fields
	// have had the secrets replaced.
	// See more details https://tyk.io/docs/tyk-self-managed/#how-to-access-the-externally-stored-data
	Secrets	map[string]string	`json:"secrets"`

	// Override the default error code and or message returned by middleware.
	// The following message IDs can be used to override the message and error codes:
	//
	// AuthToken message IDs
	// * `auth.auth_field_missing`
	// * `auth.key_not_found`
	//
	// OIDC message IDs
	// * `oauth.auth_field_missing`
	// * `oauth.auth_field_malformed`
	// * `oauth.key_not_found`
	// * `oauth.client_deleted`
	//
	// Sample Override Message Setting
	// ```
	// "override_messages": {
	//   "oauth.auth_field_missing" : {
	//    "code": 401,
	//    "message": "Token is not authorized"
	//  }
	// }
	// ```
	OverrideMessages	map[string]TykError	`bson:"override_messages" json:"override_messages"`

	// Cloud flag shows the Gateway runs in Tyk Cloud.
	Cloud	bool	`json:"cloud"`

	// Skip TLS verification for JWT JWKs url validation
	JWTSSLInsecureSkipVerify	bool	`json:"jwt_ssl_insecure_skip_verify"`

	// ResourceSync configures mitigation strategy in case sync fails.
	ResourceSync	ResourceSyncConfig	`json:"resource_sync"`

	// Private contains configuration fields for internal app usage.
	Private	Private	`json:"-"`

	// DevelopmentConfig struct extends configuration for development builds.
	DevelopmentConfig

	// OAS holds the configuration for various OpenAPI-specific functionalities
	OAS	OASConfig	`json:"oas_config"`

	// Streaming holds the configuration for Tyk Streaming functionalities
	Streaming	StreamingConfig	`json:"streaming"`

	Labs	LabsConfig	`json:"labs"`
}

ConsulConfig is used to configure the creation of a client This is a stripped down version of the Config struct in consul's API client

type ConsulConfig struct {
	// Address is the address of the Consul server
	Address	string	`json:"address"`

	// Scheme is the URI scheme for the Consul server
	Scheme	string	`json:"scheme"`

	// The datacenter to use. If not provided, the default agent datacenter is used.
	Datacenter	string	`json:"datacenter"`

	// HttpAuth is the auth info to use for http access.
	HttpAuth	struct {
		// Username to use for HTTP Basic Authentication
		Username	string	`json:"username"`

		// Password to use for HTTP Basic Authentication
		Password	string	`json:"password"`
	}	`json:"http_auth"`

	// WaitTime limits how long a Watch will block. If not provided,
	// the agent default values will be used.
	WaitTime	time.Duration	`json:"wait_time"`

	// Token is used to provide a per-request ACL token
	// which overrides the agent's default token.
	Token	string	`json:"token"`

	// TLS configuration
	TLSConfig	struct {
		// Address
		Address	string	`json:"address"`
		// CA file
		CAFile	string	`json:"ca_file"`
		// CA Path
		CAPath	string	`json:"ca_path"`
		// Cert file
		CertFile	string	`json:"cert_file"`
		// Key file
		KeyFile	string	`json:"key_file"`
		// Disable TLS validation
		InsecureSkipVerify	bool	`json:"insecure_skip_verify"`
	}	`json:"tls_config"`
}

This type doesn't have documentation.

type DBAppConfOptionsConfig struct {
	// Set the URL to your Dashboard instance (or a load balanced instance). The URL needs to be formatted as: `http://dashboard_host:port`
	ConnectionString	string	`json:"connection_string"`

	// Set a timeout value, in seconds, for your Dashboard connection. Default value is 30.
	ConnectionTimeout	int	`json:"connection_timeout"`

	// Set to `true` to enable filtering (sharding) of APIs.
	NodeIsSegmented	bool	`json:"node_is_segmented"`

	// The tags to use when filtering (sharding) Tyk Gateway nodes. Tags are processed as `OR` operations.
	// If you include a non-filter tag (e.g. an identifier such as `node-id-1`, this will become available to your Dashboard analytics).
	Tags	[]string	`json:"tags"`
}

DevelopmentConfig should contain no flags for official release builds.

type DevelopmentConfig struct{}

This type doesn't have documentation.

type DnsCacheConfig struct {
	// Setting this value to `true` will enable caching of DNS queries responses used for API endpoint’s host names. By default caching is disabled.
	Enabled	bool	`json:"enabled"`

	// This setting allows you to specify a duration in seconds before the record will be removed from cache after being added to it on the first DNS query resolution of API endpoints.
	// Setting `ttl` to `-1` prevents record from being expired and removed from cache on next check interval.
	TTL	int64	`json:"ttl"`

	CheckInterval	int64	`json:"-" ignored:"true"`
	// controls cache cleanup interval. By convention this shouldn't be exposed to a config or env_variable_setup

	// A strategy which will be used when a DNS query will reply with more than 1 IP Address per single host.
	// As a DNS query response IP Addresses can have a changing order depending on DNS server balancing strategy (eg: round robin, geographically dependent origin-ip ordering, etc) this option allows you to not to limit the connection to the first host in a cached response list or prevent response caching.
	//
	// * `pick_first` will instruct your Tyk Gateway to connect to the first IP in a returned IP list and cache the response.
	// * `random` will instruct your Tyk Gateway to connect to a random IP in a returned IP list and cache the response.
	// * `no_cache` will instruct your Tyk Gateway to connect to the first IP in a returned IP list and fetch each addresses list without caching on each API endpoint DNS query.
	MultipleIPsHandleStrategy	IPsHandleStrategy	`json:"multiple_ips_handle_strategy"`
}

EventMessage is a standard form to send event data to handlers

type EventMessage struct {
	Type		apidef.TykEvent
	Meta		interface{}
	TimeStamp	string
}

This type doesn't have documentation.

type HealthCheckConfig struct {
	// Setting this value to `true` will enable the health-check endpoint on /Tyk/health.
	EnableHealthChecks	bool	`json:"enable_health_checks"`

	// This setting defaults to 60 seconds. This is the time window that Tyk uses to sample health-check data.
	// You can set a higher value for more accurate data (a larger sample period), or a lower value for less accurate data.
	// The reason this value is configurable is because sample data takes up space in your Redis DB to store the data to calculate samples. On high-availability systems this may not be desirable and smaller values may be preferred.
	HealthCheckValueTimeout	int64	`json:"health_check_value_timeouts"`
}

This type doesn't have documentation.

type HttpServerOptionsConfig struct {
	// No longer used
	OverrideDefaults	bool	`json:"-"`

	// API Consumer -> Gateway network read timeout. Not setting this config, or setting this to 0, defaults to 120 seconds
	ReadTimeout	int	`json:"read_timeout"`

	// API Consumer -> Gateway network write timeout. Not setting this config, or setting this to 0, defaults to 120 seconds
	WriteTimeout	int	`json:"write_timeout"`

	// Set to true to enable SSL connections
	UseSSL	bool	`json:"use_ssl"`

	// Enable HTTP2 protocol handling
	EnableHttp2	bool	`json:"enable_http2"`

	// EnableStrictRoutes changes the routing to avoid nearest-neighbour requests on overlapping routes
	//
	// - if disabled, `/apple` will route to `/app`, the current default behavior,
	// - if enabled, `/app` only responds to `/app`, `/app/` and `/app/*` but not `/apple`
	//
	// Regular expressions and parameterized routes will be left alone regardless of this setting.
	EnableStrictRoutes	bool	`json:"enable_strict_routes"`

	// EnablePathPrefixMatching changes how the gateway matches incoming URL paths against routes (patterns) defined in the API definition.
	// By default, the gateway uses wildcard matching. When EnablePathPrefixMatching is enabled, it switches to prefix matching. For example, a defined path such as `/json` will only match request URLs that begin with `/json`, rather than matching any URL containing `/json`.
	//
	// The gateway checks the request URL against several variations depending on whether path versioning is enabled:
	// - Full path (listen path + version + endpoint): `/listen-path/v4/json`
	// - Non-versioned full path (listen path + endpoint): `/listen-path/json`
	// - Path without version (endpoint only): `/json`
	//
	// For patterns that start with `/`, the gateway prepends `^` before performing the check, ensuring a true prefix match.
	// For patterns that start with `^`, the gateway will already perform prefix matching so EnablePathPrefixMatching will have no impact.
	// This option allows for more specific and controlled routing of API requests, potentially reducing unintended matches. Note that you may need to adjust existing route definitions when enabling this option.
	//
	// Example:
	//
	// With wildcard matching, `/json` might match `/api/v1/data/json`.
	// With prefix matching, `/json` would not match `/api/v1/data/json`, but would match `/json/data`.
	//
	// Combining EnablePathPrefixMatching with EnablePathSuffixMatching will result in exact URL matching, with `/json` being evaluated as `^/json$`.
	EnablePathPrefixMatching	bool	`json:"enable_path_prefix_matching"`

	// EnablePathSuffixMatching changes how the gateway matches incoming URL paths against routes (patterns) defined in the API definition.
	// By default, the gateway uses wildcard matching. When EnablePathSuffixMatching is enabled, it switches to suffix matching. For example, a defined path such as `/json` will only match request URLs that end with `/json`, rather than matching any URL containing `/json`.
	//
	// The gateway checks the request URL against several variations depending on whether path versioning is enabled:
	// - Full path (listen path + version + endpoint): `/listen-path/v4/json`
	// - Non-versioned full path (listen path + endpoint): `/listen-path/json`
	// - Path without version (endpoint only): `/json`
	//
	// For patterns that already end with `$`, the gateway will already perform suffix matching so EnablePathSuffixMatching will have no impact. For all other patterns, the gateway appends `$` before performing the check, ensuring a true suffix match.
	// This option allows for more specific and controlled routing of API requests, potentially reducing unintended matches. Note that you may need to adjust existing route definitions when enabling this option.
	//
	// Example:
	//
	// With wildcard matching, `/json` might match `/api/v1/json/data`.
	// With suffix matching, `/json` would not match `/api/v1/json/data`, but would match `/api/v1/json`.
	//
	// Combining EnablePathSuffixMatching with EnablePathPrefixMatching will result in exact URL matching, with `/json` being evaluated as `^/json$`.
	EnablePathSuffixMatching	bool	`json:"enable_path_suffix_matching"`

	// Disable TLS verification. Required if you are using self-signed certificates.
	SSLInsecureSkipVerify	bool	`json:"ssl_insecure_skip_verify"`

	// Enabled WebSockets and server side events support
	EnableWebSockets	bool	`json:"enable_websockets"`

	// Deprecated: Use `ssl_certificates`instead.
	Certificates	CertsData	`json:"certificates"`

	// Index of certificates available to the Gateway for use in client and upstream communication.
	// The string value in the array can be two of the following options:
	// 1. The ID assigned to and used to identify a certificate in the Tyk Certificate Store
	// 2. The path to a file accessible to the Gateway. This PEM file must contain the private key and public certificate pair concatenated together.
	SSLCertificates	[]string	`json:"ssl_certificates"`

	// Start your Gateway HTTP server on specific server name
	ServerName	string	`json:"server_name"`

	// Minimum TLS version. Possible values: https://tyk.io/docs/api-management/certificates#supported-tls-versions
	MinVersion	uint16	`json:"min_version"`

	// Maximum TLS version.
	MaxVersion	uint16	`json:"max_version"`

	// When mTLS enabled, this option allows to skip client CA announcement in the TLS handshake.
	// This option is useful when you have a lot of ClientCAs and you want to reduce the handshake overhead, as some clients can hit TLS handshake limits.
	// This option does not give any hints to the client, on which certificate to pick (but this is very rare situation when it is required)
	SkipClientCAAnnouncement	bool	`json:"skip_client_ca_announcement"`

	// Set this to the number of seconds that Tyk uses to flush content from the proxied upstream connection to the open downstream connection.
	// This option needed be set for streaming protocols like Server Side Events, or gRPC streaming.
	FlushInterval	int	`json:"flush_interval"`

	// Allow the use of a double slash in a URL path. This can be useful if you need to pass raw URLs to your API endpoints.
	// For example: `http://myapi.com/get/http://example.com`.
	SkipURLCleaning	bool	`json:"skip_url_cleaning"`

	// Disable automatic character escaping, allowing to path original URL data to the upstream.
	SkipTargetPathEscaping	bool	`json:"skip_target_path_escaping"`

	// Custom SSL ciphers applicable when using TLS version 1.2. See the list of ciphers here https://tyk.io/docs/api-management/certificates#supported-tls-cipher-suites
	Ciphers	[]string	`json:"ssl_ciphers"`

	// MaxRequestBodySize configures a maximum size limit for request body size (in bytes) for all APIs on the Gateway.
	//
	// Tyk Gateway will evaluate all API requests against this size limit and will respond with HTTP 413 status code if the body of the request is larger.
	//
	// Two methods are used to perform the comparison:
	//  - If the API Request contains the `Content-Length` header, this is directly compared against `MaxRequestBodySize`.
	//  - If the `Content-Length` header is not provided, the Request body is read in chunks to compare total size against `MaxRequestBodySize`.
	//
	// A value of zero (default) means that no maximum is set and API requests will not be tested.
	//
	// See more information about setting request size limits here:
	// https://tyk.io/docs/api-management/traffic-transformation/#request-size-limits
	MaxRequestBodySize	int64	`json:"max_request_body_size"`
}

This type doesn't have documentation.

type IPsHandleStrategy string

LabsConfig include config for streaming

type LabsConfig map[string]interface{}

This type doesn't have documentation.

type LivenessCheckConfig struct {
	// Frequencies of performing interval healthchecks for Redis, Dashboard, and RPC layer.
	// Expressed in Nanoseconds. For example: 1000000000 -> 1s.
	// Default: 10 seconds.
	CheckDuration time.Duration `json:"check_duration"`
}

This type doesn't have documentation.

type LocalSessionCacheConf struct {
	// By default sessions are set to cache. Set this to `true` to stop Tyk from caching keys locally on the node.
	DisableCacheSessionState	bool	`json:"disable_cached_session_state"`

	CachedSessionTimeout	int	`json:"cached_session_timeout"`
	CacheSessionEviction	int	`json:"cached_session_eviction"`
}

This type doesn't have documentation.

type MonitorConfig struct {
	// Set this to `true` to have monitors enabled in your configuration for the node.
	EnableTriggerMonitors	bool			`json:"enable_trigger_monitors"`
	Config			WebHookHandlerConf	`json:"configuration"`
	// The trigger limit, as a percentage of the quota that must be reached in order to trigger the event, any time the quota percentage is increased the event will trigger.
	GlobalTriggerLimit	float64	`json:"global_trigger_limit"`
	// Apply the monitoring subsystem to user keys.
	MonitorUserKeys	bool	`json:"monitor_user_keys"`
	// Apply the monitoring subsystem to organization keys.
	MonitorOrgKeys	bool	`json:"monitor_org_keys"`
}

This type doesn't have documentation.

type NewRelicConfig struct {
	// New Relic Application name
	AppName	string	`json:"app_name"`
	// New Relic License key
	LicenseKey	string	`json:"license_key"`
	// Enable distributed tracing
	EnableDistributedTracing	bool	`json:"enable_distributed_tracing"`
}

This type doesn't have documentation.

type NormaliseURLPatterns struct {
	UUIDs	*regexp.Regexp
	ULIDs	*regexp.Regexp
	IDs	*regexp.Regexp
	Custom	[]*regexp.Regexp
}

This type doesn't have documentation.

type NormalisedURLConfig struct {
	// Set this to `true` to enable normalisation.
	Enabled	bool	`json:"enabled"`
	// Set this to true to have Tyk automatically clean up UUIDs. It will match the following styles:
	//
	// * `/15873a748894492162c402d67e92283b/search`
	// * `/CA761232-ED42-11CE-BACD-00AA0057B223/search`
	// * `/ca761232-ed42-11ce-BAcd-00aa0057b223/search`
	// * `/ca761232-ed42-11ce-BAcd-00aa0057b223/search`

	// Each UUID will be replaced with a placeholder {uuid}
	NormaliseUUIDs	bool	`json:"normalise_uuids"`

	// Set this to true to have Tyk automatically clean up ULIDs. It will match the following style:
	//
	// * `/posts/01G9HHNKWGBHCQX7VG3JKSZ055/comments`
	// * `/posts/01g9hhnkwgbhcqx7vg3jksz055/comments`
	// * `/posts/01g9HHNKwgbhcqx7vg3JKSZ055/comments`

	// Each ULID will be replaced with a placeholder {ulid}
	NormaliseULIDs	bool	`json:"normalise_ulids"`

	// Set this to true to have Tyk automatically match for numeric IDs, it will match with a preceding slash so as not to capture actual numbers:
	NormaliseNumbers	bool	`json:"normalise_numbers"`

	// This is a list of custom patterns you can add. These must be valid regex strings. Tyk will replace these values with a {var} placeholder.
	Custom	[]string	`json:"custom_patterns"`

	CompiledPatternSet	NormaliseURLPatterns	`json:"-"`	// see analytics.go
}

OASConfig holds the configuration for various OpenAPI-specific functionalities

type OASConfig struct {
	// ValidateExamples enables validation of values provided in `example` and `examples` fields against the declared schemas in the OpenAPI Document. Defaults to false.
	ValidateExamples	bool	`json:"validate_examples"`

	// ValidateSchemaDefaults enables validation of values provided in `default` fields against the declared schemas in the OpenAPI Document. Defaults to false.
	ValidateSchemaDefaults	bool	`json:"validate_schema_defaults"`
}

This type doesn't have documentation.

type PoliciesConfig struct {
	// Set this value to `file` to look in the file system for a definition file. Set to `service` to use the Dashboard service.
	PolicySource	string	`json:"policy_source"`

	// This option is required if `policies.policy_source` is set to `service`.
	// Set this to the URL of your Tyk Dashboard installation. The URL needs to be formatted as: http://dashboard_host:port.
	PolicyConnectionString	string	`json:"policy_connection_string"`

	// This option only applies in OSS deployment when the `policies.policy_source` is either set
	// to `file` or an empty string. If `policies.policy_path` is not set, then Tyk will load policies
	// from the JSON file specified by `policies.policy_record_name`.
	PolicyRecordName	string	`json:"policy_record_name"`

	// In a Pro installation, Tyk will load Policy IDs and use the internal object-ID as the ID of the policy.
	// This is not portable in cases where the data needs to be moved from installation to installation.
	//
	// If you set this value to `true`, then the id parameter in a stored policy (or imported policy using the Dashboard API), will be used instead of the internal ID.
	//
	// This option should only be used when moving an installation to a new database.
	AllowExplicitPolicyID	bool	`json:"allow_explicit_policy_id"`
	// This option only applies in OSS deployment when the `policies.policy_source` is either set
	// to `file` or an empty string. If `policies.policy_path` is set, then Tyk will load policies
	// from all the JSON files under the directory specified by the `policies.policy_path` option.
	// In this configuration, Tyk Gateway will allow policy management through the Gateway API.
	PolicyPath	string	`json:"policy_path"`
}

PortRange defines a range of ports inclusively.

type PortRange struct {
	From	int	`json:"from"`
	To	int	`json:"to"`
}

PortWhiteList defines ports that will be allowed by the Gateway.

type PortWhiteList struct {
	Ranges	[]PortRange	`json:"ranges,omitempty"`
	Ports	[]int		`json:"ports,omitempty"`
}

This type doesn't have documentation.

type PortsWhiteList map[string]PortWhiteList

Private contains configurations which are private, adding it to be part of config without exposing to customers.

type Private struct {
	// OAuthTokensPurgeInterval specifies the interval at which lapsed tokens get purged.
	OAuthTokensPurgeInterval	int	`json:"-"`
	// OriginalPath is the path to the config file that is read. If
	// none was found, it's the path to the default config file that
	// was written.
	OriginalPath	string	`json:"-"`
	// EdgeOriginalAPIKeyPath is the original path to the API key in the configuration file.
	// This is only used when the gateway is running as an edge gateway (slave mode) in an MDCB setup
	// to modify the external KV store in case of API Key Reset.
	// This is set automatically in afterConfSetup()
	EdgeOriginalAPIKeyPath	string	`json:"-"`
}

RateLimit contains flags and configuration for controlling rate limiting behaviour. It is embedded in the main config structure.

type RateLimit struct {
	// EnableFixedWindow enables fixed window rate limiting.
	EnableFixedWindowRateLimiter	bool	`json:"enable_fixed_window_rate_limiter"`

	// Redis based rate limiter with sliding log. Provides 100% rate limiting accuracy, but require two additional Redis roundtrips for each request.
	EnableRedisRollingLimiter	bool	`json:"enable_redis_rolling_limiter"`

	// To enable, set to `true`. The sentinel-based rate limiter delivers a smoother performance curve as rate-limit calculations happen off-thread, but a stricter time-out based cool-down for clients. For example, when a throttling action is triggered, they are required to cool-down for the period of the rate limit.
	// Disabling the sentinel based rate limiter will make rate-limit calculations happen on-thread and therefore offers a staggered cool-down and a smoother rate-limit experience for the client.
	// For example, you can slow your connection throughput to regain entry into your rate limit. This is more of a “throttle” than a “block”.
	// The standard rate limiter offers similar performance as the sentinel-based limiter. This is disabled by default.
	EnableSentinelRateLimiter	bool	`json:"enable_sentinel_rate_limiter"`

	// EnableRateLimitSmoothing enables or disables rate limit smoothing. The rate smoothing is only supported on the
	// Redis Rate Limiter, or the Sentinel Rate Limiter, as both algorithms implement a sliding log.
	EnableRateLimitSmoothing	bool	`json:"enable_rate_limit_smoothing"`

	// An enhancement for the Redis and Sentinel rate limiters, that offers a significant improvement in performance by not using transactions on Redis rate-limit buckets.
	EnableNonTransactionalRateLimiter	bool	`json:"enable_non_transactional_rate_limiter"`

	// How frequently a distributed rate limiter synchronises information between the Gateway nodes. Default: 2 seconds.
	DRLNotificationFrequency	int	`json:"drl_notification_frequency"`

	// A distributed rate limiter is inaccurate on small rate limits, and it will fallback to a Redis or Sentinel rate limiter on an individual user basis, if its rate limiter lower then threshold.
	// A Rate limiter threshold calculated using the following formula: `rate_threshold = drl_threshold * number_of_gateways`.
	// So you have 2 Gateways, and your threshold is set to 5, if a user rate limit is larger than 10, it will use the distributed rate limiter algorithm.
	// Default: 5
	DRLThreshold	float64	`json:"drl_threshold"`

	// Controls which algorthm to use as a fallback when your distributed rate limiter can't be used.
	DRLEnableSentinelRateLimiter	bool	`json:"drl_enable_sentinel_rate_limiter"`
}

This type doesn't have documentation.

type Reporter struct {
	// URL connection url to the zipkin server
	URL		string	`json:"url"`
	BatchSize	int	`json:"batch_size"`
	MaxBacklog	int	`json:"max_backlog"`
}

This type doesn't have documentation.

type ResourceSyncConfig struct {
	// RetryAttempts defines the number of retries that the Gateway
	// should perform during a resource sync (APIs or policies), defaulting
	// to zero which means no retries are attempted.
	RetryAttempts	int	`json:"retry_attempts"`

	// Interval configures the interval in seconds between each retry on a resource sync error.
	Interval	int	`json:"interval"`
}

This type doesn't have documentation.

"boundary"

"count"

type Sampler struct {
	//Name is the name of the sampler to use. Options are
	//
	// 	"boundary"
	// is appropriate for high-traffic instrumentation who
	// provision random trace ids, and make the sampling decision only once.
	// It defends against nodes in the cluster selecting exactly the same ids.
	//
	//	"count"
	// is appropriate for low-traffic instrumentation or
	// those who do not provision random trace ids. It is not appropriate for
	// collectors as the sampling decision isn't idempotent (consistent based
	// on trace id).
	//
	// "mod"
	// provides a generic type Sampler
	Name	string	`json:"name"`
	//Rate is used by both "boundary" and "count" samplers
	Rate	float64	`json:"rate"`
	//Salt is used by "boundary" sampler
	Salt	int64	`json:"salt"`
	// Mod is only used when sampler is mod
	Mod	uint64	`json:"mod"`
}

This type doesn't have documentation.

type SecurityConfig struct {
	// Set the AES256 secret which is used to encode certificate private keys when they uploaded via certificate storage
	PrivateCertificateEncodingSecret	string	`json:"private_certificate_encoding_secret"`

	// Enable Gateway Control API to use Mutual TLS. Certificates can be set via `security.certificates.control_api` section
	ControlAPIUseMutualTLS	bool	`json:"control_api_use_mutual_tls"`

	// Specify public keys used for Certificate Pinning on global level.
	PinnedPublicKeys	map[string]string	`json:"pinned_public_keys"`

	Certificates	CertificatesConfig	`json:"certificates"`
}

This type doesn't have documentation.

type ServiceDiscoveryConf struct {
	// Service discovery cache timeout
	DefaultCacheTimeout int `json:"default_cache_timeout"`
}

ServicePort defines a protocol and port on which a service can bind to.

type ServicePort struct {
	Protocol	string	`json:"protocol"`
	Port		int	`json:"port"`
}

This type doesn't have documentation.

type SlaveOptionsConfig struct {
	// Set to `true` to connect a worker Gateway using RPC.
	UseRPC	bool	`json:"use_rpc"`

	// Set this option to `true` to use an SSL RPC connection.
	UseSSL	bool	`json:"use_ssl"`

	// Set this option to `true` to allow the certificate validation (certificate chain and hostname) to be skipped.
	// This can be useful if you use a self-signed certificate.
	SSLInsecureSkipVerify	bool	`json:"ssl_insecure_skip_verify"`

	// Use this setting to add the URL for your MDCB or load balancer host.
	ConnectionString	string	`json:"connection_string"`

	// Your organization ID to connect to the MDCB installation.
	RPCKey	string	`json:"rpc_key"`

	// This the API key of a user used to authenticate and authorize the Gateway’s access through MDCB.
	// The user should be a standard Dashboard user with minimal privileges so as to reduce any risk if the user is compromised.
	// The suggested security settings are read for Real-time notifications and the remaining options set to deny.
	APIKey	string	`json:"api_key"`

	// Set this option to `true` to enable RPC caching for keys.
	EnableRPCCache	bool	`json:"enable_rpc_cache"`

	// For an Self-Managed installation this can be left at `false` (the default setting). For Legacy Cloud Gateways it must be set to ‘true’.
	BindToSlugsInsteadOfListenPaths	bool	`json:"bind_to_slugs"`

	// Set this option to `true` if you don’t want to monitor changes in the keys from a primary Gateway.
	DisableKeySpaceSync	bool	`json:"disable_keyspace_sync"`

	// This is the `zone` that this instance inhabits, e.g. the cluster/data-center the Gateway lives in.
	// The group ID must be the same across all the Gateways of a data-center/cluster which are also sharing the same Redis instance.
	// This ID should also be unique per cluster (otherwise another Gateway cluster can pick up your keyspace events and your cluster will get zero updates).
	GroupID	string	`json:"group_id"`

	// Call Timeout allows to specify a time in seconds for the maximum allowed duration of a RPC call.
	CallTimeout	int	`json:"call_timeout"`

	// The maximum time in seconds that a RPC ping can last.
	PingTimeout	int	`json:"ping_timeout"`

	// The number of RPC connections in the pool. Basically it creates a set of connections that you can re-use as needed. Defaults to 5.
	RPCPoolSize	int	`json:"rpc_pool_size"`

	// You can use this to set a period for which the Gateway will check if there are changes in keys that must be synchronized. If this value is not set then it will default to 10 seconds.
	KeySpaceSyncInterval	float32	`json:"key_space_sync_interval"`

	// RPCCertCacheExpiration defines the expiration time of the rpc cache that stores the certificates, defined in seconds
	RPCCertCacheExpiration	float32	`json:"rpc_cert_cache_expiration"`

	// RPCKeysCacheExpiration defines the expiration time of the rpc cache that stores the keys, defined in seconds
	RPCGlobalCacheExpiration	float32	`json:"rpc_global_cache_expiration"`

	// SynchroniserEnabled enable this config if MDCB has enabled the synchoniser. If disabled then it will ignore signals to synchonise recources
	SynchroniserEnabled	bool	`json:"synchroniser_enabled"`
}

This type doesn't have documentation.

type StorageOptionsConf struct {
	// This should be set to `redis` (lowercase)
	Type	string	`json:"type"`
	// The Redis host, by default this is set to `localhost`, but for production this should be set to a cluster.
	Host	string	`json:"host"`
	// The Redis instance port.
	Port	int			`json:"port"`
	Hosts	map[string]string	`json:"hosts"`	// Deprecated: Addrs instead.
	// If you have multi-node setup, you should use this field instead. For example: ["host1:port1", "host2:port2"].
	Addrs	[]string	`json:"addrs"`
	// Redis sentinel master name
	MasterName	string	`json:"master_name"`
	// Redis sentinel password
	SentinelPassword	string	`json:"sentinel_password"`
	// Redis user name
	Username	string	`json:"username"`
	// If your Redis instance has a password set for access, you can set it here.
	Password	string	`json:"password"`
	// Redis database
	Database	int	`json:"database"`
	// Set the number of maximum idle connections in the Redis connection pool, which defaults to 100. Set to a higher value if you are expecting more traffic.
	MaxIdle	int	`json:"optimisation_max_idle"`
	// Set the number of maximum connections in the Redis connection pool, which defaults to 500. Set to a higher value if you are expecting more traffic.
	MaxActive	int	`json:"optimisation_max_active"`
	// Set a custom timeout for Redis network operations. Default value 5 seconds.
	Timeout	int	`json:"timeout"`
	// Enable Redis Cluster support
	EnableCluster	bool	`json:"enable_cluster"`
	// Enable SSL/TLS connection between your Tyk Gateway & Redis.
	UseSSL	bool	`json:"use_ssl"`
	// Disable TLS verification
	SSLInsecureSkipVerify	bool	`json:"ssl_insecure_skip_verify"`
	// Path to the CA file.
	CAFile	string	`json:"ca_file"`
	// Path to the cert file.
	CertFile	string	`json:"cert_file"`
	// Path to the key file.
	KeyFile	string	`json:"key_file"`
	// Maximum TLS version that is supported.
	// Options: ["1.0", "1.1", "1.2", "1.3"].
	// Defaults to "1.3".
	TLSMaxVersion	string	`json:"tls_max_version"`
	// Minimum TLS version that is supported.
	// Options: ["1.0", "1.1", "1.2", "1.3"].
	// Defaults to "1.2".
	TLSMinVersion	string	`json:"tls_min_version"`
}

StreamingConfig holds the configuration for Tyk Streaming functionalities

type StreamingConfig struct {
	// This flag enables the Tyk Streaming feature.
	Enabled	bool	`json:"enabled"`
	// AllowUnsafe specifies a list of potentially unsafe streaming components that should be allowed in the configuration.
	// By default, components that could pose security risks (like file access, subprocess execution, socket operations, etc.)
	// are filtered out. This field allows administrators to explicitly permit specific unsafe components when needed.
	// Use with caution as enabling unsafe components may introduce security vulnerabilities.
	AllowUnsafe	[]string	`json:"allow_unsafe"`
	// EnableAll enables all Bento plugins (except unsafe ones) by disabling the streams validator
	EnableAll	bool	`json:"enable_all"`
}

This type doesn't have documentation.

type Tracer struct {
	// The name of the tracer to initialize. For instance appdash, to use appdash tracer
	Name	string	`json:"name"`

	// Enable tracing
	Enabled	bool	`json:"enabled"`

	// Tracing configuration. Refer to the Tracing Docs for the full list of options.
	Options	map[string]interface{}	`json:"options"`
}

This type doesn't have documentation.

type TykError struct {
	Message	string	`json:"message"`
	Code	int	`json:"code"`
}

TykEventHandler defines an event handler, e.g. LogMessageEventHandler will handle an event by logging it to stdout.

type TykEventHandler interface {
	Init(interface{}) error
	HandleEvent(EventMessage)
}

This type doesn't have documentation.

type UptimeTestsConfig struct {
	// To disable uptime tests on this node, set this value to `true`.
	Disable	bool	`json:"disable"`
	// If you have multiple Gateway clusters connected to the same Redis instance, you need to set a unique poller group for each cluster.
	PollerGroup	string			`json:"poller_group"`
	Config		UptimeTestsConfigDetail	`json:"config"`
}

This type doesn't have documentation.

type UptimeTestsConfigDetail struct {
	// The sample size to trigger a `HostUp` or `HostDown` event. For example, a setting of 3 will require at least three failures to occur before the uptime test is triggered.
	FailureTriggerSampleSize	int	`json:"failure_trigger_sample_size"`
	// The value in seconds between tests runs. All tests will run simultaneously. This value will set the time between those tests. So a value of 60 will run all uptime tests every 60 seconds.
	TimeWait	int	`json:"time_wait"`
	// The goroutine pool size to keep idle for uptime tests. If you have many uptime tests running at a high time period, then increase this value.
	CheckerPoolSize	int	`json:"checker_pool_size"`
	// Set this value to `true` to have the node capture and record analytics data regarding the uptime tests.
	EnableUptimeAnalytics	bool	`json:"enable_uptime_analytics"`
}

VaultConfig is used to configure the creation of a client This is a stripped down version of the config structure in vault's API client

type VaultConfig struct {
	// Address is the address of the Vault server. This should be a complete
	// URL such as "http://vault.example.com".
	Address	string	`json:"address"`

	// AgentAddress is the address of the local Vault agent. This should be a
	// complete URL such as "http://vault.example.com".
	AgentAddress	string	`json:"agent_address"`

	// MaxRetries controls the maximum number of times to retry when a vault
	// serer occurs
	MaxRetries	int	`json:"max_retries"`

	Timeout	time.Duration	`json:"timeout"`

	// Token is the vault root token
	Token	string	`json:"token"`

	// KVVersion is the version number of Vault. Usually defaults to 2
	KVVersion	int	`json:"kv_version"`
}

This type doesn't have documentation.

type WebHookHandlerConf struct {
	// The method to use for the webhook.
	Method	string	`bson:"method" json:"method"`
	// The target path on which to send the request.
	TargetPath	string	`bson:"target_path" json:"target_path"`
	// The template to load in order to format the request.
	TemplatePath	string	`bson:"template_path" json:"template_path"`
	// Headers to set when firing the webhook.
	HeaderList	map[string]string	`bson:"header_map" json:"header_map"`
	// The cool-down for the event so it does not trigger again (in seconds).
	EventTimeout	int64	`bson:"event_timeout" json:"event_timeout"`
}

ZipkinConfig configuration options used to initialize openzipkin opentracing client.

type ZipkinConfig struct {
	Reporter	Reporter	`json:"reporter"`
	Sampler		Sampler		`json:"sampler"`
}

DecodeJSON marshals src to json and tries to unmarshal the result into dest.

func DecodeJSON(dest, src interface{}) error {
	b, err := json.Marshal(src)
	if err != nil {
		return err
	}
	return json.Unmarshal(b, dest)
}

Cognitive complexity: 3, Cyclomatic complexity: 2

func DecodeYAML(dest, src interface{}) error {
	b, err := yaml.Marshal(src)
	if err != nil {
		return err
	}
	return yaml.Unmarshal(b, dest)
}

Cognitive complexity: 3, Cyclomatic complexity: 2

FillEnv will inspect the environment and fill the config.

func FillEnv(conf *Config) error {
	shouldOmit, omitEnvExist := os.LookupEnv(envPrefix + "_OMITCONFIGFILE")
	if omitEnvExist && strings.ToLower(shouldOmit) == "true" {
		*conf = Config{}
	}

	if err := envconfig.Process(envPrefix, conf); err != nil {
		return fmt.Errorf("failed to process config env vars: %w", err)
	}
	if err := processCustom(envPrefix, conf, loadZipkin, loadJaeger); err != nil {
		return fmt.Errorf("failed to process config custom loader: %w", err)
	}
	return nil
}

Cognitive complexity: 7, Cyclomatic complexity: 5

Load will load a configuration file, trying each of the paths given and using the first one that is a regular file and can be opened.

If none exists, a default config will be written to the first path in the list.

An error will be returned only if any of the paths existed but was not a valid config file.

func Load(paths []string, conf *Config) error {
	var r io.ReadCloser
	for _, filename := range paths {
		f, err := os.Open(filename)
		if err == nil {
			r = f
			defer r.Close()
			conf.Private.OriginalPath = filename
			break
		}
		if os.IsNotExist(err) {
			continue
		}
		return err
	}

	if len(paths) > 0 && r == nil {
		filename := paths[0]
		log.Warnf("No config file found, writing default to %s", filename)
		if err := WriteDefault(filename, conf); err != nil {
			return err
		}
		log.Info("Loading default configuration...")
		return Load([]string{filename}, conf)
	}

	if r != nil {
		if err := json.NewDecoder(r).Decode(&conf); err != nil {
			return fmt.Errorf("couldn't unmarshal config: %w", err)
		}
	}

	if err := FillEnv(conf); err != nil {
		log.WithError(err).Error("Failed to process environment variables after config file load")
		return err
	}

	return nil
}

Cognitive complexity: 18, Cyclomatic complexity: 10

New produces a new config object by parsing the default configuration for the values.

func New() (*Config, error) {
	cfg := new(Config)

	cfgFile, err := findFile("tyk.conf")
	if err != nil {
		// Return cfg filled with environment
		// if we don't have a config file.
		if errors.Is(err, os.ErrNotExist) {
			err := FillEnv(cfg)
			return cfg, err
		}

		return nil, err
	}

	if err := Load([]string{cfgFile}, cfg); err != nil {
		return nil, err
	}

	return cfg, nil
}

Cognitive complexity: 7, Cyclomatic complexity: 4

NewDefaultWithEnv gives a deep clone of the Default configuration and fills it from environment provided.

func NewDefaultWithEnv() (*Config, error) {
	cfg := new(Config)

	b, err := json.Marshal(Default)
	if err != nil {
		return nil, err
	}

	if err := json.Unmarshal(b, cfg); err != nil {
		return nil, err
	}

	if err := FillEnv(cfg); err != nil {
		return nil, err
	}

	return cfg, nil
}

Cognitive complexity: 6, Cyclomatic complexity: 4

func WriteConf(path string, conf *Config) error {
	bs, err := json.MarshalIndent(conf, "", "    ")
	if err != nil {
		return err
	}
	return ioutil.WriteFile(path, bs, 0644)
}

Cognitive complexity: 2, Cyclomatic complexity: 2

writeDefault will set conf to the default config and write it to disk in path, if the path is non-empty.

func WriteDefault(in string, conf *Config) error {
	wd, err := os.Getwd()
	if err != nil {
		return fmt.Errorf("Can't get working directory: %w", err)
	}

	*conf = Default
	conf.TemplatePath = filepath.Join(wd, "templates")
	if err := envconfig.Process(envPrefix, conf); err != nil {
		return err
	}
	if in == "" {
		return nil
	}
	return WriteConf(in, conf)
}

Cognitive complexity: 6, Cyclomatic complexity: 4

func (certs *CertsData) Decode(value string) error {
	err := json.Unmarshal([]byte(value), certs)
	if err != nil {
		log.Error("Error unmarshalling TYK_GW_HTTPSERVEROPTIONS_CERTIFICATES: ", err)
		return err
	}
	return nil
}

Cognitive complexity: 2, Cyclomatic complexity: 2

GetRateLimiterStorage will return the storage configuration to use for rate limiters.

func (c *Config) GetRateLimiterStorage() *StorageOptionsConf {
	return &c.Storage
}

Cognitive complexity: 0, Cyclomatic complexity: 1

func (c *Config) LoadIgnoredIPs() {
	c.AnalyticsConfig.ignoredIPsCompiled = make(map[string]bool, len(c.AnalyticsConfig.IgnoredIPs))
	for _, ip := range c.AnalyticsConfig.IgnoredIPs {
		c.AnalyticsConfig.ignoredIPsCompiled[ip] = true
	}
}

Cognitive complexity: 3, Cyclomatic complexity: 2

SetEventTriggers sets events for backwards compatibility

func (c *Config) SetEventTriggers(eventTriggers map[apidef.TykEvent][]TykEventHandler) {
	c.EventTriggersDefunct = eventTriggers
}

Cognitive complexity: 0, Cyclomatic complexity: 1

func (c *Config) StoreAnalytics(ip string) bool {
	if !c.EnableAnalytics {
		return false
	}

	return !c.AnalyticsConfig.ignoredIPsCompiled[ip]
}

Cognitive complexity: 2, Cyclomatic complexity: 2

Decode unmarshals json config into the Labs config

func (lc *LabsConfig) Decode(value string) error {
	var temp map[string]interface{}
	if err := json.Unmarshal([]byte(value), &temp); err != nil {
		log.Error("Error unmarshalling LabsConfig: ", err)
		return err
	}
	*lc = temp
	return nil
}

Cognitive complexity: 3, Cyclomatic complexity: 2

func (pwl *PortsWhiteList) Decode(value string) error {
	err := json.Unmarshal([]byte(value), pwl)
	if err != nil {
		log.Error("Error unmarshalling TYK_GW_PORTWHITELIST: ", err)
		return err
	}

	return nil
}

Cognitive complexity: 2, Cyclomatic complexity: 2

String returns a readable setting for the rate limiter in effect.

func (r *RateLimit) String() string {
	info := "using transactions"
	if r.EnableNonTransactionalRateLimiter {
		info = "using pipeline"
	}

	if r.EnableFixedWindowRateLimiter {
		return "Fixed Window Rate Limiter enabled"
	}

	// Smoothing check is here, because the rate limiters above this line
	// do not support smoothing. Smoothing is applied for RRL/Sentinel.
	if r.EnableRateLimitSmoothing {
		info = info + ", with smoothing"
	}

	if r.EnableRedisRollingLimiter {
		return fmt.Sprintf("Redis Rate Limiter enabled (%s)", info)
	}

	if r.EnableSentinelRateLimiter {
		return fmt.Sprintf("Redis Sentinel Rate Limiter enabled (%s)", info)
	}

	if r.DRLEnableSentinelRateLimiter {
		return fmt.Sprintf("DRL with Redis Sentinel Rate Limiter enabled (%s)", info)
	}

	return fmt.Sprintf("DRL with Redis Rate Limiter enabled (%s)", info)
}

Cognitive complexity: 12, Cyclomatic complexity: 7

HostAddrs returns a sanitized list of hosts to connect to.

func (config *StorageOptionsConf) HostAddrs() (addrs []string) {
	if len(config.Addrs) != 0 {
		addrs = config.Addrs
	} else {
		for h, p := range config.Hosts {
			addr := h + ":" + p
			addrs = append(addrs, addr)
		}
	}

	if len(addrs) == 0 && config.Port != 0 {
		addr := config.Host + ":" + strconv.Itoa(config.Port)
		addrs = append(addrs, addr)
	}

	return addrs
}

Cognitive complexity: 9, Cyclomatic complexity: 5

GetEventTriggers returns event triggers. There was a typo in the json tag. To maintain backward compatibility, this solution is chosen.

func (c Config) GetEventTriggers() map[apidef.TykEvent][]TykEventHandler {
	if c.EventTriggersDefunct == nil {
		return c.EventTriggers
	}

	if c.EventTriggers != nil {
		log.Info("Both event_trigers_defunct and event_triggers_defunct are configured in the config," +
			" event_triggers_defunct will be used.")
	}

	return c.EventTriggersDefunct
}

Cognitive complexity: 4, Cyclomatic complexity: 3

Match returns true if port is within the range

func (r PortRange) Match(port int) bool {
	return r.From <= port && r.To >= port
}

Cognitive complexity: 0, Cyclomatic complexity: 2

Match returns true if port is acceptable from the PortWhiteList.

func (p PortWhiteList) Match(port int) bool {
	for _, v := range p.Ports {
		if port == v {
			return true
		}
	}
	for _, r := range p.Ranges {
		if r.Match(port) {
			return true
		}
	}
	return false
}

Cognitive complexity: 10, Cyclomatic complexity: 5

GetOAuthTokensPurgeInterval returns purge interval for lapsed OAuth tokens.

func (p Private) GetOAuthTokensPurgeInterval() time.Duration {
	if p.OAuthTokensPurgeInterval != 0 {
		return time.Second * time.Duration(p.OAuthTokensPurgeInterval)
	}

	return time.Hour
}

Cognitive complexity: 2, Cyclomatic complexity: 2