{
	"$schema": "https://json-schema.org/draft/2020-12/schema",
	"$id": "https://json-schema.jbrumond.me/config",
	"title": "Configuration for app service",
	"type": "object",
	"properties": {
		"web": {
			"title": "Web Server Config",
			"description": "Configuration for the main HTTP(S) server",
			"type": "object",
			"properties": {
				"address": {
					"title": "Web Listener Address",
					"description": "Address to listen on for inbound connections",
					"type": "string",
					"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
					"default": "0.0.0.0",
					"example": "0.0.0.0"
				},
				"port": {
					"title": "Web Listener Port",
					"description": "Port number to listen on for inbound connections",
					"type": "integer",
					"minimum": 1,
					"maximum": 65535,
					"default": 8080,
					"example": 8080
				},
				"exposed_url": {
					"title": "Web Exposed URL",
					"description": "",
					"type": "string",
					"format": "uri",
					"example": "https://example.com"
				},
				"tls": {
					"title": "Web TLS Config",
					"description": "Configuration for TLS/SSL for the HTTP API",
					"oneOf": [
						{ "type": "boolean", "const": false },
						{
							"type": "object",
							"properties": {
								"key": { },
								"cert": { }
							},
							"required": [
								"key",
								"cert"
							]
						}
					]
				},
				"etag": {
					"title": "Web Etag Config",
					"description": "Controls the generation and validation of `Etag` headers. Each request type can have etags set to `weak`, `strong`, or `none`",
					"type": "object",
					"properties": {
						"static_assets": { "$ref": "#/$defs/etag_type" }
					}
				},
				"cache_control": {
					"title": "Web Cache-Control Config",
					"description": "Controls the generation of `Cache-Control` headers. Each request type has a full `Cache-Control` directive string defined",
					"type": "object",
					"properties": {
						"static_assets": { "$ref": "#/$defs/cache_control_directives" }
					}
				}
			},
			"required": [
				"address",
				"port"
			]
		},
		"metadata": {
			"title": "Metadata API Config",
			"description": "Configuration for the secondary metadata HTTP(S) server, used for health checks and other service meta-APIs",
			"type": "object",
			"properties": {
				"address": {
					"description": "Address to listen on for inbound connections",
					"type": "string",
					"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
					"default": "0.0.0.0",
					"example": "0.0.0.0"
				},
				"port": {
					"description": "Port number to listen on for inbound connections",
					"type": "integer",
					"minimum": 1,
					"maximum": 65535,
					"default": 8081,
					"example": 8081
				},
				"tls": {
					"title": "TLS Config",
					"description": "Configuration for TLS/SSL for the HTTP API",
					"oneOf": [
						{ "type": "boolean", "const": false },
						{
							"type": "object",
							"properties": { },
							"required": [ ]
						}
					]
				}
			},
			"required": [
				"address",
				"port"
			]
		},
		"oidc": {
			"title": "OpenID Connect (OIDC) Config",
			"description": "Configuration for the OpenID Connect (OIDC) provider and client",
			"type": "object",
			"properties": {
				"server_url": {
					"title": "OIDC Server Location",
					"description": "URL pointing to the OIDC provider service",
					"type": "string",
					"format": "uri"
				},
				"signing_algorithm": {
					"title": "",
					"description": "",
					"type": "string",
					"enum": [
						"ES512"
					]
				},
				"client_id": {
					"title": "",
					"description": "",
					"type": "string"
				},
				"client_secret": {
					"title": "",
					"description": "",
					"type": "string"
				}
			},
			"required": [ ]
		},
		"pkce_cookie": {
			"title": "PKCE Cookie Config",
			"description": "Configuration for the cookie used in the Proof Key for Code Exchange (PKCE) flow",
			"type": "object",
			"properties": {
				"name": {
					"title": "PKCE Cookie Name",
					"description": "The name of the cookie to store the PKCE code in",
					"type": "string",
					"default": "pkce_code"
				},
				"secure": {
					"title": "PKCE Cookie Secure",
					"description": "Sets the `Secure` directive on the PKCE code cookie (this should always be `true` in production)",
					"type": "boolean",
					"default": true
				},
				"ttl": {
					"title": "PKCE Cookie TTL",
					"description": "Time-to-live for the PKCE code cookie (in seconds)",
					"type": "integer",
					"default": 600
				}
			}
		},
		"session_cookie": {
			"title": "Session Cookie Config",
			"description": "Configuration for the cookie used in to store login session keys",
			"type": "object",
			"properties": {
				"name": {
					"title": "Session Cookie Name",
					"description": "The name of the cookie to store the session key in",
					"type": "string",
					"default": "pkce_code"
				},
				"secure": {
					"title": "Session Cookie Secure",
					"description": "Sets the `Secure` directive on the session key cookie (this should always be `true` in production)",
					"type": "boolean",
					"default": true
				},
				"ttl": {
					"title": "Session Cookie TTL",
					"description": "Time-to-live for the session key cookie (in seconds)",
					"type": "integer",
					"default": 7200
				}
			}
		}
	},
	"required": [
		"web",
		"metadata",
		"oidc"
	],
	"$defs": {
		"etag_type": {
			"type": "string",
			"enum": [
				"none",
				"weak",
				"strong"
			]
		},
		"cache_control_directives": {
			"description": "A full `Cache-Control` directives string",
			"type": "string",
			"example": "public, max-age=3600"
		}
	}
}