diff options
| author | BoHong Li | 2017-04-13 01:57:55 +0800 |
|---|---|---|
| committer | Raccoon Li | 2017-05-08 19:29:07 +0800 |
| commit | ecb05336055a37ba8a03c119995cd37d96aad90d (patch) | |
| tree | f6815f5ce06befbe3bdb51cfd941d2c6edaf51a0 /lib | |
| parent | 4738ba7d364111adeb2eb2036d0b24d53a80c0c7 (diff) | |
refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
Diffstat (limited to '')
| -rw-r--r-- | lib/config.js | 223 | ||||
| -rw-r--r-- | lib/config/default.js | 92 | ||||
| -rw-r--r-- | lib/config/defaultSSL.js | 17 | ||||
| -rw-r--r-- | lib/config/dockerSecret.js | 51 | ||||
| -rw-r--r-- | lib/config/enum.js | 16 | ||||
| -rw-r--r-- | lib/config/environment.js | 64 | ||||
| -rw-r--r-- | lib/config/index.js | 112 | ||||
| -rw-r--r-- | lib/config/oldEnvironment.js | 8 | ||||
| -rw-r--r-- | lib/models/index.js | 5 | ||||
| -rw-r--r-- | lib/realtime.js | 5 | ||||
| -rwxr-xr-x | lib/response.js | 32 | ||||
| -rw-r--r-- | lib/web/auth/index.js | 16 |
12 files changed, 390 insertions, 251 deletions
diff --git a/lib/config.js b/lib/config.js deleted file mode 100644 index 31999b07..00000000 --- a/lib/config.js +++ /dev/null @@ -1,223 +0,0 @@ -'use strict' -// external modules -var fs = require('fs') -var path = require('path') - -// configs -var env = process.env.NODE_ENV || 'development' -var config = require(path.join(__dirname, '..', 'config.json'))[env] -var debug = process.env.DEBUG ? (process.env.DEBUG === 'true') : ((typeof config.debug === 'boolean') ? config.debug : (env === 'development')) - -// Create function that reads docker secrets but fails fast in case of a non docker environment -var handleDockerSecret = fs.existsSync('/run/secrets/') ? function (secret) { - return fs.existsSync('/run/secrets/' + secret) ? fs.readFileSync('/run/secrets/' + secret) : null -} : function () { - return null -} - -// url -var domain = process.env.DOMAIN || process.env.HMD_DOMAIN || config.domain || '' -var urlpath = process.env.URL_PATH || process.env.HMD_URL_PATH || config.urlpath || '' -var port = process.env.PORT || process.env.HMD_PORT || config.port || 3000 -var alloworigin = process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : (config.alloworigin || ['localhost']) - -var usessl = !!config.usessl -var protocolusessl = (usessl === true && typeof process.env.HMD_PROTOCOL_USESSL === 'undefined' && typeof config.protocolusessl === 'undefined') - ? true : (process.env.HMD_PROTOCOL_USESSL ? (process.env.HMD_PROTOCOL_USESSL === 'true') : !!config.protocolusessl) -var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === 'true') : !!config.urladdport - -var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true) - -var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true) - -var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl - -var permissions = ['editable', 'limited', 'locked', 'protected', 'private'] -if (allowanonymous) { - permissions.unshift('freely') -} - -var defaultpermission = process.env.HMD_DEFAULT_PERMISSION || config.defaultpermission -defaultpermission = permissions.indexOf(defaultpermission) !== -1 ? defaultpermission : 'editable' - -// db -var dburl = process.env.HMD_DB_URL || process.env.DATABASE_URL || config.dburl -var db = config.db || {} - -// ssl path -var sslkeypath = (fs.existsSync('/run/secrets/key.pem') ? '/run/secrets/key.pem' : null) || config.sslkeypath || '' -var sslcertpath = (fs.existsSync('/run/secrets/cert.pem') ? '/run/secrets/cert.pem' : null) || config.sslcertpath || '' -var sslcapath = (fs.existsSync('/run/secrets/ca.pem') ? '/run/secrets/ca.pem' : null) || config.sslcapath || '' -var dhparampath = (fs.existsSync('/run/secrets/dhparam.pem') ? '/run/secrets/dhparam.pem' : null) || config.dhparampath || '' - -// other path -var tmppath = config.tmppath || './tmp' -var defaultnotepath = config.defaultnotepath || './public/default.md' -var docspath = config.docspath || './public/docs' -var indexpath = config.indexpath || './public/views/index.ejs' -var hackmdpath = config.hackmdpath || './public/views/hackmd.ejs' -var errorpath = config.errorpath || './public/views/error.ejs' -var prettypath = config.prettypath || './public/views/pretty.ejs' -var slidepath = config.slidepath || './public/views/slide.ejs' - -// session -var sessionname = config.sessionname || 'connect.sid' -var sessionsecret = handleDockerSecret('sessionsecret') || config.sessionsecret || 'secret' -var sessionlife = config.sessionlife || 14 * 24 * 60 * 60 * 1000 // 14 days - -// static files -var staticcachetime = config.staticcachetime || 1 * 24 * 60 * 60 * 1000 // 1 day - -// socket.io -var heartbeatinterval = config.heartbeatinterval || 5000 -var heartbeattimeout = config.heartbeattimeout || 10000 - -// document -var documentmaxlength = config.documentmaxlength || 100000 - -// image upload setting, available options are imgur/s3/filesystem -var imageUploadType = process.env.HMD_IMAGE_UPLOAD_TYPE || config.imageUploadType || 'imgur' - -config.s3 = config.s3 || {} -var s3 = { - accessKeyId: handleDockerSecret('s3_acccessKeyId') || process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId, - secretAccessKey: handleDockerSecret('s3_secretAccessKey') || process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey, - region: process.env.HMD_S3_REGION || config.s3.region -} -var s3bucket = process.env.HMD_S3_BUCKET || config.s3.bucket - -// auth -var facebook = ((process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET) || (fs.existsSync('/run/secrets/facebook_clientID') && fs.existsSync('/run/secrets/facebook_clientSecret'))) ? { - clientID: handleDockerSecret('facebook_clientID') || process.env.HMD_FACEBOOK_CLIENTID, - clientSecret: handleDockerSecret('facebook_clientSecret') || process.env.HMD_FACEBOOK_CLIENTSECRET -} : config.facebook || false -var twitter = ((process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET) || (fs.existsSync('/run/secrets/twitter_consumerKey') && fs.existsSync('/run/secrets/twitter_consumerSecret'))) ? { - consumerKey: handleDockerSecret('twitter_consumerKey') || process.env.HMD_TWITTER_CONSUMERKEY, - consumerSecret: handleDockerSecret('twitter_consumerSecret') || process.env.HMD_TWITTER_CONSUMERSECRET -} : config.twitter || false -var github = ((process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET) || (fs.existsSync('/run/secrets/github_clientID') && fs.existsSync('/run/secrets/github_clientSecret'))) ? { - clientID: handleDockerSecret('github_clientID') || process.env.HMD_GITHUB_CLIENTID, - clientSecret: handleDockerSecret('github_clientSecret') || process.env.HMD_GITHUB_CLIENTSECRET -} : config.github || false -var gitlab = ((process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET) || (fs.existsSync('/run/secrets/gitlab_clientID') && fs.existsSync('/run/secrets/gitlab_clientSecret'))) ? { - baseURL: process.env.HMD_GITLAB_BASEURL, - clientID: handleDockerSecret('gitlab_clientID') || process.env.HMD_GITLAB_CLIENTID, - clientSecret: handleDockerSecret('gitlab_clientSecret') || process.env.HMD_GITLAB_CLIENTSECRET, - scope: process.env.HMD_GITLAB_SCOPE -} : (config.gitlab && config.gitlab.clientID && config.gitlab.clientSecret && config.gitlab) || false -var dropbox = ((process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET) || (fs.existsSync('/run/secrets/dropbox_clientID') && fs.existsSync('/run/secrets/dropbox_clientSecret'))) ? { - clientID: handleDockerSecret('dropbox_clientID') || process.env.HMD_DROPBOX_CLIENTID, - clientSecret: handleDockerSecret('dropbox_clientSecret') || process.env.HMD_DROPBOX_CLIENTSECRET -} : (config.dropbox && config.dropbox.clientID && config.dropbox.clientSecret && config.dropbox) || false -var google = ((process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET) || - (fs.existsSync('/run/secrets/google_clientID') && fs.existsSync('/run/secrets/google_clientSecret'))) ? { - clientID: handleDockerSecret('google_clientID') || process.env.HMD_GOOGLE_CLIENTID, - clientSecret: handleDockerSecret('google_clientSecret') || process.env.HMD_GOOGLE_CLIENTSECRET - } : (config.google && config.google.clientID && config.google.clientSecret && config.google) || false -var ldap = config.ldap || (( - process.env.HMD_LDAP_URL || - process.env.HMD_LDAP_BINDDN || - process.env.HMD_LDAP_BINDCREDENTIALS || - process.env.HMD_LDAP_TOKENSECRET || - process.env.HMD_LDAP_SEARCHBASE || - process.env.HMD_LDAP_SEARCHFILTER || - process.env.HMD_LDAP_SEARCHATTRIBUTES || - process.env.HMD_LDAP_TLS_CA || - process.env.HMD_LDAP_PROVIDERNAME -) ? {} : false) -if (process.env.HMD_LDAP_URL) { ldap.url = process.env.HMD_LDAP_URL } -if (process.env.HMD_LDAP_BINDDN) { ldap.bindDn = process.env.HMD_LDAP_BINDDN } -if (process.env.HMD_LDAP_BINDCREDENTIALS) { ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS } -if (process.env.HMD_LDAP_TOKENSECRET) { ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET } -if (process.env.HMD_LDAP_SEARCHBASE) { ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE } -if (process.env.HMD_LDAP_SEARCHFILTER) { ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER } -if (process.env.HMD_LDAP_SEARCHATTRIBUTES) { ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES } -if (process.env.HMD_LDAP_TLS_CA) { - var ca = { - ca: process.env.HMD_LDAP_TLS_CA.split(',') - } - ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca - if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) { - var i, len, results - results = [] - for (i = 0, len = ldap.tlsOptions.ca.length; i < len; i++) { - results.push(fs.readFileSync(ldap.tlsOptions.ca[i], 'utf8')) - } - ldap.tlsOptions.ca = results - } -} -if (process.env.HMD_LDAP_PROVIDERNAME) { - ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME -} -var imgur = handleDockerSecret('imgur_clientid') || process.env.HMD_IMGUR_CLIENTID || config.imgur || false -var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email -var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true) - -function getserverurl () { - var url = '' - if (domain) { - var protocol = protocolusessl ? 'https://' : 'http://' - url = protocol + domain - if (urladdport && ((usessl && port !== 443) || (!usessl && port !== 80))) { url += ':' + port } - } - if (urlpath) { url += '/' + urlpath } - return url -} - -var version = '0.5.1' -var minimumCompatibleVersion = '0.5.0' -var maintenance = true -var cwd = path.join(__dirname, '..') - -module.exports = { - raw: config, - handleDockerSecret: handleDockerSecret, - version: version, - minimumCompatibleVersion: minimumCompatibleVersion, - maintenance: maintenance, - domain: domain, - urlpath: urlpath, - debug: debug, - port: port, - alloworigin: alloworigin, - usessl: usessl, - serverurl: getserverurl(), - usecdn: usecdn, - allowanonymous: allowanonymous, - allowfreeurl: allowfreeurl, - defaultpermission: defaultpermission, - dburl: dburl, - db: db, - sslkeypath: path.join(cwd, sslkeypath), - sslcertpath: path.join(cwd, sslcertpath), - sslcapath: path.join(cwd, sslcapath), - dhparampath: path.join(cwd, dhparampath), - tmppath: path.join(cwd, tmppath), - defaultnotepath: path.join(cwd, defaultnotepath), - docspath: path.join(cwd, docspath), - indexpath: path.join(cwd, indexpath), - hackmdpath: path.join(cwd, hackmdpath), - errorpath: path.join(cwd, errorpath), - prettypath: path.join(cwd, prettypath), - slidepath: path.join(cwd, slidepath), - sessionname: sessionname, - sessionsecret: sessionsecret, - sessionlife: sessionlife, - staticcachetime: staticcachetime, - heartbeatinterval: heartbeatinterval, - heartbeattimeout: heartbeattimeout, - documentmaxlength: documentmaxlength, - facebook: facebook, - twitter: twitter, - github: github, - gitlab: gitlab, - dropbox: dropbox, - google: google, - ldap: ldap, - imgur: imgur, - email: email, - allowemailregister: allowemailregister, - imageUploadType: imageUploadType, - s3: s3, - s3bucket: s3bucket -} diff --git a/lib/config/default.js b/lib/config/default.js new file mode 100644 index 00000000..a14a4294 --- /dev/null +++ b/lib/config/default.js @@ -0,0 +1,92 @@ +'use strict' + +module.exports = { + domain: '', + urlpath: '', + port: 3000, + urladdport: false, + alloworigin: ['localhost'], + usessl: false, + protocolusessl: false, + usecdn: true, + allowanonymous: true, + allowfreeurl: false, + defaultpermission: 'editable', + dburl: '', + db: {}, + // ssl path + sslkeypath: '', + sslcertpath: '', + sslcapath: '', + dhparampath: '', + // other path + tmppath: './tmp', + defaultnotepath: './public/default.md', + docspath: './public/docs', + indexpath: './public/views/index.ejs', + hackmdpath: './public/views/hackmd.ejs', + errorpath: './public/views/error.ejs', + prettypath: './public/views/pretty.ejs', + slidepath: './public/views/slide.ejs', + // session + sessionname: 'connect.sid', + sessionsecret: 'secret', + sessionlife: 14 * 24 * 60 * 60 * 1000, // 14 days + staticcachetime: 1 * 24 * 60 * 60 * 1000, // 1 day + // socket.io + heartbeatinterval: 5000, + heartbeattimeout: 10000, + // document + documentmaxlength: 100000, + // image upload setting, available options are imgur/s3/filesystem + imageUploadType: 'filesystem', + imgur: { + clientID: undefined + }, + s3: { + accessKeyId: undefined, + secretAccessKey: undefined, + region: undefined + }, + s3bucket: undefined, + // authentication + facebook: { + clientID: undefined, + clientSecret: undefined + }, + twitter: { + consumerKey: undefined, + consumerSecret: undefined + }, + github: { + clientID: undefined, + clientSecret: undefined + }, + gitlab: { + baseURL: undefined, + clientID: undefined, + clientSecret: undefined, + scope: undefined + }, + dropbox: { + clientID: undefined, + clientSecret: undefined + }, + google: { + clientID: undefined, + clientSecret: undefined + }, + ldap: { + providerName: undefined, + url: undefined, + bindDn: undefined, + bindCredentials: undefined, + tokenSecret: undefined, + searchBase: undefined, + searchFilter: undefined, + searchAttributes: undefined, + tlsca: undefined + }, + email: true, + allowemailregister: true +} diff --git a/lib/config/defaultSSL.js b/lib/config/defaultSSL.js new file mode 100644 index 00000000..1f1d5590 --- /dev/null +++ b/lib/config/defaultSSL.js @@ -0,0 +1,17 @@ +'use strict' + +const fs = require('fs') + +function getFile (path) { + if (fs.existsSync(path)) { + return path + } + return undefined +} + +module.exports = { + sslkeypath: getFile('/run/secrets/key.pem'), + sslcertpath: getFile('/run/secrets/cert.pem'), + sslcapath: getFile('/run/secrets/ca.pem'), + dhparampath: getFile('/run/secrets/dhparam.pem') +} diff --git a/lib/config/dockerSecret.js b/lib/config/dockerSecret.js new file mode 100644 index 00000000..eea2fafd --- /dev/null +++ b/lib/config/dockerSecret.js @@ -0,0 +1,51 @@ +'use strict' + +const fs = require('fs') +const path = require('path') + +const basePath = path.resolve('/var/run/secrets/') + +function getSecret (secret) { + const filePath = path.join(basePath, secret) + if (fs.existsSync(filePath)) return fs.readFileSync(filePath) + return undefined +} + +if (fs.existsSync(basePath)) { + module.exports = { + sessionsecret: getSecret('sessionsecret'), + sslkeypath: getSecret('sslkeypath'), + sslcertpath: getSecret('sslcertpath'), + sslcapath: getSecret('sslcapath'), + dhparampath: getSecret('dhparampath'), + s3: { + accessKeyId: getSecret('s3_acccessKeyId'), + secretAccessKey: getSecret('s3_secretAccessKey') + }, + facebook: { + clientID: getSecret('facebook_clientID'), + clientSecret: getSecret('facebook_clientSecret') + }, + twitter: { + consumerKey: getSecret('twitter_consumerKey'), + consumerSecret: getSecret('twitter_consumerSecret') + }, + github: { + clientID: getSecret('github_clientID'), + clientSecret: getSecret('github_clientSecret') + }, + gitlab: { + clientID: getSecret('gitlab_clientID'), + clientSecret: getSecret('gitlab_clientSecret') + }, + dropbox: { + clientID: getSecret('dropbox_clientID'), + clientSecret: getSecret('dropbox_clientSecret') + }, + google: { + clientID: getSecret('google_clientID'), + clientSecret: getSecret('google_clientSecret') + }, + imgur: getSecret('imgur_clientid') + } +} diff --git a/lib/config/enum.js b/lib/config/enum.js new file mode 100644 index 00000000..07cdfcfe --- /dev/null +++ b/lib/config/enum.js @@ -0,0 +1,16 @@ +'use strict' + +exports.Environment = { + development: 'development', + production: 'production', + test: 'test' +} + +exports.Permission = { + freely: 'freely', + editable: 'editable', + limited: 'limited', + locked: 'locked', + protected: 'protected', + private: 'private' +} diff --git a/lib/config/environment.js b/lib/config/environment.js new file mode 100644 index 00000000..75a5bc54 --- /dev/null +++ b/lib/config/environment.js @@ -0,0 +1,64 @@ +'use strict' + +module.exports = { + domain: process.env.HMD_DOMAIN, + urlpath: process.env.HMD_URL_PATH, + port: process.env.HMD_PORT, + urladdport: process.env.HMD_URL_ADDPORT, + usessl: process.env.HMD_PROTOCOL_USESSL, + alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined, + usecdn: process.env.HMD_USECDN, + allowanonymous: process.env.HMD_ALLOW_ANONYMOUS, + allowfreeurl: process.env.HMD_ALLOW_FREEURL, + defaultpermission: process.env.HMD_DEFAULT_PERMISSION, + dburl: process.env.HMD_DB_URL, + imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE, + imgur: { + clientID: process.env.HMD_IMGUR_CLIENTID + }, + s3: { + accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID, + secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY, + region: process.env.HMD_S3_REGION + }, + s3bucket: process.env.HMD_S3_BUCKET, + facebook: { + clientID: process.env.HMD_FACEBOOK_CLIENTID, + clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET + }, + twitter: { + consumerKey: process.env.HMD_TWITTER_CONSUMERKEY, + consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET + }, + github: { + clientID: process.env.HMD_GITHUB_CLIENTID, + clientSecret: process.env.HMD_GITHUB_CLIENTSECRET + }, + gitlab: { + baseURL: process.env.HMD_GITLAB_BASEURL, + clientID: process.env.HMD_GITLAB_CLIENTID, + clientSecret: process.env.HMD_GITLAB_CLIENTSECRET, + scope: process.env.HMD_GITLAB_SCOPE + }, + dropbox: { + clientID: process.env.HMD_DROPBOX_CLIENTID, + clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET + }, + google: { + clientID: process.env.HMD_GOOGLE_CLIENTID, + clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET + }, + ldap: { + providerName: process.env.HMD_LDAP_PROVIDERNAME, + url: process.env.HMD_LDAP_URL, + bindDn: process.env.HMD_LDAP_BINDDN, + bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS, + tokenSecret: process.env.HMD_LDAP_TOKENSECRET, + searchBase: process.env.HMD_LDAP_SEARCHBASE, + searchFilter: process.env.HMD_LDAP_SEARCHFILTER, + searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES, + tlsca: process.env.HMD_LDAP_TLS_CA + }, + email: process.env.HMD_EMAIL, + allowemailregister: process.env.HMD_ALLOW_EMAIL_REGISTER +} diff --git a/lib/config/index.js b/lib/config/index.js new file mode 100644 index 00000000..6bc9a419 --- /dev/null +++ b/lib/config/index.js @@ -0,0 +1,112 @@ +'use strict' + +const fs = require('fs') +const path = require('path') +const {merge} = require('lodash') +const deepFreeze = require('deep-freeze') +const {Environment, Permission} = require('./enum') + +const appRootPath = path.join(__dirname, '../../') +const env = process.env.NODE_ENV || Environment.development +const debugConfig = { + debug: (env === Environment.development) +} + +const packageConfig = { + version: '0.5.1', + minimumCompatibleVersion: '0.5.0' +} + +const configFilePath = path.join(__dirname, '../../config.json') +const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined + +let config = require('./default') +merge(config, require('./defaultSSL')) +merge(config, debugConfig) +merge(config, packageConfig) +merge(config, fileConfig) +merge(config, require('./oldEnvironment')) +merge(config, require('./environment')) +merge(config, require('./dockerSecret')) + +// load LDAP CA +if (config.ldap.tlsca) { + let ca = config.ldap.tlsca.split(',') + let caContent = [] + for (let i of ca) { + if (fs.existsSync(ca[i])) { + caContent.push(fs.readFileSync(ca[i], 'utf8')) + } + } + let tlsOptions = { + ca: caContent + } + config.ldap.tlsOptions = config.ldap.tlsOptions ? Object.assign(config.ldap.tlsOptions, tlsOptions) : tlsOptions +} + +// Permission +config.permission = Permission +if (!config.allowanonymous) { + delete config.permission.freely +} +if (!(config.defaultpermission in config.permission)) { + config.defaultpermission = config.permission.editable +} + +// cache result, cannot change config in runtime!!! +config.isStandardHTTPsPort = (function isStandardHTTPsPort () { + return config.usessl && config.port === 443 +})() +config.isStandardHTTPPort = (function isStandardHTTPPort () { + return !config.usessl && config.port === 80 +})() + +// cache serverURL +config.serverurl = (function getserverurl () { + var url = '' + if (config.domain) { + var protocol = config.protocolusessl ? 'https://' : 'http://' + url = protocol + config.domain + if (config.urladdport) { + if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) { + url += ':' + config.port + } + } + } + if (config.urlpath) { + url += '/' + config.urlpath + } + return url +})() + +config.Environment = Environment + +// auth method +config.isFacebookEnable = config.facebook.clientID && config.facebook.clientSecret +config.isGoogleEnable = config.google.clientID && config.google.clientSecret +config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret +config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret +config.isEmailEnable = config.email +config.isGitHubEnable = config.github.clientID && config.github.clientSecret +config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret +config.isLDAPEnable = config.ldap.url + +// generate correct path +config.sslcapath = path.join(appRootPath, config.sslcapath) +config.sslcertpath = path.join(appRootPath, config.sslcertpath) +config.sslkeypath = path.join(appRootPath, config.sslkeypath) +config.dhparampath = path.join(appRootPath, config.dhparampath) + +config.tmppath = path.join(appRootPath, config.tmppath) +config.defaultnotepath = path.join(appRootPath, config.defaultnotepath) +config.docspath = path.join(appRootPath, config.docspath) +config.indexpath = path.join(appRootPath, config.indexpath) +config.hackmdpath = path.join(appRootPath, config.hackmdpath) +config.errorpath = path.join(appRootPath, config.errorpath) +config.prettypath = path.join(appRootPath, config.prettypath) +config.slidepath = path.join(appRootPath, config.slidepath) + +// maek config readonly +config = deepFreeze(config) + +module.exports = config diff --git a/lib/config/oldEnvironment.js b/lib/config/oldEnvironment.js new file mode 100644 index 00000000..00324e4b --- /dev/null +++ b/lib/config/oldEnvironment.js @@ -0,0 +1,8 @@ +'use strict' + +module.exports = { + debug: process.env.DEBUG, + dburl: process.env.DATABASE_URL, + urlpath: process.env.URL_PATH, + port: process.env.PORT +} diff --git a/lib/models/index.js b/lib/models/index.js index 458d5319..0679a7fc 100644 --- a/lib/models/index.js +++ b/lib/models/index.js @@ -3,13 +3,14 @@ var fs = require('fs') var path = require('path') var Sequelize = require('sequelize') +const {cloneDeep} = require('lodash') // core var config = require('../config') var logger = require('../logger') -var dbconfig = config.db -dbconfig.logging = config.debug ? logger.info : false +var dbconfig = cloneDeep(config.db) +dbconfig.logger = config.debug ? logger.info : false var sequelize = null diff --git a/lib/realtime.js b/lib/realtime.js index 884edbbc..361bbf09 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -28,7 +28,8 @@ var realtime = { secure: secure, connection: connection, getStatus: getStatus, - isReady: isReady + isReady: isReady, + maintenance: true } function onAuthorizeSuccess (data, accept) { @@ -699,7 +700,7 @@ function updateHistory (userId, note, time) { } function connection (socket) { - if (config.maintenance) return + if (realtime.maintenance) return parseNoteIdFromSocket(socket, function (err, noteId) { if (err) { return failConnection(500, err, socket) diff --git a/lib/response.js b/lib/response.js index 1d1db319..a9abd1d4 100755 --- a/lib/response.js +++ b/lib/response.js @@ -59,14 +59,14 @@ function showIndex (req, res, next) { url: config.serverurl, useCDN: config.usecdn, allowAnonymous: config.allowanonymous, - facebook: config.facebook, - twitter: config.twitter, - github: config.github, - gitlab: config.gitlab, - dropbox: config.dropbox, - google: config.google, - ldap: config.ldap, - email: config.email, + facebook: config.isFacebookEnable, + twitter: config.isTwitterEnable, + github: config.isGitHubEnable, + gitlab: config.isGitLabEnable, + dropbox: config.isDropboxEnable, + google: config.isGoogleEnable, + ldap: config.isLDAPEnable, + email: config.isEmailEnable, allowemailregister: config.allowemailregister, signin: req.isAuthenticated(), infoMessage: req.flash('info'), @@ -89,14 +89,14 @@ function responseHackMD (res, note) { title: title, useCDN: config.usecdn, allowAnonymous: config.allowanonymous, - facebook: config.facebook, - twitter: config.twitter, - github: config.github, - gitlab: config.gitlab, - dropbox: config.dropbox, - google: config.google, - ldap: config.ldap, - email: config.email, + facebook: config.isFacebookEnable, + twitter: config.isTwitterEnable, + github: config.isGitHubEnable, + gitlab: config.isGitLabEnable, + dropbox: config.isDropboxEnable, + google: config.isGoogleEnable, + ldap: config.isLDAPEnable, + email: config.isEmailEnable, allowemailregister: config.allowemailregister }) } diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js index 8a4eb774..b5ca8434 100644 --- a/lib/web/auth/index.js +++ b/lib/web/auth/index.js @@ -29,14 +29,14 @@ passport.deserializeUser(function (id, done) { }) }) -if (config.facebook) authRouter.use(require('./facebook')) -if (config.twitter) authRouter.use(require('./twitter')) -if (config.github) authRouter.use(require('./github')) -if (config.gitlab) authRouter.use(require('./gitlab')) -if (config.dropbox) authRouter.use(require('./dropbox')) -if (config.google) authRouter.use(require('./google')) -if (config.ldap) authRouter.use(require('./ldap')) -if (config.email) authRouter.use(require('./email')) +if (config.isFacebookEnable) authRouter.use(require('./facebook')) +if (config.isTwitterEnable) authRouter.use(require('./twitter')) +if (config.isGitHubEnable) authRouter.use(require('./github')) +if (config.isGitLabEnable) authRouter.use(require('./gitlab')) +if (config.isDropboxEnable) authRouter.use(require('./dropbox')) +if (config.isGoogleEnable) authRouter.use(require('./google')) +if (config.isLDAPEnable) authRouter.use(require('./ldap')) +if (config.isEmailEnable) authRouter.use(require('./email')) // logout authRouter.get('/logout', function (req, res) { |