diff options
Diffstat (limited to '')
-rw-r--r-- | lib/config/default.js | 8 | ||||
-rw-r--r-- | lib/config/dockerSecret.js | 11 | ||||
-rw-r--r-- | lib/config/environment.js | 9 | ||||
-rw-r--r-- | lib/config/hackmdEnvironment.js | 5 | ||||
-rw-r--r-- | lib/config/index.js | 26 | ||||
-rw-r--r-- | lib/config/oldEnvironment.js | 2 |
6 files changed, 40 insertions, 21 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index 9e401f38..12254d47 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -56,10 +56,15 @@ module.exports = { // socket.io heartbeatInterval: 5000, heartbeatTimeout: 10000, + // too busy timeout + tooBusyLag: 70, // document documentMaxLength: 100000, - // image upload setting, available options are imgur/s3/filesystem/azure + // image upload setting, available options are imgur/s3/filesystem/azure/lutim imageUploadType: 'filesystem', + lutim: { + url: 'https://framapic.org/' + }, imgur: { clientID: undefined }, @@ -138,6 +143,7 @@ module.exports = { idpCert: undefined, issuer: undefined, identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + disableRequestedAuthnContext: false, groupAttribute: undefined, externalGroups: [], requiredGroups: [], diff --git a/lib/config/dockerSecret.js b/lib/config/dockerSecret.js index fd66ddfe..50bf7fe2 100644 --- a/lib/config/dockerSecret.js +++ b/lib/config/dockerSecret.js @@ -13,11 +13,12 @@ function getSecret (secret) { if (fs.existsSync(basePath)) { module.exports = { - sessionsecret: getSecret('sessionsecret'), - sslkeypath: getSecret('sslkeypath'), - sslcertpath: getSecret('sslcertpath'), - sslcapath: getSecret('sslcapath'), - dhparampath: getSecret('dhparampath'), + dbURL: getSecret('dbURL'), + sessionSecret: getSecret('sessionsecret'), + sslKeyPath: getSecret('sslkeypath'), + sslCertPath: getSecret('sslcertpath'), + sslCAPath: getSecret('sslcapath'), + dhParamPath: getSecret('dhparampath'), s3: { accessKeyId: getSecret('s3_acccessKeyId'), secretAccessKey: getSecret('s3_secretAccessKey') diff --git a/lib/config/environment.js b/lib/config/environment.js index cdf87871..716f8b75 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -1,6 +1,6 @@ 'use strict' -const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils') +const { toBooleanConfig, toArrayConfig, toIntegerConfig } = require('./utils') module.exports = { sourceURL: process.env.CMD_SOURCE_URL, @@ -14,7 +14,7 @@ module.exports = { useSSL: toBooleanConfig(process.env.CMD_USESSL), hsts: { enable: toBooleanConfig(process.env.CMD_HSTS_ENABLE), - maxAgeSeconds: process.env.CMD_HSTS_MAX_AGE, + maxAgeSeconds: toIntegerConfig(process.env.CMD_HSTS_MAX_AGE), includeSubdomains: toBooleanConfig(process.env.CMD_HSTS_INCLUDE_SUBDOMAINS), preload: toBooleanConfig(process.env.CMD_HSTS_PRELOAD) }, @@ -33,6 +33,7 @@ module.exports = { dbURL: process.env.CMD_DB_URL, sessionSecret: process.env.CMD_SESSION_SECRET, sessionLife: toIntegerConfig(process.env.CMD_SESSION_LIFE), + tooBusyLag: toIntegerConfig(process.env.CMD_TOOBUSY_LAG), imageUploadType: process.env.CMD_IMAGE_UPLOAD_TYPE, imgur: { clientID: process.env.CMD_IMGUR_CLIENTID @@ -50,6 +51,9 @@ module.exports = { secure: toBooleanConfig(process.env.CMD_MINIO_SECURE), port: toIntegerConfig(process.env.CMD_MINIO_PORT) }, + lutim: { + url: process.env.CMD_LUTIM_URL + }, s3bucket: process.env.CMD_S3_BUCKET, azure: { connectionString: process.env.CMD_AZURE_CONNECTION_STRING, @@ -116,6 +120,7 @@ module.exports = { idpCert: process.env.CMD_SAML_IDPCERT, issuer: process.env.CMD_SAML_ISSUER, identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT, + disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT), groupAttribute: process.env.CMD_SAML_GROUPATTRIBUTE, externalGroups: toArrayConfig(process.env.CMD_SAML_EXTERNALGROUPS, '|', []), requiredGroups: toArrayConfig(process.env.CMD_SAML_REQUIREDGROUPS, '|', []), diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js index e1c11569..dcfda0bc 100644 --- a/lib/config/hackmdEnvironment.js +++ b/lib/config/hackmdEnvironment.js @@ -1,6 +1,6 @@ 'use strict' -const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils') +const { toBooleanConfig, toArrayConfig, toIntegerConfig } = require('./utils') module.exports = { domain: process.env.HMD_DOMAIN, @@ -10,7 +10,7 @@ module.exports = { useSSL: toBooleanConfig(process.env.HMD_USESSL), hsts: { enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE), - maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE, + maxAgeSeconds: toIntegerConfig(process.env.HMD_HSTS_MAX_AGE), includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS), preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD) }, @@ -109,6 +109,7 @@ module.exports = { idpCert: process.env.HMD_SAML_IDPCERT, issuer: process.env.HMD_SAML_ISSUER, identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT, + disableRequestedAuthnContext: toBooleanConfig(process.env.HMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT), groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE, externalGroups: toArrayConfig(process.env.HMD_SAML_EXTERNALGROUPS, '|', []), requiredGroups: toArrayConfig(process.env.HMD_SAML_REQUIREDGROUPS, '|', []), diff --git a/lib/config/index.js b/lib/config/index.js index cbe6c39c..ee4817b3 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -4,11 +4,11 @@ const crypto = require('crypto') const fs = require('fs') const path = require('path') -const {merge} = require('lodash') +const { merge } = require('lodash') const deepFreeze = require('deep-freeze') -const {Environment, Permission} = require('./enum') +const { Environment, Permission } = require('./enum') const logger = require('../logger') -const {getGitCommit, getGitHubURL} = require('./utils') +const { getGitCommit, getGitHubURL } = require('./utils') const appRootPath = path.resolve(__dirname, '../../') const env = process.env.NODE_ENV || Environment.development @@ -17,7 +17,7 @@ const debugConfig = { } // Get version string from package.json -const {version, repository} = require(path.join(appRootPath, 'package.json')) +const { version, repository } = require(path.join(appRootPath, 'package.json')) const commitID = getGitCommit(appRootPath) const sourceURL = getGitHubURL(repository.url, commitID || version) @@ -128,7 +128,7 @@ if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== config.gitlab.version = 'v4' } // If gitlab scope is api, enable snippets Export/import -config.isGitlabSnippetsEnable = (!config.gitlab.scope || config.gitlab.scope === 'api') +config.isGitlabSnippetsEnable = (!config.gitlab.scope || config.gitlab.scope === 'api') && config.isGitLabEnable // Only update i18n files in development setups config.updateI18nFiles = (env === Environment.development) @@ -152,20 +152,20 @@ for (let i = keys.length; i--;) { // Notify users about the prefix change and inform them they use legacy prefix for environment variables if (Object.keys(process.env).toString().indexOf('HMD_') !== -1) { - logger.warn('Using legacy HMD prefix for environment variables. Please change your variables in future. For details see: https://github.com/hackmdio/codimd#environment-variables-will-overwrite-other-server-configs') + logger.warn('Using legacy HMD prefix for environment variables. Please change your variables in future. For details see: https://github.com/codimd/server#environment-variables-will-overwrite-other-server-configs') } // Generate session secret if it stays on default values if (config.sessionSecret === 'secret') { logger.warn('Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.') config.sessionSecret = crypto.randomBytes(Math.ceil(config.sessionSecretLen / 2)) // generate crypto graphic random number - .toString('hex') // convert to hexadecimal format - .slice(0, config.sessionSecretLen) // return required number of characters + .toString('hex') // convert to hexadecimal format + .slice(0, config.sessionSecretLen) // return required number of characters } // Validate upload upload providers -if (['filesystem', 's3', 'minio', 'imgur', 'azure'].indexOf(config.imageUploadType) === -1) { - logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio", "azure" or "imgur". Defaulting to "filesystem"') +if (['filesystem', 's3', 'minio', 'imgur', 'azure', 'lutim'].indexOf(config.imageUploadType) === -1) { + logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio", "azure", "lutim" or "imgur". Defaulting to "filesystem"') config.imageUploadType = 'filesystem' } @@ -189,6 +189,12 @@ switch (config.imageUploadType) { ] } +// Disable PDF export due to security issue +if (config.allowPDFExport) { + config.allowPDFExport = false + logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.') +} + // generate correct path config.sslCAPath.forEach(function (capath, i, array) { array[i] = path.resolve(appRootPath, capath) diff --git a/lib/config/oldEnvironment.js b/lib/config/oldEnvironment.js index a3b13cb9..06047553 100644 --- a/lib/config/oldEnvironment.js +++ b/lib/config/oldEnvironment.js @@ -1,6 +1,6 @@ 'use strict' -const {toBooleanConfig} = require('./utils') +const { toBooleanConfig } = require('./utils') module.exports = { debug: toBooleanConfig(process.env.DEBUG), |