diff options
Diffstat (limited to 'lib/config')
-rw-r--r-- | lib/config/default.js | 3 | ||||
-rw-r--r-- | lib/config/defaultSSL.js | 8 | ||||
-rw-r--r-- | lib/config/environment.js | 2 | ||||
-rw-r--r-- | lib/config/index.js | 15 |
4 files changed, 21 insertions, 7 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index 19ddccf6..68849d36 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -18,6 +18,8 @@ module.exports = { directives: { }, addDefaults: true, + addDisqus: true, + addGoogleAnalytics: true, upgradeInsecureRequests: 'auto', reportURI: undefined }, @@ -46,6 +48,7 @@ module.exports = { // session sessionName: 'connect.sid', sessionSecret: 'secret', + sessionSecretLen: 128, sessionLife: 14 * 24 * 60 * 60 * 1000, // 14 days staticCacheTime: 1 * 24 * 60 * 60 * 1000, // 1 day // socket.io diff --git a/lib/config/defaultSSL.js b/lib/config/defaultSSL.js index 362c62a1..ba020466 100644 --- a/lib/config/defaultSSL.js +++ b/lib/config/defaultSSL.js @@ -10,8 +10,8 @@ function getFile (path) { } module.exports = { - sslkeypath: getFile('/run/secrets/key.pem'), - sslcertpath: getFile('/run/secrets/cert.pem'), - sslcapath: getFile('/run/secrets/ca.pem') !== undefined ? [getFile('/run/secrets/ca.pem')] : [], - dhparampath: getFile('/run/secrets/dhparam.pem') + sslKeyPath: getFile('/run/secrets/key.pem'), + sslCertPath: getFile('/run/secrets/cert.pem'), + sslCAPath: getFile('/run/secrets/ca.pem') !== undefined ? [getFile('/run/secrets/ca.pem')] : [], + dhParamPath: getFile('/run/secrets/dhparam.pem') } diff --git a/lib/config/environment.js b/lib/config/environment.js index cab3bc3e..3dde4786 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -26,6 +26,8 @@ module.exports = { allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL), defaultPermission: process.env.HMD_DEFAULT_PERMISSION, dbURL: process.env.HMD_DB_URL, + sessionSecret: process.env.HMD_SESSION_SECRET, + sessionLife: toIntegerConfig(process.env.HMD_SESSION_LIFE), imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE, imgur: { clientID: process.env.HMD_IMGUR_CLIENTID diff --git a/lib/config/index.js b/lib/config/index.js index fae51e52..bdba5e0e 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -1,6 +1,7 @@ 'use strict' +const crypto = require('crypto') const fs = require('fs') const path = require('path') const {merge} = require('lodash') @@ -52,7 +53,7 @@ if (config.ldap.tlsca) { // Permission config.permission = Permission -if (!config.allowAnonymous && !config.allowAnonymousedits) { +if (!config.allowAnonymous && !config.allowAnonymousEdits) { delete config.permission.freely } if (!(config.defaultPermission in config.permission)) { @@ -110,13 +111,21 @@ for (let i = keys.length; i--;) { // and the config with uppercase is not set // we set the new config using the old key. if (uppercase.test(keys[i]) && - config[lowercaseKey] && - !config[keys[1]]) { + config[lowercaseKey] !== undefined && + fileConfig[keys[i]] === undefined) { logger.warn('config.js contains deprecated lowercase setting for ' + keys[i] + '. Please change your config.js file to replace ' + lowercaseKey + ' with ' + keys[i]) config[keys[i]] = config[lowercaseKey] } } +// Generate session secret if it stays on default values +if (config.sessionSecret === 'secret') { + logger.warn('Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.') + config.sessionSecret = crypto.randomBytes(Math.ceil(config.sessionSecretLen / 2)) // generate crypto graphic random number + .toString('hex') // convert to hexadecimal format + .slice(0, config.sessionSecretLen) // return required number of characters +} + // Validate upload upload providers if (['filesystem', 's3', 'minio', 'imgur'].indexOf(config.imageUploadType) === -1) { logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio" or "imgur". Defaulting to "imgur"') |