diff options
Diffstat (limited to 'lib/config')
-rw-r--r-- | lib/config/default.js | 92 | ||||
-rw-r--r-- | lib/config/defaultSSL.js | 17 | ||||
-rw-r--r-- | lib/config/dockerSecret.js | 51 | ||||
-rw-r--r-- | lib/config/enum.js | 16 | ||||
-rw-r--r-- | lib/config/environment.js | 67 | ||||
-rw-r--r-- | lib/config/index.js | 112 | ||||
-rw-r--r-- | lib/config/oldEnvironment.js | 10 | ||||
-rw-r--r-- | lib/config/utils.js | 8 |
8 files changed, 373 insertions, 0 deletions
diff --git a/lib/config/default.js b/lib/config/default.js new file mode 100644 index 00000000..a14a4294 --- /dev/null +++ b/lib/config/default.js @@ -0,0 +1,92 @@ +'use strict' + +module.exports = { + domain: '', + urlpath: '', + port: 3000, + urladdport: false, + alloworigin: ['localhost'], + usessl: false, + protocolusessl: false, + usecdn: true, + allowanonymous: true, + allowfreeurl: false, + defaultpermission: 'editable', + dburl: '', + db: {}, + // ssl path + sslkeypath: '', + sslcertpath: '', + sslcapath: '', + dhparampath: '', + // other path + tmppath: './tmp', + defaultnotepath: './public/default.md', + docspath: './public/docs', + indexpath: './public/views/index.ejs', + hackmdpath: './public/views/hackmd.ejs', + errorpath: './public/views/error.ejs', + prettypath: './public/views/pretty.ejs', + slidepath: './public/views/slide.ejs', + // session + sessionname: 'connect.sid', + sessionsecret: 'secret', + sessionlife: 14 * 24 * 60 * 60 * 1000, // 14 days + staticcachetime: 1 * 24 * 60 * 60 * 1000, // 1 day + // socket.io + heartbeatinterval: 5000, + heartbeattimeout: 10000, + // document + documentmaxlength: 100000, + // image upload setting, available options are imgur/s3/filesystem + imageUploadType: 'filesystem', + imgur: { + clientID: undefined + }, + s3: { + accessKeyId: undefined, + secretAccessKey: undefined, + region: undefined + }, + s3bucket: undefined, + // authentication + facebook: { + clientID: undefined, + clientSecret: undefined + }, + twitter: { + consumerKey: undefined, + consumerSecret: undefined + }, + github: { + clientID: undefined, + clientSecret: undefined + }, + gitlab: { + baseURL: undefined, + clientID: undefined, + clientSecret: undefined, + scope: undefined + }, + dropbox: { + clientID: undefined, + clientSecret: undefined + }, + google: { + clientID: undefined, + clientSecret: undefined + }, + ldap: { + providerName: undefined, + url: undefined, + bindDn: undefined, + bindCredentials: undefined, + tokenSecret: undefined, + searchBase: undefined, + searchFilter: undefined, + searchAttributes: undefined, + tlsca: undefined + }, + email: true, + allowemailregister: true +} diff --git a/lib/config/defaultSSL.js b/lib/config/defaultSSL.js new file mode 100644 index 00000000..1f1d5590 --- /dev/null +++ b/lib/config/defaultSSL.js @@ -0,0 +1,17 @@ +'use strict' + +const fs = require('fs') + +function getFile (path) { + if (fs.existsSync(path)) { + return path + } + return undefined +} + +module.exports = { + sslkeypath: getFile('/run/secrets/key.pem'), + sslcertpath: getFile('/run/secrets/cert.pem'), + sslcapath: getFile('/run/secrets/ca.pem'), + dhparampath: getFile('/run/secrets/dhparam.pem') +} diff --git a/lib/config/dockerSecret.js b/lib/config/dockerSecret.js new file mode 100644 index 00000000..eea2fafd --- /dev/null +++ b/lib/config/dockerSecret.js @@ -0,0 +1,51 @@ +'use strict' + +const fs = require('fs') +const path = require('path') + +const basePath = path.resolve('/var/run/secrets/') + +function getSecret (secret) { + const filePath = path.join(basePath, secret) + if (fs.existsSync(filePath)) return fs.readFileSync(filePath) + return undefined +} + +if (fs.existsSync(basePath)) { + module.exports = { + sessionsecret: getSecret('sessionsecret'), + sslkeypath: getSecret('sslkeypath'), + sslcertpath: getSecret('sslcertpath'), + sslcapath: getSecret('sslcapath'), + dhparampath: getSecret('dhparampath'), + s3: { + accessKeyId: getSecret('s3_acccessKeyId'), + secretAccessKey: getSecret('s3_secretAccessKey') + }, + facebook: { + clientID: getSecret('facebook_clientID'), + clientSecret: getSecret('facebook_clientSecret') + }, + twitter: { + consumerKey: getSecret('twitter_consumerKey'), + consumerSecret: getSecret('twitter_consumerSecret') + }, + github: { + clientID: getSecret('github_clientID'), + clientSecret: getSecret('github_clientSecret') + }, + gitlab: { + clientID: getSecret('gitlab_clientID'), + clientSecret: getSecret('gitlab_clientSecret') + }, + dropbox: { + clientID: getSecret('dropbox_clientID'), + clientSecret: getSecret('dropbox_clientSecret') + }, + google: { + clientID: getSecret('google_clientID'), + clientSecret: getSecret('google_clientSecret') + }, + imgur: getSecret('imgur_clientid') + } +} diff --git a/lib/config/enum.js b/lib/config/enum.js new file mode 100644 index 00000000..07cdfcfe --- /dev/null +++ b/lib/config/enum.js @@ -0,0 +1,16 @@ +'use strict' + +exports.Environment = { + development: 'development', + production: 'production', + test: 'test' +} + +exports.Permission = { + freely: 'freely', + editable: 'editable', + limited: 'limited', + locked: 'locked', + protected: 'protected', + private: 'private' +} diff --git a/lib/config/environment.js b/lib/config/environment.js new file mode 100644 index 00000000..75381ffc --- /dev/null +++ b/lib/config/environment.js @@ -0,0 +1,67 @@ +'use strict' + +const {toBooleanConfig} = require('./utils') + +module.exports = { + domain: process.env.HMD_DOMAIN, + urlpath: process.env.HMD_URL_PATH, + port: process.env.HMD_PORT, + urladdport: process.env.HMD_URL_ADDPORT, + usessl: toBooleanConfig(process.env.HMD_USESSL), + protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL), + alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined, + usecdn: toBooleanConfig(process.env.HMD_USECDN), + allowanonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS), + allowfreeurl: toBooleanConfig(process.env.HMD_ALLOW_FREEURL), + defaultpermission: process.env.HMD_DEFAULT_PERMISSION, + dburl: process.env.HMD_DB_URL, + imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE, + imgur: { + clientID: process.env.HMD_IMGUR_CLIENTID + }, + s3: { + accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID, + secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY, + region: process.env.HMD_S3_REGION + }, + s3bucket: process.env.HMD_S3_BUCKET, + facebook: { + clientID: process.env.HMD_FACEBOOK_CLIENTID, + clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET + }, + twitter: { + consumerKey: process.env.HMD_TWITTER_CONSUMERKEY, + consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET + }, + github: { + clientID: process.env.HMD_GITHUB_CLIENTID, + clientSecret: process.env.HMD_GITHUB_CLIENTSECRET + }, + gitlab: { + baseURL: process.env.HMD_GITLAB_BASEURL, + clientID: process.env.HMD_GITLAB_CLIENTID, + clientSecret: process.env.HMD_GITLAB_CLIENTSECRET, + scope: process.env.HMD_GITLAB_SCOPE + }, + dropbox: { + clientID: process.env.HMD_DROPBOX_CLIENTID, + clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET + }, + google: { + clientID: process.env.HMD_GOOGLE_CLIENTID, + clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET + }, + ldap: { + providerName: process.env.HMD_LDAP_PROVIDERNAME, + url: process.env.HMD_LDAP_URL, + bindDn: process.env.HMD_LDAP_BINDDN, + bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS, + tokenSecret: process.env.HMD_LDAP_TOKENSECRET, + searchBase: process.env.HMD_LDAP_SEARCHBASE, + searchFilter: process.env.HMD_LDAP_SEARCHFILTER, + searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES, + tlsca: process.env.HMD_LDAP_TLS_CA + }, + email: toBooleanConfig(process.env.HMD_EMAIL), + allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER) +} diff --git a/lib/config/index.js b/lib/config/index.js new file mode 100644 index 00000000..6bc9a419 --- /dev/null +++ b/lib/config/index.js @@ -0,0 +1,112 @@ +'use strict' + +const fs = require('fs') +const path = require('path') +const {merge} = require('lodash') +const deepFreeze = require('deep-freeze') +const {Environment, Permission} = require('./enum') + +const appRootPath = path.join(__dirname, '../../') +const env = process.env.NODE_ENV || Environment.development +const debugConfig = { + debug: (env === Environment.development) +} + +const packageConfig = { + version: '0.5.1', + minimumCompatibleVersion: '0.5.0' +} + +const configFilePath = path.join(__dirname, '../../config.json') +const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined + +let config = require('./default') +merge(config, require('./defaultSSL')) +merge(config, debugConfig) +merge(config, packageConfig) +merge(config, fileConfig) +merge(config, require('./oldEnvironment')) +merge(config, require('./environment')) +merge(config, require('./dockerSecret')) + +// load LDAP CA +if (config.ldap.tlsca) { + let ca = config.ldap.tlsca.split(',') + let caContent = [] + for (let i of ca) { + if (fs.existsSync(ca[i])) { + caContent.push(fs.readFileSync(ca[i], 'utf8')) + } + } + let tlsOptions = { + ca: caContent + } + config.ldap.tlsOptions = config.ldap.tlsOptions ? Object.assign(config.ldap.tlsOptions, tlsOptions) : tlsOptions +} + +// Permission +config.permission = Permission +if (!config.allowanonymous) { + delete config.permission.freely +} +if (!(config.defaultpermission in config.permission)) { + config.defaultpermission = config.permission.editable +} + +// cache result, cannot change config in runtime!!! +config.isStandardHTTPsPort = (function isStandardHTTPsPort () { + return config.usessl && config.port === 443 +})() +config.isStandardHTTPPort = (function isStandardHTTPPort () { + return !config.usessl && config.port === 80 +})() + +// cache serverURL +config.serverurl = (function getserverurl () { + var url = '' + if (config.domain) { + var protocol = config.protocolusessl ? 'https://' : 'http://' + url = protocol + config.domain + if (config.urladdport) { + if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) { + url += ':' + config.port + } + } + } + if (config.urlpath) { + url += '/' + config.urlpath + } + return url +})() + +config.Environment = Environment + +// auth method +config.isFacebookEnable = config.facebook.clientID && config.facebook.clientSecret +config.isGoogleEnable = config.google.clientID && config.google.clientSecret +config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret +config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret +config.isEmailEnable = config.email +config.isGitHubEnable = config.github.clientID && config.github.clientSecret +config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret +config.isLDAPEnable = config.ldap.url + +// generate correct path +config.sslcapath = path.join(appRootPath, config.sslcapath) +config.sslcertpath = path.join(appRootPath, config.sslcertpath) +config.sslkeypath = path.join(appRootPath, config.sslkeypath) +config.dhparampath = path.join(appRootPath, config.dhparampath) + +config.tmppath = path.join(appRootPath, config.tmppath) +config.defaultnotepath = path.join(appRootPath, config.defaultnotepath) +config.docspath = path.join(appRootPath, config.docspath) +config.indexpath = path.join(appRootPath, config.indexpath) +config.hackmdpath = path.join(appRootPath, config.hackmdpath) +config.errorpath = path.join(appRootPath, config.errorpath) +config.prettypath = path.join(appRootPath, config.prettypath) +config.slidepath = path.join(appRootPath, config.slidepath) + +// maek config readonly +config = deepFreeze(config) + +module.exports = config diff --git a/lib/config/oldEnvironment.js b/lib/config/oldEnvironment.js new file mode 100644 index 00000000..a3b13cb9 --- /dev/null +++ b/lib/config/oldEnvironment.js @@ -0,0 +1,10 @@ +'use strict' + +const {toBooleanConfig} = require('./utils') + +module.exports = { + debug: toBooleanConfig(process.env.DEBUG), + dburl: process.env.DATABASE_URL, + urlpath: process.env.URL_PATH, + port: process.env.PORT +} diff --git a/lib/config/utils.js b/lib/config/utils.js new file mode 100644 index 00000000..11bbd8cb --- /dev/null +++ b/lib/config/utils.js @@ -0,0 +1,8 @@ +'use strict' + +exports.toBooleanConfig = function toBooleanConfig (configValue) { + if (configValue && typeof configValue === 'string') { + return (configValue === 'true') + } + return configValue +} |