summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/config.js223
-rw-r--r--lib/config/default.js92
-rw-r--r--lib/config/defaultSSL.js17
-rw-r--r--lib/config/dockerSecret.js51
-rw-r--r--lib/config/enum.js16
-rw-r--r--lib/config/environment.js64
-rw-r--r--lib/config/index.js112
-rw-r--r--lib/config/oldEnvironment.js8
-rw-r--r--lib/models/index.js5
-rw-r--r--lib/realtime.js5
-rwxr-xr-xlib/response.js32
-rw-r--r--lib/web/auth/index.js16
12 files changed, 390 insertions, 251 deletions
diff --git a/lib/config.js b/lib/config.js
deleted file mode 100644
index 31999b07..00000000
--- a/lib/config.js
+++ /dev/null
@@ -1,223 +0,0 @@
-'use strict'
-// external modules
-var fs = require('fs')
-var path = require('path')
-
-// configs
-var env = process.env.NODE_ENV || 'development'
-var config = require(path.join(__dirname, '..', 'config.json'))[env]
-var debug = process.env.DEBUG ? (process.env.DEBUG === 'true') : ((typeof config.debug === 'boolean') ? config.debug : (env === 'development'))
-
-// Create function that reads docker secrets but fails fast in case of a non docker environment
-var handleDockerSecret = fs.existsSync('/run/secrets/') ? function (secret) {
- return fs.existsSync('/run/secrets/' + secret) ? fs.readFileSync('/run/secrets/' + secret) : null
-} : function () {
- return null
-}
-
-// url
-var domain = process.env.DOMAIN || process.env.HMD_DOMAIN || config.domain || ''
-var urlpath = process.env.URL_PATH || process.env.HMD_URL_PATH || config.urlpath || ''
-var port = process.env.PORT || process.env.HMD_PORT || config.port || 3000
-var alloworigin = process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : (config.alloworigin || ['localhost'])
-
-var usessl = !!config.usessl
-var protocolusessl = (usessl === true && typeof process.env.HMD_PROTOCOL_USESSL === 'undefined' && typeof config.protocolusessl === 'undefined')
- ? true : (process.env.HMD_PROTOCOL_USESSL ? (process.env.HMD_PROTOCOL_USESSL === 'true') : !!config.protocolusessl)
-var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === 'true') : !!config.urladdport
-
-var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true)
-
-var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true)
-
-var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl
-
-var permissions = ['editable', 'limited', 'locked', 'protected', 'private']
-if (allowanonymous) {
- permissions.unshift('freely')
-}
-
-var defaultpermission = process.env.HMD_DEFAULT_PERMISSION || config.defaultpermission
-defaultpermission = permissions.indexOf(defaultpermission) !== -1 ? defaultpermission : 'editable'
-
-// db
-var dburl = process.env.HMD_DB_URL || process.env.DATABASE_URL || config.dburl
-var db = config.db || {}
-
-// ssl path
-var sslkeypath = (fs.existsSync('/run/secrets/key.pem') ? '/run/secrets/key.pem' : null) || config.sslkeypath || ''
-var sslcertpath = (fs.existsSync('/run/secrets/cert.pem') ? '/run/secrets/cert.pem' : null) || config.sslcertpath || ''
-var sslcapath = (fs.existsSync('/run/secrets/ca.pem') ? '/run/secrets/ca.pem' : null) || config.sslcapath || ''
-var dhparampath = (fs.existsSync('/run/secrets/dhparam.pem') ? '/run/secrets/dhparam.pem' : null) || config.dhparampath || ''
-
-// other path
-var tmppath = config.tmppath || './tmp'
-var defaultnotepath = config.defaultnotepath || './public/default.md'
-var docspath = config.docspath || './public/docs'
-var indexpath = config.indexpath || './public/views/index.ejs'
-var hackmdpath = config.hackmdpath || './public/views/hackmd.ejs'
-var errorpath = config.errorpath || './public/views/error.ejs'
-var prettypath = config.prettypath || './public/views/pretty.ejs'
-var slidepath = config.slidepath || './public/views/slide.ejs'
-
-// session
-var sessionname = config.sessionname || 'connect.sid'
-var sessionsecret = handleDockerSecret('sessionsecret') || config.sessionsecret || 'secret'
-var sessionlife = config.sessionlife || 14 * 24 * 60 * 60 * 1000 // 14 days
-
-// static files
-var staticcachetime = config.staticcachetime || 1 * 24 * 60 * 60 * 1000 // 1 day
-
-// socket.io
-var heartbeatinterval = config.heartbeatinterval || 5000
-var heartbeattimeout = config.heartbeattimeout || 10000
-
-// document
-var documentmaxlength = config.documentmaxlength || 100000
-
-// image upload setting, available options are imgur/s3/filesystem
-var imageUploadType = process.env.HMD_IMAGE_UPLOAD_TYPE || config.imageUploadType || 'imgur'
-
-config.s3 = config.s3 || {}
-var s3 = {
- accessKeyId: handleDockerSecret('s3_acccessKeyId') || process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId,
- secretAccessKey: handleDockerSecret('s3_secretAccessKey') || process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey,
- region: process.env.HMD_S3_REGION || config.s3.region
-}
-var s3bucket = process.env.HMD_S3_BUCKET || config.s3.bucket
-
-// auth
-var facebook = ((process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET) || (fs.existsSync('/run/secrets/facebook_clientID') && fs.existsSync('/run/secrets/facebook_clientSecret'))) ? {
- clientID: handleDockerSecret('facebook_clientID') || process.env.HMD_FACEBOOK_CLIENTID,
- clientSecret: handleDockerSecret('facebook_clientSecret') || process.env.HMD_FACEBOOK_CLIENTSECRET
-} : config.facebook || false
-var twitter = ((process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET) || (fs.existsSync('/run/secrets/twitter_consumerKey') && fs.existsSync('/run/secrets/twitter_consumerSecret'))) ? {
- consumerKey: handleDockerSecret('twitter_consumerKey') || process.env.HMD_TWITTER_CONSUMERKEY,
- consumerSecret: handleDockerSecret('twitter_consumerSecret') || process.env.HMD_TWITTER_CONSUMERSECRET
-} : config.twitter || false
-var github = ((process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET) || (fs.existsSync('/run/secrets/github_clientID') && fs.existsSync('/run/secrets/github_clientSecret'))) ? {
- clientID: handleDockerSecret('github_clientID') || process.env.HMD_GITHUB_CLIENTID,
- clientSecret: handleDockerSecret('github_clientSecret') || process.env.HMD_GITHUB_CLIENTSECRET
-} : config.github || false
-var gitlab = ((process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET) || (fs.existsSync('/run/secrets/gitlab_clientID') && fs.existsSync('/run/secrets/gitlab_clientSecret'))) ? {
- baseURL: process.env.HMD_GITLAB_BASEURL,
- clientID: handleDockerSecret('gitlab_clientID') || process.env.HMD_GITLAB_CLIENTID,
- clientSecret: handleDockerSecret('gitlab_clientSecret') || process.env.HMD_GITLAB_CLIENTSECRET,
- scope: process.env.HMD_GITLAB_SCOPE
-} : (config.gitlab && config.gitlab.clientID && config.gitlab.clientSecret && config.gitlab) || false
-var dropbox = ((process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET) || (fs.existsSync('/run/secrets/dropbox_clientID') && fs.existsSync('/run/secrets/dropbox_clientSecret'))) ? {
- clientID: handleDockerSecret('dropbox_clientID') || process.env.HMD_DROPBOX_CLIENTID,
- clientSecret: handleDockerSecret('dropbox_clientSecret') || process.env.HMD_DROPBOX_CLIENTSECRET
-} : (config.dropbox && config.dropbox.clientID && config.dropbox.clientSecret && config.dropbox) || false
-var google = ((process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET) ||
- (fs.existsSync('/run/secrets/google_clientID') && fs.existsSync('/run/secrets/google_clientSecret'))) ? {
- clientID: handleDockerSecret('google_clientID') || process.env.HMD_GOOGLE_CLIENTID,
- clientSecret: handleDockerSecret('google_clientSecret') || process.env.HMD_GOOGLE_CLIENTSECRET
- } : (config.google && config.google.clientID && config.google.clientSecret && config.google) || false
-var ldap = config.ldap || ((
- process.env.HMD_LDAP_URL ||
- process.env.HMD_LDAP_BINDDN ||
- process.env.HMD_LDAP_BINDCREDENTIALS ||
- process.env.HMD_LDAP_TOKENSECRET ||
- process.env.HMD_LDAP_SEARCHBASE ||
- process.env.HMD_LDAP_SEARCHFILTER ||
- process.env.HMD_LDAP_SEARCHATTRIBUTES ||
- process.env.HMD_LDAP_TLS_CA ||
- process.env.HMD_LDAP_PROVIDERNAME
-) ? {} : false)
-if (process.env.HMD_LDAP_URL) { ldap.url = process.env.HMD_LDAP_URL }
-if (process.env.HMD_LDAP_BINDDN) { ldap.bindDn = process.env.HMD_LDAP_BINDDN }
-if (process.env.HMD_LDAP_BINDCREDENTIALS) { ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS }
-if (process.env.HMD_LDAP_TOKENSECRET) { ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET }
-if (process.env.HMD_LDAP_SEARCHBASE) { ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE }
-if (process.env.HMD_LDAP_SEARCHFILTER) { ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER }
-if (process.env.HMD_LDAP_SEARCHATTRIBUTES) { ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES }
-if (process.env.HMD_LDAP_TLS_CA) {
- var ca = {
- ca: process.env.HMD_LDAP_TLS_CA.split(',')
- }
- ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca
- if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) {
- var i, len, results
- results = []
- for (i = 0, len = ldap.tlsOptions.ca.length; i < len; i++) {
- results.push(fs.readFileSync(ldap.tlsOptions.ca[i], 'utf8'))
- }
- ldap.tlsOptions.ca = results
- }
-}
-if (process.env.HMD_LDAP_PROVIDERNAME) {
- ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME
-}
-var imgur = handleDockerSecret('imgur_clientid') || process.env.HMD_IMGUR_CLIENTID || config.imgur || false
-var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email
-var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true)
-
-function getserverurl () {
- var url = ''
- if (domain) {
- var protocol = protocolusessl ? 'https://' : 'http://'
- url = protocol + domain
- if (urladdport && ((usessl && port !== 443) || (!usessl && port !== 80))) { url += ':' + port }
- }
- if (urlpath) { url += '/' + urlpath }
- return url
-}
-
-var version = '0.5.1'
-var minimumCompatibleVersion = '0.5.0'
-var maintenance = true
-var cwd = path.join(__dirname, '..')
-
-module.exports = {
- raw: config,
- handleDockerSecret: handleDockerSecret,
- version: version,
- minimumCompatibleVersion: minimumCompatibleVersion,
- maintenance: maintenance,
- domain: domain,
- urlpath: urlpath,
- debug: debug,
- port: port,
- alloworigin: alloworigin,
- usessl: usessl,
- serverurl: getserverurl(),
- usecdn: usecdn,
- allowanonymous: allowanonymous,
- allowfreeurl: allowfreeurl,
- defaultpermission: defaultpermission,
- dburl: dburl,
- db: db,
- sslkeypath: path.join(cwd, sslkeypath),
- sslcertpath: path.join(cwd, sslcertpath),
- sslcapath: path.join(cwd, sslcapath),
- dhparampath: path.join(cwd, dhparampath),
- tmppath: path.join(cwd, tmppath),
- defaultnotepath: path.join(cwd, defaultnotepath),
- docspath: path.join(cwd, docspath),
- indexpath: path.join(cwd, indexpath),
- hackmdpath: path.join(cwd, hackmdpath),
- errorpath: path.join(cwd, errorpath),
- prettypath: path.join(cwd, prettypath),
- slidepath: path.join(cwd, slidepath),
- sessionname: sessionname,
- sessionsecret: sessionsecret,
- sessionlife: sessionlife,
- staticcachetime: staticcachetime,
- heartbeatinterval: heartbeatinterval,
- heartbeattimeout: heartbeattimeout,
- documentmaxlength: documentmaxlength,
- facebook: facebook,
- twitter: twitter,
- github: github,
- gitlab: gitlab,
- dropbox: dropbox,
- google: google,
- ldap: ldap,
- imgur: imgur,
- email: email,
- allowemailregister: allowemailregister,
- imageUploadType: imageUploadType,
- s3: s3,
- s3bucket: s3bucket
-}
diff --git a/lib/config/default.js b/lib/config/default.js
new file mode 100644
index 00000000..a14a4294
--- /dev/null
+++ b/lib/config/default.js
@@ -0,0 +1,92 @@
+'use strict'
+
+module.exports = {
+ domain: '',
+ urlpath: '',
+ port: 3000,
+ urladdport: false,
+ alloworigin: ['localhost'],
+ usessl: false,
+ protocolusessl: false,
+ usecdn: true,
+ allowanonymous: true,
+ allowfreeurl: false,
+ defaultpermission: 'editable',
+ dburl: '',
+ db: {},
+ // ssl path
+ sslkeypath: '',
+ sslcertpath: '',
+ sslcapath: '',
+ dhparampath: '',
+ // other path
+ tmppath: './tmp',
+ defaultnotepath: './public/default.md',
+ docspath: './public/docs',
+ indexpath: './public/views/index.ejs',
+ hackmdpath: './public/views/hackmd.ejs',
+ errorpath: './public/views/error.ejs',
+ prettypath: './public/views/pretty.ejs',
+ slidepath: './public/views/slide.ejs',
+ // session
+ sessionname: 'connect.sid',
+ sessionsecret: 'secret',
+ sessionlife: 14 * 24 * 60 * 60 * 1000, // 14 days
+ staticcachetime: 1 * 24 * 60 * 60 * 1000, // 1 day
+ // socket.io
+ heartbeatinterval: 5000,
+ heartbeattimeout: 10000,
+ // document
+ documentmaxlength: 100000,
+ // image upload setting, available options are imgur/s3/filesystem
+ imageUploadType: 'filesystem',
+ imgur: {
+ clientID: undefined
+ },
+ s3: {
+ accessKeyId: undefined,
+ secretAccessKey: undefined,
+ region: undefined
+ },
+ s3bucket: undefined,
+ // authentication
+ facebook: {
+ clientID: undefined,
+ clientSecret: undefined
+ },
+ twitter: {
+ consumerKey: undefined,
+ consumerSecret: undefined
+ },
+ github: {
+ clientID: undefined,
+ clientSecret: undefined
+ },
+ gitlab: {
+ baseURL: undefined,
+ clientID: undefined,
+ clientSecret: undefined,
+ scope: undefined
+ },
+ dropbox: {
+ clientID: undefined,
+ clientSecret: undefined
+ },
+ google: {
+ clientID: undefined,
+ clientSecret: undefined
+ },
+ ldap: {
+ providerName: undefined,
+ url: undefined,
+ bindDn: undefined,
+ bindCredentials: undefined,
+ tokenSecret: undefined,
+ searchBase: undefined,
+ searchFilter: undefined,
+ searchAttributes: undefined,
+ tlsca: undefined
+ },
+ email: true,
+ allowemailregister: true
+}
diff --git a/lib/config/defaultSSL.js b/lib/config/defaultSSL.js
new file mode 100644
index 00000000..1f1d5590
--- /dev/null
+++ b/lib/config/defaultSSL.js
@@ -0,0 +1,17 @@
+'use strict'
+
+const fs = require('fs')
+
+function getFile (path) {
+ if (fs.existsSync(path)) {
+ return path
+ }
+ return undefined
+}
+
+module.exports = {
+ sslkeypath: getFile('/run/secrets/key.pem'),
+ sslcertpath: getFile('/run/secrets/cert.pem'),
+ sslcapath: getFile('/run/secrets/ca.pem'),
+ dhparampath: getFile('/run/secrets/dhparam.pem')
+}
diff --git a/lib/config/dockerSecret.js b/lib/config/dockerSecret.js
new file mode 100644
index 00000000..eea2fafd
--- /dev/null
+++ b/lib/config/dockerSecret.js
@@ -0,0 +1,51 @@
+'use strict'
+
+const fs = require('fs')
+const path = require('path')
+
+const basePath = path.resolve('/var/run/secrets/')
+
+function getSecret (secret) {
+ const filePath = path.join(basePath, secret)
+ if (fs.existsSync(filePath)) return fs.readFileSync(filePath)
+ return undefined
+}
+
+if (fs.existsSync(basePath)) {
+ module.exports = {
+ sessionsecret: getSecret('sessionsecret'),
+ sslkeypath: getSecret('sslkeypath'),
+ sslcertpath: getSecret('sslcertpath'),
+ sslcapath: getSecret('sslcapath'),
+ dhparampath: getSecret('dhparampath'),
+ s3: {
+ accessKeyId: getSecret('s3_acccessKeyId'),
+ secretAccessKey: getSecret('s3_secretAccessKey')
+ },
+ facebook: {
+ clientID: getSecret('facebook_clientID'),
+ clientSecret: getSecret('facebook_clientSecret')
+ },
+ twitter: {
+ consumerKey: getSecret('twitter_consumerKey'),
+ consumerSecret: getSecret('twitter_consumerSecret')
+ },
+ github: {
+ clientID: getSecret('github_clientID'),
+ clientSecret: getSecret('github_clientSecret')
+ },
+ gitlab: {
+ clientID: getSecret('gitlab_clientID'),
+ clientSecret: getSecret('gitlab_clientSecret')
+ },
+ dropbox: {
+ clientID: getSecret('dropbox_clientID'),
+ clientSecret: getSecret('dropbox_clientSecret')
+ },
+ google: {
+ clientID: getSecret('google_clientID'),
+ clientSecret: getSecret('google_clientSecret')
+ },
+ imgur: getSecret('imgur_clientid')
+ }
+}
diff --git a/lib/config/enum.js b/lib/config/enum.js
new file mode 100644
index 00000000..07cdfcfe
--- /dev/null
+++ b/lib/config/enum.js
@@ -0,0 +1,16 @@
+'use strict'
+
+exports.Environment = {
+ development: 'development',
+ production: 'production',
+ test: 'test'
+}
+
+exports.Permission = {
+ freely: 'freely',
+ editable: 'editable',
+ limited: 'limited',
+ locked: 'locked',
+ protected: 'protected',
+ private: 'private'
+}
diff --git a/lib/config/environment.js b/lib/config/environment.js
new file mode 100644
index 00000000..75a5bc54
--- /dev/null
+++ b/lib/config/environment.js
@@ -0,0 +1,64 @@
+'use strict'
+
+module.exports = {
+ domain: process.env.HMD_DOMAIN,
+ urlpath: process.env.HMD_URL_PATH,
+ port: process.env.HMD_PORT,
+ urladdport: process.env.HMD_URL_ADDPORT,
+ usessl: process.env.HMD_PROTOCOL_USESSL,
+ alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
+ usecdn: process.env.HMD_USECDN,
+ allowanonymous: process.env.HMD_ALLOW_ANONYMOUS,
+ allowfreeurl: process.env.HMD_ALLOW_FREEURL,
+ defaultpermission: process.env.HMD_DEFAULT_PERMISSION,
+ dburl: process.env.HMD_DB_URL,
+ imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE,
+ imgur: {
+ clientID: process.env.HMD_IMGUR_CLIENTID
+ },
+ s3: {
+ accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID,
+ secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY,
+ region: process.env.HMD_S3_REGION
+ },
+ s3bucket: process.env.HMD_S3_BUCKET,
+ facebook: {
+ clientID: process.env.HMD_FACEBOOK_CLIENTID,
+ clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET
+ },
+ twitter: {
+ consumerKey: process.env.HMD_TWITTER_CONSUMERKEY,
+ consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET
+ },
+ github: {
+ clientID: process.env.HMD_GITHUB_CLIENTID,
+ clientSecret: process.env.HMD_GITHUB_CLIENTSECRET
+ },
+ gitlab: {
+ baseURL: process.env.HMD_GITLAB_BASEURL,
+ clientID: process.env.HMD_GITLAB_CLIENTID,
+ clientSecret: process.env.HMD_GITLAB_CLIENTSECRET,
+ scope: process.env.HMD_GITLAB_SCOPE
+ },
+ dropbox: {
+ clientID: process.env.HMD_DROPBOX_CLIENTID,
+ clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET
+ },
+ google: {
+ clientID: process.env.HMD_GOOGLE_CLIENTID,
+ clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
+ },
+ ldap: {
+ providerName: process.env.HMD_LDAP_PROVIDERNAME,
+ url: process.env.HMD_LDAP_URL,
+ bindDn: process.env.HMD_LDAP_BINDDN,
+ bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS,
+ tokenSecret: process.env.HMD_LDAP_TOKENSECRET,
+ searchBase: process.env.HMD_LDAP_SEARCHBASE,
+ searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
+ searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
+ tlsca: process.env.HMD_LDAP_TLS_CA
+ },
+ email: process.env.HMD_EMAIL,
+ allowemailregister: process.env.HMD_ALLOW_EMAIL_REGISTER
+}
diff --git a/lib/config/index.js b/lib/config/index.js
new file mode 100644
index 00000000..6bc9a419
--- /dev/null
+++ b/lib/config/index.js
@@ -0,0 +1,112 @@
+'use strict'
+
+const fs = require('fs')
+const path = require('path')
+const {merge} = require('lodash')
+const deepFreeze = require('deep-freeze')
+const {Environment, Permission} = require('./enum')
+
+const appRootPath = path.join(__dirname, '../../')
+const env = process.env.NODE_ENV || Environment.development
+const debugConfig = {
+ debug: (env === Environment.development)
+}
+
+const packageConfig = {
+ version: '0.5.1',
+ minimumCompatibleVersion: '0.5.0'
+}
+
+const configFilePath = path.join(__dirname, '../../config.json')
+const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined
+
+let config = require('./default')
+merge(config, require('./defaultSSL'))
+merge(config, debugConfig)
+merge(config, packageConfig)
+merge(config, fileConfig)
+merge(config, require('./oldEnvironment'))
+merge(config, require('./environment'))
+merge(config, require('./dockerSecret'))
+
+// load LDAP CA
+if (config.ldap.tlsca) {
+ let ca = config.ldap.tlsca.split(',')
+ let caContent = []
+ for (let i of ca) {
+ if (fs.existsSync(ca[i])) {
+ caContent.push(fs.readFileSync(ca[i], 'utf8'))
+ }
+ }
+ let tlsOptions = {
+ ca: caContent
+ }
+ config.ldap.tlsOptions = config.ldap.tlsOptions ? Object.assign(config.ldap.tlsOptions, tlsOptions) : tlsOptions
+}
+
+// Permission
+config.permission = Permission
+if (!config.allowanonymous) {
+ delete config.permission.freely
+}
+if (!(config.defaultpermission in config.permission)) {
+ config.defaultpermission = config.permission.editable
+}
+
+// cache result, cannot change config in runtime!!!
+config.isStandardHTTPsPort = (function isStandardHTTPsPort () {
+ return config.usessl && config.port === 443
+})()
+config.isStandardHTTPPort = (function isStandardHTTPPort () {
+ return !config.usessl && config.port === 80
+})()
+
+// cache serverURL
+config.serverurl = (function getserverurl () {
+ var url = ''
+ if (config.domain) {
+ var protocol = config.protocolusessl ? 'https://' : 'http://'
+ url = protocol + config.domain
+ if (config.urladdport) {
+ if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) {
+ url += ':' + config.port
+ }
+ }
+ }
+ if (config.urlpath) {
+ url += '/' + config.urlpath
+ }
+ return url
+})()
+
+config.Environment = Environment
+
+// auth method
+config.isFacebookEnable = config.facebook.clientID && config.facebook.clientSecret
+config.isGoogleEnable = config.google.clientID && config.google.clientSecret
+config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret
+config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret
+config.isEmailEnable = config.email
+config.isGitHubEnable = config.github.clientID && config.github.clientSecret
+config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
+config.isLDAPEnable = config.ldap.url
+
+// generate correct path
+config.sslcapath = path.join(appRootPath, config.sslcapath)
+config.sslcertpath = path.join(appRootPath, config.sslcertpath)
+config.sslkeypath = path.join(appRootPath, config.sslkeypath)
+config.dhparampath = path.join(appRootPath, config.dhparampath)
+
+config.tmppath = path.join(appRootPath, config.tmppath)
+config.defaultnotepath = path.join(appRootPath, config.defaultnotepath)
+config.docspath = path.join(appRootPath, config.docspath)
+config.indexpath = path.join(appRootPath, config.indexpath)
+config.hackmdpath = path.join(appRootPath, config.hackmdpath)
+config.errorpath = path.join(appRootPath, config.errorpath)
+config.prettypath = path.join(appRootPath, config.prettypath)
+config.slidepath = path.join(appRootPath, config.slidepath)
+
+// maek config readonly
+config = deepFreeze(config)
+
+module.exports = config
diff --git a/lib/config/oldEnvironment.js b/lib/config/oldEnvironment.js
new file mode 100644
index 00000000..00324e4b
--- /dev/null
+++ b/lib/config/oldEnvironment.js
@@ -0,0 +1,8 @@
+'use strict'
+
+module.exports = {
+ debug: process.env.DEBUG,
+ dburl: process.env.DATABASE_URL,
+ urlpath: process.env.URL_PATH,
+ port: process.env.PORT
+}
diff --git a/lib/models/index.js b/lib/models/index.js
index 458d5319..0679a7fc 100644
--- a/lib/models/index.js
+++ b/lib/models/index.js
@@ -3,13 +3,14 @@
var fs = require('fs')
var path = require('path')
var Sequelize = require('sequelize')
+const {cloneDeep} = require('lodash')
// core
var config = require('../config')
var logger = require('../logger')
-var dbconfig = config.db
-dbconfig.logging = config.debug ? logger.info : false
+var dbconfig = cloneDeep(config.db)
+dbconfig.logger = config.debug ? logger.info : false
var sequelize = null
diff --git a/lib/realtime.js b/lib/realtime.js
index 884edbbc..361bbf09 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -28,7 +28,8 @@ var realtime = {
secure: secure,
connection: connection,
getStatus: getStatus,
- isReady: isReady
+ isReady: isReady,
+ maintenance: true
}
function onAuthorizeSuccess (data, accept) {
@@ -699,7 +700,7 @@ function updateHistory (userId, note, time) {
}
function connection (socket) {
- if (config.maintenance) return
+ if (realtime.maintenance) return
parseNoteIdFromSocket(socket, function (err, noteId) {
if (err) {
return failConnection(500, err, socket)
diff --git a/lib/response.js b/lib/response.js
index 1d1db319..a9abd1d4 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -59,14 +59,14 @@ function showIndex (req, res, next) {
url: config.serverurl,
useCDN: config.usecdn,
allowAnonymous: config.allowanonymous,
- facebook: config.facebook,
- twitter: config.twitter,
- github: config.github,
- gitlab: config.gitlab,
- dropbox: config.dropbox,
- google: config.google,
- ldap: config.ldap,
- email: config.email,
+ facebook: config.isFacebookEnable,
+ twitter: config.isTwitterEnable,
+ github: config.isGitHubEnable,
+ gitlab: config.isGitLabEnable,
+ dropbox: config.isDropboxEnable,
+ google: config.isGoogleEnable,
+ ldap: config.isLDAPEnable,
+ email: config.isEmailEnable,
allowemailregister: config.allowemailregister,
signin: req.isAuthenticated(),
infoMessage: req.flash('info'),
@@ -89,14 +89,14 @@ function responseHackMD (res, note) {
title: title,
useCDN: config.usecdn,
allowAnonymous: config.allowanonymous,
- facebook: config.facebook,
- twitter: config.twitter,
- github: config.github,
- gitlab: config.gitlab,
- dropbox: config.dropbox,
- google: config.google,
- ldap: config.ldap,
- email: config.email,
+ facebook: config.isFacebookEnable,
+ twitter: config.isTwitterEnable,
+ github: config.isGitHubEnable,
+ gitlab: config.isGitLabEnable,
+ dropbox: config.isDropboxEnable,
+ google: config.isGoogleEnable,
+ ldap: config.isLDAPEnable,
+ email: config.isEmailEnable,
allowemailregister: config.allowemailregister
})
}
diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js
index 8a4eb774..b5ca8434 100644
--- a/lib/web/auth/index.js
+++ b/lib/web/auth/index.js
@@ -29,14 +29,14 @@ passport.deserializeUser(function (id, done) {
})
})
-if (config.facebook) authRouter.use(require('./facebook'))
-if (config.twitter) authRouter.use(require('./twitter'))
-if (config.github) authRouter.use(require('./github'))
-if (config.gitlab) authRouter.use(require('./gitlab'))
-if (config.dropbox) authRouter.use(require('./dropbox'))
-if (config.google) authRouter.use(require('./google'))
-if (config.ldap) authRouter.use(require('./ldap'))
-if (config.email) authRouter.use(require('./email'))
+if (config.isFacebookEnable) authRouter.use(require('./facebook'))
+if (config.isTwitterEnable) authRouter.use(require('./twitter'))
+if (config.isGitHubEnable) authRouter.use(require('./github'))
+if (config.isGitLabEnable) authRouter.use(require('./gitlab'))
+if (config.isDropboxEnable) authRouter.use(require('./dropbox'))
+if (config.isGoogleEnable) authRouter.use(require('./google'))
+if (config.isLDAPEnable) authRouter.use(require('./ldap'))
+if (config.isEmailEnable) authRouter.use(require('./email'))
// logout
authRouter.get('/logout', function (req, res) {