refactor(config.js): Extract config file

* Separate different config source to each files
* Freeze config object

app.js

@@ -29,20 +29,17 @@ var response = require('./lib/response')
 var models = require('./lib/models')
 
 // generate front-end constants by template
-var configJson = config.raw
 var constpath = path.join(__dirname, './public/js/lib/common/constant.ejs')
-var googleApiKey = (fs.existsSync('/run/secrets/google_apiKey') && config.handleDockerSecret('google_apiKey')) || process.env.HMD_GOOGLE_API_KEY || (configJson.google && configJson.google.apiKey) || ''
-var googleClientID = (fs.existsSync('/run/secrets/google_clientID') && config.handleDockerSecret('google_clientID')) || process.env.HMD_GOOGLE_CLIENT_ID || (configJson.google && configJson.google.clientID) || ''
-var dropboxAppKey = (fs.existsSync('/run/secrets/dropbox_appKey') && config.handleDockerSecret('dropbox_appKey')) || process.env.HMD_DROPBOX_APP_KEY || (configJson.dropbox && configJson.dropbox.appKey) || ''
 var data = {
   domain: config.domain,
   urlpath: config.urlpath,
   debug: config.debug,
   version: config.version,
-  GOOGLE_API_KEY: googleApiKey,
-  GOOGLE_CLIENT_ID: googleClientID,
-  DROPBOX_APP_KEY: dropboxAppKey
+  GOOGLE_API_KEY: config.google.clientSecret,
+  GOOGLE_CLIENT_ID: config.google.clientID,
+  DROPBOX_APP_KEY: config.dropbox.clientSecret
 }
+
 ejs.renderFile(constpath, data, {}, function (err, str) {
   if (err) throw new Error(err)
   fs.writeFileSync(path.join(__dirname, './public/build/constant.js'), str)
@@ -204,7 +201,7 @@ function startListen () {
   server.listen(config.port, function () {
     var schema = config.usessl ? 'HTTPS' : 'HTTP'
     logger.info('%s Server listening at port %d', schema, config.port)
-    config.maintenance = false
+    realtime.maintenance = false
   })
 }
 

lib/config.js

@@ -1,223 +0,0 @@
-'use strict'
-// external modules
-var fs = require('fs')
-var path = require('path')
-
-// configs
-var env = process.env.NODE_ENV || 'development'
-var config = require(path.join(__dirname, '..', 'config.json'))[env]
-var debug = process.env.DEBUG ? (process.env.DEBUG === 'true') : ((typeof config.debug === 'boolean') ? config.debug : (env === 'development'))
-
-// Create function that reads docker secrets but fails fast in case of a non docker environment
-var handleDockerSecret = fs.existsSync('/run/secrets/') ? function (secret) {
-  return fs.existsSync('/run/secrets/' + secret) ? fs.readFileSync('/run/secrets/' + secret) : null
-} : function () {
-  return null
-}
-
-// url
-var domain = process.env.DOMAIN || process.env.HMD_DOMAIN || config.domain || ''
-var urlpath = process.env.URL_PATH || process.env.HMD_URL_PATH || config.urlpath || ''
-var port = process.env.PORT || process.env.HMD_PORT || config.port || 3000
-var alloworigin = process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : (config.alloworigin || ['localhost'])
-
-var usessl = !!config.usessl
-var protocolusessl = (usessl === true && typeof process.env.HMD_PROTOCOL_USESSL === 'undefined' && typeof config.protocolusessl === 'undefined')
-     ? true : (process.env.HMD_PROTOCOL_USESSL ? (process.env.HMD_PROTOCOL_USESSL === 'true') : !!config.protocolusessl)
-var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === 'true') : !!config.urladdport
-
-var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true)
-
-var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true)
-
-var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl
-
-var permissions = ['editable', 'limited', 'locked', 'protected', 'private']
-if (allowanonymous) {
-  permissions.unshift('freely')
-}
-
-var defaultpermission = process.env.HMD_DEFAULT_PERMISSION || config.defaultpermission
-defaultpermission = permissions.indexOf(defaultpermission) !== -1 ? defaultpermission : 'editable'
-
-// db
-var dburl = process.env.HMD_DB_URL || process.env.DATABASE_URL || config.dburl
-var db = config.db || {}
-
-// ssl path
-var sslkeypath = (fs.existsSync('/run/secrets/key.pem') ? '/run/secrets/key.pem' : null) || config.sslkeypath || ''
-var sslcertpath = (fs.existsSync('/run/secrets/cert.pem') ? '/run/secrets/cert.pem' : null) || config.sslcertpath || ''
-var sslcapath = (fs.existsSync('/run/secrets/ca.pem') ? '/run/secrets/ca.pem' : null) || config.sslcapath || ''
-var dhparampath = (fs.existsSync('/run/secrets/dhparam.pem') ? '/run/secrets/dhparam.pem' : null) || config.dhparampath || ''
-
-// other path
-var tmppath = config.tmppath || './tmp'
-var defaultnotepath = config.defaultnotepath || './public/default.md'
-var docspath = config.docspath || './public/docs'
-var indexpath = config.indexpath || './public/views/index.ejs'
-var hackmdpath = config.hackmdpath || './public/views/hackmd.ejs'
-var errorpath = config.errorpath || './public/views/error.ejs'
-var prettypath = config.prettypath || './public/views/pretty.ejs'
-var slidepath = config.slidepath || './public/views/slide.ejs'
-
-// session
-var sessionname = config.sessionname || 'connect.sid'
-var sessionsecret = handleDockerSecret('sessionsecret') || config.sessionsecret || 'secret'
-var sessionlife = config.sessionlife || 14 * 24 * 60 * 60 * 1000 // 14 days
-
-// static files
-var staticcachetime = config.staticcachetime || 1 * 24 * 60 * 60 * 1000 // 1 day
-
-// socket.io
-var heartbeatinterval = config.heartbeatinterval || 5000
-var heartbeattimeout = config.heartbeattimeout || 10000
-
-// document
-var documentmaxlength = config.documentmaxlength || 100000
-
-// image upload setting, available options are imgur/s3/filesystem
-var imageUploadType = process.env.HMD_IMAGE_UPLOAD_TYPE || config.imageUploadType || 'imgur'
-
-config.s3 = config.s3 || {}
-var s3 = {
-  accessKeyId: handleDockerSecret('s3_acccessKeyId') || process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId,
-  secretAccessKey: handleDockerSecret('s3_secretAccessKey') || process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey,
-  region: process.env.HMD_S3_REGION || config.s3.region
-}
-var s3bucket = process.env.HMD_S3_BUCKET || config.s3.bucket
-
-// auth
-var facebook = ((process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET) || (fs.existsSync('/run/secrets/facebook_clientID') && fs.existsSync('/run/secrets/facebook_clientSecret'))) ? {
-  clientID: handleDockerSecret('facebook_clientID') || process.env.HMD_FACEBOOK_CLIENTID,
-  clientSecret: handleDockerSecret('facebook_clientSecret') || process.env.HMD_FACEBOOK_CLIENTSECRET
-} : config.facebook || false
-var twitter = ((process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET) || (fs.existsSync('/run/secrets/twitter_consumerKey') && fs.existsSync('/run/secrets/twitter_consumerSecret'))) ? {
-  consumerKey: handleDockerSecret('twitter_consumerKey') || process.env.HMD_TWITTER_CONSUMERKEY,
-  consumerSecret: handleDockerSecret('twitter_consumerSecret') || process.env.HMD_TWITTER_CONSUMERSECRET
-} : config.twitter || false
-var github = ((process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET) || (fs.existsSync('/run/secrets/github_clientID') && fs.existsSync('/run/secrets/github_clientSecret'))) ? {
-  clientID: handleDockerSecret('github_clientID') || process.env.HMD_GITHUB_CLIENTID,
-  clientSecret: handleDockerSecret('github_clientSecret') || process.env.HMD_GITHUB_CLIENTSECRET
-} : config.github || false
-var gitlab = ((process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET) || (fs.existsSync('/run/secrets/gitlab_clientID') && fs.existsSync('/run/secrets/gitlab_clientSecret'))) ? {
-  baseURL: process.env.HMD_GITLAB_BASEURL,
-  clientID: handleDockerSecret('gitlab_clientID') || process.env.HMD_GITLAB_CLIENTID,
-  clientSecret: handleDockerSecret('gitlab_clientSecret') || process.env.HMD_GITLAB_CLIENTSECRET,
-  scope: process.env.HMD_GITLAB_SCOPE
-} : (config.gitlab && config.gitlab.clientID && config.gitlab.clientSecret && config.gitlab) || false
-var dropbox = ((process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET) || (fs.existsSync('/run/secrets/dropbox_clientID') && fs.existsSync('/run/secrets/dropbox_clientSecret'))) ? {
-  clientID: handleDockerSecret('dropbox_clientID') || process.env.HMD_DROPBOX_CLIENTID,
-  clientSecret: handleDockerSecret('dropbox_clientSecret') || process.env.HMD_DROPBOX_CLIENTSECRET
-} : (config.dropbox && config.dropbox.clientID && config.dropbox.clientSecret && config.dropbox) || false
-var google = ((process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET) ||
-              (fs.existsSync('/run/secrets/google_clientID') && fs.existsSync('/run/secrets/google_clientSecret'))) ? {
-                clientID: handleDockerSecret('google_clientID') || process.env.HMD_GOOGLE_CLIENTID,
-                clientSecret: handleDockerSecret('google_clientSecret') || process.env.HMD_GOOGLE_CLIENTSECRET
-              } : (config.google && config.google.clientID && config.google.clientSecret && config.google) || false
-var ldap = config.ldap || ((
-    process.env.HMD_LDAP_URL ||
-    process.env.HMD_LDAP_BINDDN ||
-    process.env.HMD_LDAP_BINDCREDENTIALS ||
-    process.env.HMD_LDAP_TOKENSECRET ||
-    process.env.HMD_LDAP_SEARCHBASE ||
-    process.env.HMD_LDAP_SEARCHFILTER ||
-    process.env.HMD_LDAP_SEARCHATTRIBUTES ||
-    process.env.HMD_LDAP_TLS_CA ||
-    process.env.HMD_LDAP_PROVIDERNAME
-) ? {} : false)
-if (process.env.HMD_LDAP_URL) { ldap.url = process.env.HMD_LDAP_URL }
-if (process.env.HMD_LDAP_BINDDN) { ldap.bindDn = process.env.HMD_LDAP_BINDDN }
-if (process.env.HMD_LDAP_BINDCREDENTIALS) { ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS }
-if (process.env.HMD_LDAP_TOKENSECRET) { ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET }
-if (process.env.HMD_LDAP_SEARCHBASE) { ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE }
-if (process.env.HMD_LDAP_SEARCHFILTER) { ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER }
-if (process.env.HMD_LDAP_SEARCHATTRIBUTES) { ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES }
-if (process.env.HMD_LDAP_TLS_CA) {
-  var ca = {
-    ca: process.env.HMD_LDAP_TLS_CA.split(',')
-  }
-  ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca
-  if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) {
-    var i, len, results
-    results = []
-    for (i = 0, len = ldap.tlsOptions.ca.length; i < len; i++) {
-      results.push(fs.readFileSync(ldap.tlsOptions.ca[i], 'utf8'))
-    }
-    ldap.tlsOptions.ca = results
-  }
-}
-if (process.env.HMD_LDAP_PROVIDERNAME) {
-  ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME
-}
-var imgur = handleDockerSecret('imgur_clientid') || process.env.HMD_IMGUR_CLIENTID || config.imgur || false
-var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email
-var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true)
-
-function getserverurl () {
-  var url = ''
-  if (domain) {
-    var protocol = protocolusessl ? 'https://' : 'http://'
-    url = protocol + domain
-    if (urladdport && ((usessl && port !== 443) || (!usessl && port !== 80))) { url += ':' + port }
-  }
-  if (urlpath) { url += '/' + urlpath }
-  return url
-}
-
-var version = '0.5.1'
-var minimumCompatibleVersion = '0.5.0'
-var maintenance = true
-var cwd = path.join(__dirname, '..')
-
-module.exports = {
-  raw: config,
-  handleDockerSecret: handleDockerSecret,
-  version: version,
-  minimumCompatibleVersion: minimumCompatibleVersion,
-  maintenance: maintenance,
-  domain: domain,
-  urlpath: urlpath,
-  debug: debug,
-  port: port,
-  alloworigin: alloworigin,
-  usessl: usessl,
-  serverurl: getserverurl(),
-  usecdn: usecdn,
-  allowanonymous: allowanonymous,
-  allowfreeurl: allowfreeurl,
-  defaultpermission: defaultpermission,
-  dburl: dburl,
-  db: db,
-  sslkeypath: path.join(cwd, sslkeypath),
-  sslcertpath: path.join(cwd, sslcertpath),
-  sslcapath: path.join(cwd, sslcapath),
-  dhparampath: path.join(cwd, dhparampath),
-  tmppath: path.join(cwd, tmppath),
-  defaultnotepath: path.join(cwd, defaultnotepath),
-  docspath: path.join(cwd, docspath),
-  indexpath: path.join(cwd, indexpath),
-  hackmdpath: path.join(cwd, hackmdpath),
-  errorpath: path.join(cwd, errorpath),
-  prettypath: path.join(cwd, prettypath),
-  slidepath: path.join(cwd, slidepath),
-  sessionname: sessionname,
-  sessionsecret: sessionsecret,
-  sessionlife: sessionlife,
-  staticcachetime: staticcachetime,
-  heartbeatinterval: heartbeatinterval,
-  heartbeattimeout: heartbeattimeout,
-  documentmaxlength: documentmaxlength,
-  facebook: facebook,
-  twitter: twitter,
-  github: github,
-  gitlab: gitlab,
-  dropbox: dropbox,
-  google: google,
-  ldap: ldap,
-  imgur: imgur,
-  email: email,
-  allowemailregister: allowemailregister,
-  imageUploadType: imageUploadType,
-  s3: s3,
-  s3bucket: s3bucket
-}

lib/config/default.js

@@ -0,0 +1,92 @@
+'use strict'
+
+module.exports = {
+  domain: '',
+  urlpath: '',
+  port: 3000,
+  urladdport: false,
+  alloworigin: ['localhost'],
+  usessl: false,
+  protocolusessl: false,
+  usecdn: true,
+  allowanonymous: true,
+  allowfreeurl: false,
+  defaultpermission: 'editable',
+  dburl: '',
+  db: {},
+  // ssl path
+  sslkeypath: '',
+  sslcertpath: '',
+  sslcapath: '',
+  dhparampath: '',
+  // other path
+  tmppath: './tmp',
+  defaultnotepath: './public/default.md',
+  docspath: './public/docs',
+  indexpath: './public/views/index.ejs',
+  hackmdpath: './public/views/hackmd.ejs',
+  errorpath: './public/views/error.ejs',
+  prettypath: './public/views/pretty.ejs',
+  slidepath: './public/views/slide.ejs',
+  // session
+  sessionname: 'connect.sid',
+  sessionsecret: 'secret',
+  sessionlife: 14 * 24 * 60 * 60 * 1000, // 14 days
+  staticcachetime: 1 * 24 * 60 * 60 * 1000, // 1 day
+  // socket.io
+  heartbeatinterval: 5000,
+  heartbeattimeout: 10000,
+  // document
+  documentmaxlength: 100000,
+  // image upload setting, available options are imgur/s3/filesystem
+  imageUploadType: 'filesystem',
+  imgur: {
+    clientID: undefined
+  },
+  s3: {
+    accessKeyId: undefined,
+    secretAccessKey: undefined,
+    region: undefined
+  },
+  s3bucket: undefined,
+  // authentication
+  facebook: {
+    clientID: undefined,
+    clientSecret: undefined
+  },
+  twitter: {
+    consumerKey: undefined,
+    consumerSecret: undefined
+  },
+  github: {
+    clientID: undefined,
+    clientSecret: undefined
+  },
+  gitlab: {
+    baseURL: undefined,
+    clientID: undefined,
+    clientSecret: undefined,
+    scope: undefined
+  },
+  dropbox: {
+    clientID: undefined,
+    clientSecret: undefined
+  },
+  google: {
+    clientID: undefined,
+    clientSecret: undefined
+  },
+  ldap: {
+    providerName: undefined,
+    url: undefined,
+    bindDn: undefined,
+    bindCredentials: undefined,
+    tokenSecret: undefined,
+    searchBase: undefined,
+    searchFilter: undefined,
+    searchAttributes: undefined,
+    tlsca: undefined
+  },
+  email: true,
+  allowemailregister: true
+}

lib/config/defaultSSL.js

@@ -0,0 +1,17 @@
+'use strict'
+
+const fs = require('fs')
+
+function getFile (path) {
+  if (fs.existsSync(path)) {
+    return path
+  }
+  return undefined
+}
+
+module.exports = {
+  sslkeypath: getFile('/run/secrets/key.pem'),
+  sslcertpath: getFile('/run/secrets/cert.pem'),
+  sslcapath: getFile('/run/secrets/ca.pem'),
+  dhparampath: getFile('/run/secrets/dhparam.pem')
+}

lib/config/dockerSecret.js

@@ -0,0 +1,51 @@
+'use strict'
+
+const fs = require('fs')
+const path = require('path')
+
+const basePath = path.resolve('/var/run/secrets/')
+
+function getSecret (secret) {
+  const filePath = path.join(basePath, secret)
+  if (fs.existsSync(filePath)) return fs.readFileSync(filePath)
+  return undefined
+}
+
+if (fs.existsSync(basePath)) {
+  module.exports = {
+    sessionsecret: getSecret('sessionsecret'),
+    sslkeypath: getSecret('sslkeypath'),
+    sslcertpath: getSecret('sslcertpath'),
+    sslcapath: getSecret('sslcapath'),
+    dhparampath: getSecret('dhparampath'),
+    s3: {
+      accessKeyId: getSecret('s3_acccessKeyId'),
+      secretAccessKey: getSecret('s3_secretAccessKey')
+    },
+    facebook: {
+      clientID: getSecret('facebook_clientID'),
+      clientSecret: getSecret('facebook_clientSecret')
+    },
+    twitter: {
+      consumerKey: getSecret('twitter_consumerKey'),
+      consumerSecret: getSecret('twitter_consumerSecret')
+    },
+    github: {
+      clientID: getSecret('github_clientID'),
+      clientSecret: getSecret('github_clientSecret')
+    },
+    gitlab: {
+      clientID: getSecret('gitlab_clientID'),
+      clientSecret: getSecret('gitlab_clientSecret')
+    },
+    dropbox: {
+      clientID: getSecret('dropbox_clientID'),
+      clientSecret: getSecret('dropbox_clientSecret')
+    },
+    google: {
+      clientID: getSecret('google_clientID'),
+      clientSecret: getSecret('google_clientSecret')
+    },
+    imgur: getSecret('imgur_clientid')
+  }
+}

lib/config/enum.js

@@ -0,0 +1,16 @@
+'use strict'
+
+exports.Environment = {
+  development: 'development',
+  production: 'production',
+  test: 'test'
+}
+
+exports.Permission = {
+  freely: 'freely',
+  editable: 'editable',
+  limited: 'limited',
+  locked: 'locked',
+  protected: 'protected',
+  private: 'private'
+}

lib/config/environment.js

@@ -0,0 +1,64 @@
+'use strict'
+
+module.exports = {
+  domain: process.env.HMD_DOMAIN,
+  urlpath: process.env.HMD_URL_PATH,
+  port: process.env.HMD_PORT,
+  urladdport: process.env.HMD_URL_ADDPORT,
+  usessl: process.env.HMD_PROTOCOL_USESSL,
+  alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
+  usecdn: process.env.HMD_USECDN,
+  allowanonymous: process.env.HMD_ALLOW_ANONYMOUS,
+  allowfreeurl: process.env.HMD_ALLOW_FREEURL,
+  defaultpermission: process.env.HMD_DEFAULT_PERMISSION,
+  dburl: process.env.HMD_DB_URL,
+  imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE,
+  imgur: {
+    clientID: process.env.HMD_IMGUR_CLIENTID
+  },
+  s3: {
+    accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID,
+    secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY,
+    region: process.env.HMD_S3_REGION
+  },
+  s3bucket: process.env.HMD_S3_BUCKET,
+  facebook: {
+    clientID: process.env.HMD_FACEBOOK_CLIENTID,
+    clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET
+  },
+  twitter: {
+    consumerKey: process.env.HMD_TWITTER_CONSUMERKEY,
+    consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET
+  },
+  github: {
+    clientID: process.env.HMD_GITHUB_CLIENTID,
+    clientSecret: process.env.HMD_GITHUB_CLIENTSECRET
+  },
+  gitlab: {
+    baseURL: process.env.HMD_GITLAB_BASEURL,
+    clientID: process.env.HMD_GITLAB_CLIENTID,
+    clientSecret: process.env.HMD_GITLAB_CLIENTSECRET,
+    scope: process.env.HMD_GITLAB_SCOPE
+  },
+  dropbox: {
+    clientID: process.env.HMD_DROPBOX_CLIENTID,
+    clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET
+  },
+  google: {
+    clientID: process.env.HMD_GOOGLE_CLIENTID,
+    clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
+  },
+  ldap: {
+    providerName: process.env.HMD_LDAP_PROVIDERNAME,
+    url: process.env.HMD_LDAP_URL,
+    bindDn: process.env.HMD_LDAP_BINDDN,
+    bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS,
+    tokenSecret: process.env.HMD_LDAP_TOKENSECRET,
+    searchBase: process.env.HMD_LDAP_SEARCHBASE,
+    searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
+    searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
+    tlsca: process.env.HMD_LDAP_TLS_CA
+  },
+  email: process.env.HMD_EMAIL,
+  allowemailregister: process.env.HMD_ALLOW_EMAIL_REGISTER
+}

lib/config/index.js

@@ -0,0 +1,112 @@
+'use strict'
+
+const fs = require('fs')
+const path = require('path')
+const {merge} = require('lodash')
+const deepFreeze = require('deep-freeze')
+const {Environment, Permission} = require('./enum')
+
+const appRootPath = path.join(__dirname, '../../')
+const env = process.env.NODE_ENV || Environment.development
+const debugConfig = {
+  debug: (env === Environment.development)
+}
+
+const packageConfig = {
+  version: '0.5.1',
+  minimumCompatibleVersion: '0.5.0'
+}
+
+const configFilePath = path.join(__dirname, '../../config.json')
+const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined
+
+let config = require('./default')
+merge(config, require('./defaultSSL'))
+merge(config, debugConfig)
+merge(config, packageConfig)
+merge(config, fileConfig)
+merge(config, require('./oldEnvironment'))
+merge(config, require('./environment'))
+merge(config, require('./dockerSecret'))
+
+// load LDAP CA
+if (config.ldap.tlsca) {
+  let ca = config.ldap.tlsca.split(',')
+  let caContent = []
+  for (let i of ca) {
+    if (fs.existsSync(ca[i])) {
+      caContent.push(fs.readFileSync(ca[i], 'utf8'))
+    }
+  }
+  let tlsOptions = {
+    ca: caContent
+  }
+  config.ldap.tlsOptions = config.ldap.tlsOptions ? Object.assign(config.ldap.tlsOptions, tlsOptions) : tlsOptions
+}
+
+// Permission
+config.permission = Permission
+if (!config.allowanonymous) {
+  delete config.permission.freely
+}
+if (!(config.defaultpermission in config.permission)) {
+  config.defaultpermission = config.permission.editable
+}
+
+// cache result, cannot change config in runtime!!!
+config.isStandardHTTPsPort = (function isStandardHTTPsPort () {
+  return config.usessl && config.port === 443
+})()
+config.isStandardHTTPPort = (function isStandardHTTPPort () {
+  return !config.usessl && config.port === 80
+})()
+
+// cache serverURL
+config.serverurl = (function getserverurl () {
+  var url = ''
+  if (config.domain) {
+    var protocol = config.protocolusessl ? 'https://' : 'http://'
+    url = protocol + config.domain
+    if (config.urladdport) {
+      if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) {
+        url += ':' + config.port
+      }
+    }
+  }
+  if (config.urlpath) {
+    url += '/' + config.urlpath
+  }
+  return url
+})()
+
+config.Environment = Environment
+
+// auth method
+config.isFacebookEnable = config.facebook.clientID && config.facebook.clientSecret
+config.isGoogleEnable = config.google.clientID && config.google.clientSecret
+config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret
+config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret
+config.isEmailEnable = config.email
+config.isGitHubEnable = config.github.clientID && config.github.clientSecret
+config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
+config.isLDAPEnable = config.ldap.url
+
+// generate correct path
+config.sslcapath = path.join(appRootPath, config.sslcapath)
+config.sslcertpath = path.join(appRootPath, config.sslcertpath)
+config.sslkeypath = path.join(appRootPath, config.sslkeypath)
+config.dhparampath = path.join(appRootPath, config.dhparampath)
+
+config.tmppath = path.join(appRootPath, config.tmppath)
+config.defaultnotepath = path.join(appRootPath, config.defaultnotepath)
+config.docspath = path.join(appRootPath, config.docspath)
+config.indexpath = path.join(appRootPath, config.indexpath)
+config.hackmdpath = path.join(appRootPath, config.hackmdpath)
+config.errorpath = path.join(appRootPath, config.errorpath)
+config.prettypath = path.join(appRootPath, config.prettypath)
+config.slidepath = path.join(appRootPath, config.slidepath)
+
+// maek config readonly
+config = deepFreeze(config)
+
+module.exports = config

lib/config/oldEnvironment.js

@@ -0,0 +1,8 @@
+'use strict'
+
+module.exports = {
+  debug: process.env.DEBUG,
+  dburl: process.env.DATABASE_URL,
+  urlpath: process.env.URL_PATH,
+  port: process.env.PORT
+}

lib/models/index.js

@@ -3,13 +3,14 @@
 var fs = require('fs')
 var path = require('path')
 var Sequelize = require('sequelize')
+const {cloneDeep} = require('lodash')
 
 // core
 var config = require('../config')
 var logger = require('../logger')
 
-var dbconfig = config.db
-dbconfig.logging = config.debug ? logger.info : false
+var dbconfig = cloneDeep(config.db)
+dbconfig.logger = config.debug ? logger.info : false
 
 var sequelize = null
 

lib/realtime.js

@@ -28,7 +28,8 @@ var realtime = {
   secure: secure,
   connection: connection,
   getStatus: getStatus,
-  isReady: isReady
+  isReady: isReady,
+  maintenance: true
 }
 
 function onAuthorizeSuccess (data, accept) {
@@ -699,7 +700,7 @@ function updateHistory (userId, note, time) {
 }
 
 function connection (socket) {
-  if (config.maintenance) return
+  if (realtime.maintenance) return
   parseNoteIdFromSocket(socket, function (err, noteId) {
     if (err) {
       return failConnection(500, err, socket)

lib/response.js

@@ -59,14 +59,14 @@ function showIndex (req, res, next) {
     url: config.serverurl,
     useCDN: config.usecdn,
     allowAnonymous: config.allowanonymous,
-    facebook: config.facebook,
-    twitter: config.twitter,
-    github: config.github,
-    gitlab: config.gitlab,
-    dropbox: config.dropbox,
-    google: config.google,
-    ldap: config.ldap,
-    email: config.email,
+    facebook: config.isFacebookEnable,
+    twitter: config.isTwitterEnable,
+    github: config.isGitHubEnable,
+    gitlab: config.isGitLabEnable,
+    dropbox: config.isDropboxEnable,
+    google: config.isGoogleEnable,
+    ldap: config.isLDAPEnable,
+    email: config.isEmailEnable,
     allowemailregister: config.allowemailregister,
     signin: req.isAuthenticated(),
     infoMessage: req.flash('info'),
@@ -89,14 +89,14 @@ function responseHackMD (res, note) {
     title: title,
     useCDN: config.usecdn,
     allowAnonymous: config.allowanonymous,
-    facebook: config.facebook,
-    twitter: config.twitter,
-    github: config.github,
-    gitlab: config.gitlab,
-    dropbox: config.dropbox,
-    google: config.google,
-    ldap: config.ldap,
-    email: config.email,
+    facebook: config.isFacebookEnable,
+    twitter: config.isTwitterEnable,
+    github: config.isGitHubEnable,
+    gitlab: config.isGitLabEnable,
+    dropbox: config.isDropboxEnable,
+    google: config.isGoogleEnable,
+    ldap: config.isLDAPEnable,
+    email: config.isEmailEnable,
     allowemailregister: config.allowemailregister
   })
 }

lib/web/auth/index.js

@@ -29,14 +29,14 @@ passport.deserializeUser(function (id, done) {
   })
 })
 
-if (config.facebook) authRouter.use(require('./facebook'))
-if (config.twitter) authRouter.use(require('./twitter'))
-if (config.github) authRouter.use(require('./github'))
-if (config.gitlab) authRouter.use(require('./gitlab'))
-if (config.dropbox) authRouter.use(require('./dropbox'))
-if (config.google) authRouter.use(require('./google'))
-if (config.ldap) authRouter.use(require('./ldap'))
-if (config.email) authRouter.use(require('./email'))
+if (config.isFacebookEnable) authRouter.use(require('./facebook'))
+if (config.isTwitterEnable) authRouter.use(require('./twitter'))
+if (config.isGitHubEnable) authRouter.use(require('./github'))
+if (config.isGitLabEnable) authRouter.use(require('./gitlab'))
+if (config.isDropboxEnable) authRouter.use(require('./dropbox'))
+if (config.isGoogleEnable) authRouter.use(require('./google'))
+if (config.isLDAPEnable) authRouter.use(require('./ldap'))
+if (config.isEmailEnable) authRouter.use(require('./email'))
 
 // logout
 authRouter.get('/logout', function (req, res) {

package.json

@@ -28,6 +28,7 @@
     "connect-session-sequelize": "^4.1.0",
     "cookie": "0.3.1",
     "cookie-parser": "1.4.3",
+    "deep-freeze": "^0.0.1",
     "diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
     "ejs": "^2.5.5",
     "emojify.js": "~1.1.0",
@@ -162,8 +163,8 @@
     "less-loader": "^2.2.3",
     "optimize-css-assets-webpack-plugin": "^1.3.0",
     "script-loader": "^0.7.0",
-    "style-loader": "^0.13.1",
     "standard": "^9.0.1",
+    "style-loader": "^0.13.1",
     "url-loader": "^0.5.7",
     "webpack": "^1.14.0",
     "webpack-parallel-uglify-plugin": "^0.2.0"