Add basics for secret management by Docker 1.13
See https://docs.docker.com/engine/swarm/secrets/
This commit is contained in:
parent
1de4242473
commit
a8b99638b2
1 changed files with 28 additions and 24 deletions
|
@ -1,11 +1,15 @@
|
||||||
// external modules
|
// external modules
|
||||||
var path = require('path');
|
var path = require('path');
|
||||||
|
var fs = require('fs');
|
||||||
|
|
||||||
// configs
|
// configs
|
||||||
var env = process.env.NODE_ENV || 'development';
|
var env = process.env.NODE_ENV || 'development';
|
||||||
var config = require(path.join(__dirname, '..', 'config.json'))[env];
|
var config = require(path.join(__dirname, '..', 'config.json'))[env];
|
||||||
var debug = process.env.DEBUG ? (process.env.DEBUG === 'true') : ((typeof config.debug === 'boolean') ? config.debug : (env === 'development'));
|
var debug = process.env.DEBUG ? (process.env.DEBUG === 'true') : ((typeof config.debug === 'boolean') ? config.debug : (env === 'development'));
|
||||||
|
|
||||||
|
// Create function that reads docker secrets but fails fast in case of a non docker environment
|
||||||
|
var handleDockerSecret = fs.existsSync('/run/secrets/') ? function(secret){return fs.existsSync('/run/secrets/' + secret) ? fs.readFileSync('/run/secrets/' + secret) : null;)} : function () {return null}
|
||||||
|
|
||||||
// url
|
// url
|
||||||
var domain = process.env.DOMAIN || process.env.HMD_DOMAIN || config.domain || '';
|
var domain = process.env.DOMAIN || process.env.HMD_DOMAIN || config.domain || '';
|
||||||
var urlpath = process.env.URL_PATH || process.env.HMD_URL_PATH || config.urlpath || '';
|
var urlpath = process.env.URL_PATH || process.env.HMD_URL_PATH || config.urlpath || '';
|
||||||
|
@ -28,10 +32,10 @@ var dburl = config.dburl || process.env.HMD_DB_URL || process.env.DATABASE_URL;
|
||||||
var db = config.db || {};
|
var db = config.db || {};
|
||||||
|
|
||||||
// ssl path
|
// ssl path
|
||||||
var sslkeypath = config.sslkeypath || '';
|
var sslkeypath = (fs.existsSync('/run/secrets/key.pem') ? '/run/secrets/key.pem' : null) || config.sslkeypath || '';
|
||||||
var sslcertpath = config.sslcertpath || '';
|
var sslcertpath = (fs.existsSync('/run/secrets/cert.pem') ? '/run/secrets/cert.pem' : null) || config.sslcertpath || '';
|
||||||
var sslcapath = config.sslcapath || '';
|
var sslcapath = (fs.existsSync('/run/secrets/ca.pem') ? '/run/secrets/ca.pem' : null) || config.sslcapath || '';
|
||||||
var dhparampath = config.dhparampath || '';
|
var dhparampath = (fs.existsSync('/run/secrets/dhparam.pem') ? '/run/secrets/dhparam.pem' : null) || config.dhparampath || '';
|
||||||
|
|
||||||
// other path
|
// other path
|
||||||
var tmppath = config.tmppath || './tmp';
|
var tmppath = config.tmppath || './tmp';
|
||||||
|
@ -45,7 +49,7 @@ var slidepath = config.slidepath || './public/views/slide.ejs';
|
||||||
|
|
||||||
// session
|
// session
|
||||||
var sessionname = config.sessionname || 'connect.sid';
|
var sessionname = config.sessionname || 'connect.sid';
|
||||||
var sessionsecret = config.sessionsecret || 'secret';
|
var sessionsecret = handleDockerSecret('sessionsecret') || config.sessionsecret || 'secret';
|
||||||
var sessionlife = config.sessionlife || 14 * 24 * 60 * 60 * 1000; //14 days
|
var sessionlife = config.sessionlife || 14 * 24 * 60 * 60 * 1000; //14 days
|
||||||
|
|
||||||
// static files
|
// static files
|
||||||
|
@ -63,35 +67,35 @@ var imageUploadType = process.env.HMD_IMAGE_UPLOAD_TYPE || config.imageUploadTyp
|
||||||
|
|
||||||
config.s3 = config.s3 || {};
|
config.s3 = config.s3 || {};
|
||||||
var s3 = {
|
var s3 = {
|
||||||
accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId,
|
accessKeyId: handleDockerSecret('s3_acccessKeyId') || process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId,
|
||||||
secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey,
|
secretAccessKey: handleDockerSecret('s3_secretAccessKey') || process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey,
|
||||||
region: process.env.HMD_S3_REGION || config.s3.region
|
region: process.env.HMD_S3_REGION || config.s3.region
|
||||||
}
|
}
|
||||||
var s3bucket = process.env.HMD_S3_BUCKET || config.s3.bucket;
|
var s3bucket = process.env.HMD_S3_BUCKET || config.s3.bucket;
|
||||||
|
|
||||||
// auth
|
// auth
|
||||||
var facebook = (process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET) ? {
|
var facebook = (process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET || fs.existsSync('/run/secrets/facebook_clientID') && fs.existsSync('/run/secrets/facebook_clientSecret')) ? {
|
||||||
clientID: process.env.HMD_FACEBOOK_CLIENTID,
|
clientID: handleDockerSecret('facebook_clientID') || process.env.HMD_FACEBOOK_CLIENTID,
|
||||||
clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET
|
clientSecret: handleDockerSecret('facebook_clientSecret') || process.env.HMD_FACEBOOK_CLIENTSECRET
|
||||||
} : config.facebook || false;
|
} : config.facebook || false;
|
||||||
var twitter = (process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET) ? {
|
var twitter = (process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET || fs.existsSync('/run/secrets/twitter_consumerKey') && fs.existsSync('/run/secrets/twitter_consumerSecret')) ? {
|
||||||
consumerKey: process.env.HMD_TWITTER_CONSUMERKEY,
|
consumerKey: handleDockerSecret('twitter_consumerKey') || process.env.HMD_TWITTER_CONSUMERKEY,
|
||||||
consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET
|
consumerSecret: handleDockerSecret('twitter_consumerSecret') || process.env.HMD_TWITTER_CONSUMERSECRET
|
||||||
} : config.twitter || false;
|
} : config.twitter || false;
|
||||||
var github = (process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET) ? {
|
var github = (process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET || fs.existsSync('/run/secrets/github_clientID') && fs.existsSync('/run/secrets/github_clientSecret')) ? {
|
||||||
clientID: process.env.HMD_GITHUB_CLIENTID,
|
clientID: handleDockerSecret('github_clientID') || process.env.HMD_GITHUB_CLIENTID,
|
||||||
clientSecret: process.env.HMD_GITHUB_CLIENTSECRET
|
clientSecret: handleDockerSecret('github_clientSecret') || process.env.HMD_GITHUB_CLIENTSECRET
|
||||||
} : config.github || false;
|
} : config.github || false;
|
||||||
var gitlab = (process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET) ? {
|
var gitlab = (process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET || fs.existsSync('/run/secrets/gitlab_clientID') && fs.existsSync('/run/secrets/gitlab_clientSecret')) ? {
|
||||||
baseURL: process.env.HMD_GITLAB_BASEURL,
|
baseURL: process.env.HMD_GITLAB_BASEURL,
|
||||||
clientID: process.env.HMD_GITLAB_CLIENTID,
|
clientID: handleDockerSecret('gitlab_clientID') || process.env.HMD_GITLAB_CLIENTID,
|
||||||
clientSecret: process.env.HMD_GITLAB_CLIENTSECRET
|
clientSecret: handleDockerSecret('gitlab_clientSecret') || process.env.HMD_GITLAB_CLIENTSECRET
|
||||||
} : config.gitlab || false;
|
} : config.gitlab || false;
|
||||||
var dropbox = (process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET) ? {
|
var dropbox = (process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET || fs.existsSync('/run/secrets/dropbox_clientID') && fs.existsSync('/run/secrets/dropbox_clientSecret')) ? {
|
||||||
clientID: process.env.HMD_DROPBOX_CLIENTID,
|
clientID: handleDockerSecret('dropbox_clientID') || process.env.HMD_DROPBOX_CLIENTID,
|
||||||
clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET
|
clientSecret: handleDockerSecret('dropbox_clientSecret') || process.env.HMD_DROPBOX_CLIENTSECRET
|
||||||
} : config.dropbox || false;
|
} : config.dropbox || false;
|
||||||
var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET) ? {
|
var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET || fs.existsSync('/run/secrets/google_clientID') && fs.existsSync('/run/secrets/google_clientSecret')) ? {
|
||||||
clientID: process.env.HMD_GOOGLE_CLIENTID,
|
clientID: process.env.HMD_GOOGLE_CLIENTID,
|
||||||
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
|
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
|
||||||
} : config.google || false;
|
} : config.google || false;
|
||||||
|
@ -130,7 +134,7 @@ if (process.env.HMD_LDAP_TLS_CA) {
|
||||||
if (process.env.HMD_LDAP_PROVIDERNAME) {
|
if (process.env.HMD_LDAP_PROVIDERNAME) {
|
||||||
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;
|
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;
|
||||||
}
|
}
|
||||||
var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false;
|
var imgur = handleDockerSecret('imgur_clientid') || process.env.HMD_IMGUR_CLIENTID || config.imgur || false;
|
||||||
var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email;
|
var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email;
|
||||||
var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true);
|
var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue