refactor(config.js): Extract config file
* Separate different config source to each files * Freeze config object
This commit is contained in:
parent
4738ba7d36
commit
ecb0533605
15 changed files with 767 additions and 618 deletions
13
app.js
13
app.js
|
@ -29,20 +29,17 @@ var response = require('./lib/response')
|
||||||
var models = require('./lib/models')
|
var models = require('./lib/models')
|
||||||
|
|
||||||
// generate front-end constants by template
|
// generate front-end constants by template
|
||||||
var configJson = config.raw
|
|
||||||
var constpath = path.join(__dirname, './public/js/lib/common/constant.ejs')
|
var constpath = path.join(__dirname, './public/js/lib/common/constant.ejs')
|
||||||
var googleApiKey = (fs.existsSync('/run/secrets/google_apiKey') && config.handleDockerSecret('google_apiKey')) || process.env.HMD_GOOGLE_API_KEY || (configJson.google && configJson.google.apiKey) || ''
|
|
||||||
var googleClientID = (fs.existsSync('/run/secrets/google_clientID') && config.handleDockerSecret('google_clientID')) || process.env.HMD_GOOGLE_CLIENT_ID || (configJson.google && configJson.google.clientID) || ''
|
|
||||||
var dropboxAppKey = (fs.existsSync('/run/secrets/dropbox_appKey') && config.handleDockerSecret('dropbox_appKey')) || process.env.HMD_DROPBOX_APP_KEY || (configJson.dropbox && configJson.dropbox.appKey) || ''
|
|
||||||
var data = {
|
var data = {
|
||||||
domain: config.domain,
|
domain: config.domain,
|
||||||
urlpath: config.urlpath,
|
urlpath: config.urlpath,
|
||||||
debug: config.debug,
|
debug: config.debug,
|
||||||
version: config.version,
|
version: config.version,
|
||||||
GOOGLE_API_KEY: googleApiKey,
|
GOOGLE_API_KEY: config.google.clientSecret,
|
||||||
GOOGLE_CLIENT_ID: googleClientID,
|
GOOGLE_CLIENT_ID: config.google.clientID,
|
||||||
DROPBOX_APP_KEY: dropboxAppKey
|
DROPBOX_APP_KEY: config.dropbox.clientSecret
|
||||||
}
|
}
|
||||||
|
|
||||||
ejs.renderFile(constpath, data, {}, function (err, str) {
|
ejs.renderFile(constpath, data, {}, function (err, str) {
|
||||||
if (err) throw new Error(err)
|
if (err) throw new Error(err)
|
||||||
fs.writeFileSync(path.join(__dirname, './public/build/constant.js'), str)
|
fs.writeFileSync(path.join(__dirname, './public/build/constant.js'), str)
|
||||||
|
@ -204,7 +201,7 @@ function startListen () {
|
||||||
server.listen(config.port, function () {
|
server.listen(config.port, function () {
|
||||||
var schema = config.usessl ? 'HTTPS' : 'HTTP'
|
var schema = config.usessl ? 'HTTPS' : 'HTTP'
|
||||||
logger.info('%s Server listening at port %d', schema, config.port)
|
logger.info('%s Server listening at port %d', schema, config.port)
|
||||||
config.maintenance = false
|
realtime.maintenance = false
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
223
lib/config.js
223
lib/config.js
|
@ -1,223 +0,0 @@
|
||||||
'use strict'
|
|
||||||
// external modules
|
|
||||||
var fs = require('fs')
|
|
||||||
var path = require('path')
|
|
||||||
|
|
||||||
// configs
|
|
||||||
var env = process.env.NODE_ENV || 'development'
|
|
||||||
var config = require(path.join(__dirname, '..', 'config.json'))[env]
|
|
||||||
var debug = process.env.DEBUG ? (process.env.DEBUG === 'true') : ((typeof config.debug === 'boolean') ? config.debug : (env === 'development'))
|
|
||||||
|
|
||||||
// Create function that reads docker secrets but fails fast in case of a non docker environment
|
|
||||||
var handleDockerSecret = fs.existsSync('/run/secrets/') ? function (secret) {
|
|
||||||
return fs.existsSync('/run/secrets/' + secret) ? fs.readFileSync('/run/secrets/' + secret) : null
|
|
||||||
} : function () {
|
|
||||||
return null
|
|
||||||
}
|
|
||||||
|
|
||||||
// url
|
|
||||||
var domain = process.env.DOMAIN || process.env.HMD_DOMAIN || config.domain || ''
|
|
||||||
var urlpath = process.env.URL_PATH || process.env.HMD_URL_PATH || config.urlpath || ''
|
|
||||||
var port = process.env.PORT || process.env.HMD_PORT || config.port || 3000
|
|
||||||
var alloworigin = process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : (config.alloworigin || ['localhost'])
|
|
||||||
|
|
||||||
var usessl = !!config.usessl
|
|
||||||
var protocolusessl = (usessl === true && typeof process.env.HMD_PROTOCOL_USESSL === 'undefined' && typeof config.protocolusessl === 'undefined')
|
|
||||||
? true : (process.env.HMD_PROTOCOL_USESSL ? (process.env.HMD_PROTOCOL_USESSL === 'true') : !!config.protocolusessl)
|
|
||||||
var urladdport = process.env.HMD_URL_ADDPORT ? (process.env.HMD_URL_ADDPORT === 'true') : !!config.urladdport
|
|
||||||
|
|
||||||
var usecdn = process.env.HMD_USECDN ? (process.env.HMD_USECDN === 'true') : ((typeof config.usecdn === 'boolean') ? config.usecdn : true)
|
|
||||||
|
|
||||||
var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_ANONYMOUS === 'true') : ((typeof config.allowanonymous === 'boolean') ? config.allowanonymous : true)
|
|
||||||
|
|
||||||
var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl
|
|
||||||
|
|
||||||
var permissions = ['editable', 'limited', 'locked', 'protected', 'private']
|
|
||||||
if (allowanonymous) {
|
|
||||||
permissions.unshift('freely')
|
|
||||||
}
|
|
||||||
|
|
||||||
var defaultpermission = process.env.HMD_DEFAULT_PERMISSION || config.defaultpermission
|
|
||||||
defaultpermission = permissions.indexOf(defaultpermission) !== -1 ? defaultpermission : 'editable'
|
|
||||||
|
|
||||||
// db
|
|
||||||
var dburl = process.env.HMD_DB_URL || process.env.DATABASE_URL || config.dburl
|
|
||||||
var db = config.db || {}
|
|
||||||
|
|
||||||
// ssl path
|
|
||||||
var sslkeypath = (fs.existsSync('/run/secrets/key.pem') ? '/run/secrets/key.pem' : null) || config.sslkeypath || ''
|
|
||||||
var sslcertpath = (fs.existsSync('/run/secrets/cert.pem') ? '/run/secrets/cert.pem' : null) || config.sslcertpath || ''
|
|
||||||
var sslcapath = (fs.existsSync('/run/secrets/ca.pem') ? '/run/secrets/ca.pem' : null) || config.sslcapath || ''
|
|
||||||
var dhparampath = (fs.existsSync('/run/secrets/dhparam.pem') ? '/run/secrets/dhparam.pem' : null) || config.dhparampath || ''
|
|
||||||
|
|
||||||
// other path
|
|
||||||
var tmppath = config.tmppath || './tmp'
|
|
||||||
var defaultnotepath = config.defaultnotepath || './public/default.md'
|
|
||||||
var docspath = config.docspath || './public/docs'
|
|
||||||
var indexpath = config.indexpath || './public/views/index.ejs'
|
|
||||||
var hackmdpath = config.hackmdpath || './public/views/hackmd.ejs'
|
|
||||||
var errorpath = config.errorpath || './public/views/error.ejs'
|
|
||||||
var prettypath = config.prettypath || './public/views/pretty.ejs'
|
|
||||||
var slidepath = config.slidepath || './public/views/slide.ejs'
|
|
||||||
|
|
||||||
// session
|
|
||||||
var sessionname = config.sessionname || 'connect.sid'
|
|
||||||
var sessionsecret = handleDockerSecret('sessionsecret') || config.sessionsecret || 'secret'
|
|
||||||
var sessionlife = config.sessionlife || 14 * 24 * 60 * 60 * 1000 // 14 days
|
|
||||||
|
|
||||||
// static files
|
|
||||||
var staticcachetime = config.staticcachetime || 1 * 24 * 60 * 60 * 1000 // 1 day
|
|
||||||
|
|
||||||
// socket.io
|
|
||||||
var heartbeatinterval = config.heartbeatinterval || 5000
|
|
||||||
var heartbeattimeout = config.heartbeattimeout || 10000
|
|
||||||
|
|
||||||
// document
|
|
||||||
var documentmaxlength = config.documentmaxlength || 100000
|
|
||||||
|
|
||||||
// image upload setting, available options are imgur/s3/filesystem
|
|
||||||
var imageUploadType = process.env.HMD_IMAGE_UPLOAD_TYPE || config.imageUploadType || 'imgur'
|
|
||||||
|
|
||||||
config.s3 = config.s3 || {}
|
|
||||||
var s3 = {
|
|
||||||
accessKeyId: handleDockerSecret('s3_acccessKeyId') || process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId,
|
|
||||||
secretAccessKey: handleDockerSecret('s3_secretAccessKey') || process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey,
|
|
||||||
region: process.env.HMD_S3_REGION || config.s3.region
|
|
||||||
}
|
|
||||||
var s3bucket = process.env.HMD_S3_BUCKET || config.s3.bucket
|
|
||||||
|
|
||||||
// auth
|
|
||||||
var facebook = ((process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET) || (fs.existsSync('/run/secrets/facebook_clientID') && fs.existsSync('/run/secrets/facebook_clientSecret'))) ? {
|
|
||||||
clientID: handleDockerSecret('facebook_clientID') || process.env.HMD_FACEBOOK_CLIENTID,
|
|
||||||
clientSecret: handleDockerSecret('facebook_clientSecret') || process.env.HMD_FACEBOOK_CLIENTSECRET
|
|
||||||
} : config.facebook || false
|
|
||||||
var twitter = ((process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET) || (fs.existsSync('/run/secrets/twitter_consumerKey') && fs.existsSync('/run/secrets/twitter_consumerSecret'))) ? {
|
|
||||||
consumerKey: handleDockerSecret('twitter_consumerKey') || process.env.HMD_TWITTER_CONSUMERKEY,
|
|
||||||
consumerSecret: handleDockerSecret('twitter_consumerSecret') || process.env.HMD_TWITTER_CONSUMERSECRET
|
|
||||||
} : config.twitter || false
|
|
||||||
var github = ((process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET) || (fs.existsSync('/run/secrets/github_clientID') && fs.existsSync('/run/secrets/github_clientSecret'))) ? {
|
|
||||||
clientID: handleDockerSecret('github_clientID') || process.env.HMD_GITHUB_CLIENTID,
|
|
||||||
clientSecret: handleDockerSecret('github_clientSecret') || process.env.HMD_GITHUB_CLIENTSECRET
|
|
||||||
} : config.github || false
|
|
||||||
var gitlab = ((process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET) || (fs.existsSync('/run/secrets/gitlab_clientID') && fs.existsSync('/run/secrets/gitlab_clientSecret'))) ? {
|
|
||||||
baseURL: process.env.HMD_GITLAB_BASEURL,
|
|
||||||
clientID: handleDockerSecret('gitlab_clientID') || process.env.HMD_GITLAB_CLIENTID,
|
|
||||||
clientSecret: handleDockerSecret('gitlab_clientSecret') || process.env.HMD_GITLAB_CLIENTSECRET,
|
|
||||||
scope: process.env.HMD_GITLAB_SCOPE
|
|
||||||
} : (config.gitlab && config.gitlab.clientID && config.gitlab.clientSecret && config.gitlab) || false
|
|
||||||
var dropbox = ((process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET) || (fs.existsSync('/run/secrets/dropbox_clientID') && fs.existsSync('/run/secrets/dropbox_clientSecret'))) ? {
|
|
||||||
clientID: handleDockerSecret('dropbox_clientID') || process.env.HMD_DROPBOX_CLIENTID,
|
|
||||||
clientSecret: handleDockerSecret('dropbox_clientSecret') || process.env.HMD_DROPBOX_CLIENTSECRET
|
|
||||||
} : (config.dropbox && config.dropbox.clientID && config.dropbox.clientSecret && config.dropbox) || false
|
|
||||||
var google = ((process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET) ||
|
|
||||||
(fs.existsSync('/run/secrets/google_clientID') && fs.existsSync('/run/secrets/google_clientSecret'))) ? {
|
|
||||||
clientID: handleDockerSecret('google_clientID') || process.env.HMD_GOOGLE_CLIENTID,
|
|
||||||
clientSecret: handleDockerSecret('google_clientSecret') || process.env.HMD_GOOGLE_CLIENTSECRET
|
|
||||||
} : (config.google && config.google.clientID && config.google.clientSecret && config.google) || false
|
|
||||||
var ldap = config.ldap || ((
|
|
||||||
process.env.HMD_LDAP_URL ||
|
|
||||||
process.env.HMD_LDAP_BINDDN ||
|
|
||||||
process.env.HMD_LDAP_BINDCREDENTIALS ||
|
|
||||||
process.env.HMD_LDAP_TOKENSECRET ||
|
|
||||||
process.env.HMD_LDAP_SEARCHBASE ||
|
|
||||||
process.env.HMD_LDAP_SEARCHFILTER ||
|
|
||||||
process.env.HMD_LDAP_SEARCHATTRIBUTES ||
|
|
||||||
process.env.HMD_LDAP_TLS_CA ||
|
|
||||||
process.env.HMD_LDAP_PROVIDERNAME
|
|
||||||
) ? {} : false)
|
|
||||||
if (process.env.HMD_LDAP_URL) { ldap.url = process.env.HMD_LDAP_URL }
|
|
||||||
if (process.env.HMD_LDAP_BINDDN) { ldap.bindDn = process.env.HMD_LDAP_BINDDN }
|
|
||||||
if (process.env.HMD_LDAP_BINDCREDENTIALS) { ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS }
|
|
||||||
if (process.env.HMD_LDAP_TOKENSECRET) { ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET }
|
|
||||||
if (process.env.HMD_LDAP_SEARCHBASE) { ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE }
|
|
||||||
if (process.env.HMD_LDAP_SEARCHFILTER) { ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER }
|
|
||||||
if (process.env.HMD_LDAP_SEARCHATTRIBUTES) { ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES }
|
|
||||||
if (process.env.HMD_LDAP_TLS_CA) {
|
|
||||||
var ca = {
|
|
||||||
ca: process.env.HMD_LDAP_TLS_CA.split(',')
|
|
||||||
}
|
|
||||||
ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca
|
|
||||||
if (Array.isArray(ldap.tlsOptions.ca) && ldap.tlsOptions.ca.length > 0) {
|
|
||||||
var i, len, results
|
|
||||||
results = []
|
|
||||||
for (i = 0, len = ldap.tlsOptions.ca.length; i < len; i++) {
|
|
||||||
results.push(fs.readFileSync(ldap.tlsOptions.ca[i], 'utf8'))
|
|
||||||
}
|
|
||||||
ldap.tlsOptions.ca = results
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (process.env.HMD_LDAP_PROVIDERNAME) {
|
|
||||||
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME
|
|
||||||
}
|
|
||||||
var imgur = handleDockerSecret('imgur_clientid') || process.env.HMD_IMGUR_CLIENTID || config.imgur || false
|
|
||||||
var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email
|
|
||||||
var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true)
|
|
||||||
|
|
||||||
function getserverurl () {
|
|
||||||
var url = ''
|
|
||||||
if (domain) {
|
|
||||||
var protocol = protocolusessl ? 'https://' : 'http://'
|
|
||||||
url = protocol + domain
|
|
||||||
if (urladdport && ((usessl && port !== 443) || (!usessl && port !== 80))) { url += ':' + port }
|
|
||||||
}
|
|
||||||
if (urlpath) { url += '/' + urlpath }
|
|
||||||
return url
|
|
||||||
}
|
|
||||||
|
|
||||||
var version = '0.5.1'
|
|
||||||
var minimumCompatibleVersion = '0.5.0'
|
|
||||||
var maintenance = true
|
|
||||||
var cwd = path.join(__dirname, '..')
|
|
||||||
|
|
||||||
module.exports = {
|
|
||||||
raw: config,
|
|
||||||
handleDockerSecret: handleDockerSecret,
|
|
||||||
version: version,
|
|
||||||
minimumCompatibleVersion: minimumCompatibleVersion,
|
|
||||||
maintenance: maintenance,
|
|
||||||
domain: domain,
|
|
||||||
urlpath: urlpath,
|
|
||||||
debug: debug,
|
|
||||||
port: port,
|
|
||||||
alloworigin: alloworigin,
|
|
||||||
usessl: usessl,
|
|
||||||
serverurl: getserverurl(),
|
|
||||||
usecdn: usecdn,
|
|
||||||
allowanonymous: allowanonymous,
|
|
||||||
allowfreeurl: allowfreeurl,
|
|
||||||
defaultpermission: defaultpermission,
|
|
||||||
dburl: dburl,
|
|
||||||
db: db,
|
|
||||||
sslkeypath: path.join(cwd, sslkeypath),
|
|
||||||
sslcertpath: path.join(cwd, sslcertpath),
|
|
||||||
sslcapath: path.join(cwd, sslcapath),
|
|
||||||
dhparampath: path.join(cwd, dhparampath),
|
|
||||||
tmppath: path.join(cwd, tmppath),
|
|
||||||
defaultnotepath: path.join(cwd, defaultnotepath),
|
|
||||||
docspath: path.join(cwd, docspath),
|
|
||||||
indexpath: path.join(cwd, indexpath),
|
|
||||||
hackmdpath: path.join(cwd, hackmdpath),
|
|
||||||
errorpath: path.join(cwd, errorpath),
|
|
||||||
prettypath: path.join(cwd, prettypath),
|
|
||||||
slidepath: path.join(cwd, slidepath),
|
|
||||||
sessionname: sessionname,
|
|
||||||
sessionsecret: sessionsecret,
|
|
||||||
sessionlife: sessionlife,
|
|
||||||
staticcachetime: staticcachetime,
|
|
||||||
heartbeatinterval: heartbeatinterval,
|
|
||||||
heartbeattimeout: heartbeattimeout,
|
|
||||||
documentmaxlength: documentmaxlength,
|
|
||||||
facebook: facebook,
|
|
||||||
twitter: twitter,
|
|
||||||
github: github,
|
|
||||||
gitlab: gitlab,
|
|
||||||
dropbox: dropbox,
|
|
||||||
google: google,
|
|
||||||
ldap: ldap,
|
|
||||||
imgur: imgur,
|
|
||||||
email: email,
|
|
||||||
allowemailregister: allowemailregister,
|
|
||||||
imageUploadType: imageUploadType,
|
|
||||||
s3: s3,
|
|
||||||
s3bucket: s3bucket
|
|
||||||
}
|
|
92
lib/config/default.js
Normal file
92
lib/config/default.js
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
domain: '',
|
||||||
|
urlpath: '',
|
||||||
|
port: 3000,
|
||||||
|
urladdport: false,
|
||||||
|
alloworigin: ['localhost'],
|
||||||
|
usessl: false,
|
||||||
|
protocolusessl: false,
|
||||||
|
usecdn: true,
|
||||||
|
allowanonymous: true,
|
||||||
|
allowfreeurl: false,
|
||||||
|
defaultpermission: 'editable',
|
||||||
|
dburl: '',
|
||||||
|
db: {},
|
||||||
|
// ssl path
|
||||||
|
sslkeypath: '',
|
||||||
|
sslcertpath: '',
|
||||||
|
sslcapath: '',
|
||||||
|
dhparampath: '',
|
||||||
|
// other path
|
||||||
|
tmppath: './tmp',
|
||||||
|
defaultnotepath: './public/default.md',
|
||||||
|
docspath: './public/docs',
|
||||||
|
indexpath: './public/views/index.ejs',
|
||||||
|
hackmdpath: './public/views/hackmd.ejs',
|
||||||
|
errorpath: './public/views/error.ejs',
|
||||||
|
prettypath: './public/views/pretty.ejs',
|
||||||
|
slidepath: './public/views/slide.ejs',
|
||||||
|
// session
|
||||||
|
sessionname: 'connect.sid',
|
||||||
|
sessionsecret: 'secret',
|
||||||
|
sessionlife: 14 * 24 * 60 * 60 * 1000, // 14 days
|
||||||
|
staticcachetime: 1 * 24 * 60 * 60 * 1000, // 1 day
|
||||||
|
// socket.io
|
||||||
|
heartbeatinterval: 5000,
|
||||||
|
heartbeattimeout: 10000,
|
||||||
|
// document
|
||||||
|
documentmaxlength: 100000,
|
||||||
|
// image upload setting, available options are imgur/s3/filesystem
|
||||||
|
imageUploadType: 'filesystem',
|
||||||
|
imgur: {
|
||||||
|
clientID: undefined
|
||||||
|
},
|
||||||
|
s3: {
|
||||||
|
accessKeyId: undefined,
|
||||||
|
secretAccessKey: undefined,
|
||||||
|
region: undefined
|
||||||
|
},
|
||||||
|
s3bucket: undefined,
|
||||||
|
// authentication
|
||||||
|
facebook: {
|
||||||
|
clientID: undefined,
|
||||||
|
clientSecret: undefined
|
||||||
|
},
|
||||||
|
twitter: {
|
||||||
|
consumerKey: undefined,
|
||||||
|
consumerSecret: undefined
|
||||||
|
},
|
||||||
|
github: {
|
||||||
|
clientID: undefined,
|
||||||
|
clientSecret: undefined
|
||||||
|
},
|
||||||
|
gitlab: {
|
||||||
|
baseURL: undefined,
|
||||||
|
clientID: undefined,
|
||||||
|
clientSecret: undefined,
|
||||||
|
scope: undefined
|
||||||
|
},
|
||||||
|
dropbox: {
|
||||||
|
clientID: undefined,
|
||||||
|
clientSecret: undefined
|
||||||
|
},
|
||||||
|
google: {
|
||||||
|
clientID: undefined,
|
||||||
|
clientSecret: undefined
|
||||||
|
},
|
||||||
|
ldap: {
|
||||||
|
providerName: undefined,
|
||||||
|
url: undefined,
|
||||||
|
bindDn: undefined,
|
||||||
|
bindCredentials: undefined,
|
||||||
|
tokenSecret: undefined,
|
||||||
|
searchBase: undefined,
|
||||||
|
searchFilter: undefined,
|
||||||
|
searchAttributes: undefined,
|
||||||
|
tlsca: undefined
|
||||||
|
},
|
||||||
|
email: true,
|
||||||
|
allowemailregister: true
|
||||||
|
}
|
17
lib/config/defaultSSL.js
Normal file
17
lib/config/defaultSSL.js
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
const fs = require('fs')
|
||||||
|
|
||||||
|
function getFile (path) {
|
||||||
|
if (fs.existsSync(path)) {
|
||||||
|
return path
|
||||||
|
}
|
||||||
|
return undefined
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
sslkeypath: getFile('/run/secrets/key.pem'),
|
||||||
|
sslcertpath: getFile('/run/secrets/cert.pem'),
|
||||||
|
sslcapath: getFile('/run/secrets/ca.pem'),
|
||||||
|
dhparampath: getFile('/run/secrets/dhparam.pem')
|
||||||
|
}
|
51
lib/config/dockerSecret.js
Normal file
51
lib/config/dockerSecret.js
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
const fs = require('fs')
|
||||||
|
const path = require('path')
|
||||||
|
|
||||||
|
const basePath = path.resolve('/var/run/secrets/')
|
||||||
|
|
||||||
|
function getSecret (secret) {
|
||||||
|
const filePath = path.join(basePath, secret)
|
||||||
|
if (fs.existsSync(filePath)) return fs.readFileSync(filePath)
|
||||||
|
return undefined
|
||||||
|
}
|
||||||
|
|
||||||
|
if (fs.existsSync(basePath)) {
|
||||||
|
module.exports = {
|
||||||
|
sessionsecret: getSecret('sessionsecret'),
|
||||||
|
sslkeypath: getSecret('sslkeypath'),
|
||||||
|
sslcertpath: getSecret('sslcertpath'),
|
||||||
|
sslcapath: getSecret('sslcapath'),
|
||||||
|
dhparampath: getSecret('dhparampath'),
|
||||||
|
s3: {
|
||||||
|
accessKeyId: getSecret('s3_acccessKeyId'),
|
||||||
|
secretAccessKey: getSecret('s3_secretAccessKey')
|
||||||
|
},
|
||||||
|
facebook: {
|
||||||
|
clientID: getSecret('facebook_clientID'),
|
||||||
|
clientSecret: getSecret('facebook_clientSecret')
|
||||||
|
},
|
||||||
|
twitter: {
|
||||||
|
consumerKey: getSecret('twitter_consumerKey'),
|
||||||
|
consumerSecret: getSecret('twitter_consumerSecret')
|
||||||
|
},
|
||||||
|
github: {
|
||||||
|
clientID: getSecret('github_clientID'),
|
||||||
|
clientSecret: getSecret('github_clientSecret')
|
||||||
|
},
|
||||||
|
gitlab: {
|
||||||
|
clientID: getSecret('gitlab_clientID'),
|
||||||
|
clientSecret: getSecret('gitlab_clientSecret')
|
||||||
|
},
|
||||||
|
dropbox: {
|
||||||
|
clientID: getSecret('dropbox_clientID'),
|
||||||
|
clientSecret: getSecret('dropbox_clientSecret')
|
||||||
|
},
|
||||||
|
google: {
|
||||||
|
clientID: getSecret('google_clientID'),
|
||||||
|
clientSecret: getSecret('google_clientSecret')
|
||||||
|
},
|
||||||
|
imgur: getSecret('imgur_clientid')
|
||||||
|
}
|
||||||
|
}
|
16
lib/config/enum.js
Normal file
16
lib/config/enum.js
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
exports.Environment = {
|
||||||
|
development: 'development',
|
||||||
|
production: 'production',
|
||||||
|
test: 'test'
|
||||||
|
}
|
||||||
|
|
||||||
|
exports.Permission = {
|
||||||
|
freely: 'freely',
|
||||||
|
editable: 'editable',
|
||||||
|
limited: 'limited',
|
||||||
|
locked: 'locked',
|
||||||
|
protected: 'protected',
|
||||||
|
private: 'private'
|
||||||
|
}
|
64
lib/config/environment.js
Normal file
64
lib/config/environment.js
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
domain: process.env.HMD_DOMAIN,
|
||||||
|
urlpath: process.env.HMD_URL_PATH,
|
||||||
|
port: process.env.HMD_PORT,
|
||||||
|
urladdport: process.env.HMD_URL_ADDPORT,
|
||||||
|
usessl: process.env.HMD_PROTOCOL_USESSL,
|
||||||
|
alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
|
||||||
|
usecdn: process.env.HMD_USECDN,
|
||||||
|
allowanonymous: process.env.HMD_ALLOW_ANONYMOUS,
|
||||||
|
allowfreeurl: process.env.HMD_ALLOW_FREEURL,
|
||||||
|
defaultpermission: process.env.HMD_DEFAULT_PERMISSION,
|
||||||
|
dburl: process.env.HMD_DB_URL,
|
||||||
|
imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE,
|
||||||
|
imgur: {
|
||||||
|
clientID: process.env.HMD_IMGUR_CLIENTID
|
||||||
|
},
|
||||||
|
s3: {
|
||||||
|
accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID,
|
||||||
|
secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY,
|
||||||
|
region: process.env.HMD_S3_REGION
|
||||||
|
},
|
||||||
|
s3bucket: process.env.HMD_S3_BUCKET,
|
||||||
|
facebook: {
|
||||||
|
clientID: process.env.HMD_FACEBOOK_CLIENTID,
|
||||||
|
clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET
|
||||||
|
},
|
||||||
|
twitter: {
|
||||||
|
consumerKey: process.env.HMD_TWITTER_CONSUMERKEY,
|
||||||
|
consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET
|
||||||
|
},
|
||||||
|
github: {
|
||||||
|
clientID: process.env.HMD_GITHUB_CLIENTID,
|
||||||
|
clientSecret: process.env.HMD_GITHUB_CLIENTSECRET
|
||||||
|
},
|
||||||
|
gitlab: {
|
||||||
|
baseURL: process.env.HMD_GITLAB_BASEURL,
|
||||||
|
clientID: process.env.HMD_GITLAB_CLIENTID,
|
||||||
|
clientSecret: process.env.HMD_GITLAB_CLIENTSECRET,
|
||||||
|
scope: process.env.HMD_GITLAB_SCOPE
|
||||||
|
},
|
||||||
|
dropbox: {
|
||||||
|
clientID: process.env.HMD_DROPBOX_CLIENTID,
|
||||||
|
clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET
|
||||||
|
},
|
||||||
|
google: {
|
||||||
|
clientID: process.env.HMD_GOOGLE_CLIENTID,
|
||||||
|
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
|
||||||
|
},
|
||||||
|
ldap: {
|
||||||
|
providerName: process.env.HMD_LDAP_PROVIDERNAME,
|
||||||
|
url: process.env.HMD_LDAP_URL,
|
||||||
|
bindDn: process.env.HMD_LDAP_BINDDN,
|
||||||
|
bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS,
|
||||||
|
tokenSecret: process.env.HMD_LDAP_TOKENSECRET,
|
||||||
|
searchBase: process.env.HMD_LDAP_SEARCHBASE,
|
||||||
|
searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
|
||||||
|
searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
|
||||||
|
tlsca: process.env.HMD_LDAP_TLS_CA
|
||||||
|
},
|
||||||
|
email: process.env.HMD_EMAIL,
|
||||||
|
allowemailregister: process.env.HMD_ALLOW_EMAIL_REGISTER
|
||||||
|
}
|
112
lib/config/index.js
Normal file
112
lib/config/index.js
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
const fs = require('fs')
|
||||||
|
const path = require('path')
|
||||||
|
const {merge} = require('lodash')
|
||||||
|
const deepFreeze = require('deep-freeze')
|
||||||
|
const {Environment, Permission} = require('./enum')
|
||||||
|
|
||||||
|
const appRootPath = path.join(__dirname, '../../')
|
||||||
|
const env = process.env.NODE_ENV || Environment.development
|
||||||
|
const debugConfig = {
|
||||||
|
debug: (env === Environment.development)
|
||||||
|
}
|
||||||
|
|
||||||
|
const packageConfig = {
|
||||||
|
version: '0.5.1',
|
||||||
|
minimumCompatibleVersion: '0.5.0'
|
||||||
|
}
|
||||||
|
|
||||||
|
const configFilePath = path.join(__dirname, '../../config.json')
|
||||||
|
const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined
|
||||||
|
|
||||||
|
let config = require('./default')
|
||||||
|
merge(config, require('./defaultSSL'))
|
||||||
|
merge(config, debugConfig)
|
||||||
|
merge(config, packageConfig)
|
||||||
|
merge(config, fileConfig)
|
||||||
|
merge(config, require('./oldEnvironment'))
|
||||||
|
merge(config, require('./environment'))
|
||||||
|
merge(config, require('./dockerSecret'))
|
||||||
|
|
||||||
|
// load LDAP CA
|
||||||
|
if (config.ldap.tlsca) {
|
||||||
|
let ca = config.ldap.tlsca.split(',')
|
||||||
|
let caContent = []
|
||||||
|
for (let i of ca) {
|
||||||
|
if (fs.existsSync(ca[i])) {
|
||||||
|
caContent.push(fs.readFileSync(ca[i], 'utf8'))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let tlsOptions = {
|
||||||
|
ca: caContent
|
||||||
|
}
|
||||||
|
config.ldap.tlsOptions = config.ldap.tlsOptions ? Object.assign(config.ldap.tlsOptions, tlsOptions) : tlsOptions
|
||||||
|
}
|
||||||
|
|
||||||
|
// Permission
|
||||||
|
config.permission = Permission
|
||||||
|
if (!config.allowanonymous) {
|
||||||
|
delete config.permission.freely
|
||||||
|
}
|
||||||
|
if (!(config.defaultpermission in config.permission)) {
|
||||||
|
config.defaultpermission = config.permission.editable
|
||||||
|
}
|
||||||
|
|
||||||
|
// cache result, cannot change config in runtime!!!
|
||||||
|
config.isStandardHTTPsPort = (function isStandardHTTPsPort () {
|
||||||
|
return config.usessl && config.port === 443
|
||||||
|
})()
|
||||||
|
config.isStandardHTTPPort = (function isStandardHTTPPort () {
|
||||||
|
return !config.usessl && config.port === 80
|
||||||
|
})()
|
||||||
|
|
||||||
|
// cache serverURL
|
||||||
|
config.serverurl = (function getserverurl () {
|
||||||
|
var url = ''
|
||||||
|
if (config.domain) {
|
||||||
|
var protocol = config.protocolusessl ? 'https://' : 'http://'
|
||||||
|
url = protocol + config.domain
|
||||||
|
if (config.urladdport) {
|
||||||
|
if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) {
|
||||||
|
url += ':' + config.port
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (config.urlpath) {
|
||||||
|
url += '/' + config.urlpath
|
||||||
|
}
|
||||||
|
return url
|
||||||
|
})()
|
||||||
|
|
||||||
|
config.Environment = Environment
|
||||||
|
|
||||||
|
// auth method
|
||||||
|
config.isFacebookEnable = config.facebook.clientID && config.facebook.clientSecret
|
||||||
|
config.isGoogleEnable = config.google.clientID && config.google.clientSecret
|
||||||
|
config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret
|
||||||
|
config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret
|
||||||
|
config.isEmailEnable = config.email
|
||||||
|
config.isGitHubEnable = config.github.clientID && config.github.clientSecret
|
||||||
|
config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
|
||||||
|
config.isLDAPEnable = config.ldap.url
|
||||||
|
|
||||||
|
// generate correct path
|
||||||
|
config.sslcapath = path.join(appRootPath, config.sslcapath)
|
||||||
|
config.sslcertpath = path.join(appRootPath, config.sslcertpath)
|
||||||
|
config.sslkeypath = path.join(appRootPath, config.sslkeypath)
|
||||||
|
config.dhparampath = path.join(appRootPath, config.dhparampath)
|
||||||
|
|
||||||
|
config.tmppath = path.join(appRootPath, config.tmppath)
|
||||||
|
config.defaultnotepath = path.join(appRootPath, config.defaultnotepath)
|
||||||
|
config.docspath = path.join(appRootPath, config.docspath)
|
||||||
|
config.indexpath = path.join(appRootPath, config.indexpath)
|
||||||
|
config.hackmdpath = path.join(appRootPath, config.hackmdpath)
|
||||||
|
config.errorpath = path.join(appRootPath, config.errorpath)
|
||||||
|
config.prettypath = path.join(appRootPath, config.prettypath)
|
||||||
|
config.slidepath = path.join(appRootPath, config.slidepath)
|
||||||
|
|
||||||
|
// maek config readonly
|
||||||
|
config = deepFreeze(config)
|
||||||
|
|
||||||
|
module.exports = config
|
8
lib/config/oldEnvironment.js
Normal file
8
lib/config/oldEnvironment.js
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
debug: process.env.DEBUG,
|
||||||
|
dburl: process.env.DATABASE_URL,
|
||||||
|
urlpath: process.env.URL_PATH,
|
||||||
|
port: process.env.PORT
|
||||||
|
}
|
|
@ -3,13 +3,14 @@
|
||||||
var fs = require('fs')
|
var fs = require('fs')
|
||||||
var path = require('path')
|
var path = require('path')
|
||||||
var Sequelize = require('sequelize')
|
var Sequelize = require('sequelize')
|
||||||
|
const {cloneDeep} = require('lodash')
|
||||||
|
|
||||||
// core
|
// core
|
||||||
var config = require('../config')
|
var config = require('../config')
|
||||||
var logger = require('../logger')
|
var logger = require('../logger')
|
||||||
|
|
||||||
var dbconfig = config.db
|
var dbconfig = cloneDeep(config.db)
|
||||||
dbconfig.logging = config.debug ? logger.info : false
|
dbconfig.logger = config.debug ? logger.info : false
|
||||||
|
|
||||||
var sequelize = null
|
var sequelize = null
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,8 @@ var realtime = {
|
||||||
secure: secure,
|
secure: secure,
|
||||||
connection: connection,
|
connection: connection,
|
||||||
getStatus: getStatus,
|
getStatus: getStatus,
|
||||||
isReady: isReady
|
isReady: isReady,
|
||||||
|
maintenance: true
|
||||||
}
|
}
|
||||||
|
|
||||||
function onAuthorizeSuccess (data, accept) {
|
function onAuthorizeSuccess (data, accept) {
|
||||||
|
@ -699,7 +700,7 @@ function updateHistory (userId, note, time) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function connection (socket) {
|
function connection (socket) {
|
||||||
if (config.maintenance) return
|
if (realtime.maintenance) return
|
||||||
parseNoteIdFromSocket(socket, function (err, noteId) {
|
parseNoteIdFromSocket(socket, function (err, noteId) {
|
||||||
if (err) {
|
if (err) {
|
||||||
return failConnection(500, err, socket)
|
return failConnection(500, err, socket)
|
||||||
|
|
|
@ -59,14 +59,14 @@ function showIndex (req, res, next) {
|
||||||
url: config.serverurl,
|
url: config.serverurl,
|
||||||
useCDN: config.usecdn,
|
useCDN: config.usecdn,
|
||||||
allowAnonymous: config.allowanonymous,
|
allowAnonymous: config.allowanonymous,
|
||||||
facebook: config.facebook,
|
facebook: config.isFacebookEnable,
|
||||||
twitter: config.twitter,
|
twitter: config.isTwitterEnable,
|
||||||
github: config.github,
|
github: config.isGitHubEnable,
|
||||||
gitlab: config.gitlab,
|
gitlab: config.isGitLabEnable,
|
||||||
dropbox: config.dropbox,
|
dropbox: config.isDropboxEnable,
|
||||||
google: config.google,
|
google: config.isGoogleEnable,
|
||||||
ldap: config.ldap,
|
ldap: config.isLDAPEnable,
|
||||||
email: config.email,
|
email: config.isEmailEnable,
|
||||||
allowemailregister: config.allowemailregister,
|
allowemailregister: config.allowemailregister,
|
||||||
signin: req.isAuthenticated(),
|
signin: req.isAuthenticated(),
|
||||||
infoMessage: req.flash('info'),
|
infoMessage: req.flash('info'),
|
||||||
|
@ -89,14 +89,14 @@ function responseHackMD (res, note) {
|
||||||
title: title,
|
title: title,
|
||||||
useCDN: config.usecdn,
|
useCDN: config.usecdn,
|
||||||
allowAnonymous: config.allowanonymous,
|
allowAnonymous: config.allowanonymous,
|
||||||
facebook: config.facebook,
|
facebook: config.isFacebookEnable,
|
||||||
twitter: config.twitter,
|
twitter: config.isTwitterEnable,
|
||||||
github: config.github,
|
github: config.isGitHubEnable,
|
||||||
gitlab: config.gitlab,
|
gitlab: config.isGitLabEnable,
|
||||||
dropbox: config.dropbox,
|
dropbox: config.isDropboxEnable,
|
||||||
google: config.google,
|
google: config.isGoogleEnable,
|
||||||
ldap: config.ldap,
|
ldap: config.isLDAPEnable,
|
||||||
email: config.email,
|
email: config.isEmailEnable,
|
||||||
allowemailregister: config.allowemailregister
|
allowemailregister: config.allowemailregister
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,14 +29,14 @@ passport.deserializeUser(function (id, done) {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
if (config.facebook) authRouter.use(require('./facebook'))
|
if (config.isFacebookEnable) authRouter.use(require('./facebook'))
|
||||||
if (config.twitter) authRouter.use(require('./twitter'))
|
if (config.isTwitterEnable) authRouter.use(require('./twitter'))
|
||||||
if (config.github) authRouter.use(require('./github'))
|
if (config.isGitHubEnable) authRouter.use(require('./github'))
|
||||||
if (config.gitlab) authRouter.use(require('./gitlab'))
|
if (config.isGitLabEnable) authRouter.use(require('./gitlab'))
|
||||||
if (config.dropbox) authRouter.use(require('./dropbox'))
|
if (config.isDropboxEnable) authRouter.use(require('./dropbox'))
|
||||||
if (config.google) authRouter.use(require('./google'))
|
if (config.isGoogleEnable) authRouter.use(require('./google'))
|
||||||
if (config.ldap) authRouter.use(require('./ldap'))
|
if (config.isLDAPEnable) authRouter.use(require('./ldap'))
|
||||||
if (config.email) authRouter.use(require('./email'))
|
if (config.isEmailEnable) authRouter.use(require('./email'))
|
||||||
|
|
||||||
// logout
|
// logout
|
||||||
authRouter.get('/logout', function (req, res) {
|
authRouter.get('/logout', function (req, res) {
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
"connect-session-sequelize": "^4.1.0",
|
"connect-session-sequelize": "^4.1.0",
|
||||||
"cookie": "0.3.1",
|
"cookie": "0.3.1",
|
||||||
"cookie-parser": "1.4.3",
|
"cookie-parser": "1.4.3",
|
||||||
|
"deep-freeze": "^0.0.1",
|
||||||
"diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
|
"diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
|
||||||
"ejs": "^2.5.5",
|
"ejs": "^2.5.5",
|
||||||
"emojify.js": "~1.1.0",
|
"emojify.js": "~1.1.0",
|
||||||
|
@ -162,8 +163,8 @@
|
||||||
"less-loader": "^2.2.3",
|
"less-loader": "^2.2.3",
|
||||||
"optimize-css-assets-webpack-plugin": "^1.3.0",
|
"optimize-css-assets-webpack-plugin": "^1.3.0",
|
||||||
"script-loader": "^0.7.0",
|
"script-loader": "^0.7.0",
|
||||||
"style-loader": "^0.13.1",
|
|
||||||
"standard": "^9.0.1",
|
"standard": "^9.0.1",
|
||||||
|
"style-loader": "^0.13.1",
|
||||||
"url-loader": "^0.5.7",
|
"url-loader": "^0.5.7",
|
||||||
"webpack": "^1.14.0",
|
"webpack": "^1.14.0",
|
||||||
"webpack-parallel-uglify-plugin": "^0.2.0"
|
"webpack-parallel-uglify-plugin": "^0.2.0"
|
||||||
|
|
Loading…
Reference in a new issue