Commit 9f75126c authored by Cédric Crettaz's avatar Cédric Crettaz 🖥
Browse files

Upload the Keyrock configuration.

parent 216efb5b
const config = {};
function to_boolean(env, default_value){
return (env !== undefined) ? (env.toLowerCase() === 'true') : default_value;
}
function to_array(env, default_value){
return (env !== undefined) ? env.split(',') : default_value;
}
config.port = (process.env.IDM_PORT || 3000 );
config.host = (process.env.IDM_HOST || 'http://localhost:' + config.port);
config.debug = to_boolean(process.env.IDM_DEBUG, true);
// HTTPS enable
config.https = {
enabled: to_boolean(process.env.IDM_HTTPS_ENABLED, false),
cert_file: '/etc/letsencrypt/live/test.naiades-project.eu/fullchain.pem',
key_file: '/etc/letsencrypt/live/test.naiades-project.eu/privkey.pem',
ca_certs: [],
port: (process.env.IDM_HTTPS_PORT || 443 )
};
// Config email list type to use domain filtering
config.email_list_type = (process.env.IDM_EMAIL_LIST || null ); // whitelist or blacklist
// Secret for user sessions in web
config.session = {
secret: (process.env.IDM_SESSION_SECRET || 'nodejs_idm'), // Must be changed
expires: (process.env.IDM_SESSION_DURATION || 60 * 60 * 1000) // 1 hour
}
// Key to encrypt user passwords
config.password_encryption = {
key: (process.env.IDM_ENCRYPTION_KEY || 'nodejs_idm') // Must be changed
}
// Enable CORS
config.cors = {
enabled: to_boolean(process.env.IDM_CORS_ENABLED, false),
options: {
/* eslint-disable snakecase/snakecase */
origin: to_array(process.env.IDM_CORS_ORIGIN, '*'),
methods: to_array(process.env.IDM_CORS_METHODS, ['GET','HEAD','PUT','PATCH','POST','DELETE']),
allowedHeaders: (process.env.IDM_CORS_ALLOWED_HEADERS || '*'),
exposedHeaders: (process.env.IDM_CORS_EXPOSED_HEADERS || undefined),
credentials: (process.env.IDM_CORS_CREDENTIALS || undefined),
maxAge: (process.env.IDM_CORS_MAS_AGE || undefined),
preflightContinue: (process.env.IDM_CORS_PREFLIGHT || false),
optionsSuccessStatus: (process.env.IDM_CORS_OPTIONS_STATUS || 204)
/* eslint-enable snakecase/snakecase */
}
}
// Config oauth2 parameters
config.oauth2 = {
allow_empty_state: (process.env.IDM_OAUTH_EMPTY_STATE || false), // allow empty state in request
authorization_code_lifetime: (process.env.IDM_OAUTH_AUTH_LIFETIME || 5 * 60), // Five minutes
access_token_lifetime: (process.env.IDM_OAUTH_ACC_LIFETIME || 60 * 60), // One hour
ask_authorization: (process.env.IDM_OAUTH_ASK_AUTH || true), // Prompt a message to users to allow the application to read their details
refresh_token_lifetime: (process.env.IDM_OAUTH_REFR_LIFETIME || 60 * 60 * 24 * 14), // Two weeks
unique_url: (process.env.IDM_OAUTH_UNIQUE_URL || false) // This parameter allows to verify that an application with the same url
// does not exist when creating or editing it. If there are already applications
// with the same URL, they should be changed manually
}
// Config api parameters
config.api = {
token_lifetime: (process.env.IDM_API_LIFETIME || 60*60) // One hour
}
// Configure Policy Decision Point (PDP)
// - IdM can perform basic policy checks (HTTP verb + path)
// - AuthZForce can perform basic policy checks as well as advanced
// If authorization level is advanced you can create rules, HTTP verb+resource and XACML advanced. In addition
// you need to have an instance of authzforce deployed to perform advanced authorization request from a Pep Proxy.
// If authorization level is basic, only HTTP verb+resource rules can be created
config.authorization = {
level: (process.env.IDM_PDP_LEVEL || 'basic'), // basic|advanced
authzforce: {
enabled: to_boolean(process.env.IDM_AUTHZFORCE_ENABLED, false),
host: (process.env.IDM_AUTHZFORCE_HOST || 'localhost'),
port: (process.env.IDM_AUTHZFORCE_PORT|| 8080),
}
}
// Enable usage control and configure where is the Policy Translation Point
config.usage_control = {
enabled: to_boolean(process.env.IDM_USAGE_CONTROL_ENABLED, false),
ptp: {
host: (process.env.IDM_PTP_HOST || 'localhost'),
port: (process.env.IDM_PTP_PORT|| 8081),
}
}
// Database info
config.database = {
host: (process.env.IDM_DB_HOST || 'localhost'),
password: (process.env.IDM_DB_PASS || 'idm'),
username: (process.env.IDM_DB_USER || 'root'),
database: (process.env.IDM_DB_NAME || 'idm'),
dialect: (process.env.IDM_DB_DIALECT || 'mysql'),
port: (process.env.IDM_DB_PORT || undefined)
//define: { charset: 'latin1', dialectOptions: { collate: 'latin1_bin' }},
//define: { charset: 'utf8mb4', dialectOptions: { collate: 'utf8mb4_unicode_ci' }},
};
// if (config.database.dialect != 'mysql') {
// console.log('>>>>>>>>>>>>>>> remove options define: charset/collate')
// config.database.define = {};
// } else {
// console.log('>>>>>>>>>>>>>>> keep mysql options define: : ', config.database.define);
// };
// External user authentication
config.external_auth = {
enabled: (process.env.IDM_EX_AUTH_ENABLED || false ),
id_prefix: (process.env.IDM_EX_AUTH_ID_PREFIX || 'external_'),
password_encryption: (process.env.IDM_EX_AUTH_PASSWORD_ENCRYPTION || 'sha1'), // bcrypt and sha1 supported
password_encryption_key: (process.env.IDM_EX_AUTH_PASSWORD_ENCRYPTION_KEY || undefined),
database: {
host: (process.env.IDM_EX_AUTH_DB_HOST ||'localhost'),
port: (process.env.IDM_EX_AUTH_PORT || undefined),
database: (process.env.IDM_EX_AUTH_DB_NAME ||'db_name'),
username: (process.env.IDM_EX_AUTH_DB_USER || 'db_user'),
password: (process.env.IDM_EX_AUTH_DB_PASS ||'db_pass'),
user_table: (process.env.IDM_EX_AUTH_DB_USER_TABLE ||'user_view'),
dialect: (process.env.IDM_EX_AUTH_DIALECT || 'mysql')
}
}
// Email configuration
config.mail = {
host: (process.env.IDM_EMAIL_HOST || 'localhost'),
port: (process.env.IDM_EMAIL_PORT || 25),
from: (process.env.IDM_EMAIL_ADDRESS || 'noreply@localhost')
}
// Config themes
config.site = {
title: (process.env.IDM_TITLE || 'Identity Manager'),
theme: (process.env.IDM_THEME || 'default')
};
// Config eIDAs Authentication
config.eidas = {
enabled: to_boolean(process.env.IDM_EIDAS_ENABLED, false),
gateway_host: (process.env.IDM_EIDAS_GATEWAY_HOST || 'localhost'),
node_host: (process.env.IDM_EIDAS_NODE_HOST || 'https://se-eidas.redsara.es/EidasNode/ServiceProvider'),
metadata_expiration: (process.env.IDM_EIDAS_METADATA_LIFETIME || 60 * 60 * 24 * 365) // One year
}
// Enables the possibility of adding identity attributes in users' profile
config.identity_attributes = {
/* eslint-disable snakecase/snakecase */
enabled: false,
attributes: [
{name: 'Vision', key: 'vision', type: 'number', minVal: '0', maxVal: '100'},
{name: 'Color Perception', key: 'color', type: 'number', minVal: '0', maxVal: '100'},
{name: 'Hearing', key: 'hearing', type: 'number', minVal: '0', maxVal: '100'},
{name: 'Vocal Capability', key: 'vocal', type: 'number', minVal: '0', maxVal: '100'},
{name: 'Manipulation Strength', key: 'manipulation', type: 'number', minVal: '0', maxVal: '100'},
{name: 'Reach', key: 'reach', type: 'number', minVal: '0', maxVal: '100'},
{name: 'Cognition', key: 'cognition', type: 'number', minVal: '0', maxVal: '100'}
]
/* eslint-enable snakecase/snakecase */
}
if (config.session.secret === 'nodejs_idm' || config.password_encryption.key === 'nodejs_idm'){
/* eslint-disable no-console */
console.log('****************');
console.log('WARNING: The current encryption keys match the defaults found in the plaintext');
console.log(' template file - please update for a production instance');
console.log('****************');
/* eslint-enable no-console */
}
module.exports = config;
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment