forked from ging/fiware-idm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.js.template
147 lines (125 loc) · 6.24 KB
/
config.js.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
const config = {};
function to_boolean(env, default_value){
return (env !== undefined) ? (env.toLowerCase() === 'true') : default_value;
}
function to_array(env, default_value){
return (env !== undefined) ? env.split(',') : default_value;
}
config.port = (process.env.IDM_PORT || 3000 );
config.host = (process.env.IDM_HOST || 'http://localhost:' + config.port);
config.debug = to_boolean(process.env.IDM_DEBUG, true);
// HTTPS enable
config.https = {
enabled: to_boolean(process.env.IDM_HTTPS_ENABLED, false),
cert_file: 'certs/idm-2018-cert.pem',
key_file: 'certs/idm-2018-key.pem',
ca_certs: [],
port: (process.env.IDM_HTTPS_PORT || 443 )
};
// Config email list type to use domain filtering
config.email_list_type = (process.env.IDM_EMAIL_LIST || null ); // whitelist or blacklist
// Secret for user sessions in web
config.session = {
secret: (process.env.IDM_SESSION_SECRET || require('crypto').randomBytes(20).toString('hex')), // Must be changed
expires: (process.env.IDM_SESSION_DURATION || 60 * 60 * 1000) // 1 hour
}
// Key to encrypt user passwords
config.password_encryption = {
key: (process.env.IDM_ENCRYPTION_KEY || 'nodejs_idm') // Must be changed
}
// Enable CORS
config.cors = {
enabled: to_boolean(process.env.IDM_CORS_ENABLED, false),
options: {
/* eslint-disable snakecase/snakecase */
origin: to_array(process.env.IDM_CORS_ORIGIN, '*'),
methods: to_array(process.env.IDM_CORS_METHODS, ['GET','HEAD','PUT','PATCH','POST','DELETE']),
allowedHeaders: (process.env.IDM_CORS_ALLOWED_HEADERS || '*'),
exposedHeaders: (process.env.IDM_CORS_EXPOSED_HEADERS || undefined),
credentials: (process.env.IDM_CORS_CREDENTIALS || undefined),
maxAge: (process.env.IDM_CORS_MAS_AGE || undefined),
preflightContinue: (process.env.IDM_CORS_PREFLIGHT || false),
optionsSuccessStatus: (process.env.IDM_CORS_OPTIONS_STATUS || 204)
/* eslint-enable snakecase/snakecase */
}
}
// Config oauth2 parameters
config.oauth2 = {
authorization_code_lifetime: (process.env.IDM_OAUTH_AUTH_LIFETIME || 5 * 60), // Five minutes
access_token_lifetime: (process.env.IDM_OAUTH_ACC_LIFETIME || 60 * 60), // One hour
ask_authorization: (process.env.IDM_OAUTH_ASK_AUTH || true), // Prompt a message to users to allow the application to read their details
refresh_token_lifetime: (process.env.IDM_OAUTH_REFR_LIFETIME || 60 * 60 * 24 * 14), // Two weeks
unique_url: (process.env.IDM_OAUTH_UNIQUE_URL || false) // This parameter allows to verify that an application with the same url
// does not exist when creating or editing it. If there are already applications
// with the same URL, they should be changed manually
}
// Config api parameters
config.api = {
token_lifetime: (process.env.IDM_API_LIFETIME || 60*60) // One hour
}
// Configure Policy Decision Point (PDP)
// - IdM can perform basic policy checks (HTTP verb + path)
// - AuthZForce can perform basic policy checks as well as advanced
// If authorization level is advanced you can create rules, HTTP verb+resource and XACML advanced. In addition
// you need to have an instance of authzforce deployed to perform advanced authorization request from a Pep Proxy.
// If authorization level is basic, only HTTP verb+resource rules can be created
config.authorization = {
level: (process.env.IDM_PDP_LEVEL || 'basic'), // basic|advanced
authzforce: {
enabled: to_boolean(process.env.IDM_AUTHZFORCE_ENABLED, false),
host: (process.env.IDM_AUTHZFORCE_HOST || 'localhost'),
port: (process.env.IDM_AUTHZFORCE_PORT|| 8080),
}
}
// Database info
config.database = {
host: (process.env.IDM_DB_HOST || 'localhost'),
password: (process.env.IDM_DB_PASS || 'idm'),
username: (process.env.IDM_DB_USER || 'root'),
database: (process.env.IDM_DB_NAME || 'idm'),
dialect: (process.env.IDM_DB_DIALECT || 'mysql'),
port: (process.env.IDM_DB_PORT || undefined)
};
// External user authentication
config.external_auth = {
enabled: (process.env.IDM_EX_AUTH_ENABLED || false ),
id_prefix: (process.env.IDM_EX_AUTH_ID_PREFIX || 'external_'),
password_encryption: (process.env.IDM_EX_AUTH_PASSWORD_ENCRYPTION || 'sha1'), // bcrypt and sha1 supported
password_encryption_key: (process.env.IDM_EX_AUTH_PASSWORD_ENCRYPTION_KEY || undefined),
database: {
host: (process.env.IDM_EX_AUTH_DB_HOST ||'localhost'),
port: (process.env.IDM_EX_AUTH_PORT || undefined),
database: (process.env.IDM_EX_AUTH_DB_NAME ||'db_name'),
username: (process.env.IDM_EX_AUTH_DB_USER || 'db_user'),
password: (process.env.IDM_EX_AUTH_DB_PASS ||'db_pass'),
user_table: (process.env.IDM_EX_AUTH_DB_USER_TABLE ||'user_view'),
dialect: (process.env.IDM_EX_AUTH_DIALECT || 'mysql')
}
}
// Email configuration
config.mail = {
host: (process.env.IDM_EMAIL_HOST || 'localhost'),
port: (process.env.IDM_EMAIL_PORT || 25),
from: (process.env.IDM_EMAIL_ADDRESS || 'noreply@localhost')
}
// Config themes
config.site = {
title: (process.env.IDM_TITLE || 'Identity Manager'),
theme: (process.env.IDM_THEME || 'default')
};
// Config eIDAS Authentication
config.eidas = {
enabled: to_boolean(process.env.IDM_EIDAS_ENABLED, false),
gateway_host: (process.env.IDM_EIDAS_GATEWAY_HOST || 'localhost'),
node_host: (process.env.IDM_EIDAS_NODE_HOST || 'https://se-eidas.redsara.es/EidasNode/ServiceProvider'),
metadata_expiration: (process.env.IDM_EIDAS_METADATA_LIFETIME || 60 * 60 * 24 * 365) // One year
}
if (config.session.secret === 'nodejs_idm' || config.password_encryption.key === 'nodejs_idm'){
/* eslint-disable no-console */
console.log('****************');
console.log('WARNING: The current encryption keys match the defaults found in the plaintext');
console.log(' template file - please update for a production instance');
console.log('****************');
/* eslint-enalbe no-console */
}
module.exports = config;