api/config/default.cjs
var path = require('path')
var fs = require('fs')
var winston = require('winston')
var containerized = require('containerized')()
const serverPort = process.env.PORT || 8081
// Required to know webpack port so that in dev we can build correct URLs
const clientPort = process.env.CLIENT_PORT || 8080
const API_PREFIX = '/api'
let domain
// If we build a specific staging instance
if (process.env.NODE_APP_INSTANCE === 'dev') {
domain = 'https://kapp.dev.kalisio.xyz'
} else if (process.env.NODE_APP_INSTANCE === 'test') {
domain = 'https://kapp.test.kalisio.xyz'
} else if (process.env.NODE_APP_INSTANCE === 'prod') {
domain = 'https://kapp.kalisio.xyz'
} else {
// Otherwise we are on a developer machine
if (process.env.NODE_ENV === 'development') {
domain = 'http://localhost:' + clientPort
} else {
domain = 'http://localhost:' + serverPort
}
}
// Override defaults if env provided
if (process.env.SUBDOMAIN) {
domain = 'https://kapp.' + process.env.SUBDOMAIN
}
module.exports = {
// Proxy your API if using any.
// Also see /build/script.dev.js and search for "proxy api requests"
// https://github.com/chimurai/http-proxy-middleware
proxyTable: {},
domain,
host: process.env.HOSTNAME || 'localhost',
port: serverPort,
distPath: fs.existsSync(path.join(__dirname, '../../dist/pwa')) ? path.join(__dirname, '../../dist/pwa') : path.join(__dirname, '../../dist/spa'),
/* To enable HTTPS
https: {
key: path.join(__dirname, 'server.key'),
cert: path.join(__dirname, 'server.crt'),
port: process.env.HTTPS_PORT || 8084
},
*/
apiPath: API_PREFIX,
paginate: {
default: 10,
max: 50
},
authentication: {
secret: process.env.APP_SECRET || 'my secret',
path: API_PREFIX + '/authentication',
service: API_PREFIX + '/users',
entity: 'user',
authStrategies: [
'jwt',
'local'
],
local: {
usernameField: 'email',
passwordField: 'password'
},
jwtOptions: {
header: {
typ: 'access' // See https://tools.ietf.org/html/rfc7519#section-5.1
},
audience: process.env.SUBDOMAIN || 'kalisio', // The resource server where the token is processed
issuer: 'kalisio', // The issuing server, application or resource
algorithm: 'HS256', // See https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback
expiresIn: '1d'
},
oauth: {
redirect: domain + '/',
defaults: {
origin: domain
},
keycloak: (process.env.KEYCLOAK_CLIENT_ID ? {
key: process.env.KEYCLOAK_CLIENT_ID,
secret: process.env.KEYCLOAK_CLIENT_SECRET,
oauth: 2,
scope: ['openid'],
authorize_url: 'https://keycloak.portal.kalisio.com/realms/Kalisio/protocol/openid-connect/auth',
access_url: 'https://keycloak.portal.kalisio.com/realms/Kalisio/protocol/openid-connect/token',
profile_url: 'https://keycloak.portal.kalisio.com/realms/Kalisio/protocol/openid-connect/userinfo',
nonce: true
} : undefined),
github: (process.env.GITHUB_CLIENT_ID ? {
key: process.env.GITHUB_CLIENT_ID,
secret: process.env.GITHUB_CLIENT_SECRET,
scope: ['openid'],
nonce: true
} : undefined),
google: (process.env.GOOGLE_CLIENT_ID ? {
key: process.env.GOOGLE_CLIENT_ID,
secret: process.env.GOOGLE_CLIENT_SECRET,
scope: ['openid', 'email', 'profile'],
nonce: true
} : undefined),
cognito: (process.env.COGNITO_CLIENT_ID ? {
key: process.env.COGNITO_CLIENT_ID,
secret: process.env.COGNITO_CLIENT_SECRET,
oauth: 2,
scope: ['openid'],
authorize_url: 'https://{domain}.amazoncognito.com/oauth2/authorize',
access_url: 'https://{domain}.amazoncognito.com/oauth2/token',
profile_url: 'https://{domain}.amazoncognito.com/oauth2/userInfo',
nonce: true
} : undefined)
},
passwordPolicy: {
minLength: 8,
maxLength: 128,
uppercase: true,
lowercase: true,
digits: true,
symbols: true,
prohibited: fs.readFileSync(path.join(__dirname, '10k_most_common_passwords.txt')).toString().split('\n'),
history: 5
},
defaultUsers: [
{
email: 'kalisio@kalisio.xyz',
password: 'Pass;word1',
/*
device: {
registrationId: 'xxx',
number: '+xxx',
platform: 'ANDROID'
}
*/
name: 'Kalisio'
}
],
// Required for OAuth2 to work correctly
cookie: {
enabled: true,
name: 'feathers-jwt',
httpOnly: false,
secure: (process.env.NODE_ENV === 'development' ? false : true)
},
authorisation: {
cache: {
maxUsers: 1000
}
}
},
logs: {
Console: {
format: winston.format.combine(winston.format.colorize(), winston.format.simple()),
level: (process.env.NODE_ENV === 'development' ? 'verbose' : 'info')
},
DailyRotateFile: {
format: winston.format.json(),
dirname: path.join(__dirname, '..', 'logs'),
filename: 'kapp-%DATE%.log',
datePattern: 'YYYY-MM-DD',
maxFiles: '30d'
}
},
db: {
adapter: 'mongodb',
url: process.env.DB_URL || (containerized ? 'mongodb://mongodb:27017/kapp' : 'mongodb://127.0.0.1:27017/kapp')
},
mailer: {
service: 'gmail',
auth: {
type: 'OAuth2',
user: process.env.GOOGLE_MAIL_USER,
// Not required anymore for OAuth2
//pass: process.env.GOOGLE_MAIL_PASSWORD
serviceClient: process.env.GOOGLE_MAIL_CLIENT_ID,
// New lines in env var causes some problems and raises the following error
// Uncaught Error: error:0909006C:PEM routines:get_name:no start line
privateKey: process.env.GOOGLE_MAIL_PRIVATE_KEY
},
templateDir: path.join(__dirname, 'email-templates')
},
storage: {
s3Client: {
credentials: {
accessKeyId: process.env.S3_ACCESS_KEY || process.env.S3_ACCESS_KEY_ID,
secretAccessKey: process.env.S3_SECRET_ACCESS_KEY
},
endpoint: process.env.S3_ENDPOINT,
region: process.env.S3_REGION,
signatureVersion: 'v4'
},
bucket: process.env.S3_BUCKET
},
'import-export': {
s3Options: {
s3Client: {
credentials: {
accessKeyId: process.env.S3_ACCESS_KEY || process.env.S3_ACCESS_KEY_ID,
secretAccessKey: process.env.S3_SECRET_ACCESS_KEY
},
endpoint: process.env.S3_ENDPOINT,
region: process.env.S3_REGION,
signatureVersion: 'v4'
},
bucket: process.env.S3_BUCKET,
prefix: 'tmp'
},
workingDir: process.env.TMP_DIR || 'tmp',
},
push: {
vapidDetails: {
subject: process.env.VAPID_SUBJECT,
publicKey: process.env.VAPID_PUBLIC_KEY,
privateKey: process.env.VAPID_PRIVATE_KEY
},
// By default push service is not accessible externally
disallowExternalPush: false
},
messages: {}
}
/*
* proxyTable example:
*
proxyTable: {
// proxy all requests starting with /api
'/api': {
target: 'https://some.address.com/api',
changeOrigin: true,
pathRewrite: {
'^/api': ''
}
}
}
*/