--- /dev/null
+'use strict';
+
+// Provide default values for all configuration.
+
+const { name: packageName, version: packageVersion } = require('../package.json');
+const common = require('../src/common');
+const Enum = require('../src/enum');
+const roman = require('@squeep/roman');
+
+const currentYear = (new Date()).getFullYear();
+const romanYearHTML = roman.toRoman(currentYear, true);
+
+const defaultOptions = {
+ // Uniquely identify this instance.
+ nodeId: common.requestId(), // Default to ephemeral ID: easiest for clustered deployments.
+
+ encryptionSecret: '', // No default; set this to a long passphrase or randomness.
+ // This may also be set to an array, if secret needs to be rolled. This needs more documentation.
+
+ // Dingus API Server Framework options.
+ dingus: {
+ // This needs to be the full externally accessible root URL, including any proxyPrefix component.
+ selfBaseUrl: '',
+
+ // trustProxy: true, // If true, trust values of some headers regarding client IP address and protocol.
+ proxyPrefix: '', // Leading path parts to ignore when parsing routes, and include when constructing links, e.g. /indieauth
+ },
+
+ // The terminal portions of API route path endpoints.
+ route: {
+ authorization: 'auth',
+ consent: 'consent',
+ healthcheck: 'healthcheck',
+ introspection: 'introspect',
+ metadata: 'meta',
+ revocation: 'revoke',
+ ticket: 'ticket',
+ token: 'token',
+ userinfo: 'userinfo',
+ },
+
+ // Database options
+ db: {
+ connectionString: '', // e.g. sqlite://path/to/dbfile.sqlite
+ queryLogLevel: undefined, // Set to log queries
+
+ // SQLite specific options
+ sqliteOptimizeAfterChanges: 0, // Number of changes before running pragma optimize, 0 for never
+ },
+
+ // Queue options, currently only for handing off ticket offers
+ queues: {
+ amqp: {
+ url: undefined, // AMQP endpoint, e.g. 'amqp://user:pass@rmq.host:5672' If not specified, ticket endpoint will be disabled
+ prefix: undefined,
+ },
+ ticketPublishName: 'indieauth.ticket.proffered', // exchange to publish proffered tickets to
+ },
+
+ // Logging options
+ logger: {
+ ignoreBelowLevel: 'info',
+ },
+
+ manager: {
+ codeValidityTimeoutMs: 10 * 60 * 1000,
+ ticketLifespanSeconds: 300,
+ pageTitle: packageName, // title on html pages
+ logoUrl: 'static/logo.svg', // image to go with title
+ footerEntries: [ // common footers on all html pages
+ '<a href="https://git.squeep.com/?p=squeep-indie-auther;a=tree">Development Repository</a>',
+ `<span class="copyright">©<time datetime="${currentYear}">${romanYearHTML}</time></span>`,
+ ],
+ allowLegacyNonPKCE: false, // Whether to process auth requests lacking code challenges
+ },
+
+ chores: {
+ scopeCleanupMs: 0, // how often to clean up unreferenced scopes, 0 for never
+ tokenCleanupMs: 0, // how often to clean up no-longer-valid scopes, 0 for never
+ },
+
+ // Outgoing request UA header. Setting these here to override helper defaults.
+ userAgent: {
+ product: packageName,
+ version: packageVersion,
+ implementation: Enum.Specification,
+ },
+
+ authenticator: {
+ authnEnabled: ['argon2', 'pam'], // Types of authentication to attempt.
+ secureAuthOnly: true, // Require secure transport for authentication.
+ forbiddenPAMIdentifiers: [
+ 'root',
+ ],
+ },
+
+};
+
+module.exports = defaultOptions;
projects / squeep-indie-auther / blobdiff