Versions Compared

Old Version 2

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

compared with

New Version 3

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The server configuration is tailored from 2 configuration files, but the starting point is config/server/config.jsThis file will merge the configuration files inside the config/server/env folder.


Code Block
languagejs
themeDJango
titleExample all.js
const DOMAIN_NAME = 'localhost'
const SERVER_PORT = process.env.PORT || 3000

module.exports = {
    domain: DOMAIN_NAME,
    app: {
        title: 'Enterprise Search',
        description: 'Enterprise Search',
        keywords: 'Enterprise Search, Independent'
    },
    port: SERVER_PORT,
    logging: {
        log_folder: __utils.absPath('./logs/'),
        express: {
            request: [
                // 'body', //only add if it's safe to display data
                'connection.remoteAddress',
                'authorizedCN'
            ],
            response: [
                // 'body' //only add if it's safe to display data
            ]
        },
        transports: {
            console: {
                level: 'info',
                enable: true
            },
            file: {
                level: 'info',
                enable: true
            }
        },
        response: {
            showStack: true
        }
    },
     . . . },
    esui: {
        baseUrl: `http://${DOMAIN_NAME}:4200`
    },
    security: {
        protocol: process.env.PROTOCOL || 'http', // https or http

        /*******************************************************************************
         * Content Security Policy for the requests,
         *******************************************************************************/
        allowDomainsAccess: {
            // Defines the default policy for fetching resources such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media
            defaults: [],
            // Defines valid sources of images.
            images: ['image.tmdb.org'],
            // Defines valid sources of stylesheets or CSS.
            styles: [],
            // Defines valid sources of JavaScript.
            scripts: [],
            // Applies to XMLHttpRequest (AJAX), WebSocket, fetch(), <a ping> or EventSource. If not allowed the browser emulates a 400
            connects: []
        },

        allowGroups: ['Administrators'], // Groups with access to the user interface

        encryption: {
            secretKey: __utils.absPath('./config/server/auth/epk'),
            iv: __utils.absPath('./config/server/auth/eiv')
        },

        /*******************************************************************************
         * SSL Certificate, only aplicable when protocol is https
         *******************************************************************************/
        serverCert: {
            certFilePath: __utils.absPath('./config/certs/server/all/server-cert.pem'),
            keyFilePath: __utils.absPath('./config/certs/server/all/server-key.pem'),
            keyFilePassphrase: ''
        },

        /*******************************************************************************
         * Group Expansion
         *******************************************************************************/
        groupExpansion: {
            enabled: false,
            url: 'http://localhost:50505/groupExpansion?username=${user.account}&json=1'
        },

        /*******************************************************************************
         * User Authentication
         *******************************************************************************/
        auth: {
            type: 'none',
            passport: {
                secret: 'SearchTech'
            },
            oauth2: {
                provider: 'google',
                callbackUrlDomain: DOMAIN_NAME,
                calllbackUrlPort: SERVER_PORT,
                google: {
                    scope: ['profile', 'email'],
                    clientID: '790123979285-osjbhimrhnbvnaofplavp9auh9tgkq5k.apps.googleusercontent.com', // Client ID
                    clientSecret: '9RjuURmdon0UePqIbS2wJB9h'
                },

                // Sample OKTA authentication
                // login: relieved-chimpanzee@example.com
                // password: Horrible-Dotterel-75
                okta: {
                    domain: 'domain',
                    callbackUrlDomain: DOMAIN_NAME,
                    calllbackUrlPort: SERVER_PORT,
                    scope: ['profile', 'email'],
                    clientID: 'client-id', // Client ID
                    clientSecret: 'client-secret'
                }
            },
            saml2: {
                provider: 'google', // supported values: google
                google: {
                    entryPoint: 'https://accounts.google.com/o/saml2/idp?idpid=C02oz2242', // replace with value appropriate for your project
                    issuer: 'nikepoc', // replace with value appropriate for your project
                    certPath: __utils.absPath('./config/certs/saml2/all/google-saml2.pem'), // replace with value appropriate for your project
                    attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the property name from the SAML profile
                        uid: 'nameID',
                        email: 'nameID',
                        firstName: 'firstName',
                        lastName: 'lastName',
                        groups: 'groups'
                    }
                },
                okta: {
                    entryPoint: 'https://cagsearchdemoseia.okta.com/app/cagsearchdemoorg743328_nikepocalex_1/exkpkxgzlpV0GyoMS356/sso/saml', // replace with value appropriate for your project
                    issuer: 'nikepoc', // replace with value appropriate for your project
                    certPath: __utils.absPath('./config/certs/saml2/all/okta-saml2.pem'), // replace with value appropriate for your project
                    attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the property name from the SAML profile
                        uid: 'nameID',
                        email: 'nameID',
                        firstName: 'firstName',
                        lastName: 'lastName',
                        groups: 'groups'
                    }
                }
            },
            ldap: {
                provider: 'apacheds',
                apacheds: {
                    server: {
                        url: 'ldap://localhost:10389',
                        bindDN: 'uid=admin, ou=system', // Bind DN or User
                        bindCredentials: 'secret', // password
                        searchBase: 'ou=users,dc=esui,dc=com',
                        searchFilter: '(uid={{username}})',
                        searchAttributes: ['uid', 'cn', 'sn', 'displayName', 'ou', 'photo']
                    },
                    attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the user attribute in LDAP
                        _id: 'uid', // _id is required
                        account: 'uid', // account is for roles and group expansion
                        email: 'uid',
                        firstName: 'cn',
                        lastName: 'sn',
                        name: 'cn',
                        alias: 'displayName', // if the alias is not given, one is created from the first and last name or roles
                        groups: 'ou',
                        photo: 'photo'
                    }
                },
                ad: {
                    server: {
                        url: 'ldaps://ad.corporate.com:636',
                        bindDN: 'cn=non-person,ou=system,dc=corp,dc=corporate,dc=com',
                        bindCredentials: 'secret',
                        searchBase: 'dc=corp,dc=corporate,dc=com',
                        searchFilter: '(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))',
                        searchAttributes: ['displayName', 'mail', 'samaccountname'],
                        tlsOptions: {
                            ca: [
                                // fs.readFileSync('/path/to/root_ca_cert.crt')
                            ]
                        }
                    },
                    attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the user attribute in LDAP
                        uid: 'samaccountname',
                        account: 'samaccountname', // account is for roles and group expansion
                        email: 'mail',
                        firstName: 'givenName',
                        lastName: 'sn',
                        groups: 'groups'
                    }
                }
            }
        },
        permissions: {
            default_role: 'reader',
            file: __utils.absPath('./config/server/auth/permissions.csv')
        },
        roles: {
            file: __utils.absPath('./config/server/auth/roles.csv')
        }
    },
    mailer: {
        enable: false,
        type: 'gmail',
        user: 'test@test.com',
        pass: 'password',
        subject: 'Email Subject',
        test: false,
        test_email: 'test@test.com',
        plain_template_path: __utils.absPath('./config/templates/email_text.tlp'),
        html_template_path: __utils.absPath('./config/templates/email_html.tlp')
    },
    analytics: {
        enable: true
    },
    chat_forum: {
        enable: false,
        history_size: 100
    },
    // ElasticSearch connection for permissions, and other features
    elastic: {
        schema: 'http',
        host: 'localhost',
        port: 9200,
        indexName: 'esui'
    }
}