const DOMAIN_NAME = 'localhost' const SERVER_PORT = process.env.PORT || 3000 module.exports = { domain: DOMAIN_NAME, app: { title: 'Enterprise Search', description: 'Enterprise Search', keywords: 'Enterprise Search, Independent' }, port: SERVER_PORT, logging: { log_folder: __utils.absPath('./logs/'), express: { request: [ // 'body', //only add if it's safe to display data 'connection.remoteAddress', 'authorizedCN' ], response: [ // 'body' //only add if it's safe to display data ] }, transports: { console: { level: 'info', enable: true }, file: { level: 'info', enable: true } }, response: { showStack: true } }, esui: { baseUrl: `http://${DOMAIN_NAME}:4200` }, security: { protocol: process.env.PROTOCOL || 'http', // https or http /******************************************************************************* * Content Security Policy for the requests, *******************************************************************************/ allowDomainsAccess: { // Defines the default policy for fetching resources such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media defaults: [], // Defines valid sources of images. images: ['image.tmdb.org'], // Defines valid sources of stylesheets or CSS. styles: [], // Defines valid sources of JavaScript. scripts: [], // Applies to XMLHttpRequest (AJAX), WebSocket, fetch(), <a ping> or EventSource. If not allowed the browser emulates a 400 connects: [] }, allowGroups: ['Administrators'], // Groups with access to the user interface encryption: { secretKey: __utils.absPath('./config/server/auth/epk'), iv: __utils.absPath('./config/server/auth/eiv') }, /******************************************************************************* * SSL Certificate, only aplicable when protocol is https *******************************************************************************/ serverCert: { certFilePath: __utils.absPath('./config/certs/server/all/server-cert.pem'), keyFilePath: __utils.absPath('./config/certs/server/all/server-key.pem'), keyFilePassphrase: '' }, /******************************************************************************* * Group Expansion *******************************************************************************/ groupExpansion: { enabled: false, url: 'http://localhost:50505/groupExpansion?username=${user.account}&json=1' }, /******************************************************************************* * User Authentication *******************************************************************************/ auth: { type: 'none', passport: { secret: 'SearchTech' }, oauth2: { provider: 'google', callbackUrlDomain: DOMAIN_NAME, calllbackUrlPort: SERVER_PORT, google: { scope: ['profile', 'email'], clientID: '790123979285-osjbhimrhnbvnaofplavp9auh9tgkq5k.apps.googleusercontent.com', // Client ID clientSecret: '9RjuURmdon0UePqIbS2wJB9h' }, // Sample OKTA authentication // login: [email protected] // password: Horrible-Dotterel-75 okta: { domain: 'domain', callbackUrlDomain: DOMAIN_NAME, calllbackUrlPort: SERVER_PORT, scope: ['profile', 'email'], clientID: 'client-id', // Client ID clientSecret: 'client-secret' } }, saml2: { provider: 'google', // supported values: google google: { entryPoint: 'https://accounts.google.com/o/saml2/idp?idpid=C02oz2242', // replace with value appropriate for your project issuer: 'nikepoc', // replace with value appropriate for your project certPath: __utils.absPath('./config/certs/saml2/all/google-saml2.pem'), // replace with value appropriate for your project attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the property name from the SAML profile uid: 'nameID', email: 'nameID', firstName: 'firstName', lastName: 'lastName', groups: 'groups' } }, okta: { entryPoint: 'https://cagsearchdemoseia.okta.com/app/cagsearchdemoorg743328_nikepocalex_1/exkpkxgzlpV0GyoMS356/sso/saml', // replace with value appropriate for your project issuer: 'nikepoc', // replace with value appropriate for your project certPath: __utils.absPath('./config/certs/saml2/all/okta-saml2.pem'), // replace with value appropriate for your project attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the property name from the SAML profile uid: 'nameID', email: 'nameID', firstName: 'firstName', lastName: 'lastName', groups: 'groups' } } }, ldap: { provider: 'apacheds', apacheds: { server: { url: 'ldap://localhost:10389', bindDN: 'uid=admin, ou=system', // Bind DN or User bindCredentials: 'secret', // password searchBase: 'ou=users,dc=esui,dc=com', searchFilter: '(uid={{username}})', searchAttributes: ['uid', 'cn', 'sn', 'displayName', 'ou', 'photo'] }, attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the user attribute in LDAP _id: 'uid', // _id is required account: 'uid', // account is for roles and group expansion email: 'uid', firstName: 'cn', lastName: 'sn', name: 'cn', alias: 'displayName', // if the alias is not given, one is created from the first and last name or roles groups: 'ou', photo: 'photo' } }, ad: { server: { url: 'ldaps://ad.corporate.com:636', bindDN: 'cn=non-person,ou=system,dc=corp,dc=corporate,dc=com', bindCredentials: 'secret', searchBase: 'dc=corp,dc=corporate,dc=com', searchFilter: '(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))', searchAttributes: ['displayName', 'mail', 'samaccountname'], tlsOptions: { ca: [ // fs.readFileSync('/path/to/root_ca_cert.crt') ] } }, attributesMapping: { // key is the property name stored in the SEIA user profile, the value is the user attribute in LDAP uid: 'samaccountname', account: 'samaccountname', // account is for roles and group expansion email: 'mail', firstName: 'givenName', lastName: 'sn', groups: 'groups' } } } }, permissions: { default_role: 'reader', file: __utils.absPath('./config/server/auth/permissions.csv') }, roles: { file: __utils.absPath('./config/server/auth/roles.csv') } }, mailer: { enable: false, type: 'gmail', user: '[email protected]', pass: 'password', subject: 'Email Subject', test: false, test_email: '[email protected]', plain_template_path: __utils.absPath('./config/templates/email_text.tlp'), html_template_path: __utils.absPath('./config/templates/email_html.tlp') }, analytics: { enable: true }, chat_forum: { enable: false, history_size: 100 }, // ElasticSearch connection for permissions, and other features elastic: { schema: 'http', host: 'localhost', port: 9200, indexName: 'esui' } }