Squashed commit of the following:

commit 5dc6decde6f86ba87173a1e10b0de8153999090f Author: vnugent <public@vaughnnugent.com> Date: Mon Jun 24 17:05:40 2024 -0400 fix ci main plugin name commit a355e12201f50d8f52738d225c270042913030e2 Author: vnugent <public@vaughnnugent.com> Date: Mon Jun 24 16:46:04 2024 -0400 ci: Consolidate ci configuration commit 86d6ba0c9869f21b2b16728abf4cb20fcf6ed769 Merge: bbe3b9b 71b581e Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 4 16:00:01 2024 -0400 Merge branch 'master' into develop commit bbe3b9b80db68cf86e26bd2e40a07c1650031224 Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 4 15:54:42 2024 -0400 ignore npm version bump errors for build commit 45816924e5a47710a6bc4ed0d59ea81a48eddd1e Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 4 15:30:35 2024 -0400 project version in ui commit 03357c9f7b7fa389d2d426e95d9854b7b04623f9 Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 4 12:59:30 2024 -0400 chore: Essentials upstream update commit b6d292014700d05a93aa4e486baedf37656f464a Author: vnugent <public@vaughnnugent.com> Date: Thu May 23 19:09:28 2024 -0400 docs: Update readme instructions commit 5b6b4c06bc4b974e1839ca47c91dd6c903f119fd Author: vnugent <public@vaughnnugent.com> Date: Thu May 23 18:17:56 2024 -0400 build(server): Update Docker config to support new vars commit c7c9e8a441e99e1dc79e2a690d83281af463d817 Author: vnugent <public@vaughnnugent.com> Date: Thu May 23 17:40:09 2024 -0400 update backend deps commit 06eb12d107f2605cae0f14884de04058c02d29f7 Author: vnugent <public@vaughnnugent.com> Date: Thu May 23 17:38:22 2024 -0400 chore: package updates and verify commit c8e3ca86be45be05c1f76a7dd808275a1afaccb0 Author: vnugent <public@vaughnnugent.com> Date: Thu May 16 17:10:27 2024 -0400 chore: Remove unused cache stuff commit ba2ee1073a5042bda0afc2b56233fe99d491b39d Merge: e6b4e60 28e67e5 Author: vnugent <public@vaughnnugent.com> Date: Wed May 15 18:08:48 2024 -0400 Merge branch 'master' into develop commit e6b4e605622f2b323fd3fe0aa01000f3986e3bba Author: vnugent <public@vaughnnugent.com> Date: Wed May 15 16:35:06 2024 -0400 build: Fix ssl container dir, and certificate automation commit a710553aa5c0484b6934b8a5d4d16b1eb3ff2a88 Author: vnugent <public@vaughnnugent.com> Date: Wed May 15 15:37:53 2024 -0400 ci: Admin form clear, polish build and release taskfiels commit 372eb6a32a9891afb5035caa0805e8ed878416d8 Author: vnugent <public@vaughnnugent.com> Date: Tue May 14 22:27:10 2024 -0400 default read secret pepper from file for bare-metal builds commit 1b7270b40b65ef089bf40a14065227f742b8507e Author: vnugent <public@vaughnnugent.com> Date: Tue May 14 21:52:03 2024 -0400 chore: make container slightly easier to setup commit 2deda50a167286bc93fd3871a1fd6dbf9f43c81f Merge: 28f0f77 96ae7b0 Author: vnugent <public@vaughnnugent.com> Date: Sun Apr 28 10:54:09 2024 -0400 Merge branch 'master' into develop commit 28f0f774da975c04271445761b2de31aecf969ff Author: vnugent <public@vaughnnugent.com> Date: Sat Apr 27 23:11:48 2024 -0400 Add --no-cache arg to build image args commit 22a1f5d374ec1a487944c6303066d0f15617cb12 Author: vnugent <public@vaughnnugent.com> Date: Sat Apr 27 18:47:25 2024 -0400 fix: Upstream patch missing ! in middlware commit f40ca2d4c26f81276d58760152592a918bf3cd87 Author: vnugent <public@vaughnnugent.com> Date: Sat Apr 27 18:36:01 2024 -0400 chore: package updates commit d7a3c957467e65ea7176170fba3c280ac18ac17e Author: vnugent <public@vaughnnugent.com> Date: Sun Apr 21 12:02:57 2024 -0400 chore: Package updates and minor QOL patches commit 97a5bded5122708cf39d0e86bc24a5f31755bdd1 Merge: 56e0a38 5877c86 Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 9 17:38:02 2024 -0400 Merge branch 'master' into develop commit 56e0a38b2ca246e8beeaef3c6c4b9c0ce7d0f09b Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 9 17:35:13 2024 -0400 chore(app): Update deps, login spinner, curl msg, view prep commit 0945210c0492dd8a8de99ccd8e5e66cf05e3a1c1 Merge: 24fac82 3c15d54 Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 2 14:58:59 2024 -0400 Merge branch 'master' into develop commit 24fac82efe9e5c18e86ed535678640e7401472db Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 2 14:54:20 2024 -0400 ci: Configure manual dep versions commit d2ae31ec919d72e66d8b40db8394b55efd6ea6d3 Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 31 22:19:53 2024 -0400 ci: Native compression support for win commit fa7fdef79c6d468022b77f81314ac129fe0cdc32 Merge: 308092d a01220a Author: vnugent <public@vaughnnugent.com> Date: Wed Mar 13 21:26:55 2024 -0400 Merge branch 'master' into develop commit 308092d6d743d0ba8f7ca86fd77e9c837dc46e88 Merge: 48637a8 9134093 Author: vnugent <public@vaughnnugent.com> Date: Wed Mar 13 21:01:02 2024 -0400 Merge branch 'master' into develop commit 48637a8781fc951c307216f604fc1610e68691c3 Merge: 1e08c6d e326736 Author: vnugent <public@vaughnnugent.com> Date: Wed Mar 13 16:20:35 2024 -0400 Merge branch 'master' into develop commit 1e08c6d2112459dc02a0ab873123c4a363b01d21 Author: vnugent <public@vaughnnugent.com> Date: Wed Mar 13 16:17:58 2024 -0400 ci: verified container build ready for next release commit 85a1e5b7cc5c99e97a2d4e99bbceb0d2139742ff Author: vnugent <public@vaughnnugent.com> Date: Tue Mar 12 22:05:16 2024 -0400 ci: exciting bare-metal build process, os support, smaller packages commit 748cdbf4880d830fd794e92856e8c35a46e4f884 Author: vnugent <public@vaughnnugent.com> Date: Mon Mar 11 21:21:18 2024 -0400 feat(app): #1 update libs & add curl support
author: vnugent <public@vaughnnugent.com> 2024-06-24 17:34:40 -0400
committer: vnugent <public@vaughnnugent.com> 2024-06-24 17:34:40 -0400
commit: 18e6823064f78d5821801839882d5fa3dadf79e3 (patch)
tree: 0bbd1baf2492fa3df5197dd82640592ba7b73c50 /ci/config-templates
parent: 71b581e006fda94aa675b7df9a7fbfe35d748b48 (diff)
6 files changed, 359 insertions, 0 deletions
diff --git a/ci/config-templates/Essentials.Accounts-template.json b/ci/config-templates/Essentials.Accounts-template.json
new file mode 100644
index 0000000..54e9b58
--- /dev/null
+++ b/ci/config-templates/Essentials.Accounts-template.json
@@ -0,0 +1,76 @@
+{
+  "debug": ${DEBUG_PLUGINS},
+
+  //endpoints
+
+  "login_endpoint": {
+    "path": "/api/account/login",
+    "max_login_attempts": ${MAX_LOGIN_ATTEMPS},   //10 failed attempts in 10 minutes
+    "failed_attempt_timeout_sec": 600             //10 minutes
+  },
+
+  "keepalive_endpoint": {
+    "path": "/api/account/keepalive",
+    //Regen token every 10 mins along with cookies
+    "token_refresh_sec": 600 //10 minutes
+  },
+
+  "profile_endpoint": {
+    "path": "/api/account/profile"
+  },
+
+  "password_endpoint": {
+    "path": "/api/account/reset"
+  },
+
+  "mfa_endpoint": {
+    "path": "/api/account/mfa"
+  },
+
+  "logout_endpoint": {
+    "path": "/api/account/logout"
+  },
+
+  "pki_auth_endpoint": {
+    "path": "/api/account/pki",
+    "jwt_time_dif_sec": 30,
+    "max_login_attempts": 10,
+    "failed_attempt_timeout_sec": 600,
+    //Configures the PATCH and DELETE methods to update the user's stored key when logged in
+    "enable_key_update": true
+  },
+
+  //If mfa is defined, configures mfa enpoints and enables mfa logins
+  "mfa": {
+    "upgrade_expires_secs": 180,
+    "nonce_size": 64,
+
+    //Defines totp specific arguments
+    "totp": {
+      "digits": 6,
+      "issuer": "Simple-Bookmark",
+      "period_secs": 30,
+      "algorithm": "sha1",
+      "secret_size": 32,
+      "window_size": 2
+    }
+  },
+
+  //Defines the included account provider
+  "account_security": {
+    //Time in seconds before a session is considered expired
+    "session_valid_for_sec": 3600,
+    //Path/domain for all security cookies
+    "cookie_domain": "",
+    "cookie_path": "/",
+    "status_cookie_name": "li", //front-end cookie name must match to detect login status
+    "otp_header_name": "X-Web-Token", //Front-end header name must match
+    "otp_time_diff_sec": 30,
+    "otp_key_size": 64,
+    "pubkey_cookie_name": "client-id",
+    "pubkey_signing_key_size": 32,
+    "strict_origin": false,
+    "strict_path": true,  //Can be enabled if front-end is running on the same server
+    //"allowed_origins": [""]
+  }
+}
+\ No newline at end of file
diff --git a/ci/config-templates/PageRouter-template.json b/ci/config-templates/PageRouter-template.json
new file mode 100644
index 0000000..86a51f8
--- /dev/null
+++ b/ci/config-templates/PageRouter-template.json
@@ -0,0 +1,7 @@
+{
+  "debug": ${DEBUG_PLUGINS},
+  "store": {
+    //All builds require the routes.xml file in the config directory even after variable substitution
+    "route_file": "config/routes.xml"
+  }
+}
+\ No newline at end of file
diff --git a/ci/config-templates/SessionProvider-template.json b/ci/config-templates/SessionProvider-template.json
new file mode 100644
index 0000000..328f06f
--- /dev/null
+++ b/ci/config-templates/SessionProvider-template.json
@@ -0,0 +1,25 @@
+{
+
+  "debug": ${DEBUG_PLUGINS},
+
+  //Provider assemblies to load
+  "provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ],
+
+  //Web session provider, valid format for VNCache and also memory sessions
+  "web": {
+    //Cache system key prefix
+    "cache_prefix": "websessions",
+    //The session cookie name
+    "cookie_name": "sb-session",
+    //Size in bytes for generated session ids
+    "cookie_size": 40,
+    //time (in seconds) a session is valid for
+    "valid_for_sec": 3600,
+    //The maxium number of connections waiting for the cache server responses
+    "max_waiting_connections": 100,
+    //Enforce strict cross-origin session checks
+    "strict_cors": true,
+    ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen)
+    "strict_tls_protocol": true
+  } 
+}
+\ No newline at end of file
diff --git a/ci/config-templates/SimpleBookmark-template.json b/ci/config-templates/SimpleBookmark-template.json
new file mode 100644
index 0000000..8736d8d
--- /dev/null
+++ b/ci/config-templates/SimpleBookmark-template.json
@@ -0,0 +1,35 @@
+{
+
+  //Comments are allowed
+  "debug": ${DEBUG_PLUGINS}, //Enables obnoxious debug logging
+
+  "bm_endpoint": {
+
+    "path": "/api/bookmarks", //Path for the bookmarks endpoint
+
+    "config": {
+      "max_limit": 100,                 //Max results per page
+      "default_limit": 20,              //Default results per page
+      "user_quota": ${MAX_BOOKMARKS}    //Max bookmarks per user
+    }
+  },
+
+  //System website lookup endpoint (aka curl)
+  "curl": {
+    "path": "/api/lookup",
+    "exe_path": "curl", //Path to the curl executable
+    "extra_args": [
+      "--globoff",                //Disables unsafe url globbing
+      "--no-keepalive",           //Disables keepalive, uneeded for a single lookup request
+      "--max-filesize", "100K",   //Max file size 100K
+      "--max-redirs", "5",        //Max redirects 5
+      "--location"                //Follow redirects
+    ]
+  },
+
+  "registration": {
+    "path": "/api/register",                                //Path for the registration endpoint
+    "token_lifetime_mins": ${REG_TOKEN_DURATION_MIN},       //Token lifetime in minutes
+    "key_regen_interval_mins": ${REG_TOKEN_DURATION_MIN}0   //Signing key regeneration interval in minutes
+  }
+}
+\ No newline at end of file
diff --git a/ci/config-templates/config-template.json b/ci/config-templates/config-template.json
new file mode 100644
index 0000000..7055678
--- /dev/null
+++ b/ci/config-templates/config-template.json
@@ -0,0 +1,170 @@
+{
+
+  //Host application config, config is loaded as a read-only DOM that is available
+  //to the host and loaded child plugins, all elements are available to plugins via the 'HostConfig' property
+
+  "http": {
+    //The defaut HTTP version to being requests with (does not support http/2 yet)
+    "default_version": "HTTP/1.1",
+    //The maxium size (in bytes) of response messges that will be compressed
+    "compression_limit": 512000,
+    //Minium response size (in bytes) to compress
+    "compression_minimum": 2048,
+    //The size of the buffer to use when parsing multipart/form data uploads
+    "multipart_max_buf_size": 8192,
+    //The maxium ammount of data (in bytes) allows for mulitpart/form data file uploads
+    "multipart_max_size": 80240,
+    //Absolute maximum size (in bytes) of the request entity body (exludes headers)
+    "max_entity_size": ${MAX_CONTENT_LENGTH},
+    //Keepalive ms for HTTP1.1 keepalive connections
+    "keepalive_ms": 1000000,
+    //The buffer size to use when parsing headers (also the maxium request header size allowed)
+    "header_buf_size": 8128,
+    //The maxium number of headers allowed in an HTTP request message
+    "max_request_header_count": 50,
+    //The maxium number of allowed network connections, before 503s will be issued automatically and connections closed
+    "max_connections": 5000,
+    //The size in bytes of the buffer to use when writing response messages
+    "response_buf_size": 65536,
+    //time (in ms) to wait for a response from an active connection in recv mode, before dropping it
+    "recv_timeout_ms": 5000,
+    //Time in ms to wait for the client to accept transport data before terminating the connection
+    "send_timeout_ms": 60000,
+    //The size (in bytes) of the buffer used to store all response header data
+    "response_header_buf_size": 16384,
+    //Max number of file uploads allowed per request
+    "max_uploads_per_request": 10
+  },
+
+  //Compression is installed in the container at lib/ directory along with the native library supporting gzip and brotli
+  "compression_lib": "lib/vnlib.net.compression/VNLib.Net.Compression.dll",
+
+  //Setup the native lib
+  "vnlib.net.compression": {
+    "lib_path": "${COMPRESSION_LIB_PATH}",
+    "level": 1
+  },
+
+
+  //Maxium ammount of time a request is allowed to be processed (includes loading or waiting for sessions) before operations will be cancelled and a 503 returned
+  "max_execution_time_ms": 20000,
+
+  //Collection of objects to define hosts+interfaces to build server listeners from
+  "virtual_hosts": [
+    {
+
+      "trace": ${HTTP_TRACE_ON},
+
+      //The interface to bind to, you may not mix TLS and non-TLS connections on the same interface
+      "interface": {
+        "address": "0.0.0.0",
+        "port": 8080
+      },
+
+      //Collection of "trusted" servers to allow proxy header support from
+      "downstream_servers": ${HTTP_DOWNSTREAM_SERVERS},
+
+      //The hostname to listen for, "*" as wildcard, and "[system]" as the default hostname for the current machine
+      "hostname": "*",
+      "path": "dist/",
+
+      //A list of file extensions to deny access to, if a resource is requested and has one of the following extensions, a 404 is returned
+      "deny_extensions": [ ".ts", ".json", ".htaccess", ".php" ],
+      //The default file extensions to append to a resource that does not have a file extension
+      "default_files": [ "index.html" ],
+
+      //A list of error file objects, files are loaded into memory (and watched for changes) and returned when the specified error code occurs
+      "error_files": [],
+
+      //The default
+      "cache_default_sec": 864000,
+
+      "ssl": ${SSL_JSON},
+    }
+  ],
+
+
+  //Defines the directory where plugin's are to be loaded from
+  "plugins": {
+    //Hot-reload creates collectable assemblies that allow full re-load support in the host application, should only be used for development purposes!
+    "hot_reload": false,
+    "path": "plugins/",
+    "config_dir": "config/",
+    "assets": "plugins/assets/"
+  },
+
+  "sys_log": {
+    "path": "data/logs/sys-log.txt",
+    "flush_sec": 5,
+    "retained_files": 31,
+    "file_size_limit": 10485760,
+    "interval": "infinite"
+  },
+
+  "app_log": {
+    "path": "data/logs/app-log.txt",
+    "flush_sec": 5,
+    "retained_files": 31,
+    "file_size_limit": 10485760,
+    "interval": "infinite"
+  },
+
+  //HASHICORP VAULT
+  "hashicorp_vault": {
+    "url": "${HC_VAULT_ADDR}",
+    "token": "${HC_VAULT_TOKEN}",
+    "trust_certificate": ${HC_VAULT_TRUST_CERT},
+  },
+
+  //SQL CONFIG
+  "sql": {
+    "provider": "${SQL_LIB_PATH}",
+    "connection_string": "${SQL_CONNECTION_STRING}"
+  },
+
+  //VNCACHE global config
+  //Enable vncache as the providers above rely on the object caching server
+  "cache": {
+
+    "assembly_name": "${CACHE_ASM_PATH}",
+    "url": "${REDIS_CONNECTION_STRING}",
+
+    //Max size (in bytes) of allowed data to be stored in each user's session object
+    "max_object_size": 8128,
+
+    //Request timeout
+    "request_timeout_sec": 10,
+
+    //Time delay between cluster node discovery
+    "discovery_interval_sec": 120,
+
+    //Initial nodes to discover from
+    "initial_nodes": ${VNCACHE_INITIAL_NODES},
+
+    //Disable TLS
+    "use_tls": false,
+
+    //Setting this value to true will cause the cache store to load a memory-only instance, without remote backing
+    "memory_only": ${MEMCACHE_ONLY},
+
+    //enable memory cache
+    "memory_cache": {
+      "buckets": 20,
+      "bucket_size": 5000,
+      "max_age_sec": 600,
+      "refresh_interval_sec": 60,
+      "zero_all": false,
+      "max_object_size": 8128
+    }
+  },
+
+  "secrets": {
+    //Special key used by the loading library for access to the PasswordHashing library to pepper password hashes
+    "passwords": "${PASSWORD_PEPPER}",
+    "db_password": "${DATABASE_PASSWORD}",
+    "client_private_key": "${VNCACHE_CLIENT_PRIVATE_KEY}",
+    "cache_public_key": "${VNCACHE_CACHE_PUBLIC_KEY}",
+    "redis_password": "${REDIS_PASSWORD}"
+  }
+}
+
diff --git a/ci/config-templates/routes.xml b/ci/config-templates/routes.xml
new file mode 100644
index 0000000..85f9830
--- /dev/null
+++ b/ci/config-templates/routes.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="utf-8" ?>
+
+<!--Routes container element holds a collection of route elements-->
+<routes>
+  <!-- 
+    Example route configuration for a single page app
+    where the tree looks like this:
+    / (index.html)
+    /assets (assets directory) (css and js files)
+    
+    Wildcard hosts match all hosts that do not have rules with more specific hosts
+  -->
+
+  <!--
+    Allow assets directory to pass through for all requests, using the Continue routine (1)
+    
+    Because this route has a more specific path than the catch all route
+    it will be processed first
+  -->
+  <route routine="1" privilege="0">
+
+    <!--Wildcard host-->
+    <hostname>*</hostname>
+
+    <!--All paths that start with /assets/ will be matched-->
+    <path>/assets/*</path>
+  </route>
+
+  <!--Show the index file when navigating to /-->
+  <route routine="4" privilege="0">
+    <hostname>*</hostname>
+    <path>/</path>
+    <alternate>index.html</alternate>
+  </route>
+
+  <!--Redirect all other pages back to the app (homepage)-->
+  <route routine="2" privilege="0">
+    <hostname>*</hostname>
+    <path>/*</path>
+    <alternate>/</alternate>
+  </route>
+
+
+  <!--All routes that do not match will be allowed, this is only / since it does not have a matching rule-->
+
+</routes>
+\ No newline at end of file
author	vnugent <public@vaughnnugent.com>	2024-06-24 17:34:40 -0400
committer	vnugent <public@vaughnnugent.com>	2024-06-24 17:34:40 -0400
commit	18e6823064f78d5821801839882d5fa3dadf79e3 (patch)
tree	0bbd1baf2492fa3df5197dd82640592ba7b73c50 /ci/config-templates
parent	71b581e006fda94aa675b7df9a7fbfe35d748b48 (diff)