From a355e12201f50d8f52738d225c270042913030e2 Mon Sep 17 00:00:00 2001 From: vnugent Date: Mon, 24 Jun 2024 16:46:04 -0400 Subject: ci: Consolidate ci configuration --- .../Essentials.Accounts-template.json | 76 --------- .../config-templates/PageRouter-template.json | 6 - .../config-templates/SessionProvider-template.json | 25 --- .../config-templates/SimpleBookmark-template.json | 35 ----- ci/container/config-templates/config-template.json | 170 --------------------- 5 files changed, 312 deletions(-) delete mode 100644 ci/container/config-templates/Essentials.Accounts-template.json delete mode 100644 ci/container/config-templates/PageRouter-template.json delete mode 100644 ci/container/config-templates/SessionProvider-template.json delete mode 100644 ci/container/config-templates/SimpleBookmark-template.json delete mode 100644 ci/container/config-templates/config-template.json (limited to 'ci/container/config-templates') diff --git a/ci/container/config-templates/Essentials.Accounts-template.json b/ci/container/config-templates/Essentials.Accounts-template.json deleted file mode 100644 index 68568a9..0000000 --- a/ci/container/config-templates/Essentials.Accounts-template.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "debug": ${DEBUG_PLUGINS}, - - //endpoints - - "login_endpoint": { - "path": "/api/account/login", - "max_login_attempts": ${MAX_LOGIN_ATTEMPS}, //10 failed attempts in 10 minutes - "failed_attempt_timeout_sec": 600 //10 minutes - }, - - "keepalive_endpoint": { - "path": "/api/account/keepalive", - //Regen token every 10 mins along with cookies - "token_refresh_sec": 600 //10 minutes - }, - - "profile_endpoint": { - "path": "/api/account/profile" - }, - - "password_endpoint": { - "path": "/api/account/reset" - }, - - "mfa_endpoint": { - "path": "/api/account/mfa" - }, - - "logout_endpoint": { - "path": "/api/account/logout" - }, - - "pki_auth_endpoint": { - "path": "/api/account/pki", - "jwt_time_dif_sec": 30, - "max_login_attempts": 10, - "failed_attempt_timeout_sec": 600, - //Configures the PATCH and DELETE methods to update the user's stored key when logged in - "enable_key_update": true - }, - - //If mfa is defined, configures mfa enpoints and enables mfa logins - "mfa": { - "upgrade_expires_secs": 180, - "nonce_size": 64, - - //Defines totp specific arguments - "totp": { - "digits": 6, - "issuer": "Simple-Bookmark", - "period_secs": 30, - "algorithm": "sha1", - "secret_size": 32, - "window_size": 2 - } - }, - - //Defines the included account provider - "account_security": { - //Time in seconds before a session is considered expired - "session_valid_for_sec": 3600, - //Path/domain for all security cookies - "cookie_domain": "", - "cookie_path": "/", - "status_cookie_name": "li", //front-end cookie name must match to detect login status - "otp_header_name": "X-Web-Token", //Front-end header name must match - "otp_time_diff_sec": 30, - "otp_key_size": 64, - "pubkey_cookie_name": "client-id", - "pubkey_signing_key_size": 32, - "strict_origin": false, - "strict_path": true, //Can be enabled if front-end is running on the same server - //"allowed_origins": [""] - } -} \ No newline at end of file diff --git a/ci/container/config-templates/PageRouter-template.json b/ci/container/config-templates/PageRouter-template.json deleted file mode 100644 index 98dded3..0000000 --- a/ci/container/config-templates/PageRouter-template.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "debug": ${DEBUG_PLUGINS}, - "store": { - "route_file": "static/routes.xml" - } -} \ No newline at end of file diff --git a/ci/container/config-templates/SessionProvider-template.json b/ci/container/config-templates/SessionProvider-template.json deleted file mode 100644 index 328f06f..0000000 --- a/ci/container/config-templates/SessionProvider-template.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - - "debug": ${DEBUG_PLUGINS}, - - //Provider assemblies to load - "provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ], - - //Web session provider, valid format for VNCache and also memory sessions - "web": { - //Cache system key prefix - "cache_prefix": "websessions", - //The session cookie name - "cookie_name": "sb-session", - //Size in bytes for generated session ids - "cookie_size": 40, - //time (in seconds) a session is valid for - "valid_for_sec": 3600, - //The maxium number of connections waiting for the cache server responses - "max_waiting_connections": 100, - //Enforce strict cross-origin session checks - "strict_cors": true, - ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen) - "strict_tls_protocol": true - } -} \ No newline at end of file diff --git a/ci/container/config-templates/SimpleBookmark-template.json b/ci/container/config-templates/SimpleBookmark-template.json deleted file mode 100644 index 8736d8d..0000000 --- a/ci/container/config-templates/SimpleBookmark-template.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - - //Comments are allowed - "debug": ${DEBUG_PLUGINS}, //Enables obnoxious debug logging - - "bm_endpoint": { - - "path": "/api/bookmarks", //Path for the bookmarks endpoint - - "config": { - "max_limit": 100, //Max results per page - "default_limit": 20, //Default results per page - "user_quota": ${MAX_BOOKMARKS} //Max bookmarks per user - } - }, - - //System website lookup endpoint (aka curl) - "curl": { - "path": "/api/lookup", - "exe_path": "curl", //Path to the curl executable - "extra_args": [ - "--globoff", //Disables unsafe url globbing - "--no-keepalive", //Disables keepalive, uneeded for a single lookup request - "--max-filesize", "100K", //Max file size 100K - "--max-redirs", "5", //Max redirects 5 - "--location" //Follow redirects - ] - }, - - "registration": { - "path": "/api/register", //Path for the registration endpoint - "token_lifetime_mins": ${REG_TOKEN_DURATION_MIN}, //Token lifetime in minutes - "key_regen_interval_mins": ${REG_TOKEN_DURATION_MIN}0 //Signing key regeneration interval in minutes - } -} \ No newline at end of file diff --git a/ci/container/config-templates/config-template.json b/ci/container/config-templates/config-template.json deleted file mode 100644 index 0bd0ddb..0000000 --- a/ci/container/config-templates/config-template.json +++ /dev/null @@ -1,170 +0,0 @@ -{ - - //Host application config, config is loaded as a read-only DOM that is available - //to the host and loaded child plugins, all elements are available to plugins via the 'HostConfig' property - - "http": { - //The defaut HTTP version to being requests with (does not support http/2 yet) - "default_version": "HTTP/1.1", - //The maxium size (in bytes) of response messges that will be compressed - "compression_limit": 512000, - //Minium response size (in bytes) to compress - "compression_minimum": 2048, - //The size of the buffer to use when parsing multipart/form data uploads - "multipart_max_buf_size": 8192, - //The maxium ammount of data (in bytes) allows for mulitpart/form data file uploads - "multipart_max_size": 80240, - //Absolute maximum size (in bytes) of the request entity body (exludes headers) - "max_entity_size": 1024000, - //Keepalive ms for HTTP1.1 keepalive connections - "keepalive_ms": 1000000, - //The buffer size to use when parsing headers (also the maxium request header size allowed) - "header_buf_size": 8128, - //The maxium number of headers allowed in an HTTP request message - "max_request_header_count": 50, - //The maxium number of allowed network connections, before 503s will be issued automatically and connections closed - "max_connections": 5000, - //The size in bytes of the buffer to use when writing response messages - "response_buf_size": 4096, - //time (in ms) to wait for a response from an active connection in recv mode, before dropping it - "recv_timeout_ms": 5000, - //Time in ms to wait for the client to accept transport data before terminating the connection - "send_timeout_ms": 60000, - //The size (in bytes) of the buffer used to store all response header data - "response_header_buf_size": 16384, - //Max number of file uploads allowed per request - "max_uploads_per_request": 10 - }, - - //Compression is installed in the container at lib/ directory along with the native library supporting gzip and brotli - "compression_lib": "lib/vnlib.net.compression/VNLib.Net.Compression.dll", - - //Setup the native lib - "vnlib.net.compression": { - "lib_path": "lib/libvn_compress.so", - "level": 1 - }, - - - //Maxium ammount of time a request is allowed to be processed (includes loading or waiting for sessions) before operations will be cancelled and a 503 returned - "max_execution_time_ms": 20000, - - //Collection of objects to define hosts+interfaces to build server listeners from - "virtual_hosts": [ - { - - "trace": ${HTTP_TRACE_ON}, - - //The interface to bind to, you may not mix TLS and non-TLS connections on the same interface - "interface": { - "address": "0.0.0.0", - "port": 8080 - }, - - //Collection of "trusted" servers to allow proxy header support from - "downstream_servers": ${HTTP_DOWNSTREAM_SERVERS}, - - //The hostname to listen for, "*" as wildcard, and "[system]" as the default hostname for the current machine - "hostname": "*", - "path": "dist/", - - //A list of file extensions to deny access to, if a resource is requested and has one of the following extensions, a 404 is returned - "deny_extensions": [ ".ts", ".json", ".htaccess", ".php" ], - //The default file extensions to append to a resource that does not have a file extension - "default_files": [ "index.html", "index.htm" ], - - //A list of error file objects, files are loaded into memory (and watched for changes) and returned when the specified error code occurs - "error_files": [], - - //The default - "cache_default_sec": 864000, - - "ssl": ${SSL_JSON}, - } - ], - - - //Defines the directory where plugin's are to be loaded from - "plugins": { - //Hot-reload creates collectable assemblies that allow full re-load support in the host application, should only be used for development purposes! - "hot_reload": false, - "path": "plugins/", - "config_dir": "config/", - "assets": "plugins/assets/" - }, - - "sys_log": { - "path": "data/logs/sys-log.txt", - "flush_sec": 5, - "retained_files": 31, - "file_size_limit": 10485760, - "interval": "infinite" - }, - - "app_log": { - "path": "data/logs/app-log.txt", - "flush_sec": 5, - "retained_files": 31, - "file_size_limit": 10485760, - "interval": "infinite" - }, - - //HASHICORP VAULT - "hashicorp_vault": { - "url": "${HC_VAULT_ADDR}", - "token": "${HC_VAULT_TOKEN}", - "trust_certificate": ${HC_VAULT_TRUST_CERT}, - }, - - //SQL CONFIG - "sql": { - "provider": "${SQL_LIB_PATH}", - "connection_string": "${SQL_CONNECTION_STRING}" - }, - - //VNCACHE global config - //Enable vncache as the providers above rely on the object caching server - "cache": { - - "assembly_name": "${CACHE_ASM_PATH}", - "url": "${REDIS_CONNECTION_STRING}", - - //Max size (in bytes) of allowed data to be stored in each user's session object - "max_object_size": 8128, - - //Request timeout - "request_timeout_sec": 10, - - //Time delay between cluster node discovery - "discovery_interval_sec": 120, - - //Initial nodes to discover from - "initial_nodes": ${VNCACHE_INITIAL_NODES}, - - //Disable TLS - "use_tls": false, - - //Setting this value to true will cause the cache store to load a memory-only instance, without remote backing - "memory_only": ${MEMCACHE_ONLY}, - - //enable memory cache - "memory_cache": { - "buckets": 20, - "bucket_size": 5000, - "max_age_sec": 600, - "refresh_interval_sec": 60, - "zero_all": false, - "max_object_size": 8128 - } - }, - - "secrets": { - //Special key used by the loading library for access to the PasswordHashing library to pepper password hashes - "passwords": "${PASSWORD_PEPPER}", - "db_password": "${DATABASE_PASSWORD}", - "client_private_key": "${VNCACHE_CLIENT_PRIVATE_KEY}", - "cache_public_key": "${VNCACHE_CACHE_PUBLIC_KEY}", - "redis_password": "${REDIS_PASSWORD}" - } -} - -- cgit