refactor: remove HstsConfig

This config object was originally ported from the HD1 config,
but is not required anymore.

HD2 does not support handling TLS anymore, so it does not make
sense for it to set TLS-related headers.
The reverse proxy terminating TLS can easily set HSTS headers.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2023-10-07 10:46:16 +02:00 committed by Yannick Bungers
parent bf3e7e1f44
commit 0693812e8b
3 changed files with 0 additions and 57 deletions

View file

@ -20,7 +20,6 @@ import cspConfig from './config/csp.config';
import customizationConfig from './config/customization.config'; import customizationConfig from './config/customization.config';
import databaseConfig, { DatabaseConfig } from './config/database.config'; import databaseConfig, { DatabaseConfig } from './config/database.config';
import externalConfig from './config/external-services.config'; import externalConfig from './config/external-services.config';
import hstsConfig from './config/hsts.config';
import mediaConfig from './config/media.config'; import mediaConfig from './config/media.config';
import noteConfig from './config/note.config'; import noteConfig from './config/note.config';
import { eventModuleConfig } from './events'; import { eventModuleConfig } from './events';
@ -80,7 +79,6 @@ const routes: Routes = [
appConfig, appConfig,
noteConfig, noteConfig,
mediaConfig, mediaConfig,
hstsConfig,
cspConfig, cspConfig,
databaseConfig, databaseConfig,
authConfig, authConfig,

View file

@ -1,51 +0,0 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { registerAs } from '@nestjs/config';
import * as Joi from 'joi';
import { buildErrorMessage, parseOptionalNumber } from './utils';
export interface HstsConfig {
enable: boolean;
maxAgeSeconds: number;
includeSubdomains: boolean;
preload: boolean;
}
const hstsSchema = Joi.object({
enable: Joi.boolean().default(true).optional().label('HD_HSTS_ENABLE'),
maxAgeSeconds: Joi.number()
.default(60 * 60 * 24 * 365)
.optional()
.label('HD_HSTS_MAX_AGE'),
includeSubdomains: Joi.boolean()
.default(true)
.optional()
.label('HD_HSTS_INCLUDE_SUBDOMAINS'),
preload: Joi.boolean().default(true).optional().label('HD_HSTS_PRELOAD'),
});
export default registerAs('hstsConfig', () => {
const hstsConfig = hstsSchema.validate(
{
enable: process.env.HD_HSTS_ENABLE,
maxAgeSeconds: parseOptionalNumber(process.env.HD_HSTS_MAX_AGE),
includeSubdomains: process.env.HD_HSTS_INCLUDE_SUBDOMAINS,
preload: process.env.HD_HSTS_PRELOAD,
},
{
abortEarly: false,
presence: 'required',
},
);
if (hstsConfig.error) {
const errorMessages = hstsConfig.error.details.map(
(detail) => detail.message,
);
throw new Error(buildErrorMessage(errorMessages));
}
return hstsConfig.value as HstsConfig;
});

View file

@ -31,9 +31,6 @@ The config of HedgeDoc is split up into **nine** different modules:
`external-services.config.ts` `external-services.config.ts`
: Which external services are activated and where can they be called : Which external services are activated and where can they be called
`hsts.config.ts`
: Configuration for [HTTP Strict-Transport-Security][hsts]
`media.config.ts` `media.config.ts`
: Where media files are being stored : Where media files are being stored
@ -96,6 +93,5 @@ Some config files also have a `.mock.ts` file which defines the configuration fo
Those files just contain the default export and return the mock config object. Those files just contain the default export and return the mock config object.
[csp]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [csp]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
[hsts]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
[joi]: https://joi.dev/ [joi]: https://joi.dev/
[joi-doc]: https://joi.dev/api [joi-doc]: https://joi.dev/api