Removal of default API passwords (#2422)

GitOrigin-RevId: d831adcf2fb8bec8792dda624c255474480bb897
This commit is contained in:
Eric Mc Sween 2019-12-18 04:25:51 -05:00 committed by Copybot
parent f42bb68e74
commit b055612e3c
3 changed files with 19 additions and 3 deletions

View file

@ -35,6 +35,11 @@ const port = Settings.port || Settings.internal.web.port || 3000
const host = Settings.internal.web.host || 'localhost'
if (!module.parent) {
// Called directly
// We want to make sure that we provided a password through the environment.
if (!process.env['WEB_API_USER'] || !process.env['WEB_API_PASSWORD']) {
throw new Error('No API user and password provided')
}
Server.server.listen(port, host, function() {
logger.info(`web starting up, listening on ${host}:${port}`)
logger.info(`${require('http').globalAgent.maxSockets} sockets enabled`)

View file

@ -8,10 +8,11 @@ minutes = 60 * seconds
# These credentials are used for authenticating api requests
# between services that may need to go over public channels
httpAuthUser = process.env['WEB_API_USER'] or "sharelatex"
httpAuthPass = process.env['WEB_API_PASSWORD'] or "password"
httpAuthUser = process.env['WEB_API_USER']
httpAuthPass = process.env['WEB_API_PASSWORD']
httpAuthUsers = {}
httpAuthUsers[httpAuthUser] = httpAuthPass
if httpAuthUser and httpAuthPass
httpAuthUsers[httpAuthUser] = httpAuthPass
sessionSecret = process.env['SESSION_SECRET'] or "secret-please-change"

View file

@ -3,10 +3,20 @@ v1Api =
user: 'overleaf'
pass: 'password'
httpAuthUser = "sharelatex"
httpAuthPass = "password"
httpAuthUsers = {}
httpAuthUsers[httpAuthUser] = httpAuthPass
module.exports =
enableSubscriptions: true
httpAuthUsers: httpAuthUsers
apis:
web:
user: httpAuthUser
pass: httpAuthPass
v1:
url: v1Api.url
user: v1Api.user