github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-14 20:40:17 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #15778 from overleaf/csh-refactor-ce-sp-settings

Browse source 
Refactor CE/SP settings

GitOrigin-RevId: fabcd14dd73fec810e1a357a743827dbc0702c57
This commit is contained in:
Christopher Hoskin 2023-11-20 10:53:06 +00:00 committed by Copybot
parent 6e74a65758
commit f0b227eee8
1 changed files with 0 additions and 240 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

240
server-ce/config/settings.js
View file

@ -421,246 +421,6 @@ if (parse(process.env.SHARELATEX_IS_SERVER_PRO) === true) {
settings.apis.references = { url: 'http://localhost:3040' }
}
// LDAP - SERVER PRO ONLY
// ----------
if (process.env.SHARELATEX_LDAP_HOST) {
console.error(`\
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# WARNING: The LDAP configuration format has changed in version 0.5.1
# See https://github.com/sharelatex/sharelatex/wiki/Server-Pro:-LDAP-Config
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #\
`)
}
if (process.env.SHARELATEX_LDAP_URL) {
let _ldap_connect_timeout,
_ldap_group_search_attribs,
_ldap_search_attribs,
_ldap_timeout
settings.externalAuth = true
settings.ldap = {
emailAtt: process.env.SHARELATEX_LDAP_EMAIL_ATT,
nameAtt: process.env.SHARELATEX_LDAP_NAME_ATT,
lastNameAtt: process.env.SHARELATEX_LDAP_LAST_NAME_ATT,
updateUserDetailsOnLogin:
process.env.SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN === 'true',
placeholder: process.env.SHARELATEX_LDAP_PLACEHOLDER,
server: {
url: process.env.SHARELATEX_LDAP_URL,
bindDn: process.env.SHARELATEX_LDAP_BIND_DN,
bindCredentials: process.env.SHARELATEX_LDAP_BIND_CREDENTIALS,
bindProperty: process.env.SHARELATEX_LDAP_BIND_PROPERTY,
searchBase: process.env.SHARELATEX_LDAP_SEARCH_BASE,
searchScope: process.env.SHARELATEX_LDAP_SEARCH_SCOPE,
searchFilter: process.env.SHARELATEX_LDAP_SEARCH_FILTER,
searchAttributes: (_ldap_search_attribs =
process.env.SHARELATEX_LDAP_SEARCH_ATTRIBUTES)
? (() => {
try {
return JSON.parse(_ldap_search_attribs)
} catch (error3) {
e = error3
return console.error(
'could not parse SHARELATEX_LDAP_SEARCH_ATTRIBUTES'
)
}
})()
: undefined,
groupDnProperty: process.env.SHARELATEX_LDAP_GROUP_DN_PROPERTY,
groupSearchBase: process.env.SHARELATEX_LDAP_GROUP_SEARCH_BASE,
groupSearchScope: process.env.SHARELATEX_LDAP_GROUP_SEARCH_SCOPE,
groupSearchFilter: process.env.SHARELATEX_LDAP_GROUP_SEARCH_FILTER,
groupSearchAttributes: (_ldap_group_search_attribs =
process.env.SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES)
? (() => {
try {
return JSON.parse(_ldap_group_search_attribs)
} catch (error4) {
e = error4
return console.error(
'could not parse SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES'
)
}
})()
: undefined,
cache: process.env.SHARELATEX_LDAP_CACHE === 'true',
timeout: (_ldap_timeout = process.env.SHARELATEX_LDAP_TIMEOUT)
? (() => {
try {
return parseIntOrFail(_ldap_timeout)
} catch (error5) {
e = error5
return console.error('Cannot parse SHARELATEX_LDAP_TIMEOUT')
}
})()
: undefined,
connectTimeout: (_ldap_connect_timeout =
process.env.SHARELATEX_LDAP_CONNECT_TIMEOUT)
? (() => {
try {
return parseIntOrFail(_ldap_connect_timeout)
} catch (error6) {
e = error6
return console.error(
'Cannot parse SHARELATEX_LDAP_CONNECT_TIMEOUT'
)
}
})()
: undefined,
},
}
if (process.env.SHARELATEX_LDAP_TLS_OPTS_CA_PATH) {
let ca, ca_paths
try {
ca = JSON.parse(process.env.SHARELATEX_LDAP_TLS_OPTS_CA_PATH)
} catch (error7) {
e = error7
console.error(
'could not parse SHARELATEX_LDAP_TLS_OPTS_CA_PATH, invalid JSON'
)
}
if (typeof ca === 'string') {
ca_paths = [ca]
} else if (
typeof ca === 'object' &&
(ca != null ? ca.length : undefined) != null
) {
ca_paths = ca
} else {
console.error('problem parsing SHARELATEX_LDAP_TLS_OPTS_CA_PATH')
}
settings.ldap.server.tlsOptions = {
rejectUnauthorized:
process.env.SHARELATEX_LDAP_TLS_OPTS_REJECT_UNAUTH === 'true',
ca: ca_paths, // e.g.'/etc/ldap/ca_certs.pem'
}
}
}
if (process.env.SHARELATEX_SAML_ENTRYPOINT) {
// NOTE: see https://github.com/node-saml/passport-saml/blob/master/README.md for docs of `server` options
let _saml_additionalAuthorizeParams,
_saml_additionalLogoutParams,
_saml_additionalParams,
_saml_expiration,
_saml_skew
settings.externalAuth = true
settings.saml = {
updateUserDetailsOnLogin:
process.env.SHARELATEX_SAML_UPDATE_USER_DETAILS_ON_LOGIN === 'true',
identityServiceName: process.env.SHARELATEX_SAML_IDENTITY_SERVICE_NAME,
emailField:
process.env.SHARELATEX_SAML_EMAIL_FIELD ||
process.env.SHARELATEX_SAML_EMAIL_FIELD_NAME,
firstNameField: process.env.SHARELATEX_SAML_FIRST_NAME_FIELD,
lastNameField: process.env.SHARELATEX_SAML_LAST_NAME_FIELD,
server: {
// strings
entryPoint: process.env.SHARELATEX_SAML_ENTRYPOINT,
callbackUrl: process.env.SHARELATEX_SAML_CALLBACK_URL,
issuer: process.env.SHARELATEX_SAML_ISSUER,
decryptionPvk: process.env.SHARELATEX_SAML_DECRYPTION_PVK,
decryptionCert: process.env.SHARELATEX_SAML_DECRYPTION_CERT,
signingCert: process.env.SHARELATEX_SAML_SIGNING_CERT,
signatureAlgorithm: process.env.SHARELATEX_SAML_SIGNATURE_ALGORITHM,
identifierFormat: process.env.SHARELATEX_SAML_IDENTIFIER_FORMAT,
attributeConsumingServiceIndex:
process.env.SHARELATEX_SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX,
authnContext:
process.env.SHARELATEX_SAML_AUTHN_CONTEXT &&
process.env.SHARELATEX_SAML_AUTHN_CONTEXT.split(','),
authnRequestBinding: process.env.SHARELATEX_SAML_AUTHN_REQUEST_BINDING,
validateInResponseTo: process.env.SHARELATEX_SAML_VALIDATE_IN_RESPONSE_TO,
cacheProvider: process.env.SHARELATEX_SAML_CACHE_PROVIDER,
logoutUrl: process.env.SHARELATEX_SAML_LOGOUT_URL,
logoutCallbackUrl: process.env.SHARELATEX_SAML_LOGOUT_CALLBACK_URL,
disableRequestedAuthnContext:
process.env.SHARELATEX_SAML_DISABLE_REQUESTED_AUTHN_CONTEXT === 'true',
forceAuthn: process.env.SHARELATEX_SAML_FORCE_AUTHN === 'true',
skipRequestCompression:
process.env.SHARELATEX_SAML_SKIP_REQUEST_COMPRESSION === 'true',
acceptedClockSkewMs: (_saml_skew =
process.env.SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS)
? (() => {
try {
return parseIntOrFail(_saml_skew)
} catch (error8) {
e = error8
return console.error(
'Cannot parse SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS'
)
}
})()
: undefined,
requestIdExpirationPeriodMs: (_saml_expiration =
process.env.SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS)
? (() => {
try {
return parseIntOrFail(_saml_expiration)
} catch (error9) {
e = error9
return console.error(
'Cannot parse SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS'
)
}
})()
: undefined,
additionalParams: (_saml_additionalParams =
process.env.SHARELATEX_SAML_ADDITIONAL_PARAMS)
? (() => {
try {
return JSON.parse(_saml_additionalParams)
} catch (error10) {
e = error10
return console.error(
'Cannot parse SHARELATEX_SAML_ADDITIONAL_PARAMS'
)
}
})()
: undefined,
additionalAuthorizeParams: (_saml_additionalAuthorizeParams =
process.env.SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS)
? (() => {
try {
return JSON.parse(_saml_additionalAuthorizeParams)
} catch (error11) {
e = error11
return console.error(
'Cannot parse SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS'
)
}
})()
: undefined,
additionalLogoutParams: (_saml_additionalLogoutParams =
process.env.SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS)
? (() => {
try {
return JSON.parse(_saml_additionalLogoutParams)
} catch (error12) {
e = error12
return console.error(
'Cannot parse SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS'
)
}
})()
: undefined,
},
}
// SHARELATEX_SAML_CERT cannot be empty
// https://github.com/node-saml/passport-saml/commit/f6b1c885c0717f1083c664345556b535f217c102
if (process.env.SHARELATEX_SAML_CERT) {
settings.saml.server.cert = process.env.SHARELATEX_SAML_CERT
settings.saml.server.privateKey = process.env.SHARELATEX_SAML_PRIVATE_CERT
}
}
// Compiler
// --------
if (process.env.SANDBOXED_COMPILES === 'true') {