mirror of
https://github.com/overleaf/overleaf.git
synced 2024-10-17 21:05:04 -04:00
684 lines
23 KiB
JavaScript
684 lines
23 KiB
JavaScript
/*
|
|
* decaffeinate suggestions:
|
|
* DS205: Consider reworking code to avoid use of IIFEs
|
|
* DS207: Consider shorter variations of null checks
|
|
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
|
|
*/
|
|
let allTexLiveDockerImageNames, allTexLiveDockerImages, redisConfig, siteUrl;
|
|
let e;
|
|
const Path = require('path');
|
|
|
|
// These credentials are used for authenticating api requests
|
|
// between services that may need to go over public channels
|
|
const httpAuthUser = "sharelatex";
|
|
const httpAuthPass = process.env["WEB_API_PASSWORD"];
|
|
const httpAuthUsers = {};
|
|
httpAuthUsers[httpAuthUser] = httpAuthPass;
|
|
|
|
const parse = function(option){
|
|
if (option != null) {
|
|
try {
|
|
const opt = JSON.parse(option);
|
|
return opt;
|
|
} catch (err) {
|
|
throw new Error(`problem parsing ${option}, invalid JSON`);
|
|
}
|
|
}
|
|
};
|
|
|
|
const parseIntOrFail = function(value){
|
|
const parsedValue = parseInt(value, 10);
|
|
if (isNaN(parsedValue)) {
|
|
throw new Error(`'${value}' is an invalid integer`);
|
|
}
|
|
return parsedValue;
|
|
};
|
|
|
|
const DATA_DIR = '/var/lib/sharelatex/data';
|
|
const TMP_DIR = '/var/lib/sharelatex/tmp';
|
|
|
|
const settings = {
|
|
|
|
clsi: {
|
|
optimiseInDocker: process.env['OPTIMISE_PDF'] === 'true'
|
|
},
|
|
|
|
brandPrefix: "",
|
|
|
|
allowAnonymousReadAndWriteSharing:
|
|
process.env['SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING'] === 'true',
|
|
|
|
// Databases
|
|
// ---------
|
|
|
|
// ShareLaTeX's main persistent data store is MongoDB (http://www.mongodb.org/)
|
|
// Documentation about the URL connection string format can be found at:
|
|
//
|
|
// http://docs.mongodb.org/manual/reference/connection-string/
|
|
//
|
|
// The following works out of the box with Mongo's default settings:
|
|
mongo: {
|
|
url : process.env["SHARELATEX_MONGO_URL"] || 'mongodb://dockerhost/sharelatex'
|
|
},
|
|
|
|
// Redis is used in ShareLaTeX for high volume queries, like real-time
|
|
// editing, and session management.
|
|
//
|
|
// The following config will work with Redis's default settings:
|
|
redis: {
|
|
web: (redisConfig = {
|
|
host: process.env["SHARELATEX_REDIS_HOST"] || "dockerhost",
|
|
port: process.env["SHARELATEX_REDIS_PORT"] || "6379",
|
|
password: process.env["SHARELATEX_REDIS_PASS"] || undefined,
|
|
key_schema: {
|
|
// document-updater
|
|
blockingKey({doc_id}) { return `Blocking:${doc_id}`; },
|
|
docLines({doc_id}) { return `doclines:${doc_id}`; },
|
|
docOps({doc_id}) { return `DocOps:${doc_id}`; },
|
|
docVersion({doc_id}) { return `DocVersion:${doc_id}`; },
|
|
docHash({doc_id}) { return `DocHash:${doc_id}`; },
|
|
projectKey({doc_id}) { return `ProjectId:${doc_id}`; },
|
|
docsInProject({project_id}) { return `DocsIn:${project_id}`; },
|
|
ranges({doc_id}) { return `Ranges:${doc_id}`; },
|
|
// document-updater:realtime
|
|
pendingUpdates({doc_id}) { return `PendingUpdates:${doc_id}`; },
|
|
// document-updater:history
|
|
uncompressedHistoryOps({doc_id}) { return `UncompressedHistoryOps:${doc_id}`; },
|
|
docsWithHistoryOps({project_id}) { return `DocsWithHistoryOps:${project_id}`; },
|
|
// document-updater:lock
|
|
blockingKey({doc_id}) { return `Blocking:${doc_id}`; },
|
|
// track-changes:lock
|
|
historyLock({doc_id}) { return `HistoryLock:${doc_id}`; },
|
|
historyIndexLock({project_id}) { return `HistoryIndexLock:${project_id}`; },
|
|
// track-changes:history
|
|
uncompressedHistoryOps({doc_id}) { return `UncompressedHistoryOps:${doc_id}`; },
|
|
docsWithHistoryOps({project_id}) { return `DocsWithHistoryOps:${project_id}`; },
|
|
// realtime
|
|
clientsInProject({project_id}) { return `clients_in_project:${project_id}`; },
|
|
connectedUser({project_id, client_id}){ return `connected_user:${project_id}:${client_id}`; }
|
|
}
|
|
}),
|
|
fairy: redisConfig,
|
|
// track-changes and document-updater
|
|
realtime: redisConfig,
|
|
documentupdater: redisConfig,
|
|
lock: redisConfig,
|
|
history: redisConfig,
|
|
websessions: redisConfig,
|
|
api: redisConfig,
|
|
pubsub: redisConfig,
|
|
project_history: redisConfig
|
|
},
|
|
|
|
// The compile server (the clsi) uses a SQL database to cache files and
|
|
// meta-data. sqlite is the default, and the load is low enough that this will
|
|
// be fine in production (we use sqlite at sharelatex.com).
|
|
//
|
|
// If you want to configure a different database, see the Sequelize documentation
|
|
// for available options:
|
|
//
|
|
// https://github.com/sequelize/sequelize/wiki/API-Reference-Sequelize#example-usage
|
|
//
|
|
mysql: {
|
|
clsi: {
|
|
database: "clsi",
|
|
username: "clsi",
|
|
password: "",
|
|
dialect: "sqlite",
|
|
storage: Path.join(DATA_DIR, "db.sqlite")
|
|
}
|
|
},
|
|
|
|
// File storage
|
|
// ------------
|
|
|
|
// ShareLaTeX can store binary files like images either locally or in Amazon
|
|
// S3. The default is locally:
|
|
filestore: {
|
|
backend: "fs",
|
|
stores: {
|
|
user_files: Path.join(DATA_DIR, "user_files"),
|
|
template_files: Path.join(DATA_DIR, "template_files")
|
|
}
|
|
},
|
|
|
|
// To use Amazon S3 as a storage backend, comment out the above config, and
|
|
// uncomment the following, filling in your key, secret, and bucket name:
|
|
//
|
|
// filestore:
|
|
// backend: "s3"
|
|
// stores:
|
|
// user_files: "BUCKET_NAME"
|
|
// s3:
|
|
// key: "AWS_KEY"
|
|
// secret: "AWS_SECRET"
|
|
//
|
|
|
|
trackchanges: {
|
|
continueOnError: true
|
|
},
|
|
|
|
// Local disk caching
|
|
// ------------------
|
|
path: {
|
|
// If we ever need to write something to disk (e.g. incoming requests
|
|
// that need processing but may be too big for memory), then write
|
|
// them to disk here:
|
|
dumpFolder: Path.join(TMP_DIR, "dumpFolder"),
|
|
// Where to write uploads before they are processed
|
|
uploadFolder: Path.join(TMP_DIR, "uploads"),
|
|
// Where to write the project to disk before running LaTeX on it
|
|
compilesDir: Path.join(DATA_DIR, "compiles"),
|
|
// Where to cache downloaded URLs for the CLSI
|
|
clsiCacheDir: Path.join(DATA_DIR, "cache"),
|
|
// Where to write the output files to disk after running LaTeX
|
|
outputDir: Path.join(DATA_DIR, "output")
|
|
},
|
|
|
|
// Server Config
|
|
// -------------
|
|
|
|
// Where your instance of ShareLaTeX can be found publicly. This is used
|
|
// when emails are sent out and in generated links:
|
|
siteUrl: (siteUrl = process.env["SHARELATEX_SITE_URL"] || 'http://localhost'),
|
|
|
|
// The name this is used to describe your ShareLaTeX Installation
|
|
appName: process.env["SHARELATEX_APP_NAME"] || "ShareLaTeX (Community Edition)",
|
|
|
|
restrictInvitesToExistingAccounts: process.env["SHARELATEX_RESTRICT_INVITES_TO_EXISTING_ACCOUNTS"] === 'true',
|
|
|
|
nav: {
|
|
title: process.env["SHARELATEX_NAV_TITLE"] || process.env["SHARELATEX_APP_NAME"] || "ShareLaTeX Community Edition"
|
|
},
|
|
|
|
|
|
// The email address which users will be directed to as the main point of
|
|
// contact for this installation of ShareLaTeX.
|
|
adminEmail: process.env["SHARELATEX_ADMIN_EMAIL"] || "placeholder@example.com",
|
|
|
|
// If provided, a sessionSecret is used to sign cookies so that they cannot be
|
|
// spoofed. This is recommended.
|
|
security: {
|
|
sessionSecret: process.env["SHARELATEX_SESSION_SECRET"] || process.env["CRYPTO_RANDOM"]
|
|
},
|
|
|
|
// These credentials are used for authenticating api requests
|
|
// between services that may need to go over public channels
|
|
httpAuthUsers,
|
|
|
|
// Should javascript assets be served minified or not.
|
|
useMinifiedJs: true,
|
|
|
|
// Should static assets be sent with a header to tell the browser to cache
|
|
// them. This should be false in development where changes are being made,
|
|
// but should be set to true in production.
|
|
cacheStaticAssets: true,
|
|
|
|
// If you are running ShareLaTeX over https, set this to true to send the
|
|
// cookie with a secure flag (recommended).
|
|
secureCookie: (process.env["SHARELATEX_SECURE_COOKIE"] != null),
|
|
|
|
// If you are running ShareLaTeX behind a proxy (like Apache, Nginx, etc)
|
|
// then set this to true to allow it to correctly detect the forwarded IP
|
|
// address and http/https protocol information.
|
|
|
|
behindProxy: process.env["SHARELATEX_BEHIND_PROXY"] || false,
|
|
|
|
i18n: {
|
|
subdomainLang: {
|
|
www: {lngCode:process.env["SHARELATEX_SITE_LANGUAGE"] || "en", url: siteUrl}
|
|
},
|
|
defaultLng: process.env["SHARELATEX_SITE_LANGUAGE"] || "en"
|
|
},
|
|
|
|
currentImageName: process.env["TEX_LIVE_DOCKER_IMAGE"],
|
|
|
|
apis: {
|
|
web: {
|
|
url: "http://localhost:3000",
|
|
user: httpAuthUser,
|
|
pass: httpAuthPass
|
|
},
|
|
project_history: {
|
|
enabled: false
|
|
}
|
|
},
|
|
references:{},
|
|
notifications:undefined,
|
|
|
|
defaultFeatures: {
|
|
collaborators: -1,
|
|
dropbox: true,
|
|
versioning: true,
|
|
compileTimeout: parseIntOrFail(process.env["COMPILE_TIMEOUT"] || 180),
|
|
compileGroup: "standard",
|
|
trackChanges: true,
|
|
templates: true,
|
|
references: true
|
|
}
|
|
};
|
|
|
|
//# OPTIONAL CONFIGURABLE SETTINGS
|
|
|
|
if (process.env["SHARELATEX_LEFT_FOOTER"] != null) {
|
|
try {
|
|
settings.nav.left_footer = JSON.parse(process.env["SHARELATEX_LEFT_FOOTER"]);
|
|
} catch (error) {
|
|
e = error;
|
|
console.error("could not parse SHARELATEX_LEFT_FOOTER, not valid JSON");
|
|
}
|
|
}
|
|
|
|
if (process.env["SHARELATEX_RIGHT_FOOTER"] != null) {
|
|
settings.nav.right_footer = process.env["SHARELATEX_RIGHT_FOOTER"];
|
|
try {
|
|
settings.nav.right_footer = JSON.parse(process.env["SHARELATEX_RIGHT_FOOTER"]);
|
|
} catch (error1) {
|
|
e = error1;
|
|
console.error("could not parse SHARELATEX_RIGHT_FOOTER, not valid JSON");
|
|
}
|
|
}
|
|
|
|
if (process.env["SHARELATEX_HEADER_IMAGE_URL"] != null) {
|
|
settings.nav.custom_logo = process.env["SHARELATEX_HEADER_IMAGE_URL"];
|
|
}
|
|
|
|
if (process.env["SHARELATEX_HEADER_NAV_LINKS"] != null) {
|
|
console.error(`\
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
#
|
|
# WARNING: SHARELATEX_HEADER_NAV_LINKS is no longer supported
|
|
# See https://github.com/sharelatex/sharelatex/wiki/Configuring-Headers,-Footers-&-Logo
|
|
#
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #\
|
|
`
|
|
);
|
|
}
|
|
|
|
if (process.env["SHARELATEX_HEADER_EXTRAS"] != null) {
|
|
try {
|
|
settings.nav.header_extras = JSON.parse(process.env["SHARELATEX_HEADER_EXTRAS"]);
|
|
} catch (error2) {
|
|
e = error2;
|
|
console.error("could not parse SHARELATEX_HEADER_EXTRAS, not valid JSON");
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// Sending Email
|
|
// -------------
|
|
//
|
|
// You must configure a mail server to be able to send invite emails from
|
|
// ShareLaTeX. The config settings are passed to nodemailer. See the nodemailer
|
|
// documentation for available options:
|
|
//
|
|
// http://www.nodemailer.com/docs/transports
|
|
|
|
|
|
if (process.env["SHARELATEX_EMAIL_FROM_ADDRESS"] != null) {
|
|
|
|
settings.email = {
|
|
fromAddress: process.env["SHARELATEX_EMAIL_FROM_ADDRESS"],
|
|
replyTo: process.env["SHARELATEX_EMAIL_REPLY_TO"] || "",
|
|
driver: process.env["SHARELATEX_EMAIL_DRIVER"],
|
|
parameters: {
|
|
//AWS Creds
|
|
AWSAccessKeyID: process.env["SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID"],
|
|
AWSSecretKey: process.env["SHARELATEX_EMAIL_AWS_SES_SECRET_KEY"],
|
|
|
|
//SMTP Creds
|
|
host: process.env["SHARELATEX_EMAIL_SMTP_HOST"],
|
|
port: process.env["SHARELATEX_EMAIL_SMTP_PORT"],
|
|
secure: parse(process.env["SHARELATEX_EMAIL_SMTP_SECURE"]),
|
|
ignoreTLS: parse(process.env["SHARELATEX_EMAIL_SMTP_IGNORE_TLS"]),
|
|
name: process.env["SHARELATEX_EMAIL_SMTP_NAME"],
|
|
logger: process.env["SHARELATEX_EMAIL_SMTP_LOGGER"] === 'true'
|
|
},
|
|
|
|
textEncoding: process.env["SHARELATEX_EMAIL_TEXT_ENCODING"],
|
|
template: {
|
|
customFooter: process.env["SHARELATEX_CUSTOM_EMAIL_FOOTER"]
|
|
}
|
|
};
|
|
|
|
if (process.env["SHARELATEX_EMAIL_AWS_SES_REGION"] != null) {
|
|
settings.email.parameters.region = process.env["SHARELATEX_EMAIL_AWS_SES_REGION"];
|
|
}
|
|
|
|
if ((process.env["SHARELATEX_EMAIL_SMTP_USER"] != null) || (process.env["SHARELATEX_EMAIL_SMTP_PASS"] != null)) {
|
|
settings.email.parameters.auth = {
|
|
user: process.env["SHARELATEX_EMAIL_SMTP_USER"],
|
|
pass: process.env["SHARELATEX_EMAIL_SMTP_PASS"]
|
|
};
|
|
}
|
|
|
|
if (process.env["SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH"] != null) {
|
|
settings.email.parameters.tls =
|
|
{rejectUnauthorized: parse(process.env["SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH"])};
|
|
}
|
|
}
|
|
|
|
|
|
// i18n
|
|
if (process.env["SHARELATEX_LANG_DOMAIN_MAPPING"] != null) {
|
|
|
|
settings.i18n.subdomainLang = parse(process.env["SHARELATEX_LANG_DOMAIN_MAPPING"]);
|
|
}
|
|
|
|
// Password Settings
|
|
// -----------
|
|
// These restrict the passwords users can use when registering
|
|
// opts are from http://antelle.github.io/passfield
|
|
if (process.env["SHARELATEX_PASSWORD_VALIDATION_PATTERN"] || process.env["SHARELATEX_PASSWORD_VALIDATION_MIN_LENGTH"] || process.env["SHARELATEX_PASSWORD_VALIDATION_MAX_LENGTH"]) {
|
|
|
|
settings.passwordStrengthOptions = {
|
|
pattern: process.env["SHARELATEX_PASSWORD_VALIDATION_PATTERN"] || "aA$3",
|
|
length: {min:process.env["SHARELATEX_PASSWORD_VALIDATION_MIN_LENGTH"] || 8, max: process.env["SHARELATEX_PASSWORD_VALIDATION_MAX_LENGTH"] || 150}
|
|
};
|
|
}
|
|
|
|
|
|
|
|
|
|
//######################
|
|
// ShareLaTeX Server Pro
|
|
//######################
|
|
|
|
if (parse(process.env["SHARELATEX_IS_SERVER_PRO"]) === true) {
|
|
settings.bypassPercentageRollouts = true;
|
|
settings.apis.references =
|
|
{url: "http://localhost:3040"};
|
|
}
|
|
|
|
|
|
// LDAP - SERVER PRO ONLY
|
|
// ----------
|
|
|
|
if (process.env["SHARELATEX_LDAP_HOST"]) {
|
|
console.error(`\
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
#
|
|
# WARNING: The LDAP configuration format has changed in version 0.5.1
|
|
# See https://github.com/sharelatex/sharelatex/wiki/Server-Pro:-LDAP-Config
|
|
#
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #\
|
|
`
|
|
);
|
|
}
|
|
|
|
if (process.env["SHARELATEX_LDAP_URL"]) {
|
|
let _ldap_connect_timeout, _ldap_group_search_attribs, _ldap_search_attribs, _ldap_timeout;
|
|
settings.externalAuth = true;
|
|
settings.ldap = {
|
|
emailAtt: process.env["SHARELATEX_LDAP_EMAIL_ATT"],
|
|
nameAtt: process.env["SHARELATEX_LDAP_NAME_ATT"],
|
|
lastNameAtt: process.env["SHARELATEX_LDAP_LAST_NAME_ATT"],
|
|
updateUserDetailsOnLogin: process.env["SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN"] === 'true',
|
|
placeholder: process.env["SHARELATEX_LDAP_PLACEHOLDER"],
|
|
server: {
|
|
url: process.env["SHARELATEX_LDAP_URL"],
|
|
bindDn: process.env["SHARELATEX_LDAP_BIND_DN"],
|
|
bindCredentials: process.env["SHARELATEX_LDAP_BIND_CREDENTIALS"],
|
|
bindProperty: process.env["SHARELATEX_LDAP_BIND_PROPERTY"],
|
|
searchBase: process.env["SHARELATEX_LDAP_SEARCH_BASE"],
|
|
searchScope: process.env["SHARELATEX_LDAP_SEARCH_SCOPE"],
|
|
searchFilter: process.env["SHARELATEX_LDAP_SEARCH_FILTER"],
|
|
searchAttributes: (
|
|
(_ldap_search_attribs = process.env["SHARELATEX_LDAP_SEARCH_ATTRIBUTES"]) ?
|
|
(() => { try {
|
|
return JSON.parse(_ldap_search_attribs);
|
|
} catch (error3) {
|
|
e = error3;
|
|
return console.error("could not parse SHARELATEX_LDAP_SEARCH_ATTRIBUTES");
|
|
} })()
|
|
:
|
|
undefined
|
|
),
|
|
groupDnProperty: process.env["SHARELATEX_LDAP_GROUP_DN_PROPERTY"],
|
|
groupSearchBase: process.env["SHARELATEX_LDAP_GROUP_SEARCH_BASE"],
|
|
groupSearchScope: process.env["SHARELATEX_LDAP_GROUP_SEARCH_SCOPE"],
|
|
groupSearchFilter: process.env["SHARELATEX_LDAP_GROUP_SEARCH_FILTER"],
|
|
groupSearchAttributes: (
|
|
(_ldap_group_search_attribs = process.env["SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES"]) ?
|
|
(() => { try {
|
|
return JSON.parse(_ldap_group_search_attribs);
|
|
} catch (error4) {
|
|
e = error4;
|
|
return console.error("could not parse SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES");
|
|
} })()
|
|
:
|
|
undefined
|
|
),
|
|
cache: process.env["SHARELATEX_LDAP_CACHE"] === 'true',
|
|
timeout: (
|
|
(_ldap_timeout = process.env["SHARELATEX_LDAP_TIMEOUT"]) ?
|
|
(() => { try {
|
|
return parseIntOrFail(_ldap_timeout);
|
|
} catch (error5) {
|
|
e = error5;
|
|
return console.error("Cannot parse SHARELATEX_LDAP_TIMEOUT");
|
|
} })()
|
|
:
|
|
undefined
|
|
),
|
|
connectTimeout: (
|
|
(_ldap_connect_timeout = process.env["SHARELATEX_LDAP_CONNECT_TIMEOUT"]) ?
|
|
(() => { try {
|
|
return parseIntOrFail(_ldap_connect_timeout);
|
|
} catch (error6) {
|
|
e = error6;
|
|
return console.error("Cannot parse SHARELATEX_LDAP_CONNECT_TIMEOUT");
|
|
} })()
|
|
:
|
|
undefined
|
|
)
|
|
}
|
|
};
|
|
|
|
if (process.env["SHARELATEX_LDAP_TLS_OPTS_CA_PATH"]) {
|
|
let ca, ca_paths;
|
|
try {
|
|
ca = JSON.parse(process.env["SHARELATEX_LDAP_TLS_OPTS_CA_PATH"]);
|
|
} catch (error7) {
|
|
e = error7;
|
|
console.error("could not parse SHARELATEX_LDAP_TLS_OPTS_CA_PATH, invalid JSON");
|
|
}
|
|
|
|
if (typeof(ca) === 'string') {
|
|
ca_paths = [ca];
|
|
} else if ((typeof(ca) === 'object') && ((ca != null ? ca.length : undefined) != null)) {
|
|
ca_paths = ca;
|
|
} else {
|
|
console.error("problem parsing SHARELATEX_LDAP_TLS_OPTS_CA_PATH");
|
|
}
|
|
|
|
settings.ldap.server.tlsOptions = {
|
|
rejectUnauthorized: process.env["SHARELATEX_LDAP_TLS_OPTS_REJECT_UNAUTH"] === "true",
|
|
ca:ca_paths // e.g.'/etc/ldap/ca_certs.pem'
|
|
};
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (process.env["SHARELATEX_SAML_ENTRYPOINT"]) {
|
|
// NOTE: see https://github.com/node-saml/passport-saml/blob/master/README.md for docs of `server` options
|
|
let _saml_additionalAuthorizeParams, _saml_additionalLogoutParams, _saml_additionalParams, _saml_expiration, _saml_skew;
|
|
settings.externalAuth = true;
|
|
settings.saml = {
|
|
updateUserDetailsOnLogin: process.env["SHARELATEX_SAML_UPDATE_USER_DETAILS_ON_LOGIN"] === 'true',
|
|
identityServiceName: process.env["SHARELATEX_SAML_IDENTITY_SERVICE_NAME"],
|
|
emailField: process.env["SHARELATEX_SAML_EMAIL_FIELD"] || process.env["SHARELATEX_SAML_EMAIL_FIELD_NAME"],
|
|
firstNameField: process.env["SHARELATEX_SAML_FIRST_NAME_FIELD"],
|
|
lastNameField: process.env["SHARELATEX_SAML_LAST_NAME_FIELD"],
|
|
server: {
|
|
// strings
|
|
entryPoint: process.env["SHARELATEX_SAML_ENTRYPOINT"],
|
|
callbackUrl: process.env["SHARELATEX_SAML_CALLBACK_URL"],
|
|
issuer: process.env["SHARELATEX_SAML_ISSUER"],
|
|
decryptionPvk: process.env["SHARELATEX_SAML_DECRYPTION_PVK"],
|
|
decryptionCert: process.env["SHARELATEX_SAML_DECRYPTION_CERT"],
|
|
signatureAlgorithm: process.env["SHARELATEX_SAML_SIGNATURE_ALGORITHM"],
|
|
identifierFormat: process.env["SHARELATEX_SAML_IDENTIFIER_FORMAT"],
|
|
attributeConsumingServiceIndex: process.env["SHARELATEX_SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX"],
|
|
authnContext: process.env["SHARELATEX_SAML_AUTHN_CONTEXT"],
|
|
authnRequestBinding: process.env["SHARELATEX_SAML_AUTHN_REQUEST_BINDING"],
|
|
validateInResponseTo: process.env["SHARELATEX_SAML_VALIDATE_IN_RESPONSE_TO"],
|
|
cacheProvider: process.env["SHARELATEX_SAML_CACHE_PROVIDER"],
|
|
logoutUrl: process.env["SHARELATEX_SAML_LOGOUT_URL"],
|
|
logoutCallbackUrl: process.env["SHARELATEX_SAML_LOGOUT_CALLBACK_URL"],
|
|
disableRequestedAuthnContext: process.env["SHARELATEX_SAML_DISABLE_REQUESTED_AUTHN_CONTEXT"] === 'true',
|
|
forceAuthn: process.env["SHARELATEX_SAML_FORCE_AUTHN"] === 'true',
|
|
skipRequestCompression: process.env["SHARELATEX_SAML_SKIP_REQUEST_COMPRESSION"] === 'true',
|
|
acceptedClockSkewMs: (
|
|
(_saml_skew = process.env["SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS"]) ?
|
|
(() => { try {
|
|
return parseIntOrFail(_saml_skew);
|
|
} catch (error8) {
|
|
e = error8;
|
|
return console.error("Cannot parse SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS");
|
|
} })()
|
|
:
|
|
undefined
|
|
),
|
|
requestIdExpirationPeriodMs: (
|
|
(_saml_expiration = process.env["SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS"]) ?
|
|
(() => { try {
|
|
return parseIntOrFail(_saml_expiration);
|
|
} catch (error9) {
|
|
e = error9;
|
|
return console.error("Cannot parse SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS");
|
|
} })()
|
|
:
|
|
undefined
|
|
),
|
|
additionalParams: (
|
|
(_saml_additionalParams = process.env["SHARELATEX_SAML_ADDITIONAL_PARAMS"]) ?
|
|
(() => { try {
|
|
return JSON.parse(_saml_additionalParams);
|
|
} catch (error10) {
|
|
e = error10;
|
|
return console.error("Cannot parse SHARELATEX_SAML_ADDITIONAL_PARAMS");
|
|
} })()
|
|
:
|
|
undefined
|
|
),
|
|
additionalAuthorizeParams: (
|
|
(_saml_additionalAuthorizeParams = process.env["SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS"]) ?
|
|
(() => { try {
|
|
return JSON.parse(_saml_additionalAuthorizeParams );
|
|
} catch (error11) {
|
|
e = error11;
|
|
return console.error("Cannot parse SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS");
|
|
} })()
|
|
:
|
|
undefined
|
|
),
|
|
additionalLogoutParams: (
|
|
(_saml_additionalLogoutParams = process.env["SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS"]) ?
|
|
(() => { try {
|
|
return JSON.parse(_saml_additionalLogoutParams );
|
|
} catch (error12) {
|
|
e = error12;
|
|
return console.error("Cannot parse SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS");
|
|
} })()
|
|
:
|
|
undefined
|
|
)
|
|
}
|
|
};
|
|
|
|
// SHARELATEX_SAML_CERT cannot be empty
|
|
// https://github.com/node-saml/passport-saml/commit/f6b1c885c0717f1083c664345556b535f217c102
|
|
if (process.env["SHARELATEX_SAML_CERT"]) {
|
|
settings.saml.server.cert = process.env["SHARELATEX_SAML_CERT"];
|
|
settings.saml.server.privateCert = process.env["SHARELATEX_SAML_PRIVATE_CERT"];
|
|
}
|
|
}
|
|
|
|
// Compiler
|
|
// --------
|
|
if (process.env["SANDBOXED_COMPILES"] === "true") {
|
|
settings.clsi = {
|
|
dockerRunner: true,
|
|
docker: {
|
|
image: process.env["TEX_LIVE_DOCKER_IMAGE"],
|
|
env: {
|
|
HOME: "/tmp",
|
|
PATH: process.env["COMPILER_PATH"] || "/usr/local/texlive/2015/bin/x86_64-linux:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
},
|
|
user: "www-data"
|
|
}
|
|
};
|
|
|
|
if ((settings.path == null)) {
|
|
settings.path = {};
|
|
}
|
|
settings.path.synctexBaseDir = () => "/compile";
|
|
if (process.env['SANDBOXED_COMPILES_SIBLING_CONTAINERS'] === 'true') {
|
|
console.log("Using sibling containers for sandboxed compiles");
|
|
if (process.env['SANDBOXED_COMPILES_HOST_DIR']) {
|
|
settings.path.sandboxedCompilesHostDir = process.env['SANDBOXED_COMPILES_HOST_DIR'];
|
|
} else {
|
|
console.error('Sibling containers, but SANDBOXED_COMPILES_HOST_DIR not set');
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
// Templates
|
|
// ---------
|
|
if (process.env["SHARELATEX_TEMPLATES_USER_ID"]) {
|
|
settings.templates = {
|
|
mountPointUrl: "/templates",
|
|
user_id: process.env["SHARELATEX_TEMPLATES_USER_ID"]
|
|
};
|
|
|
|
settings.templateLinks = parse(process.env["SHARELATEX_NEW_PROJECT_TEMPLATE_LINKS"]);
|
|
}
|
|
|
|
|
|
// /Learn
|
|
// -------
|
|
if (process.env["SHARELATEX_PROXY_LEARN"] != null) {
|
|
settings.proxyLearn = parse(process.env["SHARELATEX_PROXY_LEARN"]);
|
|
}
|
|
|
|
|
|
// /References
|
|
// -----------
|
|
if (process.env["SHARELATEX_ELASTICSEARCH_URL"] != null) {
|
|
settings.references.elasticsearch =
|
|
{host: process.env["SHARELATEX_ELASTICSEARCH_URL"]};
|
|
}
|
|
|
|
// TeX Live Images
|
|
// -----------
|
|
if (process.env["ALL_TEX_LIVE_DOCKER_IMAGES"] != null) {
|
|
allTexLiveDockerImages = process.env["ALL_TEX_LIVE_DOCKER_IMAGES"].split(',');
|
|
}
|
|
if (process.env["ALL_TEX_LIVE_DOCKER_IMAGE_NAMES"] != null) {
|
|
allTexLiveDockerImageNames = process.env["ALL_TEX_LIVE_DOCKER_IMAGE_NAMES"].split(',');
|
|
}
|
|
if (allTexLiveDockerImages != null) {
|
|
settings.allowedImageNames = [];
|
|
for (let index = 0; index < allTexLiveDockerImages.length; index++) {
|
|
const fullImageName = allTexLiveDockerImages[index];
|
|
const imageName = Path.basename(fullImageName);
|
|
const imageDesc = (allTexLiveDockerImageNames != null) ? allTexLiveDockerImageNames[index] : imageName;
|
|
settings.allowedImageNames.push({ imageName, imageDesc });
|
|
}
|
|
}
|
|
|
|
// With lots of incoming and outgoing HTTP connections to different services,
|
|
// sometimes long running, it is a good idea to increase the default number
|
|
// of sockets that Node will hold open.
|
|
const http = require('http');
|
|
http.globalAgent.maxSockets = 300;
|
|
const https = require('https');
|
|
https.globalAgent.maxSockets = 300;
|
|
|
|
module.exports = settings;
|