From da94ac8d010db97b61d65fab4ea647dd9301b520 Mon Sep 17 00:00:00 2001 From: Jesse Chan Date: Sat, 31 Oct 2020 20:06:18 +0800 Subject: [PATCH] config: discourage the use of static configuration --- README.md | 5 +- config.cli.js | 2 +- config.d.ts | 87 ++++++++++++++++++++++++++-- config.template.js | 107 ----------------------------------- server/util/diskUsageUtil.ts | 16 ++++-- 5 files changed, 96 insertions(+), 121 deletions(-) delete mode 100644 config.template.js diff --git a/README.md b/README.md index a7185aae..1b8e6565 100644 --- a/README.md +++ b/README.md @@ -39,9 +39,7 @@ By default, Flood uses a command line configuration interface. If you installed Run `flood --help`, `npx flood --help` or `npm run start -- --help` to get help about command line arguments. -If you want to know more about configurations, check `config.template.js`. - -If static configuration is preferred, copy `config.template.js` to `config.js` and edit it. +If you want to know more about configurations, check `config.d.ts`. When Flood's builtin user management is enabled (default), you will be prompted to configure the connection to rTorrent when loading the web interface. @@ -103,7 +101,6 @@ Access the UI in your browser. With default settings, go to `http://localhost:30 ### Updating 1. To update, run `git pull` in this repository's directory. -1. Check `config.template.js` for configuration changes. 1. Kill the currently running Flood server. 1. Run `npm install` to update dependencies. 1. Run `npm run build` to transpile and bundle static assets. diff --git a/config.cli.js b/config.cli.js index ed84dea1..5eb07add 100644 --- a/config.cli.js +++ b/config.cli.js @@ -224,7 +224,7 @@ const CONFIG = { ssl: argv.ssl, sslKey: argv.sslkey || path.resolve(path.join(argv.rundir, 'key.pem')), sslCert: argv.sslcert || path.resolve(path.join(argv.rundir, 'fullchain.pem')), - allowedPaths: argv.allowedpath ? [].concat(argv.allowedpath) : null, + allowedPaths: argv.allowedpath ? [].concat(argv.allowedpath) : undefined, }; module.exports = CONFIG; diff --git a/config.d.ts b/config.d.ts index 64a7203d..e5547b65 100644 --- a/config.d.ts +++ b/config.d.ts @@ -1,27 +1,106 @@ +// This is the config schema for Flood, a React-based frontend for various BitTorrent clients. +// This file provides the detailed documentation for config options. +// +// By default, is ~/.local/share/flood. +// +// You may use this schema to create a static configuration. However, it is not recommended. +// Stability of this schema can NOT be guaranteed. The reason is that other files import +// config.js and use its variables directly and it would involve unnecessary and duplicative +// conditionals in EVERY related file in order to retain compatibility for older config files. +// Plus, such duplications and conditionals are error-prone. +// +// Use CLI if you don't want to check and change the config.js whenever Flood is updated. + import type {AuthMethod} from '@shared/schema/Auth'; import type {ClientConnectionSettings} from '@shared/schema/ClientConnectionSettings'; declare const CONFIG: { + // This URI will prefix all of Flood's HTTP requests. + // For example, if you intend to serve from http://example.com/flood, set this to + // '/flood' and configure your web server to pass _all_ requests from `/flood` to + // the `/flood` of Flood's web server. [default: '/'] baseURI: string; + + // Flood uses a local nedb database to keep track of users, torrents, and activity. The + // database is regularly purged to remove outdated data. This value dictates how old data + // is, in milliseconds, before being purged. [default: 1000 * 60 * 60] dbCleanInterval: number; + + // Where to store the local nedb database. [default: '/db'] dbPath: string; + + // Where to store Flood's temporary files [default: '/temp'] tempPath: string; + + // Authentication and user management method: [default: 'default'] + // + // default: + // Flood uses its own authentication and user management system. Users are authenticated + // by password and will be prompted to configure the connection to torrent client in the + // web interface. On successful authentication via /authenticate API endpoint, Flood will + // send a cookie with token to user. Users with admin privileges may create additional + // users with different password and torrent client configurations. + // + // none: + // There is no per-user config and no attempt to authenticate. An auth cookie with token is + // still needed to access API endpoints. This allows us to utilize browser's protections + // against session hijacking. The cookie with token will be sent unconditionally when + // /authenticate or /verify endpoints are accessed. Instead of per-user config, the + // configUser settings will be used. authMethod: AuthMethod; + + // Settings for the no-user configuration. configUser: ClientConnectionSettings; + + // The host that Flood should listen for web connections on. + // To listen on all interfaces, change to `floodServerHost: '0.0.0.0'`. [default: '127.0.0.1'] floodServerHost: string; + + // The port that Flood should listen for web connections on. [default: 3000] floodServerPort: number; + + // Used for development only. Not used in production. + // See the "Local Development" section of README.md for detail. floodServerProxy: string; + + // Flood keeps a history of torrent download and upload speeds. + // This value dictates the number of individual records per period to keep. maxHistoryStates: number; + + // How often (in milliseconds) Flood will request the torrent list. This value affects how + // often values are updated when a user is present. {torrentClientPollIntervalIdle} will be + // used when no user is present. Note that poll intervals only affect activity stream. API + // requests like "GET /api/torrents" always trigger fresh torrent list fetch. [default: 1000 * 2] torrentClientPollInterval: number; + + // How often (in milliseconds) Flood will request the torrent list when no user is present. + // {torrentClientPollInterval} will be used when at least one user is present. This value + // usually affects some automations such as notification of download completion. Automations + // that rely on torrent properties may be delayed within the interval. [default: 1000 * 60 * 15] torrentClientPollIntervalIdle: number; + + // A unique secret for signing messages with JWT (see https://jwt.io). + // Change this to something unique and hard to guess. + // You can use 'uuidgen' or 'cat /proc/sys/kernel/random/uuid' or 'uuidgenerator.net'. + // By default, this is a 72-character string randomly generated at the first launch. + // Generated secret is stored to "/flood.secret" with 0600 permissions. secret: string; + + // Configuration for SSL, if using SSL with the Flood service directly. [default: false] ssl: boolean; + + // Path to the SSL private key. [default: '/key.pem'] sslKey: string; + + // Path to the SSL fullchain certificate. [default: '/fullchain.pem'] sslCert: string; - diskUsageService: { - watchMountPoints: Array; - }; - allowedPaths: Array | null; + + // Assign desired mounts to include. Refer to "Mounted on" column of `df -P` + // "undefined" means all possible mounts. [default: undefined] + watchMountPoints?: Array; + + // Allowed paths for file operations. "undefined" means everything. [default: undefined] + allowedPaths?: Array; }; export = CONFIG; diff --git a/config.template.js b/config.template.js deleted file mode 100644 index f69a2f03..00000000 --- a/config.template.js +++ /dev/null @@ -1,107 +0,0 @@ -// This is the configuration file for Flood, a React-based frontend for the -// rTorrent BitTorrent client. -// Copy this file to ./config.js and make changes below. -// config.js must exist before running `npm run build`. - -const CONFIG = { - // This URI will prefix all of Flood's HTTP requests. You _must_ have a web - // server, like nginx, configured to forward these requests to the Flood - // web server. - // For example, if you intend to serve from http://example.com/flood, set this to - // '/flood' and configure your web server to pass _all_ requests from `/flood` to - // the `/flood` of Flood's web server. - // See https://github.com/Flood-UI/flood/wiki/Using-Flood-behind-a-reverse-proxy - baseURI: '/', - - // Flood uses a local nedb database to keep track of users, torrents, - // and activity. The database is regularly purged to remove outdated data. - // This value dictates how old data is, in milliseconds, before being purged. - dbCleanInterval: 1000 * 60 * 60, - - // Where to store the local nedb database. - dbPath: './run/db/', - - // Where to store Flood's temporary files - tempPath: './run/temp/', - - // - // Authentication and user management method: - // - // default: - // Flood uses its own authentication and user management system. Users are authenticated - // by password and will be prompted to configure the connection to torrent client in the - // web interface. On successful authentication via /authenticate API endpoint, Flood will - // send a cookie with token to user. Users with admin privileges may create additional - // users with different password and torrent client configurations. - // - // none: - // There is no per-user config and no attempt to authenticate. An auth cookie with token is - // still needed to access API endpoints. This allows us to utilize browser's protections - // against session hijacking. The cookie with token will be sent unconditionally when - // /authenticate or /verify endpoints are accessed. Instead of per-user config, the - // configUser settings will be used. - authMethod: 'default', - - // Settings for the no-user configuration. - configUser: { - // {ClientConnectionSettings} - client: 'rTorrent', - type: 'socket', - version: 1, - socket: '/data/rtorrent.sock', - }, - - // The host that Flood should listen for web connections on. - // If you want to connect to Flood from hosts other that the one it is running - // on, you should change this value. - // To listen on all interfaces, change to `floodServerHost: '0.0.0.0'`.. - floodServerHost: '127.0.0.1', - - // The port that Flood should listen for web connections on. - floodServerPort: 3000, - - // Used for development. See the "Local Development" section of README.md - // for detail. - floodServerProxy: 'http://127.0.0.1:3000', - - // Flood keeps a history of torrent download and upload speeds. - // This value dictates the number of individual records per period to keep. - maxHistoryStates: 30, - - // How often (in milliseconds) Flood will request the torrent list. - // This value affects how often values are updated when a user is present. - // {torrentClientPollIntervalIdle} will be used when no user is present. - // Note that poll intervals only affect activity stream. API requests - // like "GET /api/torrents" always trigger fresh torrent list fetch. - torrentClientPollInterval: 1000 * 2, - - // How often (in milliseconds) Flood will request the torrent list when no user is present. - // {torrentClientPollInterval} will be used when at least one user is present. This value - // usually affects some automations such as notification of download completion. Automations - // that rely on torrent properties may be delayed within the interval. - torrentClientPollIntervalIdle: 1000 * 60 * 15, - - // A unique secret for signing messages with JWT (see https://jwt.io). - // Change this to something unique and hard to guess. - // You can use 'uuidgen' or 'cat /proc/sys/kernel/random/uuid' or 'uuidgenerator.net'. - // eslint-disable-next-line no-undef - secret: process.env.FLOOD_SECRET || CHANGE_ME, - - // Configuration for SSL, if using SSL with the Flood service directly. - ssl: false, - sslKey: '/absolute/path/to/key/', - sslCert: '/absolute/path/to/certificate/', - - // disk space service checks disk space of mounted partitions - diskUsageService: { - // assign desired mounts to include. Refer to "Mounted on" column of `df -P` - // watchMountPoints: [ - // "/mnt/disk" - // ] - }, - - // Allowed paths for file operations - // allowedPaths: ['/mnt/download', '/data/download'], -}; -// Do not remove the below line. -module.exports = CONFIG; diff --git a/server/util/diskUsageUtil.ts b/server/util/diskUsageUtil.ts index 9ea1bbb3..73de5c01 100644 --- a/server/util/diskUsageUtil.ts +++ b/server/util/diskUsageUtil.ts @@ -14,11 +14,17 @@ export const isPlatformSupported = (): boolean => { return PLATFORMS_SUPPORTED.includes(process.platform as SupportedPlatform); }; -const filterMountPoint = - config.diskUsageService && config.diskUsageService.watchMountPoints - ? // if user has configured watchMountPoints, filter each line output for given array - (mountpoint: string) => config.diskUsageService.watchMountPoints.includes(mountpoint) - : () => true; // include all mounted file systems by default +const filterMountPoint = (mountpoint: string) => { + const {watchMountPoints} = config; + + if (watchMountPoints != null) { + // if user has configured watchMountPoints, filter each line output for given array + return watchMountPoints.includes(mountpoint); + } + + // include all mounted file systems by default + return true; +}; const MAX_BUFFER_SIZE = 65536; export const diskUsage: Readonly Promise>>> = {