zoriya/flood
1
0
Fork 0
mirror of https://github.com/zoriya/flood.git synced 2026-06-04 11:35:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

server: schema validate configurations

Browse Source 
Unfortunately there are still many people who prefer static config
file. As such, schema validate the configurations to ensure that
the failure happens loud and early when the config.js is broken.

Also enforces that the length of secret must be larger than 30 as
the JWT secret can be brute forced locally without interaction with
the server.

This ensures that we always have proper configurations and avoids
unnecessary and bad defensive programming practices.
This commit is contained in:
Jesse Chan
2020-11-14 15:08:25 +08:00
parent ac11f3190b
commit ed98e210f4
9 changed files with 180 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/models/Users.ts
+4 -4
View File
@@ -5,19 +5,19 @@ import fs from 'fs';
import path from 'path';
import {AccessLevel} from '../../shared/schema/constants/Auth';
import type {Credentials, UserInDatabase} from '../../shared/schema/Auth';
import config from '../../config';
import services from '../services';
import type {ClientConnectionSettings} from '../../shared/schema/ClientConnectionSettings';
import type {Credentials, UserInDatabase} from '../../shared/schema/Auth';
class Users {
db = Users.loadDatabase();
configUser: UserInDatabase = {
_id: '_config',
username: '_config',
password: '',
client: config.configUser,
client: config.configUser as ClientConnectionSettings,
level: AccessLevel.ADMINISTRATOR,
};