-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfig.js
133 lines (112 loc) · 5.22 KB
/
config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
const joi = require('joi');
require('dotenv').config();
// Check for required env variables and their types.
const envVarsSchema = joi
.object({
NODE_ENV: joi
.string()
.valid(['development', 'production', 'test', 'provision'])
.required(),
PORT: joi.number().required(),
LOGGER_LEVEL: joi
.string()
.valid(['error', 'warn', 'info', 'verbose', 'debug', 'silly'])
.default('info'),
LOGGER_ENABLED: joi
.boolean()
.truthy('TRUE')
.truthy('true')
.falsy('FALSE')
.falsy('false')
.default(true),
AZURE_AD_TENANT_GUID: joi.string().guid(),
AZURE_AD_CLIENT_ID: joi.string().guid(),
AZURE_AD_CLIENT_SECRET: joi.string(),
DATABASE_MONGO_URI: joi.string().uri({
scheme: ['mongodb']
})
})
.required();
const { error, value: envVars } = joi.validate(process.env, envVarsSchema, {
abortEarly: false,
convert: true,
allowUnknown: true
});
if (error) {
throw new Error(`Environment variables validation error: ${error.message}`);
}
module.exports = {
creds: {
// Required
// 'https://login.microsoftonline.com/<tenant_name>.onmicrosoft.com/v2.0/.well-known/openid-configuration'
// or equivalently: 'https://login.microsoftonline.com/<tenant_guid>/v2.0/.well-known/openid-configuration'
//
// or you can use the common endpoint
// 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration'
// To use the common endpoint, you have to either turn `validateIssuer` off, or provide the `issuer` value.
identityMetadata: `https://login.microsoftonline.com/${
envVars.AZURE_AD_TENANT_GUID
}/v2.0/.well-known/openid-configuration`,
// Required, the client ID of your app in AAD
clientID: envVars.AZURE_AD_CLIENT_ID,
// Required, must be 'code', 'code id_token', 'id_token code' or 'id_token'
// If you want to get access_token, you must use 'code', 'code id_token' or 'id_token code'
responseType: 'code id_token',
// Required
responseMode: 'form_post',
// Required, the reply URL registered in AAD for your app
redirectUrl: 'http://localhost:3000/auth/openid/return',
// Required if we use http for redirectUrl
allowHttpForRedirectUrl: true,
// Required if `responseType` is 'code', 'id_token code' or 'code id_token'.
// If app key contains '\', replace it with '\\'.
clientSecret: envVars.AZURE_AD_CLIENT_SECRET,
// Required to set to false if you don't want to validate issuer
validateIssuer: false,
// Required if you want to provide the issuer(s) you want to validate instead of using the issuer from metadata
// issuer could be a string or an array of strings of the following form: 'https://sts.windows.net/<tenant_guid>/v2.0'
issuer: null,
// Required to set to true if the `verify` function has 'req' as the first parameter
passReqToCallback: false,
// Recommended to set to true. By default we save state in express session, if this option is set to true, then
// we encrypt state and save it in cookie instead. This option together with { session: false } allows your app
// to be completely express session free.
useCookieInsteadOfSession: true,
// Required if `useCookieInsteadOfSession` is set to true. You can provide multiple set of key/iv pairs for key
// rollover purpose. We always use the first set of key/iv pair to encrypt cookie, but we will try every set of
// key/iv pair to decrypt cookie. Key can be any string of length 32, and iv can be any string of length 12.
cookieEncryptionKeys: [
{ key: '12345678901234567890123456789012', iv: '123456789012' },
{ key: 'abcdefghijklmnopqrstuvwxyzabcdef', iv: 'abcdefghijkl' }
],
// The additional scopes we want besides 'openid'.
// 'profile' scope is required, the rest scopes are optional.
// (1) if you want to receive refresh_token, use 'offline_access' scope
// (2) if you want to get access_token for graph api, use the graph api url like 'https://graph.microsoft.com/mail.read'
scope: [
'profile',
'offline_access',
'email',
'https://graph.microsoft.com/mail.read'
],
// Optional, 'error', 'warn' or 'info'
loggingLevel: 'info',
// Optional. The lifetime of nonce in session or cookie, the default value is 3600 (seconds).
nonceLifetime: null,
// Optional. The max amount of nonce saved in session or cookie, the default value is 10.
nonceMaxAmount: 5,
// Optional. The clock skew allowed in token validation, the default value is 300 seconds.
clockSkew: null
},
// The url you need to go to destroy the session with AAD
destroySessionUrl:
'https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=http://localhost:3000',
// If you want to use the mongoDB session store for session middleware; otherwise we will use the default
// session store provided by express-session.
// Note that the default session store is designed for development purpose only.
useMongoDBSessionStore: false,
// If you want to use mongoDB, provide the uri here for the database.
databaseUri: envVars.DATABASE_MONGO_URI,
// How long you want to keep session in mongoDB.
mongoDBSessionMaxAge: 24 * 60 * 60 // 1 day (unit is second)
};