-
Notifications
You must be signed in to change notification settings - Fork 73.1k
Expand file tree
/
Copy pathenv.js
More file actions
233 lines (192 loc) · 7.9 KB
/
env.js
File metadata and controls
233 lines (192 loc) · 7.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
'use strict';
const _each = require('lodash/each');
const _trim = require('lodash/trim');
const _forIn = require('lodash/forIn');
const _startsWith = require('lodash/startsWith');
const _camelCase = require('lodash/camelCase');
const enclave = require('./enclave');
const mongoParser = require('mongo-url-parser');
const stringEntropy = require('fast-password-entropy')
const fs = require('fs');
const crypto = require('crypto');
const consts = require('../constants');
const env = {
settings: require('../settings')()
};
var shadowEnv;
// Module to constrain all config and environment parsing to one spot.
// See README.md for info about all the supported ENV VARs
function config () {
// Assume users will typo whitespaces into keys and values
shadowEnv = {};
Object.keys(process.env).forEach((key, index) => {
shadowEnv[_trim(key)] = _trim(process.env[key]);
});
env.PORT = readENV('PORT', 1337);
env.HOSTNAME = readENV('HOSTNAME', null);
env.IMPORT_CONFIG = readENV('IMPORT_CONFIG', null);
env.static_files = readENV('NIGHTSCOUT_STATIC_FILES', '/static');
env.debug = {
minify: readENVTruthy('DEBUG_MINIFY', true)
};
env.err = [];
env.notifies = [];
env.enclave = enclave();
setSSL();
setStorage();
setAPISecret();
setVersion();
updateSettings();
return env;
}
function setSSL () {
env.SSL_KEY = readENV('SSL_KEY');
env.SSL_CERT = readENV('SSL_CERT');
env.SSL_CA = readENV('SSL_CA');
env.ssl = false;
if (env.SSL_KEY && env.SSL_CERT) {
env.ssl = {
key: fs.readFileSync(env.SSL_KEY)
, cert: fs.readFileSync(env.SSL_CERT)
};
if (env.SSL_CA) {
env.ca = fs.readFileSync(env.SSL_CA);
}
}
env.insecureUseHttp = readENVTruthy("INSECURE_USE_HTTP", false);
env.secureHstsHeader = readENVTruthy("SECURE_HSTS_HEADER", true);
env.secureHstsHeaderIncludeSubdomains = readENVTruthy("SECURE_HSTS_HEADER_INCLUDESUBDOMAINS", false);
env.secureHstsHeaderPreload = readENVTruthy("SECURE_HSTS_HEADER_PRELOAD", false);
env.secureCsp = readENVTruthy("SECURE_CSP", false);
env.secureCspReportOnly = readENVTruthy("SECURE_CSP_REPORT_ONLY", false);
}
function setAPISecret () {
// if no value is provided as an environment variable, try to read it from a file
const apiSecret = readENV('API_SECRET') || readEnvFile('API_SECRET_FILE');
//TODO: should we clear API_SECRET from process env?
env.api_secret = null;
// if a passphrase was provided, get the hex digest to mint a single token
if (apiSecret && apiSecret.length > 0) {
if (apiSecret.length < consts.MIN_PASSPHRASE_LENGTH) {
var msg = ['API_SECRET should be at least', consts.MIN_PASSPHRASE_LENGTH, 'characters'].join(' ');
console.error(msg);
env.err.push({ desc: msg });
} else {
delete process.env.API_SECRET;
env.enclave.setApiKey(apiSecret);
var testresult = stringEntropy(apiSecret);
console.log('API_SECRET has', testresult, 'bits of entropy');
if (testresult < 60) {
env.notifies.push({ persistent: true, title: 'Security issue', message: 'Weak API_SECRET detected. Please use a mix of small and CAPITAL letters, numbers and non-alphanumeric characters such as !#%&/ to reduce the risk of unauthorized access. The minimum length of the API_SECRET is 12 characters.' });
}
if (env.storageURI) {
const parsedURL = mongoParser(env.storageURI);
if (parsedURL.auth && parsedURL.auth.password == apiSecret) {
env.notifies.push({ persistent: true, title: 'Security issue', message: 'MongoDB password and API_SECRET match. This is a really bad idea. Please change both and do not reuse passwords across the system.' });
}
}
}
}
}
function setVersion () {
var software = require('../../package.json');
env.version = software.version;
env.name = software.name;
}
function setStorage () {
env.storageURI = readENV('STORAGE_URI') || readENV('MONGO_CONNECTION') || readENV('MONGO') || readENV('MONGOLAB_URI') || readENV('MONGODB_URI');
env.entries_collection = readENV('ENTRIES_COLLECTION') || readENV('MONGO_COLLECTION', 'entries');
env.authentication_collections_prefix = readENV('MONGO_AUTHENTICATION_COLLECTIONS_PREFIX', 'auth_');
env.treatments_collection = readENV('MONGO_TREATMENTS_COLLECTION', 'treatments');
env.profile_collection = readENV('MONGO_PROFILE_COLLECTION', 'profile');
env.settings_collection = readENV('MONGO_SETTINGS_COLLECTION', 'settings');
env.devicestatus_collection = readENV('MONGO_DEVICESTATUS_COLLECTION', 'devicestatus');
env.food_collection = readENV('MONGO_FOOD_COLLECTION', 'food');
env.activity_collection = readENV('MONGO_ACTIVITY_COLLECTION', 'activity');
var DB = { url: null, collection: null }
, DB_URL = DB.url ? DB.url : env.storageURI
, DB_COLLECTION = DB.collection ? DB.collection : env.entries_collection;
env.storageURI = DB_URL;
env.entries_collection = DB_COLLECTION;
}
function updateSettings () {
var envNameOverrides = {
UNITS: 'DISPLAY_UNITS'
};
var envDefaultOverrides = {
DISPLAY_UNITS: 'mg/dl'
};
env.settings.eachSettingAsEnv(function settingFromEnv (name) {
var envName = envNameOverrides[name] || name;
return readENV(envName, envDefaultOverrides[envName]);
});
//should always find extended settings last
env.extendedSettings = findExtendedSettings(shadowEnv);
if (!readENVTruthy('TREATMENTS_AUTH', true)) {
env.settings.authDefaultRoles = env.settings.authDefaultRoles || "";
env.settings.authDefaultRoles += ' careportal';
}
}
function readENV (varName, defaultValue) {
//for some reason Azure uses this prefix, maybe there is a good reason
var value = shadowEnv['CUSTOMCONNSTR_' + varName] ||
shadowEnv['CUSTOMCONNSTR_' + varName.toLowerCase()] ||
shadowEnv[varName] ||
shadowEnv[varName.toLowerCase()];
if (varName == 'DISPLAY_UNITS') {
if (value && value.toLowerCase().includes('mmol')) {
value = 'mmol';
} else {
value = defaultValue;
}
}
return value != null ? value : defaultValue;
}
function readENVTruthy (varName, defaultValue) {
var value = readENV(varName, defaultValue);
if (typeof value === 'string' && (value.toLowerCase() === 'on' || value.toLowerCase() === 'true')) { value = true; } else if (typeof value === 'string' && (value.toLowerCase() === 'off' || value.toLowerCase() === 'false')) { value = false; } else { value = defaultValue }
return value;
}
function readEnvFile(varName) {
let value = null;
const fileName = readENV(varName);
if (fileName && fileName.length > 0) {
try {
value = fs.readFileSync(fileName);
} catch (error) {
env.err.push({ desc: `Unable to read ${varName}: ${error.message}` });
}
}
return value;
}
function findExtendedSettings (envs) {
var extended = {};
extended.devicestatus = {};
extended.devicestatus.advanced = true;
extended.devicestatus.days = 1;
if (shadowEnv['DEVICESTATUS_DAYS'] && shadowEnv['DEVICESTATUS_DAYS'] == '2') extended.devicestatus.days = 1;
function normalizeEnv (key) {
return key.toUpperCase().replace('CUSTOMCONNSTR_', '');
}
_each(env.settings.enable, function eachEnable (enable) {
if (_trim(enable)) {
_forIn(envs, function eachEnvPair (value, key) {
var env = normalizeEnv(key);
if (_startsWith(env, enable.toUpperCase() + '_')) {
var split = env.indexOf('_');
if (split > -1 && split <= env.length) {
var exts = extended[enable] || {};
extended[enable] = exts;
var ext = _camelCase(env.substring(split + 1).toLowerCase());
if (!isNaN(value)) { value = Number(value); }
if (typeof value === 'string' && (value.toLowerCase() === 'on' || value.toLowerCase() === 'true')) { value = true; }
if (typeof value === 'string' && (value.toLowerCase() === 'off' || value.toLowerCase() === 'false')) { value = false; }
exts[ext] = value;
}
}
});
}
});
return extended;
}
module.exports = config;