@nsshunt/stsconfig 1.19.0 → 1.22.0

package/{stsconfig.js → stsconfig.ts}

@@ -1,6 +1,14 @@
-const { accessSync, constants, readFileSync } = require('fs');
-const debug = require('debug')(`proc:${process.pid}`);
-require('colors');
+import { accessSync, constants, readFileSync } from 'fs'
+
+import Debug from "debug";
+const debug = Debug(`proc:${process.pid}`);
+
+import dotenv from 'dotenv'
+import 'colors'
+
+import { STSOptions } from './index'
+
+let envOptions = null;
 
 // Order for config settings
 // -------------------------
@@ -8,12 +16,16 @@ require('colors');
 //   Use password specified within a database password file (if present)
 //   Fall back to use a password from an environment variable
 
-// Add tthe STSENVFILE to script run commands in order to use the require .env file for configuration
-let envfile = (process.env.STSENVFILE === undefined ? '/.env' : process.env.STSENVFILE);
+function SetupConfig(): STSOptions {
 
-require('dotenv').config({ path: envfile });
+	// Add tthe STSENVFILE to script run commands in order to use the require .env file for configuration
+	const envfile = (process.env.STSENVFILE === undefined ? '/.env' : process.env.STSENVFILE);
 
-const defconfig = 
+	//require('dotenv').config({ path: envfile });
+
+	dotenv.config({ path: envfile })
+
+	const defconfig: STSOptions = 
 {
 	// Node runtime environment
 	isProduction: (process.env.NODE_ENV === undefined ? false : (process.env.NODE_ENV === 'production' ? true : false))
@@ -24,7 +36,7 @@ const defconfig =
 	// Database username.
 	,dbuser: (process.env.DB_USER === undefined ? 'postgres' : process.env.DB_USER)
 	// Database password.
-	,dbpassword: (process.env.DB_PASSWORD === undefined ? 'password' : process.env.DB_PASSWORD)
+	,dbpassword: (process.env.DB_PASSWORD === undefined ? 'postgres' : process.env.DB_PASSWORD)
 	// Database password file
 	,dbpasswordfile: process.env.DB_PASSWORD_FILE
 	// Database host
@@ -210,11 +222,41 @@ const defconfig =
 	,asjwkskeycount: (process.env.AS_JWKS_KEY_COUNT === undefined ? 4 : parseInt(process.env.AS_JWKS_KEY_COUNT))
 	// Auth Server - JWKS Access token timeout.
 	,asaccesstokenexpire: (process.env.AS_ACCESS_TOKEN_EXPIRE === undefined ? 43200 : parseInt(process.env.AS_ACCESS_TOKEN_EXPIRE)) // 12 Hour default
-	// Auth Server - [DEPRECATED] Private Key (when using JWT)
-	,asprivatekeypath: (process.env.AS_PRIVATE_KEY_PATH === undefined ? "/var/lib/sts/stsglobalresources/keys/private.key" : process.env.AS_PRIVATE_KEY_PATH)
-	// Auth Server - [DEPRECATED] Public Key (when using JWT)
-	,aspublickeypath: (process.env.AS_PUBLIC_KEY_PATH === undefined ? "/var/lib/sts/stsglobalresources/keys/public.key" : process.env.AS_PUBLIC_KEY_PATH)
-	
+
+	// STS Broker Server
+	// ---------------
+	// The STS broker server is a BFF service used for STS SPAs. The service will use 1st party secured cookies for session management.
+	// The service also provides proxy API access to other STS and/or external services.
+	//
+	// STSBroker Server endpoint
+	,brokerendpoint: (process.env.BROKER_ENDPOINT === undefined ? "http://localhost" : process.env.BROKER_ENDPOINT)
+	// STSBroker Server port (listen port for the service)
+	,brokerhostport: (process.env.BROKER_HOST_PORT === undefined ? "3006" : process.env.BROKER_HOST_PORT)
+	// STSBroker Server port (client port to access the service)
+	,brokerport: (process.env.BROKER_PORT === undefined ? "3006" : process.env.BROKER_PORT)
+	// STSBroker Server endpoint
+	,brokerapiroot: (process.env.BROKER_APIROOT === undefined ? "/stsbroker/v1.0" : process.env.BROKER_APIROOT)
+	// STSBroker API Identifier. This value will be used as the audience parameter on authorization calls (OAuth2 client credentials flow).
+	,brokerapiidentifier: process.env.BROKER_API_IDENTIFIER
+	// STSBroker API Identifier file. This value will be used as the audience parameter on authorization calls (OAuth2 client credentials flow).
+	,brokerapiidentifierfile: process.env.BROKER_API_IDENTIFIER_FILE
+	// STSBroker Prometheus metric support
+	,brokerprometheussupport: (process.env.BROKER_PROM_SUPPORT === undefined ? true : (process.env.BROKER_PROM_SUPPORT === "true" ? true : false))
+	// STSBroker Cluster Server port (port used for cluster prometheus scrapes). Service will listen on this port at mount point /metrics
+	,brokerprometheusclusterport: (process.env.BROKER_PROM_CLUSTER_PORT === undefined ? "3016" : process.env.BROKER_PROM_CLUSTER_PORT)
+	// STSBroker Service Name
+	,brokerservicename: (process.env.BROKER_SERVICE_NAME === undefined ? "STSBroker" : process.env.BROKER_SERVICE_NAME)
+	// STSBroker Service Version
+	,brokerserviceversion: (process.env.BROKER_SERVICE_VERSION === undefined ? "1.0.0" : process.env.BROKER_SERVICE_VERSION)
+	// STSBroker Server client ID. Used for oauth2 client credentials flow.
+	,brokerclientid: process.env.BROKER_CLIENT_ID
+	// STSBroker Server client ID file. Used for oauth2 client credentials flow.
+	,brokerclientidfile: process.env.BROKER_CLIENT_ID_FILE
+	// STSBroker Server client secret. Used for oauth2 client credentials flow.
+	,brokerclientsecret: process.env.BROKER_CLIENT_SECRET
+	// STSBroker Server client secret file. Used for oauth2 client credentials flow.
+	,brokerclientsecretfile: process.env.BROKER_CLIENT_SECRET_FILE
+
 	// STS Test Runner Prometheus metric support
 	,trprometheussupport: (process.env.TR_PROM_SUPPORT === undefined ? true : (process.env.TR_PROM_SUPPORT === "true" ? true : false ))
 	// STS Test Runner Cluster Server port (port used for cluster prometheus scrapes)
@@ -377,57 +419,77 @@ const defconfig =
 	,jwksAuthConfigTimeout: (process.env.JWKS_AUTH_CONFIG_TIMEOUT === undefined ? 30000 : parseInt(process.env.JWKS_AUTH_CONFIG_TIMEOUT))
 }
 
-const ReadFile = (passwordFile) => {
-	try {
-		accessSync(passwordFile, constants.R_OK);
-		const data = readFileSync(passwordFile, 'utf8');
-		debug(`Successfully loaded password file: [${passwordFile}]`.green);
-		return data;
-	} catch (err) {
-		debug(`Problem loading password file: [${passwordFile}], Error: [${err}]`.red);
-		return "";
+	const ReadFile = (passwordFile) => {
+		try {
+			accessSync(passwordFile, constants.R_OK);
+			const data = readFileSync(passwordFile, 'utf8');
+			debug(`Successfully loaded password file: [${passwordFile}]`.green);
+			return data;
+		} catch (err) {
+			debug(`Problem loading password file: [${passwordFile}], Error: [${err}]`.red);
+			return "";
+		}
 	}
+
+	// File based configuration settings. If a file is specified for a setting, this will be used. The non file version (if specified) will be ignored.
+	const fileconfig = [
+		{ fileprop: 'dbpasswordfile', prop: 'dbpassword' },
+		// API identifier file processing
+		{ fileprop: 'asapiidentifierfile', prop: 'asapiidentifier' },
+		{ fileprop: 'asoauthapiidentifierfile', prop: 'asoauthapiidentifier' },
+		{ fileprop: 'asadminapiidentifierfile', prop: 'asadminapiidentifier' },
+		{ fileprop: 'rest01apiidentifierfile', prop: 'rest01apiidentifier' },
+		{ fileprop: 'brokerapiidentifierfile', prop: 'brokerapiidentifier' },
+		{ fileprop: 'toapiidentifierfile', prop: 'toapiidentifier' },
+		{ fileprop: 'imapiidentifierfile', prop: 'imapiidentifier' },
+		// Client ID file processing
+		{ fileprop: 'asclientidfile', prop: 'asclientid' },
+		{ fileprop: 'rest01clientidfile', prop: 'rest01clientid' },
+		{ fileprop: 'brokerclientidfile', prop: 'brokerclientid' },
+		{ fileprop: 'toclientidfile', prop: 'toclientid' },
+		{ fileprop: 'imclientidfile', prop: 'imclientid' },
+		{ fileprop: 'trclientidfile', prop: 'trclientid' },
+		// Client secret file processing
+		{ fileprop: 'asclientsecretfile', prop: 'asclientsecret' },
+		{ fileprop: 'rest01clientsecretfile', prop: 'rest01clientsecret' },
+		{ fileprop: 'brokerclientsecretfile', prop: 'brokerclientsecret' },
+		{ fileprop: 'toclientsecretfile', prop: 'toclientsecret' },
+		{ fileprop: 'imclientsecretfile', prop: 'imclientsecret' },
+		{ fileprop: 'trclientsecretfile', prop: 'trclientsecret' },
+		// JWKS secret file processing
+		{ fileprop: 'tsjwksstorepathfile', prop: 'tsjwksstorepath' },
+	]
+
+	fileconfig.forEach((v) => {
+		if (defconfig[v.fileprop] !== undefined) {
+			defconfig[v.prop] = ReadFile(defconfig[v.fileprop]);
+		}
+	});
+
+	return defconfig;
+
 }
 
-// File based configuration settings. If a file is specified for a setting, this will be used. The non file version (if specified) will be ignored.
-const fileconfig = [
-	{ fileprop: 'dbpasswordfile', prop: 'dbpassword' },
-	// API identifier file processing
-	{ fileprop: 'asapiidentifierfile', prop: 'asapiidentifier' },
-	{ fileprop: 'asoauthapiidentifierfile', prop: 'asoauthapiidentifier' },
-	{ fileprop: 'asadminapiidentifierfile', prop: 'asadminapiidentifier' },
-	{ fileprop: 'rest01apiidentifierfile', prop: 'rest01apiidentifier' },
-	{ fileprop: 'toapiidentifierfile', prop: 'toapiidentifier' },
-	{ fileprop: 'imapiidentifierfile', prop: 'imapiidentifier' },
-	// Client ID file processing
-	{ fileprop: 'asclientidfile', prop: 'asclientid' },
-	{ fileprop: 'rest01clientidfile', prop: 'rest01clientid' },
-	{ fileprop: 'toclientidfile', prop: 'toclientid' },
-	{ fileprop: 'imclientidfile', prop: 'imclientid' },
-	{ fileprop: 'trclientidfile', prop: 'trclientid' },
-	// Client secret file processing
-	{ fileprop: 'asclientsecretfile', prop: 'asclientsecret' },
-	{ fileprop: 'rest01clientsecretfile', prop: 'rest01clientsecret' },
-	{ fileprop: 'toclientsecretfile', prop: 'toclientsecret' },
-	{ fileprop: 'imclientsecretfile', prop: 'imclientsecret' },
-	{ fileprop: 'trclientsecretfile', prop: 'trclientsecret' },
-	// JWKS secret file processing
-	{ fileprop: 'tsjwksstorepathfile', prop: 'tsjwksstorepath' },
-]
-
-fileconfig.forEach((v) => {
-	if (defconfig[v.fileprop] !== undefined) {
-		defconfig[v.prop] = ReadFile(defconfig[v.fileprop]);
+export function $Options(): STSOptions {
+	if (envOptions === null) {
+		const defconfig = SetupConfig();
+		envOptions = {
+			...defconfig
+			// Computed connection string to be used in development mode.
+			,connectionString: `postgresql://${defconfig.dbuser}:${defconfig.dbpassword}@${defconfig.dbhost}:${defconfig.dbport}/${defconfig.database}`
+			// Default computed connection string for postgres. Database name = postgres. Used by utilites that create and/or update the STS database(s).
+			,defaultDatabaseConnectionString: `postgresql://${defconfig.dbuser}:${defconfig.dbpassword}@${defconfig.dbhost}:${defconfig.dbport}/postgres`
+		}
 	}
-});
-
+	return envOptions;
+}
+/*
 // Preference order is YAML file then .env file
-const $options = {
+export const $options = {
 	...defconfig
 	// Computed connection string to be used in development mode.
 	,connectionString: `postgresql://${defconfig.dbuser}:${defconfig.dbpassword}@${defconfig.dbhost}:${defconfig.dbport}/${defconfig.database}`
 	// Default computed connection string for postgres. Database name = postgres. Used by utilites that create and/or update the STS database(s).
 	,defaultDatabaseConnectionString: `postgresql://${defconfig.dbuser}:${defconfig.dbpassword}@${defconfig.dbhost}:${defconfig.dbport}/postgres`
 }
-
-module.exports = { $options }
+*/

package/tsconfig.json

@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "esModuleInterop": true,
+    "target": "es6",
+    "moduleResolution": "node",
+    "sourceMap": true,
+    "outDir": "dist",
+    "allowJs": true,
+    "declaration": true,
+    "declarationDir": "./types",
+    "declarationMap": true
+  },
+  "lib": ["es2015"]
+}
+