You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

367 lines
13 KiB

3 years ago
2 years ago
  1. /*@flow*/
  2. /*
  3. globals module
  4. */
  5. var _domain = 'http://localhost:3000/';
  6. // You can `kill -USR2` the node process and it will write out a heap dump.
  7. // If your system doesn't support dumping, comment this out and install with
  8. // `npm install --production`
  9. // See: https://strongloop.github.io/strongloop.com/strongblog/how-to-heap-snapshots/
  10. // to enable this feature, uncomment the line below:
  11. // require('heapdump');
  12. // we prepend a space because every usage expects it
  13. // requiring admins to preserve it is unnecessarily confusing
  14. var domain = ' ' + _domain;
  15. // Content-Security-Policy
  16. var baseCSP = [
  17. "default-src 'none'",
  18. "style-src 'unsafe-inline' 'self' " + domain,
  19. "font-src 'self' data:" + domain,
  20. /* child-src is used to restrict iframes to a set of allowed domains.
  21. * connect-src is used to restrict what domains can connect to the websocket.
  22. *
  23. * it is recommended that you configure these fields to match the
  24. * domain which will serve your CryptPad instance.
  25. */
  26. "child-src blob: *",
  27. // IE/Edge
  28. "frame-src blob: *",
  29. /* this allows connections over secure or insecure websockets
  30. if you are deploying to production, you'll probably want to remove
  31. the ws://* directive, and change '*' to your domain
  32. */
  33. "connect-src 'self' ws: wss: blob:" + domain,
  34. // data: is used by codemirror
  35. "img-src 'self' data: blob:" + domain,
  36. "media-src * blob:",
  37. // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
  38. "frame-ancestors *",
  39. ""
  40. ];
  41. module.exports = {
  42. /* =====================
  43. * Admin
  44. * ===================== */
  45. /*
  46. * CryptPad now contains an administration panel. Its access is restricted to specific
  47. * users using the following list.
  48. * To give access to the admin panel to a user account, just add their user id,
  49. * which can be found on the settings page for registered users.
  50. * Entries should be strings separated by a comma.
  51. */
  52. adminKeys: [
  53. //"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=",
  54. ],
  55. /* CryptPad's administration panel includes a "support" tab
  56. * wherein administrators with a secret key can view messages
  57. * sent from users via the encrypted forms on the /support/ page
  58. *
  59. * To enable this functionality:
  60. * run `node ./scripts/generate-admin-keys.js`
  61. * save the public key in your config in the value below
  62. * add the private key via the admin panel
  63. * and back it up in a secure manner
  64. *
  65. */
  66. // supportMailboxPublicKey: "",
  67. /* =====================
  68. * Infra setup
  69. * ===================== */
  70. // the address you want to bind to, :: means all ipv4 and ipv6 addresses
  71. // this may not work on all operating systems
  72. httpAddress: '::',
  73. // the port on which your httpd will listen
  74. httpPort: 3000,
  75. // This is for allowing the cross-domain iframe to function when developing
  76. httpSafePort: 3001,
  77. // This is for deployment in production, CryptPad uses a separate origin (domain) to host the
  78. // cross-domain iframe. It can simply host the same content as CryptPad.
  79. // httpSafeOrigin: "https://some-other-domain.xyz",
  80. httpUnsafeOrigin: domain,
  81. /* Your CryptPad server will share this value with clients
  82. * via its /api/config endpoint.
  83. *
  84. * If you want to host your API and asset servers on different hosts
  85. * specify a URL for your API server websocket endpoint, like so:
  86. * wss://api.yourdomain.com/cryptpad_websocket
  87. *
  88. * Otherwise, leave this commented and your clients will use the default
  89. * websocket (wss://yourdomain.com/cryptpad_websocket)
  90. */
  91. //externalWebsocketURL: 'wss://api.yourdomain.com/cryptpad_websocket
  92. /* CryptPad can be configured to send customized HTTP Headers
  93. * These settings may vary widely depending on your needs
  94. * Examples are provided below
  95. */
  96. httpHeaders: {
  97. "X-XSS-Protection": "1; mode=block",
  98. "X-Content-Type-Options": "nosniff",
  99. "Access-Control-Allow-Origin": "*"
  100. },
  101. contentSecurity: baseCSP.join('; ') +
  102. "script-src 'self'" + domain,
  103. // CKEditor and OnlyOffice require significantly more lax content security policy in order to function.
  104. padContentSecurity: baseCSP.join('; ') +
  105. "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain,
  106. /* Main pages
  107. * add exceptions to the router so that we can access /privacy.html
  108. * and other odd pages
  109. */
  110. mainPages: [
  111. 'index',
  112. 'privacy',
  113. 'terms',
  114. 'about',
  115. 'contact',
  116. 'what-is-cryptpad',
  117. 'features',
  118. 'faq',
  119. 'maintenance'
  120. ],
  121. /* =====================
  122. * Subscriptions
  123. * ===================== */
  124. /* Limits, Donations, Subscriptions and Contact
  125. *
  126. * By default, CryptPad limits every registered user to 50MB of storage. It also shows a
  127. * subscribe button which allows them to upgrade to a paid account. We handle payment,
  128. * and keep 50% of the proceeds to fund ongoing development.
  129. *
  130. * You can:
  131. * A: leave things as they are
  132. * B: disable accounts but display a donate button
  133. * C: hide any reference to paid accounts or donation
  134. *
  135. * If you chose A then there's nothing to do.
  136. * If you chose B, set 'allowSubscriptions' to false.
  137. * If you chose C, set 'removeDonateButton' to true
  138. */
  139. allowSubscriptions: true,
  140. removeDonateButton: false,
  141. /*
  142. * By default, CryptPad also contacts our accounts server once a day to check for changes in
  143. * the people who have accounts. This check-in will also send the version of your CryptPad
  144. * instance and your email so we can reach you if we are aware of a serious problem. We will
  145. * never sell it or send you marketing mail. If you want to block this check-in and remain
  146. * completely invisible, set this and allowSubscriptions both to false.
  147. */
  148. adminEmail: 'i.did.not.read.my.config@cryptpad.fr',
  149. /* Sales coming from your server will be identified by your domain
  150. *
  151. * If you are using CryptPad in a business context, please consider taking a support contract
  152. * by contacting sales@cryptpad.fr
  153. */
  154. myDomain: _domain,
  155. /*
  156. * If you are using CryptPad internally and you want to increase the per-user storage limit,
  157. * change the following value.
  158. *
  159. * Please note: This limit is what makes people subscribe and what pays for CryptPad
  160. * development. Running a public instance that provides a "better deal" than cryptpad.fr
  161. * is effectively using the project against itself.
  162. */
  163. defaultStorageLimit: 50 * 1024 * 1024,
  164. /*
  165. * CryptPad allows administrators to give custom limits to their friends.
  166. * add an entry for each friend, identified by their user id,
  167. * which can be found on the settings page. Include a 'limit' (number of bytes),
  168. * a 'plan' (string), and a 'note' (string).
  169. *
  170. * hint: 1GB is 1024 * 1024 * 1024 bytes
  171. */
  172. customLimits: {
  173. /*
  174. "https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=": {
  175. limit: 20 * 1024 * 1024 * 1024,
  176. plan: 'insider',
  177. note: 'storage space donated by my.awesome.website'
  178. },
  179. "https://my.awesome.website/user/#/1/cryptpad-user2/GdflkgdlkjeworijfkldfsdflkjeEAsdlEnkbx1vVOo=": {
  180. limit: 10 * 1024 * 1024 * 1024,
  181. plan: 'insider',
  182. note: 'storage space donated by my.awesome.website'
  183. }
  184. */
  185. },
  186. /* =====================
  187. * STORAGE
  188. * ===================== */
  189. /* By default the CryptPad server will run scheduled tasks every five minutes
  190. * If you want to run scheduled tasks in a separate process (like a crontab)
  191. * you can disable this behaviour by setting the following value to true
  192. */
  193. disableIntegratedTasks: false,
  194. /* Pads that are not 'pinned' by any registered user can be set to expire
  195. * after a configurable number of days of inactivity (default 90 days).
  196. * The value can be changed or set to false to remove expiration.
  197. * Expired pads can then be removed using a cron job calling the
  198. * `delete-inactive.js` script with node
  199. */
  200. inactiveTime: 90, // days
  201. /* CryptPad can be configured to remove inactive data which has not been pinned.
  202. * Deletion of data is always risky and as an operator you have the choice to
  203. * archive data instead of deleting it outright. Set this value to true if
  204. * you want your server to archive files and false if you want to keep using
  205. * the old behaviour of simply removing files.
  206. *
  207. * WARNING: this is not implemented universally, so at the moment this will
  208. * only apply to the removal of 'channels' due to inactivity.
  209. */
  210. retainData: true,
  211. /* As described above, CryptPad offers the ability to archive some data
  212. * instead of deleting it outright. This archived data still takes up space
  213. * and so you'll probably still want to remove these files after a brief period.
  214. * The intent with this feature is to provide a safety net in case of accidental
  215. * deletion. Set this value to the number of days you'd like to retain
  216. * archived data before it's removed permanently.
  217. *
  218. * If 'retainData' is set to false, there will never be any archived data
  219. * to remove.
  220. */
  221. archiveRetentionTime: 15,
  222. /* Max Upload Size (bytes)
  223. * this sets the maximum size of any one file uploaded to the server.
  224. * anything larger than this size will be rejected
  225. */
  226. maxUploadSize: 20 * 1024 * 1024,
  227. /* =====================
  228. * HARDWARE RELATED
  229. * ===================== */
  230. /* CryptPad's file storage adaptor closes unused files after a configurable
  231. * number of milliseconds (default 30000 (30 seconds))
  232. */
  233. channelExpirationMs: 30000,
  234. /* CryptPad's file storage adaptor is limited by the number of open files.
  235. * When the adaptor reaches openFileLimit, it will clean up older files
  236. */
  237. openFileLimit: 2048,
  238. /* =====================
  239. * DATABASE VOLUMES
  240. * ===================== */
  241. /*
  242. * CryptPad stores each document in an individual file on your hard drive.
  243. * Specify a directory where files should be stored.
  244. * It will be created automatically if it does not already exist.
  245. */
  246. filePath: './datastore/',
  247. /* CryptPad offers the ability to archive data for a configurable period
  248. * before deleting it, allowing a means of recovering data in the event
  249. * that it was deleted accidentally.
  250. *
  251. * To set the location of this archive directory to a custom value, change
  252. * the path below:
  253. */
  254. archivePath: './data/archive',
  255. /* CryptPad allows logged in users to request that particular documents be
  256. * stored by the server indefinitely. This is called 'pinning'.
  257. * Pin requests are stored in a pin-store. The location of this store is
  258. * defined here.
  259. */
  260. pinPath: './data/pins',
  261. /* if you would like the list of scheduled tasks to be stored in
  262. a custom location, change the path below:
  263. */
  264. taskPath: './data/tasks',
  265. /* if you would like users' authenticated blocks to be stored in
  266. a custom location, change the path below:
  267. */
  268. blockPath: './block',
  269. /* CryptPad allows logged in users to upload encrypted files. Files/blobs
  270. * are stored in a 'blob-store'. Set its location here.
  271. */
  272. blobPath: './blob',
  273. /* CryptPad stores incomplete blobs in a 'staging' area until they are
  274. * fully uploaded. Set its location here.
  275. */
  276. blobStagingPath: './data/blobstage',
  277. /* CryptPad supports logging events directly to the disk in a 'logs' directory
  278. * Set its location here, or set it to false (or nothing) if you'd rather not log
  279. */
  280. logPath: './data/logs',
  281. /* =====================
  282. * Debugging
  283. * ===================== */
  284. /* CryptPad can log activity to stdout
  285. * This may be useful for debugging
  286. */
  287. logToStdout: false,
  288. /* CryptPad can be configured to log more or less
  289. * the various settings are listed below by order of importance
  290. *
  291. * silly, verbose, debug, feedback, info, warn, error
  292. *
  293. * Choose the least important level of logging you wish to see.
  294. * For example, a 'silly' logLevel will display everything,
  295. * while 'info' will display 'info', 'warn', and 'error' logs
  296. *
  297. * This will affect both logging to the console and the disk.
  298. */
  299. logLevel: 'info',
  300. /* clients can use the /settings/ app to opt out of usage feedback
  301. * which informs the server of things like how much each app is being
  302. * used, and whether certain clientside features are supported by
  303. * the client's browser. The intent is to provide feedback to the admin
  304. * such that the service can be improved. Enable this with `true`
  305. * and ignore feedback with `false` or by commenting the attribute
  306. *
  307. * You will need to set your logLevel to include 'feedback'. Set this
  308. * to false if you'd like to exclude feedback from your logs.
  309. */
  310. logFeedback: false,
  311. /* CryptPad supports verbose logging
  312. * (false by default)
  313. */
  314. verbose: false,
  315. };