aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/app.js242
-rw-r--r--config/app.ts244
-rw-r--r--config/auth.js93
-rw-r--r--config/auth.ts263
-rw-r--r--config/bodyParser.js156
-rw-r--r--config/bodyparser.ts205
-rw-r--r--config/cors.js86
-rw-r--r--config/cors.ts134
-rw-r--r--config/dashboard.ts5
-rw-r--r--config/database.js88
-rw-r--r--config/database.ts121
-rw-r--r--config/drive.js45
-rw-r--r--config/drive.ts149
-rw-r--r--config/hash.js48
-rw-r--r--config/hash.ts88
-rw-r--r--config/mail.js104
-rw-r--r--config/mail.ts118
-rw-r--r--config/persona.js94
-rw-r--r--config/session.js98
-rw-r--r--config/session.ts116
-rw-r--r--config/shield.js144
-rw-r--r--config/shield.ts243
-rw-r--r--config/static.ts10
23 files changed, 1696 insertions, 1198 deletions
diff --git a/config/app.js b/config/app.js
deleted file mode 100644
index 1951e68..0000000
--- a/config/app.js
+++ /dev/null
@@ -1,242 +0,0 @@
1
2/** @type {import('@adonisjs/framework/src/Env')} */
3const Env = use('Env');
4
5module.exports = {
6
7 /*
8 |--------------------------------------------------------------------------
9 | Application Name
10 |--------------------------------------------------------------------------
11 |
12 | This value is the name of your application and can used when you
13 | need to place the application's name in a email, view or
14 | other location.
15 |
16 */
17
18 name: Env.get('APP_NAME', 'Ferdium-server'),
19
20 /*
21 |--------------------------------------------------------------------------
22 | App Key
23 |--------------------------------------------------------------------------
24 |
25 | App key is a randomly generated 16 or 32 characters long string required
26 | to encrypt cookies, sessions and other sensitive data.
27 |
28 */
29 appKey: Env.getOrFail('APP_KEY'),
30
31 http: {
32 /*
33 |--------------------------------------------------------------------------
34 | Allow Method Spoofing
35 |--------------------------------------------------------------------------
36 |
37 | Method spoofing allows to make requests by spoofing the http verb.
38 | Which means you can make a GET request but instruct the server to
39 | treat as a POST or PUT request. If you want this feature, set the
40 | below value to true.
41 |
42 */
43 allowMethodSpoofing: true,
44
45 /*
46 |--------------------------------------------------------------------------
47 | Trust Proxy
48 |--------------------------------------------------------------------------
49 |
50 | Trust proxy defines whether X-Forwarded-* headers should be trusted or not.
51 | When your application is behind a proxy server like nginx, these values
52 | are set automatically and should be trusted. Apart from setting it
53 | to true or false Adonis supports handful or ways to allow proxy
54 | values. Read documentation for that.
55 |
56 */
57 trustProxy: false,
58
59 /*
60 |--------------------------------------------------------------------------
61 | Subdomains
62 |--------------------------------------------------------------------------
63 |
64 | Offset to be used for returning subdomains for a given request.For
65 | majority of applications it will be 2, until you have nested
66 | sudomains.
67 | cheatsheet.adonisjs.com - offset - 2
68 | virk.cheatsheet.adonisjs.com - offset - 3
69 |
70 */
71 subdomainOffset: 2,
72
73 /*
74 |--------------------------------------------------------------------------
75 | JSONP Callback
76 |--------------------------------------------------------------------------
77 |
78 | Default jsonp callback to be used when callback query string is missing
79 | in request url.
80 |
81 */
82 jsonpCallback: 'callback',
83
84
85 /*
86 |--------------------------------------------------------------------------
87 | Etag
88 |--------------------------------------------------------------------------
89 |
90 | Set etag on all HTTP response. In order to disable for selected routes,
91 | you can call the `response.send` with an options object as follows.
92 |
93 | response.send('Hello', { ignoreEtag: true })
94 |
95 */
96 etag: false,
97 },
98
99 views: {
100 /*
101 |--------------------------------------------------------------------------
102 | Cache Views
103 |--------------------------------------------------------------------------
104 |
105 | Define whether or not to cache the compiled view. Set it to true in
106 | production to optimize view loading time.
107 |
108 */
109 cache: Env.get('CACHE_VIEWS', true),
110 },
111
112 static: {
113 /*
114 |--------------------------------------------------------------------------
115 | Dot Files
116 |--------------------------------------------------------------------------
117 |
118 | Define how to treat dot files when trying to server static resources.
119 | By default it is set to ignore, which will pretend that dotfiles
120 | does not exists.
121 |
122 | Can be one of the following
123 | ignore, deny, allow
124 |
125 */
126 dotfiles: 'ignore',
127
128 /*
129 |--------------------------------------------------------------------------
130 | ETag
131 |--------------------------------------------------------------------------
132 |
133 | Enable or disable etag generation
134 |
135 */
136 etag: true,
137
138 /*
139 |--------------------------------------------------------------------------
140 | Extensions
141 |--------------------------------------------------------------------------
142 |
143 | Set file extension fallbacks. When set, if a file is not found, the given
144 | extensions will be added to the file name and search for. The first
145 | that exists will be served. Example: ['html', 'htm'].
146 |
147 */
148 extensions: false,
149 },
150
151 locales: {
152 /*
153 |--------------------------------------------------------------------------
154 | Loader
155 |--------------------------------------------------------------------------
156 |
157 | The loader to be used for fetching and updating locales. Below is the
158 | list of available options.
159 |
160 | file, database
161 |
162 */
163 loader: 'file',
164
165 /*
166 |--------------------------------------------------------------------------
167 | Default Locale
168 |--------------------------------------------------------------------------
169 |
170 | Default locale to be used by Antl provider. You can always switch drivers
171 | in runtime or use the official Antl middleware to detect the driver
172 | based on HTTP headers/query string.
173 |
174 */
175 locale: 'en',
176 },
177
178 logger: {
179 /*
180 |--------------------------------------------------------------------------
181 | Transport
182 |--------------------------------------------------------------------------
183 |
184 | Transport to be used for logging messages. You can have multiple
185 | transports using same driver.
186 |
187 | Available drivers are: `file` and `console`.
188 |
189 */
190 transport: 'console',
191
192 /*
193 |--------------------------------------------------------------------------
194 | Console Transport
195 |--------------------------------------------------------------------------
196 |
197 | Using `console` driver for logging. This driver writes to `stdout`
198 | and `stderr`
199 |
200 */
201 console: {
202 driver: 'console',
203 name: 'adonis-app',
204 level: 'info',
205 },
206
207 /*
208 |--------------------------------------------------------------------------
209 | File Transport
210 |--------------------------------------------------------------------------
211 |
212 | File transport uses file driver and writes log messages for a given
213 | file inside `tmp` directory for your app.
214 |
215 | For a different directory, set an absolute path for the filename.
216 |
217 */
218 file: {
219 driver: 'file',
220 name: 'adonis-app',
221 filename: 'adonis.log',
222 level: 'info',
223 },
224 },
225
226 /*
227 |--------------------------------------------------------------------------
228 | Generic Cookie Options
229 |--------------------------------------------------------------------------
230 |
231 | The following cookie options are generic settings used by AdonisJs to create
232 | cookies. However, some parts of the application like `sessions` can have
233 | separate settings for cookies inside `config/session.js`.
234 |
235 */
236 cookie: {
237 httpOnly: true,
238 sameSite: true,
239 path: '/',
240 maxAge: 7200,
241 },
242};
diff --git a/config/app.ts b/config/app.ts
new file mode 100644
index 0000000..fb3c0be
--- /dev/null
+++ b/config/app.ts
@@ -0,0 +1,244 @@
1/**
2 * Config source: https://git.io/JfefZ
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import proxyAddr from 'proxy-addr';
9import Env from '@ioc:Adonis/Core/Env';
10import { ServerConfig } from '@ioc:Adonis/Core/Server';
11import { LoggerConfig } from '@ioc:Adonis/Core/Logger';
12import { ProfilerConfig } from '@ioc:Adonis/Core/Profiler';
13import { ValidatorConfig } from '@ioc:Adonis/Core/Validator';
14
15/*
16|--------------------------------------------------------------------------
17| Application secret key
18|--------------------------------------------------------------------------
19|
20| The secret to encrypt and sign different values in your application.
21| Make sure to keep the `APP_KEY` as an environment variable and secure.
22|
23| Note: Changing the application key for an existing app will make all
24| the cookies invalid and also the existing encrypted data will not
25| be decrypted.
26|
27*/
28export const appKey: string = Env.get('APP_KEY');
29
30export const url: string = Env.get('APP_URL');
31
32// TODO: this is parsed as string to be coherent with the previous version of the code we add (before migrating to AdonisJS 5)
33export const isRegistrationEnabled: string = Env.get('IS_REGISTRATION_ENABLED');
34export const connectWithFranz: string = Env.get('CONNECT_WITH_FRANZ');
35export const isCreationEnabled: string = Env.get('IS_CREATION_ENABLED');
36export const jwtUsePEM: boolean =
37 Env.get('JWT_USE_PEM', false) ||
38 (Env.get('JWT_PUBLIC_KEY', '') !== '' &&
39 Env.get('JWT_PRIVATE_KEY', '') !== '');
40/*
41|--------------------------------------------------------------------------
42| Http server configuration
43|--------------------------------------------------------------------------
44|
45| The configuration for the HTTP(s) server. Make sure to go through all
46| the config properties to make keep server secure.
47|
48*/
49export const http: ServerConfig = {
50 /*
51 |--------------------------------------------------------------------------
52 | Allow method spoofing
53 |--------------------------------------------------------------------------
54 |
55 | Method spoofing enables defining custom HTTP methods using a query string
56 | `_method`. This is usually required when you are making traditional
57 | form requests and wants to use HTTP verbs like `PUT`, `DELETE` and
58 | so on.
59 |
60 */
61 allowMethodSpoofing: false,
62
63 /*
64 |--------------------------------------------------------------------------
65 | Subdomain offset
66 |--------------------------------------------------------------------------
67 */
68 subdomainOffset: 2,
69
70 /*
71 |--------------------------------------------------------------------------
72 | Request Ids
73 |--------------------------------------------------------------------------
74 |
75 | Setting this value to `true` will generate a unique request id for each
76 | HTTP request and set it as `x-request-id` header.
77 |
78 */
79 generateRequestId: false,
80
81 /*
82 |--------------------------------------------------------------------------
83 | Trusting proxy servers
84 |--------------------------------------------------------------------------
85 |
86 | Define the proxy servers that AdonisJs must trust for reading `X-Forwarded`
87 | headers.
88 |
89 */
90 trustProxy: proxyAddr.compile('loopback'),
91
92 /*
93 |--------------------------------------------------------------------------
94 | Generating Etag
95 |--------------------------------------------------------------------------
96 |
97 | Whether or not to generate an etag for every response.
98 |
99 */
100 etag: false,
101
102 /*
103 |--------------------------------------------------------------------------
104 | JSONP Callback
105 |--------------------------------------------------------------------------
106 */
107 jsonpCallbackName: 'callback',
108
109 /*
110 |--------------------------------------------------------------------------
111 | Cookie settings
112 |--------------------------------------------------------------------------
113 */
114 cookie: {
115 domain: '',
116 path: '/',
117 maxAge: '2h',
118 httpOnly: true,
119 secure: false,
120 sameSite: false,
121 },
122
123 /*
124 |--------------------------------------------------------------------------
125 | Force Content Negotiation
126 |--------------------------------------------------------------------------
127 |
128 | The internals of the framework relies on the content negotiation to
129 | detect the best possible response type for a given HTTP request.
130 |
131 | However, it is a very common these days that API servers always wants to
132 | make response in JSON regardless of the existence of the `Accept` header.
133 |
134 | By setting `forceContentNegotiationTo = 'application/json'`, you negotiate
135 | with the server in advance to always return JSON without relying on the
136 | client to set the header explicitly.
137 |
138 */
139 forceContentNegotiationTo: 'application/json',
140};
141
142/*
143|--------------------------------------------------------------------------
144| Logger
145|--------------------------------------------------------------------------
146*/
147export const logger: LoggerConfig = {
148 /*
149 |--------------------------------------------------------------------------
150 | Application name
151 |--------------------------------------------------------------------------
152 |
153 | The name of the application you want to add to the log. It is recommended
154 | to always have app name in every log line.
155 |
156 | The `APP_NAME` environment variable is automatically set by AdonisJS by
157 | reading the `name` property from the `package.json` file.
158 |
159 */
160 name: Env.get('APP_NAME', 'Ferdium-server'),
161
162 /*
163 |--------------------------------------------------------------------------
164 | Toggle logger
165 |--------------------------------------------------------------------------
166 |
167 | Enable or disable logger application wide
168 |
169 */
170 enabled: true,
171
172 /*
173 |--------------------------------------------------------------------------
174 | Logging level
175 |--------------------------------------------------------------------------
176 |
177 | The level from which you want the logger to flush logs. It is recommended
178 | to make use of the environment variable, so that you can define log levels
179 | at deployment level and not code level.
180 |
181 */
182 level: Env.get('LOG_LEVEL', 'info'),
183
184 /*
185 |--------------------------------------------------------------------------
186 | Pretty print
187 |--------------------------------------------------------------------------
188 |
189 | It is highly advised NOT to use `prettyPrint` in production, since it
190 | can have huge impact on performance.
191 |
192 */
193 prettyPrint: Env.get('NODE_ENV') === 'development',
194};
195
196/*
197|--------------------------------------------------------------------------
198| Profiler
199|--------------------------------------------------------------------------
200*/
201export const profiler: ProfilerConfig = {
202 /*
203 |--------------------------------------------------------------------------
204 | Toggle profiler
205 |--------------------------------------------------------------------------
206 |
207 | Enable or disable profiler
208 |
209 */
210 enabled: true,
211
212 /*
213 |--------------------------------------------------------------------------
214 | Blacklist actions/row labels
215 |--------------------------------------------------------------------------
216 |
217 | Define an array of actions or row labels that you want to disable from
218 | getting profiled.
219 |
220 */
221 blacklist: [],
222
223 /*
224 |--------------------------------------------------------------------------
225 | Whitelist actions/row labels
226 |--------------------------------------------------------------------------
227 |
228 | Define an array of actions or row labels that you want to whitelist for
229 | the profiler. When whitelist is defined, then `blacklist` is ignored.
230 |
231 */
232 whitelist: [],
233};
234
235/*
236|--------------------------------------------------------------------------
237| Validator
238|--------------------------------------------------------------------------
239|
240| Configure the global configuration for the validator. Here's the reference
241| to the default config https://git.io/JT0WE
242|
243*/
244export const validator: ValidatorConfig = {};
diff --git a/config/auth.js b/config/auth.js
deleted file mode 100644
index b831b06..0000000
--- a/config/auth.js
+++ /dev/null
@@ -1,93 +0,0 @@
1
2/** @type {import('@adonisjs/framework/src/Env')} */
3const Env = use('Env');
4
5module.exports = {
6 /*
7 |--------------------------------------------------------------------------
8 | Authenticator
9 |--------------------------------------------------------------------------
10 |
11 | Authentication is a combination of serializer and scheme with extra
12 | config to define on how to authenticate a user.
13 |
14 | Available Schemes - basic, session, jwt, api
15 | Available Serializers - lucid, database
16 |
17 */
18 authenticator: 'jwt',
19
20 /*
21 |--------------------------------------------------------------------------
22 | Session
23 |--------------------------------------------------------------------------
24 |
25 | Session authenticator makes use of sessions to authenticate a user.
26 | Session authentication is always persistent.
27 |
28 */
29 session: {
30 serializer: 'lucid',
31 model: 'App/Models/User',
32 scheme: 'session',
33 uid: 'email',
34 password: 'password',
35 },
36
37 /*
38 |--------------------------------------------------------------------------
39 | Basic Auth
40 |--------------------------------------------------------------------------
41 |
42 | The basic auth authenticator uses basic auth header to authenticate a
43 | user.
44 |
45 | NOTE:
46 | This scheme is not persistent and users are supposed to pass
47 | login credentials on each request.
48 |
49 */
50 basic: {
51 serializer: 'lucid',
52 model: 'App/Models/User',
53 scheme: 'basic',
54 uid: 'email',
55 password: 'password',
56 },
57
58 /*
59 |--------------------------------------------------------------------------
60 | Jwt
61 |--------------------------------------------------------------------------
62 |
63 | The jwt authenticator works by passing a jwt token on each HTTP request
64 | via HTTP `Authorization` header.
65 |
66 */
67 jwt: {
68 serializer: 'lucid',
69 model: 'App/Models/User',
70 scheme: 'jwt',
71 uid: 'email',
72 password: 'password',
73 options: {
74 secret: Env.get('APP_KEY'),
75 },
76 },
77
78 /*
79 |--------------------------------------------------------------------------
80 | Api
81 |--------------------------------------------------------------------------
82 |
83 | The Api scheme makes use of API personal tokens to authenticate a user.
84 |
85 */
86 api: {
87 serializer: 'lucid',
88 model: 'App/Models/User',
89 scheme: 'api',
90 uid: 'email',
91 password: 'password',
92 },
93};
diff --git a/config/auth.ts b/config/auth.ts
new file mode 100644
index 0000000..28a9b8c
--- /dev/null
+++ b/config/auth.ts
@@ -0,0 +1,263 @@
1/**
2 * Config source: https://git.io/JY0mp
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import { AuthConfig } from '@ioc:Adonis/Addons/Auth';
9import Env from '@ioc:Adonis/Core/Env';
10import { appKey, jwtUsePEM } from './app';
11
12/*
13|--------------------------------------------------------------------------
14| Authentication Mapping
15|--------------------------------------------------------------------------
16|
17| List of available authentication mapping. You must first define them
18| inside the `contracts/auth.ts` file before mentioning them here.
19|
20*/
21const authConfig: AuthConfig = {
22 guard: 'web',
23 guards: {
24 /*
25 |--------------------------------------------------------------------------
26 | Web Guard
27 |--------------------------------------------------------------------------
28 |
29 | Web guard uses classic old school sessions for authenticating users.
30 | If you are building a standard web application, it is recommended to
31 | use web guard with session driver
32 |
33 */
34 web: {
35 driver: 'session',
36
37 provider: {
38 /*
39 |--------------------------------------------------------------------------
40 | Driver
41 |--------------------------------------------------------------------------
42 |
43 | Name of the driver
44 |
45 */
46 driver: 'lucid',
47
48 /*
49 |--------------------------------------------------------------------------
50 | Identifier key
51 |--------------------------------------------------------------------------
52 |
53 | The identifier key is the unique key on the model. In most cases specifying
54 | the primary key is the right choice.
55 |
56 */
57 identifierKey: 'id',
58
59 /*
60 |--------------------------------------------------------------------------
61 | Uids
62 |--------------------------------------------------------------------------
63 |
64 | Uids are used to search a user against one of the mentioned columns. During
65 | login, the auth module will search the user mentioned value against one
66 | of the mentioned columns to find their user record.
67 |
68 */
69 uids: ['email'],
70
71 /*
72 |--------------------------------------------------------------------------
73 | Model
74 |--------------------------------------------------------------------------
75 |
76 | The model to use for fetching or finding users. The model is imported
77 | lazily since the config files are read way earlier in the lifecycle
78 | of booting the app and the models may not be in a usable state at
79 | that time.
80 |
81 */
82 model: () => import('App/Models/User'),
83 },
84 },
85 /*
86 |--------------------------------------------------------------------------
87 | OAT Guard
88 |--------------------------------------------------------------------------
89 |
90 | OAT (Opaque access tokens) guard uses database backed tokens to authenticate
91 | HTTP request. This guard DOES NOT rely on sessions or cookies and uses
92 | Authorization header value for authentication.
93 |
94 | Use this guard to authenticate mobile apps or web clients that cannot rely
95 | on cookies/sessions.
96 |
97 */
98 api: {
99 driver: 'oat',
100
101 /*
102 |--------------------------------------------------------------------------
103 | Tokens provider
104 |--------------------------------------------------------------------------
105 |
106 | Uses SQL database for managing tokens. Use the "database" driver, when
107 | tokens are the secondary mode of authentication.
108 | For example: The Github personal tokens
109 |
110 | The foreignKey column is used to make the relationship between the user
111 | and the token. You are free to use any column name here.
112 |
113 */
114 tokenProvider: {
115 type: 'api',
116 driver: 'database',
117 table: 'tokens',
118 foreignKey: 'user_id',
119 },
120
121 provider: {
122 /*
123 |--------------------------------------------------------------------------
124 | Driver
125 |--------------------------------------------------------------------------
126 |
127 | Name of the driver
128 |
129 */
130 driver: 'lucid',
131
132 /*
133 |--------------------------------------------------------------------------
134 | Identifier key
135 |--------------------------------------------------------------------------
136 |
137 | The identifier key is the unique key on the model. In most cases specifying
138 | the primary key is the right choice.
139 |
140 */
141 identifierKey: 'id',
142
143 /*
144 |--------------------------------------------------------------------------
145 | Uids
146 |--------------------------------------------------------------------------
147 |
148 | Uids are used to search a user against one of the mentioned columns. During
149 | login, the auth module will search the user mentioned value against one
150 | of the mentioned columns to find their user record.
151 |
152 */
153 uids: ['email'],
154
155 /*
156 |--------------------------------------------------------------------------
157 | Model
158 |--------------------------------------------------------------------------
159 |
160 | The model to use for fetching or finding users. The model is imported
161 | lazily since the config files are read way earlier in the lifecycle
162 | of booting the app and the models may not be in a usable state at
163 | that time.
164 |
165 */
166 model: () => import('App/Models/User'),
167 },
168 },
169 /*
170 |--------------------------------------------------------------------------
171 | Basic Auth Guard
172 |--------------------------------------------------------------------------
173 |
174 | Uses Basic auth to authenticate an HTTP request. There is no concept of
175 | "login" and "logout" with basic auth. You just authenticate the requests
176 | using a middleware and browser will prompt the user to enter their login
177 | details
178 |
179 */
180 basic: {
181 driver: 'basic',
182 realm: 'Login',
183
184 provider: {
185 /*
186 |--------------------------------------------------------------------------
187 | Driver
188 |--------------------------------------------------------------------------
189 |
190 | Name of the driver
191 |
192 */
193 driver: 'lucid',
194
195 /*
196 |--------------------------------------------------------------------------
197 | Identifier key
198 |--------------------------------------------------------------------------
199 |
200 | The identifier key is the unique key on the model. In most cases specifying
201 | the primary key is the right choice.
202 |
203 */
204 identifierKey: 'id',
205
206 /*
207 |--------------------------------------------------------------------------
208 | Uids
209 |--------------------------------------------------------------------------
210 |
211 | Uids are used to search a user against one of the mentioned columns. During
212 | login, the auth module will search the user mentioned value against one
213 | of the mentioned columns to find their user record.
214 |
215 */
216 uids: ['email'],
217
218 /*
219 |--------------------------------------------------------------------------
220 | Model
221 |--------------------------------------------------------------------------
222 |
223 | The model to use for fetching or finding users. The model is imported
224 | lazily since the config files are read way earlier in the lifecycle
225 | of booting the app and the models may not be in a usable state at
226 | that time.
227 |
228 */
229 model: () => import('App/Models/User'),
230 },
231 },
232 jwt: {
233 driver: 'jwt',
234 secret: jwtUsePEM ? undefined : appKey,
235 algorithmJwt: jwtUsePEM ? undefined : 'HS256',
236 publicKey: jwtUsePEM
237 ? Env.get('JWT_PUBLIC_KEY', '').replaceAll('\\n', '\n')
238 : undefined,
239 privateKey: jwtUsePEM
240 ? Env.get('JWT_PRIVATE_KEY', '').replaceAll('\\n', '\n')
241 : undefined,
242 persistJwt: true,
243 // TODO: We should improve the following implementation as this is a security concern.
244 // The following ts-expect-error is to set exp to undefined (JWT with no expiration)
245 // @ts-expect-error
246 jwtDefaultExpire: undefined,
247 refreshTokenDefaultExpire: '10d',
248 tokenProvider: {
249 driver: 'database',
250 table: 'jwt_tokens',
251 foreignKey: 'user_id',
252 },
253 provider: {
254 driver: 'lucid',
255 identifierKey: 'id',
256 uids: [],
257 model: () => import('App/Models/User'),
258 },
259 },
260 },
261};
262
263export default authConfig;
diff --git a/config/bodyParser.js b/config/bodyParser.js
deleted file mode 100644
index c336e67..0000000
--- a/config/bodyParser.js
+++ /dev/null
@@ -1,156 +0,0 @@
1
2module.exports = {
3 /*
4 |--------------------------------------------------------------------------
5 | JSON Parser
6 |--------------------------------------------------------------------------
7 |
8 | Below settings are applied when the request body contains a JSON payload.
9 | If you want body parser to ignore JSON payloads, then simply set `types`
10 | to an empty array.
11 */
12 json: {
13 /*
14 |--------------------------------------------------------------------------
15 | limit
16 |--------------------------------------------------------------------------
17 |
18 | Defines the limit of JSON that can be sent by the client. If payload
19 | is over 1mb it will not be processed.
20 |
21 */
22 limit: '50mb',
23
24 /*
25 |--------------------------------------------------------------------------
26 | strict
27 |--------------------------------------------------------------------------
28 |
29 | When `strict` is set to true, body parser will only parse Arrays and
30 | Object. Otherwise everything parseable by `JSON.parse` is parsed.
31 |
32 */
33 strict: true,
34
35 /*
36 |--------------------------------------------------------------------------
37 | types
38 |--------------------------------------------------------------------------
39 |
40 | Which content types are processed as JSON payloads. You are free to
41 | add your own types here, but the request body should be parseable
42 | by `JSON.parse` method.
43 |
44 */
45 types: [
46 'application/json',
47 'application/json-patch+json',
48 'application/vnd.api+json',
49 'application/csp-report',
50 ],
51 },
52
53 /*
54 |--------------------------------------------------------------------------
55 | Raw Parser
56 |--------------------------------------------------------------------------
57 |
58 |
59 |
60 */
61 raw: {
62 types: [
63 'text/*',
64 ],
65 },
66
67 /*
68 |--------------------------------------------------------------------------
69 | Form Parser
70 |--------------------------------------------------------------------------
71 |
72 |
73 |
74 */
75 form: {
76 types: [
77 'application/x-www-form-urlencoded',
78 ],
79 },
80
81 /*
82 |--------------------------------------------------------------------------
83 | Files Parser
84 |--------------------------------------------------------------------------
85 |
86 |
87 |
88 */
89 files: {
90 types: [
91 'multipart/form-data',
92 ],
93
94 /*
95 |--------------------------------------------------------------------------
96 | Max Size
97 |--------------------------------------------------------------------------
98 |
99 | Below value is the max size of all the files uploaded to the server. It
100 | is validated even before files have been processed and hard exception
101 | is thrown.
102 |
103 | Consider setting a reasonable value here, otherwise people may upload GB's
104 | of files which will keep your server busy.
105 |
106 | Also this value is considered when `autoProcess` is set to true.
107 |
108 */
109 maxSize: '20mb',
110
111 /*
112 |--------------------------------------------------------------------------
113 | Auto Process
114 |--------------------------------------------------------------------------
115 |
116 | Whether or not to auto-process files. Since HTTP servers handle files via
117 | couple of specific endpoints. It is better to set this value off and
118 | manually process the files when required.
119 |
120 | This value can contain a boolean or an array of route patterns
121 | to be autoprocessed.
122 */
123 autoProcess: true,
124
125 /*
126 |--------------------------------------------------------------------------
127 | Process Manually
128 |--------------------------------------------------------------------------
129 |
130 | The list of routes that should not process files and instead rely on
131 | manual process. This list should only contain routes when autoProcess
132 | is to true. Otherwise everything is processed manually.
133 |
134 */
135 processManually: [],
136
137 /*
138 |--------------------------------------------------------------------------
139 | Temporary file name
140 |--------------------------------------------------------------------------
141 |
142 | Define a function, which should return a string to be used as the
143 | tmp file name.
144 |
145 | If not defined, Bodyparser will use `uuid` as the tmp file name.
146 |
147 | To be defined as. If you are defining the function, then do make sure
148 | to return a value from it.
149 |
150 | tmpFileName () {
151 | return 'some-unique-value'
152 | }
153 |
154 */
155 },
156};
diff --git a/config/bodyparser.ts b/config/bodyparser.ts
new file mode 100644
index 0000000..b5adcda
--- /dev/null
+++ b/config/bodyparser.ts
@@ -0,0 +1,205 @@
1/**
2 * Config source: https://git.io/Jfefn
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import { BodyParserConfig } from '@ioc:Adonis/Core/BodyParser';
9
10const bodyParserConfig: BodyParserConfig = {
11 /*
12 |--------------------------------------------------------------------------
13 | White listed methods
14 |--------------------------------------------------------------------------
15 |
16 | HTTP methods for which body parsing must be performed. It is a good practice
17 | to avoid body parsing for `GET` requests.
18 |
19 */
20 whitelistedMethods: ['POST', 'PUT', 'PATCH', 'DELETE'],
21
22 /*
23 |--------------------------------------------------------------------------
24 | JSON parser settings
25 |--------------------------------------------------------------------------
26 |
27 | The settings for the JSON parser. The types defines the request content
28 | types which gets processed by the JSON parser.
29 |
30 */
31 json: {
32 encoding: 'utf8',
33 limit: '1mb',
34 strict: true,
35 types: [
36 'application/json',
37 'application/json-patch+json',
38 'application/vnd.api+json',
39 'application/csp-report',
40 ],
41 },
42
43 /*
44 |--------------------------------------------------------------------------
45 | Form parser settings
46 |--------------------------------------------------------------------------
47 |
48 | The settings for the `application/x-www-form-urlencoded` parser. The types
49 | defines the request content types which gets processed by the form parser.
50 |
51 */
52 form: {
53 encoding: 'utf8',
54 limit: '1mb',
55 queryString: {},
56
57 /*
58 |--------------------------------------------------------------------------
59 | Convert empty strings to null
60 |--------------------------------------------------------------------------
61 |
62 | Convert empty form fields to null. HTML forms results in field string
63 | value when the field is left blank. This option normalizes all the blank
64 | field values to "null"
65 |
66 */
67 convertEmptyStringsToNull: true,
68
69 types: ['application/x-www-form-urlencoded'],
70 },
71
72 /*
73 |--------------------------------------------------------------------------
74 | Raw body parser settings
75 |--------------------------------------------------------------------------
76 |
77 | Raw body just reads the request body stream as a plain text, which you
78 | can process by hand. This must be used when request body type is not
79 | supported by the body parser.
80 |
81 */
82 raw: {
83 encoding: 'utf8',
84 limit: '1mb',
85 queryString: {},
86 types: ['text/*'],
87 },
88
89 /*
90 |--------------------------------------------------------------------------
91 | Multipart parser settings
92 |--------------------------------------------------------------------------
93 |
94 | The settings for the `multipart/form-data` parser. The types defines the
95 | request content types which gets processed by the form parser.
96 |
97 */
98 multipart: {
99 /*
100 |--------------------------------------------------------------------------
101 | Auto process
102 |--------------------------------------------------------------------------
103 |
104 | The auto process option will process uploaded files and writes them to
105 | the `tmp` folder. You can turn it off and then manually use the stream
106 | to pipe stream to a different destination.
107 |
108 | It is recommended to keep `autoProcess=true`. Unless you are processing bigger
109 | file sizes.
110 |
111 */
112 autoProcess: true,
113
114 /*
115 |--------------------------------------------------------------------------
116 | Files to be processed manually
117 |--------------------------------------------------------------------------
118 |
119 | You can turn off `autoProcess` for certain routes by defining
120 | routes inside the following array.
121 |
122 | NOTE: Make sure the route pattern starts with a leading slash.
123 |
124 | Correct
125 | ```js
126 | /projects/:id/file
127 | ```
128 |
129 | Incorrect
130 | ```js
131 | projects/:id/file
132 | ```
133 */
134 processManually: [],
135
136 /*
137 |--------------------------------------------------------------------------
138 | Temporary file name
139 |--------------------------------------------------------------------------
140 |
141 | When auto processing is on. We will use this method to compute the temporary
142 | file name. AdonisJs will compute a unique `tmpPath` for you automatically,
143 | However, you can also define your own custom method.
144 |
145 */
146 // tmpFileName () {
147 // },
148
149 /*
150 |--------------------------------------------------------------------------
151 | Encoding
152 |--------------------------------------------------------------------------
153 |
154 | Request body encoding
155 |
156 */
157 encoding: 'utf8',
158
159 /*
160 |--------------------------------------------------------------------------
161 | Convert empty strings to null
162 |--------------------------------------------------------------------------
163 |
164 | Convert empty form fields to null. HTML forms results in field string
165 | value when the field is left blank. This option normalizes all the blank
166 | field values to "null"
167 |
168 */
169 convertEmptyStringsToNull: true,
170
171 /*
172 |--------------------------------------------------------------------------
173 | Max Fields
174 |--------------------------------------------------------------------------
175 |
176 | The maximum number of fields allowed in the request body. The field includes
177 | text inputs and files both.
178 |
179 */
180 maxFields: 1000,
181
182 /*
183 |--------------------------------------------------------------------------
184 | Request body limit
185 |--------------------------------------------------------------------------
186 |
187 | The total limit to the multipart body. This includes all request files
188 | and fields data.
189 |
190 */
191 limit: '20mb',
192
193 /*
194 |--------------------------------------------------------------------------
195 | Types
196 |--------------------------------------------------------------------------
197 |
198 | The types that will be considered and parsed as multipart body.
199 |
200 */
201 types: ['multipart/form-data'],
202 },
203};
204
205export default bodyParserConfig;
diff --git a/config/cors.js b/config/cors.js
deleted file mode 100644
index 7ebbe3f..0000000
--- a/config/cors.js
+++ /dev/null
@@ -1,86 +0,0 @@
1
2module.exports = {
3 /*
4 |--------------------------------------------------------------------------
5 | Origin
6 |--------------------------------------------------------------------------
7 |
8 | Set a list of origins to be allowed. The value can be one of the following
9 |
10 | Boolean: true - Allow current request origin
11 | Boolean: false - Disallow all
12 | String - Comma separated list of allowed origins
13 | Array - An array of allowed origins
14 | String: * - A wildcard to allow current request origin
15 | Function - Receives the current origin and should return one of the above values.
16 |
17 */
18 origin: false,
19
20 /*
21 |--------------------------------------------------------------------------
22 | Methods
23 |--------------------------------------------------------------------------
24 |
25 | HTTP methods to be allowed. The value can be one of the following
26 |
27 | String - Comma separated list of allowed methods
28 | Array - An array of allowed methods
29 |
30 */
31 methods: ['GET', 'PUT', 'PATCH', 'POST', 'DELETE'],
32
33 /*
34 |--------------------------------------------------------------------------
35 | Headers
36 |--------------------------------------------------------------------------
37 |
38 | List of headers to be allowed via Access-Control-Request-Headers header.
39 | The value can be one of the following.
40 |
41 | Boolean: true - Allow current request headers
42 | Boolean: false - Disallow all
43 | String - Comma separated list of allowed headers
44 | Array - An array of allowed headers
45 | String: * - A wildcard to allow current request headers
46 | Function - Receives the current header and should return one of the above values.
47 |
48 */
49 headers: true,
50
51 /*
52 |--------------------------------------------------------------------------
53 | Expose Headers
54 |--------------------------------------------------------------------------
55 |
56 | A list of headers to be exposed via `Access-Control-Expose-Headers`
57 | header. The value can be one of the following.
58 |
59 | Boolean: false - Disallow all
60 | String: Comma separated list of allowed headers
61 | Array - An array of allowed headers
62 |
63 */
64 exposeHeaders: false,
65
66 /*
67 |--------------------------------------------------------------------------
68 | Credentials
69 |--------------------------------------------------------------------------
70 |
71 | Define Access-Control-Allow-Credentials header. It should always be a
72 | boolean.
73 |
74 */
75 credentials: false,
76
77 /*
78 |--------------------------------------------------------------------------
79 | MaxAge
80 |--------------------------------------------------------------------------
81 |
82 | Define Access-Control-Allow-Max-Age
83 |
84 */
85 maxAge: 90,
86};
diff --git a/config/cors.ts b/config/cors.ts
new file mode 100644
index 0000000..dc0e3f6
--- /dev/null
+++ b/config/cors.ts
@@ -0,0 +1,134 @@
1/**
2 * Config source: https://git.io/JfefC
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import { CorsConfig } from '@ioc:Adonis/Core/Cors';
9
10const corsConfig: CorsConfig = {
11 /*
12 |--------------------------------------------------------------------------
13 | Enabled
14 |--------------------------------------------------------------------------
15 |
16 | A boolean to enable or disable CORS integration from your AdonisJs
17 | application.
18 |
19 | Setting the value to `true` will enable the CORS for all HTTP request. However,
20 | you can define a function to enable/disable it on per request basis as well.
21 |
22 */
23 enabled: false,
24
25 // You can also use a function that return true or false.
26 // enabled: (request) => request.url().startsWith('/api')
27
28 /*
29 |--------------------------------------------------------------------------
30 | Origin
31 |--------------------------------------------------------------------------
32 |
33 | Set a list of origins to be allowed for `Access-Control-Allow-Origin`.
34 | The value can be one of the following:
35 |
36 | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
37 |
38 | Boolean (true) - Allow current request origin.
39 | Boolean (false) - Disallow all.
40 | String - Comma separated list of allowed origins.
41 | Array - An array of allowed origins.
42 | String (*) - A wildcard (*) to allow all request origins.
43 | Function - Receives the current origin string and should return
44 | one of the above values.
45 |
46 */
47 origin: true,
48
49 /*
50 |--------------------------------------------------------------------------
51 | Methods
52 |--------------------------------------------------------------------------
53 |
54 | An array of allowed HTTP methods for CORS. The `Access-Control-Request-Method`
55 | is checked against the following list.
56 |
57 | Following is the list of default methods. Feel free to add more.
58 */
59 methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'],
60
61 /*
62 |--------------------------------------------------------------------------
63 | Headers
64 |--------------------------------------------------------------------------
65 |
66 | List of headers to be allowed for `Access-Control-Allow-Headers` header.
67 | The value can be one of the following:
68 |
69 | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers
70 |
71 | Boolean(true) - Allow all headers mentioned in `Access-Control-Request-Headers`.
72 | Boolean(false) - Disallow all headers.
73 | String - Comma separated list of allowed headers.
74 | Array - An array of allowed headers.
75 | Function - Receives the current header and should return one of the above values.
76 |
77 */
78 headers: true,
79
80 /*
81 |--------------------------------------------------------------------------
82 | Expose Headers
83 |--------------------------------------------------------------------------
84 |
85 | A list of headers to be exposed by setting `Access-Control-Expose-Headers`.
86 | header. By default following 6 simple response headers are exposed.
87 |
88 | Cache-Control
89 | Content-Language
90 | Content-Type
91 | Expires
92 | Last-Modified
93 | Pragma
94 |
95 | In order to add more headers, simply define them inside the following array.
96 |
97 | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
98 |
99 */
100 exposeHeaders: [
101 'cache-control',
102 'content-language',
103 'content-type',
104 'expires',
105 'last-modified',
106 'pragma',
107 ],
108
109 /*
110 |--------------------------------------------------------------------------
111 | Credentials
112 |--------------------------------------------------------------------------
113 |
114 | Toggle `Access-Control-Allow-Credentials` header. If value is set to `true`,
115 | then header will be set, otherwise not.
116 |
117 | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
118 |
119 */
120 credentials: true,
121
122 /*
123 |--------------------------------------------------------------------------
124 | MaxAge
125 |--------------------------------------------------------------------------
126 |
127 | Define `Access-Control-Max-Age` header in seconds.
128 | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
129 |
130 */
131 maxAge: 90,
132};
133
134export default corsConfig;
diff --git a/config/dashboard.ts b/config/dashboard.ts
new file mode 100644
index 0000000..18feb14
--- /dev/null
+++ b/config/dashboard.ts
@@ -0,0 +1,5 @@
1import Env from '@ioc:Adonis/Core/Env';
2
3export const enabled: boolean = Env.get('IS_DASHBOARD_ENABLED') !== 'false';
4
5export const mailFrom: string = Env.get('MAIL_SENDER');
diff --git a/config/database.js b/config/database.js
deleted file mode 100644
index 5c51996..0000000
--- a/config/database.js
+++ /dev/null
@@ -1,88 +0,0 @@
1const path = require("path");
2
3/** @type {import('@adonisjs/framework/src/Env')} */
4const Env = use('Env');
5
6/** @type {import('@adonisjs/ignitor/src/Helpers')} */
7const Helpers = use('Helpers');
8
9module.exports = {
10 /*
11 |--------------------------------------------------------------------------
12 | Default Connection
13 |--------------------------------------------------------------------------
14 |
15 | Connection defines the default connection settings to be used while
16 | interacting with SQL databases.
17 |
18 */
19 connection: Env.get('DB_CONNECTION', 'sqlite'),
20
21 /*
22 |--------------------------------------------------------------------------
23 | Sqlite
24 |--------------------------------------------------------------------------
25 |
26 | Sqlite is a flat file database and can be a good choice for a development
27 | environment.
28 |
29 | npm i --save sqlite3
30 |
31 */
32 sqlite: {
33 client: 'sqlite3',
34 connection: {
35 filename: path.join(Env.get('DATA_DIR', 'data'), `${Env.get('DB_DATABASE', 'ferdium')}.sqlite`),
36 },
37 useNullAsDefault: true,
38 debug: Env.get('DB_DEBUG', false),
39 },
40
41 /*
42 |--------------------------------------------------------------------------
43 | MySQL
44 |--------------------------------------------------------------------------
45 |
46 | Here we define connection settings for MySQL database.
47 |
48 | npm i --save mysql
49 |
50 */
51 mysql: {
52 client: 'mysql',
53 connection: {
54 host: Env.get('DB_HOST', 'localhost'),
55 port: Env.get('DB_PORT', ''),
56 user: Env.get('DB_USER', 'root'),
57 password: Env.get('DB_PASSWORD', ''),
58 database: Env.get('DB_DATABASE', 'ferdium'),
59 },
60 debug: Env.get('DB_DEBUG', false),
61 },
62
63 /*
64 |--------------------------------------------------------------------------
65 | PostgreSQL
66 |--------------------------------------------------------------------------
67 |
68 | Here we define connection settings for PostgreSQL database.
69 |
70 | npm i --save pg
71 |
72 */
73 pg: {
74 client: 'pg',
75 connection: {
76 host: Env.get('DB_HOST', 'localhost'),
77 port: Env.get('DB_PORT', ''),
78 user: Env.get('DB_USER', 'root'),
79 password: Env.get('DB_PASSWORD', ''),
80 database: Env.get('DB_DATABASE', 'ferdium'),
81 ssl: Env.get('DB_CA_CERT') ? {
82 rejectUnauthorized: false,
83 ca: Env.get('DB_CA_CERT'),
84 } : JSON.parse(Env.get('DB_SSL', 'true')),
85 },
86 debug: Env.get('DB_DEBUG', false),
87 },
88};
diff --git a/config/database.ts b/config/database.ts
new file mode 100644
index 0000000..65a9455
--- /dev/null
+++ b/config/database.ts
@@ -0,0 +1,121 @@
1/* eslint-disable @typescript-eslint/indent */
2/**
3 * Config source: https://git.io/JesV9
4 *
5 * Feel free to let us know via PR, if you find something broken in this config
6 * file.
7 */
8
9import path from 'node:path';
10import Env from '@ioc:Adonis/Core/Env';
11import { DatabaseConfig } from '@ioc:Adonis/Lucid/Database';
12
13const databaseConfig: DatabaseConfig = {
14 /*
15 |--------------------------------------------------------------------------
16 | Connection
17 |--------------------------------------------------------------------------
18 |
19 | The primary connection for making database queries across the application
20 | You can use any key from the `connections` object defined in this same
21 | file.
22 |
23 */
24 connection: Env.get('DB_CONNECTION', 'sqlite'),
25
26 connections: {
27 /*
28 |--------------------------------------------------------------------------
29 | SQLite
30 |--------------------------------------------------------------------------
31 |
32 | Configuration for the SQLite database. Make sure to install the driver
33 | from npm when using this connection
34 |
35 | npm i sqlite3
36 |
37 */
38 sqlite: {
39 client: 'sqlite',
40 connection: {
41 filename: path.join(
42 Env.get('DATA_DIR', 'data'),
43 `${Env.get('DB_DATABASE', 'ferdium')}.sqlite`,
44 ),
45 },
46 pool: {
47 afterCreate: (conn, cb) => {
48 conn.run('PRAGMA foreign_keys=true', cb);
49 },
50 },
51 migrations: {
52 naturalSort: true,
53 },
54 useNullAsDefault: true,
55 healthCheck: false,
56 debug: Env.get('DB_DEBUG', false),
57 },
58
59 /*
60 |--------------------------------------------------------------------------
61 | MySQL config
62 |--------------------------------------------------------------------------
63 |
64 | Configuration for MySQL database. Make sure to install the driver
65 | from npm when using this connection
66 |
67 | npm i mysql
68 |
69 */
70 mysql: {
71 client: 'mysql',
72 connection: {
73 host: Env.get('DB_HOST', 'localhost'),
74 port: Env.get('DB_PORT', ''),
75 user: Env.get('DB_USER', 'root'),
76 password: Env.get('DB_PASSWORD', ''),
77 database: Env.get('DB_DATABASE', 'ferdium'),
78 },
79 migrations: {
80 naturalSort: true,
81 },
82 healthCheck: false,
83 debug: Env.get('DB_DEBUG', false),
84 },
85
86 /*
87 |--------------------------------------------------------------------------
88 | PostgreSQL config
89 |--------------------------------------------------------------------------
90 |
91 | Configuration for PostgreSQL database. Make sure to install the driver
92 | from npm when using this connection
93 |
94 | npm i pg
95 |
96 */
97 pg: {
98 client: 'pg',
99 connection: {
100 host: Env.get('DB_HOST', 'localhost'),
101 port: Env.get('DB_PORT', ''),
102 user: Env.get('DB_USER', 'root'),
103 password: Env.get('DB_PASSWORD', ''),
104 database: Env.get('DB_DATABASE', 'ferdium'),
105 ssl: Env.get('DB_CA_CERT')
106 ? {
107 rejectUnauthorized: false,
108 ca: Env.get('DB_CA_CERT'),
109 }
110 : JSON.parse(Env.get('DB_SSL', 'true')),
111 },
112 migrations: {
113 naturalSort: true,
114 },
115 healthCheck: false,
116 debug: Env.get('DB_DEBUG', false),
117 },
118 },
119};
120
121export default databaseConfig;
diff --git a/config/drive.js b/config/drive.js
deleted file mode 100644
index cb4b2b3..0000000
--- a/config/drive.js
+++ /dev/null
@@ -1,45 +0,0 @@
1const Env = use('Env');
2
3module.exports = {
4 /*
5 |--------------------------------------------------------------------------
6 | Default disk
7 |--------------------------------------------------------------------------
8 |
9 | The default disk is used when you interact with the file system without
10 | defining a disk name
11 |
12 */
13 default: 'local',
14
15 disks: {
16 /*
17 |--------------------------------------------------------------------------
18 | Local
19 |--------------------------------------------------------------------------
20 |
21 | Local disk interacts with the a local folder inside your application
22 |
23 */
24 local: {
25 root: `${__dirname}/../recipes/archives`,
26 driver: 'local',
27 },
28
29 /*
30 |--------------------------------------------------------------------------
31 | S3
32 |--------------------------------------------------------------------------
33 |
34 | S3 disk interacts with a bucket on aws s3
35 |
36 */
37 s3: {
38 driver: 's3',
39 key: Env.get('S3_KEY'),
40 secret: Env.get('S3_SECRET'),
41 bucket: Env.get('S3_BUCKET'),
42 region: Env.get('S3_REGION'),
43 },
44 },
45};
diff --git a/config/drive.ts b/config/drive.ts
new file mode 100644
index 0000000..b6950eb
--- /dev/null
+++ b/config/drive.ts
@@ -0,0 +1,149 @@
1/**
2 * Config source: https://git.io/JBt3o
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import Env from '@ioc:Adonis/Core/Env';
9import { driveConfig } from '@adonisjs/core/build/config';
10import Application from '@ioc:Adonis/Core/Application';
11
12/*
13|--------------------------------------------------------------------------
14| Drive Config
15|--------------------------------------------------------------------------
16|
17| The `DriveConfig` relies on the `DisksList` interface which is
18| defined inside the `contracts` directory.
19|
20*/
21export default driveConfig({
22 /*
23 |--------------------------------------------------------------------------
24 | Default disk
25 |--------------------------------------------------------------------------
26 |
27 | The default disk to use for managing file uploads. The value is driven by
28 | the `DRIVE_DISK` environment variable.
29 |
30 */
31 disk: Env.get('DRIVE_DISK', 'local'),
32
33 disks: {
34 /*
35 |--------------------------------------------------------------------------
36 | Local
37 |--------------------------------------------------------------------------
38 |
39 | Uses the local file system to manage files. Make sure to turn off serving
40 | files when not using this disk.
41 |
42 */
43 local: {
44 driver: 'local',
45 visibility: 'public',
46
47 /*
48 |--------------------------------------------------------------------------
49 | Storage root - Local driver only
50 |--------------------------------------------------------------------------
51 |
52 | Define an absolute path to the storage directory from where to read the
53 | files.
54 |
55 */
56 root: Application.tmpPath('uploads'),
57
58 /*
59 |--------------------------------------------------------------------------
60 | Serve files - Local driver only
61 |--------------------------------------------------------------------------
62 |
63 | When this is set to true, AdonisJS will configure a files server to serve
64 | files from the disk root. This is done to mimic the behavior of cloud
65 | storage services that has inbuilt capabilities to serve files.
66 |
67 */
68 serveFiles: true,
69
70 /*
71 |--------------------------------------------------------------------------
72 | Base path - Local driver only
73 |--------------------------------------------------------------------------
74 |
75 | Base path is always required when "serveFiles = true". Also make sure
76 | the `basePath` is unique across all the disks using "local" driver and
77 | you are not registering routes with this prefix.
78 |
79 */
80 basePath: '/uploads',
81 },
82
83 /*
84 |--------------------------------------------------------------------------
85 | S3 Driver
86 |--------------------------------------------------------------------------
87 |
88 | Uses the S3 cloud storage to manage files. Make sure to install the s3
89 | drive separately when using it.
90 |
91 |**************************************************************************
92 | npm i @adonisjs/drive-s3
93 |**************************************************************************
94 |
95 */
96 // s3: {
97 // driver: 's3',
98 // visibility: 'public',
99 // key: Env.get('S3_KEY'),
100 // secret: Env.get('S3_SECRET'),
101 // region: Env.get('S3_REGION'),
102 // bucket: Env.get('S3_BUCKET'),
103 // endpoint: Env.get('S3_ENDPOINT'),
104 //
105 // // For minio to work
106 // // forcePathStyle: true,
107 // },
108
109 /*
110 |--------------------------------------------------------------------------
111 | GCS Driver
112 |--------------------------------------------------------------------------
113 |
114 | Uses the Google cloud storage to manage files. Make sure to install the GCS
115 | drive separately when using it.
116 |
117 |**************************************************************************
118 | npm i @adonisjs/drive-gcs
119 |**************************************************************************
120 |
121 */
122 // gcs: {
123 // driver: 'gcs',
124 // visibility: 'public',
125 // keyFilename: Env.get('GCS_KEY_FILENAME'),
126 // bucket: Env.get('GCS_BUCKET'),
127
128 /*
129 |--------------------------------------------------------------------------
130 | Uniform ACL - Google cloud storage only
131 |--------------------------------------------------------------------------
132 |
133 | When using the Uniform ACL on the bucket, the "visibility" option is
134 | ignored. Since, the files ACL is managed by the google bucket policies
135 | directly.
136 |
137 |**************************************************************************
138 | Learn more: https://cloud.google.com/storage/docs/uniform-bucket-level-access
139 |**************************************************************************
140 |
141 | The following option just informs drive whether your bucket is using uniform
142 | ACL or not. The actual setting needs to be toggled within the Google cloud
143 | console.
144 |
145 */
146 // usingUniformAcl: false,
147 // },
148 },
149});
diff --git a/config/hash.js b/config/hash.js
deleted file mode 100644
index 297c977..0000000
--- a/config/hash.js
+++ /dev/null
@@ -1,48 +0,0 @@
1
2/** @type {import('@adonisjs/framework/src/Env')} */
3const Env = use('Env');
4
5module.exports = {
6 /*
7 |--------------------------------------------------------------------------
8 | Driver
9 |--------------------------------------------------------------------------
10 |
11 | Driver to be used for hashing values. The same driver is used by the
12 | auth module too.
13 |
14 */
15 driver: Env.get('HASH_DRIVER', 'bcrypt'),
16
17 /*
18 |--------------------------------------------------------------------------
19 | Bcrypt
20 |--------------------------------------------------------------------------
21 |
22 | Config related to bcrypt hashing. https://www.npmjs.com/package/bcrypt
23 | package is used internally.
24 |
25 */
26 bcrypt: {
27 rounds: 10,
28 },
29
30 /*
31 |--------------------------------------------------------------------------
32 | Argon
33 |--------------------------------------------------------------------------
34 |
35 | Config related to argon. https://www.npmjs.com/package/argon2 package is
36 | used internally.
37 |
38 | Since argon is optional, you will have to install the dependency yourself
39 |
40 |============================================================================
41 | npm i argon2
42 |============================================================================
43 |
44 */
45 argon: {
46 type: 1,
47 },
48};
diff --git a/config/hash.ts b/config/hash.ts
new file mode 100644
index 0000000..abe7dd0
--- /dev/null
+++ b/config/hash.ts
@@ -0,0 +1,88 @@
1/**
2 * Config source: https://git.io/JfefW
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import Env from '@ioc:Adonis/Core/Env';
9import { hashConfig } from '@adonisjs/core/build/config';
10
11/*
12|--------------------------------------------------------------------------
13| Hash Config
14|--------------------------------------------------------------------------
15|
16| The `HashConfig` relies on the `HashList` interface which is
17| defined inside `contracts` directory.
18|
19*/
20export default hashConfig({
21 /*
22 |--------------------------------------------------------------------------
23 | Default hasher
24 |--------------------------------------------------------------------------
25 |
26 | By default we make use of the argon hasher to hash values. However, feel
27 | free to change the default value
28 |
29 | Default is set to bcrypt to prevent breaking-changes.
30 */
31 default: Env.get('HASH_DRIVER', 'scrypt'),
32
33 list: {
34 scrypt: {
35 driver: 'scrypt',
36 cost: 16_384,
37 blockSize: 8,
38 parallelization: 1,
39 saltSize: 16,
40 keyLength: 64,
41 maxMemory: 32 * 1024 * 1024,
42 },
43 /*
44 |--------------------------------------------------------------------------
45 | Argon
46 |--------------------------------------------------------------------------
47 |
48 | Argon mapping uses the `argon2` driver to hash values.
49 |
50 | Make sure you install the underlying dependency for this driver to work.
51 | https://www.npmjs.com/package/phc-argon2.
52 |
53 | npm install phc-argon2
54 |
55 */
56 argon: {
57 driver: 'argon2',
58 variant: 'id',
59 iterations: 3,
60 memory: 4096,
61 parallelism: 1,
62 saltSize: 16,
63 },
64
65 /*
66 |--------------------------------------------------------------------------
67 | Bcrypt
68 |--------------------------------------------------------------------------
69 |
70 | Bcrypt mapping uses the `bcrypt` driver to hash values.
71 |
72 | Make sure you install the underlying dependency for this driver to work.
73 | https://www.npmjs.com/package/phc-bcrypt.
74 |
75 | npm install phc-bcrypt
76 |
77 */
78 bcrypt: {
79 driver: 'bcrypt',
80 rounds: 10,
81 },
82
83 legacy: {
84 // @ts-expect-error
85 driver: 'legacy',
86 },
87 },
88});
diff --git a/config/mail.js b/config/mail.js
deleted file mode 100644
index 8fb6356..0000000
--- a/config/mail.js
+++ /dev/null
@@ -1,104 +0,0 @@
1const Env = use('Env');
2
3module.exports = {
4 /*
5 |--------------------------------------------------------------------------
6 | Connection
7 |--------------------------------------------------------------------------
8 |
9 | Connection to be used for sending emails. Each connection needs to
10 | define a driver too.
11 |
12 */
13 connection: Env.get('MAIL_CONNECTION', 'smtp'),
14
15 /*
16 |--------------------------------------------------------------------------
17 | SMTP
18 |--------------------------------------------------------------------------
19 |
20 | Here we define configuration for sending emails via SMTP.
21 |
22 | https://nodemailer.com/smtp/
23 |
24 */
25 smtp: {
26 driver: 'smtp',
27 pool: true,
28 name: Env.get('APP_URL'),
29 port: Env.get('SMTP_PORT', '2525'),
30 host: Env.get('SMTP_HOST', 'localhost'),
31 secure: JSON.parse(Env.get('MAIL_SSL', 'false')),
32 requireTLS: JSON.parse(Env.get('MAIL_REQUIRE_TLS', 'false')),
33 authMethod: 'LOGIN',
34 auth: {
35 user: Env.get('MAIL_USERNAME'),
36 pass: Env.get('MAIL_PASSWORD'),
37 },
38 maxConnections: 5,
39 maxMessages: 100,
40 rateLimit: 10,
41 },
42
43 /*
44 |--------------------------------------------------------------------------
45 | SparkPost
46 |--------------------------------------------------------------------------
47 |
48 | Here we define configuration for spark post. Extra options can be defined
49 | inside the `extra` object.
50 |
51 | https://developer.sparkpost.com/api/transmissions.html#header-options-attributes
52 |
53 | extras: {
54 | campaign_id: 'sparkpost campaign id',
55 | options: { // sparkpost options }
56 | }
57 |
58 */
59 sparkpost: {
60 driver: 'sparkpost',
61 apiKey: Env.get('SPARKPOST_API_KEY'),
62 extras: {},
63 },
64
65 /*
66 |--------------------------------------------------------------------------
67 | Mailgun
68 |--------------------------------------------------------------------------
69 |
70 | Here we define configuration for mailgun. Extra options can be defined
71 | inside the `extra` object.
72 |
73 | https://mailgun-documentation.readthedocs.io/en/latest/api-sending.html#sending
74 |
75 | extras: {
76 | 'o:tag': '',
77 | 'o:campaign': '',,
78 | . . .
79 | }
80 |
81 */
82 mailgun: {
83 driver: 'mailgun',
84 domain: Env.get('MAILGUN_DOMAIN'),
85 region: Env.get('MAILGUN_API_REGION'),
86 apiKey: Env.get('MAILGUN_API_KEY'),
87 extras: {},
88 },
89
90 /*
91 |--------------------------------------------------------------------------
92 | Ethereal
93 |--------------------------------------------------------------------------
94 |
95 | Ethereal driver to quickly test emails in your browser. A disposable
96 | account is created automatically for you.
97 |
98 | https://ethereal.email
99 |
100 */
101 ethereal: {
102 driver: 'ethereal',
103 },
104};
diff --git a/config/mail.ts b/config/mail.ts
new file mode 100644
index 0000000..1210592
--- /dev/null
+++ b/config/mail.ts
@@ -0,0 +1,118 @@
1/**
2 * Config source: https://git.io/JvgAf
3 *
4 * Feel free to let us know via PR, if you find something broken in this contract
5 * file.
6 */
7
8import Env from '@ioc:Adonis/Core/Env';
9import { mailConfig } from '@adonisjs/mail/build/config';
10
11export default mailConfig({
12 /*
13 |--------------------------------------------------------------------------
14 | Default mailer
15 |--------------------------------------------------------------------------
16 |
17 | The following mailer will be used to send emails, when you don't specify
18 | a mailer
19 |
20 */
21 mailer: 'smtp',
22
23 /*
24 |--------------------------------------------------------------------------
25 | Mailers
26 |--------------------------------------------------------------------------
27 |
28 | You can define or more mailers to send emails from your application. A
29 | single `driver` can be used to define multiple mailers with different
30 | config.
31 |
32 | For example: Postmark driver can be used to have different mailers for
33 | sending transactional and promotional emails
34 |
35 */
36 mailers: {
37 /*
38 |--------------------------------------------------------------------------
39 | Smtp
40 |--------------------------------------------------------------------------
41 |
42 | Uses SMTP protocol for sending email
43 |
44 */
45 smtp: {
46 driver: 'smtp',
47 name: Env.get('APP_URL'),
48 port: Env.get('SMTP_PORT', '2525'),
49 host: Env.get('SMTP_HOST', 'localhost'),
50 secure: JSON.parse(Env.get('MAIL_SSL', 'false')),
51 requireTLS: JSON.parse(Env.get('MAIL_REQUIRE_TLS', 'false')),
52 auth: {
53 user: Env.get('SMTP_USERNAME'),
54 pass: Env.get('SMTP_PASSWORD'),
55 type: 'login',
56 },
57 maxConnections: 5,
58 maxMessages: 100,
59 rateLimit: 10,
60 },
61
62 /*
63 |--------------------------------------------------------------------------
64 | SES
65 |--------------------------------------------------------------------------
66 |
67 | Uses Amazon SES for sending emails. You will have to install the aws-sdk
68 | when using this driver.
69 |
70 | ```
71 | npm i aws-sdk
72 | ```
73 |
74 */
75 ses: {
76 driver: 'ses',
77 apiVersion: '2010-12-01',
78 key: Env.get('SES_ACCESS_KEY'),
79 secret: Env.get('SES_ACCESS_SECRET'),
80 region: Env.get('SES_REGION'),
81 sslEnabled: true,
82 sendingRate: 10,
83 maxConnections: 5,
84 },
85
86 /*
87 |--------------------------------------------------------------------------
88 | Mailgun
89 |--------------------------------------------------------------------------
90 |
91 | Uses Mailgun service for sending emails.
92 |
93 | If you are using an EU domain. Ensure to change the baseUrl to hit the
94 | europe endpoint (https://api.eu.mailgun.net/v3).
95 |
96 */
97 mailgun: {
98 driver: 'mailgun',
99 baseUrl: 'https://api.mailgun.net/v3',
100 key: Env.get('MAILGUN_API_KEY'),
101 domain: Env.get('MAILGUN_DOMAIN'),
102 },
103
104 /*
105 |--------------------------------------------------------------------------
106 | SparkPost
107 |--------------------------------------------------------------------------
108 |
109 | Uses Sparkpost service for sending emails.
110 |
111 */
112 sparkpost: {
113 driver: 'sparkpost',
114 baseUrl: 'https://api.sparkpost.com/api/v1',
115 key: Env.get('SPARKPOST_API_KEY'),
116 },
117 },
118});
diff --git a/config/persona.js b/config/persona.js
deleted file mode 100644
index c259a06..0000000
--- a/config/persona.js
+++ /dev/null
@@ -1,94 +0,0 @@
1/*
2|--------------------------------------------------------------------------
3| Persona
4|--------------------------------------------------------------------------
5|
6| The persona is a simple and opinionated service to register, login and
7| manage user account
8|
9*/
10
11module.exports = {
12 /*
13 |--------------------------------------------------------------------------
14 | Uids
15 |--------------------------------------------------------------------------
16 |
17 | An array of fields, that can be used to indetify a user uniquely. During
18 | login and reset password, these fields be checked against the user
19 | input
20 |
21 */
22 uids: ['email'],
23
24 /*
25 |--------------------------------------------------------------------------
26 | Email field
27 |--------------------------------------------------------------------------
28 |
29 | The name of the email field inside the database and the user payload.
30 |
31 */
32 email: 'email',
33
34 /*
35 |--------------------------------------------------------------------------
36 | Password
37 |--------------------------------------------------------------------------
38 |
39 | The password field to be used for verifying and storing user password
40 |
41 */
42 password: 'password',
43
44 /*
45 |--------------------------------------------------------------------------
46 | New account state
47 |--------------------------------------------------------------------------
48 |
49 | State of user when a new account is created
50 |
51 */
52 newAccountState: 'pending',
53
54 /*
55 |--------------------------------------------------------------------------
56 | Verified account state
57 |--------------------------------------------------------------------------
58 |
59 | State of user after they verify their email address
60 |
61 */
62 verifiedAccountState: 'active',
63
64 /*
65 |--------------------------------------------------------------------------
66 | Model
67 |--------------------------------------------------------------------------
68 |
69 | The model to be used for verifying and creating users
70 |
71 */
72 model: 'App/Models/User',
73
74 /*
75 |--------------------------------------------------------------------------
76 | Date Format
77 |--------------------------------------------------------------------------
78 |
79 | The date format for the tokens table. It is required to calculate the
80 | expiry of a token.
81 |
82 */
83 dateFormat: 'YYYY-MM-DD HH:mm:ss',
84
85 /*
86 |--------------------------------------------------------------------------
87 | Validation messages
88 |--------------------------------------------------------------------------
89 |
90 | An object of validation messages to be used when validation fails.
91 |
92 */
93 validationMessages: () => ({}),
94};
diff --git a/config/session.js b/config/session.js
deleted file mode 100644
index b2174da..0000000
--- a/config/session.js
+++ /dev/null
@@ -1,98 +0,0 @@
1
2const Env = use('Env');
3
4module.exports = {
5 /*
6 |--------------------------------------------------------------------------
7 | Session Driver
8 |--------------------------------------------------------------------------
9 |
10 | The session driver to be used for storing session values. It can be
11 | cookie, file or redis.
12 |
13 | For `redis` driver, make sure to install and register `@adonisjs/redis`
14 |
15 */
16 driver: Env.get('SESSION_DRIVER', 'cookie'),
17
18 /*
19 |--------------------------------------------------------------------------
20 | Cookie Name
21 |--------------------------------------------------------------------------
22 |
23 | The name of the cookie to be used for saving session id. Session ids
24 | are signed and encrypted.
25 |
26 */
27 cookieName: 'adonis-session',
28
29 /*
30 |--------------------------------------------------------------------------
31 | Clear session when browser closes
32 |--------------------------------------------------------------------------
33 |
34 | If this value is true, the session cookie will be temporary and will be
35 | removed when browser closes.
36 |
37 */
38 clearWithBrowser: true,
39
40 /*
41 |--------------------------------------------------------------------------
42 | Session age
43 |--------------------------------------------------------------------------
44 |
45 | This value is only used when `clearWithBrowser` is set to false. The
46 | age must be a valid https://npmjs.org/package/ms string or should
47 | be in milliseconds.
48 |
49 | Valid values are:
50 | '2h', '10d', '5y', '2.5 hrs'
51 |
52 */
53 age: '2h',
54
55 /*
56 |--------------------------------------------------------------------------
57 | Cookie options
58 |--------------------------------------------------------------------------
59 |
60 | Cookie options defines the options to be used for setting up session
61 | cookie
62 |
63 */
64 cookie: {
65 httpOnly: true,
66 path: '/',
67 sameSite: true,
68 },
69
70 /*
71 |--------------------------------------------------------------------------
72 | Sessions location
73 |--------------------------------------------------------------------------
74 |
75 | If driver is set to file, we need to define the relative location from
76 | the temporary path or absolute url to any location.
77 |
78 */
79 file: {
80 location: 'sessions',
81 },
82
83 /*
84 |--------------------------------------------------------------------------
85 | Redis config
86 |--------------------------------------------------------------------------
87 |
88 | The configuration for the redis driver.
89 |
90 */
91 redis: {
92 host: '127.0.0.1',
93 port: 6379,
94 password: null,
95 db: 0,
96 keyPrefix: '',
97 },
98};
diff --git a/config/session.ts b/config/session.ts
new file mode 100644
index 0000000..fbf8c7c
--- /dev/null
+++ b/config/session.ts
@@ -0,0 +1,116 @@
1/**
2 * Config source: https://git.io/JeYHp
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import Env from '@ioc:Adonis/Core/Env';
9import Application from '@ioc:Adonis/Core/Application';
10import { sessionConfig } from '@adonisjs/session/build/config';
11
12export default sessionConfig({
13 /*
14 |--------------------------------------------------------------------------
15 | Enable/Disable sessions
16 |--------------------------------------------------------------------------
17 |
18 | Setting the following property to "false" will disable the session for the
19 | entire application
20 |
21 */
22 enabled: true,
23
24 /*
25 |--------------------------------------------------------------------------
26 | Driver
27 |--------------------------------------------------------------------------
28 |
29 | The session driver to use. You can choose between one of the following
30 | drivers.
31 |
32 | - cookie (Uses signed cookies to store session values)
33 | - file (Uses filesystem to store session values)
34 | - redis (Uses redis. Make sure to install "@adonisjs/redis" as well)
35 |
36 | Note: Switching drivers will make existing sessions invalid.
37 |
38 */
39 driver: Env.get('SESSION_DRIVER', 'cookie'),
40
41 /*
42 |--------------------------------------------------------------------------
43 | Cookie name
44 |--------------------------------------------------------------------------
45 |
46 | The name of the cookie that will hold the session id.
47 |
48 */
49 cookieName: 'adonis-session',
50
51 /*
52 |--------------------------------------------------------------------------
53 | Clear session when browser closes
54 |--------------------------------------------------------------------------
55 |
56 | Whether or not you want to destroy the session when browser closes. Setting
57 | this value to `true` will ignore the `age`.
58 |
59 */
60 clearWithBrowser: true,
61
62 /*
63 |--------------------------------------------------------------------------
64 | Session age
65 |--------------------------------------------------------------------------
66 |
67 | The duration for which session stays active after no activity. A new HTTP
68 | request to the server is considered as activity.
69 |
70 | The value can be a number in milliseconds or a string that must be valid
71 | as per https://npmjs.org/package/ms package.
72 |
73 | Example: `2 days`, `2.5 hrs`, `1y`, `5s` and so on.
74 |
75 */
76 age: '2h',
77
78 /*
79 |--------------------------------------------------------------------------
80 | Cookie values
81 |--------------------------------------------------------------------------
82 |
83 | The cookie settings are used to setup the session id cookie and also the
84 | driver will use the same values.
85 |
86 */
87 cookie: {
88 path: '/',
89 httpOnly: true,
90 sameSite: false,
91 },
92
93 /*
94 |--------------------------------------------------------------------------
95 | Configuration for the file driver
96 |--------------------------------------------------------------------------
97 |
98 | The file driver needs absolute path to the directory in which sessions
99 | must be stored.
100 |
101 */
102 file: {
103 location: Application.tmpPath('sessions'),
104 },
105
106 /*
107 |--------------------------------------------------------------------------
108 | Redis driver
109 |--------------------------------------------------------------------------
110 |
111 | The redis connection you want session driver to use. The same connection
112 | must be defined inside `config/redis.ts` file as well.
113 |
114 */
115 redisConnection: 'local',
116});
diff --git a/config/shield.js b/config/shield.js
deleted file mode 100644
index 9849d29..0000000
--- a/config/shield.js
+++ /dev/null
@@ -1,144 +0,0 @@
1
2module.exports = {
3 /*
4 |--------------------------------------------------------------------------
5 | Content Security Policy
6 |--------------------------------------------------------------------------
7 |
8 | Content security policy filters out the origins not allowed to execute
9 | and load resources like scripts, styles and fonts. There are wide
10 | variety of options to choose from.
11 */
12 csp: {
13 /*
14 |--------------------------------------------------------------------------
15 | Directives
16 |--------------------------------------------------------------------------
17 |
18 | All directives are defined in camelCase and here is the list of
19 | available directives and their possible values.
20 |
21 | https://content-security-policy.com
22 |
23 | @example
24 | directives: {
25 | defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
26 | }
27 |
28 */
29 directives: {
30 },
31 /*
32 |--------------------------------------------------------------------------
33 | Report only
34 |--------------------------------------------------------------------------
35 |
36 | Setting `reportOnly=true` will not block the scripts from running and
37 | instead report them to a URL.
38 |
39 */
40 reportOnly: false,
41 /*
42 |--------------------------------------------------------------------------
43 | Set all headers
44 |--------------------------------------------------------------------------
45 |
46 | Headers staring with `X` have been depreciated, since all major browsers
47 | supports the standard CSP header. So its better to disable deperciated
48 | headers, unless you want them to be set.
49 |
50 */
51 setAllHeaders: false,
52
53 /*
54 |--------------------------------------------------------------------------
55 | Disable on android
56 |--------------------------------------------------------------------------
57 |
58 | Certain versions of android are buggy with CSP policy. So you can set
59 | this value to true, to disable it for Android versions with buggy
60 | behavior.
61 |
62 | Here is an issue reported on a different package, but helpful to read
63 | if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
64 |
65 */
66 disableAndroid: true,
67 },
68
69 /*
70 |--------------------------------------------------------------------------
71 | X-XSS-Protection
72 |--------------------------------------------------------------------------
73 |
74 | X-XSS Protection saves from applications from XSS attacks. It is adopted
75 | by IE and later followed by some other browsers.
76 |
77 | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
78 |
79 */
80 xss: {
81 enabled: true,
82 enableOnOldIE: false,
83 },
84
85 /*
86 |--------------------------------------------------------------------------
87 | Iframe Options
88 |--------------------------------------------------------------------------
89 |
90 | xframe defines whether or not your website can be embedded inside an
91 | iframe. Choose from one of the following options.
92 | @available options
93 | DENY, SAMEORIGIN, ALLOW-FROM http://example.com
94 |
95 | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
96 */
97 xframe: 'DENY',
98
99 /*
100 |--------------------------------------------------------------------------
101 | No Sniff
102 |--------------------------------------------------------------------------
103 |
104 | Browsers have a habit of sniffing content-type of a response. Which means
105 | files with .txt extension containing Javascript code will be executed as
106 | Javascript. You can disable this behavior by setting nosniff to false.
107 |
108 | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
109 |
110 */
111 nosniff: true,
112
113 /*
114 |--------------------------------------------------------------------------
115 | No Open
116 |--------------------------------------------------------------------------
117 |
118 | IE users can execute webpages in the context of your website, which is
119 | a serious security risk. Below option will manage this for you.
120 |
121 */
122 noopen: true,
123
124 /*
125 |--------------------------------------------------------------------------
126 | CSRF Protection
127 |--------------------------------------------------------------------------
128 |
129 | CSRF Protection adds another layer of security by making sure, actionable
130 | routes does have a valid token to execute an action.
131 |
132 */
133 csrf: {
134 enable: true,
135 methods: ['POST', 'PUT', 'DELETE'],
136 filterUris: [],
137 cookieOptions: {
138 httpOnly: true,
139 sameSite: true,
140 path: '/',
141 maxAge: 7200,
142 },
143 },
144};
diff --git a/config/shield.ts b/config/shield.ts
new file mode 100644
index 0000000..3566e1c
--- /dev/null
+++ b/config/shield.ts
@@ -0,0 +1,243 @@
1/**
2 * Config source: https://git.io/Jvwvt
3 *
4 * Feel free to let us know via PR, if you find something broken in this config
5 * file.
6 */
7
8import Env from '@ioc:Adonis/Core/Env';
9import { ShieldConfig } from '@ioc:Adonis/Addons/Shield';
10
11/*
12|--------------------------------------------------------------------------
13| Content Security Policy
14|--------------------------------------------------------------------------
15|
16| Content security policy filters out the origins not allowed to execute
17| and load resources like scripts, styles and fonts. There are wide
18| variety of options to choose from.
19*/
20export const csp: ShieldConfig['csp'] = {
21 /*
22 |--------------------------------------------------------------------------
23 | Enable/disable CSP
24 |--------------------------------------------------------------------------
25 |
26 | The CSP rules are disabled by default for seamless onboarding.
27 |
28 */
29 enabled: false,
30
31 /*
32 |--------------------------------------------------------------------------
33 | Directives
34 |--------------------------------------------------------------------------
35 |
36 | All directives are defined in camelCase and here is the list of
37 | available directives and their possible values.
38 |
39 | https://content-security-policy.com
40 |
41 | @example
42 | directives: {
43 | defaultSrc: ["'self'", '@nonce', 'cdnjs.cloudflare.com']
44 | }
45 |
46 */
47 directives: {},
48
49 /*
50 |--------------------------------------------------------------------------
51 | Report only
52 |--------------------------------------------------------------------------
53 |
54 | Setting `reportOnly=true` will not block the scripts from running and
55 | instead report them to a URL.
56 |
57 */
58 reportOnly: false,
59};
60
61/*
62|--------------------------------------------------------------------------
63| CSRF Protection
64|--------------------------------------------------------------------------
65|
66| CSRF Protection adds another layer of security by making sure, actionable
67| routes does have a valid token to execute an action.
68|
69*/
70export const csrf: ShieldConfig['csrf'] = {
71 /*
72 |--------------------------------------------------------------------------
73 | Enable/Disable CSRF
74 |--------------------------------------------------------------------------
75 */
76 enabled: Env.get('NODE_ENV') === 'production',
77
78 /*
79 |--------------------------------------------------------------------------
80 | Routes to Ignore
81 |--------------------------------------------------------------------------
82 |
83 | Define an array of route patterns that you want to ignore from CSRF
84 | validation. Make sure the route patterns are started with a leading
85 | slash. Example:
86 |
87 | `/foo/bar`
88 |
89 | Also you can define a function that is evaluated on every HTTP Request.
90 | ```
91 | exceptRoutes: ({ request }) => request.url().includes('/api')
92 | ```
93 |
94 */
95 exceptRoutes: ctx => {
96 // ignore all routes starting with /v1/ (api)
97 return (
98 ctx.request.url().includes('/v1/') ||
99 ctx.request.url().includes('/import')
100 );
101 },
102
103 /*
104 |--------------------------------------------------------------------------
105 | Enable Sharing Token Via Cookie
106 |--------------------------------------------------------------------------
107 |
108 | When the following flag is enabled, AdonisJS will drop `XSRF-TOKEN`
109 | cookie that frontend frameworks can read and return back as a
110 | `X-XSRF-TOKEN` header.
111 |
112 | The cookie has `httpOnly` flag set to false, so it is little insecure and
113 | can be turned off when you are not using a frontend framework making
114 | AJAX requests.
115 |
116 */
117 enableXsrfCookie: true,
118
119 /*
120 |--------------------------------------------------------------------------
121 | Methods to Validate
122 |--------------------------------------------------------------------------
123 |
124 | Define an array of HTTP methods to be validated for a valid CSRF token.
125 |
126 */
127 methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
128};
129
130/*
131|--------------------------------------------------------------------------
132| DNS Prefetching
133|--------------------------------------------------------------------------
134|
135| DNS prefetching allows browsers to proactively perform domain name
136| resolution in background.
137|
138| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
139|
140*/
141export const dnsPrefetch: ShieldConfig['dnsPrefetch'] = {
142 /*
143 |--------------------------------------------------------------------------
144 | Enable/disable this feature
145 |--------------------------------------------------------------------------
146 */
147 enabled: true,
148
149 /*
150 |--------------------------------------------------------------------------
151 | Allow or Dis-Allow Explicitly
152 |--------------------------------------------------------------------------
153 |
154 | The `enabled` boolean does not set `X-DNS-Prefetch-Control` header. However
155 | the `allow` boolean controls the value of `X-DNS-Prefetch-Control` header.
156 |
157 | - When `allow = true`, then `X-DNS-Prefetch-Control = 'on'`
158 | - When `allow = false`, then `X-DNS-Prefetch-Control = 'off'`
159 |
160 */
161 allow: true,
162};
163
164/*
165|--------------------------------------------------------------------------
166| Iframe Options
167|--------------------------------------------------------------------------
168|
169| xFrame defines whether or not your website can be embedded inside an
170| iframe. Choose from one of the following options.
171|
172| - DENY
173| - SAMEORIGIN
174| - ALLOW-FROM http://example.com
175|
176| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
177*/
178export const xFrame: ShieldConfig['xFrame'] = {
179 enabled: true,
180 action: 'DENY',
181};
182
183/*
184|--------------------------------------------------------------------------
185| Http Strict Transport Security
186|--------------------------------------------------------------------------
187|
188| A security to ensure that a browser always makes a connection over
189| HTTPS.
190|
191| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
192|
193*/
194export const hsts: ShieldConfig['hsts'] = {
195 enabled: true,
196 /*
197 |--------------------------------------------------------------------------
198 | Max Age
199 |--------------------------------------------------------------------------
200 |
201 | Control, how long the browser should remember that a site is only to be
202 | accessed using HTTPS.
203 |
204 */
205 maxAge: '180 days',
206
207 /*
208 |--------------------------------------------------------------------------
209 | Include Subdomains
210 |--------------------------------------------------------------------------
211 |
212 | Apply rules on the subdomains as well.
213 |
214 */
215 includeSubDomains: true,
216
217 /*
218 |--------------------------------------------------------------------------
219 | Preloading
220 |--------------------------------------------------------------------------
221 |
222 | Google maintains a service to register your domain and it will preload
223 | the HSTS policy. Learn more https://hstspreload.org/
224 |
225 */
226 preload: false,
227};
228
229/*
230|--------------------------------------------------------------------------
231| No Sniff
232|--------------------------------------------------------------------------
233|
234| Browsers have a habit of sniffing content-type of a response. Which means
235| files with .txt extension containing Javascript code will be executed as
236| Javascript. You can disable this behavior by setting nosniff to false.
237|
238| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
239|
240*/
241export const contentTypeSniffing: ShieldConfig['contentTypeSniffing'] = {
242 enabled: true,
243};
diff --git a/config/static.ts b/config/static.ts
new file mode 100644
index 0000000..1f7c88f
--- /dev/null
+++ b/config/static.ts
@@ -0,0 +1,10 @@
1import { AssetsConfig } from '@ioc:Adonis/Core/Static';
2
3const staticConfig: AssetsConfig = {
4 enabled: true,
5 dotFiles: 'ignore',
6 etag: true,
7 lastModified: true,
8};
9
10export default staticConfig;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-01 09:12:44 +0000