Table of Contents

Configuration

The RePoSyD server is customizable through the configuration file.

Application

Key Default Type Usage
application
application.url http://localhost string Application URL. Used, for example, for HTTP links in emails.

Authentification

Key Default Type Usage
authentification [repository] string|object[] List of the strategies for user authentification

Available Strategies

Repository

This is the default strategy for authenticating a user.

{
  "authentification": ["repository"]
}

LDAP

LDAP Server
{
  "authentification": [{
    "type": "ldap",
    "ldap": {
      "url": "ldaps://localhost:636"
      "users": {
        "attribteName": "cn",
        "dn": "cn={{username}},ou=users,dc=test"
        "searchBase": "cn=Users,dc=test",
      },
        "groups": {
        "attributeName": "dn",
        "groupName": "RePoSyD User",
        "memberAttribute": "member",
        "objectClass": "group",
        "searchBase": "cn=Users,dc=test"
       },
     }
  }]
}
Active Directory Server
{
  "authentification": [{
    "type": "ldap",
    "ldap": {
      "url": "ldaps://localhost:389"
      "users": {
        "attribteName": "sAMAccountName",
        "dn": "DOMAIN\{{username}}"
        "searchBase": "ou=users,dc=test",
      },
        "groups": {
        "attributeName": "cn",
        "groupName": "reposyd",
        "memberAttribute": "member",
        "objectClass": "group",
        "searchBase": "ou=group,dc=reposyd,dc=test"
       },
     }
  }]
}

IIS Web Config

<rewrite>
  <rules>
    <clear/>
    <rule name="RePoSyD API" enabled="true" stopProcessing="true">
      <match url="^api/(.*)"/>
      <conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
      <action type="Rewrite" url="http://localhost:3000/{R:1}"/>
    </rule>
    <rule name="RePoSyD Auth" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
      <match url="^auth/(.*)"/>
      <conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
      <action type="Rewrite" url="http://localhost:3000/auth/{R:1}" logRewrittenUrl="true"/>
    </rule>
  </rules>
  <outboundRules>
    <preConditions>
      <preCondition name="ResponseIsHtml1">
        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html"/>
      </preCondition>
    </preConditions>
  </outboundRules>
</rewrite>
HTTPS Redirect
<rule name="HTTPS-Redirect" stopProcessing="true">
  <match url="(.*)"/>
  <conditions>
    <add input="{HTTPS}" pattern="^OFF$"/>
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false"/>
</rule>

EMail

Key Default Type Usage
email
email.preview false boolean If true, the email preview is shown in the default browser and not send. Should be used for development purposes only.
email.replyAddress string Reply address used in emails.
email.supportAddress string Mail address of the support organization maintaining RePoSyD.
email.templates string Folder containing the templates used for generating emails.

Event Handler

Key Default Type Usage
eventHandler [“actiontracking”, “repository”, “role”] string[] List of activated event handlers.

Built-in Event Handler

Action Tracking

Sends a notification email to action responsible.

Event Logger

Captures all events and writes them to the log as debug output (logging level: “debug”.

Repository

Role

JSON Web Token (JWT)

Key Default Type Usage
jwt
jwt.secret null string secret key used to encrypt the tokens. If null or undefined, the internal secret key is generated.
!! SECURITY WARNING!!
DO NOT USE THE SECRET OPTION IN A PRODUCTION ENVIRONMENT, UNLESS YOU KNOW WHAT YOU ARE DOING!
jwt.ttl.access 360s string Time to live for the access token, expressed in seconds or a string describing a time span vercel/ms.
jwt.ttl.refresh 24h string Time to live for the refresh token, expressed in seconds or a string describing a time span vercel/ms.

Logging

Key Default Type Usage
logging
logging.level info string
logging.colorize boolean true If true, the console output is colorized according to the message level.
logging.console.enabled false boolean If true, messages are displayed on the console (stdout).
logging.file.enabled false boolean If true, messages are written in the specified log file.
logging.filename string reposyd.log Name of the log file
logging.file.maxSize 500 number Maximum size of the file, after which it will be archived. This can be a number of bytes, or units of kb, mb, and gb. If using the units, add 'k', 'm', or 'g' as the suffix. The units need to directly follow the number.
logging.file.maxFiles 10 number Maximum number of logs to keep. If not set, no logs will be removed. This can be a number of files or number of days. If using days, add 'd' as the suffix. It uses auditFile to keep track of the log files in a json format. It won't delete any file not contained in it. It can be a number of files or number of days.
logging.rotation.enabled false boolean If true, log file rotation is enabled.
logging.rotation.createSymlink false boolean Create a tailable symlink to the current active log file
logging.rotation.folder . string The folder name to save log files to.
logging.rotation.maxSize 500k string Maximum size of the file after which it will rotate. This can be a number of bytes, or units of kb, mb, and gb. If using the units, add 'k', 'm', or 'g' as the suffix. The units need to directly follow the number.
logging.rotation.maxFiles 14d string Maximum number of logs to keep. If not set, no logs will be removed. This can be a number of files or number of days. If using days, add 'd' as the suffix. It uses auditFile to keep track of the log files in a json format. It won't delete any file not contained in it. It can be a number of files or number of days.
logging.rotation.symlinkName reposyd.log string The name of the tailable symlink.
logging.rotation.utc true boolean Use UTC time for date in filename.
logging.rotation.zippedArchive true boolean If true, the archived log files are gzipped.
logging.service string reposyd service name

PDFMake

Key Default Type Usage
pdfmake
pdfmake.fonts string URL of the repository, e.g. 'sqlite:/var/opt/reposyd/database?database=reposyd.sqlite'

Repository

Key Default Type Usage
repository
repository.url string URL of the repository, e.g. 'sqlite:/var/opt/reposyd/database?database=reposyd.sqlite'

Report Generator

Key Default Type Usage
reportGenerator
reportGenerator.fonts /reposyd/data/fonts string Folder with the available fonts
reportGenerator.pdfmake
{
 "reportGenerator": {
  "pdfmake": {
   "compressed": true,
   "fonts": {
    "<fontname>": {
      "normal": "<file>",
      "bold": "<file>",
      "italics": "<file>",
      "bolditalics": "<file>"
    }
   }
  }
 }
}

Restify

Key Default Type Usage
restify
restify.host localhost string Specifies the host interface on which the restify listens. Use '0.0.0.0' to listen on all interfaces.
restify.port 3000 string Port number on the interface.
restify.ssl.cert string
restify.ssl.key string

Services

Key Default Type Usage
services [“actiontracking”] stringobject[] List of activated services.

Built-in Services

Action Tracking

The action tracking services generates emails for overdue actions and sends them to the responsible users. For using the default configuration, add a string value to the list of activated services.

"services": ["actiontracking"]

To run the service with custom option, add a object value to the list.

"services": [{ "name": "actiontracking", "whine": { "interval": "* * * 12" } }]
Key Default Type Usage
whine.interval * * !6-7 12“ string The string value defines the interval for whining about overdue actions. timexe
In the default configuration, the service is executed from Monday to Friday at 12 noon.

SMTP

Key Default Type Usage
smtp
smtp.host string This option specifies the SMTP used for sending messages. To use the local SMTP, set this option to 'localhost'. Otherwise use a fully qualified domain name.
smtp.port 25 number This option specifies the SMTP port to use.
smtp.user string Username for SMTP server authentification.
smtp.password string Password used for SMTP server authentification
smtp.check false boolean If true, the SMTP server connection is checked at startup.
smtp.secure false boolean If true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false
smtp.tls.rejectUnauthorized false boolean If true, the server certificate is not validated against the list of CAs.
smtp.tls.ignore false boolean If true and secure is false then TLS is not used even if the server supports STARTTLS extension.
smtp.tls.require false boolean If this is true and secure is false then Nodemailer tries to use STARTTLS even if the server does not advertise support for it. If the connection can not be encrypted then message is not sent

Configuration File

Example Development Environment

{
  "application": {
    "url": "http://localhost"
  },
  "authentification": ["repository"],
  "jwt": {
    "secret": "!!##@@changeme@@##!!"
  },
  "logging": {
    "console": {
      "enabled": true
    },
    "file": {
      "enabled": false
    },
    "rotation": {
      "enabled": false
    },
    "syslog": {
      "enabled": false
    },
    "level": "debug",
    "service": "reposyd-devel"
  },
  "eventHandler": ["actiontracking", "repository", "role"],
  "services": [
    {
      "name": "actiontracking",
      "debug": false,
      "whine": {
        "atStartup": false,
        "interval": "* * !6-7 12"
      }
    }
  ],
  "repository": {
    "url": "sqlite:d:/reposyd/carbcat/database?database=reposyd.sqlite"
  },
  "restify": {
    "host": "127.0.0.1",
    "port": 3000
  }
}