Configuration
The RePoSyD server is customizable through the configuration file.
Application
Key | Default | Type | Usage |
application | | |
application.url | http://localhost | string | Application URL. Used, for example, for HTTP links in emails. |
Authentification
Key | Default | Type | Usage |
authentification | [repository] | string|object[] | List of the strategies for user authentification |
Available Strategies
Repository
This is the default strategy for authenticating a user.
{
"authentification": ["repository"]
}
LDAP
LDAP Server
{
"authentification": [{
"type": "ldap",
"ldap": {
"url": "ldaps://localhost:636"
"users": {
"attribteName": "cn",
"dn": "cn={{username}},ou=users,dc=test"
"searchBase": "cn=Users,dc=test",
},
"groups": {
"attributeName": "dn",
"groupName": "RePoSyD User",
"memberAttribute": "member",
"objectClass": "group",
"searchBase": "cn=Users,dc=test"
},
}
}]
}
Active Directory Server
{
"authentification": [{
"type": "ldap",
"ldap": {
"url": "ldaps://localhost:389"
"users": {
"attribteName": "sAMAccountName",
"dn": "DOMAIN\{{username}}"
"searchBase": "ou=users,dc=test",
},
"groups": {
"attributeName": "cn",
"groupName": "reposyd",
"memberAttribute": "member",
"objectClass": "group",
"searchBase": "ou=group,dc=reposyd,dc=test"
},
}
}]
}
IIS Web Config
<rewrite>
<rules>
<clear/>
<rule name="RePoSyD API" enabled="true" stopProcessing="true">
<match url="^api/(.*)"/>
<conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
<action type="Rewrite" url="http://localhost:3000/{R:1}"/>
</rule>
<rule name="RePoSyD Auth" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^auth/(.*)"/>
<conditions logicalGrouping="MatchAll" trackAllCaptures="false"/>
<action type="Rewrite" url="http://localhost:3000/auth/{R:1}" logRewrittenUrl="true"/>
</rule>
</rules>
<outboundRules>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html"/>
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
HTTPS Redirect
<rule name="HTTPS-Redirect" stopProcessing="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false"/>
</rule>
EMail
Key | Default | Type | Usage |
email | | |
email.preview | false | boolean | If true, the email preview is shown in the default browser and not send. Should be used for development purposes only. |
email.replyAddress | | string | Reply address used in emails. |
email.supportAddress | | string | Mail address of the support organization maintaining RePoSyD. |
email.templates | | string | Folder containing the templates used for generating emails. |
Event Handler
Key | Default | Type | Usage |
eventHandler | [“actiontracking”, “repository”, “role”] | string[] | List of activated event handlers. |
Built-in Event Handler
Action Tracking
Sends a notification email to action responsible.
Event Logger
Captures all events and writes them to the log as debug output (logging level: “debug”.
Repository
Role
JSON Web Token (JWT)
Key | Default | Type | Usage |
jwt | | |
jwt.secret | null | string | secret key used to encrypt the tokens. If null or undefined, the internal secret key is generated.
!! SECURITY WARNING!!
DO NOT USE THE SECRET OPTION IN A PRODUCTION ENVIRONMENT, UNLESS YOU KNOW WHAT YOU ARE DOING! |
jwt.ttl.access | 360s | string | Time to live for the access token, expressed in seconds or a string describing a time span vercel/ms. |
jwt.ttl.refresh | 24h | string | Time to live for the refresh token, expressed in seconds or a string describing a time span vercel/ms. |
Logging
Key | Default | Type | Usage |
logging | | |
logging.level | info | string | |
logging.colorize | boolean | true | If true, the console output is colorized according to the message level. |
logging.console.enabled | false | boolean | If true, messages are displayed on the console (stdout). |
logging.file.enabled | false | boolean | If true, messages are written in the specified log file. |
logging.filename | string | reposyd.log | Name of the log file |
logging.file.maxSize | 500 | number | Maximum size of the file, after which it will be archived. This can be a number of bytes, or units of kb, mb, and gb. If using the units, add 'k', 'm', or 'g' as the suffix. The units need to directly follow the number. |
logging.file.maxFiles | 10 | number | Maximum number of logs to keep. If not set, no logs will be removed. This can be a number of files or number of days. If using days, add 'd' as the suffix. It uses auditFile to keep track of the log files in a json format. It won't delete any file not contained in it. It can be a number of files or number of days. |
logging.rotation.enabled | false | boolean | If true, log file rotation is enabled. |
logging.rotation.createSymlink | false | boolean | Create a tailable symlink to the current active log file |
logging.rotation.folder | . | string | The folder name to save log files to. |
logging.rotation.maxSize | 500k | string | Maximum size of the file after which it will rotate. This can be a number of bytes, or units of kb, mb, and gb. If using the units, add 'k', 'm', or 'g' as the suffix. The units need to directly follow the number. |
logging.rotation.maxFiles | 14d | string | Maximum number of logs to keep. If not set, no logs will be removed. This can be a number of files or number of days. If using days, add 'd' as the suffix. It uses auditFile to keep track of the log files in a json format. It won't delete any file not contained in it. It can be a number of files or number of days. |
logging.rotation.symlinkName | reposyd.log | string | The name of the tailable symlink. |
logging.rotation.utc | true | boolean | Use UTC time for date in filename. |
logging.rotation.zippedArchive | true | boolean | If true, the archived log files are gzipped. |
logging.service | string | reposyd | service name |
PDFMake
Key | Default | Type | Usage |
pdfmake | | |
pdfmake.fonts | | string | URL of the repository, e.g. 'sqlite:/var/opt/reposyd/database?database=reposyd.sqlite' |
Repository
Key | Default | Type | Usage |
repository | | |
repository.url | | string | URL of the repository, e.g. 'sqlite:/var/opt/reposyd/database?database=reposyd.sqlite' |
Report Generator
Key | Default | Type | Usage |
reportGenerator | | |
reportGenerator.fonts | /reposyd/data/fonts | string | Folder with the available fonts |
reportGenerator.pdfmake | | | |
{
"reportGenerator": {
"pdfmake": {
"compressed": true,
"fonts": {
"<fontname>": {
"normal": "<file>",
"bold": "<file>",
"italics": "<file>",
"bolditalics": "<file>"
}
}
}
}
}
Restify
Key | Default | Type | Usage |
restify | | |
restify.host | localhost | string | Specifies the host interface on which the restify listens. Use '0.0.0.0' to listen on all interfaces. |
restify.port | 3000 | string | Port number on the interface. |
restify.ssl.cert | | string | |
restify.ssl.key | | string | |
Services
Key | Default | Type | Usage | |
services | [“actiontracking”] | string | object[] | List of activated services. |
Built-in Services
Action Tracking
The action tracking services generates emails for overdue actions and sends them to the responsible users.
For using the default configuration, add a string value to the list of activated services.
"services": ["actiontracking"]
To run the service with custom option, add a object value to the list.
"services": [{ "name": "actiontracking", "whine": { "interval": "* * * 12" } }]
Key | Default | Type | Usage |
whine.interval | * * !6-7 12“ | string | The string value defines the interval for whining about overdue actions. timexe
In the default configuration, the service is executed from Monday to Friday at 12 noon. |
SMTP
Key | Default | Type | Usage |
smtp | | |
smtp.host | | string | This option specifies the SMTP used for sending messages. To use the local SMTP, set this option to 'localhost'. Otherwise use a fully qualified domain name. |
smtp.port | 25 | number | This option specifies the SMTP port to use. |
smtp.user | | string | Username for SMTP server authentification. |
smtp.password | | string | Password used for SMTP server authentification |
smtp.check | false | boolean | If true, the SMTP server connection is checked at startup. |
smtp.secure | false | boolean | If true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false |
smtp.tls.rejectUnauthorized | false | boolean | If true, the server certificate is not validated against the list of CAs. |
smtp.tls.ignore | false | boolean | If true and secure is false then TLS is not used even if the server supports STARTTLS extension. |
smtp.tls.require | false | boolean | If this is true and secure is false then Nodemailer tries to use STARTTLS even if the server does not advertise support for it. If the connection can not be encrypted then message is not sent |
Configuration File
Example Development Environment
{
"application": {
"url": "http://localhost"
},
"authentification": ["repository"],
"jwt": {
"secret": "!!##@@changeme@@##!!"
},
"logging": {
"console": {
"enabled": true
},
"file": {
"enabled": false
},
"rotation": {
"enabled": false
},
"syslog": {
"enabled": false
},
"level": "debug",
"service": "reposyd-devel"
},
"eventHandler": ["actiontracking", "repository", "role"],
"services": [
{
"name": "actiontracking",
"debug": false,
"whine": {
"atStartup": false,
"interval": "* * !6-7 12"
}
}
],
"repository": {
"url": "sqlite:d:/reposyd/carbcat/database?database=reposyd.sqlite"
},
"restify": {
"host": "127.0.0.1",
"port": 3000
}
}