Customization
Knut Ahlers edited this page Feb 22, 2024
·
5 revisions
In order to be adjustable to your needs there are some ways to customize your OTS setup. All of those require you to create a YAML file containing the definitions of your customizations and to load this file through the --customize=path/to/customize.yaml:
# Override the app-icon, present a path to the image to use, if unset
# or empty the default FontAwesome icon will be displayed. Recommended
# is a height of 30px.
appIcon: ''
# Override the app-title, if unset or empty the default app-title
# "OTS - One Time Secrets" will be used
appTitle: ''
# Disable display of the app-title (for example if you included the
# title within the appIcon)
disableAppTitle: false
# Disable the dropdown and the API functionality to override the
# secret expiry
disableExpiryOverride: false
# Disable the footer linking back to the project. If you disable it
# please consider a donation to support the project.
#
# If you are enabling this option and are a business using OTS please
# consider supporting the development of OTS. Have a look at the main
# repository page for options. If you want an invoice for the support
# consider this Ko-fi shop item: https://ko-fi.com/s/47a6211469
disablePoweredBy: false
# Disable the button to display and the generation of the QR-Code
# for the secret URL
disableQRSupport: false
# Disable the switcher for dark / light theme in the top right corner
# for example if your custom theme does not support two themes.
disableThemeSwitcher: false
# Override the choices to be displayed in the expiry dropdown. Values
# are given in seconds and the order of the values controls the order
# in the dropdown.
expiryChoices: [300, ...]
# Custom path to override embedded resources. You can override any
# file present in the `frontend` directory (which is baked into the
# binary during compile-time). You also can add new files (for
# example the appIcon given above). Those files are available at the
# root of the application (i.e. an app.png would be served at
# https://ots.example.com/app.png).
overlayFSPath: /path/to/ots-customization
# Switch to formal translations for languages having those defined.
# Languages not having a formal version will still display the normal
# translations in the respective language.
useFormalLanguage: false
# Define which file types are selectable by the user when uploading
# files to attach. This fuels the `accept` attribute of the file
# select and requires the same format.
#
# Pay attention this is NOT suited as a security measure as this is
# purely a frontend implementation and can easily be circumvented. The
# client tool does NOT check those file types and the server is not
# able to check them as it never sees the real content of the file.
#
# https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#accept
acceptedFileTypes: ''
# Disable the file attachment functionality alltogether. Keep in mind
# this also is just a frontend configuration. The server cannot see
# whether it got a 11kb secret or a 1kb secret and a 10kb file
# attached as they are encrypted into one single blob.
disableFileAttachment: false
# Define how big all attachments might be in bytes. Leave it set to
# zero to use the internal limit of 64 MiB (which is there to ensure
# the encrypted object does not cause the frontend to break).
#
# This size is checked by the frontend, not on the server side! To
# limit the size of data someone can send you limit the maximum body
# size of the request in the proxy in front of OTS.
maxAttachmentSizeTotal: 0
# Set a maximum size for secrets in total. Secrets bigger than this
# will be rejected by the server and not stored.
#
# When setting this keep in mind the attachments (which maximum size
# you've configured above) are base64 encoded and will grow approx
# to 4/3 of their former size. Afterwards they are combined with the
# secret and again base64 encoded (meaning another size increase).
# Given an attachment size of 64MiB and the formula `64*(4/3)*(4/3)`
# this would mean the secret could grow to ~120MiB in total size.
#
# The internal default uses the 64MiB max attachment size set by the
# frontend, increased by 1MiB and multiplied for base64 encoding:
maxSecretSize: 121168782 # 65 * 1024 * 1024 * (16 / 9) = 115.6MiB
# Allow access to /metrics endpoint for Prometheus metrics collection.
# Specify subnets to allow access from: Default is an empty list which
# denies all access to the metrics endpoint. When specifying a single
# IP you need to specify it in subnet notation: `127.0.0.1/32`
#
# To allow access from all sources (and then limit the endpoint in the
# proxy / ingress for security reason) use this list:
#metricsAllowedSubnets: ['0.0.0.0/0', '::/0']
metricsAllowedSubnets: [] # Default: Deny allTo override the styling of the application have a look at the src/style.scss file how the theme of the application is built and present the compiled app.css in the overlayFSPath.
After modifying files in the overlayFSPath make sure to restart the application as otherwise the file integrity hashes are no longer matching and your resources will be blocked by the browsers.
If you want to disable secret creation for users not logged into your company SSO you can apply an ACL on the /api/create and /api/isWritable endpoints to allow access to them only for logged in users. This will also disable the secret-creation interface for all not having access to the /api/isWritable endpoint.