[ENG-1037] - More docs

Phara0h · Sep 27, 2019 · eb4806a · eb4806a
1 parent 19d02a8
commit eb4806a
Show file tree

Hide file tree

Showing 11 changed files with 3,151 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 <h1 style="display:flex;">
-  <span style="background-color: black; filter: invert(100%); margin-right:10px">
-    <img src="/client/assets/logo.svg" data-canonical-src="/client/assets/logo.svg" width="42" height="42"/>
+  <span style="margin-right:10px">
+    <img src="/client/assets/logo-invert.svg" data-canonical-src="/client/assets/logo-invert.svg" width="42" height="42"/>
   </span>
   Travelling
 </h1>
@@ -217,5 +217,67 @@ ___
 *The absolute filepath to the logo to be displayed on the client side.* </br>
 > **Default**: `travelling/client/assets/logo.svg`
 
+##### TRAVELLING_PORTAL_STYLES
+*The absolute filepath to the css file to be displayed on the client side.* </br>
+> **Default**: `travelling/client/assets/styles.css`
+
+##### TRAVELLING_PORTAL_ICON
+*The absolute filepath to the faveicon to be displayed on the client side.* </br>
+> **Default**: `travelling/client/assets/favicon.ico`
+___
+
+### Proxy
+
+##### TRAVELLING_PROXY_TIMEOUT
+*How long in seconds the proxy should wait on a request to finish. `0` is Infinity* </br>
+> **Default**: `0`
+___
+
+### Redis
+
+##### TRAVELLING_REDIS_ENABLE
+*Enables redis to be used when multiple instances of travelling are running and being load balanced against.* </br>
+> **Default**: `false` Uses in memory store which could be problematic depending on how many groups and routes there are.
+
+##### TRAVELLING_REDIS_URL
+*The URL to a redis instance to be used by travelling as a data store.* </br>
+> **Default**: `redis://127.0.0.1:6379/`
+
+##### TRAVELLING_REDIS_EVENTS_URL
+*The URL to a redis instance to be used by travelling as a pub/sub event system.* </br>
+> **Default**: `redis://127.0.0.1:6379/`
+___
+
+### Cookie
+
+Travelling uses a dual cookie system. One is a persistent token cookie for longterm login and the other is a short lived session cookie made to put less load on the system and speed things up making it not need to decrypt the token cookie every request.
+
+##### TRAVELLING_COOKIE_SESSION_SECRET
+*The session secret used to generate the session cookie with. This needs to stay a secret and should be changed ever so often for [security](#Security) reasons* </br>
+> **Default**: ` ` This needs to be set!
+
+##### TRAVELLING_COOKIE_SESSION_EXPIRATION
+*How long the session cookie will last for in seconds. Recommended to set it to the average number of seconds a user tends to use your service for.* </br>
+> **Default**: `300`
+
+##### TRAVELLING_COOKIE_TOKEN_SECRET
+*The token secret used to generate the persistent token cookie with. This needs to stay a secret and should be changed ever so often for [security](#Security) reasons* </br>
+> **Default**: ` ` This needs to be set!
+
+##### TRAVELLING_COOKIE_DOMAIN
+*How long the persistent token cookie will last for in days.* </br>
+> **Default**: `30`
+
+##### TRAVELLING_COOKIE_TOKEN_EXPIRATION
+*How long the persistent token cookie will last for in days.* </br>
+> **Default**: `30`
+
+##### TRAVELLING_COOKIE_TOKEN_EXPIRATION
+*How long the persistent token cookie will last for in days.* </br>
+> **Default**: `30`
+
+
+
+___
 
 ## Security
diff --git a/client/assets/logo-invert.svg b/client/assets/logo-invert.svg
diff --git a/client/assets/logo.svg b/client/assets/logo.svg
diff --git a/include/routes/v1/auth.js b/include/routes/v1/auth.js
@@ -36,6 +36,7 @@ var login = async (user, req, res, router) => {
             expires: Date.now(),
             secure: config.https,
             httpOnly: true,
+            domain: config.cookie.domain,
             path: '/',
         });
         res.redirect(url[0] === 'GET' ? 301 : 303, url[1]);
@@ -253,6 +254,7 @@ module.exports = function(app, opts, done) {
                 res.setCookie('trav:codecheck', token, {
                     expires: new Date(Date.now() + 12000),
                     secure: config.https,
+                    domain: config.cookie.domain,
                     httpOnly: true,
                     path: '/travelling/api/v1/auth/oauth/authorize',
                 });

diff --git a/include/server/router.js b/include/server/router.js
@@ -55,8 +55,9 @@ class Router {
         var grps = await Group.findAll();
 
         this.mappedGroups = {};
-        this.unmergedGroups = grps;
+        this.unmergedGroups = [];
         for (var i = 0; i < grps.length; i++) {
+            this.unmergedGroups.push(grps[i]);
             this.mappedGroups[grps[i].id] = grps[i]._;
             this.groups[grps[i].name] = database.groupInheritedMerge(new Group(grps[i]._), grps);
         }
@@ -353,6 +354,7 @@ class Router {
             expires: new Date(Date.now() + 240000),
             secure: config.https,
             httpOnly: true,
+            domain: config.cookie.domain,
             path: '/',
         });
     }

diff --git a/include/utils/auth.js b/include/utils/auth.js
@@ -9,7 +9,9 @@ var logout = (req, res) => {
     CookieToken.removeAuthCookie(res);
     res.setCookie('trav:ssid', null, {
         expires: Date.now(),
+        httpOnly: true,
         secure: config.https,
+        domain: config.cookie.domain,
         path: '/',
     });
     req.isAuthenticated = false;

diff --git a/include/utils/config.js b/include/utils/config.js
@@ -51,12 +51,12 @@ const config = {
     cookie: {
         session: {
             secret: misc.isSetDefault(process.env.TRAVELLING_COOKIE_SESSION_SECRET, null),
-            expiration: misc.isSetDefault(Number(process.env.TRAVELLING_COOKIE_SESSION_EXPIRATION), 10), // seconds
+            expiration: misc.isSetDefault(Number(process.env.TRAVELLING_COOKIE_SESSION_EXPIRATION), 300), // seconds
         },
         token: {
             secret: misc.isSetDefault(process.env.TRAVELLING_COOKIE_TOKEN_SECRET, null),
             salt: misc.isSetDefault(process.env.TRAVELLING_COOKIE_TOKEN_SALT, null),
-            expiration: misc.isSetDefault(Number(process.env.TRAVELLING_COOKIE_TOKEN_EXPIRATION), 90), // days
+            expiration: misc.isSetDefault(Number(process.env.TRAVELLING_COOKIE_TOKEN_EXPIRATION), 30), // days
         },
         domain: misc.isSetDefault(process.env.TRAVELLING_COOKIE_DOMAIN, null),
         security: {

diff --git a/include/utils/cookietoken.js b/include/utils/cookietoken.js
@@ -49,6 +49,7 @@ class CookieToken {
             expires: new Date(date.getTime() + config.cookie.token.expiration * 86400000),
             secure: config.https,
             httpOnly: true,
+            domain: config.cookie.domain,
             path: '/',
         });
         return res;
@@ -59,6 +60,7 @@ class CookieToken {
             expires: Date.now(),
             secure: config.https,
             httpOnly: true,
+            domain: config.cookie.domain,
             path: '/',
         });
         return res;

diff --git a/index.js b/index.js
@@ -118,6 +118,7 @@ app.register(fastifySession, {
         secure: config.https,
         httpOnly: true,
         maxAge: config.cookie.session.expiration * 1000,
+        domain: config.cookie.domain,
     },
     cookieName: 'trav:ssid',
     saveUninitialized: false,