RAINCATCH-1262 - server side config improvements (#122)

* RAINCATCH-1262 - server side config improvements

* Externalize port

demo/server/README.md

@@ -29,13 +29,13 @@ URL controlled by `process.env.REDIS_CONNECTION_URL` and `config-{env}.json` fil
 
 Demo offers different configuration profiles depending on where application will be deployed.
 
-- config-dev.json (for developer/local setup - used by default)
-- config-prod.json (for production uses)
+- config-dev.js (for developer/local setup - used by default)
+- config-prod.js (for production uses)
 
 Profiles can be changed using `process.env.CONFIG_PROFILE` variable.
 For example:
 ```
 // use production profile.
 process.env.CONFIG_PROFILE === 'prod'
-// it will load config-prod.json file in top level application
+// it will load config-prod.js file in top level application
 ```

demo/server/config-dev.js

@@ -0,0 +1,77 @@
+
+
+// Server side application configuration
+var config = {
+  // Application port number
+  "port": process.env.PORT || process.env.FH_PORT || 8001,
+  "morganOptions": "dev",
+  "logStackTraces": true,
+  // Use this parameter to disable inserting demo data into mongodb
+  "seedDemoData": true,
+  // General security configuration
+  "security": {
+    "adminRole": "admin",
+    "userRole": "user",
+    // Passport.js security configuration
+    "passportjs": {
+      // Passport.js secret for JWT tokens. Provide custom value even for development needs
+      "jwtSecret": "D837131FD17F62CB85FBD5919563086369691F4D42379C3596F811839A8992CBA1FBA88DF243BF2481940F112D339C33283BDFEF29A13612550EDAAAB7B5E061",
+      // Allows to provide custom login page messages
+      "portalLoginPage": {
+        "title": "RainCatcher Portal",
+        "invalidMessage": "Invalid Credentials"
+      },
+    },
+    // Keycloak configuration. Uncomment to enable keycloak integration
+    // "keycloak": {
+    //   "realm": "",
+    //   "bearer-only": true,
+    //   "auth-server-url": "",
+    //   "ssl-required": "",
+    //   "resource": "",
+    //   "use-resource-role-mappings": true
+    // }
+  },
+  "sync": {
+    // Required to handle UI.
+    "customDataHandlers": true
+  },
+  // See bunyan.d.ts/LoggerOptions
+  "bunyanConfig": {
+    "name": "Demo application",
+    "level": "debug"
+  },
+  // Database configuration
+  "mongodb": {
+    "url": getMongoUrl(),
+    "options": {}
+  },
+  // Cache layer configuration
+  "redis": {
+    "url": getRedisUrl()
+  },
+}
+
+function getMongoUrl() {
+  if (process.env.MONGO_CONNECTION_URL) {
+    return process.env.MONGO_CONNECTION_URL
+  }
+  if (process.env.FH_MONGODB_CONN_URL) {
+    // Legacy env variable only to support in house systems
+    return process.env.FH_MONGODB_CONN_URL;
+  }
+  return "mongodb://127.0.0.1:27017/raincatcher";
+}
+
+function getRedisUrl() {
+  if (process.env.REDIS_CONNECTION_URL) {
+    return process.env.REDIS_CONNECTION_URL
+  }
+  // Legacy env variable only to support in house systems
+  if (process.env.FH_REDIS_HOST) {
+    return 'redis://' + process.env.FH_REDIS_HOST + ':' + process.env.FH_REDIS_PORT
+  }
+  return "redis://127.0.0.1:6379";
+}
+
+module.exports = config;

demo/server/config-prod.js

@@ -0,0 +1,77 @@
+
+
+// Server side application configuration
+var config = {
+  // Application port number
+  "port": process.env.PORT || process.env.FH_PORT || 8001,
+  "morganOptions": null,
+  "logStackTraces": false,
+  // Use this parameter to disable inserting demo data into mongodb
+  "seedDemoData": false,
+  // General security configuration
+  "security": {
+    "adminRole": "admin",
+    "userRole": "user",
+    // Passport.js security configuration
+    "passportjs": {
+      // Passport.js secret for JWT tokens. Provide custom value even for development needs
+      "jwtSecret": "D837131FD17F62CB85FBD5919563086369691F4D42379C3596F811839A8992CBA1FBA88DF243BF2481940F112D339C33283BDFEF29A13612550EDAAAB7B5E061",
+      // Allows to provide custom login page messages
+      "portalLoginPage": {
+        "title": "RainCatcher Portal",
+        "invalidMessage": "Invalid Credentials"
+      },
+    },
+    // Keycloak configuration. Uncomment to enable keycloak integration
+    // "keycloak": {
+    //   "realm": "",
+    //   "bearer-only": true,
+    //   "auth-server-url": "",
+    //   "ssl-required": "",
+    //   "resource": "",
+    //   "use-resource-role-mappings": true
+    // }
+  },
+  "sync": {
+    // Required to handle UI.
+    "customDataHandlers": true
+  },
+  // See bunyan.d.ts/LoggerOptions
+  "bunyanConfig": {
+    "name": "Demo application",
+    "level": "debug"
+  },
+  // Database configuration
+  "mongodb": {
+    "url": getMongoUrl(),
+    "options": {}
+  },
+  // Cache layer configuration
+  "redis": {
+    "url": getRedisUrl()
+  },
+}
+
+function getMongoUrl() {
+  if (process.env.MONGO_CONNECTION_URL) {
+    return process.env.MONGO_CONNECTION_URL
+  }
+  if (process.env.FH_MONGODB_CONN_URL) {
+    // Legacy env variable only to support in house systems
+    return process.env.FH_MONGODB_CONN_URL;
+  }
+  return "mongodb://127.0.0.1:27017/raincatcher";
+}
+
+function getRedisUrl() {
+  if (process.env.REDIS_CONNECTION_URL) {
+    return process.env.REDIS_CONNECTION_URL
+  }
+  // Legacy env variable only to support in house systems
+  if (process.env.FH_REDIS_HOST) {
+    return 'redis://' + process.env.FH_REDIS_HOST + ':' + process.env.FH_REDIS_PORT
+  }
+  return "redis://127.0.0.1:6379";
+}
+
+module.exports = config;

demo/server/src/app.ts

@@ -25,7 +25,7 @@ const config = appConfig.getConfig();
  */
 function getCorsConfig() {
   let corsConfig = {};
-  if (!config.keycloakConfig) {
+  if (!config.security.keycloak) {
     const dynamicOrigin = function(origin: any, callback: (err: Error | null, bool: boolean) => void) {
       callback(null, true);
     };

demo/server/src/index.ts

@@ -12,7 +12,7 @@ import app from './app';
 /**
  * Get port from environment and store in Express.
  */
-const port = process.env.PORT || 8001;
+const port = config.port;
 app.set('port', port);
 
 /**

demo/server/src/modules/datasync/Connector.ts

@@ -13,11 +13,11 @@ process.env.DEBUG = 'fh-mbaas-api:sync';
 // Sync connection options
 const connectOptions: SyncOptions = {
   datasetConfiguration: {
-    mongoDbConnectionUrl: process.env.MONGO_CONNECTION_URL || appConfig.getConfig().mongodb.url,
+    mongoDbConnectionUrl:  appConfig.getConfig().mongodb.url,
     mongoDbOptions: appConfig.getConfig().mongodb.options,
-    redisConnectionUrl: process.env.REDIS_CONNECTION_URL || appConfig.getConfig().redis.url
+    redisConnectionUrl: appConfig.getConfig().redis.url
   },
-  globalSyncOptions: { useCache: false }
+  globalSyncOptions: appConfig.getConfig().sync.globalOptions
 };
 
 /**

demo/server/src/modules/index.ts

@@ -41,7 +41,7 @@ export function setupModules(app: express.Express) {
 }
 
 function securitySetup(app: express.Router, sessionOptions?: SessionOptions) {
-  if (config.keycloakConfig) {
+  if (config.security.keycloak) {
     return setupKeycloakSecurity(app);
   } else {
     return setupPassportSecurity(app, sessionOptions);

demo/server/src/modules/keycloak/index.ts

@@ -20,7 +20,7 @@ export class KeycloakSecurity implements EndpointSecurity {
 
     // Create a session store
     const memoryStore = new session.MemoryStore();
-    this.keycloak = new Keycloak({ store: memoryStore }, config.keycloakConfig);
+    this.keycloak = new Keycloak({ store: memoryStore }, config.security.keycloak);
     app.use(this.keycloak.middleware({logout: '/logout'}));
   }
   public protect(role?: string | undefined): express.Handler {

demo/server/src/modules/passport-auth/index.ts

@@ -22,7 +22,7 @@ export function init(router: express.Router, sessionOpts?: SessionOptions) {
     authService.init(router, sessionOpts);
     createPortalRoutes(router, authService, userRepo);
   } else {
-    authService.init(router, sessionOpts, config.jwtSecret);
+    authService.init(router, sessionOpts, config.security.passportjs.jwtSecret);
     createMobileRoutes(router, userRepo, userService);
   }
   return authService;
@@ -37,7 +37,7 @@ function createPortalRoutes(router: express.Router, authService: PassportAuth, u
     }
 
     return res.render('login', {
-      title: config.portalLoginPage.title
+      title: config.security.passportjs.portalLoginPage.title
     });
   });
 
@@ -48,8 +48,9 @@ function createPortalRoutes(router: express.Router, authService: PassportAuth, u
 
   router.get('/loginError', (req: express.Request, res: express.Response) => {
     return res.render('login', {
-      title: config.portalLoginPage.title,
-      message: config.portalLoginPage.invalidMessage});
+      title: config.security.passportjs.portalLoginPage.title,
+      message: config.security.passportjs.portalLoginPage.invalidMessage
+    });
   });
 
   router.get('/user/profile', authService.protect(), (req: express.Request, res: express.Response) => {
@@ -81,9 +82,9 @@ function createMobileRoutes(router: express.Router, userRepo: UserRepository, us
         if (user && userService.validatePassword(user, req.body.password)) {
           const payload = _.clone(user);
           delete payload.password;
-          const secret = config.jwtSecret || PASSPORTCONSTANTS.defaultSecret;
+          const secret = config.security.passportjs.jwtSecret || PASSPORTCONSTANTS.defaultSecret;
           const token = jwt.sign(payload, secret);
-          return res.status(200).json({'token': token, 'profile': user });
+          return res.status(200).json({ 'token': token, 'profile': user });
         }
 
         return res.status(401).send();