Extensions

Remy Lalanne edited this page Nov 6, 2018 · 10 revisions

The extensions give new behaviors to the server: they can extend its api, provide more routes to express, and extend the data model. This page gives a list of the extensions provided in this repository:

The extensions are loaded at startup and are listed in the configuration file conf.json. They are loaded by order of appearance in that file. The extensions are defined using a simple format:

{
    "extensions": {
        "extension_name": {
            "path": "extension_dir/extend.js",
        }
    }
}

enable and conf keys are optional. Omitting them means that the extension is enabled and that it does not need configuration. path and conf can be relative paths or absolute paths:

"aforge": {
    "enable": true,
    "path": "./aforge/aforge.js",
    "conf": {
        "apiKey": "________"
    }
}

es6-polyfills

Provide ES6 polyfills if the code is ran in a NodeJS which is not ES6. (NodeJS v0.10.29 for instance, on older systems)

"es6_polyfills": {
    "enable": true,
    "path": "./extensions/es6_polyfills.js"
}

jwt

Implementation of JSON Web Token RFC7519 for user authentication https://jwt.io/

"jwt": {
    "enable": false,
    "path": "./extensions/auth-jwt-node.js",
    "conf": {
        "required": false,
        "passwordHashAlgorithm": "md5",
        "secret": "webtokensecret",
        "exp": 1440,
        "expressUse": "/api",
        "expressUnless": {
            "path": "/api/signIn"
        }
    }
}
  • passwordHashAlgorithm: algorithm to store passwords on server. sha1 or md5
  • secret: encryption salt string
  • exp: token expiration time in seconds
  • expressUse: path to protect by authentication
  • expressUnless: path to exclude from authentication

See Authentication documentation about this implementation.

  • requires jsonwebtoken express-jwt express-unless crypto cookie-parser
  • new routes: /api/signIn and /api/verify

noauth

Provides basic user verification mechanisms when authentication is disabled.

"noauth": {
    "enable": true,
    "path": "./extensions/auth-none.js"
}
  • new routes: /api/verify

nodemailer

Send email using https://www.npmjs.com/package/nodemailer

"nodemailer": {
    "enable": true,
    "path": "./extensions/nodemailer.js",
    "conf": {
        "transporter":{
            "host": "localhost",
            "port": 25, 
            "secure": false
        },  
        "from": "\"Sender\" <noreply@example.com>"
    }   
}  
  • requires nodemailer
  • no route defined

restricted_keys

Replace keys by default ones if the user class is not in the whitelist. If the new value is defined as null, delete the key from the request

"restricted_keys": {
    "enable": true,
    "path": "./extensions/restricted_keys.js",
    "conf": {
        "whitelist": ["admin"],
        "override": { "active": false, "author": null, "class": null, "time": null, "username": null }
    }
}
  • no route defined

prefer_https

Redirects http calls to https.

"prefer_https": {
    "enable": false,
    "path": "./extensions/prefer_https.js"
}
  • no new route defined

The /.well-known is not redirected, to allow letsencrypt authentication.

static_routes

A list of relative or absolute paths to be served by the server. It contains server resources and possible HTML interfaces.

"static_routes": {
    "enable": true,
    "path": "./extensions/static_routes.js",
    "conf": {
        "routes": {
            "/": "public",
            "/js": "../js",
            "/cli": "../cli",
            "/py": "../py",
            "/api": "public/index.html",
            "/signIn": "extensions/auth_signIn.html"
        }
     }
}

An array as value for a directory means that it will look for a resource in each directory by order of appearance.

  • new routes are defined according to the configuration

user_setup

Lost password procedure using email and token verification.

"user_setup" : { 
    "enable": true,
    "path" : "./extensions/user_setup.js"
}
  • requires crypto
  • new routes: /api/lostPassword /api/changePassword /api/resetPassword
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.