From 1b8446f34c19f28425da012374b18520a179595d Mon Sep 17 00:00:00 2001 From: Botond Hende Date: Wed, 21 Aug 2024 22:07:00 +0200 Subject: updated settings to new version --- settings.json | 197 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 131 insertions(+), 66 deletions(-) (limited to 'settings.json') diff --git a/settings.json b/settings.json index 2d335e8..495d8e4 100644 --- a/settings.json +++ b/settings.json @@ -236,12 +236,12 @@ "showChat": true, "showLineNumbers": true, "useMonospaceFont": false, - "userName": false, - "userColor": false, + "userName": null, + "userColor": null, "rtl": false, "alwaysShowChat": false, "chatAndUsers": false, - "lang": "en-gb" + "lang": null }, /* @@ -324,14 +324,6 @@ */ "soffice": null, - /* - * Path to the Tidy executable. - * - * Tidy is used to improve the quality of exported pads. - * Setting it to null disables Tidy. - */ - "tidyHtml": null, - /* * Allow import of file types other than the supported ones: * txt, doc, docx, rtf, odt, html & htm @@ -365,6 +357,22 @@ * Settings controlling the session cookie issued by Etherpad. */ "cookie": { + /* + * How often (in milliseconds) the key used to sign the express_sid cookie + * should be rotated. Long rotation intervals reduce signature verification + * overhead (because there are fewer historical keys to check) and database + * load (fewer historical keys to store, and less frequent queries to + * get/update the keys). Short rotation intervals are slightly more secure. + * + * Multiple Etherpad processes sharing the same database (table) is + * supported as long as the clock sync error is significantly less than this + * value. + * + * Key rotation can be disabled (not recommended) by setting this to 0 or + * null, or by disabling session expiration (see sessionLifetime). + */ + "keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s + /* * Value of the SameSite cookie property. "Lax" is recommended unless * Etherpad will be embedded in an iframe from another site, in which case @@ -376,7 +384,51 @@ * significant usability drawbacks vs. "Lax". See * https://stackoverflow.com/q/41841880 for discussion. */ - "sameSite": "Lax" + "sameSite": "Lax", + + /* + * How long (in milliseconds) after navigating away from Etherpad before the + * user is required to log in again. (The express_sid cookie is set to + * expire at time now + sessionLifetime when first created, and its + * expiration time is periodically refreshed to a new now + sessionLifetime + * value.) If requireAuthentication is false then this value does not really + * matter. + * + * The "best" value depends on your users' usage patterns and the amount of + * convenience you desire. A long lifetime is more convenient (users won't + * have to log back in as often) but has some drawbacks: + * - It increases the amount of state kept in the database. + * - It might weaken security somewhat: The cookie expiration is refreshed + * indefinitely without consulting authentication or authorization + * hooks, so once a user has accessed a pad, the user can continue to + * use the pad until the user leaves for longer than sessionLifetime. + * - More historical keys (sessionLifetime / keyRotationInterval) must be + * checked when verifying signatures. + * + * Session lifetime can be set to infinity (not recommended) by setting this + * to null or 0. Note that if the session does not expire, most browsers + * will delete the cookie when the browser exits, but a session record is + * kept in the database forever. + */ + "sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s + + /* + * How long (in milliseconds) before the expiration time of an active user's + * session is refreshed (to now + sessionLifetime). This setting affects the + * following: + * - How often a new session expiration time will be written to the + * database. + * - How often each user's browser will ping the Etherpad server to + * refresh the expiration time of the session cookie. + * + * High values reduce the load on the database and the load from browsers, + * but can shorten the effective session lifetime if Etherpad is restarted + * or the user navigates away. + * + * Automatic session refreshes can be disabled (not recommended) by setting + * this to null. + */ + "sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s }, /* @@ -456,10 +508,27 @@ * follow the section "secure your installation" in README.md */ + /* + "users": { + "admin": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": true + }, + "user": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": false + } + }, + */ + /* * Restrict socket.io transport methods */ - "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "socketTransportProtocols" : ["websocket", "polling"], "socketIo": { /* @@ -469,7 +538,7 @@ * value to work properly, but increasing the value increases susceptibility * to denial of service attacks (malicious clients can exhaust memory). */ - "maxHttpBufferSize": 10000 + "maxHttpBufferSize": 50000 }, /* @@ -518,6 +587,13 @@ */ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 + /* + The authentication method used by the server. + The default value is sso + If you want to use the old authentication system, change this to apikey + */ + "authenticationMethod": "${AUTHENTICATION_METHOD:sso}", + /* * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * @@ -534,7 +610,6 @@ "points": 10 }, - /* * Toolbar buttons configuration. * @@ -574,62 +649,52 @@ */ "loglevel": "INFO", - /* - * Logging configuration. See log4js documentation for further information: - * https://github.com/nomiddlename/log4js-node + /* + * The log layout type to use. * - * You can add as many appenders as you want here. + * Valid values: basic, colored */ - "logconfig" : - { "appenders": [ - { "type": "console" - //, "category": "access"// only logs pad access - } - - /* - , { "type": "file" - , "filename": "your-log-file-here.log" - , "maxLogSize": 1024 - , "backups": 3 // how many log files there're gonna be at max - //, "category": "test" // only log a specific category - } - */ - - /* - , { "type": "logLevelFilter" - , "level": "warn" // filters out all log messages that have a lower level than "error" - , "appender": - { Use whatever appender you want here } - } - */ - - /* - , { "type": "logLevelFilter" - , "level": "error" // filters out all log messages that have a lower level than "error" - , "appender": - { "type": "smtp" - , "subject": "An error occurred in your EPL instance!" - , "recipients": "bar@blurdybloop.com, baz@blurdybloop.com" - , "sendInterval": 300 // 60 * 5 = 5 minutes -- will buffer log messages; set to 0 to send a mail for every message - , "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods - "host": "smtp.example.com", "port": 465, - "secureConnection": true, - "auth": { - "user": "foo@example.com", - "pass": "bar_foo" - } - } - } - } - */ - - ] - }, // logconfig + "logLayoutType": "colored", /* Override any strings found in locale directories */ "customLocaleStrings": {}, /* Disable Admin UI tests */ - "enableAdminUITests": false + "enableAdminUITests": false, + + /* + * Enable/Disable case-insensitive pad names. + */ + "lowerCasePadIds": false, + + "sso": { + "issuer": "${SSO_ISSUER:http://localhost:9001}", + "clients": [ + { + "client_id": "${ADMIN_CLIENT:admin_client}", + "client_secret": "${ADMIN_SECRET:admin}", + "grant_types": ["authorization_code"], + "response_types": ["code"], + "redirect_uris": ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"] + }, + { + "client_id": "${USER_CLIENT:user_client}", + "client_secret": "${USER_SECRET:user}", + "grant_types": ["authorization_code"], + "response_types": ["code"], + "redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"] + } + ] + } + + /* Set the time to live for the tokens + This is the time of seconds a user is logged into Etherpad + "ttl": { + "AccessToken": 3600, + "AuthorizationCode": 600, + "ClientCredentials": 3600, + "IdToken": 3600, + "RefreshToken": 86400 + } + */ } - -- cgit v1.2.3-70-g09d2