-
Notifications
You must be signed in to change notification settings - Fork 45
/
config.js.template
96 lines (81 loc) · 2.12 KB
/
config.js.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/env node
const config = {};
// Used only if https is disabled
config.pep_port = 80;
// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
enabled: false,
cert_file: 'cert/cert.crt',
key_file: 'cert/key.key',
port: 443,
};
config.idm = {
host: 'localhost',
port: 3000,
ssl: false,
};
config.app = {
host: 'www.fiware.org',
port: '80',
ssl: false, // Use true if the app server listens in https
};
config.organizations = {
enabled: false,
header: 'fiware-service',
};
// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
app_id: '',
username: '',
password: '',
token: {
secret: '', // Secret must be configured in order validate a jwt
},
trusted_apps: [],
};
// in seconds
config.cache_time = 300;
// if enabled PEP checks permissions in two ways:
// - With IdM: only allow basic authorization
// - With Authzforce: allow basic and advanced authorization.
// For advanced authorization, you can use custom policy checks by including programatic scripts
// in policies folder. An script template is included there
//
// This is only compatible with oauth2 tokens engine
config.authorization = {
enabled: false,
pdp: 'idm', // idm|iShare|xacml|authzforce
header: undefined, // NGSILD-Tenant|fiware-service
location: {
protocol: 'http',
host: 'localhost',
port: 8080,
path: ''
},
azf: {
custom_policy: undefined, // use undefined to default policy checks (HTTP verb + path).
},
};
config.cors = {
origin: "*",
methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
preflightContinue: false,
optionsSuccessStatus: 204,
credentials: true
};
config.cluster = {
type: 'manual', // manual|allCPUCores
number: 1
};
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
config.magic_key = undefined;
config.auth_for_nginx = false;
config.error_template = `{
"type": "{{type}}",
"title": "{{title}}",
"detail": "{{message}}"
}`;
config.error_content_type = "application/json";
module.exports = config;