First round of node-module updates

.eslintrc.json

@@ -10,6 +10,8 @@
  "rules": {
  "no-bitwise": 2,
  "camelcase": 2,
+ "no-prototype-builtins": "warn",
+ "no-redeclare": "warn",
  "curly": [
  2,
  "all"

config/README.md

@@ -95,6 +95,8 @@ Modification of arrays is not support, but non-existing config sub-group (object
 - `config.authentication.jwt.publicKey = './src/server/middleware/auth/EXAMPLE_PRIVATE_KEY'`
  - Public RSA256 key used when evaluating tokens.
 - `config.authentication.jwt.algorithm = 'RS256'`
+ - Allow RSA keys to be smaller than 2048-bits. This should be set to false to avoid warning message at config load.
+- `config.authentication.jwt.allowInsecureKeySizes = true`
  - The algorithm used for encryption (should not be edited w/o changing keys appropriately).
 - `config.authentication.jwt.tokenGenerator = './src/server/middleware/auth/localtokengenerator.js'`
  - Replaceable module for generating tokens in case webgme should not generated new tokens by itself.

config/config.default.js

@@ -43,6 +43,7 @@ var path = require('path'),
  publicKey: path.join(__dirname, '../src/server/middleware/auth/EXAMPLE_PUBLIC_KEY'),
  tokenGenerator: path.join(__dirname, '../src/server/middleware/auth/localtokengenerator.js'),
  algorithm: 'RS256',
+ allowInsecureKeySizes: true,
  // The private key is only needed if using the localtokengenerator
  privateKey: path.join(__dirname, '../src/server/middleware/auth/EXAMPLE_PRIVATE_KEY'),
  logOutUrlField: null,

config/validator.js

@@ -141,6 +141,12 @@ function validateConfig(configOrFileName) {
  assertNumber('config.authentication.jwt.expiresIn', config.authentication.jwt.expiresIn);
  assertString('config.authentication.jwt.privateKey', config.authentication.jwt.privateKey);
  assertString('config.authentication.jwt.publicKey', config.authentication.jwt.publicKey);
+ if (config.authentication.enable && config.authentication.jwt.allowInsecureKeySizes) {
+ console.warn('WARNING! config.authentication.jwt.allowInsecureKeySizes is true by default to avoid breaking ' +
+ 'changes due to: https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9.');
+ console.warn('If you know your RSA key size is 2048 bits or greater you can avoid this warning by setting ' + 
+ 'allowInsecureKeySizes to false.');
+ }
  assertString('config.authentication.jwt.logOutUrlField', config.authentication.jwt.logOutUrlField, true);
  assertArray('config.authentication.publicOrganizations', config.authentication.publicOrganizations);
  config.authentication.publicOrganizations.forEach(function (publicOrg, idx) {

jsdoc_conf.json

@@ -34,7 +34,6 @@
  },
  "opts": {
  "encoding": "utf8",
- "template": "./node_modules/ink-docstrap/template",
  "destination": "./docs/source",
  "recurse": true,
  "readme": "src/docs/main.md"