-
Notifications
You must be signed in to change notification settings - Fork 46
/
config.js
96 lines (81 loc) · 2.24 KB
/
config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/env node
const config = {};
// Used only if https is disabled
config.pep_port = 3003;
// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
enabled: false,
cert_file: 'cert/cert.crt',
key_file: 'cert/key.key',
port: 443
};
config.idm = {
host: 'localhost',
port: 3000,
ssl: false
};
config.app = {
host: 'localhost',
port: '3002',
ssl: false // Use true if the app server listens in https
};
config.organizations = {
enabled: false,
header: 'fiware-service'
};
// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
app_id: 'c365f878-a348-4584-8ac4-7e940697e1b6',
username: 'pep_proxy_7f270eda-17ed-4a49-b9fc-2f6f68490782',
password: 'pep_proxy_6a079689-6d4d-466c-bfd9-d2a0af4c6196',
token: {
secret: '' // Secret must be configured in order validate a jwt
},
trusted_apps: []
};
// in seconds
config.cache_time = 300;
// if enabled PEP checks permissions in two ways:
// - With IdM: only allow basic authorization
// - With Authzforce: allow basic and advanced authorization.
// For advanced authorization, you can use custom policy checks by including programatic scripts
// in policies folder. An script template is included there
//
// This is only compatible with oauth2 tokens engine
config.authorization = {
enabled: true,
pdp: 'idm', // idm|iShare|xacml|authzforce
header: undefined, // NGSILD-Tenant|fiware-service
location: {
protocol: 'http',
host: 'localhost',
port: 8080,
path: ''
},
azf: {
custom_policy: undefined // use undefined to default policy checks (HTTP verb + path).
}
};
config.cors = {
origin: '*',
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
preflightContinue: false,
optionsSuccessStatus: 204,
credentials: true
};
config.cluster = {
type: 'manual', // manual|allCPUCores
number: 1
};
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
config.magic_key = undefined;
config.auth_for_nginx = false;
config.error_template = `{
"type": "{{type}}",
"title": "{{title}}",
"detail": "{{message}}"
}`;
config.error_content_type = 'application/json';
module.exports = config;