This repository has been archived by the owner on Sep 19, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 22
/
settings.go
361 lines (309 loc) · 12.2 KB
/
settings.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
package api
// Settings represents environments settings to pull configuration information.
// This may be via environment variables or a specific environment like CloudFoundry.
type Settings interface {
Configure()
Has(string) bool
String(string) string
True(string) bool
Int(string) int
}
const (
// NodeEnv Sets the Node environment to configure the application for a specific uses:
//
// - `test`: used with unit testing and code coverage
// - `development`: for use while developing the application
// - `staging`: environment for various usability tests prior to releasing to production
// - `production`: minify and optimize all possible assets for optimal use
//
// Target: Front-end (web)
// Default: `development`
// Values: `test` | `development` | `staging` | `production`
NodeEnv = "NODE_ENV"
// GolangEnv Sets the Go environment to configure the application for specific uses:
//
// - `test`: used with unit testing and code coverage
// - `development`: for use while developing the application
// - `staging`: environment for various usability tests prior to releasing to production
// - `production`: compiled for production use only minimum required assets (does **not** include test accounts)
//
// Target: Back-end (api)
// Default: `development`
// Values: `test` | `development` | `staging` | `production`
GolangEnv = "GOLANG_ENV"
// LogLevel Log level for the back-end API. The default source for logging will be standard outputs (`stdout` and `stderr`).
//
// Target: Back-end (api)
// Default: `warning`
// Values: `debug` | `info` | `warning` | `error` | `fatal` | `panic`
LogLevel = "LOG_LEVEL"
// LogFile Path to the local file system log file.
//
// Logging to file may be used in conjunction with other logging sources.
//
// Target: Back-end (api)
// Default: *not enabled*
LogFile = "LOG_FILE"
// LogDirectory Path to the local file system log file.
//
// Logging to file may be used in conjunction with other logging sources.
//
// Target: Back-end (api)
// Default: *not enabled*
LogDirectory = "LOG_DIRECTORY"
// LogSyslog Connection string for a `syslog` server such as `udp://logserver:514`. Both TCP and UDP are supported.
//
// Logging to `syslog` may be used in conjunction with other logging sources.
//
// Target: Back-end (api)
// Default: *not enabled*
// Values: `{protocol}://{host}:{port}`
LogSyslog = "LOG_SYSLOG"
// LogSyslogCert Providing a path to the PEM certificate will convert all `syslog` communication to use TLS. Only TCP + TLS is supported making the connection string `tcp://logserver:514`.
//
// Logging to `syslog` may be used in conjunction with other logging sources.
//
// Target: Back-end (api)
// Default: *not enabled*
LogSyslogCert = "LOG_SYSLOG_CERT"
// SessionTimeout Session timeout in minutes. Periods of inactivity falling outside of the threshold will be considered invalid and are required to be re-authenticated.
//
// Target: Back-end (api)
// Default: `15`
SessionTimeout = "SESSION_TIMEOUT"
// APIRedirect Front-end URL for the back-end to redirect responses to. If this value is not set it will redirect to the same server host but on port 80.
//
// Target: Back-end (api)
// Default: `{server_protocol}://{server_host}`
APIRedirect = "API_REDIRECT"
// APIBaseURL Back-end URL for the front-end to direct requests to.
//
// Target: Front-end (web), Back-end (api)
// Default: `{server_protocol}://{server_host}:{server_port}/api`
APIBaseURL = "API_BASE_URL"
// Port Port to use for back-end API.
//
// Target: Back-end (api)
// Default: `3000`
Port = "PORT"
// HashRouting Flag to enable hash routing. This should only be used in scenarios where push state is not an option.
//
// Target: Front-end (web)
// Default: False: *empty*
// Values: True: `1`, False: *empty*
HashRouting = "HASH_ROUTING"
// DbMigrationTarget Target a specific database migration step for example, `20180212130825_account_lock.sql`. By specifying a target then when migrations are ran it will try to step down **or** up until the target is reached. By not providing a value migrations will always attempt to go to the latest version.
//
// Target: Back-end (api)
// Default: *not enabled*
DbMigrationTarget = "DB_MIGRATION_TARGET"
// DatabaseURI PostgreSQL database connection string. If a value is set do no set other database connection information.
//
// Target: Back-end (api)
// Default: *none*
// Values: `postgres://{db-username}:{db-password}@{db-host}:5432/{db-name}`
DatabaseURI = "DATABASE_URI"
// DatabaseUser PostgreSQL database user name.
//
// Target: Back-end (api)
// Default: `postgres`
DatabaseUser = "DATABASE_USER"
// DatabasePassword PostgreSQL database password.
//
// Target: Back-end (api)
// Default: *none*
DatabasePassword = "DATABASE_PASSWORD"
// DatabaseName PostgreSQL database instance name.
//
// Target: Back-end (api)
// Default: `postgres`
DatabaseName = "DATABASE_NAME"
// DatabaseSSLMode The PostgreSQL sslmode to use to connect to the db
//
// Target: Back-end (api)
// Default: `require`
DatabaseSSLMode = "DATABASE_SSLMODE"
// TestDatabaseName PostgreSQL database instance name for tests
//
// Target: Back-end (api)
// Default: `eapp_test`
TestDatabaseName = "TEST_DATABASE_NAME"
// DatabaseHost PostgreSQL database host name and port.
//
// Target: Back-end (api)
// Default: `localhost:5432`
DatabaseHost = "DATABASE_HOST"
// CORSAllowed Whitelist of address(es) for cross-origin resource sharing (CORS). CORS restricts resources (e.g. fonts, scripts, images) on a web page to be requested from another domain outside of the domain from which it is served.
//
// Examples
//
// | Type | Example |
// | ------------------ | ---------------------------------- |
// | explicit | http://localhost |
// | multiple | http://localhost;https://test\.com |
// | wildcard | * |
// | regular expression | https?://localhost |
//
// Target: Back-end (api)
// Default: *empty*
CORSAllowed = "CORS_ALLOWED"
// CORSMaxAge The number of seconds browsers should cache preflight requests.
//
// Target: Back-end (api)
// Default: `600`
CORSMaxAge = "CORS_MAX_AGE"
// FlushStorage Flag to enable flushing of persisted information for an account during the logon process.
//
// Target: Back-end (api)
// Default: False: *empty*
// Values: True: `1`, False: *empty*
FlushStorage = "FLUSH_STORAGE"
// UspsAPIKey United States Postal Service (USPS) API key for address validation.
//
// Target: Back-end (api)
// Default: *not enabled*
UspsAPIKey = "USPS_API_API_KEY"
// CSRFSecret Random tokens used for CSRF digitally signed using a secret random key of at least 256-bits.
//
// Target: Back-end (api)
// Default: *none*
CSRFSecret = "CSRF_SECRET"
// BasicEnabled Flag to enable basic username and password authentication.
//
// Target: Front-end (web), Back-end (api)
// Default: False: *empty*
// Values: True: `1`, False: *empty*
BasicEnabled = "BASIC_ENABLED"
// SamlEnabled Flag to enable SAML authentication.
//
// Target: Front-end (web), Back-end (api)
// Default: False: *empty*
// Values: True: `1`, False: *empty*
SamlEnabled = "SAML_ENABLED"
// SamlSloEnabled Flag to enable SAML single logout.
//
// Target: Front-end (web), Back-end (api)
// Default: False: *empty*
// Values: True: `1`, False: *empty*
SamlSloEnabled = "SAML_SLO_ENABLED"
// SamlPublicCert File path (absolute or relative) to SAML public certificate.
//
// Target: Back-end (api)
// Default: *not enabled*
SamlPublicCert = "SAML_PUBLIC_CERT"
// SamlPrivateCert File path (absolute or relative) to SAML private certificate.
//
// Target: Back-end (api)
// Default: *not enabled*
SamlPrivateCert = "SAML_PRIVATE_CERT"
// SamlIdpSsoURL Endpoint to SAML 2.0 Single Sign-On (SSO) identity provider. The client will be redirected to this URL to complete the authentication process. This value will be provided by the IdAM configuration settings.
//
// Target: Back-end (api)
// Default: *not enabled*
SamlIdpSsoURL = "SAML_IDP_SSO_URL"
// SamlIdpSsoDescURL The identity provider's issuer URL. This value will be provided by the IdAM configuration settings.
//
// Target: Back-end (api)
// Default: *not enabled*
SamlIdpSsoDescURL = "SAML_IDP_SSO_DESC_URL"
// SamlIdpPublicCert File path (absolute or relative) to identity data provider's public certificate (X.509 PEM) used to verify the authentication response signature. This certificate will be provided by the IdAM solution.
//
// Target: Back-end (api)
// Default: *not enabled*
SamlIdpPublicCert = "SAML_IDP_PUBLIC_CERT"
// SamlSignRequest Flag to enable signing of SAML 2.0 requests.
//
// Target: Back-end (api)
// Default: False: *empty*
// Values: True: `1`, False: *empty*
SamlSignRequest = "SAML_SIGN_REQUEST"
// SamlVerifyInsecure Flag to allow insecure validation of SAML 2.0 responses.
//
// Target: Back-end (api)
// Default: False: *empty*
// Values: True: `1`, False: *empty*
SamlVerifyInsecure = "SAML_VERIFY_INSECURE"
// SamlConsumerServiceURL Endpoint for assertion consumer service. After authentication is completed the customer will be redirected to this endpoint for local processes to verify and handle the response.
//
// Target: Back-end (api)
// Default: `{API_BASE_URL}/auth/saml/callback`
SamlConsumerServiceURL = "SAML_CONSUMER_SERVICE_URL"
// TLSCert File path (absolute or relative) to TLS public certificate (X.509 PEM) certificate for use with the back-end API.
//
// Target: Back-end (api)
// Default: *not enabled*
TLSCert = "TLS_CERT"
// TLSKey File path (absolute or relative) to TLS private key (X.509 PEM) for use the back-end API.
//
// Target: Back-end (api)
// Default: *not enabled*
TLSKey = "TLS_KEY"
// WsEnabled Allows requests to be made to the eqip web service.
//
// Target: Back-end (api)
// Default: *not enabled*
WsEnabled = "WS_ENABLED"
// WsURL The endpoint for the OPM web service used to submit the package for investigation.
//
// Target: Back-end (api)
// Default: *not enabled*
WsURL = "WS_URL"
// WsKey File path to private certificate key (PKCS#8 DER) used to sign security tokens for the OPM web service.
//
// Target: Back-end (api)
// Default: *not enabled*
WsKey = "WS_KEY"
// WsCallerinfoAgencyID Provided by OPM representing the caller's agency.
//
// Target: Back-end (api)
// Default: *empty*
WsCallerinfoAgencyID = "WS_CALLERINFO_AGENCY_ID"
// WsCallerinfoAgencyUserSSN Provided by OPM representing the caller's agency user making the web service call. The value **should not** be a valid SSN.
//
// Target: Back-end (api)
// Default: *empty*
WsCallerinfoAgencyUserSSN = "WS_CALLERINFO_AGENCY_USER_SSN"
// WsCallerinfoAgencyUserPseudossn Flag representing whether or not the caller has an SSN.
//
// Target: Back-end (api)
// Default: *empty*
// Values: True: `1`, False: `0`
WsCallerinfoAgencyUserPseudossn = "WS_CALLERINFO_AGENCY_USER_PSEUDOSSN"
// WsAgencyID Provided by OPM representing the destination agency.
//
// Target: Back-end (api)
// Default: *empty*
WsAgencyID = "WS_AGENCY_ID"
// WsAgencyGroupID Provided by OPM representing the destination agency's group.
//
// Target: Back-end (api)
// Default: *empty*
WsAgencyGroupID = "WS_AGENCY_GROUP_ID"
// AttachmentsEnabled Flag representing whether or not attachments are allowed.
//
// Target: Front-end (web), Back-end (api)
// Default: True: `1`
// Values: True: `1`, False: *empty*
AttachmentsEnabled = "ATTACHMENTS_ENABLED"
// FileMaximumSize Is the maximum file size of an attachment allowed in bytes.
//
// Target: Front-end (web), Back-end (api)
// Default: 5000000
FileMaximumSize = "FILE_MAXIMUM_SIZE"
// FileTypes Allowed file types of an attachment.
//
// Target: Front-end (web), Back-end (api)
// Default: ".tiff;.png;.pdf"
FileTypes = "FILE_TYPES"
// IndentJSON set to indent response JSON.
//
// Target: Back-end (api)
// Default: ""
IndentJSON = "INDENT_JSON"
// DevDisableSSL controls whether to use a cookie with Secure set to false in development.
// Also controls the Strict-Transport-Security header that's set in security_headers.go
//
// Target: Back-end (api)
// Default: ""
DevDisableSSL = "DEV_DISABLE_SSL"
)