Skip to content

Config

Jump to bottom
RelatedTitle edited this page Sep 30, 2021 · 16 revisions

Config

This page explains the different config values and how they're used.

In order to use the config, rename the config-example.js file to config.js.

General

config.fqdn: The Fully qualified domain name (FQDN), used for emails and OAuth callback URLs. Ex. https://www.relatedtechnetwork.com No trailing slash.

config.servicename: The service name used in emails. Ex. User Account System/Google/CompanyName

config.usingproxy: Set to true if behind a proxy (Nginx, Cloudflare, etc), false otherwise.

Rate Limiting

Rate limiting works by using the array config.ratelimits. This is to allow for dynamically rate limiting certain routes instead of hardcoding them. To add a new rate limit, add a new object to the array with the properties: route, window, and maxrequests. Ex.

config.ratelimits[0] = {
  route: "/auth/",
  window: 10 * 60 * 1000,
  maxrequests: 20,
}

route: The route to rate limit. Ex. /auth/ or /auth/register/

window: The time window in ms for the rate limit. Ex. 600000

maxrequests: The max requests in the time window. Ex. 30

CAPTCHA

config.captcha_secret_bypass_key_enabled Whether the CAPTCHA bypass key is enabled or not.

config.captcha_secret_bypass_key: A special key that will allow bypassing the CAPTCHA verification. All requests using this key will automatically be treated as if the user had completed the CAPTCHA correctly. Only applies if config.captchasecretbypasskeyenabled is set to true. Ex. SuperSecretCaptchaKey

config.hcaptcha.enabled: Whether hCaptcha is enabled or not. Ex. true

config.hcaptcha.secret: Your hCaptcha account secret key. Ex. 0x0000000000000000000000000000000000000000 (You can use this key for testing, requests using this secret and the testing response token will be verified automatically)

config.recaptcha.enabled: Whether reCAPTCHA is enabled or not. Ex. true

config.recaptcha.secret: Your reCAPTCHA secret key. Ex. 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe (You can use this key for testing, all requests with any response token will be verified automatically when using this key)

Database

config.db.connectionstring: The PostgreSQL connection string used for connecting to the database. Ex. postgres://username:password@hostname:port/database_name]

User

config.user.id_length: The length of the userid. Ex. 10

config.user.id_alphabet: The characters to use in the userid. Ex. 0123456789 (Use numbers or it won't work properly)

config.user.bcrypt_salt_rounds: The number of salt rounds bcrypt should do. Learn more about salt rounds. Ex. 10

JWT

config.user.jwt_auth_secret: The secret for JWT auth tokens. Ex. 66*F&y9788#276

config.user.jwt_email_verification_secret: The secret for email verification tokens. Ex. 3^782N894$33n$

config.user.jwt_password_reset_secret: The secret for password reset tokens. Ex. %3$3d444X3&673

config.user.jwt_new_ip_secret: The secret for new IP tokens. Ex. 8P687s9!5&367#

config.user.jwt_access_token_expiration: The JWT access token expiration in seconds. Ex. 3600 (This value should be kept low for security purposes as access tokens can't be revoked)

config.user.jwt_refresh_token_expiration: The JWT refresh token expiration in seconds. Ex. 2678400 (This should be significantly higher than the access token expiration because when this token expires, the user will need to sign in again)

OAuth

config.user.google_client_id: The Google client id (For OAuth).

config.user.google_client_secret The Google client secret (For OAuth).

config.user.github_client_id: The GitHub client id (For OAuth).

config.user.github_client_secret The GitHub client secret (For OAuth).

config.user.discord_client_id: The Discord client id (For OAuth).

config.user.discord_client_secret: The Discord client secret (For OAuth).

config.user.facebook_client_id: The Facebook client id (For OAuth).

config.user.facebook_client_secret: The Facebook client secret (For OAuth).

Regex

config.user.email_regex: The regex that all user emails must match. You can use something like this.

config.user.username_regex: The regex that all usernames must match. Ex. /^(?=.{6,18}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$/

config.user.password_regex: The regex that all user passwords must match. Ex. /^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).*$/

Avatar

config.user.avatar.size The avatar size in pixels. Ex. 200

config.user.avatar.compression_level The compression level to use when processing user avatars.

config.user.avatar.store_gravatar Whether to store and serve the Gravatar image ourselves or serve it directly from Gravatar.

config.user.avatar.max_size Max avatar file size in bytes.

Email

config.email.smtp.hostname: The SMTP hostname. Ex. smtp.example.com

config.email.smtp.port: The SMTP port. Ex. 465

config.email.smtp.secure: Learn more here.

config.email.from: Who the email appears to be from. Ex. '"[Cheese]" <[email protected]>'

config.email.smtp.auth.user: The SMTP user's username. Ex. johndoe

config.email.smtp.auth.password: The SMTP user's password. Ex. 123123123

Trustscore

config.trustscore.emailProvider.Gmail.points: How much a user's trust score should be increased if using a Gmail address. Ex. 25

config.trustscore.emailProvider.Apple.points: How much a user's trust score should be increased if using an Apple address. Ex. 20

config.trustscore.emailProvider.Microsoft.points: How much a user's trust score should be increased if using a Microsoft address. Ex. 15

config.trustscore.emailProvider.Yahoo.points: How much a user's trust score should be increased if using a Yahoo address. Ex. 10

config.trustscore.emailProvider.Protonmail.points: How much a user's trust score should be increased if using a Protonmail address. Ex. 7

config.trustscore.emailProvider.AOL.points: How much a user's trust score should be increased if using an AOL address. Ex. 10

config.trustscore.emailProvider.Yandex.points: How much a user's trust score should be increased if using a Yandex address. Ex. 10

config.trustscore.emailProvider.Education.points: How much a user's trust score should be increased if using an education (domain with .edu TLD) address. Ex. 100

config.trustscore.emailProvider.Government.points: How much a user's trust score should be increased if using a government (domain with .gov TLD) address. Ex. 100

config.trustscore.emailProvider.Disposable.points: How much a user's trust score should be "increased" if using a disposable address. Ex. -15

config.trustscore.emailProvider.Unknown.points: How much a user's trust score should be "increased" if using an unknown provider address. Ex. 0

config.trustscore.completedCaptcha.points: How much a user's trust score should be increased per each completed captcha. Ex. 3

config.trustscore.verifiedEmail.points: How much a user's trust score should be increased per each verified email Ex. 3

(NOT IMPLEMENTED YET)

config.trustscore.ip.residential.points

config.trustscore.ip.vpnproxy.points

config.trustscore.ip.tor.points

config.trustscore.ip.server.points

config.trustscore.accountType.normal.points

config.trustscore.accountType.premium.points

config.trustscore.accountType.organization.points

config.trustscore.verified.points

config.trustscore.contentRemoved

config.trustscore.contentRemoved.points

config.trustscore.contentVerified.points

Clone this wiki locally