Skip to content

Instantly share code, notes, and snippets.

@digitalwm

digitalwm/gist:4c633005ade41c208dabe3979a6f0a01

Created September 10, 2024 10:42
Show Gist options
  • Save digitalwm/4c633005ade41c208dabe3979a6f0a01 to your computer and use it in GitHub Desktop.
Save digitalwm/4c633005ade41c208dabe3979a6f0a01 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
sharry.restserver {
# This is the base URL this application is deployed to. This is used
# to create absolute URLs and to configure the cookie.
#
# Note: Currently deploying behind a path is not supported. The URL
# should not end in a slash.
base-url = "http://localhost:9090"
# Where the server binds to.
bind {
address = "localhost"
port = 9090
}
file-download {
# For open range requests, use this amount of data when
# responding.
download-chunk-size = "4M"
}
# Configures logging
logging {
# The format for the log messages. Can be one of:
# Json, Logfmt, Fancy or Plain
format = "Fancy"
# The minimum level to log. From lowest to highest:
# Trace, Debug, Info, Warn, Error
minimum-level = "Warn"
# Override the log level of specific loggers
levels = {
"sharry" = "Info"
"org.flywaydb" = "Info"
"binny" = "Info"
"org.http4s" = "Info"
}
}
# The alias-member feature allows to add users to an alias page to
# automatically make all shares that were uploaded through the
# corresponding alias available to all members. This allows to
# search for other users via a http call. If this feature is
# disabled, the rest call to search other users is disabled and the
# form element is removed from the ui.
alias-member-enabled = true
webapp {
# This is shown in the top right corner of the web application
app-name = "Sharry"
# The icon next to the app-name. Needs to be an URL to an image.
app-icon = ""
# The icon next to the app-name when dark mode is enabled.
app-icon-dark = ""
# The login and register pages display a logo image, by default
# the Sharry logo. This can be changed here. It needs to be an URL
# to an image.
app-logo = ""
# The login and register pages display a logo image. This is the
# one used when dark mode is enabled.
app-logo-dark = ""
# This is markdown that is inserted as the footer on each page in
# the ui. If left empty, a link to the project is rendered.
app-footer = ""
# Whether to display the footer on each page in the ui. Set it to
# false to hide it.
app-footer-visible = true
# Chunk size used for one request. The server will re-chunk the
# stream into smaller chunks. But the client can transfer more in
# one requests, resulting in faster uploads.
#
# You might need to adjust this value depending on your setup. A
# higher value usually means faster uploads (if the up-link is
# good enough). It is set rather low by default, because it is a
# safer default.
chunk-size = "10M"
# Number of milliseconds the client should wait before doing a new
# upload attempt after something failed. The length of the array
# denotes the number of retries.
retry-delays = [0, 3000, 6000, 12000, 24000, 48000]
# The login page can display a welcome message that is readable by
# everyone. The text is processed as markdown.
welcome-message = ""
# The ISO-3166-1 code of the default language to use. If a invalid
# code is given (or one where no language is available), it falls
# back to "gb".
default-language = "gb"
# The interval a new authentication token is retrieved. This must
# be at least 30s lower than `backend.auth.session-valid'.
auth-renewal = "4 minutes"
# The initial page to go to after logging in. It can be one of the
# following: home, uploads, share
initial-page = "home"
# The value for the validity that is preselected. Only values that
# are available in the dropdown are possible to specifiy.
default-validity = 7 days
# The inital ui theme to use. Can be either 'light' or 'dark'.
initial-theme = "light"
# When only OAuth (or only Proxy Auth) is configured and only a
# single provider, then the weapp automatically redirects to its
# authentication page skipping the sharry login page. This will
# also disable the logout button, since sharry is not in charge
# anyways.
oauth-auto-redirect = true
# A custom html snippet that is rendered into the html head
# section of the main template. If the value is empty, a default
# section is used for inserting a favicon configuration.
#
# The value is first tried to resolve to a file in the local file
# system. If that is successful, it its content is being inserted
# as utf8 characters. Otherwise the value given here is rendered
# as is into the template!
custom-head = ""
}
backend {
# Authentication is flexible to let Sharry be integrated in other
# environments.
auth {
# The secret for this server that is used to sign the authenicator
# tokens. You can use base64 or hex strings (prefix with b64: and
# hex:, respectively)
server-secret = "hex:caffee"
# How long an authentication token is valid. The web application
# will get a new one periodically.
session-valid = "8 minutes"
#### Login Modules
##
## The following settings configure how users are authenticated.
## There are several ways possible. The simplest is to
## authenticate agains the internal database. But often there is
## already a user management component and sharry can be
## configured to authenticated against other services.
# A fixed login module simply checks the username and password
# agains the information provided here. This only applies if the
# user matches, otherwise the next login module is tried.
fixed {
enabled = false
user = "admin"
password = "admin"
order = 10
}
# The http authentication module sends the username and password
# via a HTTP request and uses the response to indicate success or
# failure.
#
# If the method is POST, the `body' is sent with the request and
# the `content-type' is used.
http {
enabled = false
url = "http://localhost:1234/auth?user={{user}}&password={{pass}}"
method = "POST"
body = ""
content-type = ""
order = 20
}
# Use HTTP Basic authentication. An Authorization header using
# the Basic scheme is created and the request is send to the
# given url. The response body will be ignored, only the status
# is inspected.
http-basic {
enabled = false
url = "http://somehost:2345/path"
method = "GET"
order = 30
}
# The command authentication module runs an external command
# giving it the username and password. The return code indicates
# success or failure.
command {
enabled = false
program = [
"/path/to/someprogram"
"{{user}}"
"{{pass}}"
]
# the return code to consider successful verification
success = 0
order = 40
}
# The internal authentication module checks against the internal
# database.
internal {
enabled = true
order = 50
}
# Uses OAuth2 "Code-Flow" for authentication against a
# configured provider.
#
# A provider (like Github, Google, or Microsoft for example) must be
# configured correctly for this to work. Each element in the array
# results into a button on the login page.
#
# Examples for Github, Google and Microsoft (Azure AD) are provided
# below. You need to setup an “application” to obtain a client_secret
# and client_id.
#
# Details:
# - enabled: allows to toggle it on or off
# - id: a unique id that is part of the url
# - name: a name that is displayed inside the button on the
# login screen
# - icon: a fontawesome icon name for the button
# - authorize-url: the url of the provider where the user can
# login and grant the permission to retrieve the user name
# - token-url: the url used to obtain a bearer token using the
# response from the authentication above. The response from
# the provider must be json or url-form-encdode.
# - user-url: the url to finalyy retrieve user information –
# only JSON responses are supported.
# - user-id-key: the name of the field in the json response
# denoting the user name
# - user-email-key: the name of the field in the json response
# that denotes the users email.
oauth = {
"github" = {
enabled = false
name = "Github"
icon = "fab fa-github"
scope = ""
authorize-url = "https://github.com/login/oauth/authorize"
token-url = "https://github.com/login/oauth/access_token"
user-url = "https://api.github.com/user"
user-id-key = "login"
client-id = "<your client id>"
client-secret = "<your client secret>"
},
"google" = {
enabled = false
name = "Google"
icon = "fab fa-google"
scope = ""
authorize-url = "https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/userinfo.profile"
token-url = "https://oauth2.googleapis.com/token"
user-url = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"
user-id-key = "name"
client-id = "<your client id>"
client-secret = "<your client secret>"
},
"aad" = {
enabled = false
name = "Azure AD"
icon = "fab fa-microsoft"
scope = "openid"
authorize-url = "https://login.microsoftonline.com/<your tenant ID>/oauth2/v2.0/authorize"
token-url = "https://login.microsoftonline.com/<your tenant ID>/oauth2/v2.0/token"
user-url = "https://graph.microsoft.com/oidc/userinfo"
user-id-key = "email"
user-email-key = "email"
client-id = "<your client id>"
client-secret = "<your client secret>"
}
}
# Allows to inspect the request headers for finding already
# authorized user name/email. If enabled and during login the
# request contains these headers, they will be used to
# automatically create accounts.
proxy {
enabled = false
user-header = "X-Valid-User"
email-header = "X-User-Email"
}
}
# The database connection.
#
# By default a H2 file-based database is configured. You can
# provide a postgresql or mariadb connection here. When using H2
# use the PostgreSQL compatibility mode.
jdbc {
url = "jdbc:h2://"${java.io.tmpdir}"/sharry-demo.db;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE"
user = "sa"
password = ""
}
# How files are stored.
files {
# The id of an enabled store from the `stores` array that should
# be used.
default-store = "database"
# A list of possible file stores. Each entry must have a unique
# id. The `type` is one of: default-database, filesystem, s3.
#
# All stores with enabled=false are
# removed from the list. The `default-store` must be enabled.
stores = {
database =
{ enabled = true
type = "default-database"
}
filesystem =
{ enabled = false
type = "file-system"
directory = "/some/directory"
clean-empty-dirs = true
}
minio =
{ enabled = false
type = "s3"
endpoint = "http://localhost:9000"
access-key = "username"
secret-key = "password"
bucket = "sharry"
}
}
# Allows to copy files from one store to the other *before* sharry
# will be available. It is recommended to set the `enabled` flag to
# false afterwards and restart sharry.
#
# Files are only copied, they are *not* removed from the source
# store.
copy-files = {
enable = false
# A key in the `backend.files` config identifying the store to
# copy from.
source = "database"
# A key in the `backend.files` config identifying the store to
# copy the files to.
target = "minio"
# How many files to copy in parallel.
parallel = 2
}
}
# Checksums of uploaded files are computed in the background.
compute-checksum = {
# Setting this to false disables computation of checksums completely.
enable = true
# How many ids to queue at most. If full, uploading blocks until
# elemnts are taken off the queue
capacity = 5000
# How many checksums to compute in parallel, must be > 0. If 1,
# they are computed sequentially.
parallel = 0
# If true, the `parallel` option above is ignored and it will be
# set to the number of available cores - 1 (using 1 for single
# core machines).
use-default = true
}
# Configuration for registering new users at the local database.
# Accounts registered here are checked via the `internal'
# authentication plugin as described above.
signup {
# The mode defines if new users can signup or not. It can have
# three values:
#
# - open: every new user can sign up
# - invite: new users can sign up only if they provide a correct
# invitation key. Invitation keys can be generated by an admin.
# - closed: signing up is disabled.
mode = "open"
# If mode == 'invite', this is the period an invitation token is
# considered valid.
invite-time = "14 days"
# A password that is required when generating invitation keys.
# This is more to protect against accidentally creating
# invitation keys. Generating such keys is only permitted to
# admin users.
invite-password = "generate-invite"
}
share {
# When storing binary data use chunks of this size.
chunk-size = "512K"
# Maximum size of a share.
max-size = "1.5G"
# Maximum validity for uploads
max-validity = 365 days
# Allows additional database checks to be translated into some
# meaningful message to the user.
#
# This config is used when inspecting database error messages.
# If the error message from the database contains the defined
# `native` part, then the server returns a 422 with the error
# messages given here as `message`.
#
# See issue https://github.com/eikek/sharry/issues/255 – the
# example is a virus check via a postgresql extension "snakeoil".
database-domain-checks = {
# Example: This message originates from postgres with an
# enabled snakeoil extension. This extension allows to virus
# check byte arrays. It must be setup such that the `bytea`
# type of the filechunk table is changed to the type
# `safe_bytea`:
#
# CREATE EXTENSION pg_snakeoil;
# CREATE DOMAIN public.safe_bytea as bytea CHECK (not so_is_infected(value));
# ALTER TABLE public.filechunk ALTER COLUMN chunkdata TYPE safe_bytea;
snakeoil = {
enabled = false
native = "domain safe_bytea violates check constraint"
message = "The uploaded file contains a virus!"
}
}
}
cleanup {
# Whether to enable the cleanup job that periodically
# cleans up published, expired shares and expired invites
enabled = true
# The interval for the cleanup job
interval = 14 days
# Time of published shares past expiration to get collected by cleanup job
invalid-age = 7 days
}
mail {
# Enable/Disable the mail feature.
#
# If it is disabled, the server will not send mails, including
# notifications.
#
# If enabled, explicit SMTP settings must be provided.
enabled = false
# The SMTP settings that are used to sent mails with.
smtp {
# Host and port of the SMTP server
host = "localhost"
port = 25
# User credentials to authenticate at the server. If the user
# is empty, mails are sent without authentication.
user = ""
password = ""
# One of: none, starttls, ssl
ssl-type = "starttls"
# In case of self-signed certificates or other problems like
# that, checking certificates can be disabled.
check-certificates = true
# Timeout for mail commands.
timeout = "10 seconds"
# The default mail address used for the `From' field.
#
# If left empty, the e-mail address of the current user is used.
default-from = ""
# When creating mails, the List-Id header is set to this value.
#
# This helps identifying these mails in muas. If it is empty,
# the header is not set.
list-id = "Sharry"
}
templates = {
download = {
subject = "Download ready."
body = """Hello,
there are some files for you to download. Visit this link:
{{{url}}}
{{#password}}
The required password will be sent by other means.
{{/password}}
Greetings,
{{user}} via Sharry
"""
}
alias = {
subject = "Link for Upload"
body = """Hello,
please use the following link to sent files to me:
{{{url}}}
Greetings,
{{user}} via Sharry
"""
}
upload-notify = {
subject = "[Sharry] Files arrived"
body = """Hello {{user}},
there have been files uploaded for you via the alias '{{aliasName}}'.
View it here:
{{{url}}}
Greetings,
Sharry
"""
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment