314 lines
7.6 KiB
JSON
314 lines
7.6 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "./schemas/config.json",
|
|
"title": "Configuration for app service",
|
|
"type": "object",
|
|
"properties": {
|
|
"http_web": {
|
|
"title": "Web Server Config",
|
|
"description": "Configuration for the main HTTP(S) server",
|
|
"type": "object",
|
|
"properties": {
|
|
"address": {
|
|
"title": "Web Listener Address",
|
|
"description": "Address to listen on for inbound connections",
|
|
"type": "string",
|
|
"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
|
|
"default": "0.0.0.0",
|
|
"example": "0.0.0.0"
|
|
},
|
|
"port": {
|
|
"title": "Web Listener Port",
|
|
"description": "Port number to listen on for inbound connections",
|
|
"type": "integer",
|
|
"minimum": 1,
|
|
"maximum": 65535,
|
|
"default": 8080,
|
|
"example": 8080
|
|
},
|
|
"exposed_url": {
|
|
"title": "Web Exposed URL",
|
|
"description": "",
|
|
"type": "string",
|
|
"format": "uri",
|
|
"example": "https://example.com"
|
|
},
|
|
"tls": {
|
|
"title": "Web TLS Config",
|
|
"description": "Configuration for TLS/SSL for the HTTP API",
|
|
"oneOf": [
|
|
{ "type": "boolean", "const": false },
|
|
{
|
|
"type": "object",
|
|
"properties": {
|
|
"key": { },
|
|
"cert": { }
|
|
},
|
|
"required": [
|
|
"key",
|
|
"cert"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"etag": {
|
|
"title": "Web Etag Config",
|
|
"description": "Enables the generation and validation of `Etag` headers",
|
|
"type": "boolean"
|
|
},
|
|
"cache_control": {
|
|
"title": "Web Cache-Control Config",
|
|
"description": "Controls the generation of `Cache-Control` headers. Each request type has a full `Cache-Control` directive string defined",
|
|
"type": "object",
|
|
"properties": {
|
|
"static_assets": { "$ref": "#/$defs/cache_control_directives" }
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"http_meta": {
|
|
"title": "Metadata API Config",
|
|
"description": "Configuration for the secondary metadata HTTP(S) server, used for health checks and other service meta-APIs",
|
|
"type": "object",
|
|
"properties": {
|
|
"address": {
|
|
"description": "Address to listen on for inbound connections",
|
|
"type": "string",
|
|
"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
|
|
"default": "0.0.0.0",
|
|
"example": "0.0.0.0"
|
|
},
|
|
"port": {
|
|
"description": "Port number to listen on for inbound connections",
|
|
"type": "integer",
|
|
"minimum": 1,
|
|
"maximum": 65535,
|
|
"default": 8081,
|
|
"example": 8081
|
|
},
|
|
"tls": {
|
|
"title": "TLS Config",
|
|
"description": "Configuration for TLS/SSL for the HTTP API",
|
|
"oneOf": [
|
|
{ "type": "boolean", "const": false },
|
|
{
|
|
"type": "object",
|
|
"properties": { },
|
|
"required": [ ]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"logging": {
|
|
"title": "Logging Config",
|
|
"description": "Configuration that controls the service's log output",
|
|
"type": "object",
|
|
"properties": {
|
|
"level": {
|
|
"description": "",
|
|
"type": "string",
|
|
"enum": [
|
|
"silent",
|
|
"fatal",
|
|
"error",
|
|
"warn",
|
|
"info",
|
|
"debug",
|
|
"trace"
|
|
]
|
|
},
|
|
"pretty": {
|
|
"title": "",
|
|
"description": "",
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"oidc": {
|
|
"title": "OpenID Connect (OIDC) Config",
|
|
"description": "Configuration for the OpenID Connect (OIDC) provider and client",
|
|
"type": "object",
|
|
"properties": {
|
|
"server_url": {
|
|
"title": "OIDC Server Location",
|
|
"description": "URL pointing to the OIDC provider service",
|
|
"type": "string",
|
|
"format": "uri"
|
|
},
|
|
"signing_algorithm": {
|
|
"title": "",
|
|
"description": "",
|
|
"type": "string",
|
|
"enum": [
|
|
"ES512"
|
|
]
|
|
},
|
|
"client_id": {
|
|
"title": "OAuth2 client ID",
|
|
"description": "",
|
|
"type": "string"
|
|
},
|
|
"client_secret": {
|
|
"allOf": [
|
|
{
|
|
"title": "OAuth2 client secret",
|
|
"description": ""
|
|
},
|
|
{ "$ref": "#/$defs/secret_value" }
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"pkce_cookie": {
|
|
"title": "PKCE Cookie Config",
|
|
"description": "Configuration for the cookie used in the Proof Key for Code Exchange (PKCE) flow",
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"title": "PKCE Cookie Name",
|
|
"description": "The name of the cookie to store the PKCE code in",
|
|
"type": "string",
|
|
"default": "pkce_code"
|
|
},
|
|
"secure": {
|
|
"title": "PKCE Cookie Secure",
|
|
"description": "Sets the `Secure` directive on the PKCE code cookie (this should always be `true` in production)",
|
|
"type": "boolean",
|
|
"default": true
|
|
},
|
|
"ttl": {
|
|
"title": "PKCE Cookie TTL",
|
|
"description": "Time-to-live for the PKCE code cookie (in seconds)",
|
|
"type": "integer",
|
|
"default": 600
|
|
},
|
|
"code_bytes": {
|
|
"title": "PKCE Code Input Bytes",
|
|
"description": "Number of bytes of random data to generate for the verification code (more is stronger, must be in range 32-96)",
|
|
"type": "integer",
|
|
"minimum": 32,
|
|
"maximum": 96,
|
|
"example": 48,
|
|
"default": 48
|
|
}
|
|
}
|
|
},
|
|
"session_cookie": {
|
|
"title": "Session Cookie Config",
|
|
"description": "Configuration for the cookie used in to store login session keys",
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"title": "Session Cookie Name",
|
|
"description": "The name of the cookie to store the session key in",
|
|
"type": "string",
|
|
"default": "pkce_code"
|
|
},
|
|
"secure": {
|
|
"title": "Session Cookie Secure",
|
|
"description": "Sets the `Secure` directive on the session key cookie (this should always be `true` in production)",
|
|
"type": "boolean",
|
|
"default": true
|
|
},
|
|
"ttl": {
|
|
"title": "Session Cookie TTL",
|
|
"description": "Time-to-live for the session key cookie (in seconds)",
|
|
"type": "integer",
|
|
"default": 7200
|
|
},
|
|
"pepper": {
|
|
"allOf": [
|
|
{
|
|
"title": "Session key hashing pepper",
|
|
"description": "Cryptographic 'pepper' (or 'secret salt') value, appended to sessions keys before hashing"
|
|
},
|
|
{ "$ref": "#/$defs/secret_value" }
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"storage": {
|
|
"title": "Storage Config",
|
|
"description": "Configuration for the main application data storage layer",
|
|
"oneOf": [
|
|
{ "$ref": "#/$defs/file_storage_config" },
|
|
{ "$ref": "#/$defs/sqlite3_storage_config" }
|
|
]
|
|
}
|
|
},
|
|
"$defs": {
|
|
"etag_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"none",
|
|
"weak",
|
|
"strong"
|
|
]
|
|
},
|
|
"cache_control_directives": {
|
|
"description": "A full `Cache-Control` directives string",
|
|
"type": "string",
|
|
"example": "public, max-age=3600"
|
|
},
|
|
"file_storage_config": {
|
|
"type": "object",
|
|
"properties": {
|
|
"engine": {
|
|
"type": "string",
|
|
"const": "file"
|
|
}
|
|
},
|
|
"required": [
|
|
"engine"
|
|
]
|
|
},
|
|
"sqlite3_storage_config": {
|
|
"type": "object",
|
|
"properties": {
|
|
"engine": {
|
|
"type": "string",
|
|
"const": "sqlite3"
|
|
},
|
|
"pool_min": {
|
|
"description": "",
|
|
"type": "integer",
|
|
"minimum": 2,
|
|
"maximum": 100
|
|
},
|
|
"pool_max": {
|
|
"description": "",
|
|
"type": "integer",
|
|
"minimum": 2,
|
|
"maximum": 100
|
|
}
|
|
},
|
|
"required": [
|
|
"engine"
|
|
]
|
|
},
|
|
"secret_value": {
|
|
"oneOf": [
|
|
{ "$ref": "#/$defs/env_var" },
|
|
{
|
|
"title": "",
|
|
"description": "",
|
|
"type": "string"
|
|
}
|
|
]
|
|
},
|
|
"env_var": {
|
|
"type": "object",
|
|
"properties": {
|
|
"from_env": {
|
|
"title": "",
|
|
"description": "",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"from_env"
|
|
]
|
|
}
|
|
}
|
|
} |