work on security features, logger, snowflakes, http servers

2023-07-19 22:02:14 -07:00
parent e26ba0297a
commit 13457ec125
25 changed files with 1875 additions and 97 deletions
--- a/conf/00-default.yaml
+++ b/conf/00-default.yaml
@@ -1,5 +1,5 @@
 $schema: ../schemas/config.json
-web:
+http_web:
  address: 0.0.0.0
  port: 8080
  exposed_url: https://me.local.jbrumond.me:8080
@@ -11,7 +11,7 @@ web:
    static_assets: strong
  cache_control:
    static_assets: public, max-age=3600
-metadata:
+http_meta:
  address: 0.0.0.0
  port: 8081
  tls: false
@@ -27,8 +27,29 @@ pkce_cookie:
  name: app_pkce_code
  secure: true
  ttl: 300
+  code_bytes: 48
 session_cookie:
  name: app_session_key
  secure: true
  ttl: 7200
+snowflake_uid:
+  epoch: 1577836800000
+  instance: 0  # todo: This should be populated by a StatefulSet ordinal in k8s; Need to prototype
+storage:
+  engine: file
+argon2:
+  # note: Using the argon2id variant with a time cost of 3 and memory cost 64MiB (65536)
+  # is the recommendation for memory constrained environments, according to RFC 9106. If
+  # running in an environment that has more available memory to use, the preferred
+  # configuration is to instead run with a time cost of 1 and memory cost of 2GiB (2097152).
+  #
+  # see: https://github.com/ranisalt/node-argon2/wiki/Options
+  # see: https://www.rfc-editor.org/rfc/rfc9106.html#section-7.4
+  hash_length: 100
+  time_cost: 3
+  memory_cost: 65536
+  parallelism: 4
+logging:
+  level: info
+  pretty: false