All Downloads are FREE. Search and download functionalities are using the official Maven repository.

il.thorium_3.0.7.16.source-code.reference.conf Maven / Gradle / Ivy

app {
  env = Test //Dev, Test, Prod

  #armeria access logs variables
  #https://armeria.dev/docs/server-access-log
  accessLogger.requestProperties = {
    "method" : "%{method}L",
    "path" : "%{path}L",
    "query" : "%{query}L",
    "scheme" : "%{scheme}L",
    "requestLength" : "%{requestLength}L",
    "requestStartTimeMillis" : "%{requestStartTimeMillis}L",
  }
  accessLogger.responseProperties = {
    "method" : "%{method}L",
    "path" : "%{path}L",
    "query" : "%{query}L",
    "scheme" : "%{scheme}L",
    "statusCode" : "%{statusCode}L",
    "responseLength" : "%{responseLength}L",
    "responseStartTimeMillis" : "%{responseStartTimeMillis}L",
  }

  http {

    port = 8080

    # The application context.
    # Must start with /.
    context = "/"

    # The maximum number of accepted HTTP connections
    maxNumConnection = null

    # The maximum allowed length of HTTP content in bytes
    maxRequestLength = 10485760

    # Number of seconds before HTTP request times out, e.g. 10s, 3m, 8h, 10d NB: 0 will disable session timeout
    # Note that if the values doesn't have unit, it will be milliseconds by default.
    requestTimeout = "1m"

    # Cookies configuration
    cookies = {

      # Whether strict cookie parsing should be used. If true, will ignore the entire cookie header if a single invalid
      # cookie is found, otherwise, will just ignore the invalid cookie if an invalid cookie is found. The reason
      # dropping the entire header may be useful is that browsers don't make any attempt to validate cookie values,
      # which may open opportunities for an attacker to trigger some edge case in the parser to steal cookie
      # information. By dropping the entire header, this makes it harder to exploit edge cases.
      strict = true

      # Whether the flash cookie should be secure or not
      secure = false

      # The max age to set on the cookie.
      # If null, the cookie expires when the user closes their browser.
      # An important thing to note, this only sets when the browser will discard the cookie.
      maxAge = null

      # Whether the HTTP only attribute of the cookie should be set to true
      httpOnly = true

      # The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
      # Possible values are "lax" and "strict". If misconfigured it's set to null.
      sameSite = "lax"

      # The cookie path
      # Cookie's path must be set to an appropriate uri
      # Defaults to "/" so cookie will follow to all sub-directories
      # https://www.rfc-editor.org/rfc/rfc6265#section-5.1.4
      path = ${app.http.context}

      # The domain to set on the flash cookie
      # If null, does not set a domain on the flash cookie.
      domain = ${app.http.session.domain}

      # Whether the host-only attribute of the cookie should be set to true
      hostOnly = false

      jwt {
        # The JWT signature algorithm to use on the session cookie
        # uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
        signatureAlgorithm = "HS256"

        # The time after which the session is automatically invalidated.
        # Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
        expiresAfter = null

        # The amount of clock skew to accept between servers when performing date checks
        # If you have NTP or roughtime synchronizing between servers, you can enhance
        # security by tightening this value.
        clockSkew = 5 minutes

        # The claim key under which all user data is stored in the JWT.
        dataClaim = "data"
      }
    }

    # Session configuration
    session = {

      # The cookie name
      cookieName = "APP_SESSION"

      # Whether the secure attribute of the cookie should be set to true
      secure = false

      # The max age to set on the cookie in seconds.
      # If null, the cookie expires when the user closes their browser.
      # An important thing to note, this only sets when the browser will discard the cookie.
      maxAge = null

      # Whether the HTTP only attribute of the cookie should be set to true
      httpOnly = true

      # The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
      # Possible values are "lax" and "strict". If misconfigured it's set to null.
      sameSite = "lax"

      # The domain to set on the session cookie
      # If null, does not set a domain on the session cookie.
      domain = null

      # The session path
      # Must start with /.
      path = ${app.http.context}

      jwt {
        # The JWT signature algorithm to use on the session cookie
        # uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
        signatureAlgorithm = "HS256"

        # The time after which the session is automatically invalidated.
        # Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
        expiresAfter = ${app.http.session.maxAge}

        # The amount of clock skew to accept between servers when performing date checks
        # If you have NTP or roughtime synchronizing between servers, you can enhance
        # security by tightening this value.
        clockSkew = 5 minutes

        # The claim key under which all user data is stored in the JWT.
        dataClaim = "data"
      }
    }
    # #session-configuration

    # Flash configuration
    flash = {
      # The cookie naame
      cookieName = "APP_FLASH"

      # Whether the flash cookie should be secure or not
      secure = false

      # Whether the HTTP only attribute of the cookie should be set to true
      httpOnly = true

      # The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
      # Possible values are "lax" and "strict". If misconfigured it's set to null.
      sameSite = "lax"

      # The flash path
      # Must start with /.
      path = ${app.http.context}

      # The domain to set on the flash cookie
      # If null, does not set a domain on the flash cookie.
      domain = ${app.http.session.domain}

      jwt {
        # The JWT signature algorithm to use on the session cookie
        # uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
        signatureAlgorithm = "HS256"

        # The time after which the session is automatically invalidated.
        # Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
        expiresAfter = null

        # The amount of clock skew to accept between servers when performing date checks
        # If you have NTP or roughtime synchronizing between servers, you can enhance
        # security by tightening this value.
        clockSkew = 5 minutes

        # The claim key under which all user data is stored in the JWT.
        dataClaim = "data"
      }
    }

    # CSRF configuration
    csrf = {
      # The cookie naame
      cookieName = "APP_CSRF_TOKEN"

      # Whether the flash cookie should be secure or not
      secure = false

      # Whether the HTTP only attribute of the cookie should be set to true
      httpOnly = true

      # The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
      # Possible values are "lax" and "strict". If misconfigured it's set to null.
      sameSite = "strict"

      # The csrf path
      # Must start with /.
      path = ${app.http.context}

      # The domain to set on the flash cookie
      # If null, does not set a domain on the flash cookie.
      domain = ${app.http.session.domain}

      jwt {
        # The JWT signature algorithm to use on the session cookie
        # uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
        signatureAlgorithm = "HS256"

        # The time after which the session is automatically invalidated.
        # Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
        expiresAfter = null

        # The amount of clock skew to accept between servers when performing date checks
        # If you have NTP or roughtime synchronizing between servers, you can enhance
        # security by tightening this value.
        clockSkew = 5 minutes

        # The claim key under which all user data is stored in the JWT.
        dataClaim = "data"
      }
      
      # Allow all request with prefixes
      allowPathPrefixes = []
    }


    # Recaptcha configuration
    recaptcha {
      secretKey = "changme"
      siteKey = "changeme"
      tokenName = "g-recaptcha-response"
      timeout=3000
    }

    # Secret configuration
    secret {
      # The application secret. Must be set. A value of "changeme" will cause the application to fail to start in
      # production.
      key = "changeme"

      # The JCE provider to use. If null, uses the platform default.
      provider = null
    }
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy