il.thorium_3.0.7.27.source-code.reference.conf Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of thorium_3 Show documentation
Show all versions of thorium_3 Show documentation
Microservices Framework built on top of Armeria, Java 17 and Scala 3
app {
env = Test //Dev, Test, Prod
#armeria access logs variables
#https://armeria.dev/docs/server-access-log
accessLogger.requestProperties = {
"method" : "%{method}L",
"path" : "%{path}L",
"query" : "%{query}L",
"scheme" : "%{scheme}L",
"requestLength" : "%{requestLength}L",
"requestStartTimeMillis" : "%{requestStartTimeMillis}L",
}
accessLogger.responseProperties = {
"method" : "%{method}L",
"path" : "%{path}L",
"query" : "%{query}L",
"scheme" : "%{scheme}L",
"statusCode" : "%{statusCode}L",
"responseLength" : "%{responseLength}L",
"responseStartTimeMillis" : "%{responseStartTimeMillis}L",
}
http {
port = 8080
# The application context.
# Must start with /.
context = "/"
# The maximum number of accepted HTTP connections
maxNumConnection = null
# The maximum allowed length of HTTP content in bytes
maxRequestLength = 10485760
# Number of seconds before HTTP request times out, e.g. 10s, 3m, 8h, 10d NB: 0 will disable session timeout
# Note that if the values doesn't have unit, it will be milliseconds by default.
requestTimeout = "1m"
# Cookies configuration
cookies = {
# Whether strict cookie parsing should be used. If true, will ignore the entire cookie header if a single invalid
# cookie is found, otherwise, will just ignore the invalid cookie if an invalid cookie is found. The reason
# dropping the entire header may be useful is that browsers don't make any attempt to validate cookie values,
# which may open opportunities for an attacker to trigger some edge case in the parser to steal cookie
# information. By dropping the entire header, this makes it harder to exploit edge cases.
strict = true
# Whether the flash cookie should be secure or not
secure = false
# The max age to set on the cookie.
# If null, the cookie expires when the user closes their browser.
# An important thing to note, this only sets when the browser will discard the cookie.
maxAge = null
# Whether the HTTP only attribute of the cookie should be set to true
httpOnly = true
# The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
# Possible values are "lax" and "strict". If misconfigured it's set to null.
sameSite = "lax"
# The cookie path
# Cookie's path must be set to an appropriate uri
# Defaults to "/" so cookie will follow to all sub-directories
# https://www.rfc-editor.org/rfc/rfc6265#section-5.1.4
path = ${app.http.context}
# The domain to set on the flash cookie
# If null, does not set a domain on the flash cookie.
domain = ${app.http.session.domain}
# Whether the host-only attribute of the cookie should be set to true
hostOnly = false
jwt {
# The JWT signature algorithm to use on the session cookie
# uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
signatureAlgorithm = "HS256"
# The time after which the session is automatically invalidated.
# Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
expiresAfter = null
# The amount of clock skew to accept between servers when performing date checks
# If you have NTP or roughtime synchronizing between servers, you can enhance
# security by tightening this value.
clockSkew = 5 minutes
# The claim key under which all user data is stored in the JWT.
dataClaim = "data"
}
}
# Session configuration
session = {
# The cookie name
cookieName = "APP_SESSION"
# Whether the secure attribute of the cookie should be set to true
secure = false
# The max age to set on the cookie in seconds.
# If null, the cookie expires when the user closes their browser.
# An important thing to note, this only sets when the browser will discard the cookie.
maxAge = null
# Whether the HTTP only attribute of the cookie should be set to true
httpOnly = true
# The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
# Possible values are "lax" and "strict". If misconfigured it's set to null.
sameSite = "lax"
# The domain to set on the session cookie
# If null, does not set a domain on the session cookie.
domain = null
# The session path
# Must start with /.
path = ${app.http.context}
jwt {
# The JWT signature algorithm to use on the session cookie
# uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
signatureAlgorithm = "HS256"
# The time after which the session is automatically invalidated.
# Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
expiresAfter = ${app.http.session.maxAge}
# The amount of clock skew to accept between servers when performing date checks
# If you have NTP or roughtime synchronizing between servers, you can enhance
# security by tightening this value.
clockSkew = 5 minutes
# The claim key under which all user data is stored in the JWT.
dataClaim = "data"
}
}
# #session-configuration
# Flash configuration
flash = {
# The cookie naame
cookieName = "APP_FLASH"
# Whether the flash cookie should be secure or not
secure = false
# Whether the HTTP only attribute of the cookie should be set to true
httpOnly = true
# The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
# Possible values are "lax" and "strict". If misconfigured it's set to null.
sameSite = "lax"
# The flash path
# Must start with /.
path = ${app.http.context}
# The domain to set on the flash cookie
# If null, does not set a domain on the flash cookie.
domain = ${app.http.session.domain}
jwt {
# The JWT signature algorithm to use on the session cookie
# uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
signatureAlgorithm = "HS256"
# The time after which the session is automatically invalidated.
# Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
expiresAfter = null
# The amount of clock skew to accept between servers when performing date checks
# If you have NTP or roughtime synchronizing between servers, you can enhance
# security by tightening this value.
clockSkew = 5 minutes
# The claim key under which all user data is stored in the JWT.
dataClaim = "data"
}
}
# CSRF configuration
csrf = {
# The cookie naame
cookieName = "APP_CSRF_TOKEN"
# Whether the flash cookie should be secure or not
secure = false
# Whether the HTTP only attribute of the cookie should be set to true
httpOnly = true
# The value of the SameSite attribute of the cookie. Set to null for no SameSite attribute.
# Possible values are "lax" and "strict". If misconfigured it's set to null.
sameSite = "strict"
# The csrf path
# Must start with /.
path = ${app.http.context}
# The domain to set on the flash cookie
# If null, does not set a domain on the flash cookie.
domain = ${app.http.session.domain}
jwt {
# The JWT signature algorithm to use on the session cookie
# uses 'alg' https://tools.ietf.org/html/rfc7515#section-4.1.1
signatureAlgorithm = "HS256"
# The time after which the session is automatically invalidated.
# Use 'exp' https://tools.ietf.org/html/rfc7519#section-4.1.4
expiresAfter = null
# The amount of clock skew to accept between servers when performing date checks
# If you have NTP or roughtime synchronizing between servers, you can enhance
# security by tightening this value.
clockSkew = 5 minutes
# The claim key under which all user data is stored in the JWT.
dataClaim = "data"
}
# Allow all request with prefixes
allowPathPrefixes = []
}
# Recaptcha configuration
recaptcha {
secretKey = "changme"
siteKey = "changeme"
tokenName = "g-recaptcha-response"
timeout=3000
}
# Secret configuration
secret {
# The application secret. Must be set. A value of "changeme" will cause the application to fail to start in
# production.
key = "changeme"
# The JCE provider to use. If null, uses the platform default.
provider = null
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy