Config - RelatedTitle/user-account-system GitHub Wiki
Config
This page explains the different config values and how they're used.
In order to use the config, rename the config-example.js file to config.js.
General
config.fqdn: The Fully qualified domain name (FQDN), used for emails and OAuth callback URLs. Ex. https://www.relatedtechnetwork.com No trailing slash. REQUIRED
config.servicename: The service name used in emails. Ex. User Account System/Google/CompanyName REQUIRED
config.usingproxy: Set to true if behind a proxy (Nginx, Cloudflare, etc), false otherwise. REQUIRED
config.port: The port to use for the API. REQUIRED
Rate Limiting OPTIONAL
Rate limiting works by using the array config.ratelimits. This is to allow for dynamically rate limiting certain routes instead of hardcoding them. To add a new rate limit, add a new object to the array with the properties: route, window, and maxrequests. Ex.
config.ratelimits[0] = {
route: "/auth/",
window: 10 * 60 * 1000,
maxrequests: 20,
}
route: The route to rate limit. Ex. /auth/ or /auth/register/
window: The time window in ms for the rate limit. Ex. 600000
maxrequests: The max requests in the time window. Ex. 30
CAPTCHA
config.captcha_secret_bypass_key_enabled: Whether the CAPTCHA bypass key is enabled or not. REQUIRED
config.captcha_secret_bypass_key: A special key that will allow bypassing the CAPTCHA verification. All requests using this key will automatically be treated as if the user had completed the CAPTCHA correctly. Only applies if config.captchasecretbypasskeyenabled is set to true. Ex. SuperSecretCaptchaKey OPTIONAL
config.hcaptcha.enabled: Whether hCaptcha is enabled or not. Ex. true REQUIRED
config.hcaptcha.secret: Your hCaptcha account secret key. Ex. 0x0000000000000000000000000000000000000000 (You can use this key for testing, requests using this secret and the testing response token will be verified automatically) OPTIONAL
config.recaptcha.enabled: Whether reCAPTCHA is enabled or not. Ex. true REQUIRED
config.recaptcha.secret: Your reCAPTCHA secret key. Ex. 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe (You can use this key for testing, all requests with any response token will be verified automatically when using this key) OPTIONAL
Database
config.db.connectionstring: The PostgreSQL connection string used for connecting to the database. Ex. postgres://username:password@hostname:port/database_name] REQUIRED
User
config.user.id_length: The length of the userid. Ex. 10 REQUIRED
config.user.id_alphabet: The characters to use in the userid. Ex. 0123456789 (Use numbers or it won't work properly) REQUIRED
config.user.bcrypt_salt_rounds: The number of salt rounds bcrypt should do. Learn more about salt rounds. Ex. 10 REQUIRED
JWT
config.user.jwt_auth_secret: The secret for JWT auth tokens. Ex. 66*F&y9788#276 REQUIRED
config.user.jwt_email_verification_secret: The secret for email verification tokens. Ex. 3^782N894$33n$ REQUIRED
config.user.jwt_password_reset_secret: The secret for password reset tokens. Ex. %3$3d444X3&673 REQUIRED
config.user.jwt_new_ip_secret: The secret for new IP tokens. Ex. 8P687s9!5&367# REQUIRED
config.user.jwt_access_token_expiration: The JWT access token expiration in seconds. Ex. 3600 (This value should be kept low for security purposes as access tokens can't be revoked) REQUIRED
config.user.jwt_refresh_token_expiration: The JWT refresh token expiration in seconds. Ex. 2678400 (This should be significantly higher than the access token expiration because when this token expires, the user will need to sign in again) REQUIRED
OAuth
config.user.google_client_id: The Google client id (For OAuth). OPTIONAL
config.user.google_client_secret The Google client secret (For OAuth). OPTIONAL
config.user.github_client_id: The GitHub client id (For OAuth). OPTIONAL
config.user.github_client_secret: The GitHub client secret (For OAuth). OPTIONAL
config.user.discord_client_id: The Discord client id (For OAuth). OPTIONAL
config.user.discord_client_secret: The Discord client secret (For OAuth). OPTIONAL
config.user.facebook_client_id: The Facebook client id (For OAuth). OPTIONAL
config.user.facebook_client_secret: The Facebook client secret (For OAuth). OPTIONAL
Regex
config.user.email_regex: The regex that all user emails must match. You can use something like this. REQUIRED
config.user.username_regex: The regex that all usernames must match. Ex. /^(?=.{6,18}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$/ REQUIRED
config.user.password_regex: The regex that all user passwords must match. Ex. /^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).*$/ REQUIRED
Avatar
config.user.avatar.size: The avatar size in pixels. Ex. 200 REQUIRED
config.user.avatar.quality: The quality level to use when processing user avatars, higher values mean higher quality but bigger file size. REQUIRED
config.user.avatar.store_gravatar: Whether to store and serve the Gravatar image ourselves or serve it directly from Gravatar. REQUIRED
config.user.avatar.max_size: Max avatar file size in bytes. REQUIRED
config.user.avatar.storage_location: Where to store the user avatars. (local or s3) REQUIRED
S3
config.user.avatar.s3.access_key: S3 access key. OPTIONAL
config.user.avatar.s3.secret_access_key: S3 secret access key. OPTIONAL
config.user.avatar.s3.bucket: S3 bucket name. OPTIONAL
config.email.send_email Whether to actually send emails or not, useful for testing. REQUIRED
config.email.smtp.hostname: The SMTP hostname. Ex. smtp.example.com OPTIONAL
config.email.smtp.port: The SMTP port. Ex. 465 REQUIRED
config.email.smtp.secure: Learn more here. REQUIRED
config.email.from: Who the email appears to be from. Ex. '"[Cheese]" <[email protected]>' REQUIRED
config.email.smtp.auth.user: The SMTP user's username. Ex. johndoe REQUIRED
config.email.smtp.auth.password: The SMTP user's password. Ex. 123123123 REQUIRED