immich/server/libs/common/src/config/app.config.ts

import { Logger } from '@nestjs/common';
import { ConfigModuleOptions } from '@nestjs/config';
import Joi from 'joi';
import { createSecretKey, generateKeySync } from 'node:crypto';

const jwtSecretValidator: Joi.CustomValidator<string> = (value) => {
  const key = createSecretKey(value, 'base64');
  const keySizeBits = (key.symmetricKeySize ?? 0) * 8;

  if (keySizeBits < 128) {
    const newKey = generateKeySync('hmac', { length: 256 }).export().toString('base64');
    Logger.warn('The current JWT_SECRET key is insecure. It should be at least 128 bits long!');
    Logger.warn(`Here is a new, securely generated key that you can use instead: ${newKey}`);
  }

  return value;
};

const WHEN_DB_URL_SET = Joi.when('DB_URL', {
  is: Joi.exist(),
  then: Joi.string().optional(),
  otherwise: Joi.string().required(),
});

export const immichAppConfig: ConfigModuleOptions = {
  envFilePath: '.env',
  isGlobal: true,
  validationSchema: Joi.object({
    NODE_ENV: Joi.string().required().valid('development', 'production', 'staging').default('development'),
    DB_USERNAME: WHEN_DB_URL_SET,
    DB_PASSWORD: WHEN_DB_URL_SET,
    DB_DATABASE_NAME: WHEN_DB_URL_SET,
    DB_URL: Joi.string().optional(),
    JWT_SECRET: Joi.string().required().custom(jwtSecretValidator),
    DISABLE_REVERSE_GEOCODING: Joi.boolean().optional().valid(true, false).default(false),
    REVERSE_GEOCODING_PRECISION: Joi.number().optional().valid(0, 1, 2, 3).default(3),
    LOG_LEVEL: Joi.string().optional().valid('simple', 'verbose', 'debug', 'log', 'warn', 'error').default('log'),
  }),
};
Log a warning if JWT_SECRET key does not have enough bits 2022-10-13 21:54:29 +02:00			`import { Logger } from '@nestjs/common';`
Transfer repository from Gitlab 2022-02-03 17:06:44 +01:00			`import { ConfigModuleOptions } from '@nestjs/config';`
			`import Joi from 'joi';`
feat(web) add asset count stats on admin page (#843) 2022-10-23 23:54:54 +02:00			`import { createSecretKey, generateKeySync } from 'node:crypto';`
Log a warning if JWT_SECRET key does not have enough bits 2022-10-13 21:54:29 +02:00
feat(web) add asset count stats on admin page (#843) 2022-10-23 23:54:54 +02:00			`const jwtSecretValidator: Joi.CustomValidator<string> = (value) => {`
			`const key = createSecretKey(value, 'base64');`
			`const keySizeBits = (key.symmetricKeySize ?? 0) * 8;`
Log a warning if JWT_SECRET key does not have enough bits 2022-10-13 21:54:29 +02:00
			`if (keySizeBits < 128) {`
feat(web) add asset count stats on admin page (#843) 2022-10-23 23:54:54 +02:00			`const newKey = generateKeySync('hmac', { length: 256 }).export().toString('base64');`
			`Logger.warn('The current JWT_SECRET key is insecure. It should be at least 128 bits long!');`
			Logger.warn(`Here is a new, securely generated key that you can use instead: ${newKey}`);
Log a warning if JWT_SECRET key does not have enough bits 2022-10-13 21:54:29 +02:00			`}`

			`return value;`
feat(web) add asset count stats on admin page (#843) 2022-10-23 23:54:54 +02:00			`};`
Transfer repository from Gitlab 2022-02-03 17:06:44 +01:00
Allow the use of SSL connections to the postgres database. (#1256) * Allow the use of SSL connections to the postgres database. * Add default SSL false when no env set * Add commented out example of DB_SSL env * Refactor add SSL option into PostgresConnectionOptions * Refactor the database connection to optionally use a URL string instead of the env variables * Refactor the database connection based on feedback * Add dynamic validation around the DB envs * Remove DB_URL from example * Fix rebase * Add back the optional database port in the example * Formatted file correctly * change types to a const to fix tests 2023-01-20 21:27:01 +01:00			`const WHEN_DB_URL_SET = Joi.when('DB_URL', {`
			`is: Joi.exist(),`
			`then: Joi.string().optional(),`
			`otherwise: Joi.string().required(),`
			`});`

Transfer repository from Gitlab 2022-02-03 17:06:44 +01:00			`export const immichAppConfig: ConfigModuleOptions = {`
			`envFilePath: '.env',`
			`isGlobal: true,`
			`validationSchema: Joi.object({`
			`NODE_ENV: Joi.string().required().valid('development', 'production', 'staging').default('development'),`
Allow the use of SSL connections to the postgres database. (#1256) * Allow the use of SSL connections to the postgres database. * Add default SSL false when no env set * Add commented out example of DB_SSL env * Refactor add SSL option into PostgresConnectionOptions * Refactor the database connection to optionally use a URL string instead of the env variables * Refactor the database connection based on feedback * Add dynamic validation around the DB envs * Remove DB_URL from example * Fix rebase * Add back the optional database port in the example * Formatted file correctly * change types to a const to fix tests 2023-01-20 21:27:01 +01:00			`DB_USERNAME: WHEN_DB_URL_SET,`
			`DB_PASSWORD: WHEN_DB_URL_SET,`
			`DB_DATABASE_NAME: WHEN_DB_URL_SET,`
			`DB_URL: Joi.string().optional(),`
Log a warning if JWT_SECRET key does not have enough bits 2022-10-13 21:54:29 +02:00			`JWT_SECRET: Joi.string().required().custom(jwtSecretValidator),`
feat(server) Remove mapbox and use local reverse geocoding (#738) * feat: local reverse geocoding implementation, removes mapbox * Disable non-null tslintrule * Disable non-null tslintrule * Remove tsignore Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2022-09-23 04:50:05 +02:00			`DISABLE_REVERSE_GEOCODING: Joi.boolean().optional().valid(true, false).default(false),`
feat(web) add asset count stats on admin page (#843) 2022-10-23 23:54:54 +02:00			`REVERSE_GEOCODING_PRECISION: Joi.number().optional().valid(0, 1, 2, 3).default(3),`
refactor: logging (#1318) 2023-01-13 15:23:12 +01:00			`LOG_LEVEL: Joi.string().optional().valid('simple', 'verbose', 'debug', 'log', 'warn', 'error').default('log'),`
Transfer repository from Gitlab 2022-02-03 17:06:44 +01:00			`}),`
			`};`