diff --git a/README.md b/README.md index 0915ac984..3418cf475 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,174 @@ A docker image may be built using the Dockerfile located in `server` directory. ## Configuration -[CONFIGURATION.md](CONFIGURATION.md) +SQLPad may be configured via environment variables, config file, or command line flags. + +Config file path may be specified passing command line option `--config` or environment variable `SQLPAD_CONFIG`. +For example: + +```sh +node server.js --config ~/.sqlpadrc +``` + +For INI and JSON config file examples, see `config-example.ini` and `config-example.json` in GitHub repository. + +### Version 3 changes + +Previously SQLPad supported a default dbPath of `$HOME/sqlpad/db` and a default config file path of `$HOME/.sqlpadrc`. + +These defaults have been removed in version 3. + +### Config variables + +**admin** +Email address to whitelist/give admin permissions to +Env var: `SQLPAD_ADMIN` + +**allowCsvDownload** +Enable csv and xlsx downloads. +Env var: `SQLPAD_ALLOW_CSV_DOWNLOAD` +Default: `true` + +**baseUrl** +Path to mount sqlpad app following domain. Example, if '/sqlpad' is provided queries page would be mydomain.com/sqlpad/queries +Env var: `SQLPAD_BASE_URL` + +**certPassphrase** +Passphrase for your SSL certification file +Env var: `CERT_PASSPHRASE` + +**certPath** +Absolute path to where SSL certificate is stored +Env var: `CERT_PATH` + +**cookieSecret** +Secret used to sign cookies +Env var: `SQLPAD_COOKIE_SECRET` +Default: `secret-used-to-sign-cookies-please-set-and-make-strong` + +**dbPath** +Directory to store SQLPad embedded database content. This includes queries, users, query result cache files, etc. +Env var: `SQLPAD_DB_PATH` + +**debug** +Add a variety of logging to console while running SQLPad +Env var: `SQLPAD_DEBUG` + +**disableUserpassAuth** +Set to TRUE to disable built-in user authentication. Use to restrict auth to OAuth only. +Env var: `DISABLE_USERPASS_AUTH` + +**editorWordWrap** +Enable word wrapping in SQL editor. +Env var: `SQLPAD_EDITOR_WORD_WRAP` + +**googleClientId** +Google Client ID used for OAuth setup. Authorized redirect URI for sqlpad is '[baseurl]/auth/google/callback' +Env var: `GOOGLE_CLIENT_ID` + +**googleClientSecret** +Google Client Secret used for OAuth setup. Authorized redirect URI for sqlpad is '[baseurl]/auth/google/callback' +Env var: `GOOGLE_CLIENT_SECRET` + +**httpsPort** +Port for SQLPad to listen on. +Env var: `SQLPAD_HTTPS_PORT` +Default: `443` + +**ip** +IP address to bind to. By default SQLPad will listen from all available addresses (0.0.0.0). +Env var: `SQLPAD_IP` +Default: `0.0.0.0` + +**keyPath** +Absolute path to where SSL certificate key is stored +Env var: `KEY_PATH` + +**passphrase** +A string of text used to encrypt sensitive values when stored on disk. +Env var: `SQLPAD_PASSPHRASE` +Default: `At least the sensitive bits won't be plain text?` + +**port** +Port for SQLPad to listen on. +Env var: `SQLPAD_PORT` +Default: `80` + +**publicUrl** +Public URL used for OAuth setup and email links. Protocol expected. Example: https://mysqlpad.com +Env var: `PUBLIC_URL` + +**queryResultMaxRows** +By default query results are limited to 50,000 records. +Env var: `SQLPAD_QUERY_RESULT_MAX_ROWS` +Default: `50000` + +**samlAuthContext** +SAML authentication context URL +Env var: `SAML_AUTH_CONTEXT` + +**samlCallbackUrl** +SAML callback URL +Env var: `SAML_CALLBACK_URL` + +**samlCert** +SAML certificate in Base64 +Env var: `SAML_CERT` + +**samlEntryPoint** +SAML Entry point URL +Env var: `SAML_ENTRY_POINT` + +**samlIssuer** +SAML Issuer +Env var: `SAML_ISSUER` + +**sessionMinutes** +Minutes to keep a session active. Will extended by this amount each request. +Env var: `SQLPAD_SESSION_MINUTES` +Default: `60` + +**slackWebhook** +Supply incoming Slack webhook URL to post query when saved. +Env var: `SQLPAD_SLACK_WEBHOOK` + +**smtpFrom** +From email address for SMTP. Required in order to send invitation emails. +Env var: `SQLPAD_SMTP_FROM` + +**smtpHost** +Host address for SMTP. Required in order to send invitation emails. +Env var: `SQLPAD_SMTP_HOST` + +**smtpPassword** +Password for SMTP. +Env var: `SQLPAD_SMTP_PASSWORD` + +**smtpPort** +Port for SMTP. Required in order to send invitation emails. +Env var: `SQLPAD_SMTP_PORT` + +**smtpSecure** +Toggle to use secure connection when using SMTP. +Env var: `SQLPAD_SMTP_SECURE` +Default: `true` + +**smtpUser** +Username for SMTP. Required in order to send invitation emails. +Env var: `SQLPAD_SMTP_USER` + +**systemdSocket** +Acquire socket from systemd if available +Env var: `SQLPAD_SYSTEMD_SOCKET` + +**tableChartLinksRequireAuth** +When false, table and chart result links will be operational without login. +Env var: `SQLPAD_TABLE_CHART_LINKS_REQUIRE_AUTH` +Default: `true` + +**whitelistedDomains** +Allows pre-approval of email domains. Delimit multiple domains by empty space. +Env var: `WHITELISTED_DOMAINS` ## Development diff --git a/CONFIGURATION.md b/config-example.ini similarity index 53% rename from CONFIGURATION.md rename to config-example.ini index 0208bed56..6b9f58d2d 100644 --- a/CONFIGURATION.md +++ b/config-example.ini @@ -1,143 +1,90 @@ +; Email address to whitelist/give admin permissions to +admin="" -_This file was generated by `scripts/generate-configs.js` using `server/lib/config/configItems.js`._ - -# Configuration - -SQLPad may be configured via environment variables, config file, or command line flag. - -Config file path may be specified passing command line option `--config` or environment variable SQLPAD_CONFIG. -For example: - -```sh -sqlpad --config ~/.sqlpadrc -``` - -Using a config file or environment variables recommended. For list of command line flags run `sqlpad -h`. - -## Version 3 changes - -Previously SQLPad supported a default dbPath of `$HOME/sqlpad/db` and a default config file path of `$HOME/.sqlpadrc`. - -These defaults have been removed in version 3. - -## Environment Variables -```sh -SQLPAD_CONFIG= -SQLPAD_COOKIE_SECRET=secret-used-to-sign-cookies-please-set-and-make-strong -SQLPAD_SESSION_MINUTES=60 -SQLPAD_IP=0.0.0.0 -SQLPAD_PORT=80 -SQLPAD_SYSTEMD_SOCKET=false -SQLPAD_HTTPS_PORT=443 -SQLPAD_DB_PATH= -SQLPAD_BASE_URL= -SQLPAD_PASSPHRASE=At least the sensitive bits won't be plain text? -CERT_PASSPHRASE= -KEY_PATH= -CERT_PATH= -SQLPAD_ADMIN= -SQLPAD_DEBUG=false -GOOGLE_CLIENT_ID= -GOOGLE_CLIENT_SECRET= -PUBLIC_URL= -DISABLE_USERPASS_AUTH=false -SQLPAD_ALLOW_CSV_DOWNLOAD=true -SQLPAD_EDITOR_WORD_WRAP=false -SQLPAD_QUERY_RESULT_MAX_ROWS=50000 -SQLPAD_SLACK_WEBHOOK= -SQLPAD_TABLE_CHART_LINKS_REQUIRE_AUTH=true -SQLPAD_SMTP_FROM= -SQLPAD_SMTP_HOST= -SQLPAD_SMTP_PORT= -SQLPAD_SMTP_SECURE=true -SQLPAD_SMTP_USER= -SQLPAD_SMTP_PASSWORD= -WHITELISTED_DOMAINS= -SAML_ENTRY_POINT= -SAML_ISSUER= -SAML_CALLBACK_URL= -SAML_CERT= -SAML_AUTH_CONTEXT= - -``` - -## INI config -```ini -; Secret used to sign cookies -cookieSecret="secret-used-to-sign-cookies-please-set-and-make-strong" - -; Minutes to keep a session active. Will extended by this amount each request. -sessionMinutes="60" - -; IP address to bind to. By default SQLPad will listen from all available addresses (0.0.0.0). -ip="0.0.0.0" - -; Port for SQLPad to listen on. -port="80" - -; Acquire socket from systemd if available -systemdSocket="false" - -; Port for SQLPad to listen on. -httpsPort="443" - -; Directory to store SQLPad embedded database content. This includes queries, users, query result cache files, etc. -dbPath="" +; Enable csv and xlsx downloads. +allowCsvDownload="true" ; Path to mount sqlpad app following domain. Example, if '/sqlpad' is provided queries page would be mydomain.com/sqlpad/queries baseUrl="" -; A string of text used to encrypt sensitive values when stored on disk. -passphrase="At least the sensitive bits won't be plain text?" - ; Passphrase for your SSL certification file certPassphrase="" -; Absolute path to where SSL certificate key is stored -keyPath="" - ; Absolute path to where SSL certificate is stored certPath="" -; Email address to whitelist/give admin permissions to -admin="" +; Secret used to sign cookies +cookieSecret="secret-used-to-sign-cookies-please-set-and-make-strong" + +; Directory to store SQLPad embedded database content. This includes queries, users, query result cache files, etc. +dbPath="" ; Add a variety of logging to console while running SQLPad debug="false" +; Set to TRUE to disable built-in user authentication. Use to restrict auth to OAuth only. +disableUserpassAuth="false" + +; Enable word wrapping in SQL editor. +editorWordWrap="false" + ; Google Client ID used for OAuth setup. Authorized redirect URI for sqlpad is '[baseurl]/auth/google/callback' googleClientId="" ; Google Client Secret used for OAuth setup. Authorized redirect URI for sqlpad is '[baseurl]/auth/google/callback' googleClientSecret="" -; Public URL used for OAuth setup and email links. Protocol expected. Example: https://mysqlpad.com -publicUrl="" +; Port for SQLPad to listen on. +httpsPort="443" -; Set to TRUE to disable built-in user authentication. Use to restrict auth to OAuth only. -disableUserpassAuth="false" +; IP address to bind to. By default SQLPad will listen from all available addresses (0.0.0.0). +ip="0.0.0.0" -; Enable csv and xlsx downloads. -allowCsvDownload="true" +; Absolute path to where SSL certificate key is stored +keyPath="" -; Enable word wrapping in SQL editor. -editorWordWrap="false" +; A string of text used to encrypt sensitive values when stored on disk. +passphrase="At least the sensitive bits won't be plain text?" + +; Port for SQLPad to listen on. +port="80" + +; Public URL used for OAuth setup and email links. Protocol expected. Example: https://mysqlpad.com +publicUrl="" ; By default query results are limited to 50,000 records. queryResultMaxRows="50000" +; SAML authentication context URL +samlAuthContext="" + +; SAML callback URL +samlCallbackUrl="" + +; SAML certificate in Base64 +samlCert="" + +; SAML Entry point URL +samlEntryPoint="" + +; SAML Issuer +samlIssuer="" + +; Minutes to keep a session active. Will extended by this amount each request. +sessionMinutes="60" + ; Supply incoming Slack webhook URL to post query when saved. slackWebhook="" -; When false, table and chart result links will be operational without login. -tableChartLinksRequireAuth="true" - ; From email address for SMTP. Required in order to send invitation emails. smtpFrom="" ; Host address for SMTP. Required in order to send invitation emails. smtpHost="" +; Password for SMTP. +smtpPassword="" + ; Port for SMTP. Required in order to send invitation emails. smtpPort="" @@ -147,67 +94,12 @@ smtpSecure="true" ; Username for SMTP. Required in order to send invitation emails. smtpUser="" -; Password for SMTP. -smtpPassword="" +; Acquire socket from systemd if available +systemdSocket="false" + +; When false, table and chart result links will be operational without login. +tableChartLinksRequireAuth="true" ; Allows pre-approval of email domains. Delimit multiple domains by empty space. whitelistedDomains="" -; SAML Entry point URL -samlEntryPoint="" - -; SAML Issuer -samlIssuer="" - -; SAML callback URL -samlCallbackUrl="" - -; SAML certificate in Base64 -samlCert="" - -; SAML authentication context URL -samlAuthContext="" - - -``` - -## JSON config -```json -{ - "cookieSecret": "secret-used-to-sign-cookies-please-set-and-make-strong", - "sessionMinutes": 60, - "ip": "0.0.0.0", - "port": 80, - "systemdSocket": false, - "httpsPort": 443, - "dbPath": "", - "baseUrl": "", - "passphrase": "At least the sensitive bits won't be plain text?", - "certPassphrase": "", - "keyPath": "", - "certPath": "", - "admin": "", - "debug": false, - "googleClientId": "", - "googleClientSecret": "", - "publicUrl": "", - "disableUserpassAuth": false, - "allowCsvDownload": true, - "editorWordWrap": false, - "queryResultMaxRows": 50000, - "slackWebhook": "", - "tableChartLinksRequireAuth": true, - "smtpFrom": "", - "smtpHost": "", - "smtpPort": "", - "smtpSecure": true, - "smtpUser": "", - "smtpPassword": "", - "whitelistedDomains": "", - "samlEntryPoint": "", - "samlIssuer": "", - "samlCallbackUrl": "", - "samlCert": "", - "samlAuthContext": "" -} -``` diff --git a/config-example.json b/config-example.json new file mode 100644 index 000000000..0d029937a --- /dev/null +++ b/config-example.json @@ -0,0 +1,37 @@ +{ + "admin": "", + "allowCsvDownload": true, + "baseUrl": "", + "certPassphrase": "", + "certPath": "", + "cookieSecret": "secret-used-to-sign-cookies-please-set-and-make-strong", + "dbPath": "", + "debug": false, + "disableUserpassAuth": false, + "editorWordWrap": false, + "googleClientId": "", + "googleClientSecret": "", + "httpsPort": 443, + "ip": "0.0.0.0", + "keyPath": "", + "passphrase": "At least the sensitive bits won't be plain text?", + "port": 80, + "publicUrl": "", + "queryResultMaxRows": 50000, + "samlAuthContext": "", + "samlCallbackUrl": "", + "samlCert": "", + "samlEntryPoint": "", + "samlIssuer": "", + "sessionMinutes": 60, + "slackWebhook": "", + "smtpFrom": "", + "smtpHost": "", + "smtpPassword": "", + "smtpPort": "", + "smtpSecure": true, + "smtpUser": "", + "systemdSocket": false, + "tableChartLinksRequireAuth": true, + "whitelistedDomains": "" +} diff --git a/scripts/generate-configs.js b/scripts/generate-configs.js deleted file mode 100644 index b3465d99e..000000000 --- a/scripts/generate-configs.js +++ /dev/null @@ -1,61 +0,0 @@ -const fs = require('fs'); -const path = require('path'); -const configItems = require('../server/lib/config/configItems') - -let env = ''; -let json = {}; -let ini = ''; - -configItems.forEach(item => { - env += `${item.envVar}=${item.default}\n` - - if (item.key !== 'config') { - json[item.key] = item.default; - - if (item.description) { - ini += `; ${item.description}\n${item.key}="${item.default}"\n\n` - } else { - ini += `${item.key}="${item.default}"\n` - } - } -}) - -const markdown = ` -_This file was generated by \`scripts/generate-configs.js\` using \`server/lib/config/configItems.js\`._ - -# Configuration - -SQLPad may be configured via environment variables, config file, or command line flag. - -Config file path may be specified passing command line option \`--config\` or environment variable SQLPAD_CONFIG. -For example: - -\`\`\`sh -sqlpad --config ~/.sqlpadrc -\`\`\` - -Using a config file or environment variables recommended. For list of command line flags run \`sqlpad -h\`. - -## Version 3 changes - -Previously SQLPad supported a default dbPath of \`$HOME/sqlpad/db\` and a default config file path of \`$HOME/.sqlpadrc\`. - -These defaults have been removed in version 3. - -## Environment Variables -\`\`\`sh -${env} -\`\`\` - -## INI config -\`\`\`ini -${ini} -\`\`\` - -## JSON config -\`\`\`json -${JSON.stringify(json, null, 2)} -\`\`\` -` - -fs.writeFileSync(path.join(__dirname, '../CONFIGURATION.md'), markdown, { encoding: 'utf8'}) \ No newline at end of file diff --git a/server/lib/config/configItems.js b/server/lib/config/configItems.js index f5b406f52..a8e5abeb7 100644 --- a/server/lib/config/configItems.js +++ b/server/lib/config/configItems.js @@ -2,235 +2,181 @@ const configItems = [ { key: 'config', envVar: 'SQLPAD_CONFIG', - default: '', - description: 'JSON/INI file to read for config' + default: '' }, { key: 'cookieSecret', envVar: 'SQLPAD_COOKIE_SECRET', - default: 'secret-used-to-sign-cookies-please-set-and-make-strong', - description: 'Secret used to sign cookies' + default: 'secret-used-to-sign-cookies-please-set-and-make-strong' }, { key: 'sessionMinutes', envVar: 'SQLPAD_SESSION_MINUTES', - default: 60, - description: - 'Minutes to keep a session active. Will extended by this amount each request.' + default: 60 }, { key: 'ip', envVar: 'SQLPAD_IP', - default: '0.0.0.0', - description: - 'IP address to bind to. By default SQLPad will listen from all available addresses (0.0.0.0).' + default: '0.0.0.0' }, { key: 'port', envVar: 'SQLPAD_PORT', - default: 80, - description: 'Port for SQLPad to listen on.' + default: 80 }, { key: 'systemdSocket', envVar: 'SQLPAD_SYSTEMD_SOCKET', - default: false, - description: 'Acquire socket from systemd if available' + default: false }, { key: 'httpsPort', envVar: 'SQLPAD_HTTPS_PORT', - default: 443, - description: 'Port for SQLPad to listen on.' + default: 443 }, { key: 'dbPath', envVar: 'SQLPAD_DB_PATH', - default: '', - description: - 'Directory to store SQLPad embedded database content. This includes queries, users, query result cache files, etc.' + default: '' }, { key: 'baseUrl', envVar: 'SQLPAD_BASE_URL', - default: '', - description: - "Path to mount sqlpad app following domain. Example, if '/sqlpad' is provided queries page would be mydomain.com/sqlpad/queries" + default: '' }, { key: 'passphrase', envVar: 'SQLPAD_PASSPHRASE', - default: "At least the sensitive bits won't be plain text?", - description: - 'A string of text used to encrypt sensitive values when stored on disk.' + default: "At least the sensitive bits won't be plain text?" }, { key: 'certPassphrase', envVar: 'CERT_PASSPHRASE', - default: '', - description: 'Passphrase for your SSL certification file' + default: '' }, { key: 'keyPath', envVar: 'KEY_PATH', - default: '', - description: 'Absolute path to where SSL certificate key is stored' + default: '' }, { key: 'certPath', envVar: 'CERT_PATH', - default: '', - description: 'Absolute path to where SSL certificate is stored' + default: '' }, { key: 'admin', envVar: 'SQLPAD_ADMIN', - default: '', - description: 'Email address to whitelist/give admin permissions to' + default: '' }, { key: 'debug', envVar: 'SQLPAD_DEBUG', - default: false, - description: 'Add a variety of logging to console while running SQLPad' + default: false }, { key: 'googleClientId', envVar: 'GOOGLE_CLIENT_ID', - description: - "Google Client ID used for OAuth setup. Authorized redirect URI for sqlpad is '[baseurl]/auth/google/callback'", default: '' }, { key: 'googleClientSecret', envVar: 'GOOGLE_CLIENT_SECRET', - description: - "Google Client Secret used for OAuth setup. Authorized redirect URI for sqlpad is '[baseurl]/auth/google/callback'", default: '' }, { key: 'publicUrl', envVar: 'PUBLIC_URL', - description: - 'Public URL used for OAuth setup and email links. Protocol expected. Example: https://mysqlpad.com', default: '' }, { key: 'disableUserpassAuth', envVar: 'DISABLE_USERPASS_AUTH', - description: - 'Set to TRUE to disable built-in user authentication. Use to restrict auth to OAuth only.', default: false }, { key: 'allowCsvDownload', envVar: 'SQLPAD_ALLOW_CSV_DOWNLOAD', - description: 'Enable csv and xlsx downloads.', - options: [true, false], default: true }, { key: 'editorWordWrap', envVar: 'SQLPAD_EDITOR_WORD_WRAP', - description: 'Enable word wrapping in SQL editor.', - options: [true, false], default: false }, { key: 'queryResultMaxRows', envVar: 'SQLPAD_QUERY_RESULT_MAX_ROWS', - description: 'By default query results are limited to 50,000 records.', default: 50000 }, { key: 'slackWebhook', envVar: 'SQLPAD_SLACK_WEBHOOK', - description: 'Supply incoming Slack webhook URL to post query when saved.', default: '' }, { key: 'tableChartLinksRequireAuth', envVar: 'SQLPAD_TABLE_CHART_LINKS_REQUIRE_AUTH', - description: - 'When false, table and chart result links will be operational without login.', - options: [true, false], default: true }, { key: 'smtpFrom', envVar: 'SQLPAD_SMTP_FROM', - description: - 'From email address for SMTP. Required in order to send invitation emails.', default: '' }, { key: 'smtpHost', envVar: 'SQLPAD_SMTP_HOST', - description: - 'Host address for SMTP. Required in order to send invitation emails.', default: '' }, { key: 'smtpPort', envVar: 'SQLPAD_SMTP_PORT', - description: 'Port for SMTP. Required in order to send invitation emails.', default: '' }, { key: 'smtpSecure', envVar: 'SQLPAD_SMTP_SECURE', - options: [true, false], - description: 'Toggle to use secure connection when using SMTP.', default: true }, { key: 'smtpUser', envVar: 'SQLPAD_SMTP_USER', - description: - 'Username for SMTP. Required in order to send invitation emails.', default: '' }, { key: 'smtpPassword', envVar: 'SQLPAD_SMTP_PASSWORD', - description: 'Password for SMTP.', default: '' }, { key: 'whitelistedDomains', envVar: 'WHITELISTED_DOMAINS', - description: - 'Allows pre-approval of email domains. Delimit multiple domains by empty space.', default: '' }, { key: 'samlEntryPoint', envVar: 'SAML_ENTRY_POINT', - description: 'SAML Entry point URL', default: '' }, { key: 'samlIssuer', envVar: 'SAML_ISSUER', - description: 'SAML Issuer', default: '' }, { key: 'samlCallbackUrl', envVar: 'SAML_CALLBACK_URL', - description: 'SAML callback URL', default: '' }, { key: 'samlCert', envVar: 'SAML_CERT', - description: 'SAML certificate in Base64', default: '' }, { key: 'samlAuthContext', envVar: 'SAML_AUTH_CONTEXT', - description: 'SAML authentication context URL', default: '' } ];