Refactor: Use @simpleworkjs/conf for configuration
- Replace ENV vars with proper config system - Add conf/ directory with base, development, production, secrets - Add secrets.example.js template - Update .gitignore for secrets.js - Show environment in startup banner
This commit is contained in:
@@ -18,31 +18,27 @@ import { join, dirname } from 'path';
|
||||
import { fileURLToPath } from 'url';
|
||||
import ldap from 'ldapjs';
|
||||
import { v4 as uuidv4 } from 'uuid';
|
||||
import conf from '@simpleworkjs/conf';
|
||||
|
||||
const __dirname = dirname(fileURLToPath(import.meta.url));
|
||||
|
||||
// Configuration
|
||||
// Configuration via @simpleworkjs/conf
|
||||
const CONFIG = {
|
||||
port: process.env.PORT || 3000,
|
||||
gatewayUrl: process.env.OPENCLAW_GATEWAY || 'http://127.0.0.1:18789',
|
||||
gatewayToken: process.env.OPENCLAW_TOKEN || 'a41984619a5f4b9bf9148ab6eb4abca53eb796d046cbbec5',
|
||||
sessionSecret: process.env.SESSION_SECRET || 'openclaw-webui-secret-change-in-production',
|
||||
|
||||
// LDAP Configuration
|
||||
port: conf.server?.port || 3000,
|
||||
gatewayUrl: conf.gateway?.url || 'http://127.0.0.1:18789',
|
||||
gatewayToken: conf.gateway?.token || '',
|
||||
sessionSecret: conf.session?.secret || 'dev-secret',
|
||||
sessionMaxAge: conf.session?.maxAge || 24 * 60 * 60 * 1000,
|
||||
authDisabled: conf.auth?.disabled || false,
|
||||
ldap: {
|
||||
url: process.env.LDAP_URL || 'ldap://localhost:389',
|
||||
baseDN: process.env.LDAP_BASE_DN || 'ou=users,dc=example,dc=com',
|
||||
bindDN: process.env.LDAP_BIND_DN || '',
|
||||
bindPassword: process.env.LDAP_BIND_PASSWORD || '',
|
||||
searchFilter: process.env.LDAP_SEARCH_FILTER || '(uid={{username}})',
|
||||
enabled: process.env.LDAP_ENABLED === 'true'
|
||||
enabled: conf.auth?.ldap?.enabled || false,
|
||||
url: conf.auth?.ldap?.url || 'ldap://localhost:389',
|
||||
baseDN: conf.auth?.ldap?.baseDN || 'ou=users,dc=example,dc=com',
|
||||
bindDN: conf.auth?.ldap?.bindDN || '',
|
||||
bindPassword: conf.auth?.ldap?.bindPassword || '',
|
||||
searchFilter: conf.auth?.ldap?.searchFilter || '(uid={{username}})'
|
||||
},
|
||||
|
||||
// Data paths
|
||||
dataDir: process.env.DATA_DIR || join(__dirname, '../data'),
|
||||
|
||||
// Disable auth for development
|
||||
disableAuth: process.env.DISABLE_AUTH === 'true'
|
||||
dataDir: conf.data?.dir || join(__dirname, '../data')
|
||||
};
|
||||
|
||||
// Ensure data directory exists
|
||||
@@ -65,7 +61,7 @@ app.use(session({
|
||||
saveUninitialized: false,
|
||||
cookie: {
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
maxAge: 24 * 60 * 60 * 1000 // 24 hours
|
||||
maxAge: CONFIG.sessionMaxAge
|
||||
}
|
||||
}));
|
||||
|
||||
@@ -141,7 +137,7 @@ async function authenticateLDAP(username, password) {
|
||||
|
||||
// Check auth status
|
||||
app.get('/api/auth/status', (req, res) => {
|
||||
if (CONFIG.disableAuth) {
|
||||
if (CONFIG.authDisabled) {
|
||||
return res.json({ authenticated: true, user: { username: 'dev-user', displayName: 'Dev User' } });
|
||||
}
|
||||
|
||||
@@ -161,7 +157,7 @@ app.post('/api/auth/login', async (req, res) => {
|
||||
}
|
||||
|
||||
// Development bypass
|
||||
if (CONFIG.disableAuth) {
|
||||
if (CONFIG.authDisabled) {
|
||||
req.session.user = { username, displayName: username };
|
||||
return res.json({ success: true, user: req.session.user });
|
||||
}
|
||||
@@ -190,7 +186,7 @@ app.post('/api/auth/logout', (req, res) => {
|
||||
|
||||
// Auth middleware for protected routes
|
||||
function requireAuth(req, res, next) {
|
||||
if (CONFIG.disableAuth) return next();
|
||||
if (CONFIG.authDisabled) return next();
|
||||
if (!req.session.user) {
|
||||
return res.status(401).json({ error: 'Authentication required' });
|
||||
}
|
||||
@@ -434,12 +430,9 @@ wss.on('connection', (ws, req) => {
|
||||
const gatewayUrl = CONFIG.gatewayUrl.replace('http', 'ws');
|
||||
const gatewayWs = new WebSocket(`${gatewayUrl}/ws`);
|
||||
|
||||
let helloReceived = false;
|
||||
|
||||
gatewayWs.on('open', () => {
|
||||
// Wait for challenge and send connect
|
||||
// Forward client messages to gateway
|
||||
ws.on('message', (data) => {
|
||||
// Forward client messages to gateway
|
||||
gatewayWs.send(data);
|
||||
});
|
||||
});
|
||||
@@ -478,10 +471,12 @@ server.listen(CONFIG.port, () => {
|
||||
╔═══════════════════════════════════════════════════════════╗
|
||||
║ OpenClaw WebUI Server ║
|
||||
╠═══════════════════════════════════════════════════════════╣
|
||||
║ Port: ${CONFIG.port.toString().padEnd(44)}║
|
||||
║ Gateway: ${CONFIG.gatewayUrl.padEnd(44)}║
|
||||
║ LDAP: ${(CONFIG.ldap.enabled ? 'Enabled' : 'Disabled').padEnd(44)}║
|
||||
║ Auth: ${(CONFIG.disableAuth ? 'Disabled (dev mode)' : 'Enabled').padEnd(44)}║
|
||||
║ Environment: ${(conf.environment || 'development').padEnd(43)}║
|
||||
║ Port: ${CONFIG.port.toString().padEnd(43)}║
|
||||
║ Gateway: ${CONFIG.gatewayUrl.padEnd(43)}║
|
||||
║ LDAP: ${(CONFIG.ldap.enabled ? 'Enabled' : 'Disabled').padEnd(43)}║
|
||||
║ Auth: ${(CONFIG.authDisabled ? 'Disabled (dev mode)' : 'Enabled').padEnd(43)}║
|
||||
║ Data: ${CONFIG.dataDir.padEnd(43)}║
|
||||
╚═══════════════════════════════════════════════════════════╝
|
||||
`);
|
||||
});
|
||||
Reference in New Issue
Block a user