mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-11-13 03:35:52 +01:00
a68d247a44
* feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before 😷 * chore: trace log on auth in case we want more output
76 lines
1.9 KiB
YAML
76 lines
1.9 KiB
YAML
#
|
|
# This is the config file used for the docker images.
|
|
# It allows all users to do anything, so don't use it on production systems.
|
|
#
|
|
# Do not configure host and port under `listen` in this file
|
|
# as it will be ignored when using docker.
|
|
# see https://github.com/verdaccio/verdaccio/blob/master/wiki/docker.md#docker-and-custom-port-configuration
|
|
#
|
|
# Look here for more config file examples:
|
|
# https://github.com/verdaccio/verdaccio/tree/master/conf
|
|
#
|
|
|
|
# path to a directory with all packages
|
|
storage: /verdaccio/storage/data
|
|
# path to a directory with plugins to include
|
|
plugins: /verdaccio/plugins
|
|
|
|
web:
|
|
# WebUI is enabled as default, if you want disable it, just uncomment this line
|
|
#enable: false
|
|
title: Verdaccio
|
|
|
|
auth:
|
|
htpasswd:
|
|
file: /verdaccio/storage/htpasswd
|
|
# Maximum amount of users allowed to register, defaults to "+infinity".
|
|
# You can set this to -1 to disable registration.
|
|
#max_users: 1000
|
|
|
|
security:
|
|
api:
|
|
jwt:
|
|
sign:
|
|
expiresIn: 60d
|
|
notBefore: 1
|
|
web:
|
|
sign:
|
|
expiresIn: 7d
|
|
|
|
# a list of other known repositories we can talk to
|
|
uplinks:
|
|
npmjs:
|
|
url: https://registry.npmjs.org/
|
|
|
|
packages:
|
|
'@*/*':
|
|
# scoped packages
|
|
access: $all
|
|
publish: $authenticated
|
|
proxy: npmjs
|
|
|
|
'**':
|
|
# allow all users (including non-authenticated users) to read and
|
|
# publish all packages
|
|
#
|
|
# you can specify usernames/groupnames (depending on your auth plugin)
|
|
# and three keywords: "$all", "$anonymous", "$authenticated"
|
|
access: $all
|
|
|
|
# allow all known users to publish packages
|
|
# (anyone can register by default, remember?)
|
|
publish: $authenticated
|
|
|
|
# if package is not available locally, proxy requests to 'npmjs' registry
|
|
proxy: npmjs
|
|
|
|
# To use `npm audit` uncomment the following section
|
|
middlewares:
|
|
audit:
|
|
enabled: true
|
|
|
|
# log settings
|
|
logs:
|
|
- { type: stdout, format: pretty, level: http }
|
|
#- {type: file, path: verdaccio.log, level: info}
|