mirror of
https://github.com/immich-app/immich
synced 2025-11-07 17:27:20 +00:00
32 lines
1.4 KiB
TypeScript
32 lines
1.4 KiB
TypeScript
import { Logger } from '@nestjs/common';
|
|
import { ConfigModuleOptions } from '@nestjs/config';
|
|
import Joi from 'joi';
|
|
import { createSecretKey, generateKeySync } from 'node:crypto';
|
|
|
|
const jwtSecretValidator: Joi.CustomValidator<string> = (value) => {
|
|
const key = createSecretKey(value, 'base64');
|
|
const keySizeBits = (key.symmetricKeySize ?? 0) * 8;
|
|
|
|
if (keySizeBits < 128) {
|
|
const newKey = generateKeySync('hmac', { length: 256 }).export().toString('base64');
|
|
Logger.warn('The current JWT_SECRET key is insecure. It should be at least 128 bits long!');
|
|
Logger.warn(`Here is a new, securely generated key that you can use instead: ${newKey}`);
|
|
}
|
|
|
|
return value;
|
|
};
|
|
|
|
export const immichAppConfig: ConfigModuleOptions = {
|
|
envFilePath: '.env',
|
|
isGlobal: true,
|
|
validationSchema: Joi.object({
|
|
NODE_ENV: Joi.string().required().valid('development', 'production', 'staging').default('development'),
|
|
DB_USERNAME: Joi.string().required(),
|
|
DB_PASSWORD: Joi.string().required(),
|
|
DB_DATABASE_NAME: Joi.string().required(),
|
|
JWT_SECRET: Joi.string().required().custom(jwtSecretValidator),
|
|
DISABLE_REVERSE_GEOCODING: Joi.boolean().optional().valid(true, false).default(false),
|
|
REVERSE_GEOCODING_PRECISION: Joi.number().optional().valid(0, 1, 2, 3).default(3),
|
|
LOG_LEVEL: Joi.string().optional().valid('simple', 'verbose', 'debug', 'log', 'warn', 'error').default('log'),
|
|
}),
|
|
};
|