
Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
@schul-cloud/commons
Advanced tools
npm install @schul-cloud/commons --save
npm install
npm test
The Configuration
is a singleton that can be reused to hold a configuration that is validated by JSON Schema. A JSON-Schema has to be defined as default.schema.json
inside a config
folder.
The configuration is build by parsing multiple sources in the following order (Last definition overrides definition from before):
default.schema.json
default.json
(values have to be defined here, for properties required in the schema too beside the schema default)NODE_ENV.json
from config folder (defaults to development.json
, if NODE_ENV
is not defined - the file existence is optionally)NODE_ENV
by default, SC_INSTANCE
..env
file from execution/project root directoryThe default schema parser options
"additionalProperties": false
Invalid input values will raise an error by default.
To enable multiple inherited objects when parsing environment variables there may be a dot notation be used. When enabled, this gets applied for export, has, and get too. Currently only __
(double underscore) is supported as separator due to the dependency dotenv and bad support of .
(single dot) in many terminals.
There exist a method printHierarchy()
to print the whole hierarchy of a configuration. For security reasons, by default all values of string typed properties having secret or key in their name will be replaced with a hash-id. Same hashes identify same original values.
Use the naming convention to start secure properties with
SECRET_
in their name and use type string.
Often specific configuration options are required based on the state of other configuration values. These dependencies can be defined using the if/then/else keywords.
In the example below the rule SERVICE_REQUIRES_OTHER
rule is activated in the allOf
block.
The rule itself is defined in the definitions
block.
If the property SERVICE_PROPERTY
is set to VALUE_OF_SERVICE
we also require that OTHER_PROPERTY
is set.
Make sure that a default value is set for SERVICE_PROPERTY
to avoid passing undefined to an if keyword.
default.schema.json
{
"title": "Example Schema with dependency",
"description": "This schema declares a dependency between two properties.",
"additionalProperties": false,
"type": "object",
"properties": {
"SERVICE_PROPERTY": {
"type": "string",
"enum": ["none", "VALUE_OF_SERVICE"],
"default": "none"
},
"OTHER_PROPERTY": {
"type": "string"
}
},
"allOf": [
{
"$ref": "#/definitions/SERVICE_REQUIRES_OTHER"
}
],
"definitions": {
"SERVICE_REQUIRES_OTHER": {
"if": {
"properties": {
"SERVICE_PROPERTY": {
"const": "VALUE_OF_SERVICE"
}
}
},
"then": {
"required": ["OTHER_PROPERTY"]
}
}
}
}
default.json
{
"$schema": "default.schema.json",
"SERVICE_PROPERTY": "VALUE_OF_SERVICE",
"OTHER_PROPERTY": "VALUE"
}
index.js
// Access Configuration as Singleton, using default export
// Initialization is done on first access
// uses IConfigOptions optionally defined in a sc-config.json file
import { Configuration as config } from "@schul-cloud/commons";
// Access configuration as class
// IConfigOptions can be set in constructor options
import { TestConfiguration } from "@schul-cloud/commons";
const config = new TestConfiguration(options);
// Then you may run...
config.has("key");
const before = config.toObject();
// and when the property key has been defined in the schema...
config.get("key");
config.set("key", "value");
// or updating multiple entries
config.update({...});
// suggested for testing only
config.remove("key"); // removes a single key
config.remove("key", "key2", ...); // remove multiple keys
// override the complete config (removes prior values)
config.reset(before);
Option key | Value(s) or Type | default | Description |
---|---|---|---|
logger | any | console | a logger instance |
throwOnError | boolean | true | enable throwing an error when an undefined configuration value is requested |
notFoundValue | any | null | if throwOnError is not set true, an alternate default value may returned |
configDir | string | config | directory where schema and configuration files are located |
schemaFileName | string | default.schema.json | default schema file name |
baseDir | string | process.cwd () | path to folder where configDir is located |
ajvOptions | object | removeAdditional: 'true' useDefaults: true coerceTypes: 'array' | Schema Parser Options, see https://github.com/epoberezkin/ajv#options |
useDotNotation | boolean | true | enables dot notation for parsing environment variables (not json files!) and exporting the current config using has, get, and toObject. |
fileEncoding | string | 'utf8' | set file encoding for imported schema and configuration files |
loadFilesFromEnv | string[] | ['NODE_ENV'] | defines the order of configuration files loaded by specified environment values filename must have json extension like NODE_ENV.json |
printHierarchy | boolean | false | executes printHierarchy() right after initialization |
printSecrets | boolean | false | by default, secrets are replaced by hashes which are equal for same values using printHierarchy function. Set this true to print configuration values of keys containing secret or key . |
secretMatches | string[] | ['SECRET', 'KEY', 'SALT', 'PASSWORD'] | properties matching these expressions (flags added are /gi ) are handled as secrets and will be hashed before printing |
Custom validation keywords may be added to get detailed error messages for specific checks: https://medium.com/@moshfeu/test-json-schema-with-ajv-and-jest-c1d2984234c9
Multiple supported keywords exist in ajv to define dependencies.
FAQs
Helpers and common tools for the hpi school-cloud.
We found that @schul-cloud/commons demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
Product
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
Product
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.