Noah Petherbridge
0caf12eb00
* Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
78 lines
2.1 KiB
Go
78 lines
2.1 KiB
Go
// Package config holds some (mostly static) configuration for the app.
|
|
package config
|
|
|
|
import (
|
|
"regexp"
|
|
"time"
|
|
)
|
|
|
|
// Branding
|
|
const (
|
|
Title = "nonshy"
|
|
Subtitle = "A social network for nudists and exhibitionists."
|
|
)
|
|
|
|
// Paths and layouts
|
|
const (
|
|
TemplatePath = "./web/templates"
|
|
StaticPath = "./web/static"
|
|
SettingsPath = "./settings.json"
|
|
|
|
// Web path where photos are kept. Photos in DB store only their filenames, this
|
|
// is the base URL that goes in front. TODO: support setting a CDN URL prefix.
|
|
JpegQuality = 90
|
|
PhotoWebPath = "/static/photos"
|
|
PhotoDiskPath = "./web/static/photos"
|
|
)
|
|
|
|
// Security
|
|
const (
|
|
BcryptCost = 14
|
|
SessionCookieName = "session_id"
|
|
CSRFCookieName = "csrf_token"
|
|
CSRFInputName = "_csrf" // html input name
|
|
SessionCookieMaxAge = 60 * 60 * 24 * 30
|
|
SessionRedisKeyFormat = "session/%s"
|
|
MultipartMaxMemory = 1024 * 1024 * 1024 * 20 // 20 MB
|
|
)
|
|
|
|
// Authentication
|
|
const (
|
|
// Skip the email verification step. The signup page will directly ask for
|
|
// email+username+password rather than only email and needing verification.
|
|
SkipEmailVerification = false
|
|
|
|
SignupTokenRedisKey = "signup-token/%s"
|
|
ResetPasswordRedisKey = "reset-password/%s"
|
|
ChangeEmailRedisKey = "change-email/%s"
|
|
SignupTokenExpires = 24 * time.Hour // used for all tokens so far
|
|
|
|
// Rate limit
|
|
RateLimitRedisKey = "rate-limit/%s/%s" // namespace, id
|
|
LoginRateLimitWindow = 1 * time.Hour
|
|
LoginRateLimit = 10 // 10 failed login attempts = locked for full hour
|
|
LoginRateLimitCooldownAt = 3 // 3 failed attempts = start throttling
|
|
LoginRateLimitCooldown = 30 * time.Second
|
|
|
|
// How frequently to refresh LastLoginAt since sessions are long-lived.
|
|
LastLoginAtCooldown = 8 * time.Hour
|
|
)
|
|
|
|
var (
|
|
UsernameRegexp = regexp.MustCompile(`^[a-z0-9_-]{3,32}$`)
|
|
)
|
|
|
|
// Photo Galleries
|
|
const (
|
|
MaxPhotoWidth = 1280
|
|
ProfilePhotoWidth = 512
|
|
)
|
|
|
|
// Variables set by main.go to make them readily available.
|
|
var (
|
|
RuntimeVersion string
|
|
RuntimeBuild string
|
|
RuntimeBuildDate string
|
|
Debug bool // app is in debug mode
|
|
)
|