forked from netreconlab/parse-hipaa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.json
419 lines (419 loc) · 23.2 KB
/
app.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
{
"name": "Parse HIPAA Server",
"description": "A Parse API server designed to support ParseCareKit based apps.",
"repository": "https://github.com/netreconlab/parse-hipaa",
"logo": "https://avatars0.githubusercontent.com/u/1294580?v=3&s=200",
"keywords": ["node", "express", "parse", "parse-server", "carekit", "hipaa", "postgres"],
"env": {
"NEW_RELIC_APP_NAME": {
"description": "Name of your Heroku App. Should be the same as \"App name\"",
"required": true
},
"CLUSTER_INSTANCES": {
"description": "The amount of pm2 clusters to deploy, defaults to 4. Currently doesn't work on Heroku, change instances in ecosystem.config.js instead",
"value": "4"
},
"NODE_TLS_REJECT_UNAUTHORIZED": {
"description": "Enable (or disable) rejecting unauthorized certificates (needs to be 0 for redis), defaults to 1.",
"value": "1"
},
"PARSE_DASHBOARD_START": {
"description": "Starts the dashboard, default true.",
"value": "true"
},
"PARSE_DASHBOARD_USERNAMES": {
"description": "Specify the usernames to connect to the dashboard. Multiple usernames should be a list: username1, username2, etc. The list should be the same size as PARSE_DASHBOARD_USER_PASSWORDS",
"required": true
},
"PARSE_DASHBOARD_USER_PASSWORDS": {
"description": "Specify the user passwords to connect to the dashboard. Multiple passwords should be a list: password1, pasword2, etc. The list should be the same size as PARSE_DASHBOARD_USERNAMES. This should be a hash of the password if PARSE_DASHBOARD_USER_PASSWORD_ENCRYPTED=true. Can use a hasher for generating, e.g. https://bcrypt-generator.com.",
"required": true
},
"PARSE_DASHBOARD_USER_PASSWORD_ENCRYPTED": {
"description": "Specify if the user parseword should be encrypted (true) or in plaintext (false).",
"value": "true"
},
"PARSE_DASHBOARD_COOKIE_SESSION_SECRET": {
"description": "The constant cookie session for dashboard.",
"generator": "secret"
},
"PARSE_DASHBOARD_CONFIG": {
"description": "The config file for dashboard.",
"required": false
},
"PARSE_DASHBOARD_ALLOW_INSECURE_HTTP": {
"description": "Specify if insecure http should be allowed.",
"value": "0"
},
"PARSE_DASHBOARD_TRUST_PROXY": {
"description": "Specify the trust proxy setting.",
"required": false
},
"PARSE_DASHBOARD_MOUNT_PATH": {
"description": "The mount path for the dashboard.",
"value": "/dashboard"
},
"PARSE_SERVER_ENABLE": {
"description": "Enable the parse server.",
"value": "true"
},
"PARSE_SERVER_TRUST_PROXY": {
"description": "The trust proxy settings. It is important to understand the exact setup of the reverse proxy, since this setting will trust values provided in the Parse Server API request. See the 'https://expressjs.com/en/guide/behind-proxies.html', express trust proxy settings documentation. Defaults to `true`.",
"value": "true"
},
"PARSE_SERVER_APPLICATION_ID": {
"description": "A unique identifier for your app.",
"generator": "secret"
},
"PARSE_SERVER_PRIMARY_KEY": {
"description": "A key that overrides all permissions. Keep this secret. This is the masterKey on the parse-server",
"generator": "secret"
},
"PARSE_SERVER_READ_ONLY_PRIMARY_KEY": {
"description": "A key that allows read only access. Keep this secret. This is the read-only masterKey on the parse-server",
"generator": "secret"
},
"PARSE_SERVER_PRIMARY_KEY_IPS": {
"description": "Restricts the use of primary key permissions to a list of IP addresses. This option accepts a list of single IP addresses, for example: 10.0.0.1, 10.0.0.2. This is the masterKeyIps on the parse-server.",
"value": "172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.1, ::1"
},
"PARSE_SERVER_URL": {
"description": "Specify URL to connect to your Heroku instance if not https://yourappname.herokuapp.com/parse (update with your app's name + PARSE_SERVER_MOUNT_PATH)",
"required": false
},
"PARSE_SERVER_WEBHOOK_KEY": {
"description": "Key sent with outgoing webhook calls. Keep this secret.",
"generator": "secret"
},
"PARSE_SERVER_PUSH": {
"description": "Configuration for push, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#push-notifications.",
"required": false
},
"PARSE_SERVER_AUTH_PROVIDERS": {
"description": "Configuration for your authentication providers, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication.",
"required": false
},
"PARSE_SERVER_ENABLE_ANON_USERS": {
"description": "Enable (or disable) anonymous users, defaults to true.",
"value": "true"
},
"PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_PUBLIC": {
"description": "Is true if file upload should be allowed for anyone, regardless of user authentication.",
"value": "false"
},
"PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_ANONYMOUS_USER": {
"description": "Is true if file upload should be allowed for anonymous users.",
"value": "true"
},
"PARSE_SERVER_FILE_UPLOAD_ENABLE_FOR_AUTHENTICATED_USER": {
"description": "Is true if file upload should be allowed for authenticated users.",
"value": "true"
},
"PARSE_SERVER_MAX_UPLOAD_SIZE": {
"description": "Max file size for uploads, defaults to 20mb.",
"value": "20mb"
},
"PARSE_SERVER_S3_BUCKET": {
"description": "The name of your S3 Bucket.",
"required": false
},
"PARSE_SERVER_S3_BUCKET_REGION": {
"description": "The region for the S3 Bucket.",
"value": "us-east-2"
},
"PARSE_SERVER_S3_BUCKET_ENCRYPTION": {
"description": "AES256 or aws:kms, or if you do not pass this, encryption won't be done.",
"value": "AES256"
},
"AWS_ACCESS_KEY_ID": {
"description": "The access key to your S3 Bucket.",
"required": false
},
"AWS_SECRET_ACCESS_KEY": {
"description": "The secret access key to your S3 Bucket.",
"required": false
},
"PARSE_SERVER_MOUNT_PATH": {
"description": "Mount path for the server, defaults to /parse.",
"value": "/parse"
},
"PARSE_SERVER_GRAPHQL_PATH": {
"description": "Mount path for the GraphQL endpoint, defaults to /graphql.",
"value": "/graphql"
},
"PARSE_SERVER_ENCRYPTION_KEY": {
"description": "Unique string used for encrypting files stored by parse-hipaa.",
"generator": "secret"
},
"PARSE_SERVER_OBJECT_ID_SIZE": {
"description": "Integer value, parse defaults to 10, 32 is probably better for medical apps and large tables.",
"value": "32"
},
"PARSE_SERVER_START_LIVE_QUERY_SERVER": {
"description": "Starts the liveQuery server, default true.",
"value": "true"
},
"PARSE_SERVER_START_LIVE_QUERY_SERVER_NO_PARSE": {
"description": "Starts the liveQuery server as a standalone server, default false.",
"value": "false"
},
"PARSE_SERVER_RATE_LIMIT": {
"description": "Options to limit repeated requests to Parse Server APIs. This can be used to protect sensitive endpoints such as `/requestPasswordReset` from brute-force attacks or Server as a whole from denial-of-service (DoS) attacks. Mind the following limitations: rate limits applied per IP address; this limits protection against distributed denial-of-service (DDoS) attacks where many requests are coming from various IP addresses; if multiple Parse Server instances are behind a load balancer or ran in a cluster, each instance will calculate it's own request rates, independent from other instances; this limits the applicability of this feature when using a load balancer and another rate limiting solution that takes requests across all instances into account may be more suitable; this feature provides basic protection against DoS attacks, but a more sophisticated solution works earlier in the request flow and prevents a malicious requests to even reach a server instance; it's therefore recommended to implement a solution according to architecture and user case.",
"value": "true"
},
"PARSE_SERVER_RATE_LIMIT_ERROR_RESPONSE_MESSAGE": {
"description": "The error message that should be returned in the body of the HTTP 429 response when the rate limit is hit. Default is `Too many requests.`",
"value": "Too many requests."
},
"PARSE_SERVER_RATE_LIMIT_INCLUDE_INTERNAL_REQUESTS": {
"description": "If `true` the rate limit will also apply to requests that are made in by Cloud Code, default is `false`. Note that a public Cloud Code function that triggers internal requests may circumvent rate limiting and be vulnerable to attacks.",
"value": "false"
},
"PARSE_SERVER_RATE_LIMIT_INCLUDE_PRIMARY_KEY": {
"description": "If `true` the rate limit will also apply to requests using the `primaryKey`, default is `false`. Note that a public Cloud Code function that triggers internal requests using the `primaryKey` may circumvent rate limiting and be vulnerable to attacks.",
"value": "false"
},
"PARSE_SERVER_RATE_LIMIT_REQUEST_COUNT": {
"description": "The number of requests that can be made per IP address within the time window set in `requestTimeWindow` before the rate limit is applied. Defaults to 100.",
"value": "100"
},
"PARSE_SERVER_RATE_LIMIT_REQUEST_TIME_WINDOW": {
"description": "The window of time in milliseconds within which the number of requests set in `requestCount` can be made before the rate limit is applied. Defaults to 600000 or 10 minutes.",
"value": "600000"
},
"PARSE_SERVER_RATE_LIMIT_REQUEST_METHODS": {
"description": "A list of HTTP request methods to which the rate limit should be applied, default is all methods.",
"required": false
},
"PARSE_SERVER_RATE_LIMIT_REQUEST_PATH": {
"description": "The path of the API route to be rate limited. Route paths, in combination with a request method, define the endpoints at which requests can be made. Route paths can be strings, string patterns, or regular expression. See: https://expressjs.com/en/guide/routing.html'. Defaults to '*' which is all paths.",
"value": "*"
},
"PORT": {
"description": "Port for parse-hipaa, default is 1337.",
"value": "1337"
},
"PARSE_SERVER_CLOUD": {
"description": "Path to cloud code, default is /parse/cloud/main.js.",
"value": "/parse-server/cloud/main.js"
},
"PARSE_SERVER_REDIS_URL": {
"description": "Redis cache url. For details, see: https://github.com/redis/node-redis/blob/master/docs/client-configuration.md.",
"required": false
},
"PARSE_SERVER_CACHE_MAX_SIZE": {
"description": "Sets the maximum size for the in memory cache, defaults to 10000.",
"value": "10000"
},
"PARSE_SERVER_CACHE_TTL": {
"description": "Sets the TTL for the in memory cache (in ms), defaults to 5000 (5 seconds).",
"value": "5000"
},
"PARSE_SERVER_MOUNT_GRAPHQL": {
"description": "Enable graphql, default is 'false'.",
"value": "false"
},
"PARSE_SERVER_GRAPH_QLSCHEMA": {
"description": "Full path to your GraphQL custom schema.graphql file.",
"required": false
},
"PARSE_SERVER_MOUNT_PLAYGROUND": {
"description": "Mounts the GraphQL Playground - never use this option in production. Default is 'false'.",
"value": "false"
},
"PARSE_SERVER_PLAYGROUND_PATH": {
"description": "Mount path for the GraphQL Playground, defaults to /playground",
"value": "/playground"
},
"PARSE_SERVER_ALLOW_CLIENT_CLASS_CREATION": {
"description": "Don't allow classes to be created on the client side..",
"value": "false"
},
"PARSE_SERVER_ALLOW_CUSTOM_OBJECTID": {
"description": "Required to be true for ParseCareKit.",
"value": "true"
},
"PARSE_SERVER_DATABASE_ENABLE_SCHEMA_HOOKS": {
"description": "Enables database real-time hooks to update single schema cache. Set to `true` if using multiple Parse Servers instances connected to the same database. Failing to do so will cause a schema change to not propagate to all instances and re-syncing will only happen when the instances restart.",
"value": "true"
},
"PARSE_SERVER_DIRECT_ACCESS": {
"description": "WARNING: Setting to 'true' is known to cause crashes on parse-hipaa running postgres.",
"value": "false"
},
"PARSE_SERVER_ENFORCE_PRIVATE_USERS": {
"description": "Set to 'true' if new users should be created without public read and write access.",
"value": "true"
},
"PARSE_SERVER_ENABLE_IDEMPOTENCY": {
"description": "Enable idempotency on all requests. defaults to false.",
"value": "false"
},
"PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_PATHS": {
"description": "A list of paths for which the feature should be enabled. The mount path must not be included, for example instead of `/parse/functions/myFunction` specifiy `functions/myFunction`. The entries are interpreted as regular expression, for example `functions/.*` matches all functions, `jobs/.*` matches all jobs, `classes/.*` matches all classes, `.*` matches all paths.",
"value": ".*"
},
"PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_TTL": {
"description": "The duration in seconds after which a request record is discarded from the database.",
"value": "300"
},
"PARSE_SERVER_USING_PARSECAREKIT": {
"description": "Set to 'true' when your app is designed for ParseCareKit. Otherwise set to 'false' to use as a general Parse Server.",
"value": "true"
},
"PARSE_SERVER_USING_PARSECAREKIT_AUDIT": {
"description": "Set to 'true' to audit ParseCareKit tables. Note that auditing takes up more space in your database.",
"value": "false"
},
"PARSE_VERBOSE": {
"description": "Enable verbose output on the server.",
"value": "false"
},
"PARSE_SERVER_ALLOW_EXPIRED_AUTH_DATA_TOKEN": {
"description": "Allow a user to log in even if the 3rd party authentication token that was used to sign in to their account has expired. If this is set to false, then the token will be validated every time the user signs in to their account. This refers to the token that is stored in the _User.authData field.",
"value": "true"
},
"PARSE_SERVER_ALLOW_HEADERS": {
"description": "Add headers to Access-Control-Allow-Headers.",
"required": false
},
"PARSE_SERVER_ALLOW_ORIGIN": {
"description": "Sets the origin to Access-Control-Allow-Origin.",
"required": false
},
"PARSE_SERVER_EMAIL_VERIFY_TOKEN_REUSE_IF_VALID": {
"description": "Set to true if a email verification token should be reused in case another token is requested but there is a token that is still valid, i.e. has not expired. This avoids the often observed issue that a user requests multiple emails and does not know which link contains a valid token because each newly generated token would invalidate the previous token.",
"value": "false"
},
"PARSE_SERVER_EXPIRE_INACTIVE_SESSIONS": {
"description": "Sets whether we should expire the inactive sessions, defaults to true. If false, all new sessions are created with no expiration date.",
"value": "true"
},
"PARSE_SERVER_HOST": {
"description": "The host to serve ParseServer on.",
"value": "0.0.0.0"
},
"JSON_LOGS": {
"description": "Log as structured JSON objects.",
"value": "false"
},
"PARSE_SERVER_LOGS_FOLDER": {
"description": "Folder for the logs (defaults to './logs'); set to null to disable file based logging.",
"value": "./logs"
},
"PARSE_SERVER_MAX_LIMIT": {
"description": "Max value for limit option on queries, defaults to unlimited.",
"required": false
},
"PARSE_SERVER_PRESERVE_FILE_NAME": {
"description": "Enable (or disable) the addition of a unique hash to the file names.",
"value": "false"
},
"PARSE_SERVER_REVOKE_SESSION_ON_PASSWORD_RESET": {
"description": "When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions.",
"value": "true"
},
"PARSE_SERVER_SESSION_LENGTH": {
"description": "Session duration, in seconds, defaults to 1 year.",
"value": "31536000"
},
"PARSE_SERVER_VERIFY_USER_EMAILS": {
"description": "Set to true to require users to verify their email address to complete the sign-up process.",
"value": "false"
},
"PARSE_SERVER_EMAIL_VERIFY_TOKEN_VALIDITY_DURATION": {
"description": "Set the validity duration of the email verification token in seconds after which the token expires. The token is used in the link that is set in the email. If the option is not set or set to `undefined`, then the token never expires. For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).",
"value": "86400"
},
"PARSE_SERVER_PREVENT_LOGIN_WITH_UNVERIFIED_EMAIL": {
"description": "Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required. Requires option verifyUserEmails: true",
"value": "false"
},
"PARSE_SERVER_LIVEQUERY_CLASSNAMES": {
"description": "parse-server's LiveQuery classNames. Example: Clock, Contact.",
"value": "Clock"
},
"PARSE_LIVE_QUERY_SERVER_WEBSOCKET_TIMEOUT": {
"description": "Number of milliseconds between ping/pong frames. The WebSocket server sends ping/pong frames to the clients to keep the WebSocket alive. This value defines the interval of the ping/pong frame from the server to clients.",
"value": "10000"
},
"PARSE_LIVE_QUERY_SERVER_CACHE_TIMEOUT": {
"description": "Number in milliseconds. When clients provide the sessionToken to the LiveQuery server, the LiveQuery server will try to fetch its ParseUser's objectId from parse server and store it in the cache. The value defines the duration of the cache. Check the following Security section and our protocol specification for details.",
"value": "5000"
},
"PARSE_SERVER_ACCOUNT_LOCKOUT_DURATION": {
"description": "Set the duration in minutes that a locked-out account remains locked out before automatically becoming unlocked. Valid values are greater than 0 and less than 100000.",
"value": "5"
},
"PARSE_SERVER_ACCOUNT_LOCKOUT_THRESHOLD": {
"description": "Set the number of failed sign-in attempts that will cause a user account to be locked. If the account is locked. The account will unlock after the duration set in the `duration` option has passed and no further login attempts have been made. Valid values are greater than 0 and less than 1000.",
"value": "3"
},
"PARSE_SERVER_ACCOUNT_LOCKOUT_UNLOCK_ON_PASSWORD_RESET": {
"description": "Set to true if the account should be unlocked after a successful password reset. Requires options duration and threshold to be set.",
"value": "false"
},
"PARSE_SERVER_PASSWORD_POLICY_DO_NOT_ALLOW_USERNAME": {
"description": "Set to true to disallow the username as part of the password.",
"value": "false"
},
"PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_AGE": {
"description": "Set the number of days after which a password expires. Login attempts fail if the user does not reset the password before expiration.",
"required": false
},
"PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_HISTORY": {
"description": "Set the number of previous password that will not be allowed to be set as new password. If the option is not set or set to 0, no previous passwords will be considered. Valid values are >= 0 and <= 20.",
"value": "5"
},
"PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_REUSE_IF_VALID": {
"description": "Set to true if a password reset token should be reused in case another token is requested but there is a token that is still valid, i.e. has not expired. This avoids the often observed issue that a user requests multiple emails and does not know which link contains a valid token because each newly generated token would invalidate the previous token.",
"value": "false"
},
"PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_VALIDITY_DURATION": {
"description": "Set the validity duration of the password reset token in seconds after which the token expires. The token is used in the link that is set in the email. After the token expires, the link becomes invalid and a new link has to be sent. If the option is not set or set to `undefined`, then the token never expires. For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).",
"value": "86400"
},
"PARSE_SERVER_PASSWORD_POLICY_VALIDATION_ERROR": {
"description": "Set the error message to be sent.",
"value": "Password must have at least 8 characters, contain at least 1 digit, 1 lower case, 1 upper case, and contain at least one special character."
},
"PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_PATTERN": {
"description": "Set the regular expression validation pattern a password must match to be accepted. Defaults to enforcing passwords to have atleast: 8 chars with at least 1 lower case, 1 upper case and 1 digit",
"value": "/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/"
},
"PARSE_SERVER_LOG_LEVELS_TRIGGER_AFTER": {
"description": "Log level used by the Cloud Code Triggers `afterSave`, `afterDelete`, `afterSaveFile`, `afterDeleteFile`, `afterFind`, `afterLogout`.",
"value": "info"
},
"PARSE_SERVER_LOG_LEVELS_TRIGGER_BEFORE_ERROR": {
"description": "Log level used by the Cloud Code Triggers `beforeSave`, `beforeSaveFile`, `beforeDeleteFile`, `beforeFind`, `beforeLogin` on error.",
"value": "error"
},
"PARSE_SERVER_LOG_LEVELS_TRIGGER_BEFORE_SUCCESS": {
"description": "Log level used by the Cloud Code Triggers `beforeSave`, `beforeSaveFile`, `beforeDeleteFile`, `beforeFind`, `beforeLogin` on success.",
"value": "info"
}
},
"stack": "container",
"formation": {
"web": {
"quantity": 1,
"size": "basic"
}
},
"addons": [
{
"plan": "heroku-postgresql:mini",
"as": "db"
},
{
"plan": "scheduler"
},
{
"plan": "newrelic"
},
{
"plan": "papertrail"
}
]
}