feat: 🎸 Use config.ini configure

src/app.ts

@@ -16,7 +16,6 @@ import { startScheduledCleanup } from "./services/erase.js";
 import sql_init from "./services/sql_init.js";
 import oidc from "express-openid-connect";
 import openID from "./services/open_id.js";
-import * as dotenv from "dotenv";
 import { t } from "i18next";
 
 await import("./services/handlers.js");
@@ -26,8 +25,6 @@ const app = express();
 
 const scriptDir = dirname(fileURLToPath(import.meta.url));
 
-// Configure environment variables
-dotenv.config();
 
 // Initialize DB
 sql_init.initializeDb();

src/public/translations/en/translation.json

@@ -1314,14 +1314,14 @@
     "description": "Multi-Factor Authentication (MFA) adds an extra layer of security to your account. Instead of just entering a password to log in, MFA requires you to provide one or more additional pieces of evidence to verify your identity. This way, even if someone gets hold of your password, they still can't access your account without the second piece of information. It's like adding an extra lock to your door, making it much harder for anyone else to break in.",
     "oauth_title": "OAuth/OpenID",
     "oauth_enabled": "OAuth/OpenID Enabled",
-    "oauth_enable_description": "Set SSO_ENABLED as environment variable to 'true' to enable (Requires restart)",
+    "oauth_enable_description": "Set ssoEnabled in config file to true or set TRILIUM_SSO_ENABLED environment variable to true to enable (Requires restart)",
     "oauth_user_account": "User Account:",
     "oauth_user_email": "User Email:",
     "oauth_user_not_logged_in": "Not logged in!",
     "oauth_description": "OpenID is a standardized way to let you log into websites using an account from another service, like Google, to verify your identity.",
     "totp_title": "Time-based One-Time Password",
     "totp_enabled": "TOTP Enabled",
-    "totp_enable_description": "Set TOTP_ENABLED as environment variable to 'true' to enable (Requires restart)",
+    "totp_enable_description": "Set totpEnabled in config file to true or set TRILIUM_TOTP_ENABLED environment variable to true to enable (Requires restart)",
     "totp_description": "TOTP (Time-Based One-Time Password) is a security feature that generates a unique, temporary code which changes every 30 seconds. You use this code, along with your password to log into your account, making it much harder for anyone else to access it.",
     "totp_secret_title": "Generate TOTP Secret",
     "totp_secret_description": "TOTP Secret Key",

src/routes/api/totp.ts

@@ -1,27 +1,20 @@
-import {generateSecret} from 'time2fa';
+import { generateSecret } from 'time2fa';
+import config from '../../services/config.js';
 
 function generateTOTPSecret() {
-    return {success: 'true', message: generateSecret()};
+    return { success: 'true', message: generateSecret() };
 }
 
 function getTotpEnabled() {
-    if (process.env.TOTP_ENABLED === undefined) {
-        return false;
-    }
-    if (process.env.TOTP_ENABLED.toLocaleLowerCase() !== 'true') {
-        return false;
-    }
-
-    return true;
+    return config.MultiFactorAuthentication.totpEnabled;
 }
 
 function getTOTPStatus() {
-    const totpEnabled = getTotpEnabled();
-    return {success: true, message: totpEnabled, enabled: getTotpEnabled()};
+    return { success: true, message: getTotpEnabled(), enabled: getTotpEnabled() };
 }
 
 function getSecret() {
-    return process.env.TOTP_SECRET;
+    return config.MultiFactorAuthentication.totpSecret;
 }
 
 export default {

src/services/config.ts

@@ -110,22 +110,22 @@ const config: TriliumConfig = {
 
     MultiFactorAuthentication: {
         totpEnabled:
-            envToBoolean(process.env.TRILIUM_TOTPENABLED) || iniConfig?.MultiFactorAuthentication?.totpEnabled || false,
+            envToBoolean(process.env.TRILIUM_TOTP_ENABLED) || iniConfig?.MultiFactorAuthentication?.totpEnabled || false,
 
         totpSecret:
-            process.env.TRILIUM_TOTPSECRET || iniConfig?.MultiFactorAuthentication?.totpSecret || "",
+            process.env.TRILIUM_TOTP_SECRET || iniConfig?.MultiFactorAuthentication?.totpSecret || "",
 
         ssoEnabled:
             envToBoolean(process.env.TRILIUM_SSO_ENABLED) || iniConfig?.MultiFactorAuthentication?.ssoEnabled || false,
 
         oauthBaseUrl:
-            process.env.TRILIUM_OAUTH_BASEURL || iniConfig?.MultiFactorAuthentication?.oauthBaseUrl || "",
+            process.env.TRILIUM_OAUTH_BASE_URL || iniConfig?.MultiFactorAuthentication?.oauthBaseUrl || "",
 
         oauthClientId:
-            process.env.TRILIUM_OAUTH_CLIENTID || iniConfig?.MultiFactorAuthentication?.oauthClientId || "",
+            process.env.TRILIUM_OAUTH_CLIENT_ID || iniConfig?.MultiFactorAuthentication?.oauthClientId || "",
 
         oauthClientSecret:
-            process.env.TRILIUM_OAUTH_CLIENTSECRET || iniConfig?.MultiFactorAuthentication?.oauthClientSecret || ""
+            process.env.TRILIUM_OAUTH_CLIENT_SECRET || iniConfig?.MultiFactorAuthentication?.oauthClientSecret || ""
     }
 };
 

src/services/open_id.ts

@@ -5,6 +5,8 @@ import sqlInit from "./sql_init.js";
 import options from "./options.js";
 import type { Session } from "express-openid-connect";
 import sql from "./sql.js";
+import config from "./config.js";
+
 
 function isOpenIDEnabled() {
     return checkOpenIDRequirements();
@@ -35,28 +37,21 @@ function clearSavedUser() {
 }
 
 function checkOpenIDRequirements() {
-    if (process.env.SSO_ENABLED === undefined) {
-        return false;
-    }
-    if (process.env.SSO_ENABLED.toLocaleLowerCase() !== "true") {
-        return false;
-    }
-
-    if (process.env.TOTP_ENABLED?.toLocaleLowerCase() === "true") {
+    if (config.MultiFactorAuthentication.totpEnabled) {
         throw new OpenIDError("Cannot enable both OpenID and TOTP!");
     }
 
-    if (process.env.BASE_URL === undefined) {
-        throw new OpenIDError("BASE_URL is undefined in .env!");
+    if (config.MultiFactorAuthentication.oauthBaseUrl === "") {
+        throw new OpenIDError("oauthBaseUrl is undefined!");
     }
-    if (process.env.CLIENT_ID === undefined) {
-        throw new OpenIDError("CLIENT_ID is undefined in .env!");
+    if (config.MultiFactorAuthentication.oauthClientId === "") {
+        throw new OpenIDError("oauthClientId is undefined!");
     }
-    if (process.env.SECRET === undefined) {
-        throw new OpenIDError("SECRET is undefined in .env!");
+    if (config.MultiFactorAuthentication.oauthClientSecret === "") {
+        throw new OpenIDError("oauthClientSecret is undefined!");
     }
 
-    return true;
+    return config.MultiFactorAuthentication.ssoEnabled;
 }
 
 function getOAuthStatus() {
@@ -112,11 +107,11 @@ function generateOAuthConfig() {
     const authConfig = {
         authRequired: true,
         auth0Logout: false,
-        baseURL: process.env.BASE_URL,
-        clientID: process.env.CLIENT_ID,
+        baseURL: config.MultiFactorAuthentication.oauthBaseUrl,
+        clientID: config.MultiFactorAuthentication.oauthClientId,
         issuerBaseURL: "https://accounts.google.com/.well-known/openid-configuration",
-        secret: process.env.SECRET,
-        clientSecret: process.env.SECRET,
+        secret: config.MultiFactorAuthentication.oauthClientSecret,
+        clientSecret: config.MultiFactorAuthentication.oauthClientSecret,
         authorizationParams: {
             response_type: "code",
             scope: "openid profile email",