Merge branch 'master' into 1920

This commit is contained in:
Kim Gardner
2018-10-19 19:07:59 +01:00
committed by GitHub
4 changed files with 30 additions and 7 deletions
+5 -1
View File
@@ -30,7 +30,7 @@ const CONFIG = {
ENABLE_TRACING: Boolean(process.env.APOLLO_ENGINE_KEY),
// EMAIL_SUBJECT_PREFIX is the string before emails in the subject.
EMAIL_SUBJECT_PREFIX: process.env.TALK_EMAIL_SUBJECT_PREFIX || '[Talk]',
EMAIL_SUBJECT_PREFIX: process.env.TALK_EMAIL_SUBJECT_PREFIX,
// DEFAULT_LANG is the default language used for server sent emails and
// rendered text.
@@ -271,6 +271,10 @@ const CONFIG = {
// CONFIG VALIDATION
//==============================================================================
if (typeof CONFIG.EMAIL_SUBJECT_PREFIX === 'undefined') {
CONFIG.EMAIL_SUBJECT_PREFIX = '[Talk]';
}
if (process.env.NODE_ENV === 'test') {
if (!CONFIG.ROOT_URL) {
CONFIG.ROOT_URL = `http://${localAddress}:3001`;
+15 -2
View File
@@ -246,6 +246,21 @@ Refer to the documentation for [TALK_JWT_ALG](#talk-jwt-alg) for other signing
methods and other forms of the `TALK_JWT_SECRET`. If you are interested in using
multiple keys, then refer to [TALK_JWT_SECRETS](#talk-jwt-secrets).
You can also encode your secret as a base64 string (if you are using a symmetric
algorithm) as long as you prefix it with `base64:`. For example:
```plain
TALK_JWT_SECRET={"secret": "base64:dGVzdA=="}
```
Would be the same as:
```plain
TALK_JWT_SECRET={"secret": "test"}
```
As `dGVzdA==` is just `test` encoded using base64.
## TALK_JWT_SECRETS
Used when specifying multiple secrets used for key rotations. This is a JSON
@@ -271,7 +286,6 @@ Note that the secret is stored in a JSON object, keyed by `secret`. This is only
needed when specifying in the multiple secrets for `TALK_JWT_SECRETS`, but may
be used to specify the single [TALK_JWT_SECRET](#talk-jwt-secret).
When the value of [TALK_JWT_ALG](#talk-jwt-alg) is **not** a `HS*` value, then
the value of the `TALK_JWT_SECRETS` should take the form:
@@ -282,7 +296,6 @@ TALK_JWT_SECRETS=[{"kid": "1", "private": "<my private key>", "public": "<my pub
Refer to the documentation on the [TALK_JWT_ALG](#talk-jwt-alg) for more
information on what to store in these parameters.
## TALK_JWT_SIGNING_COOKIE_NAME
The default cookie name that is use to set a cookie containing a JWT that was
+5 -4
View File
@@ -10,9 +10,10 @@ plugin:
---
Using the [Perspective API](http://perspectiveapi.com/), this
plugin will warn users and reject comments that exceed the predefined toxicity
threshold. For more information on what Toxic Comments are, check out the
[Toxic Comments](/talk/toxic-comments/) documentation.
plugin will warn users when comments exceed the predefined toxicity
threshold. Toxic comments will be flagged and are held back from being posted until reviewed by a moderator.
For more information on what Toxic Comments are, check out the [Toxic Comments](/talk/toxic-comments/) documentation, and you can see how the plugin works on [this blog post](https://coralproject.net/blog/toxic-avenging/).
Configuration:
@@ -25,4 +26,4 @@ Configuration:
- `TALK_PERSPECTIVE_TIMEOUT` - The timeout for sending a comment to
be processed before it will skip the toxicity analysis, parsed by
[ms](https://www.npmjs.com/package/ms). (Default `300ms`)
- `TALK_PERSPECTIVE_DO_NOT_STORE` - Whether the API is permitted to store comment and context from this request. Stored comments will be used for future research and community model building purposes to improve the API over time. (Default `true`) [Perspective API - Analize Comment Request](https://github.com/conversationai/perspectiveapi/blob/master/api_reference.md#analyzecomment-request)
- `TALK_PERSPECTIVE_DO_NOT_STORE` - Whether the API stores or deletes the comment text and context from this request after it has been evaluated. Stored comments will be used for future research and community model building purposes to improve the API over time. (Default `true`) [Perspective API - Analyze Comment Request](https://github.com/conversationai/perspectiveapi/blob/master/api_reference.md#analyzecomment-request)
+5
View File
@@ -120,6 +120,11 @@ function SharedSecret({ kid = undefined, secret = null }, algorithm) {
throw new Error('Secret cannot have a zero length');
}
// If the secret is base64 encoded, then decode it!
if (secret.startsWith('base64:')) {
secret = Buffer.from(secret.substring(7), 'base64').toString();
}
return new Secret({
kid,
signingKey: secret,