mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-04-23 22:37:01 +00:00
9dd964e004
## Loading `config.js` ### Previously Loaded on server-side in `app.js` and in the browser by including `config.js` in `index.html`. The web server has an endpoint `/config` providing the content of server loaded `config.js`. ### Now Loaded only on server-side in `app.js`. The browser loads the content using the web server endpoint `/config`. So the server has control what to provide to the clients. Loading the `config.js` was moved to `Utils.js` so that `check_config.js` can use the same functions. ## Using environment variables in `config.js` ### Previously Environment variables were not allowed in `config.js`. The workaround was to create a `config.js.template` with curly braced bash variables allowed. While starting the app the `config.js.template` was converted via `envsub` into a `config.js`. ### Now Curly braced bash variables are allowed in `config.js`. Because only the server loads `config.js` he can substitute the variables while loading. ## Secrets in MagicMirror² To be honest, this is a mess. ### Previously All content defined in the `config` directory was reachable from the browser. Everyone with access to the site could see all stuff defined in the configuration e.g. using the url http://ip:8080/config. This included api keys and other secrets. So sharing a MagicMirror² url to others or running MagicMirror² without authentication as public website was not possible. ### Now With this PR we add (beta) functionality to protect sensitive data. This is only possible for modules running with a `node_helper`. For modules running in the browser only (e.g. default `weather` module), there is no way to hide data (per construction). This does not mean, that every module with `node_helper` is safe, e.g. the default `calendar` module is not safe because it uses the calendar url's as sort of id and sends them to the client. For adding more security you have to set `hideConfigSecrets: true` in `config.js`. With this: - `config/config.env` is not deliverd to the browser - the contents of environment variables beginning with `SECRET_` are not published to the clients This is a first step to protect sensitive data and you can at least protect some secrets.
134 lines
4.1 KiB
JSON
134 lines
4.1 KiB
JSON
{
|
|
"name": "magicmirror",
|
|
"version": "2.35.0-develop",
|
|
"description": "The open source modular smart mirror platform.",
|
|
"keywords": [
|
|
"magic mirror",
|
|
"magicmirror",
|
|
"smart mirror",
|
|
"mirror UI",
|
|
"modular"
|
|
],
|
|
"homepage": "https://magicmirror.builders",
|
|
"bugs": {
|
|
"url": "https://github.com/MagicMirrorOrg/MagicMirror/issues"
|
|
},
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "https://github.com/MagicMirrorOrg/MagicMirror"
|
|
},
|
|
"license": "MIT",
|
|
"author": "Michael Teeuw",
|
|
"contributors": [
|
|
{
|
|
"name": "MagicMirror contributors",
|
|
"url": "https://github.com/MagicMirrorOrg/MagicMirror/graphs/contributors"
|
|
}
|
|
],
|
|
"type": "commonjs",
|
|
"imports": {
|
|
"#server_functions": {
|
|
"default": "./js/server_functions.js"
|
|
},
|
|
"#http_fetcher": {
|
|
"default": "./js/http_fetcher.js"
|
|
}
|
|
},
|
|
"main": "js/electron.js",
|
|
"scripts": {
|
|
"config:check": "node js/check_config.js",
|
|
"postinstall": "git clean -df fonts vendor modules/default",
|
|
"install-mm": "npm install --no-audit --no-fund --no-update-notifier --only=prod --omit=dev",
|
|
"install-mm:dev": "npm install --no-audit --no-fund --no-update-notifier && npx playwright install chromium",
|
|
"lint:css": "stylelint 'css/**/*.css' 'defaultmodules/**/*.css' --fix",
|
|
"lint:js": "eslint --fix",
|
|
"lint:markdown": "markdownlint-cli2 . --fix",
|
|
"lint:prettier": "prettier . --write",
|
|
"prepare": "[ -f node_modules/.bin/husky ] && husky || echo no husky installed.",
|
|
"server": "node ./serveronly",
|
|
"server:watch": "node ./serveronly/watcher.js",
|
|
"start": "node --run start:wayland",
|
|
"start:dev": "node --run start:wayland -- dev",
|
|
"start:wayland": "WAYLAND_DISPLAY=\"${WAYLAND_DISPLAY:=wayland-1}\" ./node_modules/.bin/electron js/electron.js --ozone-platform=wayland",
|
|
"start:wayland:dev": "node --run start:wayland -- dev",
|
|
"start:windows": ".\\node_modules\\.bin\\electron js\\electron.js",
|
|
"start:windows:dev": "node --run start:windows -- dev",
|
|
"start:x11": "DISPLAY=\"${DISPLAY:=:0}\" ./node_modules/.bin/electron js/electron.js",
|
|
"start:x11:dev": "node --run start:x11 -- dev",
|
|
"test": "vitest run",
|
|
"test:calendar": "node ./defaultmodules/calendar/debug.js",
|
|
"test:coverage": "vitest run --coverage",
|
|
"test:css": "stylelint 'css/**/*.css' 'defaultmodules/**/*.css'",
|
|
"test:e2e": "vitest run tests/e2e",
|
|
"test:electron": "vitest run tests/electron",
|
|
"test:js": "eslint",
|
|
"test:markdown": "markdownlint-cli2 .",
|
|
"test:prettier": "prettier . --check",
|
|
"test:spelling": "cspell . --gitignore",
|
|
"test:ui": "vitest --ui",
|
|
"test:unit": "vitest run tests/unit",
|
|
"test:watch": "vitest"
|
|
},
|
|
"lint-staged": {
|
|
"*": "prettier --ignore-unknown --write",
|
|
"*.js": "eslint --fix",
|
|
"*.css": "stylelint --fix"
|
|
},
|
|
"dependencies": {
|
|
"@fontsource/roboto": "^5.2.9",
|
|
"@fontsource/roboto-condensed": "^5.2.8",
|
|
"@fortawesome/fontawesome-free": "^7.1.0",
|
|
"ajv": "^8.17.1",
|
|
"animate.css": "^4.1.1",
|
|
"console-stamp": "^3.1.2",
|
|
"croner": "^9.1.0",
|
|
"eslint": "^9.39.2",
|
|
"express": "^5.2.1",
|
|
"feedme": "^2.0.2",
|
|
"helmet": "^8.1.0",
|
|
"html-to-text": "^9.0.5",
|
|
"iconv-lite": "^0.7.2",
|
|
"ipaddr.js": "^2.3.0",
|
|
"moment": "^2.30.1",
|
|
"moment-timezone": "^0.6.0",
|
|
"node-ical": "^0.24.1",
|
|
"nunjucks": "^3.2.4",
|
|
"pm2": "^6.0.14",
|
|
"socket.io": "^4.8.3",
|
|
"suncalc": "^1.9.0",
|
|
"systeminformation": "^5.30.7",
|
|
"undici": "^7.19.2",
|
|
"weathericons": "^2.1.0"
|
|
},
|
|
"devDependencies": {
|
|
"@stylistic/eslint-plugin": "^5.7.1",
|
|
"@vitest/coverage-v8": "^4.0.18",
|
|
"@vitest/eslint-plugin": "^1.6.6",
|
|
"@vitest/ui": "^4.0.18",
|
|
"cspell": "^9.6.2",
|
|
"eslint-plugin-import-x": "^4.16.1",
|
|
"eslint-plugin-jsdoc": "^62.5.0",
|
|
"eslint-plugin-package-json": "^0.88.2",
|
|
"eslint-plugin-playwright": "^2.5.1",
|
|
"express-basic-auth": "^1.2.1",
|
|
"husky": "^9.1.7",
|
|
"jsdom": "^27.4.0",
|
|
"lint-staged": "^16.2.7",
|
|
"markdownlint-cli2": "^0.20.0",
|
|
"msw": "^2.12.7",
|
|
"playwright": "^1.58.1",
|
|
"prettier": "^3.8.1",
|
|
"prettier-plugin-jinja-template": "^2.1.0",
|
|
"stylelint": "^17.1.0",
|
|
"stylelint-config-standard": "^40.0.0",
|
|
"stylelint-prettier": "^5.0.3",
|
|
"vitest": "^4.0.18"
|
|
},
|
|
"optionalDependencies": {
|
|
"electron": "^40.1.0"
|
|
},
|
|
"engines": {
|
|
"node": ">=22.21.1 <23 || >=24"
|
|
}
|
|
}
|