diff --git a/commands/templates/client/config.js b/commands/templates/client/config.js index 8e72875..b20d009 100644 --- a/commands/templates/client/config.js +++ b/commands/templates/client/config.js @@ -1,48 +1,121 @@ -/* These are configuration options which can be public. - * WARNING: Do not put any sensitive keys in these files. They *will* be - * seen by the end user if you do. Only things an unauthenticated user - * is allowed to see. Anything else should go in lib/config.js and - * *never* import that file in any client/* files. +/* + These are configuration options which can be public. + + ### Duplication On Purpose + + Do not put any sensitive keys in these files. They *will* be seen by the end + user if you do. Only things an unauthenticated user is allowed to see. + Anything else should go in lib/config.js and *never* import that file in any + client/* files. + + That's why you'll see duplicate information found in the `secrets/config.json` + (imported by `lib/config.js`). Resist the programmer tendency to eliminate + duplication and keep this file's information ___very___ separate from the + information in `secrets/config.json`. + + The primary reason is I've found that claims from build tools to do "tree + shaking" are mostly lies. There's been plenty of times when `rollup` has + imported entire modules when I've only used one function, included code that + was purposefully excluded with a constant, and other errors. Due to the + unreliable nature of "tree shaking" I suggest you _always_ analyze your builds + for extra junk being imported and purposefully trim down anything you find + your build tool including on accident. + + For security though, you should never trust that "tree shaking" will work to + exclude secret information. Always place private information in a completely + separate file and then exclude that file in your `.gitignore` so it's never + committed to your git repository. + */ + +/* + Should the payments be faked? Look in `client/pages/Payment.svelte` for where this is checked and used. */ export const fake_payments = true; +/* + The WebTorrent configuration to use. This is passed to WebTorrent as configuration + options to anything WebTorrent accepts should work. + */ export const webtorrent = { use_dht: false, private: true } -export const product = { - price: 20, - currency: 'USD', - description: 'Super Product', - id: 1 -} - +/* + If you use [BTCPayServer](https://btcpayserver.org/) then this is the URL to the `btcpay.js` file + they tell you to setup. Also remember to set `disabled: false` in the `secrets/config.json` file. + */ export const btcpay_url = 'https://pay.yoursite.com/modal/btcpay.js'; -// brought over from ljsthw but need to adapt to the new product setting -export const product_id = product.id; +/* + This simple stock demo project just sells one product, so you put the `id` here after you create + it in the `product` table. + */ +export const product_id = 1; + +/* + The same `base_host` that you have in `secrets/config.json`. + + ___FOOTGUN___: This has to be duplicated since we want a _clear_ separation + between ___private___ information in `secrets/` and public information in + `client/`. + */ export const base_host = 'http://127.0.0.1:5001'; +/* + Used in emails and pages to tell people who to email. + */ export const support_email = "help@yourcompany.com"; +/* + Your Paypal ___public___ configuration. + + ___FOOTGUN___: Yes, this is duplicated from `secrets/config.json` and you + should duplicate it to ensure that you do ___not___ leak your Paypal private + information in your client builds. + */ export const paypal_public = { disabled: true, client_id: "YOUR PAYPAL PUBLIC KEY", } +/* + Your Stripe ___public___ configuration. + + ___FOOTGUN___: Yes, this is duplicated from `secrets/config.json` and you + should duplicate it to ensure that you do ___not___ leak your Stripe private + information in your client builds. + */ export const stripe_public = { disabled: false, client_id: "pk_MhuNltOn2Gq5VBZ9lMNxv4CB3wFOa" } +/* + What darkmode theme do visitors see first? See `client/components/Darkmode.svelte` + for how this is used. + */ export const darkmode_default = "light"; +/* + Can people register on your site. If you're setting up the site on an initial + public server you might want to disable registration until it's working. + */ export const register_enabled = true; +/* + Default log levels to display in the browser console. + */ export const log_levels = ["debug", "warn", "info", "error", "table", "assert"]; +/* + I'm using Twitter but you can probably find where this is used and change it + to your favorite Twitter alternative. + */ export const twitter_user = "@lzsthw"; +/* + Primarily used in the `commands/gen_players.js` command to generate various "cards", such as Video player cards for Twitter or OG Video cards for LinkedIn and Facebook. + */ export const site_name = "127.0.0.1:5001";