X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/2627a7faf566c1bf79f2b7a02f7cd9287120996f..44961f1f6b5a7cd573ebf463ed66f12b5dba226b:/cookbooks/web/recipes/rails.rb

diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb
index 892da9597..dd0086b70 100644
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -114,19 +114,23 @@ rails_port "www.openstreetmap.org" do
   oauth_application web_passwords["oauth_application"]
   matomo_configuration "location" => matomo[:location],
                        "site" => matomo[:site],
+                       "visitor_cookie_timeout" => matomo[:visitor_cookie_timeout],
+                       "referral_cookie_timeout" => matomo[:referral_cookie_timeout],
+                       "session_cookie_timeout" => matomo[:session_cookie_timeout],
                        "goals" => matomo[:goals].to_hash
   google_auth_id "651529786092-6c5ahcu0tpp95emiec8uibg11asmk34t.apps.googleusercontent.com"
   google_auth_secret web_passwords["google_auth_secret"]
   google_openid_realm "https://www.openstreetmap.org"
   facebook_auth_id "427915424036881"
   facebook_auth_secret web_passwords["facebook_auth_secret"]
-  windowslive_auth_id "0000000040153C51"
-  windowslive_auth_secret web_passwords["windowslive_auth_secret"]
+  microsoft_auth_id "e34f14f1-f790-40f3-9fa4-3c5f1a027c38"
+  microsoft_auth_secret web_passwords["microsoft_auth_secret"]
   github_auth_id "acf7da34edee99e35499"
   github_auth_secret web_passwords["github_auth_secret"]
   wikipedia_auth_id "e4fe0c2c5855d23ed7e1f1c0fa1f1c58"
   wikipedia_auth_secret web_passwords["wikipedia_auth_secret"]
   thunderforest_key web_passwords["thunderforest_key"]
+  tracestrack_key web_passwords["tracestrack_key"]
   totp_key web_passwords["totp_key"]
   csp_enforce true
   trace_use_job_queue true
@@ -140,12 +144,31 @@ rails_port "www.openstreetmap.org" do
   trace_image_storage_url "https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com"
   overpass_url "https://query.openstreetmap.org/query-features"
   overpass_credentials true
+  signup_ip_per_day 24
+  signup_ip_max_burst 48
+  signup_email_per_day 1
+  signup_email_max_burst 2
+  doorkeeper_signing_key web_passwords["openid_connect_key"].join("\n")
+  # Requests to modify the imagery blacklist should come from the DWG only
+  imagery_blacklist [
+    # Current Google imagery URLs have google or googleapis in the domain
+    ".*\\.google(apis)?\\..*/.*",
+    # Blacklist VWorld
+    "http://xdworld\\.vworld\\.kr:8080/.*",
+    # Blacklist here
+    ".*\\.here\\.com[/:].*",
+    # Blacklist Mapy.cz
+    ".*\\.mapy\\.cz.*"
+  ]
 end
 
 systemd_service "rails-jobs@" do
   description "Rails job queue runner"
   type "simple"
-  environment "RAILS_ENV" => "production", "QUEUE" => "%I", "SLEEP_DELAY" => "60"
+  environment "RAILS_ENV" => "production",
+              "QUEUE" => "%I",
+              "SLEEP_DELAY" => "60",
+              "SECRET_KEY_BASE" => web_passwords["secret_key_base"]
   user "rails"
   working_directory rails_directory
   exec_start "#{node[:ruby][:bundle]} exec rails jobs:work"