var config = {};

// Basic configuration

// Path
config.ossec_path = "/var/ossec";
// The host to bind the API to.
config.host = "{{ wazuh_manager_config.api.bind_addr }}";
// TCP Port used by the API.
config.port = "{{ wazuh_manager_config.api.port }}";
// Use HTTP protocol over TLS/SSL. Values: yes, no.
config.https = "{{ wazuh_manager_config.api.https }}";
// Use HTTP authentication. Values: yes, no.
config.basic_auth = "{{ wazuh_manager_config.api.basic_auth }}";
//In case the API run behind a proxy server, turn to "yes" this feature. Values: yes, no.
config.BehindProxyServer = "{{ wazuh_manager_config.api.behind_proxy_server }}";

// HTTPS Certificates
config.https_key = "{{ wazuh_manager_config.api.https_key }}"
config.https_cert = "{{ wazuh_manager_config.api.https_cert }}"
config.https_use_ca = "{{ wazuh_manager_config.api.https_use_ca }}"
config.https_ca = "{{ wazuh_manager_config.api.https_ca }}"

// Advanced configuration

// Values for API log: disabled, info, warning, error, debug (each level includes the previous level).
config.logs = "info";
// Cross-origin resource sharing. Values: yes, no.
config.cors = "yes";
// Cache (time in milliseconds)
config.cache_enabled = "yes";
config.cache_debug = "no";
config.cache_time = "750";
// Log path
config.log_path = config.ossec_path + "/logs/api.log";
// Python
config.python = [
    // Default installation
    {
        bin: "python",
        lib: ""
    },
    // Python 3
    {
        bin: "python3",
        lib: ""
    },
    // Package 'python27' for CentOS 6
    {
        bin: "/opt/rh/python27/root/usr/bin/python",
        lib: "/opt/rh/python27/root/usr/lib64"
    }
];
// Shared library path
config.ld_library_path = config.ossec_path + "/framework/lib"

// Option to force the use of authd to remove and add agents
config.use_only_authd = {{ wazuh_manager_config.api.use_only_authd }};

// Option to drop privileges (run as ossec)
config.drop_privileges = {{ wazuh_manager_config.api.drop_privileges }};

// Activate features still under development
config.experimental_features  = {{ wazuh_manager_config.api.experimental_features }};

/************************* SSL OPTIONS ****************************************/
// SSL protocol

// SSL protocol to use. All available secure protocols available at:
// https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
config.secureProtocol = "{{ wazuh_manager_config.api.secure_protocol }}";
try {
    // Disable the use of SSLv3, TLSv1.1 and TLSv1.0. All available secureOptions at: 
    // https://nodejs.org/api/crypto.html#crypto_openssl_options
    const crypto = require('crypto');
    config.secureOptions = crypto.constants.SSL_OP_NO_SSLv3 |
                           crypto.constants.SSL_OP_NO_TLSv1 | 
                           crypto.constants.SSL_OP_NO_TLSv1_1;
} catch (err) {
    console.log("Could not configure NodeJS to avoid unsecure SSL/TLS protocols: " + err)
}

// SSL ciphersuit

// When choosing a cipher, use the server's preferences instead of the client 
// preferences. When not set, the SSL server will always follow the clients 
// preferences. More info at: 
// https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html
config.honorCipherOrder = {{ wazuh_manager_config.api.honor_cipher_order }};
// Modify default ciphersuit. More info: 
// https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite
config.ciphers =  "{{ wazuh_manager_config.api.ciphers }}";

module.exports = config;