<?php

# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
	exit;
}

## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;

$wgSitename = "{{ env "MEDIAWIKI_SITENAME" }}";
$wgMetaNamespace = "{{ env "MEDIAWIKI_SITENAMESPACE" }}";

## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "";

$wgArticlePath = "/wiki/$1";

## The protocol and server name to use in fully-qualified URLs
$wgServer = "https://{{ env "DOMAIN" }}";

## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;

## The URL path to the logo.  Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogo = "{{ env "MEDIAWIKI_LOGO_FILE" }}";

## UPO means: this is also a user preference option

$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO

$wgEmergencyContact = "{{ env "MEDIAWIKI_EMAIL_CONTACT" }}";
$wgPasswordSender = "{{ env "MEDIAWIKI_EMAIL_FROM" }}";

$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;

## Database settings
$wgDBtype = "mysql";
$wgDBserver = "{{ env "DB_HOST" }}";
$wgDBname = "{{ env "DB_NAME" }}";
$wgDBuser = "{{ env "DB_USER" }}";
$wgDBpassword = rtrim(file_get_contents('/run/secrets/db_password'));

# MySQL specific settings
$wgDBprefix = "";

# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";

## Shared memory settings
$wgMainCacheType = CACHE_ACCEL;
$wgMemCachedServers = [];

## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/bin/convert";

# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = false;

# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = false;

## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "C.UTF-8";

## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publically accessible from the web.
#$wgCacheDirectory = "$IP/cache";

# Site language code, should be one of the list in ./languages/data/Names.php
$wgLanguageCode = "{{ env "MEDIAWIKI_LANGUAGE" }}";

$wgSecretKey = rtrim(file_get_contents('/run/secrets/mediawiki_secret_key'));

# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "1";

# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
$wgUpgradeKey = "";

## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";

# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "/usr/bin/diff3";

{{ if eq (env "MEDIAWIKI_ALLOW_REGISTRATION") "1" }}
$wgGroupPermissions['*']['createaccount'] = true;
$wgEmailConfirmToEdit = true;
{{ else }}
$wgGroupPermissions['*']['createaccount'] = false;
{{ end }}

$wgGroupPermissions['*']['edit'] = false;
{{ if eq (env "MEDIAWIKI_IS_PRIVATE") "1" }}
$wgGroupPermissions['*']['read'] = false;
{{ else }}
$wgGroupPermissions['*']['read'] = true;
{{ end }}

{{ if ne (env "MEDIAWIKI_PROXY_SERVERS") "" }}
// In LocalSettings.php
$wgUseCdn = true;
$wgCdnServersNoPurge = [];
$wgCdnServersNoPurge[] = "{{ env "MEDIAWIKI_PROXY_SERVERS" }}";
{{ end }}

# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'Vector' );
wfLoadSkin( 'MinervaNeue' );

## Default skin: you can change the default skin. Use the internal symbolic
## names, ie 'vector', 'monobook':

{{ if eq (env "TWEEKI_ENABLED") "1" }}
wfLoadSkin( 'Tweeki' );
$wgDefaultSkin = "tweeki";
{{ else }}
$wgDefaultSkin = "vector";
{{ end }}

{{ if eq (env "MOBILEFRONTEND_ENABLED") "1" }}
wfLoadExtension( 'MobileFrontend' );
$wgDefaultMobileSkin = 'minerva';
{{ end }}

# Enabled extensions. Most of the extensions are enabled by adding
# wfLoadExtensions('ExtensionName');
# to LocalSettings.php. Check specific extension documentation for more details.
# The following extensions were automatically enabled:
wfLoadExtension( 'VisualEditor' );

wfLoadExtension( 'Interwiki' );
wfLoadExtension( 'Cite' );
wfLoadExtension( 'ParserFunctions' );

# End of automatically generated settings.
# Add more configuration options below.

$wgDefaultUserOptions['visualeditor-enable'] = 1;

$wgVisualEditorAllowLossySwitching = false;

{{ if eq (env "SAML_ENABLED") "1" }}
wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'SimpleSAMLphp' );

$wgSimpleSAMLphp_InstallDir = "/var/simplesamlphp/";

$wgPluggableAuth_Config['Log in using my SAML'] = [
  'plugin' => 'SimpleSAMLphp',
  'data' => [
	'authSourceId' => '{{ env "SAML_AUTH_SOURCE_ID" }}',
	'usernameAttribute' => '{{ env "SAML_USERNAME_ATTRIBUTE" }}',
	'realNameAttribute' => '{{ env "SAML_REAL_NAME_ATTRIBUTE" }}',
	'emailAttribute' => '{{ env "SAML_EMAIL_ATTRIBUTE" }}'
  ]
];

$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['*']['createaccount'] = false;
{{ end }}

{{ if eq (env "MEDIAWIKI_DEBUG") "1" }}
$wgDebugLogFile = "/var/log/debug-{$wgDBname}.log";
$wgShowExceptionDetails = true;
$wgDebugToolbar = true;
{{ end }}

{{ if eq (env "OPENID_ENABLED") "1" }}
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' );

$wgPluggableAuth_Config[] = [
    'plugin' => 'OpenIDConnect',
    'data' => [
        'providerURL' => '{{ env "OPENID_KEYCLOAK_URL" }}',
        'clientID' => '{{ env "OPENID_CLIENT_ID"}}',
        'clientsecret' => '{{ secret "openid_client_secret" }}'
    ]
];

$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['*']['createaccount'] = false;
{{ end }}

{{ if env "SMTP_HOST" }}
$wgSMTP = [
    'host'     => '{{ env "SMTP_HOST" }}',       // could also be an IP address. Where the SMTP server is located
    'port'     => {{ env "SMTP_PORT" }},         // Port to use when connecting to the SMTP server
{{ if env "SMTP_USER" }}
    'auth'     => true,                          // Should we use SMTP authentication (true or false)
    'username' => '{{ env "SMTP_USER" }}',       // Username to use for SMTP authentication (if being used)
    'password' => '{{ secret "smtp_password" }}' // Password to use for SMTP authentication (if being used)
{{ else }}
    'auth'     => false
{{ end }}
];
{{ end }}

{{ if eq (env "MSU_ENABLED") "1" }}
wfLoadExtension( 'MsUpload' );
$wgAllowJavaUploads = true; // Solves problem with Office 2007 and newer files (docx, xlsx, etc.)
{{ end }}

{{ if eq (env "PAGEFORMS_ENABLED") "1" }}
wfLoadExtension( 'PageForms' );
{{ end }}

{{ if eq (env "PAGESCHEMAS_ENABLED") "1" }}
wfLoadExtension( 'PageSchemas' );
{{ end }}

{{ if eq (env "SEMANTICMW_ENABLED") "1" }}
wfLoadExtension( 'SemanticMediaWiki' );
enableSemantics( '{{ env "DOMAIN" }}' );
{{ end }}

{{ if eq (env "MARKDOWN_ENABLED") "1" }}
wfLoadExtension( 'WikiMarkdown' );
$wgAllowMarkdownExtra = true; // allows usage of Parsedown Extra
$wgAllowMarkdownExtended = true; // allows usage of Parsedown Extended
{{ end }}

$wgFileExtensions = array(
    'png', 'gif', 'jpg', 'jpeg', 'doc', 'xls', 'mpp', 'pdf', 'ppt', 'tiff',
    'bmp', 'docx', 'xlsx', 'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
);

$wgUploadSizeWarning = 1000000000;
$wgMaxUploadSize = 1000000000;

# Greatly relax IP-based throttling for logging in while we work around docker networking issues.
# https://social.coop/@flancian/110980993608947217
$wgPasswordAttemptThrottle = [
	// Short term limit
	[ 'count' => 9999, 'seconds' => 300 ],
	// Long term limit. We need to balance the risk
	// of somebody using this as a DoS attack to lock someone
	// out of their account, and someone doing a brute force attack.
	[ 'count' => 999999, 'seconds' => 60 * 60 * 48 ],
];