diff --git a/README.md b/README.md index cf860f7..e1d3b18 100644 --- a/README.md +++ b/README.md @@ -143,6 +143,27 @@ $ cf set-env couchdb-db-copy-and-transform-service TRANSFORM_FUNCTION +$ cf set-env couchdb-db-copy-and-transform-service CONSOLE_PASSWORD +``` + ##### Start the service ``` @@ -160,13 +181,47 @@ Once started, the service will listen to the change feed of the source database. ##### Monitor the service status -This service provides a basic service status console. - -Launch a web browser and open the servide status page `/status`, replacing `` with the URL that was assigned to your service instance. +If the service status endpoint is enabled (default), direct your browser to `/status`, replacing `` with the URL that was assigned to your service instance. Example: `https://couchdb-db-copy-and-transform-service.mybluemix.net/status` -> To disable the console, set environment variable `HIDE_CONSOLE` to `true`. +If prompted, enter the values configured for `CONSOLE_USER` and `CONSOLE_PASSWORD`. + +``` +{ + status_date: "Thu Sep 08 2016 10:53:44 GMT-0700 (Pacific Daylight Time)", + service_status: { + source: { + database_name: "sample_source", + last_change_received: "Thu Sep 08 2016 10:53:41 GMT-0700 (Pacific Daylight Time)", + update_seq: "1206002-g1AAAAI..." + }, + target: { + database_name: "sample_target", + last_applied_update_seq: "103500-g1AAAA..", + copied: 3000, + failed: 0, + last_change_applied: "Thu Sep 08 2016 10:53:42 GMT-0700 (Pacific Daylight Time)" + }, + filter: { + server: { + name: "transform_service/exclude_deleted_docs", + definition: "..." + }, + client: { + name: "sample_filter_functions/ignore_design_documents.js", + definition: "...", + filtered: 3 + } + }, + transformer: { + name: "sample_transform_functions/add_timestamp_property.js", + definition: "..." + } + } +} +``` + ## Run the service locally diff --git a/app.js b/app.js index f01ec3a..2020bc7 100644 --- a/app.js +++ b/app.js @@ -20,12 +20,14 @@ const consts = require('./lib/consts.js'); const cfenv = require('cfenv'); const express = require('express'); const bodyParser = require('body-parser'); +const passport = require('passport'); // to enable debugging, set environment variable DEBUG to slack-about-service or * const debug = require('debug')(consts.appPrefix); var R = require('./lib/replicate.js'); const mutil = require('./lib/util.js'); +const security = require('./lib/security.js'); /* * @@ -79,14 +81,19 @@ r.init(function(err) { var app = express(); app.use(bodyParser.urlencoded({extended: false})); + console.log('Console security is set to: "' + security.strategyName + '"'); + passport.use(security.strategy); + if(! process.env.HIDE_CONSOLE) { // replication status endpoint - app.get('/status', function(req,res) { - r.getDetailedStatus(function(err, status) { - console.log('Service status:' + JSON.stringify(status, null, 1)); - res.status(200).json(status); - }); - }); + app.get('/status', + passport.authenticate(security.strategyName, {session:false}), + function(req,res) { + r.getDetailedStatus(function(err, status) { + console.log('Service status:' + JSON.stringify(status, null, 1)); + res.status(200).json(status); + }); + }); } // start server on the specified port and binding host @@ -100,6 +107,5 @@ r.init(function(err) { }); - // send sample application deployment tracking request to https://github.com/IBM-Bluemix/cf-deployment-tracker-service //require('cf-deployment-tracker-client').track(); \ No newline at end of file diff --git a/lib/security.js b/lib/security.js new file mode 100644 index 0000000..837d1de --- /dev/null +++ b/lib/security.js @@ -0,0 +1,42 @@ +//------------------------------------------------------------------------------- +// Copyright IBM Corp. 2016 +// +// Licensed under the Apache License, Version 2.0 (the 'License'); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an 'AS IS' BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//------------------------------------------------------------------------------- + +'use strict'; + +const BasicStrategy = require('passport-http').BasicStrategy; +const AnonymousStrategy = require('passport-anonymous'); + +var strategyName = null; +var strategy = null; + +// enable basic authentication if security was configured +if((process.env.CONSOLE_USER) && (process.env.CONSOLE_PASSWORD)) { + strategyName = 'basic'; + strategy = new BasicStrategy( + function(userid, password, done) { + if((userid === process.env.CONSOLE_USER) && (password === process.env.CONSOLE_PASSWORD)) { + return done(null, process.env.CONSOLE_USER); + } + return done(null, false); + }); +} +else { + strategyName = 'anonymous'; + strategy = new AnonymousStrategy(); +} + +module.exports.strategy = strategy; +module.exports.strategyName = strategyName; \ No newline at end of file diff --git a/package.json b/package.json index 84a3740..861eb79 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "couchdb-db-transform", - "version": "0.0.4", + "version": "0.0.5", "description": "Fetches documents from one couchdb database, optionally transforms them and inserts them into target database", "main": "app.js", "scripts": { @@ -30,6 +30,9 @@ "express": "^4.14.0", "fs": "0.0.2", "lodash": "^4.15.0", + "passport": "^0.3.2", + "passport-anonymous": "^1.0.1", + "passport-http": "^0.3.0", "path": "^0.12.7", "redis": "^2.6.2", "util": "^0.10.3"