This is an automated email from the ASF dual-hosted git repository.
nealsun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/helix.git
The following commit(s) were added to refs/heads/master by this push:
new f15952be3 Configurable Custom CA Bundle for helix-front (#2271 )
f15952be3 is described below
commit f15952be3cb1bf2fb697979ef7210b9cd13c18f4
Author: helix-bot <117035117+helix-...@users.noreply.github.com>
AuthorDate: Thu Nov 10 13:28:50 2022 -0800
Configurable Custom CA Bundle for helix-front (#2271 )
Add support for a configurable custom certificate authority bundle to
helix-front.
---
helix-front/angular.json | 3 ++-
helix-front/server/app.ts | 2 +-
helix-front/server/controllers/d.ts | 16 +++++++++++++++-
helix-front/server/controllers/helix.ts | 19 ++++++++++++++-----
helix-front/server/controllers/user.ts | 20 ++++++++++++++------
5 files changed, 46 insertions(+), 14 deletions(-)
diff --git a/helix-front/angular.json b/helix-front/angular.json
index 473df6427..d74c6f8c1 100644
--- a/helix-front/angular.json
+++ b/helix-front/angular.json
@@ -72,7 +72,8 @@
"serve": {
"builder": "@angular-devkit/build-angular:dev-server",
"options": {
- "proxyConfig": "./proxy.conf.json"
+ "proxyConfig": "./proxy.conf.json",
+ "disableHostCheck": true
},
"configurations": {
"production": {
diff --git a/helix-front/server/app.ts b/helix-front/server/app.ts
index ff873a232..bf74fe5c8 100644
--- a/helix-front/server/app.ts
+++ b/helix-front/server/app.ts
@@ -48,7 +48,7 @@ app.use((req, res, next) => {
setRoutes(app);
-app.get('/*', function (req, res) {
+app.get('/*', function (_req, res) {
res.sendFile(path.join(__dirname, '../public/index.html'));
});
diff --git a/helix-front/server/controllers/d.ts
b/helix-front/server/controllers/d.ts
index 3f3c88415..c008fc248 100644
--- a/helix-front/server/controllers/d.ts
+++ b/helix-front/server/controllers/d.ts
@@ -1,6 +1,7 @@
import { Request } from 'express';
+import request from 'request';
-export interface HelixUserRequest extends Request {
+export interface HelixRequest extends Request {
session?: HelixSession;
}
@@ -12,3 +13,16 @@ interface HelixSession {
username: string;
isAdmin: boolean;
}
+
+type AgentOptions = {
+ rejectUnauthorized: boolean;
+ ca?: string;
+};
+
+export type HelixRequestOptions = {
+ url: string;
+ json: string;
+ headers: request.Headers;
+ agentOptions: AgentOptions;
+ body?: string;
+};
diff --git a/helix-front/server/controllers/helix.ts
b/helix-front/server/controllers/helix.ts
index 8d2507f8c..5b7bd300d 100644
--- a/helix-front/server/controllers/helix.ts
+++ b/helix-front/server/controllers/helix.ts
@@ -1,9 +1,9 @@
import { Request, Response, Router } from 'express';
-
import * as request from 'request';
+import { readFileSync } from 'fs';
-import { HELIX_ENDPOINTS, IDENTITY_TOKEN_SOURCE } from '../config';
-import { HelixUserRequest } from './d';
+import { HELIX_ENDPOINTS, IDENTITY_TOKEN_SOURCE, SSL } from '../config';
+import { HelixRequest, HelixRequestOptions } from './d';
export class HelixCtrl {
static readonly ROUTE_PREFIX = '/api/helix';
@@ -13,7 +13,7 @@ export class HelixCtrl {
router.route('/helix/*').all(this.proxy);
}
- protected proxy(req: HelixUserRequest, res: Response) {
+ protected proxy(req: HelixRequest, res: Response) {
const url = req.originalUrl.replace(HelixCtrl.ROUTE_PREFIX, '');
const helixKey = url.split('/')[1];
@@ -43,14 +43,23 @@ export class HelixCtrl {
const realUrl = apiPrefix + url.replace(`/${helixKey}`, '');
console.log(`helix-rest request url ${realUrl}`);
- const options = {
+ const options: HelixRequestOptions = {
url: realUrl,
json: req.body,
headers: {
'Helix-User': user,
},
+ agentOptions: {
+ rejectUnauthorized: false,
+ },
};
+ if (SSL.cafiles.length > 0) {
+ options.agentOptions.ca = readFileSync(SSL.cafiles[0], {
+ encoding: 'utf-8',
+ });
+ }
+
if (IDENTITY_TOKEN_SOURCE) {
options.headers['Identity-Token'] =
res.locals.cookie['helixui_identity.token'];
diff --git a/helix-front/server/controllers/user.ts
b/helix-front/server/controllers/user.ts
index 9a317b5ff..6527a2bcc 100644
--- a/helix-front/server/controllers/user.ts
+++ b/helix-front/server/controllers/user.ts
@@ -1,13 +1,15 @@
import { Response, Router } from 'express';
import * as LdapClient from 'ldapjs';
import * as request from 'request';
+import { readFileSync } from 'fs';
import {
LDAP,
IDENTITY_TOKEN_SOURCE,
CUSTOM_IDENTITY_TOKEN_REQUEST_BODY,
+ SSL,
} from '../config';
-import { HelixUserRequest } from './d';
+import { HelixRequest, HelixRequestOptions } from './d';
export class UserCtrl {
constructor(router: Router) {
@@ -17,7 +19,7 @@ export class UserCtrl {
router.route('/user/can').get(this.can);
}
- protected authorize(req: HelixUserRequest, res: Response) {
+ protected authorize(req: HelixRequest, res: Response) {
//
// you can rewrite this function
// to support your own authorization logic
@@ -30,7 +32,7 @@ export class UserCtrl {
}
}
- protected current(req: HelixUserRequest, res: Response) {
+ protected current(req: HelixRequest, res: Response) {
res.json(req.session.username || 'Sign In');
}
@@ -39,7 +41,7 @@ export class UserCtrl {
// see if this helix-front ExpressJS server
// already knows that the current user is an admin.
//
- protected can(req: HelixUserRequest, res: Response) {
+ protected can(req: HelixRequest, res: Response) {
try {
return res.json(req.session.isAdmin ? true : false);
} catch (err) {
@@ -50,7 +52,7 @@ export class UserCtrl {
}
}
- protected login(req: HelixUserRequest, res: Response) {
+ protected login(req: HelixRequest, res: Response) {
const credential = req.body;
if (!credential.username || !credential.password) {
res.status(401).json(false);
@@ -100,7 +102,7 @@ export class UserCtrl {
...CUSTOM_IDENTITY_TOKEN_REQUEST_BODY,
});
- const options = {
+ const options: HelixRequestOptions = {
url: IDENTITY_TOKEN_SOURCE,
json: '',
body,
@@ -112,6 +114,12 @@ export class UserCtrl {
},
};
+ if (SSL.cafiles.length > 0) {
+ options.agentOptions.ca = readFileSync(SSL.cafiles[0],
{
+ encoding: 'utf-8',
+ });
+ }
+
function callback(error, _res, body) {
if (error) {
throw new Error(
