feat: #be protect dashboard w/ basic auth

c0ab7e26 · Paolo Brasolin · c8fd61e1 · c0ab7e26 · c0ab7e26 · c0ab7e26
Commit c0ab7e26 authored 2 years ago by Paolo Brasolin
--- a/backend/docker-compose.dev.yml
+++ b/backend/docker-compose.dev.yml
@@ -17,6 +17,8 @@ services:
      - PORT=8080
      - DATABASE_URL=postgres://db_user:db_pass@database/db_name
      - APP_VERSION=development
+      - DASHBOARD_USERNAME=admin
+      - DASHBOARD_PASSWORD=admin
    command: npm run serve
  cli:
    # docker-compose -f docker-compose.dev.yml run cli

--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -9,6 +9,8 @@
      "version": "1.2.0",
      "license": "MIT",
      "dependencies": {
+        "@fastify/auth": "^2.0.0",
+        "@fastify/basic-auth": "^3.0.2",
        "@sinclair/typebox": "^0.23.4",
        "@types/sharp": "^0.29.5",
        "@xmldom/xmldom": "^0.8.1",
@@ -674,6 +676,59 @@
        "ajv": "^6.12.6"
      }
    },
+    "node_modules/@fastify/auth": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@fastify/auth/-/auth-2.0.0.tgz",
+      "integrity": "sha512-86+vCuiAbbtOLf3d3n4p/+o425JPh2lpEigc6y3pYIIZgedZuWawYzGaN/R8J0br1jSmTURQbHfOzE0iQSbLWA==",
+      "dependencies": {
+        "fastify-plugin": "^3.0.0",
+        "reusify": "^1.0.4"
+      }
+    },
+    "node_modules/@fastify/basic-auth": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@fastify/basic-auth/-/basic-auth-3.0.2.tgz",
+      "integrity": "sha512-LCAhLRn4/CrJAS/ThZxNbT1FDpd1SyZD2lWnepJgvrZobytADlXDHtm/VRnJvqOfvlHsUzOfp5BrTPtcvw2h5w==",
+      "dependencies": {
+        "basic-auth": "^2.0.1",
+        "fastify-plugin": "^3.0.0",
+        "http-errors": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/@fastify/basic-auth/node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/@fastify/basic-auth/node_modules/http-errors": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
+      "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==",
+      "dependencies": {
+        "depd": "2.0.0",
+        "inherits": "2.0.4",
+        "setprototypeof": "1.2.0",
+        "statuses": "2.0.1",
+        "toidentifier": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/@fastify/basic-auth/node_modules/statuses": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
+      "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
    "node_modules/@humanwhocodes/config-array": {
      "version": "0.9.5",
      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.9.5.tgz",
@@ -1985,6 +2040,22 @@
        }
      ]
    },
+    "node_modules/basic-auth": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
+      "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
+      "dependencies": {
+        "safe-buffer": "5.1.2"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/basic-auth/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
    "node_modules/binary-extensions": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
@@ -8523,6 +8594,49 @@
        "ajv": "^6.12.6"
      }
    },
+    "@fastify/auth": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@fastify/auth/-/auth-2.0.0.tgz",
+      "integrity": "sha512-86+vCuiAbbtOLf3d3n4p/+o425JPh2lpEigc6y3pYIIZgedZuWawYzGaN/R8J0br1jSmTURQbHfOzE0iQSbLWA==",
+      "requires": {
+        "fastify-plugin": "^3.0.0",
+        "reusify": "^1.0.4"
+      }
+    },
+    "@fastify/basic-auth": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@fastify/basic-auth/-/basic-auth-3.0.2.tgz",
+      "integrity": "sha512-LCAhLRn4/CrJAS/ThZxNbT1FDpd1SyZD2lWnepJgvrZobytADlXDHtm/VRnJvqOfvlHsUzOfp5BrTPtcvw2h5w==",
+      "requires": {
+        "basic-auth": "^2.0.1",
+        "fastify-plugin": "^3.0.0",
+        "http-errors": "^2.0.0"
+      },
+      "dependencies": {
+        "depd": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+          "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
+        },
+        "http-errors": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
+          "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==",
+          "requires": {
+            "depd": "2.0.0",
+            "inherits": "2.0.4",
+            "setprototypeof": "1.2.0",
+            "statuses": "2.0.1",
+            "toidentifier": "1.0.1"
+          }
+        },
+        "statuses": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
+          "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ=="
+        }
+      }
+    },
    "@humanwhocodes/config-array": {
      "version": "0.9.5",
      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.9.5.tgz",
@@ -9540,6 +9654,21 @@
      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA=="
    },
+    "basic-auth": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
+      "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
+      "requires": {
+        "safe-buffer": "5.1.2"
+      },
+      "dependencies": {
+        "safe-buffer": {
+          "version": "5.1.2",
+          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+          "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        }
+      }
+    },
    "binary-extensions": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",

--- a/backend/package.json
+++ b/backend/package.json
@@ -23,6 +23,8 @@
    "watch:test": "jest --watch"
  },
  "dependencies": {
+    "@fastify/auth": "^2.0.0",
+    "@fastify/basic-auth": "^3.0.2",
    "@sinclair/typebox": "^0.23.4",
    "@types/sharp": "^0.29.5",
    "@xmldom/xmldom": "^0.8.1",

--- a/backend/src/dashboard.ts
+++ b/backend/src/dashboard.ts
@@ -11,6 +11,7 @@ const dashboardPlugin: FastifyPluginCallback = (fastify, options, next) => {
  fastify.route({
    method: "GET",
    url: "/",
+    preHandler: fastify.auth([fastify.basicAuth]),
    handler: async (request, reply) => {
      // reply.code(200).send("Hello, World!");


--- a/backend/src/index.ts
+++ b/backend/src/index.ts
 import fastify from "fastify";
+import fastifyAuth from "@fastify/auth";
+import fastifyBasicAuth from "@fastify/basic-auth";
 import fastifyCors from "fastify-cors";
 import fastifySwagger from "fastify-swagger";
 import fastifyRollbar from "./rollbar_plugin";
@@ -45,6 +47,18 @@ server.register(fastifySwagger, {
  },
 });

+server.register(fastifyAuth);
+server.register(fastifyBasicAuth, {
+  authenticate: true,
+  validate: async function (username, password) {
+    const user = process.env.DASHBOARD_USERNAME;
+    const pass = process.env.DASHBOARD_PASSWORD;
+    const userKo = !user || user !== username;
+    const passKo = !pass || pass !== password;
+    if (userKo || passKo) return new Error("Unauthorized");
+  },
+});
+
 import apiRoutes from "./api";
 server.register(apiRoutes, { prefix: "api" });