Skip to content

Commit

Permalink
Add protocol to all connections (#1974)
Browse files Browse the repository at this point in the history 
* frontend,api,excel-export,provisioning,storage:Add protocol variable

* frontend,api,excel-export,provisioning,storage:Add protocol variable

* api:Fix typescript type

* e2e:Increate provisioning timeout

* api:Fix typescript type

* api:Add missing vars. Fix typescript type.

---------

Co-authored-by: Peter Baus <[email protected]>
  • Loading branch information
@galethil
galethil and Peter Baus authored Sep 13, 2024
1 parent f848f6f commit a3b1a29
Show file tree
Hide file tree
Showing 35 changed files with 126 additions and 52 deletions.
6 changes: 6 additions & 0 deletions api/environment-variables.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,11 @@
| ROOT_SECRET | no | [random] | The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console <br/>**Caution:** If you want to run TruBudget in production, make sure to set a secure root secret. |
| MULTICHAIN_RPC_HOST | no | localhost | The IP address of the blockchain (not multichain daemon,but they are usally the same) you want to connect to. |
| BLOCKCHAIN_PORT | no | 8085 | The Port of the blockchain where the server is available for incoming http connections (e.g. readiness, versions, backup and restore) |
| BLOCKCHAIN_PROTOCOL | no | http | The Protocol of the blockchain where the server is available for incoming http connections ("http" or "https") |
| MULTICHAIN_RPC_USER | no | multichainrpc | The user used to connect to the multichain daemon. |
| MULTICHAIN_RPC_PASSWORD | no | [hardcoded] | Password used by the API to connect to the blockchain. The password is set by the origin node upon start. Every beta node needs to use the same RPC password in order to be able to connect to the blockchain. <br/>**Hint:** Although the MULTICHAIN_RPC_PASSWORD is not required it is highly recommended to set an own secure one |
| MULTICHAIN_RPC_PORT | no | 8000 | The port used to expose the multichain daemon of your Trubudget blockchain installation(bc). The port used to connect to the multichain daemon(api). This will be used internally for the communication between the API and the multichain daemon. |
| MULTICHAIN_RPC_PROTOCOL | no | http | The protocol used to expose the multichain daemon of your Trubudget blockchain installation(bc). The protocol used to connect to the multichain daemon(api). This will be used internally for the communication between the API and the multichain daemon. "http" or "https" |
| SWAGGER_BASEPATH `deprecated` | no | / | This variable was used to choose which environment (prod or test) is used for testing the requests. The variable is deprecated now, as the Swagger documentation can be used for the prod and test environment separately. |
| JWT_ALGORITHM | no | `HS256` | Algorithm used for signing and verifying JWTs. Currently `HS256` or `RS256` are supported. |
| JWT_SECRET | no | [random] | A string that is used to sign JWT which are created by the authenticate endpoint of the api. If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded private key for RSA. |
Expand All @@ -23,7 +25,11 @@
| DOCUMENT_EXTERNAL_LINKS_ENABLED | no | false | If true, it is possible to use external documents links also without TruBudget's storage-service. If false, the external documents links feature of TruBudget is still possible to use in case DOCUMENT_FEATURE_ENABLED equals "true". |
| STORAGE_SERVICE_HOST | no | localhost | IP of connected storage service |
| STORAGE_SERVICE_PORT | no | 8090 | Port of connected storage service |
| STORAGE_SERVICE_PROTOCOL | no | http | Protocol of connected storage service. "http" or "https" |
| STORAGE_SERVICE_EXTERNAL_URL | no | - | IP and port of own connected storage service accessible externally |
| EMAIL_HOST | no | localhost | IP of connected email service |
| EMAIL_PORT | no | 8090 | Port of connected email service |
| EMAIL_PROTOCOL | no | http | Protocol of connected email service. "http" or "https" |
| ENCRYPTION_PASSWORD | no | - | If set, all data that is send to the MultiChain node and external storage will be symmetrically encrypted by the ENCRYPTION_PASSWORD |
| SIGNING_METHOD | no | node | Possible signing methods are: `node` and `user`. Transactions on the chain will be signed using either the address of the node or the address of the specific user publishing that transaction. |
| NODE_ENV | no | production | If set to `development` api will allow any string as password. If set to `production` passwords must satisfy safePasswordSchema, see lib/joiValidation-.ts & -.spec.ts files |
Expand Down
9 changes: 9 additions & 0 deletions api/src/config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ interface ProcessEnvVars {
STORAGE_SERVICE_EXTERNAL_URL: string;
EMAIL_HOST: string;
EMAIL_PORT: string;
EMAIL_PROTOCOL: "http" | "https";
ACCESS_CONTROL_ALLOW_ORIGIN: string;
NODE_ENV: string;
ENCRYPTION_PASSWORD: string;
Expand Down Expand Up @@ -76,6 +77,7 @@ interface Config {
rpc: {
host: string;
port: number;
protocol: "http" | "https";
user: string;
password: string;
};
Expand All @@ -84,6 +86,7 @@ interface Config {
blockchain: {
host: string;
port: number;
protocol: "http" | "https";
};
jwt: JwtConfig;
npmPackageVersion: string;
Expand All @@ -95,11 +98,13 @@ interface Config {
storageService: {
host: string;
port: number;
protocol: "http" | "https";
externalUrl: string;
};
emailService: {
host: string;
port: number;
protocol: "http" | "https";
};
encryptionPassword: string | undefined;
signingMethod: string;
Expand Down Expand Up @@ -136,6 +141,7 @@ export const config: Config = {
rpc: {
host: process.env.MULTICHAIN_RPC_HOST || "localhost",
port: Number(process.env.MULTICHAIN_RPC_PORT) || 8000,
protocol: process.env.MULTICHAIN_RPC_PROTOCOL === "https" ? "https" : "http",
user: process.env.MULTICHAIN_RPC_USER || "multichainrpc",
password: process.env.MULTICHAIN_RPC_PASSWORD || "s750SiJnj50yIrmwxPnEdSzpfGlTAHzhaUwgqKeb0G1j",
},
Expand All @@ -144,6 +150,7 @@ export const config: Config = {
blockchain: {
host: process.env.MULTICHAIN_RPC_HOST || "localhost",
port: Number(process.env.BLOCKCHAIN_PORT) || 8085,
protocol: process.env.BLOCKCHAIN_PROTOCOL === "https" ? "https" : "http",
},
jwt: {
secretOrPrivateKey: process.env.JWT_SECRET || randomString(32),
Expand All @@ -160,11 +167,13 @@ export const config: Config = {
storageService: {
host: process.env.STORAGE_SERVICE_HOST || "localhost",
port: Number(process.env.STORAGE_SERVICE_PORT) || 8090,
protocol: process.env.STORAGE_SERVICE_PROTOCOL === "https" ? "https" : "http",
externalUrl: process.env.STORAGE_SERVICE_EXTERNAL_URL || "",
},
emailService: {
host: process.env.EMAIL_HOST || "localhost",
port: Number(process.env.EMAIL_PORT) || 8089,
protocol: process.env.EMAIL_PROTOCOL === "https" ? "https" : "http",
},
encryptionPassword:
process.env.ENCRYPTION_PASSWORD === "" ? undefined : process.env.ENCRYPTION_PASSWORD,
Expand Down
7 changes: 4 additions & 3 deletions api/src/httpd/router.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,7 @@ export const registerRoutes = (
server: FastifyInstance,
conn: ConnToken,
urlPrefix: string,
blockchainProtocol: "http" | "https",
blockchainHost: string,
blockchainPort: number,
storageServiceClient: StorageServiceClient,
Expand Down Expand Up @@ -265,7 +266,7 @@ export const registerRoutes = (
`${urlPrefix}/version`,
silentRouteSettings(getSchema(server, "version")),
(request, reply) => {
getVersion(blockchainHost, blockchainPort, multichainClient, storageServiceClient)
getVersion(blockchainProtocol, blockchainHost, blockchainPort, multichainClient, storageServiceClient)
.then((response) => {
send(reply, response);
})
Expand Down Expand Up @@ -367,7 +368,7 @@ export const registerRoutes = (
`${urlPrefix}/system.createBackup`,
getSchema(server, "createBackup"),
(req: AuthenticatedRequest, reply) => {
createBackup(blockchainHost, blockchainPort, req)
createBackup(blockchainProtocol, blockchainHost, blockchainPort, req)
.then((data) => {
reply.header("Content-Type", "application/gzip");
reply.header("Content-Disposition", 'attachment; filename="backup.gz"');
Expand All @@ -381,7 +382,7 @@ export const registerRoutes = (
`${urlPrefix}/system.restoreBackup`,
getSchema(server, "restoreBackup"),
async (req: AuthenticatedRequest, reply) => {
await restoreBackup(blockchainHost, blockchainPort, req)
await restoreBackup(blockchainProtocol, blockchainHost, blockchainPort, req)
.then((response) => send(reply, response))
.catch((err) => handleError(req, reply, err));
// Invalidate the cache, regardless of the outcome:
Expand Down
6 changes: 3 additions & 3 deletions api/src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ const {
*/

const rpcSettings: ConnectionSettings = {
protocol: "http",
protocol: rpc.protocol,
host: rpc.host,
port: rpc.port,
username: rpc.user,
Expand All @@ -221,7 +221,7 @@ const { multichainClient } = db;
let storageServiceSettings: AxiosRequestConfig;
if (documentFeatureEnabled) {
storageServiceSettings = {
baseURL: `http://${storageService.host}:${storageService.port}`,
baseURL: `${storageService.protocol}://${storageService.host}:${storageService.port}`,
// 10 seconds request timeout
timeout: 10000,
maxBodyLength: MAX_DOCUMENT_SIZE_BASE64,
Expand Down Expand Up @@ -294,7 +294,7 @@ function registerSelf(): Promise<boolean> {
* Deprecated API-setup
*/

registerRoutes(server, db, URL_PREFIX, blockchain.host, blockchain.port, storageServiceClient, () =>
registerRoutes(server, db, URL_PREFIX, blockchain.protocol, blockchain.host, blockchain.port, storageServiceClient, () =>
Cache.invalidateCache(db),
);

Expand Down
3 changes: 2 additions & 1 deletion api/src/system/createBackup.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { TruBudgetError } from "../error";
import { AuthenticatedRequest } from "../httpd/lib";

export const createBackup = async (
blockchainProtocol: string,
blockchainHost: string,
blockchainPort: number,
req: AuthenticatedRequest,
Expand All @@ -11,7 +12,7 @@ export const createBackup = async (
if (userId === "root") {
try {
const response = await axios({
url: `http://${blockchainHost}:${blockchainPort}/chain-sha256`,
url: `${blockchainProtocol}://${blockchainHost}:${blockchainPort}/chain-sha256`,
responseType: "stream",
});
return response.data;
Expand Down
9 changes: 5 additions & 4 deletions api/src/system/getVersion.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ interface VersionMetadata {

const blockchainApi = new BlockchainApi();

const bcVersionMetaData = async (blockchainHost, blockchainPort): Promise<VersionMetadata> => {
blockchainApi.setBaseUrl(`http://${blockchainHost}:${blockchainPort}`);
const bcVersionMetaData = async (blockchainProtocol: "http" | "https", blockchainHost: string, blockchainPort: number): Promise<VersionMetadata> => {
blockchainApi.setBaseUrl(`${blockchainProtocol}://${blockchainHost}:${blockchainPort}`);
const { data } = await blockchainApi.fetchVersion();
return data;
};
Expand Down Expand Up @@ -45,6 +45,7 @@ const storageServiceMetaData = async (
): Promise<Version> => storageServiceClient.getVersion();

export const getVersion = async (
blockchainProtocol: "http" | "https",
blockchainHost: string,
blockchainPort: number,
multichainClient: MultichainClient,
Expand All @@ -59,7 +60,7 @@ export const getVersion = async (
apiVersion: "1.0",
data: {
api: apiVersionMetaData(),
blockchain: await bcVersionMetaData(blockchainHost, blockchainPort),
blockchain: await bcVersionMetaData(blockchainProtocol, blockchainHost, blockchainPort),
multichain: await multichainVersionMetaData(multichainClient),
storage: await storageServiceMetaData(storageServiceClient),
},
Expand All @@ -72,7 +73,7 @@ export const getVersion = async (
apiVersion: "1.0",
data: {
api: apiVersionMetaData(),
blockchain: await bcVersionMetaData(blockchainHost, blockchainPort),
blockchain: await bcVersionMetaData(blockchainProtocol, blockchainHost, blockchainPort),
multichain: await multichainVersionMetaData(multichainClient),
},
},
Expand Down
7 changes: 6 additions & 1 deletion api/src/system/restoreBackup.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import { AuthenticatedRequest, HttpResponse } from "../httpd/lib";
import logger from "../lib/logger";

export const restoreBackup = async (
blockchainProtocol: "http" | "https",
blockchainHost: string,
blockchainPort: number,
req: AuthenticatedRequest,
Expand All @@ -27,7 +28,11 @@ export const restoreBackup = async (
maxBodyLength: 1074790400,
};
try {
await axios.post(`http://${blockchainHost}:${blockchainPort}/chain`, data, config);
await axios.post(
`${blockchainProtocol}://${blockchainHost}:${blockchainPort}/chain`,
data,
config,
);
logger.info("backup restored successfully");
} catch (error) {
const cause = error.response.status === 400 ? new Error(error.response.data) : error;
Expand Down
4 changes: 2 additions & 2 deletions api/src/user_forgot_password.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ export function addHttpHandler(

try {
const { data } = await axios.get(
`http://${emailService.host}:${emailService.port}/${getUserByEmailUrl}${email}`,
`${emailService.protocol}://${emailService.host}:${emailService.port}/${getUserByEmailUrl}${email}`,
);

const { user } = data;
Expand All @@ -113,7 +113,7 @@ export function addHttpHandler(
);
const link = `${url}/reset-password?id=${user.id}&resetToken=${signedJwt}`;
await axios.post(
`http://${emailService.host}:${emailService.port}/${sendResetPasswordUrl}`,
`${emailService.protocol}://${emailService.host}:${emailService.port}/${sendResetPasswordUrl}`,
{ data: { ...user, link, lang } },
);
reply.status(200).send({
Expand Down
Loading

0 comments on commit a3b1a29

Please sign in to comment.