Completely rewrites API to use express. Adds authentication.

Author: romansemko

CHANGELOG.md

@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Added
+- API basic HTTP auth
+
 ### Changed
 - Fixed orphaned neighbors check.
 - Fixed API security bug.

README.md

@@ -200,6 +200,7 @@ You can provide one or more of the following options in your ini file. Example:
 name = My Nelson Node
 cycleInterval = 60
 epochInterval = 300
+apiAuth = username:password
 apiPort = 18600
 apiHostname = 127.0.0.1
 port = 16600
@@ -244,6 +245,7 @@ Some have additional short versions.
 | --name |  Name your node. This identifier will appear in API/webhooks and for your neighbors ||
 | --neighbors, -n |  space-separated list of entry Nelson neighbors ||
 | --getNeighbors |  Downloads a list of entry Nelson neighbors. If no URL is provided, will use a default URL (https://raw.githubusercontent.com/SemkoDev/nelson.cli/master/ENTRYNODES). If this option is not set, no neighbors will be downloaded. This option can be used together with ````--neighbors`` |false|
+| --apiAuth| Add basic HTTP auth to API. Provide username and password in `user:pass` format||
 | --apiPort, -a | Nelson API port to request current node status data|18600|
 | --apiHostname, -o | Nelson API hostname to request current node status data. Default value will only listen to local connections|127.0.0.1|
 | --port, -p | TCP port, on which to start your Nelson instance|16600|
@@ -394,6 +396,13 @@ curl http://localhost:18600/peer-stats
 }
 ```
 
+if you use `apiAuth` option to protect your API, you will need to provide the authentication details
+in your requests:
+
+```
+curl -u username:password http://localhost:18600
+```
+
 ### Webhooks
 
 You can provide Nelson a list of webhook URLs that have to be regularly called back with all the node stats data.

package.json

@@ -41,9 +41,13 @@
   "dependencies": {
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.8.5",
+    "body-parser": "^1.18.2",
     "colors": "^1.1.2",
     "commander": "^2.11.0",
+    "express": "^4.16.2",
+    "express-basic-auth": "^1.1.3",
     "external-ip": "^1.3.1",
+    "helmet": "^3.10.0",
     "httpdispatcher": "^2.1.1",
     "ini": "^1.3.5",
     "iota.lib.js": "0.4.7",

src/api/__tests__/api-test.js

@@ -0,0 +1,137 @@
+const request = require('request');
+const { Node } = require('../../node/node');
+const { createAPI } = require('../index');
+
+jest.mock('../../node/iri');
+
+const API_DATA = [
+    'config', 'connectedPeers', 'heart', 'iriStats', 'isIRIHealthy', 'name', 'peerStats', 'ready',
+    'totalPeers','version'
+];
+
+describe('API', () => {
+    it('should get node info correctly', (done) => {
+        const node = new Node({ silent: true, temporary: true, port: 16601 });
+        const server = createAPI({
+            node,
+            apiPort: 12345,
+            apiHostname: 'localhost'
+        });
+        node.start().then(() => {
+            request.get('http://localhost:12345/', (err, resp, body) => {
+                const answer = JSON.parse(body);
+                const keys = Object.keys(answer);
+                keys.sort();
+                expect(keys).toEqual(API_DATA);
+                server.close();
+                node.end().then(done);
+            });
+        })
+    });
+
+    it('should deny public access to protected when no password set', (done) => {
+        const node = new Node({ silent: true, temporary: true, port: 16602 });
+        const server = createAPI({
+            node,
+            apiPort: 12345,
+            apiHostname: 'localhost',
+            username: 'pass',
+            password: 'pass'
+        });
+        node.start().then(() => {
+            request.get('http://localhost:12345/', (err, resp, body) => {
+                expect(resp.statusCode).toEqual(401);
+                expect(body).toBeFalsy;
+                server.close();
+                node.end().then(done);
+            });
+        })
+    });
+
+    it('should deny public access to protected when wrong pass', (done) => {
+        const node = new Node({ silent: true, temporary: true, port: 16603 });
+        const server = createAPI({
+            node,
+            apiPort: 12345,
+            apiHostname: 'localhost',
+            username: 'pass',
+            password: 'pass'
+        });
+        node.start().then(() => {
+            request.get({
+                url: 'http://localhost:12345/',
+                auth: {
+                    user: 'pass',
+                    pass: 'nopass'
+                }
+            }, (err, resp, body) => {
+                expect(resp.statusCode).toEqual(401);
+                expect(body).toBeFalsy;
+                server.close();
+                node.end().then(done);
+            });
+        })
+    });
+
+    it('should allow access to protected when auth ok', (done) => {
+        const node = new Node({ silent: true, temporary: true, port: 16604 });
+        const server = createAPI({
+            node,
+            apiPort: 12345,
+            apiHostname: 'localhost',
+            username: 'pass',
+            password: 'pass'
+        });
+        node.start().then(() => {
+            request.get({
+                url: 'http://localhost:12345/',
+                auth: {
+                    user: 'pass',
+                    pass: 'pass'
+                }
+            }, (err, resp, body) => {
+                const answer = JSON.parse(body);
+                const keys = Object.keys(answer);
+                keys.sort();
+                expect(keys).toEqual(API_DATA);
+                server.close();
+                node.end().then(done);
+            });
+        })
+    });
+
+    it('should get peer stats info correctly', (done) => {
+        const node = new Node({ silent: true, temporary: true, port: 16605 });
+        const server = createAPI({
+            node,
+            apiPort: 12346,
+            apiHostname: 'localhost'
+        });
+        node.start().then(() => {
+            request.get('http://localhost:12346/peer-stats', (err, resp, body) => {
+                const summary = JSON.parse(body);
+                expect(summary.newNodes).toBeTruthy;
+                expect(summary.activeNodes).toBeTruthy;
+                server.close();
+                node.end().then(done);
+            });
+        })
+    });
+
+    it('should get peers info correctly', (done) => {
+        const node = new Node({ silent: true, temporary: true, port: 16606 });
+        const server = createAPI({
+            node,
+            apiPort: 12347,
+            apiHostname: 'localhost'
+        });
+        node.start().then(() => {
+            request.get('http://localhost:12347/peers', (err, resp, body) => {
+                const peers = JSON.parse(body);
+                expect(Array.isArray(peers)).toBeTruthy;
+                server.close();
+                node.end().then(done);
+            });
+        })
+    });
+});

src/api/__tests__/node-test.js

@@ -0,0 +1,32 @@
+const { Node } = require('../../node/node');
+const { getSummary, getNodeStats } = require('../node');
+
+jest.mock('../../node/iri');
+
+const ALLOWED_DATA = [
+    'config', 'connectedPeers', 'heart', 'iriStats', 'isIRIHealthy',
+    'name', 'peerStats', 'ready', 'totalPeers', 'version'
+];
+
+describe('API Node utils', () => {
+   it('should correctly return summary', (done) => {
+       const node = new Node({ silent: true, temporary: true, port: 16607 });
+       node.start().then(() => {
+           const summary = getSummary(node);
+           expect(summary.newNodes).toBeTruthy;
+           expect(summary.activeNodes).toBeTruthy;
+           node.end().then(done)
+       })
+   });
+
+   it('should correctly return node stats', (done) => {
+       const node = new Node({ silent: true, temporary: true, port: 16608 });
+       node.start().then(() => {
+           const stats = getNodeStats(node);
+           const keys =  Object.keys(stats);
+           keys.sort();
+           expect(keys).toEqual(ALLOWED_DATA);
+           node.end().then(done)
+       })
+   })
+});

src/api/__tests__/peer-test.js

@@ -0,0 +1,16 @@
+const {Peer} = require('../../node/peer');
+const {getPeerStats} = require('../peer');
+
+const ALLOWED_DATA = [
+    'IRIProtocol', 'TCPPort', 'UDPPort', 'connected', 'dateCreated', 'dateLastConnected', 'dateTried',
+    'hostname', 'ip', 'isTrusted', 'lastConnections', 'name', 'port', 'protocol', 'seen', 'tried', 'weight'
+];
+
+describe('API Peer utils', () => {
+    it('should display only public data', () => {
+        const stats = getPeerStats(new Peer());
+        const keys = Object.keys(stats);
+        keys.sort();
+        expect(keys).toEqual(ALLOWED_DATA);
+    })
+});

src/api/__tests__/webhooks-test.js

@@ -0,0 +1,37 @@
+const express = require('express');
+const bodyParser = require('body-parser');
+const { Node } = require('../../node/node');
+const { startWebhooks } = require('../webhooks');
+
+jest.mock('../../node/iri');
+
+const API_DATA = [
+    'config', 'connectedPeers', 'heart', 'iriStats', 'isIRIHealthy', 'name', 'peerStats', 'ready',
+    'totalPeers','version'
+];
+
+describe('API Webhooks', () => {
+    it('should start webhooks correctly', (done) => {
+        const node = new Node({ silent: true, temporary: true, port: 16609 });
+        node.start().then(() => {
+            const startDate = new Date();
+            const hook = startWebhooks(node, [ 'http://localhost:12348' ], 2);
+            const app = express();
+            app.use(bodyParser.urlencoded({ extended: false }));
+            app.use(bodyParser.json());
+
+            const server = app.listen(12348);
+            app.post('/', (req) => {
+                const timePassed = (new Date()) - startDate;
+                const keys = Object.keys(req.body);
+                keys.sort();
+                expect(keys).toEqual(API_DATA);
+                expect(timePassed).toBeGreaterThanOrEqual(2000);
+                expect(timePassed).toBeLessThanOrEqual(2100);
+                server.close();
+                hook.stop();
+                node.end().then(done);
+            });
+        })
+    });
+});

src/api/index.js

@@ -0,0 +1,73 @@
+const express = require('express');
+const helmet = require('helmet');
+const bodyParser = require('body-parser');
+const basicAuth = require('express-basic-auth');
+
+const { getNodeStats, getSummary } = require('./node');
+const { getPeerStats } = require('./peer');
+const { startWebhooks } = require('./webhooks');
+
+const DEFAULT_OPTIONS = {
+    node: null,
+    webhooks: [],
+    webhookInterval: 30,
+    username: null,
+    password: null,
+    apiPort: 18600,
+    apiHostname: '127.0.0.1'
+};
+
+/**
+ * Creates an Express APP instance, also starts regular webhooks callbacks.
+ * @param options
+ * @returns {*|Function}
+ */
+function createAPI (options) {
+    const opts = { ...DEFAULT_OPTIONS, ...options };
+
+    // Start webhook callbacks
+    if (opts.webhooks && opts.webhooks.length) {
+        startWebhooks(opts.node, opts.webhooks, opts.webhookInterval)
+    }
+
+    // Start API server
+    const app = express();
+    app.set('node', opts.node);
+
+    // Basic app protection
+    app.use(helmet());
+
+    // Enable basic HTTP Auth
+    if (opts.username && opts.password) {
+        app.use(basicAuth({
+            users: { [opts.username]: opts.password }
+        }))
+    }
+
+    // parse application/x-www-form-urlencoded
+    app.use(bodyParser.urlencoded({ extended: false }));
+
+    // parse application/json
+    app.use(bodyParser.json());
+
+    //////////////////////// ENDPOINTS ////////////////////////
+
+    app.get('/', (req, res) => {
+        res.json(getNodeStats(opts.node))
+    });
+
+    app.get('/peer-stats', (req, res) => {
+        res.json(getSummary(opts.node))
+    });
+
+    app.get('/peers', (req, res) => {
+        res.json(opts.node.list.all().map(getPeerStats))
+    });
+
+    return app.listen(opts.apiPort, opts.apiHostname);
+}
+
+module.exports = {
+    createAPI,
+    DEFAULT_OPTIONS
+};