Merge pull request #272 from HSLdevcom/add-more-debug-ui-routing

DT-6870 - Add auth_basic to production debug UIs and both kela debug UIs

Author: optionsome

nginx.conf

@@ -434,7 +434,7 @@ http {
   }
 
   server {
-    server_name dev-hsl-debug.digitransit.fi hsl-debug.digitransit.fi;
+    server_name hsl-debug.digitransit.fi;
     listen 8080;
 
     if ($http_x_forwarded_proto != "https") {
@@ -451,11 +451,34 @@ http {
     location / {
       proxy_pass         http://opentripplanner-hsl-v2:8080/;
       include basicsettings.conf;
+      auth_basic "hsl-debug.digitransit.fi";
+      auth_basic_user_file .htpasswd;
     }
   }
 
   server {
-    server_name dev-waltti-debug.digitransit.fi waltti-debug.digitransit.fi;
+    server_name dev-hsl-debug.digitransit.fi;
+    listen 8080;
+
+    if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+
+    # Add HTTP Strict Transport Security for good measure.
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+    location /otp/actuators/ {
+      return 404;
+    }
+
+    location / {
+      proxy_pass         http://opentripplanner-hsl-v2:8080/;
+      include basicsettings.conf;
+    }
+  }
+
+  server {
+    server_name waltti-debug.digitransit.fi;
     listen 8080;
 
     if ($http_x_forwarded_proto != "https") {
@@ -472,11 +495,57 @@ http {
     location / {
       proxy_pass         http://opentripplanner-waltti-v2:8080/;
       include basicsettings.conf;
+      auth_basic "waltti-debug.digitransit.fi";
+      auth_basic_user_file .htpasswd;
+    }
+  }
+
+  server {
+    server_name dev-waltti-debug.digitransit.fi;
+    listen 8080;
+
+    if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+
+    # Add HTTP Strict Transport Security for good measure.
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+    location /otp/actuators/ {
+      return 404;
+    }
+
+    location / {
+      proxy_pass         http://opentripplanner-waltti-v2:8080/;
+      include basicsettings.conf;
+    }
+  }
+
+  server {
+    server_name finland-debug.digitransit.fi;
+    listen 8080;
+
+    if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+
+    # Add HTTP Strict Transport Security for good measure.
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+    location /otp/actuators/ {
+      return 404;
+    }
+
+    location / {
+      proxy_pass         http://opentripplanner-finland-v2:8080/;
+      include basicsettings.conf;
+      auth_basic "finland-debug.digitransit.fi";
+      auth_basic_user_file .htpasswd;
     }
   }
 
   server {
-    server_name dev-finland-debug.digitransit.fi finland-debug.digitransit.fi;
+    server_name dev-finland-debug.digitransit.fi;
     listen 8080;
 
     if ($http_x_forwarded_proto != "https") {
@@ -518,7 +587,30 @@ http {
   }
 
   server {
-    server_name dev-varely-debug.digitransit.fi varely-debug.digitransit.fi;
+    server_name varely-debug.digitransit.fi;
+    listen 8080;
+
+    if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+
+    # Add HTTP Strict Transport Security for good measure.
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+    location /otp/actuators/ {
+      return 404;
+    }
+
+    location / {
+      proxy_pass         http://opentripplanner-varely-v2:8080/;
+      include basicsettings.conf;
+      auth_basic "varely-debug.digitransit.fi";
+      auth_basic_user_file .htpasswd;
+    }
+  }
+
+  server {
+    server_name dev-varely-debug.digitransit.fi;
     listen 8080;
 
     if ($http_x_forwarded_proto != "https") {
@@ -538,6 +630,52 @@ http {
     }
   }
 
+  server {
+    server_name kela-debug.digitransit.fi;
+    listen 8080;
+
+    if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+
+    # Add HTTP Strict Transport Security for good measure.
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+    location /otp/actuators/ {
+      return 404;
+    }
+
+    location / {
+      proxy_pass         http://opentripplanner-kela-v2:8080/;
+      include basicsettings.conf;
+      auth_basic "kela-debug.digitransit.fi";
+      auth_basic_user_file .htpasswd;
+    }
+  }
+
+  server {
+    server_name dev-kela-debug.digitransit.fi;
+    listen 8080;
+
+    if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+
+    # Add HTTP Strict Transport Security for good measure.
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+    location /otp/actuators/ {
+      return 404;
+    }
+
+    location / {
+      proxy_pass         http://opentripplanner-kela-v2:8080/;
+      include basicsettings.conf;
+      auth_basic "dev-kela-debug.digitransit.fi";
+      auth_basic_user_file .htpasswd;
+    }
+  }
+
   server {
     server_name waltti-test.digitransit.fi
                 next-dev-hameenlinna.digitransit.fi
@@ -591,8 +729,6 @@ http {
     location / {
       proxy_pass http://digitransit-ui-waltti-test:8080;
       include basicsettings.conf;
-      # auth_basic "waltti-test.digitransit.fi";
-      # auth_basic_user_file .htpasswd;
     }
   }
 

run.sh

@@ -34,7 +34,7 @@ sed -i "s#CDN_BASE_URL#${CDN_BASE_URL}#" /etc/nginx/common.conf
 sed -i "s/MOBILITY_API_KEY/${MOBILITY_API_KEY}/" /etc/nginx/external.conf
 
 #set basic auth
-htpasswd -c -B -b .htpasswd $WALTTI_TEST_CREDENTIALS_USER $WALTTI_TEST_CREDENTIALS_PASS &>/dev/null
+htpasswd -c -B -b .htpasswd $DEBUG_UI_CREDENTIALS_USER $DEBUG_UI_CREDENTIALS_PASS &>/dev/null
 
 #start nginx
 nginx

test.js

@@ -298,18 +298,29 @@ describe('digitransit', function() {
   testProxying('digitransit.fi','/','digitransit-site:8080', true);
 });
 
-describe('otp debug', function() {
+describe('otp debug uis without authentication', function() {
   testProxying('dev-hsl-debug.digitransit.fi','/','opentripplanner-hsl-v2:8080', true);
   testProxying('dev-waltti-debug.digitransit.fi','/','opentripplanner-waltti-v2:8080', true);
   testProxying('dev-finland-debug.digitransit.fi','/','opentripplanner-finland-v2:8080', true);
   testProxying('dev-varely-debug.digitransit.fi','/','opentripplanner-varely-v2:8080', true);
-  testProxying('hsl-debug.digitransit.fi','/','opentripplanner-hsl-v2:8080', true);
-  testProxying('waltti-debug.digitransit.fi','/','opentripplanner-waltti-v2:8080', true);
-  testProxying('finland-debug.digitransit.fi','/','opentripplanner-finland-v2:8080', true);
-  testProxying('varely-debug.digitransit.fi','/','opentripplanner-varely-v2:8080', true);
   testProxying('waltti-alt-debug.digitransit.fi','/','opentripplanner-waltti-alt-v2:8080', true);
 });
 
+describe('otp debug UIs with authentication', function() {
+  testCallingWithoutCredentials('hsl-debug.digitransit.fi','/',true);
+  testWithCorrectCredentials('hsl-debug.digitransit.fi','/','test','test','https://hsl-debug.digitransit.fi/',true);
+  testCallingWithoutCredentials('waltti-debug.digitransit.fi','/',true);
+  testWithCorrectCredentials('waltti-debug.digitransit.fi','/','test','test','https://waltti-debug.digitransit.fi/',true);
+  testCallingWithoutCredentials('finland-debug.digitransit.fi','/',true);
+  testWithCorrectCredentials('finland-debug.digitransit.fi','/','test','test','https://finland-debug.digitransit.fi/',true);
+  testCallingWithoutCredentials('varely-debug.digitransit.fi','/',true);
+  testWithCorrectCredentials('varely-debug.digitransit.fi','/','test','test','https://varely-debug.digitransit.fi/',true);
+  testCallingWithoutCredentials('kela-debug.digitransit.fi','/',true);
+  testWithCorrectCredentials('kela-debug.digitransit.fi','/','test','test','https://kela-debug.digitransit.fi/',true);
+  testCallingWithoutCredentials('dev-kela-debug.digitransit.fi','/',true);
+  testWithCorrectCredentials('dev-kela-debug.digitransit.fi','/','test','test','https://dev-kela-debug.digitransit.fi/',true);
+});
+
 describe('ext-proxy', function() {
   this.timeout(5000);
   testCaching(null,'/out/helsinki-fi.smoove.pro/api-public/stations',false);
@@ -318,8 +329,6 @@ describe('ext-proxy', function() {
 });
 
 describe('waltti-test ui', function() {
-  // testCallingWithoutCredentials('waltti-test.digitransit.fi','/kissa','https://waltti-test.digitransit.fi/kissa');
-  // testWithCorrectCredentials('waltti-test.digitransit.fi','/kissa', 'test', 'test', 'https://waltti-test.digitransit.fi/kissa', true);
   testRedirect('waltti-test.digitransit.fi','/kissa','https://waltti-test.digitransit.fi/kissa');
   testProxying('waltti-test.digitransit.fi','/','digitransit-ui-waltti-test:8080', true);
 });

test.sh

@@ -25,7 +25,8 @@ CONTAINER_ID=$(docker run -d -p 9000:8080 $ADDHOSTS -e VILKKU_BASIC_AUTH="\"test
   -e GIRAVOLTA_VANTAA_AUTH="\"test\"" -e VARELY_BASIC_AUTH="\"test\"" -e VARELY_RT_BASIC_AUTH="\"test\"" \
   -e RAUMA_RT_BASIC_AUTH="\"test\"" -e RAUMA_STATIC_BASIC_AUTH="\"test\"" \
   -e PORI_RT_BASIC_AUTH="\"test\"" -e MH_BASIC_AUTH="\"test\"" -e RAASEPORI_RT_BASIC_AUTH="\"test\"" \
-  -e WALTTI_TEST_CREDENTIALS_USER="test" -e WALTTI_TEST_CREDENTIALS_PASS="test" -e WALTTI_TEST_STATIC_BASIC_AUTH="\"test\"" \
+  -e WALTTI_TEST_STATIC_BASIC_AUTH="\"test\"" \
+  -e DEBUG_UI_CREDENTIALS_USER="test" -e DEBUG_UI_CREDENTIALS_PASS="test" \
   -e MOBILITY_API_KEY="\"test\"" -e CDN_BASE_URL="test" \
   hsldevcom/digitransit-proxy:integrationtest)