Merge pull request #1530 from hajkmap/feature/1529-FME-Server-proxy-add-token-auth

jesade-vbg · web-flow · commit 600e9ae79b32 · 2024-06-12T09:35:49.000+02:00
Added possibility to use Authorization token in FME Server proxy.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -34,6 +34,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - LayerSwitcher(Client)/Groups(Admin): It's now possible to add and show information about a layer group. [#400](https://github.com/hajkmap/Hajk/issues/400).
 - LayerSwitcher: Some text field inputs for layer groups now allows HTML code. [#1518](https://github.com/hajkmap/Hajk/pull/1518).
 - CookieNotice: The cookie notice dialog now appears at the top of other dialogs and pop up windows. PR: [#1521](https://github.com/hajkmap/Hajk/pull/1521).
+- Backend (Node): Added possibility to use Authorization token in FME Server proxy. [#1530](https://github.com/hajkmap/Hajk/pull/1530).
 
 ### Fixed
 
diff --git a/apps/backend/.env b/apps/backend/.env
@@ -138,10 +138,13 @@ FB_SERVICE_PASS=
 #FME_SERVER_ACTIVE=true
 # The url to the FME-server instance.
 #FME_SERVER_BASE_URL=https://fmeserver.some.domain.com
+# Access to FME using authorization header. Either use USER+PASSWORD or TOKEN.
 # A FME-server user with access to some repository and workspace.
 #FME_SERVER_USER=someFmeUser
 # Password for the FME-server user supplied above.
 #FME_SERVER_PASSWORD=aGreatFmeUserPassWord
+# Access token for the FME-server.
+#FME_SERVER_TOKEN=00ce08a1c85e572612518e12e47a8b73151axxxx
 # If you are having problems with proxying to HTTPS FME Server, due
 # to self-signed certificates (SELF_SIGNED_CERT_IN_CHAIN), try setting this to "false"
 #FME_SERVER_SECURE=true
diff --git a/apps/backend/server/apis/v2/middlewares/fme.server.proxy.js b/apps/backend/server/apis/v2/middlewares/fme.server.proxy.js
@@ -30,12 +30,13 @@ export default function fmeServerProxy(err, req, res, next) {
     secure: process.env.FME_SERVER_SECURE === "true", // should SSL certs be verified?
     onProxyReq: (proxyReq, req, res) => {
       // We have to add an authorization header to the request
-      proxyReq.setHeader(
-        "Authorization",
-        `Basic ${Buffer.from(
-          `${process.env.FME_SERVER_USER}:${process.env.FME_SERVER_PASSWORD}`
-        ).toString("base64")}`
-      );
+      // There are 2 possibilities: with TOKEN or with USER/PASS.
+      const value = process.env.FME_SERVER_TOKEN
+        ? `fmetoken token=${process.env.FME_SERVER_TOKEN}`
+        : `Basic ${Buffer.from(
+            `${process.env.FME_SERVER_USER}:${process.env.FME_SERVER_PASSWORD}`
+          ).toString("base64")}`;
+      proxyReq.setHeader("Authorization", value);
     },
     pathRewrite: (originalPath, req) => {
       // Lets split on the proxy path so that we can remove that when forwarding
