Add SSL support in core server code

src/cloud/providers/aws/build-aws/entrypoint.sh

 
 ./ssl.sh;
 
-node ./dist/cloud/providers/aws/server/server-start.js
+node ./dist/server/server-start.js

src/cloud/providers/aws/build-aws/runtime.Dockerfile

@@ -45,5 +45,4 @@ WORKDIR /seistore-service
 COPY src/cloud/providers/aws/build-aws/ssl.sh /seistore-service/ssl.sh
 COPY src/cloud/providers/aws/build-aws/entrypoint.sh /seistore-service/entrypoint.sh
 RUN npm install --production
-EXPOSE 5000
 ENTRYPOINT ["/bin/sh", "-c", "/seistore-service/entrypoint.sh"]
\ No newline at end of file

src/cloud/providers/aws/server/index.ts

-// ============================================================================
-// Copyright 2017-2019, Schlumberger
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ============================================================================
-
-export { Server } from './server';

src/cloud/providers/aws/server/server-start.ts

-// ============================================================================
-// Copyright 2017-2019, Schlumberger
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ============================================================================
-
-import { Config, TraceFactory, ConfigFactory } from '../../..';
-import { StorageJobManager } from '../../../../cloud/shared/queue';
-import { Locker } from '../../../../services/dataset/locker';
-import { Feature, FeatureFlags } from '../../../../shared';
-
-async function ServerStart() {
-
-    try {
-
-        // tslint:disable-next-line
-        console.log('- Initializing cloud provider');
-        Config.setCloudProvider(process.env.CLOUDPROVIDER);
-
-        // tslint:disable-next-line
-        console.log('- Initializing ' + Config.CLOUDPROVIDER + ' configurations')
-        await ConfigFactory.build(Config.CLOUDPROVIDER).init();
-
-        // tslint:disable-next-line
-        console.log('- Initializing redis cache')
-        await Locker.init();
-
-        // tslint:disable-next-line
-        console.log('- Initializing storage transfer deamon')
-        StorageJobManager.setup({
-           ADDRESS: Config.DES_REDIS_INSTANCE_ADDRESS,
-           PORT: Config.DES_REDIS_INSTANCE_PORT
-        })
-
-        if(FeatureFlags.isEnabled(Feature.TRACE))  {
-            // tslint:disable-next-line
-            console.log('- Initializing cloud tracer')
-            TraceFactory.build(Config.CLOUDPROVIDER).start();
-        }
-
-        new (await import('./server')).Server().start();
-
-    } catch (error) {
-        // tslint:disable-next-line
-        console.log(error);
-        process.exit(1);
-    }
-
-}
-
-ServerStart();

src/cloud/providers/aws/server/server.ts

-// ============================================================================
-// Copyright 2017-2019, Schlumberger
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ============================================================================
-
-import bodyparser from 'body-parser';
-import cors from 'cors';
-import express from 'express';
-import jwtProxy, { JwtProxyOptions } from 'jwtproxy';
-import { Config, LoggerFactory } from '../../..';
-import { ServiceRouter } from '../../../../services';
-import { Feature, FeatureFlags} from '../../../../shared';
-import fs from 'fs';
-import https from 'https';
-
-// -------------------------------------------------------------------
-// Seismic Store Service
-// -------------------------------------------------------------------
-export class Server {
-
-    private app: express.Express;
-    private port: number;
-
-    private httpServer: import('http').Server;
-    private httpsServer: import('https').Server;
-
-    private corsOptions = {
-        methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
-        preflightContinue: false,
-        optionsSuccessStatus: 204,
-        credentials: true,
-        maxAge: 3600,
-        exposedHeaders: [
-            'Origin',
-            'Content-Type',
-            'X-Requested-With',
-            'Authorization',
-            'Accept',
-            'Referer',
-            'X-Requested-With',
-            'Access-Control-Allow-Origin',
-            'x-traffic-manager'
-        ],
-        allowedHeaders: [
-            'Origin',
-            'Content-Type',
-            'X-Requested-With',
-            'Authorization',
-            'Accept',
-            'Referer',
-            'X-Requested-With',
-            'Access-Control-Allow-Origin',
-            'x-traffic-manager'
-        ]
-    }
-
-    constructor() {
-        this.app = express();
-
-        this.app.use(bodyparser.urlencoded({ extended: false }));
-        this.app.use(bodyparser.json());
-        this.app.disable('x-powered-by');
-        this.app.use(cors(this.corsOptions));
-        this.app.options('*', cors());
-        this.app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
-
-            // not required anymore - to verify
-            if (req.get('slb-on-behalf-of') !== undefined) {
-                req.headers.authorization = req.get('slb-on-behalf-of');
-            }
-
-            // track caller to the main log
-            const key = req.headers['x-api-key'] as string;
-            const logger = LoggerFactory.build(Config.CLOUDPROVIDER);
-            logger.info(
-                ((key && key.length > 5) ? ('[***' + key.substr(key.length - 5) +  '] ') : '')
-                + '[' + req.method + '] ' + req.url);
-            
-            // init the metrics logger
-            if(FeatureFlags.isEnabled(Feature.LOGGING))  {
-                LoggerFactory.build(Config.CLOUDPROVIDER).metric('Request Size',
-                    req.headers['content-length'] ? +req.headers['content-length'] : 0)
-            }
-
-            // forward the caller appkey if exist
-            // if exists ensure it does not collide the google-esp api-key (required for backward compatibility)
-            req[Config.DE_FORWARD_APPKEY] =
-                req.headers['appkey'] !== req.headers['x-api-key'] ? req.headers['appkey'] : undefined
-
-            next();
-        });
-
-        const jwtValidateOptions: JwtProxyOptions = {
-            disable: !Config.JWT_ENABLE_FEATURE,
-            excluded: Config.JWT_EXCLUDE_PATHS ? Config.JWT_EXCLUDE_PATHS.split(';') : [],
-            jwksUrl:Config.JWKS_URL,
-            algorithms: ['RS256'],
-            audience: Config.JWT_AUDIENCE
-        }
-
-        // adding middleware to intercept and valiate jwt
-        this.app.use(jwtProxy(jwtValidateOptions));
-
-        this.app.use(ServiceRouter);
-    }
-
-    public async start(port = Config.SERVICE_PORT) {
-        this.port = port;
-        // The timeout of the backend service should be greater than the timeout of the load balancer. This will
-        // prevent premature connection closures from the service
-        // Additionally, the headerstimeout needs to be greater than keepalivetimeout
-        // https://github.com/nodejs/node/issues/27363
-
-
-        // SSL
-        const privateKey  = fs.readFileSync(process.env.SSL_KEY_PATH, 'utf8');
-        const certificate = fs.readFileSync(process.env.SSL_CERT_PATH, 'utf8');
-        const credentials = {key: privateKey, cert: certificate};
-        
-        if (process.env.SSL_ENABLED === "true"){
-            this.httpsServer = https.createServer(credentials, this.app).listen(this.port, () => {
-                // tslint:disable-next-line
-                console.log(`- Server is listening on port ${this.port}...`);
-            });
-            this.httpsServer.keepAliveTimeout = 65 * 1000;
-            this.httpsServer.headersTimeout = 66 * 1000;
-        } else {
-            this.httpServer = this.app.listen(this.port, () => {
-                // tslint:disable-next-line
-                console.log(`- Server is listening on port ${this.port}...`);
-            });
-            this.httpServer.keepAliveTimeout = 65 * 1000;
-            this.httpServer.headersTimeout = 66 * 1000;
-        }
-    }
-
-    public stop() {
-        if (this.httpServer) {
-            this.httpServer.close();
-        }
-        if (this.httpsServer) {
-            this.httpsServer.close();
-        }
-    }
-}

src/server/server.ts

@@ -22,7 +22,8 @@ import { Config, LoggerFactory } from '../cloud';
 import { ServiceRouter } from '../services';
 import { Feature, FeatureFlags } from '../shared';
 
-
+import fs from 'fs';
+import https from 'https';
 
 // -------------------------------------------------------------------
 // Seismic Store Service
@@ -31,7 +32,9 @@ export class Server {
 
     private app: express.Express;
     private port: number;
-    private server: import('http').Server;
+
+    private httpServer: import('http').Server;
+    private httpsServer: import('https').Server;
 
     private corsOptions = {
         methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
@@ -118,17 +121,36 @@ export class Server {
         // prevent premature connection closures from the service
         // Additionally, the headerstimeout needs to be greater than keepalivetimeout
         // https://github.com/nodejs/node/issues/27363
-        this.server = this.app.listen(this.port, () => {
+
+
+        // SSL
+        const privateKey  = fs.readFileSync(process.env.SSL_KEY_PATH, 'utf8');
+        const certificate = fs.readFileSync(process.env.SSL_CERT_PATH, 'utf8');
+        const credentials = {key: privateKey, cert: certificate};
+
+        if (process.env.SSL_ENABLED === 'true'){
+            this.httpsServer = https.createServer(credentials, this.app).listen(this.port, () => {
                 // tslint:disable-next-line
                 console.log(`- Server is listening on port ${this.port}...`);
             });
-        this.server.keepAliveTimeout = 65 * 1000;
-        this.server.headersTimeout = 66 * 1000;
+            this.httpsServer.keepAliveTimeout = 65 * 1000;
+            this.httpsServer.headersTimeout = 66 * 1000;
+        } else {
+            this.httpServer = this.app.listen(this.port, () => {
+                // tslint:disable-next-line
+                console.log(`- Server is listening on port ${this.port}...`);
+            });
+            this.httpServer.keepAliveTimeout = 65 * 1000;
+            this.httpServer.headersTimeout = 66 * 1000;
+        }
     }
 
     public stop() {
-        if (this.server) {
-            this.server.close();
+        if (this.httpServer) {
+            this.httpServer.close();
+        }
+        if (this.httpsServer) {
+            this.httpsServer.close();
         }
     }
 }