Secure /info, /swagger and /monitor with a simple basic auth middleware

Author: hirsch88

.env.example

@@ -3,7 +3,7 @@
 #
 APP_NAME="express-typescript-boilerplate"
 APP_ENV="local"
-APP_HOST="http://localhost"
+APP_HOST="http://localhost:3000"
 APP_URL_PREFIX="/api"
 APP_PORT=3000
 
@@ -13,6 +13,12 @@ APP_PORT=3000
 LOG_LEVEL="debug"
 LOG_ADAPTER="winston"
 
+#
+# APPLICATION
+#
+APP_BASIC_USER="admin"
+APP_BASIC_PASSWORD="1234"
+
 #
 # API Info
 #
@@ -23,14 +29,14 @@ API_INFO_ROUTE="/info"
 # Swagger Documentation
 #
 SWAGGER_ENABLED=true
-SWAGGER_ROUTE="/docs"
+SWAGGER_ROUTE="/swagger"
 SWAGGER_FILE="/src/api/swagger.json"
 
 #
 # Monitor
 #
 MONITOR_ENABLED=true
-MONITOR_ROUTE="/status"
+MONITOR_ROUTE="/monitor"
 
 #
 # DATABASE
@@ -53,5 +59,4 @@ DB_SEEDS_DIR="./src/database/seeds"
 #
 # Auth0
 #
-# AUTH0_HOST="https://w3tecch.auth0.com"
 AUTH0_HOST="http://localhost:3333"

package.json

@@ -72,6 +72,7 @@
     "cors": "^2.8.4",
     "dotenv": "^4.0.0",
     "express": "^4.16.2",
+    "express-basic-auth": "^1.1.3",
     "express-status-monitor": "^1.0.1",
     "faker": "^4.1.0",
     "figlet": "^1.2.0",

src/core/ApiInfo.ts

@@ -2,6 +2,7 @@ import * as express from 'express';
 import { Environment } from './helpers/Environment';
 import { SwaggerUI } from './SwaggerUI';
 import { ApiMonitor } from './ApiMonitor';
+import { BasicAuthenticate } from './BasicAuthenticate';
 
 
 export class ApiInfo {
@@ -10,23 +11,25 @@ export class ApiInfo {
         return process.env.APP_URL_PREFIX + process.env.API_INFO_ROUTE;
     }
 
-    public setup(app: express.Application): void {
+    public setup(application: express.Application): void {
         if (Environment.isTruthy(process.env.API_INFO_ENABLED)) {
-            app.get(
+            application.get(
                 ApiInfo.getRoute(),
                 // @ts-ignore: False type definitions from express
+                BasicAuthenticate(),
+                // @ts-ignore: False type definitions from express
                 (req: myExpress.Request, res: myExpress.Response) => {
                     const pkg = Environment.getPkg();
                     const links = {
                         links: {}
                     };
                     if (Environment.isTruthy(process.env.SWAGGER_ENABLED)) {
                         links.links['swagger'] =
-                            `${app.get('host')}:${app.get('port')}${SwaggerUI.getRoute()}`;
+                            `${application.get('host')}${SwaggerUI.getRoute()}`;
                     }
                     if (Environment.isTruthy(process.env.MONITOR_ENABLED)) {
                         links.links['monitor'] =
-                            `${app.get('host')}:${app.get('port')}${ApiMonitor.getRoute()}`;
+                            `${application.get('host')}${ApiMonitor.getRoute()}`;
                     }
                     return res.json({
                         name: pkg.name,

src/core/ApiMonitor.ts

@@ -1,6 +1,7 @@
 import * as express from 'express';
 import * as monitor from 'express-status-monitor';
 import { Environment } from './helpers/Environment';
+import { BasicAuthenticate } from './BasicAuthenticate';
 
 
 export class ApiMonitor {
@@ -12,7 +13,7 @@ export class ApiMonitor {
     public setup(app: express.Application): void {
         if (Environment.isTruthy(process.env.MONITOR_ENABLED)) {
             app.use(monitor());
-            app.get(ApiMonitor.getRoute(), monitor().pageRoute);
+            app.get(ApiMonitor.getRoute(), BasicAuthenticate(), monitor().pageRoute);
         }
     }
 }

src/core/BasicAuthenticate.ts

@@ -0,0 +1,11 @@
+import * as basicAuth from 'express-basic-auth';
+
+
+export const BasicAuthenticate = (): any => {
+    return basicAuth({
+        users: {
+            [process.env.APP_BASIC_USER]: process.env.APP_BASIC_PASSWORD
+        },
+        challenge: true
+    });
+};

src/core/Server.ts

@@ -65,21 +65,21 @@ export class Server {
      */
     public onStartUp(app: express.Application): void {
         this.log.debug(``);
-        this.log.debug(`Aloha, your app is ready on ${app.get('host')}:${app.get('port')}${process.env.APP_URL_PREFIX}`);
+        this.log.debug(`Aloha, your app is ready on ${app.get('host')}${process.env.APP_URL_PREFIX}`);
         this.log.debug(`To shut it down, press <CTRL> + C at any time.`);
         this.log.debug(``);
         this.log.debug('-------------------------------------------------------');
         this.log.debug(`Environment  : ${Environment.getNodeEnv()}`);
         this.log.debug(`Version      : ${Environment.getPkg().version}`);
         this.log.debug(``);
         if (Environment.isTruthy(process.env.API_INFO_ENABLED)) {
-            this.log.debug(`API Info     : ${app.get('host')}:${app.get('port')}${ApiInfo.getRoute()}`);
+            this.log.debug(`API Info     : ${app.get('host')}${ApiInfo.getRoute()}`);
         }
         if (Environment.isTruthy(process.env.SWAGGER_ENABLED)) {
-            this.log.debug(`Swagger      : ${app.get('host')}:${app.get('port')}${SwaggerUI.getRoute()}`);
+            this.log.debug(`Swagger      : ${app.get('host')}${SwaggerUI.getRoute()}`);
         }
         if (Environment.isTruthy(process.env.MONITOR_ENABLED)) {
-            this.log.debug(`Monitor      : ${app.get('host')}:${app.get('port')}${ApiMonitor.getRoute()}`);
+            this.log.debug(`Monitor      : ${app.get('host')}${ApiMonitor.getRoute()}`);
         }
         this.log.debug('-------------------------------------------------------');
         this.log.debug('');

src/core/SwaggerUI.ts

@@ -2,12 +2,13 @@ import * as express from 'express';
 import * as path from 'path';
 import * as swaggerUi from 'swagger-ui-express';
 import { Environment } from './helpers/Environment';
+import { BasicAuthenticate } from './BasicAuthenticate';
 
 
 export class SwaggerUI {
 
     public static getRoute(): string {
-        return process.env.APP_URL_PREFIX + process.env.SWAGGER_ROUTE;
+        return process.env.SWAGGER_ROUTE;
     }
 
     public setup(app: express.Application): void {
@@ -25,7 +26,7 @@ export class SwaggerUI {
             };
 
             // Initialize swagger-jsdoc -> returns validated swagger spec in json format
-            app.use(SwaggerUI.getRoute(), swaggerUi.serve, swaggerUi.setup(swaggerFile));
+            app.use(SwaggerUI.getRoute(), BasicAuthenticate(), swaggerUi.serve, swaggerUi.setup(swaggerFile));
         }
     }
 }

yarn.lock

@@ -681,6 +681,10 @@ base64url@2.0.0, base64url@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/base64url/-/base64url-2.0.0.tgz#eac16e03ea1438eff9423d69baa36262ed1f70bb"
 
+basic-auth@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-1.1.0.tgz#45221ee429f7ee1e5035be3f51533f1cdfd29884"
+
 basic-auth@~2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.0.tgz#015db3f353e02e56377755f962742e8981e7bbba"
@@ -1569,6 +1573,12 @@ expect@^21.2.1:
     jest-message-util "^21.2.1"
     jest-regex-util "^21.2.0"
 
+express-basic-auth@^1.1.3:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/express-basic-auth/-/express-basic-auth-1.1.3.tgz#18924c02fef18d9efe58e22847ee31e240749f33"
+  dependencies:
+    basic-auth "^1.1.0"
+
 express-status-monitor@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/express-status-monitor/-/express-status-monitor-1.0.1.tgz#311288347b7aabfeaec0a01547e55c77652bb298"