Update API to not expose explorer in prod

josedahlquist · ronaldsg20 · commit 335fdd2488f5 · 2023-08-31T11:50:02.000-05:00
- Add logic in app boot to avoid exposing explorer and openapi in production
- Update index.html to dynamically display information according to env
diff --git a/ENV_VARIABLES.md b/ENV_VARIABLES.md
@@ -32,6 +32,7 @@ This table was created to guide and centralize the **environment variables** nec
 |SESSIONDB_INDEX               |1                              |'Redis index'                                            |
 |MAX_AMOUNT_ALLOWED_IN_SATOSHI |                               |'Pegin Pegout max allowed in satoshis'                   |
 |METRICS_ENABLED               |`true or false`                |'enable trace log'                                       |
+|NODE_ENV|`production or development`|'Indicates if the app should be built for a production environment or not'
 
 
 ##Example for .env.local.test file
@@ -82,4 +83,6 @@ MAX_FEE_AMOUNT_ALLOWED=5000000
 
 #Dust value (Satoshi)
 BURN_DUST_VALUE=2000
+
+NODE_ENV=development
 ```
diff --git a/package.json b/package.json
@@ -44,7 +44,7 @@
     "type": "git",
     "url": ""
   },
-  "author": "Mesi Rendon <amrendonsa@unal.edu.co>",
+  "author": "IOVLabs",
   "license": "",
   "files": [
     "README.md",
diff --git a/public/index.html b/public/index.html
@@ -67,22 +67,37 @@
       }
     }
   </style>
+  <script lang="javascript">
+    let apiVersion = new XMLHttpRequest();
+    apiVersion.onreadystatechange = function() {
+      if (this.readyState == 4 && this.status == 200) {
+        document.getElementById("version").innerHTML = JSON.parse(apiVersion.responseText).version;
+      }
+    };
+    apiVersion.open("GET", "/api", true);
+    apiVersion.send();
+
+    let shouldIShowAPI = new XMLHttpRequest();
+    shouldIShowAPI.onreadystatechange = function() {
+      if (this.readyState == 4 && this.status !== 404) {
+        document.getElementById('api-section').setAttribute('style', 'display:block');
+      }
+    }
+    shouldIShowAPI.open("GET", "/explorer", true);
+    shouldIShowAPI.send();
+  </script>
 </head>
 
 <body>
   <div class="info">
     <h1>2wp-api</h1>
-    <p><a href='../api'>Version</a></p>
+    <p>Version: <b id="version">loading...</b></p>
 
-    <h3>OpenAPI spec: <a href="/openapi.json">/openapi.json</a></h3>
-    <h3>API Explorer: <a href="/explorer">/explorer</a></h3>
+    <div id="api-section" style="display:none">
+      <h3>OpenAPI spec: <a href="/openapi.json">/openapi.json</a></h3>
+      <h3>API Explorer: <a href="/explorer">/explorer</a></h3>
+    </div>
   </div>
-
-  <footer class="power">
-    <a href="https://loopback.io" target="_blank" rel="noopener">
-      <img src="https://loopback.io/images/branding/powered-by-loopback/blue/powered-by-loopback-sm.png" alt=""/>
-    </a>
-  </footer>
 </body>
 
 </html>
diff --git a/src/application.ts b/src/application.ts
@@ -10,6 +10,7 @@ import {ServiceMixin} from '@loopback/service-proxy';
 import path from 'path';
 import {DependencyInjectionHandler} from './dependency-injection-handler';
 import {MySequence} from './sequence';
+import { ENVIRONMENT_PRODUCTION } from './constants';
 
 export {ApplicationConfig};
 
@@ -23,11 +24,14 @@ export class TwpapiApplication extends BootMixin(ServiceMixin(RepositoryMixin(Re
     // Set up default home page
     this.static('/', path.join(__dirname, '../public'));
 
-    // Customize @loopback/rest-explorer configuration here
-    this.configure(RestExplorerBindings.COMPONENT).to({
-      path: '/explorer',
-    });
-    this.component(RestExplorerComponent);
+    // For production environments we will not load the explorer component
+    if (process.env.NODE_ENV !== ENVIRONMENT_PRODUCTION) {
+      // Customize @loopback/rest-explorer configuration here
+      this.configure(RestExplorerBindings.COMPONENT).to({
+        path: '/explorer',
+      });
+      this.component(RestExplorerComponent);
+    }
 
     this.projectRoot = __dirname;
     // Customize @loopback/boot Booter Conventions here
diff --git a/src/constants.ts b/src/constants.ts
@@ -13,3 +13,6 @@ export const BITCOIN_MAX_SATOSHI_FEE = 5000000;
 // network
 export const NETWORK_TESTNET = 'testnet';
 export const NETWORK_MAINNET = 'mainnet';
+// environment
+export const ENVIRONMENT_PRODUCTION = 'production';
+export const ENVIRONMENT_DEVELOPMENT = 'development';
diff --git a/src/index.ts b/src/index.ts
@@ -2,6 +2,7 @@ import {config} from 'dotenv';
 import {configure, getLogger} from 'log4js';
 import {ApplicationConfig, TwpapiApplication} from './application';
 import {DaemonRunner} from './daemon-runner';
+import { ENVIRONMENT_PRODUCTION } from './constants';
 
 export * from './application';
 
@@ -44,12 +45,10 @@ export async function main(options: ApplicationConfig = {}): Promise<void> {
   }
 
   //catches ctrl+c event
-  // eslint-disable-next-line @typescript-eslint/no-misused-promises
-  process.on('SIGINT', shutdown.bind(null));
+  process.on('SIGINT', () => { shutdown().catch(logger.error); });
 
   //catches uncaught exceptions
-  // eslint-disable-next-line @typescript-eslint/no-misused-promises
-  process.on('uncaughtException', shutdown.bind(null));
+  process.on('uncaughtException', () => { shutdown().catch(logger.error); });
 
   const appMode = searchAppMode();
 
@@ -83,7 +82,11 @@ if (require.main === module) {
       openApiSpec: {
         // useful when used with OpenAPI-to-GraphQL to locate your application
         setServersFromRequest: true,
+        disabled: process.env.NODE_ENV === ENVIRONMENT_PRODUCTION
       },
+      apiExplorer: {
+        disabled: process.env.NODE_ENV === ENVIRONMENT_PRODUCTION
+      }
     },
   };
   main(config).catch(err => {
