Skip to content

Latest commit

 

History

History
executable file
·
84 lines (71 loc) · 6.62 KB

README.md

File metadata and controls

executable file
·
84 lines (71 loc) · 6.62 KB

HANIoT API Gateway

License Node Dependencies DependenciesDev Vulnerabilities Commit Releases Contributors Swagger

HANIoT Platform APIs Manager. It is responsible for routing requests or blocking access to resources provided by the internal microservices that make up the HANIoT platform. Express Gateway is used.

Prerequisites

Set the environment variables

Application settings are defined by environment variables. To define the settings, make a copy of the .env.example file, naming for .env. After that, open and edit the settings as needed. The following environments variables are available:

VARIABLE DESCRIPTION DEFAULT
NODE_ENV Defines the environment in which the application runs. You can set: test (in this environment, the database defined in MONGODB_URI_TEST is used and the logs are disabled for better visualization of the test output), development (in this environment, all log levels are enabled) and production (in this environment, only the warning and error logs are enabled). development
PORT_HTTP Port used by the API GATEWAY service to listen for HTTP request. 80
PORT_HTTPS Port used by the API GATEWAY service to listen for HTTPS request. 443
API_GATEWAY_HOSTNAME API Gateway hostname. localhost
WEB_APP_HOSTNAME Web Application hostname. app.localhost
RABBIT_MGT_HOSTNAME RabbitMQ Management hostname. rabbit.localhost
RECAPTCHA_SERVER_KEY Server key used for reCaptcha. s3rv3rk3y
ISSUER The issuer used to validate the JWT token sent for requests. The value must be provided by the Account service that generates the token. haniot
SSL_KEY_PATH SSL/TLS certificate private key. .certs/server.key
SSL_CERT_PATH SSL/TLS certificate. .certs/server.crt
JWT_PUBLIC_KEY_PATH Public key used to generate and validate JSON Web Token (JWT). The value must be provided by the Account service that generates the token. .certs/jwt.key.pub
ACCOUNT_SERVICE URI used to connect to the Account service. https://localhost:3001
MHEALTH_SERVICE URI used to connect to the MHealth service. https://localhost:4001
EHR_SERVICE URI used to connect to the EHR service. https://localhost:5001
ANALYTICS_SERVICE URI used to connect to the Analytics service. https://localhost:6001
NOTIFICATION_SERVICE URI used to connect to the Notification service. https://localhost:7001
TIME_SERIES_SERVICE URI used to connect to the Time Series service. https://localhost:8001
DS_AGENT_SERVICE URI used to connect to the DS Agent service. https://localhost:9001
WEB_APP_SERVICE Web Application URL. https://localhost:4001
RABBIT_MGT_SERVICE RabbitMQ Management URL. http://localhost:15672
EMULATE_REDIS Signals whether the redis bank will be emulated or not. true
PORT_REDIS Redis instance port. 6379
HOST_REDIS Redis instance hostname. localhost

Generate Certificates

For development and testing environments the easiest and fastest way is to generate your own self-signed certificates. These certificates can be used to encrypt data as well as certificates signed by a CA, but users will receive a warning that the certificate is not trusted for their computer or browser. Therefore, self-signed certificates should only be used in non-production environments, that is, development and testing environments. To do this, run the create-self-signed-certs.sh script in the root of the repository.

$ chmod +x ./create-self-signed-certs.sh
$ ./create-self-signed-certs.sh

The following files will be created: ca.crt, server.crt and server.key.

Remember that JWT public key (JWT_PUBLIC_KEY_PATH) must be the same as used by Account Service.

In production environments its highly recommended to always use valid certificates and provided by a certificate authority (CA). A good option is Let's Encrypt which is a CA that provides free certificates. The service is provided by the Internet Security Research Group (ISRG). The process to obtain the certificate is extremely simple, as it is only required to provide a valid domain and prove control over it. With Let's Encrypt, you do this by using software that uses the ACME protocol, which typically runs on your host. If you prefer, you can use the service provided by the SSL For Free website and follow the walkthrough. The service is free because the certificates are provided by Let's Encrypt, and it makes the process of obtaining the certificates less painful.

Installation and Execution

1. Install dependencies

$ npm install    

2. Run Server

$ npm start

Navigate to https://localhost:{PORT_HTTPS}