HSLdevcom · optionsome · Jun 14, 2024 · Jun 12, 2024 · Jun 14, 2024 · Jun 14, 2024
diff --git a/Dockerfile b/Dockerfile
@@ -16,6 +16,9 @@ RUN rm /var/log/nginx/* && chmod -R a+rwX ${INSTALL_DIR} /etc/nginx/ /var/log/ng
 RUN ln -sf /dev/stdout /var/log/nginx/access.log
 RUN ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Install apache2-utils for htpasswd
+RUN apk add --no-cache apache2-utils
+
 EXPOSE 8080
 
 ADD run.sh /usr/local/bin/

diff --git a/external.conf b/external.conf
@@ -184,7 +184,7 @@ location /out/nysse.mattersoft.fi/ {
   add_header X-Proxy-Cache $upstream_cache_status;
   proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
   proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
-  proxy_set_header Authorization LMJ_BASIC_AUTH;
+  proxy_set_header Authorization NYSSE_BASIC_AUTH;
 }
 
 #lmj gtfs rt new (https://lmj.mattersoft.fi/api/gtfsrealtime/v1.0/feed/tripupdate, servicealerts and vehiclepositions)
@@ -441,3 +441,16 @@ location /out/bosse.mattersoft.fi/ {
   proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
   proxy_set_header Authorization RAASEPORI_RT_BASIC_AUTH;
 }
+
+#WalttiTest gtfs (https://lmjadmin.mattersoft.fi/feeds/229.zip)
+location /out/lmjadmin.mattersoft.fi/ {
+  proxy_pass    https://lmjadmin.mattersoft.fi/;
+  include allowed-ips.conf;
+  proxy_cache   ext_cache;
+  proxy_cache_valid 200 30s;
+  proxy_cache_lock on;
+  add_header X-Proxy-Cache $upstream_cache_status;
+  proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
+  proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
+  proxy_set_header Authorization WALTTI_TEST_STATIC_BASIC_AUTH;
+}
diff --git a/nginx.conf b/nginx.conf
@@ -541,6 +541,47 @@ http {
     }
   }
 
+  server {
+    server_name waltti-test.digitransit.fi;
+    listen 8080;
+
+    if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+
+    # Add HTTP Strict Transport Security for good measure.
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+    error_page 500 502 503 504 /502.html;
+    location = /502.html {
+      proxy_pass https://errorpages.blob.core.windows.net/html/digitransit-error-page.html;
+      internal;
+    }
+
+    location = /sw.js {
+      proxy_pass http://digitransit-ui-waltti-v3:8080;
+      include basicsettings.conf;
+      proxy_cache sw;
+      proxy_cache_valid 200 30s;
+      proxy_cache_lock on;
+      proxy_cache_key "$host$request_uri";
+      add_header X-Proxy-Cache $upstream_cache_status;
+      proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
+      proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
+    }
+    location = /haku {
+      proxy_hide_header X-Frame-Options;
+      proxy_pass http://digitransit-ui-waltti-v3:8080;
+      include basicsettings.conf;
+    }
+    location / {
+      proxy_pass http://digitransit-ui-waltti-v3:8080;
+      include basicsettings.conf;
+      auth_basic "waltti-test.digitransit.fi";
+      auth_basic_user_file .htpasswd;
+    }
+  }
+
   # generic www redirect rule, redirects www.site to site
   server {
     listen 8080;

diff --git a/run.sh b/run.sh
@@ -31,6 +31,11 @@ sed -i "s/OULU_RT_BASIC_AUTH/${OULU_RT_BASIC_AUTH}/" /etc/nginx/external.conf
 sed -i "s/RAASEPORI_RT_BASIC_AUTH/${RAASEPORI_RT_BASIC_AUTH}/" /etc/nginx/external.conf
 sed -i "s/PORI_RT_BASIC_AUTH/${PORI_RT_BASIC_AUTH}/" /etc/nginx/external.conf
 sed -i "s/MH_BASIC_AUTH/${MH_BASIC_AUTH}/" /etc/nginx/external.conf
+sed -i "s/NYSSE_BASIC_AUTH/${NYSSE_BASIC_AUTH}/" /etc/nginx/external.conf
+sed -i "s/WALTTI_TEST_STATIC_BASIC_AUTH/${WALTTI_TEST_STATIC_BASIC_AUTH}/" /etc/nginx/external.conf
+
+#set basic auth
+htpasswd -c -B -b .htpasswd $WALTTI_TEST_CREDENTIALS_USER $WALTTI_TEST_CREDENTIALS_PASS &>/dev/null
 
 #start nginx
 nginx
diff --git a/test.js b/test.js
@@ -85,6 +85,29 @@ function testRedirect(host, path, expectedUrl, secure=false) {
   });
 }
 
+function testCallingWithoutCredentials(host, path, secure=false) {
+  let fn = secure?httpsGet:get;
+  it('request to ' + host + path + ' 401 Unauthorized without credentials ', function(done) {
+    fn(host,path).end((err,res)=>{
+      expect(res).to.have.status(401);
+      done();
+    });
+  });
+}
+
+function testWithCorrectCredentials(host, path, username, password, expectedUrl, secure=true) {
+  let fn = secure ? httpsGet : get;
+
+  it('request to ' + host + path + ' should return 200 OK with correct credentials ', function(done) {
+    fn(host, path)
+      .set('Authorization', 'Basic ' + Buffer.from(username + ':' + password).toString('base64'))
+      .end((err, res) => {
+        expect(res).to.have.status(200);
+        done();
+      });
+  });
+}
+
 function testResponseHeader(host, path, header, headerValue) {
   it('http request to ' + host + path + ' should have response header: ' + header + ' should have value: ' + headerValue, function(done) {
     get(host,path).end((err,res)=>{
@@ -296,3 +319,8 @@ describe('ext-proxy', function() {
   testCaching(null,'/out/92.62.36.215/RTIX/trip-updates',false);
   testCaching(null,'/out/stables.donkey.bike/api/public/gbfs/2/donkey_lappeenranta/en/station_status.json',false);
 });
+
+describe('waltti-test ui', function() {
+  testCallingWithoutCredentials('waltti-test.digitransit.fi','/kissa','https://waltti-test.digitransit.fi/kissa');
+  testWithCorrectCredentials('waltti-test.digitransit.fi','/kissa', 'test', 'test', 'https://waltti-test.digitransit.fi/kissa', true);
+});
diff --git a/test.sh b/test.sh
@@ -18,13 +18,14 @@ CONTAINER_ID=$(docker run -d -p 9000:8080 $ADDHOSTS -e VILKKU_BASIC_AUTH="\"test
   -e JOJO_BASIC_AUTH="\"test\"" -e LAPPEENRANTA_BASIC_AUTH="\"test\"" -e LINKKI_BASIC_AUTH="\"test\"" \
   -e NEW_LISSU_BASIC_AUTH="\"test\"" -e LAHTI_BASIC_AUTH="\"test\"" \
   -e HAMEENLINNA_BASIC_AUTH="\"test\"" -e NEW_HSL_FI_URL=hsl.fi \
-  -e LMJ_BASIC_AUTH="\"test\"" -e MIKKELI_BASIC_AUTH="\"test\"" \
+  -e LMJ_BASIC_AUTH="\"test\"" -e NYSSE_BASIC_AUTH="\"test\"" -e MIKKELI_BASIC_AUTH="\"test\"" \
   -e VAASA_BASIC_AUTH="\"test\"" -e SALO_BASIC_AUTH="\"test\"" -e ROVANIEMI_BASIC_AUTH="\"test\"" \
   -e KOUVOLA_BASIC_AUTH="\"test\"" -e KAJAANI_BASIC_AUTH="\"test\"" -e OULU_RT_BASIC_AUTH="\"test\"" \
   -e KOTKA_BASIC_AUTH="\"test\"" \
   -e GIRAVOLTA_VANTAA_AUTH="\"test\"" -e VARELY_BASIC_AUTH="\"test\"" -e VARELY_RT_BASIC_AUTH="\"test\"" \
   -e RAUMA_RT_BASIC_AUTH="\"test\"" -e RAUMA_STATIC_BASIC_AUTH="\"test\"" \
   -e PORI_RT_BASIC_AUTH="\"test\"" -e MH_BASIC_AUTH="\"test\"" -e RAASEPORI_RT_BASIC_AUTH="\"test\"" \
+  -e WALTTI_TEST_CREDENTIALS_USER="test" -e WALTTI_TEST_CREDENTIALS_PASS="test" -e WALTTI_TEST_STATIC_BASIC_AUTH="\"test\"" \
   hsldevcom/digitransit-proxy:integrationtest)
 
 curl -v http://127.0.0.1:9000