Refactor Proxy Authentication and Error Handling

src/server/bin/kibana.js

@@ -59,12 +59,19 @@ if (program.host) {
 var server = require('../');
 var logger = require('../lib/logger');
 server.start(function (err) {
-  if (!err && config.kibana.pid_file) {
-    fs.writeFile(config.kibana.pid_file, process.pid, function (err) {
+  // If we get here then things have gone sideways and we need to give up.
+  if (err) {
+    logger.fatal({ err: err });
+    process.exit(1);
+  }
+
+  if (config.kibana.pid_file) {
+    return fs.writeFile(config.kibana.pid_file, process.pid, function (err) {
       if (err) {
         logger.fatal('Failed to write PID file to %s', config.kibana.pid_file);
         process.exit(1);
       }
     });
   }
+
 });

src/server/config/kibana.yml

@@ -7,10 +7,6 @@ host: "0.0.0.0"
 # The Elasticsearch instance to use for all your queries.
 elasticsearch_url: "http://localhost:9200"
 
-# If your Elasticsearch is protected with basic auth:
-# elasticsearch_username: user
-# elasticsearch_password: pass
-
 # preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
 # then the host you use to connect to *this* Kibana instance will be sent.
 elasticsearch_preserve_host: true
@@ -19,12 +15,20 @@ elasticsearch_preserve_host: true
 # and dashboards. It will create a new index if it doesn't already exist.
 kibana_index: ".kibana"
 
+# If your Elasticsearch is protected with basic auth, this is the user credentials
+# used by the Kibana server to perform maintence on the kibana_index at statup. Your Kibana
+# users will still need to authenticate with Elasticsearch (which is proxied thorugh
+# the Kibana server)
+# kibana_elasticsearch_username: user
+# kibana_elasticsearch_password: pass
+
+
 # The default application to load.
 default_app_id: "discover"
 
 # Time in milliseconds to wait for responses from the back end or elasticsearch.
 # This must be > 0
-request_timeout: 500000
+request_timeout: 300000
 
 # Time in milliseconds for Elasticsearch to wait for responses from shards.
 # Set to 0 to disable.

src/server/index.js

@@ -55,7 +55,6 @@ function onError(error) {
       process.exit(1);
       break;
     default:
-      logger.error({ err: error });
       throw error;
   }
 }

src/server/lib/elasticsearch_client.js

@@ -0,0 +1,12 @@
+var config = require('../config');
+var elasticsearch = require('elasticsearch');
+var util = require('util');
+var url = require('url');
+var uri = url.parse(config.elasticsearch);
+if (config.kibana.kibana_elasticsearch_username && config.kibana.kibana_elasticsearch_password) {
+  uri.auth = util.format('%s:%s', config.kibana.kibana_elasticsearch_username, config.kibana.kibana_elasticsearch_password);
+}
+module.exports = new elasticsearch.Client({
+  host: url.format(uri)
+});
+

src/server/lib/migrateConfig.js

@@ -1,15 +1,6 @@
 var config = require('../config');
-var elasticsearch = require('elasticsearch');
 var upgrade = require('./upgradeConfig');
-var util = require('util');
-var url = require('url');
-var uri = url.parse(config.elasticsearch);
-if (config.kibana.elasticsearch_username && config.kibana.elasticsearch_password) {
-  uri.auth = util.format('%s:%s', config.kibana.elasticsearch_username, config.kibana.elasticsearch_password);
-}
-var client = new elasticsearch.Client({
-  host: url.format(uri)
-});
+var client = require('./elasticsearch_client');
 
 module.exports = function () {
   var options =  {

src/server/lib/upgradeConfig.js

@@ -2,11 +2,7 @@ var Promise = require('bluebird');
 var isUpgradeable = require('./isUpgradeable');
 var config = require('../config');
 var _ = require('lodash');
-var elasticsearch = require('elasticsearch');
-var client = new elasticsearch.Client({
-  host: config.elasticsearch
-});
-
+var client = require('./elasticsearch_client');
 module.exports = function (response) {
   var newConfig = {};
   // Check to see if there are any doc. If not then we can assume

src/server/routes/proxy.js

@@ -8,6 +8,7 @@ var fs = require('fs');
 var url = require('url');
 var target = url.parse(config.elasticsearch);
 var join = require('path').join;
+var logger = require('../lib/logger');
 
 
 // If the target is backed by an SSL and a CA is provided via the config
@@ -48,7 +49,6 @@ router.use(function (req, res, next) {
     timeout: config.kibana.request_timeout
   };
 
-
   options.headers['x-forward-for'] = req.connection.remoteAddress || req.socket.remoteAddress;
   options.headers['x-forward-port'] = getPort(req);
   options.headers['x-forward-proto'] = req.connection.pair ? 'https' : 'http';
@@ -63,13 +63,6 @@ router.use(function (req, res, next) {
     options.body = req.rawBody;
   }
 
-  // Support for handling basic auth
-  if (config.kibana.elasticsearch_username && config.kibana.elasticsearch_password) {
-    var code = new buffer.Buffer(config.kibana.elasticsearch_username + ':' + config.kibana.elasticsearch_password);
-    var auth = 'Basic ' + code.toString('base64');
-    options.headers.authorization = auth;
-  }
-
   // To support the elasticsearch_preserve_host feature we need to change the
   // host header to the target host header. I don't quite understand the value
   // of this... but it's a feature we had before so I guess we are keeping it.
@@ -80,6 +73,7 @@ router.use(function (req, res, next) {
   // Create the request and pipe the response
   var esRequest = request(options);
   esRequest.on('error', function (err) {
+    logger.error({ err: err });
     var code = 502;
     var body = { message: 'Bad Gateway' };
 
@@ -92,7 +86,7 @@ router.use(function (req, res, next) {
     }
 
     body.err = err.message;
-    res.status(code).json(body);
+    if (!res.headersSent) res.status(code).json(body);
   });
   esRequest.pipe(res);
 });