From da5c2904b5a2e57ff768d5caee3da89770f27087 Mon Sep 17 00:00:00 2001 From: Zhongnan Su Date: Wed, 27 Oct 2021 15:27:04 -0700 Subject: [PATCH] Forward extra headers while using headless chromium (#194) --- .../server/routes/lib/createReport.ts | 45 ++++--------------- .../server/routes/utils/constants.ts | 11 +++-- .../utils/visual_report/visualReportHelper.ts | 16 +++---- 3 files changed, 21 insertions(+), 51 deletions(-) diff --git a/dashboards-reports/server/routes/lib/createReport.ts b/dashboards-reports/server/routes/lib/createReport.ts index f2c5e486..b9888be7 100644 --- a/dashboards-reports/server/routes/lib/createReport.ts +++ b/dashboards-reports/server/routes/lib/createReport.ts @@ -28,7 +28,7 @@ import { REPORT_TYPE, REPORT_STATE, DELIVERY_TYPE, - SECURITY_CONSTANTS, + EXTRA_HEADERS, LOCAL_HOST, } from '../utils/constants'; @@ -46,6 +46,7 @@ import { SetCookie, Headers } from 'puppeteer-core'; import { updateReportState } from './updateReportState'; import { saveReport } from './saveReport'; import { SemaphoreInterface } from 'async-mutex'; +import _ from 'lodash'; export const createReport = async ( request: OpenSearchDashboardsRequest, @@ -59,9 +60,8 @@ export const createReport = async ( //@ts-ignore const semaphore: SemaphoreInterface = context.reporting_plugin.semaphore; // @ts-ignore - const opensearchReportsClient: ILegacyScopedClusterClient = context.reporting_plugin.opensearchReportsClient.asScoped( - request - ); + const opensearchReportsClient: ILegacyScopedClusterClient = + context.reporting_plugin.opensearchReportsClient.asScoped(request); const opensearchClient = context.core.opensearch.legacy.client; // @ts-ignore const timezone = request.query.timezone; @@ -70,9 +70,7 @@ export const createReport = async ( let reportId; const { - report_definition: { - report_params: reportParams, - }, + report_definition: { report_params: reportParams }, } = report; const { report_source: reportSource } = reportParams; @@ -95,42 +93,15 @@ export const createReport = async ( // report source can only be one of [saved search, visualization, dashboard, notebook] // compose url const completeQueryUrl = `${LOCAL_HOST}${report.query_url}`; - // Check if security is enabled. TODO: is there a better way to check? - let cookieObject: SetCookie | undefined; - if (request.headers.cookie) { - const cookies = request.headers.cookie.split(';'); - cookies.map((item: string) => { - const cookie = item.trim().split('='); - if (cookie[0] === SECURITY_CONSTANTS.AUTH_COOKIE_NAME) { - cookieObject = { - name: cookie[0], - value: cookie[1], - url: completeQueryUrl, - }; - } - }); - } - // If header exists assuming that it needs forwarding - let additionalHeaders: Headers | undefined; - if (request.headers[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER]) { - additionalHeaders = {}; - additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER] = - request.headers[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER]; - additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_IP_HEADER] = - request.headers[SECURITY_CONSTANTS.PROXY_AUTH_IP_HEADER]; - if (request.headers[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER]) { - additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER] = - request.headers[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER]; - } - } + const extraHeaders = _.pick(request.headers, EXTRA_HEADERS); + const [value, release] = await semaphore.acquire(); try { createReportResult = await createVisualReport( reportParams, completeQueryUrl, logger, - cookieObject, - additionalHeaders, + extraHeaders, timezone ); } finally { diff --git a/dashboards-reports/server/routes/utils/constants.ts b/dashboards-reports/server/routes/utils/constants.ts index 890e05ed..867af32d 100644 --- a/dashboards-reports/server/routes/utils/constants.ts +++ b/dashboards-reports/server/routes/utils/constants.ts @@ -94,13 +94,16 @@ export const BASE_PATH = '/_dashboards'; export const DEFAULT_REPORT_HEADER = '

OpenSearch Dashboards Reports

'; export const SECURITY_CONSTANTS = { - AUTH_COOKIE_NAME: 'security_authentication', TENANT_LOCAL_STORAGE_KEY: 'opendistro::security::tenant::show_popup', - PROXY_AUTH_USER_HEADER: 'x-proxy-user', - PROXY_AUTH_ROLES_HEADER: 'x-proxy-roles', - PROXY_AUTH_IP_HEADER: 'x-forwarded-for', }; +export const EXTRA_HEADERS = [ + 'cookie', + 'x-proxy-user', + 'x-proxy-roles', + 'x-forwarded-for', +]; + export const CHROMIUM_PATH = `${__dirname}/../../../.chromium/headless_shell`; /** diff --git a/dashboards-reports/server/routes/utils/visual_report/visualReportHelper.ts b/dashboards-reports/server/routes/utils/visual_report/visualReportHelper.ts index 8c71678d..72de49f0 100644 --- a/dashboards-reports/server/routes/utils/visual_report/visualReportHelper.ts +++ b/dashboards-reports/server/routes/utils/visual_report/visualReportHelper.ts @@ -24,7 +24,7 @@ * permissions and limitations under the License. */ -import puppeteer, { SetCookie, Headers } from 'puppeteer-core'; +import puppeteer, { Headers } from 'puppeteer-core'; import createDOMPurify from 'dompurify'; import { JSDOM } from 'jsdom'; import { Logger } from '../../../../../../src/core/server'; @@ -40,13 +40,13 @@ import { getFileName } from '../helpers'; import { CreateReportResultType } from '../types'; import { ReportParamsSchemaType, VisualReportSchemaType } from 'server/model'; import fs from 'fs'; +import _ from 'lodash'; export const createVisualReport = async ( reportParams: ReportParamsSchemaType, queryUrl: string, logger: Logger, - cookie?: SetCookie, - additionalheaders?: Headers, + extraHeaders: Headers, timezone?: string ): Promise => { const { @@ -94,13 +94,9 @@ export const createVisualReport = async ( const page = await browser.newPage(); page.setDefaultNavigationTimeout(0); page.setDefaultTimeout(100000); // use 100s timeout instead of default 30s - if (cookie) { - logger.info('domain enables security, use session cookie to access'); - await page.setCookie(cookie); - } - if (additionalheaders) { - logger.info('domain passed proxy auth headers, passing to backend'); - await page.setExtraHTTPHeaders(additionalheaders); + // Set extra headers that are needed + if (!_.isEmpty(extraHeaders)) { + await page.setExtraHTTPHeaders(extraHeaders); } logger.info(`original queryUrl ${queryUrl}`); await page.goto(queryUrl, { waitUntil: 'networkidle0' });