Merge pull request #2885 from simianhacker/fix/2872

Refactor Proxy Authentication and Error Handling
2015-02-05 12:30:44 -07:00 · 2015-02-05 12:30:44 -07:00 · 2d9346d028
parent fa60c3fc30 aa3d030634
commit 2d9346d028
7 changed files with 35 additions and 31 deletions
--- a/src/server/bin/kibana.js
+++ b/src/server/bin/kibana.js
@ -59,12 +59,19 @@ if (program.host) {
 var server = require('../');
 var logger = require('../lib/logger');
 server.start(function (err) {
-  if (!err && config.kibana.pid_file) {
-    fs.writeFile(config.kibana.pid_file, process.pid, function (err) {
+  // If we get here then things have gone sideways and we need to give up.
+  if (err) {
+    logger.fatal({ err: err });
+    process.exit(1);
+  }
+
+  if (config.kibana.pid_file) {
+    return fs.writeFile(config.kibana.pid_file, process.pid, function (err) {
      if (err) {
        logger.fatal('Failed to write PID file to %s', config.kibana.pid_file);
        process.exit(1);
      }
    });
  }
+
 });
--- a/src/server/config/kibana.yml
+++ b/src/server/config/kibana.yml
@ -7,10 +7,6 @@ host: "0.0.0.0"
 # The Elasticsearch instance to use for all your queries.
 elasticsearch_url: "http://localhost:9200"

-# If your Elasticsearch is protected with basic auth:
-# elasticsearch_username: user
-# elasticsearch_password: pass
-
 # preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
 # then the host you use to connect to *this* Kibana instance will be sent.
 elasticsearch_preserve_host: true
@ -19,12 +15,20 @@ elasticsearch_preserve_host: true
 # and dashboards. It will create a new index if it doesn't already exist.
 kibana_index: ".kibana"

+# If your Elasticsearch is protected with basic auth, this is the user credentials
+# used by the Kibana server to perform maintence on the kibana_index at statup. Your Kibana
+# users will still need to authenticate with Elasticsearch (which is proxied thorugh
+# the Kibana server)
+# kibana_elasticsearch_username: user
+# kibana_elasticsearch_password: pass
+
+
 # The default application to load.
 default_app_id: "discover"

 # Time in milliseconds to wait for responses from the back end or elasticsearch.
 # This must be > 0
-request_timeout: 500000
+request_timeout: 300000

 # Time in milliseconds for Elasticsearch to wait for responses from shards.
 # Set to 0 to disable.
--- a/src/server/index.js
+++ b/src/server/index.js
@ -55,7 +55,6 @@ function onError(error) {
      process.exit(1);
      break;
    default:
-      logger.error({ err: error });
      throw error;
  }
 }
--- a/src/server/lib/elasticsearch_client.js
+++ b/src/server/lib/elasticsearch_client.js
@ -0,0 +1,12 @@
+var config = require('../config');
+var elasticsearch = require('elasticsearch');
+var util = require('util');
+var url = require('url');
+var uri = url.parse(config.elasticsearch);
+if (config.kibana.kibana_elasticsearch_username && config.kibana.kibana_elasticsearch_password) {
+  uri.auth = util.format('%s:%s', config.kibana.kibana_elasticsearch_username, config.kibana.kibana_elasticsearch_password);
+}
+module.exports = new elasticsearch.Client({
+  host: url.format(uri)
+});
+
--- a/src/server/lib/migrateConfig.js
+++ b/src/server/lib/migrateConfig.js
@ -1,15 +1,6 @@
 var config = require('../config');
-var elasticsearch = require('elasticsearch');
 var upgrade = require('./upgradeConfig');
-var util = require('util');
-var url = require('url');
-var uri = url.parse(config.elasticsearch);
-if (config.kibana.elasticsearch_username && config.kibana.elasticsearch_password) {
-  uri.auth = util.format('%s:%s', config.kibana.elasticsearch_username, config.kibana.elasticsearch_password);
-}
-var client = new elasticsearch.Client({
-  host: url.format(uri)
-});
+var client = require('./elasticsearch_client');

 module.exports = function () {
  var options =  {
--- a/src/server/lib/upgradeConfig.js
+++ b/src/server/lib/upgradeConfig.js
@ -2,11 +2,7 @@ var Promise = require('bluebird');
 var isUpgradeable = require('./isUpgradeable');
 var config = require('../config');
 var _ = require('lodash');
-var elasticsearch = require('elasticsearch');
-var client = new elasticsearch.Client({
-  host: config.elasticsearch
-});
-
+var client = require('./elasticsearch_client');
 module.exports = function (response) {
  var newConfig = {};
  // Check to see if there are any doc. If not then we can assume
--- a/src/server/routes/proxy.js
+++ b/src/server/routes/proxy.js
@ -8,6 +8,7 @@ var fs = require('fs');
 var url = require('url');
 var target = url.parse(config.elasticsearch);
 var join = require('path').join;
+var logger = require('../lib/logger');


 // If the target is backed by an SSL and a CA is provided via the config
@ -67,13 +68,6 @@ router.use(function (req, res, next) {
    options.body = req.rawBody;
  }

-  // Support for handling basic auth
-  if (config.kibana.elasticsearch_username && config.kibana.elasticsearch_password) {
-    var code = new buffer.Buffer(config.kibana.elasticsearch_username + ':' + config.kibana.elasticsearch_password);
-    var auth = 'Basic ' + code.toString('base64');
-    options.headers.authorization = auth;
-  }
-
  // To support the elasticsearch_preserve_host feature we need to change the
  // host header to the target host header. I don't quite understand the value
  // of this... but it's a feature we had before so I guess we are keeping it.
@ -84,6 +78,7 @@ router.use(function (req, res, next) {
  // Create the request and pipe the response
  var esRequest = request(options);
  esRequest.on('error', function (err) {
+    logger.error({ err: err });
    var code = 502;
    var body = { message: 'Bad Gateway' };

@ -96,7 +91,7 @@ router.use(function (req, res, next) {
    }

    body.err = err.message;
-    res.status(code).json(body);
+    if (!res.headersSent) res.status(code).json(body);
  });
  esRequest.pipe(res);
 });