This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Using Node.js code in an Apigee proxy. Private Cloud installation

Posted on 08-26-2019 11:04 AM
stevenboyatsis
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Trying to get some guidance if implementing your Node.js code in an apigee proxy using HTTPS gets you any additional security. Any details on how the Apigee message processor accesses the node.js code would be helpful? Based on documentation I've looked at here : https://docs.apigee.com/api-platform/nodejs/node-overview and here https://docs.apigee.com/api-platform/nodejs/understanding-edge-support-nodejs-modules it seems that HTTPS is supported . If that is the case how would the developers specify the location of the cert and private key? Would it have to be installed on each message processor? My first thought is that implementing HTTPS in this scenario would be overkill as the node.js code seems to be only accessible to the Apigee proxy code itself and doesn't seem to be any exposure in MP using HTTP to get to node.js server.

In the hello world examples I've played around with the proxy code hangs currently if we add require('https') . This http example works fine:

var http = require('http');
console.log('node.js application starting... ');
var svr = http.createServer(function(req, resp) {
    var os = require("os");
    var hostname = os.hostname();
    var ifaces = os.networkInterfaces();
    var apigee = require('apigee-access');
    var messageID = apigee.getVariable(req, 'messageid');
    var message = "Proxy code is running on MP " + hostname + "\n" + "MessageID is " + messageID + "\n";
    const { exec } = require('child_process');
    exec('ifconfig -a', (err, stdout, stderr) => {
      if (err) {
        // node couldn't execute the command
        return console.log(err);
      }
      // the *entire* stdout and stderr (buffered)
      message = message + stdout ;
      console.log(message);
    });
    resp.end(message);
});
svr.listen(9000, function() {
    console.log('Node HTTP server is listening');
});

I'm assuming if we want to implement HTTPS we would have to add code to install cert and key? But again not seeing where that gives you much in security as it seems the apigee message processor implementation seems to limit the access to the nodejs code.

const https = require('https');
const fs = require('fs');

const options = {
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem')
};

https.createServer(options, function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}).listen(8000);
0 2 114
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Maybe you can use KVMs to store the key/cert pair and get them in proxy via a KVM Policy and use them in the Nodejs code via apigee-acess module.

You can also use encrypted KVM for private keys.

0 Likes

Posted on --/--/---- --:-- AM
stevenboyatsis
Bronze 1
Bronze 1
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

Thanks. That seems to be a good idea. Still wondering if implementing HTTPS on the node.js proxy code really gets you any additional security. Trying to understand the exposure from Apigee Message Processor perspective.

0 Likes