CouchDB exposes a db/_utils/ route when deploying CE

[d2fong]

Describe the bug
The node server exposes a route /db/_utils/ that any client can access. Is there a way to configure couchDB to not expose this route?

To Reproduce
Steps to reproduce the behavior:

1. go to localhost:3000 or wherever the app is deployed
2. go to localhost:3000/db/_utils/
3. you can see the couchdb admin console and access all the networks

Expected behavior
This route may have some value when developing locally, but it should probably be restricted in a production environment.

[d2fong]

https://stackoverflow.com/questions/65234385/how-to-disable-fauxton-interface

Looks like there is a config entry that can be edited in the couchdb.ini file

[maxkfranz]

There's just middleware here for proxying:

cytoscape-explore/src/server/index.js

Lines 63 to 64 in a1f4a20

	app.use('/db', secrets); // apply security before proxy
	app.use('/db', proxy(COUCHDB_URL));

You can see here that documents without the secret header are rejected:

cytoscape-explore/src/server/secrets.js

Lines 46 to 65 in a1f4a20

	export function secrets(req, res, next) {
	const url = req.originalUrl;
	const urlSplit = url.split('/');
	const isSecretUrl = urlSplit[2] === 'secrets';
	const isDocUrl = !isSecretUrl;
	const docId = isDocUrl ? urlSplit[2] : null;
	const op = urlSplit[3] || null;
	try {
	if (isSecretUrl) {
	handleSecrets(req, res, op, next);
	} else if (isDocUrl) {
	handleDoc(req, res, docId, op, next);
	} else {
	next();
	}
	} catch (err) {
	next(err);
	}
	}

So you Couch can be configured to not expose certain routes in the first place and/or middleware can be used to forbid certain routes.

[maxkfranz]

Eventually, you'd apply the middleware approach to ensure that auth is applied correctly w.r.t. NDEX ACLs, so it would be good to familiarise yourselves with how the middleware works in any case, if you haven't already -- @jingjingbic @keiono @d2fong

[jingjingbic]

@maxkfranz we are not familiar with the configuration of couchDB, could you tell us how should we config it? We are using the middleware approach in NDEx, non of our database servers are exposed to the client directly, all data operations are through the application REST servers's DAO functions. Exposing database port through proxy is a risky practice in production environment from my experience.

[maxkfranz]

You can set the configuration file options to disable utils: https://docs.couchdb.org/en/stable/config-ref.html <https://docs.couchdb.org/en/stable/config-ref.html> Or you can add another middleware function before proxying, like app.use(‘/db’, forbidUtils). Maybe that’s simpler since you don’t have to worry about configuring things away from the defaults?

…

On Nov 16, 2021, at 14:08, Jing Chen ***@***.***> wrote: @maxkfranz <https://github.com/maxkfranz> we are not familiar with the configuration of couchDB, could you tell us how should we config it? We are using the middleware approach in NDEx, non of our database servers are exposed to the client directly, all data operations are through the application REST servers's DAO functions. Exposing database port through proxy is a risky practice in production environment from my experience. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#95 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAHRO46GLPNN3XKOI4PRB7DUMKT4TANCNFSM5HWGWQEQ>.

[jingjingbic]

This sounds like a good step forward. Could you make the change in the code so we can deploy it and try it out? With this change can can client still send general queries through the Couchdb rest API, for example as for all databases on the server?

[maxkfranz]

In retrospect, making blacklists for particular routes wouldn't be as simple and robust as ensuring that Couch is configured with auth. See #107

[maxkfranz]

Closed by #107