Proxy and analytics changes
| Version | Change |
|---|---|
| v1.0 | Initial version |
| v1.1 | Change to structure of proxy and info for uploading |
| v1.2 | Add Auth header to each request for analytics UI |
Since all machines will be opened via proxy we need to add a few changes to the interface.
Proxy
First one is that we need to generate a file for the list of domains with their respective IDs. This is to be a file with the structure
<v1.1>
{threecoltsAccountId}-{hemi/stage-hemi}{blank_space}{domain};
</v1.1>
This information is to be gathered from hub_alpha>client table and only the eligible records. Meaning no with flag deleted or ones that do not match the criteria for their names as described in parent documents. Each row from the database is to be on it’s own row in the file.
createObjectFromURL
This generation will be triggered automatically with the calls in the API Callbacks (Create and Delete Account) that will lead to this document and manually by running the script for it. It will not be set as a cron job.
The mapping of the data is as follows:
{threecoltsAccountId} - hub_alpha>client>threecolts_account_id
<v1.1>
{hemi/stage-hemi} - depending on the machine we need to add from which machine the account comes from. It is hemi if it comes from live and stage-hemi if it is from uat/testing
</v1.1>
{blank_space} - is an empty space( ). Just one there is no better way to show it.
{domain} - hub_alpha>client>domain
<v1.1>
File name is specific for the machine and will be provided with the credentials and it needs to be uploaded to the AWS loadbalancer. For file name and path and credentials contact @Vladislav Stratonikov. This cannot be accessed for check by anyone (only the admins of the AWS), because it is a closed environment. We can only upload to the specified path, that is not public also.
</v1.1>
For analytics UI
In the dashboards, that are loaded from analytics we are using the domain to understand for which client we need the information for. This will not be possible with the proxy so what we need to do is add a parameter to the HomeController in the git branch feature/DashboardAnalytics, for the action indexForInstance.
It needs to update the URL of the iframe in of the dashboard. This is for branch newui-master.
We need to send for which domain this feed is as a parameter. So we need to add hub_alpha>client>domain. But we will add only the subdomain. Meaning we will only send the first part before the first .. For hemi.threecolts.com and stage-hemi.threecolts.com we will concatenate the hub_alpha>client>clientNamewith a - to the domain that we are sending.
Example: (stage-hemi-hub for stage-hemi.threecolts.com with clientName hub. For qa3.hemi.ai we can send qa3)
We can also change the array that is used with the IDs of users to be a json file that is part of the .gitignore of the project so that we do not have issues after updating the document. In this array we keep userID in analytics to domain to match. This is entered manually by a dev when creating a dashboard.
<v1.2>
We need to add an extra parameter token to the request. For the authentication we are to encode with sha256 the following:{subdomain}-{hardodedPassword}. Where {subdomain} is the value we send as a parameter from above. {harcodedPassword} is a password that we will add as a constant.
To this encoded string we need to append the timestamp of the request and a 7 symbol nonce (random symbols) after that we do base64 encoding on everything.
This final string we will add as the token parameter to the request.
For authenticating in the indexForInstance we are to do the sha256 encoding to both values and then decode the token parameter with base64 after that we are to remove the last 7 symbols from the decoded string and extract the timestamp and the encoded sha256 string. Afterwards we compare the sha256 we have generated in this function with the one that we got from the decoding if they match we move forward if not authentication failed and we return 404 (this is so because this is an internal request and we do not care what the response is in case of failure in case someone tries to bruteforce).
After success we check the timestamp to the current one and if it has more than two minutes difference we return 404 if the auth is successfull and we return the information.
</v1.2>
For analytics feeds
We need to change the hostname variable in our FeedFactory in the analytics-feeds project.
We need to send for which domain this feed is. So we need to add hub_alpha>client>domain. But we will add only the subdomain. Meaning we will only send the first part before the first .. For hemi.threecolts.com and stage-hemi.threecolts.com we will concatenate the hub_alpha>client>clientNamewith a - to the domain that we are sending.
Example: (stage-hemi-hub for stage-hemi.threecolts.com with clientName hub. For qa3.hemi.ai we can send qa3)
The addition of the clientName is because we need to differentiate the clients that are on the same domain. This can be determined by the current client for the cron that runs the feed.