Conf: Security

wazuh · Feb 24, 2016 · 2b021ba · 2b021ba
1 parent ff43e27
commit 2b021ba
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 17 deletions.
diff --git a/app.js b/app.js
@@ -14,7 +14,6 @@ var express = require('express');
 var bodyParser = require('body-parser');
 var auth = require("http-auth");
 var fs = require('fs');
-var https = require('https');
 var logger = require('./helpers/logger');
 var config = require('./config.js');
 
@@ -26,25 +25,43 @@ port = process.env.PORT || config.port;
 var app = express();
 
 // Basic authentication
-var auth_secure = auth.basic({
-    realm: "OSSEC API",
-    file: __dirname + "/ssl/htpasswd"
-});
-app.use(auth.connect(auth_secure));
+if (config.basic_auth.toLowerCase() == "yes"){
+    var auth_secure = auth.basic({
+        realm: "OSSEC API",
+        file: __dirname + "/ssl/htpasswd"
+    });
+    app.use(auth.connect(auth_secure));
+}
 
+// Certs
+var options;
+if (config.https.toLowerCase() == "yes"){
+    options = {
+      key: fs.readFileSync(__dirname + '/ssl/server.key'),
+      cert: fs.readFileSync(__dirname + '/ssl/server.crt')
+    };
+}
+
+// Body
 app.use(bodyParser.json())
 app.use(bodyParser.urlencoded({extended: true}))
 
+// Controllers
 app.use(require('./controllers'))
 
-// Certs
-var options = {
-  key: fs.readFileSync(__dirname + '/ssl/server.key'),
-  cert: fs.readFileSync(__dirname + '/ssl/server.crt')
-};
 /********************************************/
 
 // Create server
-var server = https.createServer(options, app).listen(port, function(){
-    logger.log("Listening on: https://" + server.address().address + ":" + port);
-});
+if (config.https.toLowerCase() == "yes"){
+    var https = require('https');
+    var server = https.createServer(options, app).listen(port, function(){
+        logger.log("Listening on: https://" + server.address().address + ":" + port);
+    });
+}
+else{
+    var http = require('http');
+    var server = http.createServer(app).listen(port, function(){
+        logger.log("Listening on: http://" + server.address().address + ":" + port);
+    });
+}
+
diff --git a/config.js b/config.js
@@ -4,6 +4,12 @@ var config = {};
 // Port
 config.port = "55000";
 
+// Security
+config.https = "yes"; // Values: yes, no
+config.basic_auth = "yes"; // Values: yes, no
+config.AccessControlAllowOrigin = ["*"];
+config.AccessControlAllowHeaders = ["kbn-version"];
+
 // Paths
 config.ossec_path = "/var/ossec";
 config.api_path = __dirname;

diff --git a/controllers/index.js b/controllers/index.js
@@ -12,13 +12,14 @@
 var express = require('express');
 var errors = require('../helpers/errors');
 var logger = require('../helpers/logger');
+var config = require('../config.js');
 var router = express.Router();
 var api_version = "v1.1";
 
-// Allow petitions from outside of the API URL
-// ToDo: Review
+// Access-Control-Allow
 router.use(function(req, res, next) {
-    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Control-Allow-Origin', config.AccessControlAllowOrigin);
+    res.setHeader('Access-Control-Allow-Headers', config.AccessControlAllowHeaders);
     next();
 });