add basic-auth to wis2box-webapp

docs/source/user/public-services-setup.rst

@@ -83,7 +83,8 @@ wis2box user interface
 
 The wis2box user interface uses the wis2box API to visualize the data configured and shared through wis2box.
 
-The 'MAP' or 'EXPLORE' option of each dataset allows you to visualize Weather Observations per station.
+The 'MAP' or 'EXPLORE' option of each dataset allows you to visualize Weather Observations per station for data published in the '../synop' collection
+and requires the 'bufr2geojson' plugin to be configured for your dataset.
 
 .. image:: ../_static/wis2box-map-view.png
   :width: 800
@@ -93,6 +94,31 @@ The 'MAP' or 'EXPLORE' option of each dataset allows you to visualize Weather Ob
   :width: 800
   :alt: wis2box UI data graph visualization
 
+Please note that the user interface currently only supports the visualization of Weather Observations per station for data published in the '../synop' collection.
+
+wis2box-webapp
+--------------
+
+The wis2box-webapp provides a web interface to help you configure your wis2box and view WIS2-notifications published by your wis2box instance, along with the ability to interactively submit data using forms.
+
+The webapp is accessible at `WIS2BOX_URL/wis2box-webapp` and uses basic authentication to protect access to the web interface. 
+The credentials are defined in the ``wis2box.env`` file by the following environment variables:
+
+.. code-block:: bash
+
+  WIS2BOX_WEBAPP_USERNAME=wis2box-admin
+  WIS2BOX_WEBAPP_PASSWORD=<your-password>
+
+The wis2box-webapp provides access to the following interfaces:
+
+- **SYNOP Form**: to interactively submit FM-12 data using a form
+- **CSV Form**: to interactively submit CSV data, using the 'AWS'-template for the CSV-to-BUFR transformation
+- **Dataset editor**: to create/edit/delete datasets along with their metadata and data mappings configuration
+- **Station editor**: to create/edit/delete stations and associate stations with topics
+- **Monitoring**: to monitor the WIS2 notifications published by your wis2box instance
+
+See the section :ref:`setup` for more information on how to use the webapp to setup your wis2box instance.
+
 Mosquitto (MQTT)
 ^^^^^^^^^^^^^^^^
 

nginx/nginx-ssl.conf

@@ -66,6 +66,8 @@
             proxy_pass http://wis2box-api:80;
         }
         location /wis2box-webapp/ {
+            auth_basic "Restricted Access";
+            auth_basic_user_file /etc/nginx/.htpasswd/webapp ;
             proxy_pass http://wis2box-webapp:4173/wis2box-webapp/;
         }
         location / {

nginx/nginx.conf

@@ -63,6 +63,8 @@
             proxy_pass http://wis2box-api:80;
         }
         location /wis2box-webapp/ {
+            auth_basic "Restricted Access";
+            auth_basic_user_file /etc/nginx/.htpasswd/webapp ;
             proxy_pass http://wis2box-webapp:4173/wis2box-webapp/;
         }
         location /auth {

tests/test.env

@@ -56,4 +56,8 @@ MINIO_NOTIFY_MQTT_USERNAME_WIS2BOX=${WIS2BOX_BROKER_USERNAME}
 MINIO_NOTIFY_MQTT_PASSWORD_WIS2BOX=${WIS2BOX_BROKER_PASSWORD}
 MINIO_NOTIFY_MQTT_BROKER_WIS2BOX=tcp://${WIS2BOX_BROKER_HOST}:${WIS2BOX_BROKER_PORT}
 MINIO_NOTIFY_MQTT_TOPIC_WIS2BOX=wis2box/storage
-MINIO_NOTIFY_MQTT_QOS_WIS2BOX=1
+MINIO_NOTIFY_MQTT_QOS_WIS2BOX=1
+
+# wis2box webapp credentials
+WIS2BOX_WEBAPP_USERNAME=wis2box-user
+WIS2BOX_WEBAPP_PASSWORD=wis2boxtest123

wis2box-create-config.py

@@ -310,6 +310,11 @@ def create_wis2box_env(config_dir: str) -> None:
         fh.write('WIS2BOX_LOGGING_LOGLEVEL=ERROR\n')
         fh.write('WIS2BOX_LOGGING_LOGFILE=stdout\n')
         fh.write('\n')
+        fh.write('# WIS2BOX WEBAPP credentials\n')
+        fh.write('WIS2BOX_WEBAPP_USERNAME=wis2box-user\n')
+        # get password for WIS2BOX_WEBAPP_PASSWORD and write it to wis2box.env
+        fh.write(get_password('WIS2BOX_WEBAPP_PASSWORD'))
+        fh.write('\n')
         fh.write('# map settings for wis2box-ui, wis2box-api and wis2box-webapp\n') # noqa
         fh.write('WIS2BOX_BASEMAP_URL=https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png\n') # noqa
         fh.write('WIS2BOX_BASEMAP_ATTRIBUTION=<a href="https://osm.org/copyright">OpenStreetMap</a> contributors\n') # noqa

wis2box-management/Dockerfile

@@ -26,7 +26,7 @@ LABEL maintainer="[email protected]; [email protected]"
 ARG WIS2BOX_PIP3_EXTRA_PACKAGES
 ENV TZ="Etc/UTC" \
     DEBIAN_FRONTEND="noninteractive" \
-    DEBIAN_PACKAGES="cron bash vim curl git libffi-dev python3-cryptography libssl-dev libudunits2-0 python3 python3-pip curl python3-paho-mqtt python3-dateparser python3-tz python3-setuptools unzip"
+    DEBIAN_PACKAGES="cron bash vim curl git libffi-dev python3-cryptography libssl-dev libudunits2-0 apache2-utils python3 python3-pip curl python3-paho-mqtt python3-dateparser python3-tz python3-setuptools unzip"
 
 RUN if [ "$WIS2BOX_PIP3_EXTRA_PACKAGES" = "None" ]; \
     then export WIS2BOX_PIP3_EXTRA_PACKAGES=echo; \

wis2box-management/docker/entrypoint.sh

@@ -45,6 +45,17 @@ wis2box api setup
 wis2box metadata discovery setup
 wis2box metadata station setup
 
+# create /home/wis2box/.htpasswd/webapp if not exists
+# otherwise, delete the file and create it
+if [ ! -f /home/wis2box/.htpasswd/webapp ]; then
+    echo "Creating /home/wis2box/.htpasswd/webapp"
+    htpasswd -bc /home/wis2box/.htpasswd/webapp $WIS2BOX_WEBAPP_USERNAME $WIS2BOX_WEBAPP_PASSWORD
+else
+    rm /home/wis2box/.htpasswd/webapp
+    echo "Re-creating /home/wis2box/.htpasswd/webapp"
+    htpasswd -bc /home/wis2box/.htpasswd/webapp $WIS2BOX_WEBAPP_USERNAME $WIS2BOX_WEBAPP_PASSWORD
+fi
+
 # Check if the path is restricted and capture the output
 is_restricted=$(wis2box auth is-restricted-path --path processes/wis2box)
 if [ "$is_restricted" = "True" ]; then