add basic-auth to wis2box-webapp

docker-compose.yml

@@ -9,6 +9,7 @@ services:
       - wis2box-ui
     volumes:
       - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
+      - htpasswd:/etc/nginx/.htpasswd:ro
 
   wis2box-ui:
     container_name: wis2box-ui
@@ -121,6 +122,7 @@ services:
       - wis2box.env
     volumes:
       - ${WIS2BOX_HOST_DATADIR}:/data/wis2box:rw
+      - htpasswd:/home/wis2box/.htpasswd:rw
     depends_on:
       minio:
         condition: service_healthy
@@ -146,3 +148,4 @@ volumes:
   minio-data:
   auth-data:
   api-config:
+  htpasswd:

docs/source/user/public-services-setup.rst

@@ -83,7 +83,8 @@ wis2box user interface
 
 The wis2box user interface uses the wis2box API to visualize the data configured and shared through wis2box.
 
-The 'MAP' or 'EXPLORE' option of each dataset allows you to visualize Weather Observations per station.
+The 'MAP' or 'EXPLORE' option of each dataset allows you to visualize Weather Observations per station for data published in the '../synop' collection
+and requires the 'bufr2geojson' plugin to be configured for your dataset.
 
 .. image:: ../_static/wis2box-map-view.png
   :width: 800
@@ -93,6 +94,31 @@ The 'MAP' or 'EXPLORE' option of each dataset allows you to visualize Weather Ob
   :width: 800
   :alt: wis2box UI data graph visualization
 
+Please note that the user interface currently only supports the visualization of Weather Observations per station for data published in the '../synop' collection.
+
+wis2box-webapp
+--------------
+
+The wis2box-webapp provides a web interface to help you configure wis2box and view WIS2 notifications published by your wis2box instance, along with the ability to interactively submit data using forms.
+
+The webapp is accessible at `WIS2BOX_URL/wis2box-webapp` and uses basic authentication to control access to the web interface. 
+The credentials are defined in the ``wis2box.env`` file by the following environment variables:
+
+.. code-block:: bash
+
+  WIS2BOX_WEBAPP_USERNAME=wis2box-admin
+  WIS2BOX_WEBAPP_PASSWORD=<your-password>
+
+The wis2box-webapp provides access to the following interfaces:
+
+- **SYNOP Form**: to interactively submit FM-12 data using a form
+- **CSV Form**: to interactively submit CSV data, using the 'AWS'-template for the CSV-to-BUFR transformation
+- **Dataset editor**: to create/edit/delete datasets along with their metadata and data mappings configuration
+- **Station editor**: to create/edit/delete stations and associate stations with topics
+- **Monitoring**: to monitor the WIS2 notifications published by your wis2box instance
+
+See the section :ref:`setup` for more information on how to use the webapp to setup your wis2box instance.
+
 Mosquitto (MQTT)
 ^^^^^^^^^^^^^^^^
 

docs/source/user/setup.rst

@@ -39,7 +39,9 @@ Run the following command to create the initial configuration files for your wis
    The script will also ask for the URL of your wis2box. Please provide the public URL of your wis2box, for example ``http://mywis2box.example.com``. 
    For testing purpose you can also provide the internal IP address you use to access the host, for example ``http://192.168.0.3`` and you change the URL in configuration files at a later point in time.
 
-   The script will propose to automatically create passwords for ``WIS2BOX_STORAGE_PASSWORD`` and ``WIS2BOX_BROKER_PASSWORD``.
+   The script will propose to automatically create a password for ``WIS2BOX_WEBAPP_PASSWORD``. This password is used to access the wis2box-webapp interface.
+
+   The script will also propose to automatically create passwords for ``WIS2BOX_STORAGE_PASSWORD`` and ``WIS2BOX_BROKER_PASSWORD``.
    These passwords are for internal use only within the wis2box, and it is recommended to accept the randomly generated passwords.
 
 The script will have created a file "wis2box.env" with the configuration settings required to start your wis2box.
@@ -143,14 +145,30 @@ You can now logout of wis2box-management container:
 
    exit
 
+Accessing the wis2box-webapp
+----------------------------
+
+The following sections will explain how to create datasets and stations in your wis2box using the wis2box-webapp.
+
+You can access the wis2box-webapp by visiting the URL you specified during the configuration step in your web browser and adding ``/wis2box-webapp`` to the URL.
+For example, if you specified ``http://mywis2box.example.com`` as the URL, you can access the wis2box-webapp by visiting ``http://mywis2box.example.com/wis2box-webapp``.
+
+The wis2box-webapp used basic authentication to control access to the webapp.  The default username is ``wis2box-user`` and the password is the value specified when running the script ``wis2box-create-config.py``.
+
+The values of ``WIS2BOX_WEBAPP_USERNAME`` and ``WIS2BOX_WEBAPP_PASSWORD`` can be found in the ``wis2box.env`` file as follows:
+
+.. code-block:: bash
+
+   cat wis2box.env | grep WIS2BOX_WEBAPP
+
+
 Adding datasets
 ---------------
 
 In order to publish data using the wis2box you need to create a dataset with discovery metadata and data mappings plugins. The metadata provides the data description needed for users to discover your data when searching the WIS2 Global Discovery Catalogue.
 Data mappings plugins are used to transform the data from the input source format before the data is published.
 
-You can use the wis2box-webapp to create datasets interactively using the dataset editor.
-The dataset editor can be accessed using your web browser by visiting the URL you specified during the configuration step, and adding ``/wis2box-webapp/dataset_editor`` to the URL.
+You can use the wis2box-webapp to create datasets interactively using the dataset editor. Open the wis2box-webapp in your web browser and select the dataset editor from the menu on the left
 
 You should see the following page:
 
@@ -212,7 +230,7 @@ Please note only data for stations that have been added to wis2box will be inges
 
 If you want to bulk insert station metadata from a CSV file, please refer to the `Bulk inserting stations from CSV`_ section.
 
-The station editor can be accessed by visiting the URL you specified during the configuration step, and adding ``/wis2box-webapp/station`` to the URL.
+The station editor can be accessed in the wis2box-webapp by selecting "Stations" from the menu on the left.
 
 .. image:: ../_static/wis2box-webapp-stations.png
   :width: 800

nginx/nginx-ssl.conf

@@ -66,6 +66,8 @@
             proxy_pass http://wis2box-api:80;
         }
         location /wis2box-webapp/ {
+            auth_basic "Restricted Access";
+            auth_basic_user_file /etc/nginx/.htpasswd/webapp;
             proxy_pass http://wis2box-webapp:4173/wis2box-webapp/;
         }
         location / {

nginx/nginx.conf

@@ -63,6 +63,8 @@
             proxy_pass http://wis2box-api:80;
         }
         location /wis2box-webapp/ {
+            auth_basic "Restricted Access";
+            auth_basic_user_file /etc/nginx/.htpasswd/webapp;
             proxy_pass http://wis2box-webapp:4173/wis2box-webapp/;
         }
         location /auth {
@@ -77,4 +79,4 @@
         location / {
             proxy_pass http://wis2box-ui:80;
         }
-    }
+    }

tests/test.env

@@ -56,4 +56,8 @@ MINIO_NOTIFY_MQTT_USERNAME_WIS2BOX=${WIS2BOX_BROKER_USERNAME}
 MINIO_NOTIFY_MQTT_PASSWORD_WIS2BOX=${WIS2BOX_BROKER_PASSWORD}
 MINIO_NOTIFY_MQTT_BROKER_WIS2BOX=tcp://${WIS2BOX_BROKER_HOST}:${WIS2BOX_BROKER_PORT}
 MINIO_NOTIFY_MQTT_TOPIC_WIS2BOX=wis2box/storage
-MINIO_NOTIFY_MQTT_QOS_WIS2BOX=1
+MINIO_NOTIFY_MQTT_QOS_WIS2BOX=1
+
+# wis2box webapp credentials
+WIS2BOX_WEBAPP_USERNAME=wis2box-user
+WIS2BOX_WEBAPP_PASSWORD=wis2boxtest123

wis2box-create-config.py

@@ -310,6 +310,11 @@ def create_wis2box_env(config_dir: str) -> None:
         fh.write('WIS2BOX_LOGGING_LOGLEVEL=ERROR\n')
         fh.write('WIS2BOX_LOGGING_LOGFILE=stdout\n')
         fh.write('\n')
+        fh.write('# WIS2BOX WEBAPP credentials\n')
+        fh.write('WIS2BOX_WEBAPP_USERNAME=wis2box-user\n')
+        # get password for WIS2BOX_WEBAPP_PASSWORD and write it to wis2box.env
+        fh.write(get_password('WIS2BOX_WEBAPP_PASSWORD'))
+        fh.write('\n')
         fh.write('# map settings for wis2box-ui, wis2box-api and wis2box-webapp\n') # noqa
         fh.write('WIS2BOX_BASEMAP_URL=https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png\n') # noqa
         fh.write('WIS2BOX_BASEMAP_ATTRIBUTION=<a href="https://osm.org/copyright">OpenStreetMap</a> contributors\n') # noqa

wis2box-management/Dockerfile

@@ -26,7 +26,7 @@ LABEL maintainer="[email protected]; [email protected]"
 ARG WIS2BOX_PIP3_EXTRA_PACKAGES
 ENV TZ="Etc/UTC" \
     DEBIAN_FRONTEND="noninteractive" \
-    DEBIAN_PACKAGES="cron bash vim curl git libffi-dev python3-cryptography libssl-dev libudunits2-0 python3 python3-pip curl python3-paho-mqtt python3-dateparser python3-tz python3-setuptools unzip"
+    DEBIAN_PACKAGES="cron bash vim curl git libffi-dev python3-cryptography libssl-dev libudunits2-0 apache2-utils python3 python3-pip curl python3-paho-mqtt python3-dateparser python3-tz python3-setuptools unzip"
 
 RUN if [ "$WIS2BOX_PIP3_EXTRA_PACKAGES" = "None" ]; \
     then export WIS2BOX_PIP3_EXTRA_PACKAGES=echo; \

wis2box-management/docker/entrypoint.sh

@@ -45,6 +45,27 @@ wis2box api setup
 wis2box metadata discovery setup
 wis2box metadata station setup
 
+# check if WIS2BOX_WEBAPP_USERNAME and WIS2BOX_WEBAPP_PASSWORD are set, otherwise set them
+if [ -z "$WIS2BOX_WEBAPP_USERNAME" ]; then
+    echo "WARNING: WIS2BOX_WEBAPP_USERNAME is not set in wis2box.env, using WIS2BOX_WEBAPP_USERNAME=wis2box-user"
+    export WIS2BOX_WEBAPP_USERNAME=wis2box-user
+fi
+if [ -z "$WIS2BOX_WEBAPP_PASSWORD" ]; then
+    echo "WARNING: WIS2BOX_WEBAPP_PASSWORD is not set in wis2box.env, using WIS2BOX_STORAGE_PASSWORD"
+    export WIS2BOX_WEBAPP_PASSWORD=${WIS2BOX_STORAGE_PASSWORD}
+fi
+
+# create /home/wis2box/.htpasswd/webapp if not exists
+# otherwise, delete the file and create it
+if [ ! -f /home/wis2box/.htpasswd/webapp ]; then
+    echo "Creating /home/wis2box/.htpasswd/webapp"
+    htpasswd -bc /home/wis2box/.htpasswd/webapp $WIS2BOX_WEBAPP_USERNAME $WIS2BOX_WEBAPP_PASSWORD
+else
+    rm /home/wis2box/.htpasswd/webapp
+    echo "Re-creating /home/wis2box/.htpasswd/webapp"
+    htpasswd -bc /home/wis2box/.htpasswd/webapp $WIS2BOX_WEBAPP_USERNAME $WIS2BOX_WEBAPP_PASSWORD
+fi
+
 # Check if the path is restricted and capture the output
 is_restricted=$(wis2box auth is-restricted-path --path processes/wis2box)
 if [ "$is_restricted" = "True" ]; then