Skip to content

Latest commit

 

History

History
67 lines (42 loc) · 3.63 KB

README.md

File metadata and controls

67 lines (42 loc) · 3.63 KB

Print Proxy

A web service for proxying requests to the Esri print service switching out locked down quad-words for wide open ones.

Important

Looking for information on how to upgrade to v2? Head to this doc.

The Problem

UGRC’s base maps (including the Google imagery) are served via a custom server application called Discover. Part of the advantage of using Discover is that it allows you to secure and track usage via quad-words. These unique words are assigned to a specific user and are locked down to a specific domain or IP address. For example, if my quad-word is locked down to my-domain.com, then requests originating from any other domain or IP address are blocked by Discover. This prevents unauthorized access of licensed content, as well as allows UGRC to track analytics.

This quad-word system works great . . . until you try to use one of Esri’s out-of-the-box print services. When you send a web map to one of these print services, the service reconstructs all of the layers on the server. This causes requests for base maps to be sent from the ArcGIS Server machine rather than the user’s browser (with your domain as the referrer). We do allow wide-open quad-words (i.e., quad-words not locked down to any domain/IP) to be used by those who need to make requests from servers or other local machines. However, the wide-open quad-words can’t be used in web applications because they could be copied and used by unauthorized users.

The Solution

This project solves this problem by acting as a proxy between web applications and Esri print services. When it receives a request, it switches out the locked down quad-word with a wide-open one and then sends it on to the print service. It also scrubs the wide-open quad-word from the response to prevent it from being compromised.

Usage

  1. Send an email to [email protected] with your locked down quad-word to request a new account number.

  2. Take the path to your print service...

https://utility.arcgisonline.com/arcgis/rest/services/Utilities/PrintingTools/GPServer/Export%20Web%20Map%20Task

...and replace the domain name with print.ugrc.utah.gov/v2/<your-account-number> like this...

https://print.ugrc.utah.gov/v2/99/arcgis/rest/services/Utilities/PrintingTools/GPServer/Export%20Web%20Map%20Task

You can use this new URL in place of the original print service in any Esri products.

Note

This project will not work as the default print service in an ArcGIS Portal instance. See #205 for more details.

Development

One-time Setup

  1. brew install mkcert
  2. mkcert -install
  3. mkcert localhost
  4. Create .env file with print proxy wide open quad-word.
  5. touch .env && echo 'OPEN_QUAD_WORD=<wide-open-quad-word>' >> .env
  6. gcloud auth login
  7. npm install & npm start
  8. node scripts/seed-test-data.js
  9. node scripts/pull-accounts-from-staging.js

Testing

Run npm test to run tests after starting the emulator with npm run start:firestore.

There's also an AGOL web app that you can test the different environments with.

Deployment

gcp-terraform/print-proxy is used for infrastructure setup and GitHub actions are for updates.

Upgrading NodeJS

Make sure to update Dockerfile and .node-version files.