I have a Node JS program, which uses Mongo DB as my dbs. Now... everyone can access the mongo shell with no issues at all.
Is this how it is meant to be? I want to keep the mongo shell away from anyone else, i.e. you have to authenticate before using the shell.The reason being is that I dont want people deleting tables in the database, and insert/ modifying documents through the console.
Is there a way to do this? I had a look at https://docs.mongodb.com/manual/security/ However I am not sure how to implement this to my Node Js program (keeping the password a secret).
Any help would be appreciated. Thanks
A few solutions :
Restrict access to your db to only the required IP addresses. If your app and database are on the same machine, that would be 127.0.0.1 only + maybe your PC so you can run queries in a GUI.
enforce authentication as in this link, with a strong password.
To keep the password 'secret' in your Node program, which I understand as "not hardcoded", make it an env variable and give it to node at runtime, or write it in a file that doesn't live in your repo (.gitignore works too).
With a valid user/password, here's how to authenticate to mongodb using Node :
A mongodb address has 7 components :
protocol:"mongodb://",
host:"localhost",
user: "user",
password : "password",
options: "?authMechanism=MONGODB-CR",
port:"27017",
db:"db_name"
Which all together give a string like :
mongodb://user:password#localhost:27017/db_name?authMechanism=MONGODB-CR,
That should be enough for Node to connect using the native Mongo driver.
And to authenticate in the shell :
use db_name
db.auth("user", "password" )
or, directly on connection :
mongo -u "user" -p "password" --authenticationDatabase "db_name"
Related
We always normally work in Azure where I write around 200 stored procedures a year in their SQL Server database.
We had to create a SQL Server database in AWS-RDS and still call it in our Node APIs like usual. I was able to quickly and easily set up the AWS DB in SQL Server Management Studio so I do know the credentials.
I created several tables and several stored procedures with no problems and tested to make sure they worked there. When I called them like I normally do in Node, I found I was getting an error
Could not find stored procedure
I went through forums all over but most of the data pertains to MySQL instead of SQL Server, and after trying everything I saw in the forums have not been able to complete what should be a very simple process. I would imagine there is some simple thing I missed, but after 2 days it is time for some fresh ideas.
I am setting up the credentials like this:
var awsConnection = {
host : process.env.RDS_HOSTNAME,
user : process.env.RDS_USERNAME,
password : process.env.RDS_PASSWORD,
port : process.env.RDS_PORT
};
I am using the endpoint provided by AWS for the host, the username and password I use to login to SQL Server Management Tool (which works). The port number is the one specified by AWS (1433 - the default for SQL Server).
I call it in my api like this:
await sql.connect(connectionAWS).then(pool => {
// Stored procedure
console.log("awsConnection INSIDE: " + JSON.stringify(awsConnection));
return pool.request()
.input('repId', sql.VARCHAR(40), repObj.RepID)
.execute('UserExistsBD');
}).then(async result => { ...
I added the console.log to see if we were getting past the login and it appears that we do. I also used Telnet to make sure the endpoint/port combo work and they do. I also checked AWS to make sure the Subnets, Route tables, and gateways were good and to make sure my IP Address was white listed. Any ideas would be very much appreciated!
I have written some tests for my node.js application and the tests are running locally using a Postgresql test database.
When I run my test script, npm run test, the environment is set to test and when this happens, the database connection string is set for the test database and my queries in the application are now done on the test database. Like so:
let connectionString;
if (process.env.NODE_ENV === 'test') {
connectionString =`postgresql://${process.env.DB_USER}:${process.env.DB_PASS}#${process.env.DB_HOST}:${process.env.DB_PORT}/${process.env.TEST_DB_NAME}`;
} else {
connectionString =`postgresql://${process.env.DB_USER}:${process.env.DB_PASS}#${process.env.DB_HOST}:${process.env.DB_PORT}/${process.env.DB_NAME}`;
}
This way my tests are being run on the test database.
On travis however, I know I am going to need to further configure its own database. On the travisCI docs, I read about how I could set up a PostgreSQL database here, but this doesn't help me because how do I get the full database URL as above? On travisCI, what am I to use as my database hostname or port and how do I set this value inside my code?
How do I set the database connection string and access it in my code?
Thanks for any ideas.
Found this while searching of how to do the exact same thing, and this didn't answer my question, so in case anyone else comes across it, I think I have solved it.
zerosand1s kind of answered it, but there seems to be nowhere online which actually says what the hostname or port should be (maybe I'm being dumb and this is obvious but :shrug:)
As per the psql docs:
Defaults to the value of the PGPORT environment variable or, if not set, to the port specified at compile time, usually 5432.
So I guessed port would be 5432 (you could probably just use PGPORT as your variable).
Also elsewhere on travis, it says local host will bind to 127.0.0.1 for other databases (eg. mongo) so I took a guess on that too.
Travis docs tell us the user as postgres and password is blank.
I was using the whole string to connect, where as you split it up, so as such I set my entire connection string as (you can extract each component):
postgres://postgres#127.0.0.1:5432/testing_db
I did this on the travis dashboard settings.
Amazingly all of this worked :tada:
Hope this helps.
As per docs, you can create a database using before_scriptlike so
before_script:
- psql -c "CREATE DATABASE testing_db;" -U postgres
then you can add your database credentials (along with database name and port etc) to travis environment variables like so
travis encrypt DB_USER=TEST_DB_USER --add env.matrix
You can find more on travis environment variables here. You can also add environment variables on travis dashboard under your repository settings.
I am currently using nodejs with mongodb native driver. So my mongodb has been set with admin auth with root role, so I can log in using robomongo or command line just fine. So back to my project, I m able to connect to mongodb just fine if i set my connection string:
mongodb://admin:password#localhost:27017/
However, if I use this connection string:
mongodb://admin:password#localhost:27017/specificdb
It return as:
MongoError: Authentication failed
I am able to access the db using command and robomongo, is there anything I can do? I have added the admin user under the db, but still got the same problem.
The database you specify is the one you authenticate on. If the user is not known/has no roles for that database it cannot authenticate to it.
https://docs.mongodb.com/manual/reference/connection-string/
What you can do is either create the (or a new) user for that database or use an authentication database parameter.
this worked for me :
first solution on connection :
mongoose.connect('mongodb://....', {
// add this line
authSource:"admin",
....
})
or second solution add to the uri "?authSource=admin" :
mongodb://user:password#host/yourDB?authSource=admin
** to note that I am using mongoose and this is the documentation specefic statement and the url :
authSource - The database to use when authenticating with user and pass. In MongoDB, users are scoped to a database. If you are getting an unexpected login failure, you may need to set this option.
https://mongoosejs.com/docs/connections.html#options
I've mostly worked with PHP/MySQL but I've now been handed a Node.js/MongoDB project on Github.
Having gone through a Mongo tutorial, I feel I understand the concept to a reasonable extent now, but I am still unsure how to do the most basic thing - view the Mongo database associated with the project.
In the config file, I found the following:
module.exports = {
database: {
url: 'localhost:27017/app_name'
},
But seeing how I'm on a remote machine, how do I reach the database? Do I need to ask the previous dev for the DB so I can set it up locally?
Searching the code for the word mongo it only appears in packages.json so that's not a lot of help.
localhost:27017
means the DB is in the local machine in which your are developing your app.
In your case, you have MONGO DB installed in your local machine and run the project.
Otherwise if you have a centralized DB then you have to configure that IP here as follows:
Also configure your mongodb.config of your remote DB to accept the connection from your local machine by changing the "BIND IP"
module.exports = {
database: {
url: 'yourRemoteIP:27017/app_name'
},
Use a GUI tool, i would recommend MongoChef. All you need to do is when you start the server, just open this GUI and connect to DB. GAME ON!! You will be able to see your collections and you are ready to go. You can also run mongo query direct on the shell. It is a helpful tool for playing with your local DB.
PS I am considering you want to see your local DB.
You can access your DB through terminal as well, all upto you.
I'm using mongodb on 64Bit and 32Bit Linux servers with same configuration, where the option auth=true is set in both config files.
While the 64Bit system required an authentication to run commands like show users or show collections, the 32Bit version gives you all the requested informations without running db.auth() before.
It looks like, the 32 Bit version ignores the auth=true option at the config file.
So: how can I enable auth for mongodb running on an 32Bit system?
The 32bit version should support authentication just fine. But it is possible that:
It uses a different configuration file (use: -f /etc/mongodb.conf as option when starting MongoDB) or you can specify --auth on the command line
Because the databases are empty and no user is setup at all, authentication is not required. As soon as you add a user, it will then require db.auth().
You don't have a user on the admin database defined. Without this, you can always connect on localhost.
The point is, that authentication is disabled because there is no db users added, only users for a specific database. Connecting to this database using localhost results in an "auth"-free environment. (see for this also the answer from #Derick which point to a possible reason.)
To come back to the question:
So: how can I enable auth for mongodb running on an 32Bit system?
The point is: the auth is active, but not for connects from localhost. To enable auth for connects from localhost, the following startup option is needed:
enableLocalhostAuthBypass=0
I finished this,the role is necessary
db.createUser(
{
user: "youloginname",
pwd: "123456",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)