- Proof-of-concept for a more secure implementation of a DHIS2 Midddleware for Public Portals
What is this PoC about?
-
A minimal working PoC for a more secure DHIS2 Middleware for public data visualization portals.
-
Additional security measures and best practices are implemented to ensure that only authorized users can access the middleware endpoint/s, using the following:
NOTE: This is in no way a comprehensive list of security measures, but a starting point towards a more secure implementation of a DHIS2 Middleware for public portals.
- API Key Authorization
- IP Whitelisting
- Rate Limiting
- Request Logging
- Error Handling
- Caching (in-memory) for frequently accessed endpoints to reduce the load on the DHIS2 server.
- Node.js >= v16.20.1
- Clone the repository to your local machine:
git clone [email protected]:0xafrogeek/dhis2-middleware-poc.git
- Change directory to the project folder:
cd dhis2-middleware-poc
- Install packages:
npm i
- Copy the
example.env
file to.env
and update the values accordingly.
cp example.env .env
- Run the project in development mode:
npm run dev
- Once middleware is up and running, any unauthorized request to the /indicators endpoint will be rejected with a 401 Unauthorized response. Only requests with a valid API Key will be allowed.