add the ability to set global password with http basic auth

2011-12-01 16:44:51 +01:00 · 2011-12-01 16:44:51 +01:00 · 71fee11656
commit 71fee11656
parent 1a7b55523e
3 changed files with 32 additions and 0 deletions
--- a/node/server.js
+++ b/node/server.js
@ -91,6 +91,9 @@ async.waterfall([
    var httpLogger = log4js.getLogger("http");
    app.configure(function() 
    {
+      // Activate http basic auth if it has been defined in settings.json
+      if(settings.httpAuth != null) app.use(basic_auth);
+
      // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
      // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
      if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
@ -143,6 +146,26 @@ async.waterfall([
        }
      });
    }
+
+    //checks for basic http auth
+    function basic_auth (req, res, next) {
+      if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
+        // fetch login and password
+        if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) {
+          next();
+          return;
+        }
+      }
+      
+      res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
+      if (req.headers.authorization) {
+        setTimeout(function () {
+          res.send('Authentication required', 401);
+        }, 5000);
+      } else {
+        res.send('Authentication required', 401);
+      }
+    }
    
    //serve read only pad
    app.get('/ro/:id', function(req, res)
--- a/node/utils/Settings.js
+++ b/node/utils/Settings.js
@ -68,6 +68,11 @@ exports.abiword = null;
 */
 exports.loglevel = "INFO";

+/**
+ * Http basic auth, with "user:password" format
+ */
+exports.httpAuth = null;
+
 //read the settings sync
 var settingsStr = fs.readFileSync("../settings.json").toString();

--- a/settings.json.template
+++ b/settings.json.template
@ -45,4 +45,8 @@
  
  /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
  "loglevel": "INFO"
+  
+  /* This setting is used if you need http basic auth */
+  // "httpAuth" : "user:pass"
+  
 }