From 71fee116567f241eb78e8ae27a4cdad66b971532 Mon Sep 17 00:00:00 2001 From: Alexandre Girard Date: Thu, 1 Dec 2011 16:44:51 +0100 Subject: [PATCH 1/2] add the ability to set global password with http basic auth --- node/server.js | 23 +++++++++++++++++++++++ node/utils/Settings.js | 5 +++++ settings.json.template | 4 ++++ 3 files changed, 32 insertions(+) diff --git a/node/server.js b/node/server.js index 08c09ab0ea3..94a9de158ee 100644 --- a/node/server.js +++ b/node/server.js @@ -91,6 +91,9 @@ async.waterfall([ var httpLogger = log4js.getLogger("http"); app.configure(function() { + // Activate http basic auth if it has been defined in settings.json + if(settings.httpAuth != null) app.use(basic_auth); + // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158. // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway. if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR")) @@ -143,6 +146,26 @@ async.waterfall([ } }); } + + //checks for basic http auth + function basic_auth (req, res, next) { + if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) { + // fetch login and password + if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) { + next(); + return; + } + } + + res.header('WWW-Authenticate', 'Basic realm="Protected Area"'); + if (req.headers.authorization) { + setTimeout(function () { + res.send('Authentication required', 401); + }, 5000); + } else { + res.send('Authentication required', 401); + } + } //serve read only pad app.get('/ro/:id', function(req, res) diff --git a/node/utils/Settings.js b/node/utils/Settings.js index 2aef834d6a3..7ef809c91d8 100644 --- a/node/utils/Settings.js +++ b/node/utils/Settings.js @@ -68,6 +68,11 @@ exports.abiword = null; */ exports.loglevel = "INFO"; +/** + * Http basic auth, with "user:password" format + */ +exports.httpAuth = null; + //read the settings sync var settingsStr = fs.readFileSync("../settings.json").toString(); diff --git a/settings.json.template b/settings.json.template index da7b32a4928..6ebf8ef0f2a 100644 --- a/settings.json.template +++ b/settings.json.template @@ -45,4 +45,8 @@ /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */ "loglevel": "INFO" + + /* This setting is used if you need http basic auth */ + // "httpAuth" : "user:pass" + } From a520c1e112877dee717754beca4ec027f030b531 Mon Sep 17 00:00:00 2001 From: Alexandre Girard Date: Fri, 2 Dec 2011 14:42:42 +0100 Subject: [PATCH 2/2] change settings sample to avoid error when editing httpAuth --- settings.json.template | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/settings.json.template b/settings.json.template index 6ebf8ef0f2a..7cd0e8195cf 100644 --- a/settings.json.template +++ b/settings.json.template @@ -43,10 +43,9 @@ Abiword is needed to enable the import/export of pads*/ "abiword" : null, + /* This setting is used if you need http basic auth */ + // "httpAuth" : "user:pass", + /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */ "loglevel": "INFO" - - /* This setting is used if you need http basic auth */ - // "httpAuth" : "user:pass" - }