mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Fix basic authentication on httpNode/Admin/Static
This commit is contained in:
parent
cb01920ee6
commit
34537180c3
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name" : "node-red",
|
"name" : "node-red",
|
||||||
"version" : "0.12.0",
|
"version" : "0.12.1",
|
||||||
"description" : "A visual tool for wiring the Internet of Things",
|
"description" : "A visual tool for wiring the Internet of Things",
|
||||||
"homepage" : "http://nodered.org",
|
"homepage" : "http://nodered.org",
|
||||||
"license" : "Apache-2.0",
|
"license" : "Apache-2.0",
|
||||||
@ -53,6 +53,7 @@
|
|||||||
"oauth2orize":"1.1.0",
|
"oauth2orize":"1.1.0",
|
||||||
"i18next":"1.10.5",
|
"i18next":"1.10.5",
|
||||||
"semver": "5.0.3",
|
"semver": "5.0.3",
|
||||||
|
"basic-auth": "1.0.3",
|
||||||
"node-red-node-feedparser":"0.1.*",
|
"node-red-node-feedparser":"0.1.*",
|
||||||
"node-red-node-email":"0.1.*",
|
"node-red-node-email":"0.1.*",
|
||||||
"node-red-node-twitter":"0.1.*",
|
"node-red-node-twitter":"0.1.*",
|
||||||
|
30
red.js
30
red.js
@ -178,21 +178,25 @@ try {
|
|||||||
process.exit(1);
|
process.exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function basicAuthMiddleware(user,pass) {
|
||||||
|
var basicAuth = require('basic-auth');
|
||||||
|
return function(req,res,next) {
|
||||||
|
var requestUser = basicAuth(req);
|
||||||
|
if (!requestUser || requestUser.name !== user || crypto.createHash('md5').update(requestUser.pass,'utf8').digest('hex') !== pass) {
|
||||||
|
res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
|
||||||
|
return res.sendStatus(401);
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (settings.httpAdminRoot !== false && settings.httpAdminAuth) {
|
if (settings.httpAdminRoot !== false && settings.httpAdminAuth) {
|
||||||
RED.log.warn(log._("server.httpadminauth-deprecated"));
|
RED.log.warn(log._("server.httpadminauth-deprecated"));
|
||||||
app.use(settings.httpAdminRoot,
|
app.use(settings.httpAdminRoot, basicAuthMiddleware(settings.httpAdminAuth.user,settings.httpAdminAuth.pass));
|
||||||
express.basicAuth(function(user, pass) {
|
|
||||||
return user === settings.httpAdminAuth.user && crypto.createHash('md5').update(pass,'utf8').digest('hex') === settings.httpAdminAuth.pass;
|
|
||||||
})
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (settings.httpNodeRoot !== false && settings.httpNodeAuth) {
|
if (settings.httpNodeRoot !== false && settings.httpNodeAuth) {
|
||||||
app.use(settings.httpNodeRoot,
|
app.use(settings.httpNodeRoot,basicAuthMiddleware(settings.httpNodeAuth.user,settings.httpNodeAuth.pass));
|
||||||
express.basicAuth(function(user, pass) {
|
|
||||||
return user === settings.httpNodeAuth.user && crypto.createHash('md5').update(pass,'utf8').digest('hex') === settings.httpNodeAuth.pass;
|
|
||||||
})
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
if (settings.httpAdminRoot !== false) {
|
if (settings.httpAdminRoot !== false) {
|
||||||
app.use(settings.httpAdminRoot,RED.httpAdmin);
|
app.use(settings.httpAdminRoot,RED.httpAdmin);
|
||||||
@ -204,11 +208,7 @@ if (settings.httpNodeRoot !== false) {
|
|||||||
if (settings.httpStatic) {
|
if (settings.httpStatic) {
|
||||||
settings.httpStaticAuth = settings.httpStaticAuth || settings.httpAuth;
|
settings.httpStaticAuth = settings.httpStaticAuth || settings.httpAuth;
|
||||||
if (settings.httpStaticAuth) {
|
if (settings.httpStaticAuth) {
|
||||||
app.use("/",
|
app.use("/",basicAuthMiddleware(settings.httpStaticAuth.user,settings.httpStaticAuth.pass));
|
||||||
express.basicAuth(function(user, pass) {
|
|
||||||
return user === settings.httpStaticAuth.user && crypto.createHash('md5').update(pass,'utf8').digest('hex') === settings.httpStaticAuth.pass;
|
|
||||||
})
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
app.use("/",express.static(settings.httpStatic));
|
app.use("/",express.static(settings.httpStatic));
|
||||||
}
|
}
|
||||||
|
@ -71,7 +71,7 @@ module.exports = {
|
|||||||
// By default, these are served relative to '/'. The following property
|
// By default, these are served relative to '/'. The following property
|
||||||
// can be used to specifiy a different root path. If set to false, this is
|
// can be used to specifiy a different root path. If set to false, this is
|
||||||
// disabled.
|
// disabled.
|
||||||
//httpNodeRoot: '/nodes',
|
//httpNodeRoot: '/red-nodes',
|
||||||
|
|
||||||
// To password protect the node-defined HTTP endpoints, the following property
|
// To password protect the node-defined HTTP endpoints, the following property
|
||||||
// can be used.
|
// can be used.
|
||||||
|
Loading…
Reference in New Issue
Block a user