1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Fix basic authentication on httpNode/Admin/Static

This commit is contained in:
Nick O'Leary 2015-11-10 15:44:48 +00:00
parent cb01920ee6
commit 34537180c3
3 changed files with 18 additions and 17 deletions

View File

@ -1,6 +1,6 @@
{
"name" : "node-red",
"version" : "0.12.0",
"version" : "0.12.1",
"description" : "A visual tool for wiring the Internet of Things",
"homepage" : "http://nodered.org",
"license" : "Apache-2.0",
@ -53,6 +53,7 @@
"oauth2orize":"1.1.0",
"i18next":"1.10.5",
"semver": "5.0.3",
"basic-auth": "1.0.3",
"node-red-node-feedparser":"0.1.*",
"node-red-node-email":"0.1.*",
"node-red-node-twitter":"0.1.*",

30
red.js
View File

@ -178,21 +178,25 @@ try {
process.exit(1);
}
function basicAuthMiddleware(user,pass) {
var basicAuth = require('basic-auth');
return function(req,res,next) {
var requestUser = basicAuth(req);
if (!requestUser || requestUser.name !== user || crypto.createHash('md5').update(requestUser.pass,'utf8').digest('hex') !== pass) {
res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
return res.sendStatus(401);
}
next();
}
}
if (settings.httpAdminRoot !== false && settings.httpAdminAuth) {
RED.log.warn(log._("server.httpadminauth-deprecated"));
app.use(settings.httpAdminRoot,
express.basicAuth(function(user, pass) {
return user === settings.httpAdminAuth.user && crypto.createHash('md5').update(pass,'utf8').digest('hex') === settings.httpAdminAuth.pass;
})
);
app.use(settings.httpAdminRoot, basicAuthMiddleware(settings.httpAdminAuth.user,settings.httpAdminAuth.pass));
}
if (settings.httpNodeRoot !== false && settings.httpNodeAuth) {
app.use(settings.httpNodeRoot,
express.basicAuth(function(user, pass) {
return user === settings.httpNodeAuth.user && crypto.createHash('md5').update(pass,'utf8').digest('hex') === settings.httpNodeAuth.pass;
})
);
app.use(settings.httpNodeRoot,basicAuthMiddleware(settings.httpNodeAuth.user,settings.httpNodeAuth.pass));
}
if (settings.httpAdminRoot !== false) {
app.use(settings.httpAdminRoot,RED.httpAdmin);
@ -204,11 +208,7 @@ if (settings.httpNodeRoot !== false) {
if (settings.httpStatic) {
settings.httpStaticAuth = settings.httpStaticAuth || settings.httpAuth;
if (settings.httpStaticAuth) {
app.use("/",
express.basicAuth(function(user, pass) {
return user === settings.httpStaticAuth.user && crypto.createHash('md5').update(pass,'utf8').digest('hex') === settings.httpStaticAuth.pass;
})
);
app.use("/",basicAuthMiddleware(settings.httpStaticAuth.user,settings.httpStaticAuth.pass));
}
app.use("/",express.static(settings.httpStatic));
}

View File

@ -71,7 +71,7 @@ module.exports = {
// By default, these are served relative to '/'. The following property
// can be used to specifiy a different root path. If set to false, this is
// disabled.
//httpNodeRoot: '/nodes',
//httpNodeRoot: '/red-nodes',
// To password protect the node-defined HTTP endpoints, the following property
// can be used.