frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00
Code Issues Releases Wiki Activity

Cache auth details to save needlessly recalculating hashes

Browse Source
This commit is contained in:
Nick O'Leary 2017-01-28 14:44:47 +00:00
parent 1324f5e59c
commit 939768eec0
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
red.js
View File

@ -196,6 +196,7 @@ try {
function basicAuthMiddleware(user,pass) {
var basicAuth = require('basic-auth');
var checkPassword;
var localCachedPassword;
if (pass.length == "32") {
// Assume its a legacy md5 password
checkPassword = function(p) {
@ -207,12 +208,26 @@ function basicAuthMiddleware(user,pass) {
}
}
var checkPasswordAndCache = function(p) {
// For BasicAuth routes we know the password cannot change without
// a restart of Node-RED. This means we can cache the provided crypted
// version to save recalculating each time.
if (localCachedPassword === p) {
return true;
}
var result = checkPassword(p);
if (result) {
localCachedPassword = p;
}
return result;
}
return function(req,res,next) {
if (req.method === 'OPTIONS') {
return next();
}
var requestUser = basicAuth(req);
if (!requestUser || requestUser.name !== user || !checkPassword(requestUser.pass)) {
if (!requestUser || requestUser.name !== user || !checkPasswordAndCache(requestUser.pass)) {
res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
return res.sendStatus(401);
}