Merge 15f5e71ad5 into ff5f2e8dfb

4 years ago · 2ace1b1abf
2 changed files with 49 additions and 16 deletions
--- a/server/auth.js
+++ b/server/auth.js
@ -1,9 +1,11 @@
-const basicAuth = require("express-basic-auth")
+const basicAuth = require("express-basic-auth");
 const passwordHash = require("./password-hash");
 const { R } = require("redbean-node");
 const { setting } = require("./util-server");
 const { debug } = require("../src/util");

+const remoteUserHeader = process.env.REMOTE_USER_HEADER;
+
 /**
 *
 * @param username : string
@ -13,7 +15,7 @@ const { debug } = require("../src/util");
 exports.login = async function (username, password) {
    let user = await R.findOne("user", " username = ? AND active = 1 ", [
        username,
-    ])
+    ]);

    if (user && passwordHash.verify(password, user.password)) {
        // Upgrade the hash to bcrypt
@ -27,25 +29,38 @@ exports.login = async function (username, password) {
    }

    return null;
-}
-
-function myAuthorizer(username, password, callback) {
+};

+function basicAuthHandler(username, password, callback) {
    setting("disableAuth").then((result) => {
-
        if (result) {
-            callback(null, true)
+            callback(null, true);
        } else {
            exports.login(username, password).then((user) => {
-                callback(null, user != null)
-            })
+                callback(null, user != null);
+            });
        }
-    })
+    });
+}

+async function authMiddleware(req, res, next) {
+    if (remoteUserHeader !== undefined) {
+        const remoteUser = req.headers[remoteUserHeader.toLowerCase()];
+        if (remoteUser !== undefined) {
+            let user = await R.findOne("user", " username = ? AND active = 1 ", [
+                remoteUser,
+            ]);
+            if (user) {
+                next();
+                return;
+            }
+        }
+    }
+    return basicAuth({
+        authorizer: basicAuthHandler,
+        authorizeAsync: true,
+        challenge: true,
+    })(req, res, next);
 }

-exports.basicAuth = basicAuth({
-    authorizer: myAuthorizer,
-    authorizeAsync: true,
-    challenge: true,
-});
+exports.basicAuth = authMiddleware;
--- a/server/server.js
+++ b/server/server.js
@ -80,12 +80,16 @@ const sslKey = process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || args["s
 const sslCert = process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || args["ssl-cert"] || undefined;
 const disableFrameSameOrigin = !!process.env.UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN || args["disable-frame-sameorigin"] || false;

+// Header AUTH
+const remoteUserHeader = process.env.REMOTE_USER_HEADER;
+
 // 2FA / notp verification defaults
 const twofa_verification_opts = {
    "window": 1,
    "time": 30
 };

+
 /**
 * Run unit test after the server is ready
 * @type {boolean}
@ -224,7 +228,6 @@ exports.entryPage = "dashboard";

    console.log("Adding socket handler");
    io.on("connection", async (socket) => {
-
        sendInfo(socket);

        totalClient++;
@ -1263,6 +1266,21 @@ exports.entryPage = "dashboard";
            console.log("Disabled Auth: auto login to admin");
            afterLogin(socket, await R.findOne("user"));
            socket.emit("autoLogin");
+        } else if (remoteUserHeader !== undefined) {
+            const remoteUser = socket.handshake.headers[remoteUserHeader.toLowerCase()];
+            if (remoteUser !== undefined) {
+                const user = await R.findOne("user", " username = ? AND active = 1 ", [
+                    remoteUser,
+                ]);
+                if (user) {
+                    afterLogin(socket, user);
+                    socket.emit("autoLogin");
+                } else {
+                    debug(`Remote user ${remoteUser} doesn't exist`);
+                }
+            } else {
+                debug("Remote user header set but not found in headers");
+            }
        } else {
            debug("need auth");
        }