diff --git a/server/auth.js b/server/auth.js index 35d2a08..828277f 100644 --- a/server/auth.js +++ b/server/auth.js @@ -1,9 +1,11 @@ -const basicAuth = require("express-basic-auth") +const basicAuth = require("express-basic-auth"); const passwordHash = require("./password-hash"); const { R } = require("redbean-node"); const { setting } = require("./util-server"); const { debug } = require("../src/util"); +const remoteUserHeader = process.env.REMOTE_USER_HEADER; + /** * * @param username : string @@ -13,7 +15,7 @@ const { debug } = require("../src/util"); exports.login = async function (username, password) { let user = await R.findOne("user", " username = ? AND active = 1 ", [ username, - ]) + ]); if (user && passwordHash.verify(password, user.password)) { // Upgrade the hash to bcrypt @@ -27,25 +29,38 @@ exports.login = async function (username, password) { } return null; -} - -function myAuthorizer(username, password, callback) { +}; +function basicAuthHandler(username, password, callback) { setting("disableAuth").then((result) => { - if (result) { - callback(null, true) + callback(null, true); } else { exports.login(username, password).then((user) => { - callback(null, user != null) - }) + callback(null, user != null); + }); } - }) + }); +} +async function authMiddleware(req, res, next) { + if (remoteUserHeader !== undefined) { + const remoteUser = req.headers[remoteUserHeader.toLowerCase()]; + if (remoteUser !== undefined) { + let user = await R.findOne("user", " username = ? AND active = 1 ", [ + remoteUser, + ]); + if (user) { + next(); + return; + } + } + } + return basicAuth({ + authorizer: basicAuthHandler, + authorizeAsync: true, + challenge: true, + })(req, res, next); } -exports.basicAuth = basicAuth({ - authorizer: myAuthorizer, - authorizeAsync: true, - challenge: true, -}); +exports.basicAuth = authMiddleware; diff --git a/server/server.js b/server/server.js index 11f0306..2909d75 100644 --- a/server/server.js +++ b/server/server.js @@ -80,12 +80,16 @@ const sslKey = process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || args["s const sslCert = process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || args["ssl-cert"] || undefined; const disableFrameSameOrigin = !!process.env.UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN || args["disable-frame-sameorigin"] || false; +// Header AUTH +const remoteUserHeader = process.env.REMOTE_USER_HEADER; + // 2FA / notp verification defaults const twofa_verification_opts = { "window": 1, "time": 30 }; + /** * Run unit test after the server is ready * @type {boolean} @@ -224,7 +228,6 @@ exports.entryPage = "dashboard"; console.log("Adding socket handler"); io.on("connection", async (socket) => { - sendInfo(socket); totalClient++; @@ -1263,6 +1266,21 @@ exports.entryPage = "dashboard"; console.log("Disabled Auth: auto login to admin"); afterLogin(socket, await R.findOne("user")); socket.emit("autoLogin"); + } else if (remoteUserHeader !== undefined) { + const remoteUser = socket.handshake.headers[remoteUserHeader.toLowerCase()]; + if (remoteUser !== undefined) { + const user = await R.findOne("user", " username = ? AND active = 1 ", [ + remoteUser, + ]); + if (user) { + afterLogin(socket, user); + socket.emit("autoLogin"); + } else { + debug(`Remote user ${remoteUser} doesn't exist`); + } + } else { + debug("Remote user header set but not found in headers"); + } } else { debug("need auth"); }