topaLE
/
uptime-kuma
1
0
Fork 0
Code Issues 185 Pull Requests 26 Projects Releases 28 Wiki Activity
Browse Source

Add enviourment variable for remote user authentication

Mikhail5555/feature/remote-header-auth
Mikhail Epifanov 3 years ago
parent
ce9a97a107
commit
54cec2754d
2 changed files with 50 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 45
      server/auth.js
  2. 22
      server/server.js

45
server/auth.js
View File

@ -1,9 +1,11 @@
const basicAuth = require("express-basic-auth") const basicAuth = require("express-basic-auth");
const passwordHash = require("./password-hash"); const passwordHash = require("./password-hash");
const { R } = require("redbean-node"); const { R } = require("redbean-node");
const { setting } = require("./util-server"); const { setting } = require("./util-server");
const { debug } = require("../src/util"); const { debug } = require("../src/util");
const remoteUserHeader = process.env.REMOTE_USER_HEADER;
/** /**
* *
* @param username : string * @param username : string
@ -13,7 +15,7 @@ const { debug } = require("../src/util");
exports.login = async function (username, password) { exports.login = async function (username, password) {
let user = await R.findOne("user", " username = ? AND active = 1 ", [ let user = await R.findOne("user", " username = ? AND active = 1 ", [
username, username,
]) ]);
if (user && passwordHash.verify(password, user.password)) { if (user && passwordHash.verify(password, user.password)) {
// Upgrade the hash to bcrypt // Upgrade the hash to bcrypt
@ -27,25 +29,38 @@ exports.login = async function (username, password) {
} }
return null; return null;
} };
function myAuthorizer(username, password, callback) {
function basicAuthHandler(username, password, callback) {
setting("disableAuth").then((result) => { setting("disableAuth").then((result) => {
if (result) { if (result) {
callback(null, true) callback(null, true);
} else { } else {
exports.login(username, password).then((user) => { exports.login(username, password).then((user) => {
callback(null, user != null) callback(null, user != null);
}) });
} }
}) });
}
async function authMiddleware(req, res, next) {
if (remoteUserHeader !== undefined) {
const remoteUser = req.headers[remoteUserHeader.toLowerCase()];
if (remoteUser !== undefined) {
let user = await R.findOne("user", " username = ? AND active = 1 ", [
remoteUser,
]);
if (user) {
next();
return;
}
}
}
return basicAuth({
authorizer: basicAuthHandler,
authorizeAsync: true,
challenge: true,
})(req, res, next);
} }
exports.basicAuth = basicAuth({ exports.basicAuth = authMiddleware;
authorizer: myAuthorizer,
authorizeAsync: true,
challenge: true,
});

22
server/server.js
View File

@ -64,6 +64,9 @@ const port = parseInt(process.env.PORT || args.port || 3001);
const sslKey = process.env.SSL_KEY || args["ssl-key"] || undefined; const sslKey = process.env.SSL_KEY || args["ssl-key"] || undefined;
const sslCert = process.env.SSL_CERT || args["ssl-cert"] || undefined; const sslCert = process.env.SSL_CERT || args["ssl-cert"] || undefined;
// Header AUTH
const remoteUserHeader = process.env.REMOTE_USER_HEADER;
// Demo Mode? // Demo Mode?
const demoMode = args["demo"] || false; const demoMode = args["demo"] || false;
@ -180,7 +183,6 @@ exports.entryPage = "dashboard";
console.log("Adding socket handler"); console.log("Adding socket handler");
io.on("connection", async (socket) => { io.on("connection", async (socket) => {
socket.emit("info", { socket.emit("info", {
version: checkVersion.version, version: checkVersion.version,
latestVersion: checkVersion.latestVersion, latestVersion: checkVersion.latestVersion,
@ -1189,10 +1191,26 @@ exports.entryPage = "dashboard";
// *************************** // ***************************
debug("check auto login"); debug("check auto login");
console.log(socket.handshake.headers);
if (await setting("disableAuth")) { if (await setting("disableAuth")) {
console.log("Disabled Auth: auto login to admin"); console.log("Disabled Auth: auto login to admin");
afterLogin(socket, await R.findOne("user")); afterLogin(socket, await R.findOne("user"));
socket.emit("autoLogin"); socket.emit("autoLogin");
} else if (remoteUserHeader !== undefined) {
const remoteUser = socket.handshake.headers[remoteUserHeader.toLowerCase()];
if (remoteUser !== undefined) {
const user = await R.findOne("user", " username = ? AND active = 1 ", [
remoteUser,
]);
if (user) {
afterLogin(socket, user);
socket.emit("autoLogin");
} else {
debug(`remote user ${remoteUser} doesnt exist`);
}
} else {
debug("remote user header set but not found in headers");
}
} else { } else {
debug("need auth"); debug("need auth");
} }
@ -1398,7 +1416,7 @@ function finalFunction() {
gracefulShutdown(server, { gracefulShutdown(server, {
signals: "SIGINT SIGTERM", signals: "SIGINT SIGTERM",
timeout: 30000, // timeout: 30 secs timeout: 30000, // timeout: 30 secs
development: false, // not in dev mode development: true, // not in dev mode
forceExit: true, // triggers process.exit() at the end of shutdown process forceExit: true, // triggers process.exit() at the end of shutdown process
onShutdown: shutdownFunction, // shutdown function (async) - e.g. for cleanup DB, ... onShutdown: shutdownFunction, // shutdown function (async) - e.g. for cleanup DB, ...
finally: finalFunction, // finally function (sync) - e.g. for logging finally: finalFunction, // finally function (sync) - e.g. for logging

Write Preview
Loading…
Cancel
Save