From d3c87768d6fc3ac37e03f25fce7a107b1019e205 Mon Sep 17 00:00:00 2001 From: "Glitch (hello-express)" Date: Sun, 3 Nov 2019 15:35:01 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=8F=F0=9F=8D=A5=20Checkpoint=20./serve?= =?UTF-8?q?r.js:933874/6243?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server.js | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/server.js b/server.js index b09729f..5f92162 100644 --- a/server.js +++ b/server.js @@ -43,18 +43,20 @@ app.get("/status", (req, res) => { const auth = { login: process.env.MATRIXUSERNAME, password: process.env.MATRIXPASSWORD - }; + }; // parse login and password from headers const b64auth = (req.headers.authorization || "").split(" ")[1] || ""; - const [login, password] = new Buffer(b64auth, "base64").toString().split(":"); // won't work as we use : in username… - - if (!login || !password || login !== auth.login || password !== auth.password) { - // Access granted... - } - - if (req.query.password !== process.env.PASSWORD) { - return res.sendStatus(401); + const [_, login, password] = new Buffer(b64auth, 'base64').toString().match(/(.*):(.*)/) || []; // slightly modified as + if ( + !login || + !password || + login !== auth.login || + password !== auth.password + ) { + console.log(login, password) + res.set("WWW-Authenticate", 'Basic realm="Authentication required"'); + return res.status(401).send("Authentication required."); } fuzIsOpen = req.query.fuzisopen == "1"; lastSeen = new Date();