mirror of
https://github.com/Lomanic/presence-button-web
synced 2024-11-25 06:57:30 +00:00
Use dedicated login for ESP and properly parse HTTP basic auth on /status
This commit is contained in:
parent
96acdfd493
commit
56070f19ec
10
server.js
10
server.js
@ -88,14 +88,13 @@ app.get("/api", (req, res) => {
|
|||||||
app.get("/status", (req, res) => {
|
app.get("/status", (req, res) => {
|
||||||
// http basic auth handling without 3rd-party lib https://stackoverflow.com/a/33905671
|
// http basic auth handling without 3rd-party lib https://stackoverflow.com/a/33905671
|
||||||
const auth = {
|
const auth = {
|
||||||
login: process.env.MATRIXUSERNAME,
|
login: process.env.ESPUSERNAME,
|
||||||
password: process.env.MATRIXPASSWORD
|
password: process.env.ESPPASSWORD
|
||||||
};
|
};
|
||||||
|
|
||||||
// parse login and password from headers
|
// parse login and password from headers
|
||||||
const b64auth = (req.headers.authorization || "").split(" ")[1] || "";
|
const b64auth = (req.headers.authorization || '').split(' ')[1] || ''
|
||||||
const [_, login, password] =
|
const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':')
|
||||||
new Buffer(b64auth, "base64").toString().match(/(.*):(.*)/) || []; // slightly modified as we use : in username
|
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!login ||
|
!login ||
|
||||||
@ -103,6 +102,7 @@ app.get("/status", (req, res) => {
|
|||||||
login !== auth.login ||
|
login !== auth.login ||
|
||||||
password !== auth.password
|
password !== auth.password
|
||||||
) {
|
) {
|
||||||
|
console.log("Bad auth", auth, login, password)
|
||||||
res.set("WWW-Authenticate", 'Basic realm="Authentication required"');
|
res.set("WWW-Authenticate", 'Basic realm="Authentication required"');
|
||||||
return res.status(401).send("Authentication required.");
|
return res.status(401).send("Authentication required.");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user