9
0
mirror of https://github.com/Lomanic/presence-button-web synced 2024-11-25 06:57:30 +00:00

Use dedicated login for ESP and properly parse HTTP basic auth on /status

This commit is contained in:
Lomanic 2020-10-08 00:14:19 +02:00
parent 96acdfd493
commit 56070f19ec

View File

@ -88,14 +88,13 @@ app.get("/api", (req, res) => {
app.get("/status", (req, res) => { app.get("/status", (req, res) => {
// http basic auth handling without 3rd-party lib https://stackoverflow.com/a/33905671 // http basic auth handling without 3rd-party lib https://stackoverflow.com/a/33905671
const auth = { const auth = {
login: process.env.MATRIXUSERNAME, login: process.env.ESPUSERNAME,
password: process.env.MATRIXPASSWORD password: process.env.ESPPASSWORD
}; };
// parse login and password from headers // parse login and password from headers
const b64auth = (req.headers.authorization || "").split(" ")[1] || ""; const b64auth = (req.headers.authorization || '').split(' ')[1] || ''
const [_, login, password] = const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':')
new Buffer(b64auth, "base64").toString().match(/(.*):(.*)/) || []; // slightly modified as we use : in username
if ( if (
!login || !login ||
@ -103,6 +102,7 @@ app.get("/status", (req, res) => {
login !== auth.login || login !== auth.login ||
password !== auth.password password !== auth.password
) { ) {
console.log("Bad auth", auth, login, password)
res.set("WWW-Authenticate", 'Basic realm="Authentication required"'); res.set("WWW-Authenticate", 'Basic realm="Authentication required"');
return res.status(401).send("Authentication required."); return res.status(401).send("Authentication required.");
} }