9
0
mirror of https://github.com/Lomanic/presence-button-web synced 2024-11-24 14:37:29 +00:00

Use dedicated login for ESP and properly parse HTTP basic auth on /status

This commit is contained in:
Lomanic 2020-10-08 00:14:19 +02:00
parent 96acdfd493
commit 56070f19ec

View File

@ -88,14 +88,13 @@ app.get("/api", (req, res) => {
app.get("/status", (req, res) => {
// http basic auth handling without 3rd-party lib https://stackoverflow.com/a/33905671
const auth = {
login: process.env.MATRIXUSERNAME,
password: process.env.MATRIXPASSWORD
login: process.env.ESPUSERNAME,
password: process.env.ESPPASSWORD
};
// parse login and password from headers
const b64auth = (req.headers.authorization || "").split(" ")[1] || "";
const [_, login, password] =
new Buffer(b64auth, "base64").toString().match(/(.*):(.*)/) || []; // slightly modified as we use : in username
const b64auth = (req.headers.authorization || '').split(' ')[1] || ''
const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':')
if (
!login ||
@ -103,6 +102,7 @@ app.get("/status", (req, res) => {
login !== auth.login ||
password !== auth.password
) {
console.log("Bad auth", auth, login, password)
res.set("WWW-Authenticate", 'Basic realm="Authentication required"');
return res.status(401).send("Authentication required.");
}