From 71fee116567f241eb78e8ae27a4cdad66b971532 Mon Sep 17 00:00:00 2001
From: Alexandre Girard <git@alexgirard.com>
Date: Thu, 1 Dec 2011 16:44:51 +0100
Subject: [PATCH 1/2] add the ability to set global password with http basic
 auth

---
 node/server.js         | 23 +++++++++++++++++++++++
 node/utils/Settings.js |  5 +++++
 settings.json.template |  4 ++++
 3 files changed, 32 insertions(+)

diff --git a/node/server.js b/node/server.js
index 08c09ab0..94a9de15 100644
--- a/node/server.js
+++ b/node/server.js
@@ -91,6 +91,9 @@ async.waterfall([
     var httpLogger = log4js.getLogger("http");
     app.configure(function() 
     {
+      // Activate http basic auth if it has been defined in settings.json
+      if(settings.httpAuth != null) app.use(basic_auth);
+
       // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
       // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
       if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
@@ -143,6 +146,26 @@ async.waterfall([
         }
       });
     }
+
+    //checks for basic http auth
+    function basic_auth (req, res, next) {
+      if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
+        // fetch login and password
+        if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) {
+          next();
+          return;
+        }
+      }
+      
+      res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
+      if (req.headers.authorization) {
+        setTimeout(function () {
+          res.send('Authentication required', 401);
+        }, 5000);
+      } else {
+        res.send('Authentication required', 401);
+      }
+    }
     
     //serve read only pad
     app.get('/ro/:id', function(req, res)
diff --git a/node/utils/Settings.js b/node/utils/Settings.js
index 2aef834d..7ef809c9 100644
--- a/node/utils/Settings.js
+++ b/node/utils/Settings.js
@@ -68,6 +68,11 @@ exports.abiword = null;
  */
 exports.loglevel = "INFO";
 
+/**
+ * Http basic auth, with "user:password" format
+ */
+exports.httpAuth = null;
+
 //read the settings sync
 var settingsStr = fs.readFileSync("../settings.json").toString();
 
diff --git a/settings.json.template b/settings.json.template
index da7b32a4..6ebf8ef0 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -45,4 +45,8 @@
   
   /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
   "loglevel": "INFO"
+  
+  /* This setting is used if you need http basic auth */
+  // "httpAuth" : "user:pass"
+  
 }

From a520c1e112877dee717754beca4ec027f030b531 Mon Sep 17 00:00:00 2001
From: Alexandre Girard <git@alexgirard.com>
Date: Fri, 2 Dec 2011 14:42:42 +0100
Subject: [PATCH 2/2] change settings sample to avoid error when editing
 httpAuth

---
 settings.json.template | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/settings.json.template b/settings.json.template
index 6ebf8ef0..7cd0e819 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -43,10 +43,9 @@
      Abiword is needed to enable the import/export of pads*/  
   "abiword" : null,
   
+  /* This setting is used if you need http basic auth */
+  // "httpAuth" : "user:pass",
+
   /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
   "loglevel": "INFO"
-  
-  /* This setting is used if you need http basic auth */
-  // "httpAuth" : "user:pass"
-  
 }