Merge branch 'issue241' of git://github.com/alx/etherpad-lite into httpAuth

2011-12-04 17:22:00 +01:00 · 2011-12-04 17:22:00 +01:00 · a4eef2780e
parent b2f1f04b54 a520c1e112
commit a4eef2780e
3 changed files with 31 additions and 0 deletions
--- a/node/server.js
+++ b/node/server.js
@ -92,6 +92,9 @@ async.waterfall([
    var httpLogger = log4js.getLogger("http");
    app.configure(function() 
    {
+      // Activate http basic auth if it has been defined in settings.json
+      if(settings.httpAuth != null) app.use(basic_auth);
+
      // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
      // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
      if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
@ -151,6 +154,26 @@ async.waterfall([
      });
    }

+    //checks for basic http auth
+    function basic_auth (req, res, next) {
+      if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
+        // fetch login and password
+        if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) {
+          next();
+          return;
+        }
+      }
+      
+      res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
+      if (req.headers.authorization) {
+        setTimeout(function () {
+          res.send('Authentication required', 401);
+        }, 5000);
+      } else {
+        res.send('Authentication required', 401);
+      }
+    }
+    
    //serve read only pad
    app.get('/ro/:id', function(req, res)
    { 
--- a/node/utils/Settings.js
+++ b/node/utils/Settings.js
@ -68,6 +68,11 @@ exports.abiword = null;
 */
 exports.loglevel = "INFO";

+/**
+ * Http basic auth, with "user:password" format
+ */
+exports.httpAuth = null;
+
 //read the settings sync
 var settingsStr = fs.readFileSync("../settings.json").toString();

--- a/settings.json.template
+++ b/settings.json.template
@ -43,6 +43,9 @@
     Abiword is needed to enable the import/export of pads*/  
  "abiword" : null,
  
+  /* This setting is used if you need http basic auth */
+  // "httpAuth" : "user:pass",
+
  /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
  "loglevel": "INFO"
 }