Merge branch 'issue241' of git://github.com/alx/etherpad-lite into httpAuth

This commit is contained in:
Peter 'Pita' Martischka 2011-12-04 17:22:00 +01:00
commit a4eef2780e
3 changed files with 31 additions and 0 deletions

View File

@ -92,6 +92,9 @@ async.waterfall([
var httpLogger = log4js.getLogger("http");
app.configure(function()
{
// Activate http basic auth if it has been defined in settings.json
if(settings.httpAuth != null) app.use(basic_auth);
// If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
// Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
@ -151,6 +154,26 @@ async.waterfall([
});
}
//checks for basic http auth
function basic_auth (req, res, next) {
if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
// fetch login and password
if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) {
next();
return;
}
}
res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
if (req.headers.authorization) {
setTimeout(function () {
res.send('Authentication required', 401);
}, 5000);
} else {
res.send('Authentication required', 401);
}
}
//serve read only pad
app.get('/ro/:id', function(req, res)
{

View File

@ -68,6 +68,11 @@ exports.abiword = null;
*/
exports.loglevel = "INFO";
/**
* Http basic auth, with "user:password" format
*/
exports.httpAuth = null;
//read the settings sync
var settingsStr = fs.readFileSync("../settings.json").toString();

View File

@ -43,6 +43,9 @@
Abiword is needed to enable the import/export of pads*/
"abiword" : null,
/* This setting is used if you need http basic auth */
// "httpAuth" : "user:pass",
/* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
"loglevel": "INFO"
}