1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2024-12-23 16:40:28 +00:00

Added primitive support for basic authentication

Note that the password will be passed over HTTP in plain text.
This commit is contained in:
Jermolene 2013-11-28 14:03:08 +00:00
parent c0a6e94b21
commit 7d12d89a0a
8 changed files with 68 additions and 18 deletions

View File

@ -555,6 +555,7 @@ $tw.modules.execute = function(moduleName,moduleRoot) {
clearInterval: clearInterval,
setTimeout: setTimeout,
clearTimeout: clearTimeout,
Buffer: $tw.browser ? {} : Buffer,
$tw: $tw,
require: function(title) {
return $tw.modules.execute(title, name);

View File

@ -49,27 +49,58 @@ SimpleServer.prototype.addRoute = function(route) {
this.routes.push(route);
};
SimpleServer.prototype.findMatchingRoute = function(request,state) {
for(var t=0; t<this.routes.length; t++) {
var potentialRoute = this.routes[t],
pathRegExp = potentialRoute.path,
match = potentialRoute.path.exec(state.urlInfo.pathname);
if(match && request.method === potentialRoute.method) {
state.params = [];
for(var p=1; p<match.length; p++) {
state.params.push(match[p]);
}
return potentialRoute;
}
}
return null;
};
SimpleServer.prototype.checkCredentials = function(request,incomingUsername,incomingPassword) {
var header = request.headers["authorization"] || "",
token = header.split(/\s+/).pop() || "",
auth = $tw.utils.base64Decode(token),
parts = auth.split(/:/),
username = parts[0],
password = parts[1];
if(incomingUsername === username && incomingPassword === password) {
return "ALLOWED";
} else {
return "DENIED";
}
}
SimpleServer.prototype.listen = function(port) {
var self = this;
http.createServer(function(request, response) {
http.createServer(function(request,response) {
// Compose the state object
var state = {};
state.wiki = self.wiki;
state.server = self;
state.urlInfo = url.parse(request.url);
// Find the route that matches this path
var route;
for(var t=0; t<self.routes.length; t++) {
var potentialRoute = self.routes[t],
pathRegExp = potentialRoute.path,
match = potentialRoute.path.exec(state.urlInfo.pathname);
if(request.method === potentialRoute.method && match) {
state.params = [];
for(var p=1; p<match.length; p++) {
state.params.push(match[p]);
}
route = potentialRoute;
break;
var route = self.findMatchingRoute(request,state);
// Check for the username and password if we've got one
var username = self.get("username"),
password = self.get("password");
if(username && password) {
// Check they match
if(self.checkCredentials(request,username,password) !== "ALLOWED") {
response.setHeader("WWW-Authenticate", 'Basic realm="Admin Area"');
response.writeHead(401,"Authentication required",{
"WWW-Authenticate": 'Basic realm="TiddlyWiki5"'
});
response.end();
return;
}
}
// Return a 404 if we didn't find a route
@ -224,12 +255,14 @@ Command.prototype.execute = function() {
rootTiddler = this.params[1] || "$:/core/save/all",
renderType = this.params[2] || "text/plain",
serveType = this.params[3] || "text/html",
username = this.params[4] || "ANONYMOUS";
username = this.params[4] || "ANONYMOUS",
password = this.params[5];
this.server.set({
rootTiddler: rootTiddler,
renderType: renderType,
serveType: serveType,
username: username
username: username,
password: password
});
this.server.listen(port);
if(this.commander.verbose) {

View File

@ -413,4 +413,16 @@ exports.hashString = function(str) {
},0);
};
/*
Decode a base64 string
*/
exports.base64Decode = function(string64) {
if($tw.browser) {
// TODO
throw "$tw.utils.base64Decode() doesn't work in the browser";
} else {
return (new Buffer(string64,"base64")).toString();
}
};
})();

View File

@ -21,6 +21,7 @@ tags: releasenote
* Refactored control panel to add ''Saving'' tab that includes TiddlySpot options
* Improved notifications when saving to TiddlySpot
* Added backup URL to TiddlySpot control panel tab
* Extended the ServerCommand to add primitive support for basic authentication when running under [[Node.js]]
!! Bug fixes

View File

@ -16,6 +16,9 @@ The parameters are:
* ''rendertype'' - the content type to which the root tiddler should be rendered (defaults to "text/plain")
* ''servetype'' - the content type with which the root tiddler should be served (defaults to "text/html")
* ''username'' - the default username for signing edits
* ''password'' - optional password for basic authentication
If the password parameter is specified then the browser will prompt the user for the username and password. Note that the password is transmitted in plain text so this implementation isn't suitable for general use.
For example:

File diff suppressed because one or more lines are too long

View File

@ -7,5 +7,5 @@ rem Optional parameter is the username for signing edits
node .\tiddlywiki.js ^
editions\clientserver ^
--verbose ^
--server 8080 $:/core/save/all text/plain text/html %1^
--server 8080 $:/core/save/all text/plain text/html %1 %2^
|| exit 1

View File

@ -7,5 +7,5 @@
node ./tiddlywiki.js \
editions/clientserver \
--verbose \
--server 8080 $:/core/save/all text/plain text/html $1\
--server 8080 $:/core/save/all text/plain text/html $1 $2\
|| exit 1