mirror of
https://github.com/Jermolene/TiddlyWiki5
synced 2024-12-23 16:40:28 +00:00
Added primitive support for basic authentication
Note that the password will be passed over HTTP in plain text.
This commit is contained in:
parent
c0a6e94b21
commit
7d12d89a0a
@ -555,6 +555,7 @@ $tw.modules.execute = function(moduleName,moduleRoot) {
|
||||
clearInterval: clearInterval,
|
||||
setTimeout: setTimeout,
|
||||
clearTimeout: clearTimeout,
|
||||
Buffer: $tw.browser ? {} : Buffer,
|
||||
$tw: $tw,
|
||||
require: function(title) {
|
||||
return $tw.modules.execute(title, name);
|
||||
|
@ -49,27 +49,58 @@ SimpleServer.prototype.addRoute = function(route) {
|
||||
this.routes.push(route);
|
||||
};
|
||||
|
||||
SimpleServer.prototype.findMatchingRoute = function(request,state) {
|
||||
for(var t=0; t<this.routes.length; t++) {
|
||||
var potentialRoute = this.routes[t],
|
||||
pathRegExp = potentialRoute.path,
|
||||
match = potentialRoute.path.exec(state.urlInfo.pathname);
|
||||
if(match && request.method === potentialRoute.method) {
|
||||
state.params = [];
|
||||
for(var p=1; p<match.length; p++) {
|
||||
state.params.push(match[p]);
|
||||
}
|
||||
return potentialRoute;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
};
|
||||
|
||||
SimpleServer.prototype.checkCredentials = function(request,incomingUsername,incomingPassword) {
|
||||
var header = request.headers["authorization"] || "",
|
||||
token = header.split(/\s+/).pop() || "",
|
||||
auth = $tw.utils.base64Decode(token),
|
||||
parts = auth.split(/:/),
|
||||
username = parts[0],
|
||||
password = parts[1];
|
||||
if(incomingUsername === username && incomingPassword === password) {
|
||||
return "ALLOWED";
|
||||
} else {
|
||||
return "DENIED";
|
||||
}
|
||||
}
|
||||
|
||||
SimpleServer.prototype.listen = function(port) {
|
||||
var self = this;
|
||||
http.createServer(function(request, response) {
|
||||
http.createServer(function(request,response) {
|
||||
// Compose the state object
|
||||
var state = {};
|
||||
state.wiki = self.wiki;
|
||||
state.server = self;
|
||||
state.urlInfo = url.parse(request.url);
|
||||
// Find the route that matches this path
|
||||
var route;
|
||||
for(var t=0; t<self.routes.length; t++) {
|
||||
var potentialRoute = self.routes[t],
|
||||
pathRegExp = potentialRoute.path,
|
||||
match = potentialRoute.path.exec(state.urlInfo.pathname);
|
||||
if(request.method === potentialRoute.method && match) {
|
||||
state.params = [];
|
||||
for(var p=1; p<match.length; p++) {
|
||||
state.params.push(match[p]);
|
||||
}
|
||||
route = potentialRoute;
|
||||
break;
|
||||
var route = self.findMatchingRoute(request,state);
|
||||
// Check for the username and password if we've got one
|
||||
var username = self.get("username"),
|
||||
password = self.get("password");
|
||||
if(username && password) {
|
||||
// Check they match
|
||||
if(self.checkCredentials(request,username,password) !== "ALLOWED") {
|
||||
response.setHeader("WWW-Authenticate", 'Basic realm="Admin Area"');
|
||||
response.writeHead(401,"Authentication required",{
|
||||
"WWW-Authenticate": 'Basic realm="TiddlyWiki5"'
|
||||
});
|
||||
response.end();
|
||||
return;
|
||||
}
|
||||
}
|
||||
// Return a 404 if we didn't find a route
|
||||
@ -224,12 +255,14 @@ Command.prototype.execute = function() {
|
||||
rootTiddler = this.params[1] || "$:/core/save/all",
|
||||
renderType = this.params[2] || "text/plain",
|
||||
serveType = this.params[3] || "text/html",
|
||||
username = this.params[4] || "ANONYMOUS";
|
||||
username = this.params[4] || "ANONYMOUS",
|
||||
password = this.params[5];
|
||||
this.server.set({
|
||||
rootTiddler: rootTiddler,
|
||||
renderType: renderType,
|
||||
serveType: serveType,
|
||||
username: username
|
||||
username: username,
|
||||
password: password
|
||||
});
|
||||
this.server.listen(port);
|
||||
if(this.commander.verbose) {
|
||||
|
@ -413,4 +413,16 @@ exports.hashString = function(str) {
|
||||
},0);
|
||||
};
|
||||
|
||||
/*
|
||||
Decode a base64 string
|
||||
*/
|
||||
exports.base64Decode = function(string64) {
|
||||
if($tw.browser) {
|
||||
// TODO
|
||||
throw "$tw.utils.base64Decode() doesn't work in the browser";
|
||||
} else {
|
||||
return (new Buffer(string64,"base64")).toString();
|
||||
}
|
||||
};
|
||||
|
||||
})();
|
||||
|
@ -21,6 +21,7 @@ tags: releasenote
|
||||
* Refactored control panel to add ''Saving'' tab that includes TiddlySpot options
|
||||
* Improved notifications when saving to TiddlySpot
|
||||
* Added backup URL to TiddlySpot control panel tab
|
||||
* Extended the ServerCommand to add primitive support for basic authentication when running under [[Node.js]]
|
||||
|
||||
!! Bug fixes
|
||||
|
||||
|
@ -16,6 +16,9 @@ The parameters are:
|
||||
* ''rendertype'' - the content type to which the root tiddler should be rendered (defaults to "text/plain")
|
||||
* ''servetype'' - the content type with which the root tiddler should be served (defaults to "text/html")
|
||||
* ''username'' - the default username for signing edits
|
||||
* ''password'' - optional password for basic authentication
|
||||
|
||||
If the password parameter is specified then the browser will prompt the user for the username and password. Note that the password is transmitted in plain text so this implementation isn't suitable for general use.
|
||||
|
||||
For example:
|
||||
|
||||
|
@ -7,5 +7,5 @@ rem Optional parameter is the username for signing edits
|
||||
node .\tiddlywiki.js ^
|
||||
editions\clientserver ^
|
||||
--verbose ^
|
||||
--server 8080 $:/core/save/all text/plain text/html %1^
|
||||
--server 8080 $:/core/save/all text/plain text/html %1 %2^
|
||||
|| exit 1
|
||||
|
Loading…
Reference in New Issue
Block a user