mirrors/TiddlyWiki5
1
0
Fork 0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2025-09-09 22:36:05 +00:00
Code Issues Releases Wiki Activity

add logic to ensure that only authenticated users' requests are handled

Browse Source
This commit is contained in:
webplusai
2024-09-16 18:36:59 +00:00
parent 9b69959136
commit d3311156c3
1 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
plugins/tiddlywiki/multiwikiserver/modules/mws-server.js
View File

@@ -358,9 +358,43 @@ Server.prototype.isAuthorized = function(authorizationType,username) {
return principals.indexOf("(anon)") !== -1 || (username && (principals.indexOf("(authenticated)") !== -1 || principals.indexOf(username) !== -1));
}
Server.prototype.authenticateUser = function(request, response) {
const authHeader = request.headers.authorization;
if (!authHeader) {
this.requestAuthentication(response);
return false;
}
const auth = Buffer.from(authHeader.split(' ')[1], 'base64').toString().split(':');
const username = auth[0];
const password = auth[1];
// Check if the username and password match the configured credentials
if (username === this.get("username") && password === this.get("password")) {
return username;
} else {
this.requestAuthentication(response);
return false;
}
};
Server.prototype.requestAuthentication = function(response) {
response.writeHead(401, {
'WWW-Authenticate': 'Basic realm="Secure Area"'
});
response.end('Authentication required.');
};
Server.prototype.requestHandler = function(request,response,options) {
options = options || {};
const queryString = require("querystring");
// Authenticate the user
const authenticatedUsername = this.authenticateUser(request, response);
if (!authenticatedUsername) {
return; // Stop processing if authentication failed
}
// Compose the state object
var self = this;
var state = {};
@@ -374,6 +408,7 @@ Server.prototype.requestHandler = function(request,response,options) {
state.redirect = redirect.bind(self,request,response);
state.streamMultipartData = streamMultipartData.bind(self,request);
state.makeTiddlerEtag = makeTiddlerEtag.bind(self);
state.authenticatedUsername = authenticatedUsername;
// Get the principals authorized to access this resource
state.authorizationType = options.authorizationType || this.methodMappings[request.method] || "readers";
// Check whether anonymous access is granted