uptime-kuma/server/auth.js

const basicAuth = require("express-basic-auth");
const passwordHash = require("./password-hash");
const { R } = require("redbean-node");
const { setting } = require("./util-server");
const { loginRateLimiter } = require("./rate-limiter");

/**
 *
 * @param username : string
 * @param password : string
 * @returns {Promise<Bean|null>}
 */
exports.login = async function (username, password) {
    if (typeof username !== "string" || typeof password !== "string") {
        return null;
    }

    let user = await R.findOne("user", " username = ? AND active = 1 ", [
        username,
    ]);

    if (user && passwordHash.verify(password, user.password)) {
        // Upgrade the hash to bcrypt
        if (passwordHash.needRehash(user.password)) {
            await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
                passwordHash.generate(password),
                user.id,
            ]);
        }
        return user;
    }

    return null;
};

/**
 * A function that checks if a user is logged in.
 * @param {string} username The username of the user to check for.
 * @param {function} callback The callback to call when done, with an error and result parameter.
 *
 * Generated by Trelent
 */
function myAuthorizer(username, password, callback) {
    // Login Rate Limit
    loginRateLimiter.pass(null, 0).then((pass) => {
        if (pass) {
            exports.login(username, password).then((user) => {
                callback(null, user != null);

                if (user == null) {
                    loginRateLimiter.removeTokens(1);
                }
            });
        } else {
            callback(null, false);
        }
    });
}

exports.basicAuth = async function (req, res, next) {
    const middleware = basicAuth({
        authorizer: myAuthorizer,
        authorizeAsync: true,
        challenge: true,
    });

    const disabledAuth = await setting("disableAuth");

    if (!disabledAuth) {
        middleware(req, res, next);
    } else {
        next();
    }
};
add login rate limiter 2021-10-23 08:35:13 +00:00			`const basicAuth = require("express-basic-auth");`
Autofix on save 2021-07-27 17:47:13 +00:00			`const passwordHash = require("./password-hash");`
			`const { R } = require("redbean-node");`
requires empty username/password if set disableAuth for basic auth 2021-08-02 16:08:46 +00:00			`const { setting } = require("./util-server");`
add login rate limiter 2021-10-23 08:35:13 +00:00			`const { loginRateLimiter } = require("./rate-limiter");`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00
			`/**`
			`*`
			`* @param username : string`
			`* @param password : string`
			`* @returns {Promise<Bean\|null>}`
			`*/`
			`exports.login = async function (username, password) {`
Some improvements 2022-03-29 09:38:48 +00:00			`if (typeof username !== "string" \|\| typeof password !== "string") {`
			`return null;`
			`}`

Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`let user = await R.findOne("user", " username = ? AND active = 1 ", [`
Autofix on save 2021-07-27 17:47:13 +00:00			`username,`
add login rate limiter 2021-10-23 08:35:13 +00:00			`]);`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00
			`if (user && passwordHash.verify(password, user.password)) {`
			`// Upgrade the hash to bcrypt`
			`if (passwordHash.needRehash(user.password)) {`
			await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
			`passwordHash.generate(password),`
Autofix on save 2021-07-27 17:47:13 +00:00			`user.id,`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`]);`
			`}`
			`return user;`
			`}`
Autofix on save 2021-07-27 17:47:13 +00:00
			`return null;`
add login rate limiter 2021-10-23 08:35:13 +00:00			`};`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00
Generated documentation :) 2021-11-10 05:24:31 +00:00			`/**`
			`* A function that checks if a user is logged in.`
			`* @param {string} username The username of the user to check for.`
			`* @param {function} callback The callback to call when done, with an error and result parameter.`
			`*`
			`* Generated by Trelent`
			`*/`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`function myAuthorizer(username, password, callback) {`
Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`// Login Rate Limit`
			`loginRateLimiter.pass(null, 0).then((pass) => {`
			`if (pass) {`
			`exports.login(username, password).then((user) => {`
			`callback(null, user != null);`
add login rate limiter 2021-10-23 08:35:13 +00:00
Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`if (user == null) {`
			`loginRateLimiter.removeTokens(1);`
add login rate limiter 2021-10-23 08:35:13 +00:00			`}`
			`});`
Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`} else {`
			`callback(null, false);`
add login rate limiter 2021-10-23 08:35:13 +00:00			`}`
			`});`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`}`

Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`exports.basicAuth = async function (req, res, next) {`
			`const middleware = basicAuth({`
			`authorizer: myAuthorizer,`
			`authorizeAsync: true,`
			`challenge: true,`
			`});`

			`const disabledAuth = await setting("disableAuth");`

			`if (!disabledAuth) {`
			`middleware(req, res, next);`
			`} else {`
			`next();`
			`}`
			`};`