uptime-kuma/server/auth.js

const basicAuth = require("express-basic-auth");
const passwordHash = require("./password-hash");
const { R } = require("redbean-node");
const { setting } = require("./util-server");
const { loginRateLimiter } = require("./rate-limiter");

/**
 * Login to web app
 * @param {string} username
 * @param {string} password
 * @returns {Promise<(Bean|null)>}
 */
exports.login = async function (username, password) {
    if (typeof username !== "string" || typeof password !== "string") {
        return null;
    }

    let user = await R.findOne("user", " username = ? AND active = 1 ", [
        username,
    ]);

    if (user && passwordHash.verify(password, user.password)) {
        // Upgrade the hash to bcrypt
        if (passwordHash.needRehash(user.password)) {
            await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
                passwordHash.generate(password),
                user.id,
            ]);
        }
        return user;
    }

    return null;
};

/**
 * Callback for myAuthorizer
 * @callback myAuthorizerCB
 * @param {any} err Any error encountered
 * @param {boolean} authorized Is the client authorized?
 */

/**
 * Custom authorizer for express-basic-auth
 * @param {string} username
 * @param {string} password
 * @param {myAuthorizerCB} callback
 */
function myAuthorizer(username, password, callback) {
    // Login Rate Limit
    loginRateLimiter.pass(null, 0).then((pass) => {
        if (pass) {
            exports.login(username, password).then((user) => {
                callback(null, user != null);

                if (user == null) {
                    loginRateLimiter.removeTokens(1);
                }
            });
        } else {
            callback(null, false);
        }
    });
}

exports.basicAuth = async function (req, res, next) {
    const middleware = basicAuth({
        authorizer: myAuthorizer,
        authorizeAsync: true,
        challenge: true,
    });

    const disabledAuth = await setting("disableAuth");

    if (!disabledAuth) {
        middleware(req, res, next);
    } else {
        next();
    }
};
add login rate limiter 2021-10-23 08:35:13 +00:00			`const basicAuth = require("express-basic-auth");`
Autofix on save 2021-07-27 17:47:13 +00:00			`const passwordHash = require("./password-hash");`
			`const { R } = require("redbean-node");`
requires empty username/password if set disableAuth for basic auth 2021-08-02 16:08:46 +00:00			`const { setting } = require("./util-server");`
add login rate limiter 2021-10-23 08:35:13 +00:00			`const { loginRateLimiter } = require("./rate-limiter");`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00
			`/**`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`* Login to web app`
			`* @param {string} username`
			`* @param {string} password`
			`* @returns {Promise<(Bean\|null)>}`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`*/`
			`exports.login = async function (username, password) {`
Some improvements 2022-03-29 09:38:48 +00:00			`if (typeof username !== "string" \|\| typeof password !== "string") {`
			`return null;`
			`}`

Revert "Auth: Case insensitive login check on username" 2023-01-01 14:19:00 +00:00			`let user = await R.findOne("user", " username = ? AND active = 1 ", [`
Autofix on save 2021-07-27 17:47:13 +00:00			`username,`
add login rate limiter 2021-10-23 08:35:13 +00:00			`]);`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00
			`if (user && passwordHash.verify(password, user.password)) {`
			`// Upgrade the hash to bcrypt`
			`if (passwordHash.needRehash(user.password)) {`
			await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
			`passwordHash.generate(password),`
Autofix on save 2021-07-27 17:47:13 +00:00			`user.id,`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`]);`
			`}`
			`return user;`
			`}`
Autofix on save 2021-07-27 17:47:13 +00:00
			`return null;`
add login rate limiter 2021-10-23 08:35:13 +00:00			`};`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`/**`
			`* Callback for myAuthorizer`
			`* @callback myAuthorizerCB`
			`* @param {any} err Any error encountered`
			`* @param {boolean} authorized Is the client authorized?`
			`*/`

			`/**`
			`* Custom authorizer for express-basic-auth`
			`* @param {string} username`
			`* @param {string} password`
			`* @param {myAuthorizerCB} callback`
			`*/`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`function myAuthorizer(username, password, callback) {`
Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`// Login Rate Limit`
			`loginRateLimiter.pass(null, 0).then((pass) => {`
			`if (pass) {`
			`exports.login(username, password).then((user) => {`
			`callback(null, user != null);`
add login rate limiter 2021-10-23 08:35:13 +00:00
Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`if (user == null) {`
			`loginRateLimiter.removeTokens(1);`
add login rate limiter 2021-10-23 08:35:13 +00:00			`}`
			`});`
Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`} else {`
			`callback(null, false);`
add login rate limiter 2021-10-23 08:35:13 +00:00			`}`
			`});`
Add Basic Auth for /metrics 2021-07-27 16:52:31 +00:00			`}`

Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 10:02:34 +00:00			`exports.basicAuth = async function (req, res, next) {`
			`const middleware = basicAuth({`
			`authorizer: myAuthorizer,`
			`authorizeAsync: true,`
			`challenge: true,`
			`});`

			`const disabledAuth = await setting("disableAuth");`

			`if (!disabledAuth) {`
			`middleware(req, res, next);`
			`} else {`
			`next();`
			`}`
			`};`