Merge branch 'master' into logging

# Conflicts: # server/database.js # server/jobs.js # server/model/monitor.js # server/routers/api-router.js # server/server.js # server/socket-handlers/status-page-socket-handler.js # server/util-server.js
2025-07-24 23:35:46 -04:00 · 2022-04-12 16:32:14 +08:00 · 2022-04-12 16:32:14 +08:00 · 279e2eb3f6
commit 279e2eb3f6
parent 38f8a8ac2f 1ba92d803e
128 changed files with 14015 additions and 6527 deletions
--- a/server/auth.js
+++ b/server/auth.js
@ -11,6 +11,10 @@ const { loginRateLimiter } = require("./rate-limiter");
 * @returns {Promise<Bean|null>}
 */
 exports.login = async function (username, password) {
+    if (typeof username !== "string" || typeof password !== "string") {
+        return null;
+    }
+
    let user = await R.findOne("user", " username = ? AND active = 1 ", [
        username,
    ]);
@ -30,31 +34,34 @@ exports.login = async function (username, password) {
 };

 function myAuthorizer(username, password, callback) {
-    setting("disableAuth").then((result) => {
-        if (result) {
-            callback(null, true);
-        } else {
-            // Login Rate Limit
-            loginRateLimiter.pass(null, 0).then((pass) => {
-                if (pass) {
-                    exports.login(username, password).then((user) => {
-                        callback(null, user != null);
+    // Login Rate Limit
+    loginRateLimiter.pass(null, 0).then((pass) => {
+        if (pass) {
+            exports.login(username, password).then((user) => {
+                callback(null, user != null);

-                        if (user == null) {
-                            loginRateLimiter.removeTokens(1);
-                        }
-                    });
-                } else {
-                    callback(null, false);
+                if (user == null) {
+                    loginRateLimiter.removeTokens(1);
                }
            });
-
+        } else {
+            callback(null, false);
        }
    });
 }

-exports.basicAuth = basicAuth({
-    authorizer: myAuthorizer,
-    authorizeAsync: true,
-    challenge: true,
-});
+exports.basicAuth = async function (req, res, next) {
+    const middleware = basicAuth({
+        authorizer: myAuthorizer,
+        authorizeAsync: true,
+        challenge: true,
+    });
+
+    const disabledAuth = await setting("disableAuth");
+
+    if (!disabledAuth) {
+        middleware(req, res, next);
+    } else {
+        next();
+    }
+};