|
|
@ -2,6 +2,7 @@ const basicAuth = require("express-basic-auth");
|
|
|
|
const passwordHash = require("./password-hash");
|
|
|
|
const passwordHash = require("./password-hash");
|
|
|
|
const { R } = require("redbean-node");
|
|
|
|
const { R } = require("redbean-node");
|
|
|
|
const { setting } = require("./util-server");
|
|
|
|
const { setting } = require("./util-server");
|
|
|
|
|
|
|
|
const { log } = require("../src/util");
|
|
|
|
const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter");
|
|
|
|
const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter");
|
|
|
|
const { Settings } = require("./settings");
|
|
|
|
const { Settings } = require("./settings");
|
|
|
|
const dayjs = require("dayjs");
|
|
|
|
const dayjs = require("dayjs");
|
|
|
@ -81,12 +82,16 @@ function apiAuthorizer(username, password, callback) {
|
|
|
|
apiRateLimiter.pass(null, 0).then((pass) => {
|
|
|
|
apiRateLimiter.pass(null, 0).then((pass) => {
|
|
|
|
if (pass) {
|
|
|
|
if (pass) {
|
|
|
|
verifyAPIKey(password).then((valid) => {
|
|
|
|
verifyAPIKey(password).then((valid) => {
|
|
|
|
|
|
|
|
if (!valid) {
|
|
|
|
|
|
|
|
log.warn("api-auth", "Failed API auth attempt: invalid API Key");
|
|
|
|
|
|
|
|
}
|
|
|
|
callback(null, valid);
|
|
|
|
callback(null, valid);
|
|
|
|
// Only allow a set number of api requests per minute
|
|
|
|
// Only allow a set number of api requests per minute
|
|
|
|
// (currently set to 60)
|
|
|
|
// (currently set to 60)
|
|
|
|
apiRateLimiter.removeTokens(1);
|
|
|
|
apiRateLimiter.removeTokens(1);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
|
|
|
|
log.warn("api-auth", "Failed API auth attempt: rate limit exceeded");
|
|
|
|
callback(null, false);
|
|
|
|
callback(null, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
@ -106,10 +111,12 @@ function userAuthorizer(username, password, callback) {
|
|
|
|
callback(null, user != null);
|
|
|
|
callback(null, user != null);
|
|
|
|
|
|
|
|
|
|
|
|
if (user == null) {
|
|
|
|
if (user == null) {
|
|
|
|
|
|
|
|
log.warn("basic-auth", "Failed basic auth attempt: invalid username/password");
|
|
|
|
loginRateLimiter.removeTokens(1);
|
|
|
|
loginRateLimiter.removeTokens(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
|
|
|
|
log.warn("basic-auth", "Failed basic auth attempt: rate limit exceeded");
|
|
|
|
callback(null, false);
|
|
|
|
callback(null, false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|