Self-Hosted
/
uptime-kuma
mirror of https://github.com/louislam/uptime-kuma
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 837276f6e4 into 29575343ca

Browse Source
pull/1731/merge
Marc 4 weeks ago committed by GitHub
parent 29575343ca 837276f6e4
commit 5f39c8659d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 193 additions and 75 deletions
Show Stats Download Patch File Download Diff File

65
extra/change-username.js
Unescape View File

@ -0,0 +1,65 @@
console.log("== Uptime Kuma Change Username Tool ==");
const Database = require("../server/database");
const { R } = require("redbean-node");
const readline = require("readline");
const { initJWTSecret } = require("../server/util-server");
const User = require("../server/model/user");
const args = require("args-parser")(process.argv);
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});
const main = async () => {
console.log("Connecting the database");
Database.init(args);
await Database.connect(false, false, true);
try {
// No need to actually reset the password for testing, just make sure no connection problem. It is ok for now.
if (!process.env.TEST_BACKEND) {
const user = await R.findOne("user");
if (! user) {
throw new Error("user not found, have you installed?");
}
console.log("Found user: " + user.username);
let newUsername = await question("New username: ");
await User.updateUsername(user.id, newUsername);
// Reset all sessions by reset jwt secret
await initJWTSecret();
console.log("Username change successfully.");
}
} catch (e) {
console.error("Error: " + e.message);
}
await Database.close();
rl.close();
console.log("Finished.");
};
/**
* Ask question of user
* @param {string} question Question to ask
* @returns {Promise<string>} Users response
*/
function question(question) {
return new Promise((resolve) => {
rl.question(question, (answer) => {
resolve(answer);
});
});
}
if (!process.env.TEST_BACKEND) {
main();
}
module.exports = {
main,
};

1
package.json
Unescape View File

@ -52,6 +52,7 @@
"setup": "git checkout 1.23.11 && npm ci --production && npm run download-dist", "setup": "git checkout 1.23.11 && npm ci --production && npm run download-dist",
"download-dist": "node extra/download-dist.js", "download-dist": "node extra/download-dist.js",
"mark-as-nightly": "node extra/mark-as-nightly.js", "mark-as-nightly": "node extra/mark-as-nightly.js",
"change-username": "node extra/change-username.js",
"reset-password": "node extra/reset-password.js", "reset-password": "node extra/reset-password.js",
"remove-2fa": "node extra/remove-2fa.js", "remove-2fa": "node extra/remove-2fa.js",
"simple-dns-server": "node extra/simple-dns-server.js", "simple-dns-server": "node extra/simple-dns-server.js",

34
server/auth.js
Unescape View File

@ -7,6 +7,9 @@ const { loginRateLimiter, apiRateLimiter } = require("./rate-limiter");
const { Settings } = require("./settings"); const { Settings } = require("./settings");
const dayjs = require("dayjs"); const dayjs = require("dayjs");
const remoteAuthEnabled = process.env.REMOTE_AUTH_ENABLED || false;
const remoteAuthHeader = process.env.REMOTE_AUTH_HEADER || "Remote-User";
/** /**
* Login to web app * Login to web app
* @param {string} username Username to login with * @param {string} username Username to login with
@ -133,29 +136,40 @@ function userAuthorizer(username, password, callback) {
* @returns {Promise<void>} * @returns {Promise<void>}
*/ */
exports.basicAuth = async function (req, res, next) { exports.basicAuth = async function (req, res, next) {
const middleware = basicAuth({
authorizer: userAuthorizer,
authorizeAsync: true,
challenge: true,
});
const disabledAuth = await setting("disableAuth"); const disabledAuth = await setting("disableAuth");
if (remoteAuthEnabled) {
const remoteUser = req.headers[remoteAuthHeader.toLowerCase()];
if (remoteUser !== undefined) {
let user = await R.findOne("user", " username = ? AND active = 1 ", [ remoteUser ]);
if (user) {
next();
return;
}
}
}
if (!disabledAuth) { if (!disabledAuth) {
const middleware = basicAuth({
authorizer: userAuthorizer,
authorizeAsync: true,
challenge: true,
});
middleware(req, res, next); middleware(req, res, next);
} else { return;
next();
} }
next();
}; };
/** /**
* Use use API Key if API keys enabled, else use basic auth * Use API Key if API keys enabled, else use basic auth
* @param {express.Request} req Express request object * @param {express.Request} req Express request object
* @param {express.Response} res Express response object * @param {express.Response} res Express response object
* @param {express.NextFunction} next Next handler in chain * @param {express.NextFunction} next Next handler in chain
* @returns {Promise<void>} * @returns {Promise<void>}
*/ */
exports.apiAuth = async function (req, res, next) { exports.authMiddleware = async function (req, res, next) {
if (!await Settings.get("disableAuth")) { if (!await Settings.get("disableAuth")) {
let usingAPIKeys = await Settings.get("apiKeysEnabled"); let usingAPIKeys = await Settings.get("apiKeysEnabled");
let middleware; let middleware;

11
server/model/user.js
Unescape View File

@ -48,6 +48,17 @@ class User extends BeanModel {
}, jwtSecret); }, jwtSecret);
} }
/**
* @param {number} userID ID of user to update
* @param {string} newUsername Users new username
* @returns {Promise<void>}
*/
static async updateUsername(userID, newUsername) {
await R.exec("UPDATE `user` SET username = ? WHERE id = ? ", [
newUsername,
userID
]);
}
} }
module.exports = User; module.exports = User;

26
server/server.js
Unescape View File

@ -104,12 +104,14 @@ log.debug("server", "Importing Background Jobs");
const { initBackgroundJobs, stopBackgroundJobs } = require("./jobs"); const { initBackgroundJobs, stopBackgroundJobs } = require("./jobs");
const { loginRateLimiter, twoFaRateLimiter } = require("./rate-limiter"); const { loginRateLimiter, twoFaRateLimiter } = require("./rate-limiter");
const { apiAuth } = require("./auth"); const { authMiddleware } = require("./auth");
const { login } = require("./auth"); const { login } = require("./auth");
const passwordHash = require("./password-hash"); const passwordHash = require("./password-hash");
const hostname = config.hostname; const remoteAuthEnabled = process.env.REMOTE_AUTH_ENABLED || false;
const remoteAuthHeader = process.env.REMOTE_AUTH_HEADER || "Remote-User";
const hostname = config.hostname;
if (hostname) { if (hostname) {
log.info("server", "Custom hostname: " + hostname); log.info("server", "Custom hostname: " + hostname);
} }
@ -261,7 +263,7 @@ let needSetup = false;
// Prometheus API metrics /metrics // Prometheus API metrics /metrics
// With Basic Auth using the first user's username/password // With Basic Auth using the first user's username/password
app.get("/metrics", apiAuth, prometheusAPIMetrics()); app.get("/metrics", authMiddleware, prometheusAPIMetrics());
app.use("/", expressStaticGzip("dist", { app.use("/", expressStaticGzip("dist", {
enableBrotli: true, enableBrotli: true,
@ -1530,10 +1532,26 @@ let needSetup = false;
// *************************** // ***************************
log.debug("auth", "check auto login"); log.debug("auth", "check auto login");
if (await setting("disableAuth")) { if (await Settings.get("disableAuth")) {
log.info("auth", "Disabled Auth: auto login to admin"); log.info("auth", "Disabled Auth: auto login to admin");
await afterLogin(socket, await R.findOne("user")); await afterLogin(socket, await R.findOne("user"));
socket.emit("autoLogin"); socket.emit("autoLogin");
} else if (remoteAuthEnabled) {
log.debug("auth", socket.handshake.headers);
const remoteUser = socket.handshake.headers[remoteAuthHeader.toLowerCase()];
if (remoteUser !== undefined) {
const user = await R.findOne("user", " username = ? AND active = 1 ", [ remoteUser ]);
if (user) {
log.info("auth", `Login by remote-user header. IP=${await server.getClientIP(socket)}`);
log.debug("auth", `Remote user ${remoteUser} exists, found user ${user.username}`);
afterLogin(socket, user);
socket.emit("autoLoginRemoteHeader", user.username);
} else {
log.debug("auth", `Remote user ${remoteUser} doesn't exist`);
}
} else {
log.debug("auth", "Remote user header set but not found in headers");
}
} else { } else {
log.debug("auth", "need auth"); log.debug("auth", "need auth");
} }

113
src/components/settings/Security.vue
Unescape View File

@ -5,66 +5,67 @@
<template v-if="!settings.disableAuth"> <template v-if="!settings.disableAuth">
<p> <p>
{{ $t("Current User") }}: <strong>{{ $root.username }}</strong> {{ $t("Current User") }}: <strong>{{ $root.username }}</strong>
<button v-if="! settings.disableAuth" id="logout-btn" class="btn btn-danger ms-4 me-2 mb-2" @click="$root.logout">{{ $t("Logout") }}</button> <button v-if="$root.socket.token.startsWith('autoLogin') === false" id="logout-btn" class="btn btn-danger ms-4 me-2 mb-2" @click="$root.logout">{{ $t("Logout") }}</button>
</p> </p>
<template v-if="$root.socket.token.startsWith('autoLogin') === false">
<h5 class="my-4 settings-subheading">{{ $t("Change Password") }}</h5>
<form class="mb-3" @submit.prevent="savePassword">
<div class="mb-3">
<label for="current-password" class="form-label">
{{ $t("Current Password") }}
</label>
<input
id="current-password"
v-model="password.currentPassword"
type="password"
class="form-control"
autocomplete="current-password"
required
/>
</div>
<div class="mb-3">
<label for="new-password" class="form-label">
{{ $t("New Password") }}
</label>
<input
id="new-password"
v-model="password.newPassword"
type="password"
class="form-control"
autocomplete="new-password"
required
/>
</div>
<h5 class="my-4 settings-subheading">{{ $t("Change Password") }}</h5> <div class="mb-3">
<form class="mb-3" @submit.prevent="savePassword"> <label for="repeat-new-password" class="form-label">
<div class="mb-3"> {{ $t("Repeat New Password") }}
<label for="current-password" class="form-label"> </label>
{{ $t("Current Password") }} <input
</label> id="repeat-new-password"
<input v-model="password.repeatNewPassword"
id="current-password" type="password"
v-model="password.currentPassword" class="form-control"
type="password" :class="{ 'is-invalid': invalidPassword }"
class="form-control" autocomplete="new-password"
autocomplete="current-password" required
required />
/> <div class="invalid-feedback">
</div> {{ $t("passwordNotMatchMsg") }}
</div>
<div class="mb-3">
<label for="new-password" class="form-label">
{{ $t("New Password") }}
</label>
<input
id="new-password"
v-model="password.newPassword"
type="password"
class="form-control"
autocomplete="new-password"
required
/>
</div>
<div class="mb-3">
<label for="repeat-new-password" class="form-label">
{{ $t("Repeat New Password") }}
</label>
<input
id="repeat-new-password"
v-model="password.repeatNewPassword"
type="password"
class="form-control"
:class="{ 'is-invalid': invalidPassword }"
autocomplete="new-password"
required
/>
<div class="invalid-feedback">
{{ $t("passwordNotMatchMsg") }}
</div> </div>
</div>
<div>
<div> <button class="btn btn-primary" type="submit">
<button class="btn btn-primary" type="submit"> {{ $t("Update Password") }}
{{ $t("Update Password") }} </button>
</button> </div>
</div> </form>
</form> </template>
</template> </template>
<div v-if="! settings.disableAuth" class="mt-5 mb-3"> <div v-if="$root.socket.token.startsWith('autoLogin') === false" class="mt-5 mb-3">
<h5 class="my-4 settings-subheading"> <h5 class="my-4 settings-subheading">
{{ $t("Two Factor Authentication") }} {{ $t("Two Factor Authentication") }}
</h5> </h5>
@ -85,7 +86,7 @@
<div class="mb-4"> <div class="mb-4">
<button v-if="settings.disableAuth" id="enableAuth-btn" class="btn btn-outline-primary me-2 mb-2" @click="enableAuth">{{ $t("Enable Auth") }}</button> <button v-if="settings.disableAuth" id="enableAuth-btn" class="btn btn-outline-primary me-2 mb-2" @click="enableAuth">{{ $t("Enable Auth") }}</button>
<button v-if="! settings.disableAuth" id="disableAuth-btn" class="btn btn-primary me-2 mb-2" @click="confirmDisableAuth">{{ $t("Disable Auth") }}</button> <button v-if="!settings.disableAuth" id="disableAuth-btn" class="btn btn-primary me-2 mb-2" @click="confirmDisableAuth">{{ $t("Disable Auth") }}</button>
</div> </div>
</div> </div>
</div> </div>

2
src/layouts/Layout.vue
Unescape View File

@ -69,7 +69,7 @@
</a> </a>
</li> </li>
<li v-if="$root.loggedIn && $root.socket.token !== 'autoLogin'"> <li v-if="$root.loggedIn && $root.socket.token.startsWith('autoLogin') === false">
<button class="dropdown-item" @click="$root.logout"> <button class="dropdown-item" @click="$root.logout">
<font-awesome-icon icon="sign-out-alt" /> <font-awesome-icon icon="sign-out-alt" />
{{ $t("Logout") }} {{ $t("Logout") }}

16
src/mixins/socket.js
Unescape View File

@ -118,17 +118,25 @@ export default {
this.info = info; this.info = info;
}); });
socket.on("setup", (monitorID, data) => { socket.on("setup", () => {
this.$router.push("/setup"); this.$router.push("/setup");
}); });
socket.on("autoLogin", (monitorID, data) => { socket.on("autoLogin", () => {
this.loggedIn = true; this.loggedIn = true;
this.storage().token = "autoLogin"; this.storage().token = "autoLogin";
this.socket.token = "autoLogin"; this.socket.token = "autoLogin";
this.allowLoginDialog = false; this.allowLoginDialog = false;
}); });
socket.on("autoLoginRemoteHeader", (username) => {
this.loggedIn = true;
this.username = username;
this.storage().token = "autoLoginRemoteHeader";
this.socket.token = "autoLoginRemoteHeader";
this.allowLoginDialog = false;
});
socket.on("monitorList", (data) => { socket.on("monitorList", (data) => {
// Add Helper function // Add Helper function
Object.entries(data).forEach(([ monitorID, monitor ]) => { Object.entries(data).forEach(([ monitorID, monitor ]) => {
@ -259,7 +267,7 @@ export default {
let token = this.storage().token; let token = this.storage().token;
if (token) { if (token) {
if (token !== "autoLogin") { if (token.startsWith("autoLogin") === false) {
this.loginByToken(token); this.loginByToken(token);
} else { } else {
// Timeout if it is not actually auto login // Timeout if it is not actually auto login
@ -308,7 +316,7 @@ export default {
getJWTPayload() { getJWTPayload() {
const jwtToken = this.$root.storage().token; const jwtToken = this.$root.storage().token;
if (jwtToken && jwtToken !== "autoLogin") { if (jwtToken && jwtToken.startsWith("autoLogin") === false) {
return jwtDecode(jwtToken); return jwtDecode(jwtToken);
} }
return undefined; return undefined;

Write Preview
Loading…
Cancel
Save