Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
var request;
// HTTP POST (json)
if (ctx.method === 'POST' && ctx.is('application/json'))
request = await json(ctx.req);
// HTTP POST (form)
else if (ctx.method === 'POST' && ctx.is('application/x-www-form-urlencoded'))
request = await form(ctx.req);
// HTTP Basic Authentication
else {
let basic = auth(ctx.req);
if (basic)
request = {
user_id: basic.name,
secret: basic.pass
};
}
// send authenticate headers
if (!request) {
ctx.set('WWW-Authenticate', 'Basic realm="' + ctx[x].authx.config.realm + '"');
ctx.throw(401, 'HTTP Basic credentials are required.');
}
// get the user ID
return (req, res, next) => {
// Pull the credentials out of the request.
const credentials = auth(req);
// Check credentials
if (credentials && check(credentials.name, credentials.pass)) {
return next();
}
res.setHeader("WWW-Authenticate", `Basic realm="${req.originalUrl}"`);
res.status(401).send("Access denied");
};
};
if (req.url == '/redir') return res.type('text/html').end('')
// Authenticate using the access key token, via the X-Access header or using access-key on the body/query.
// This also marks the request as csrfSafe. Used for RPC API calls and for SSE requests.
if ((req.get('X-Access') || req.query['access-key'] || req.body['access-key']) === accessKey) {
req.csrfSafe = true
return next()
}
// Authenticate with HMAC-signed cookies
if (req.signedCookies.user) {
return next()
}
// HTTP basic authentication (username/password)
const cred = basicAuth(req)
if (cred && cred.name === username && cred.pass === password) {
// Once the user authenticates with basic auth, set a signed cookie to authenticate future requests.
// HTTP basic auth is quirky, this makes for a smoother experience.
res.cookie('user', username, cookieOpt)
return next()
}
res.set('WWW-Authenticate', 'Basic realm="Private Area"')
.sendStatus(401)
}
}
app.get('*', function(req, res) {
let username = basicAuth(req).name
let password = basicAuth(req).pass
let url = `http://${username}:${password}@${dimeServerUrl}${req.originalUrl}`
req.pipe(request(url), {end: true}).pipe(res, {end: true});
});
public async logIn(req: Request): Promise {
let repo = (req.app.get('db') as Database).getRepository(ApiKeyRepository);
let user = auth(req);
return undefined !== user && 'token' === user.name && await repo.has(user.pass);
}
}
export const authMiddleware = (name, pass, realm='Lightning Charge') => (req, res, next) => {
const cred = basicAuth(req)
if (!cred || cred.name !== name || cred.pass !== pass)
res.set('WWW-Authenticate', `Basic realm="${realm}"`)
.removeHeader('Access-Control-Allow-Origin')
.sendStatus(401)
else next()
}
remoteUser(req) {
const credentials = auth(req);
return credentials ? credentials.name : undefined;
}
return function(req: express.Request, res: express.Response, next: express.NextFunction) {
if (req.method === 'OPTIONS') {
return next();
}
var requestUser = basicAuth(req);
if (!requestUser || requestUser.name !== user || !checkPasswordAndCache(requestUser.pass)) {
res.set('WWW-Authenticate', 'Basic realm="Authorization Required"');
return res.sendStatus(401);
}
next();
}
}
app.use('/', (req, res)=>{
var user = auth(req);
graphqlHTTP({
schema: schema,
pretty: true,
graphiql: true,
rootValue: {user: user},
})(req,res);
});
return new Promise((resolve, reject) => {
function unauthorized(res) {
res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
res.send(401);
};
var user = basicAuth(req);
if (!user || !user.name || !user.pass) {
unauthorized(res);
reject();
};
if (user.name === username && user.pass === password) {
resolve();
} else {
unauthorized(res);
reject();
}
});
}