User pass (#156)

* Accept default username/password overrides from config. Clarified supplying custom config. (#146)

* feat(auth): username and password may now be sourced from config.json fixes #104

README.md

@@ -22,7 +22,7 @@ To install:
 
 1. Clone to a location somewhere and then `cd app` and `npm install --production`. If you want to develop and rebuild javascript and other files utilize `npm install` instead.
 
-2. If desired, edit config.json to change the listener to your liking. There are also some default options which may be definied for a few of the variables.
+2. If desired, edit app/config.json to change the listener to your liking. There are also some default options which may be definied for a few of the variables.
 
 3. Run `npm start`
 
@@ -35,24 +35,33 @@ You will be prompted for credentials to use on the SSH server via HTTP Basic aut
 
 # Docker Instructions
 
-Modify config.json
+Copy app/config.json.template to app/config.json and modify the latter:
 
-```json
+```js
 {
+  // ...
   "listen": {
     "ip": "0.0.0.0",
     "port": 2222
   }
+  // ...
 }
 ```
 
-Build and run
+Rebuild and run
 
 ```bash
 docker build -t webssh2 .
 docker run --name webssh2 -d -p 2222:2222 webssh2
 ```
 
+Alternatively if you don't want to rebuild, mount the config at runtime:
+
+```bash
+docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/config.json webssh2
+```
+
+
 # Options
 
 ## GET request vars

app/server/app.js

@@ -111,6 +111,7 @@ var app = express()
 var compression = require('compression')
 var server = require('http').Server(app)
 var myutil = require('./util')
+myutil.setDefaultCredentials(config.user.name, config.user.password);
 var validator = require('validator')
 var io = require('socket.io')(server, { serveClient: false })
 var socket = require('./socket')

app/server/util.js

@@ -7,6 +7,13 @@ require('colors') // allow for color property extensions in log messages
 var debug = require('debug')('WebSSH2')
 var Auth = require('basic-auth')
 
+let defaultCredentials = {username: null, password: null};
+
+exports.setDefaultCredentials = function (username, password) {
+    defaultCredentials.username = username;
+    defaultCredentials.password = password;
+}
+
 exports.basicAuth = function basicAuth (req, res, next) {
   var myAuth = Auth(req)
   if (myAuth && myAuth.pass !== '') {
@@ -15,13 +22,18 @@ exports.basicAuth = function basicAuth (req, res, next) {
     debug('myAuth.name: ' + myAuth.name.yellow.bold.underline +
       ' and password ' + ((myAuth.pass) ? 'exists'.yellow.bold.underline
       : 'is blank'.underline.red.bold))
-    next()
   } else {
+    req.session.username = defaultCredentials.username;
+    req.session.userpassword = defaultCredentials.password;
+  }
+  if (!req.session.userpassword) {
     res.statusCode = 401
     debug('basicAuth credential request (401)')
     res.setHeader('WWW-Authenticate', 'Basic realm="WebSSH"')
     res.end('Username and password required for web SSH service.')
+    return
   }
+  next()
 }
 
 // takes a string, makes it boolean (true if the string is true, false otherwise)