User pass (#156)

* Accept default username/password overrides from config. Clarified supplying custom config. (#146) * feat(auth): username and password may now be sourced from config.json fixes #104
2019-11-15 12:58:50 -05:00 · 2019-11-15 12:58:50 -05:00 · 212df80fb6
commit 212df80fb6
parent eebc32b2c9
3 changed files with 27 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -22,7 +22,7 @@ To install:

 1. Clone to a location somewhere and then `cd app` and `npm install --production`. If you want to develop and rebuild javascript and other files utilize `npm install` instead.

-2. If desired, edit config.json to change the listener to your liking. There are also some default options which may be definied for a few of the variables.
+2. If desired, edit app/config.json to change the listener to your liking. There are also some default options which may be definied for a few of the variables.

 3. Run `npm start`

@ -35,24 +35,33 @@ You will be prompted for credentials to use on the SSH server via HTTP Basic aut

 # Docker Instructions

-Modify config.json
+Copy app/config.json.template to app/config.json and modify the latter:

-```json
+```js
 {
+  // ...
  "listen": {
    "ip": "0.0.0.0",
    "port": 2222
  }
+  // ...
 }
 ```

-Build and run
+Rebuild and run

 ```bash
 docker build -t webssh2 .
 docker run --name webssh2 -d -p 2222:2222 webssh2
 ```

+Alternatively if you don't want to rebuild, mount the config at runtime:
+
+```bash
+docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/config.json webssh2
+```
+
+
 # Options

 ## GET request vars
--- a/app/server/app.js
+++ b/app/server/app.js
@ -111,6 +111,7 @@ var app = express()
 var compression = require('compression')
 var server = require('http').Server(app)
 var myutil = require('./util')
+myutil.setDefaultCredentials(config.user.name, config.user.password);
 var validator = require('validator')
 var io = require('socket.io')(server, { serveClient: false })
 var socket = require('./socket')
--- a/app/server/util.js
+++ b/app/server/util.js
@ -7,6 +7,13 @@ require('colors') // allow for color property extensions in log messages
 var debug = require('debug')('WebSSH2')
 var Auth = require('basic-auth')

+let defaultCredentials = {username: null, password: null};
+
+exports.setDefaultCredentials = function (username, password) {
+    defaultCredentials.username = username;
+    defaultCredentials.password = password;
+}
+
 exports.basicAuth = function basicAuth (req, res, next) {
  var myAuth = Auth(req)
  if (myAuth && myAuth.pass !== '') {
@ -15,13 +22,18 @@ exports.basicAuth = function basicAuth (req, res, next) {
    debug('myAuth.name: ' + myAuth.name.yellow.bold.underline +
      ' and password ' + ((myAuth.pass) ? 'exists'.yellow.bold.underline
      : 'is blank'.underline.red.bold))
-    next()
  } else {
+    req.session.username = defaultCredentials.username;
+    req.session.userpassword = defaultCredentials.password;
+  }
+  if (!req.session.userpassword) {
    res.statusCode = 401
    debug('basicAuth credential request (401)')
    res.setHeader('WWW-Authenticate', 'Basic realm="WebSSH"')
    res.end('Username and password required for web SSH service.')
+    return
  }
+  next()
 }

 // takes a string, makes it boolean (true if the string is true, false otherwise)