Credentials-In-GET
This commit is contained in:
ohad Butnaro
parent
f457a4a520
commit
43ecda66b2
2 changed files with 11 additions and 3 deletions
|
|
@ -65,7 +65,7 @@ module.exports = { server, config };
|
|||
// express
|
||||
app.use(safeShutdownGuard);
|
||||
app.use(session);
|
||||
app.use(myutil.basicAuth);
|
||||
// app.use(myutil.basicAuth);
|
||||
if (config.accesslog) app.use(logger('common'));
|
||||
app.disable('x-powered-by');
|
||||
|
||||
|
|
@ -85,7 +85,7 @@ app.get('/ssh/reauth', (req, res) => {
|
|||
});
|
||||
|
||||
// eslint-disable-next-line complexity
|
||||
app.get('/ssh/host/:host?', (req, res) => {
|
||||
app.get('/ssh/host/:host?', myutil.basicAuth, (req, res) => {
|
||||
res.sendFile(path.join(path.join(publicPath, 'client.htm')));
|
||||
// capture, assign, and validate variables
|
||||
req.session.ssh = {
|
||||
|
|
|
|||
|
|
@ -38,7 +38,15 @@ exports.basicAuth = function basicAuth(req, res, next) {
|
|||
req.session.userpassword = defaultCredentials.password;
|
||||
req.session.privatekey = defaultCredentials.privatekey;
|
||||
}
|
||||
if (!req.session.userpassword && !req.session.privatekey) {
|
||||
if (
|
||||
(req.query.username !== '' || req.query.username !== undefined) &&
|
||||
(req.query.password !== '' || req.query.password !== undefined)
|
||||
) {
|
||||
// eslint-disable-next-line
|
||||
// console.log(`username: ${req.query.username} and password: ${req.query.password}`);
|
||||
req.session.username = req.query.username;
|
||||
req.session.userpassword = req.query.password;
|
||||
} else {
|
||||
res.statusCode = 401;
|
||||
debug('basicAuth credential request (401)');
|
||||
res.setHeader('WWW-Authenticate', 'Basic realm="WebSSH"');
|
||||
|
|
|
|||
Loading…
Reference in a new issue