Added primitive support for basic authentication

Note that the password will be passed over HTTP in plain text.
2013-11-28 14:03:08 +00:00 · 2013-11-28 14:03:08 +00:00 · 7d12d89a0a
commit 7d12d89a0a
--- a/boot/boot.js
+++ b/boot/boot.js
@ -555,6 +555,7 @@ $tw.modules.execute = function(moduleName,moduleRoot) {
 			clearInterval: clearInterval,
 			setTimeout: setTimeout,
 			clearTimeout: clearTimeout,
+			Buffer: $tw.browser ? {} : Buffer,
 			$tw: $tw,
 			require: function(title) {
 				return $tw.modules.execute(title, name);
--- a/core/modules/commands/server.js
+++ b/core/modules/commands/server.js
@ -49,27 +49,58 @@ SimpleServer.prototype.addRoute = function(route) {
 	this.routes.push(route);
 };

+SimpleServer.prototype.findMatchingRoute = function(request,state) {
+	for(var t=0; t<this.routes.length; t++) {
+		var potentialRoute = this.routes[t],
+			pathRegExp = potentialRoute.path,
+			match = potentialRoute.path.exec(state.urlInfo.pathname);
+		if(match && request.method === potentialRoute.method) {
+			state.params = [];
+			for(var p=1; p<match.length; p++) {
+				state.params.push(match[p]);
+			}
+			return potentialRoute;
+		}
+	}
+	return null;
+};
+
+SimpleServer.prototype.checkCredentials = function(request,incomingUsername,incomingPassword) {
+	var header = request.headers["authorization"] || "",
+		token = header.split(/\s+/).pop() || "",
+		auth = $tw.utils.base64Decode(token),
+		parts = auth.split(/:/),
+		username = parts[0],
+		password = parts[1];
+	if(incomingUsername === username && incomingPassword === password) {
+		return "ALLOWED";
+	} else {
+		return "DENIED";
+	}
+}
+
 SimpleServer.prototype.listen = function(port) {
 	var self = this;
-	http.createServer(function(request, response) {
+	http.createServer(function(request,response) {
 		// Compose the state object
 		var state = {};
 		state.wiki = self.wiki;
 		state.server = self;
 		state.urlInfo = url.parse(request.url);
 		// Find the route that matches this path
-		var route;
-		for(var t=0; t<self.routes.length; t++) {
-			var potentialRoute = self.routes[t],
-				pathRegExp = potentialRoute.path,
-				match = potentialRoute.path.exec(state.urlInfo.pathname);
-			if(request.method === potentialRoute.method && match) {
-				state.params = [];
-				for(var p=1; p<match.length; p++) {
-					state.params.push(match[p]);
-				}
-				route = potentialRoute;
-				break;
+		var route = self.findMatchingRoute(request,state);
+		// Check for the username and password if we've got one
+		var username = self.get("username"),
+			password = self.get("password");
+		if(username && password) {
+			// Check they match
+			if(self.checkCredentials(request,username,password) !== "ALLOWED") {
+				response.setHeader("WWW-Authenticate", 'Basic realm="Admin Area"');
+				response.writeHead(401,"Authentication required",{
+					"WWW-Authenticate": 'Basic realm="TiddlyWiki5"'
+				});
+				response.end();
+				return;
 			}
 		}
 		// Return a 404 if we didn't find a route
@ -224,12 +255,14 @@ Command.prototype.execute = function() {
 		rootTiddler = this.params[1] || "$:/core/save/all",
 		renderType = this.params[2] || "text/plain",
 		serveType = this.params[3] || "text/html",
-		username = this.params[4] || "ANONYMOUS";
+		username = this.params[4] || "ANONYMOUS",
+		password = this.params[5];
 	this.server.set({
 		rootTiddler: rootTiddler,
 		renderType: renderType,
 		serveType: serveType,
-		username: username
+		username: username,
+		password: password
 	});
 	this.server.listen(port);
 	if(this.commander.verbose) {
--- a/core/modules/utils/utils.js
+++ b/core/modules/utils/utils.js
@ -413,4 +413,16 @@ exports.hashString = function(str) {
 	},0);
 };

+/*
+Decode a base64 string
+*/
+exports.base64Decode = function(string64) {
+	if($tw.browser) {
+		// TODO
+		throw "$tw.utils.base64Decode() doesn't work in the browser";
+	} else {
+		return (new Buffer(string64,"base64")).toString();
+	}
+};
+
 })();
--- a/editions/tw5.com/tiddlers/Release
+++ b/editions/tw5.com/tiddlers/Release
@ -21,6 +21,7 @@ tags: releasenote
 * Refactored control panel to add ''Saving'' tab that includes TiddlySpot options
 * Improved notifications when saving to TiddlySpot
 * Added backup URL to TiddlySpot control panel tab
+* Extended the ServerCommand to add primitive support for basic authentication when running under [[Node.js]]

 !! Bug fixes

--- a/editions/tw5.com/tiddlers/commands/ServerCommand.tid
+++ b/editions/tw5.com/tiddlers/commands/ServerCommand.tid
@ -16,6 +16,9 @@ The parameters are:
 * ''rendertype'' - the content type to which the root tiddler should be rendered (defaults to "text/plain")
 * ''servetype'' - the content type with which the root tiddler should be served (defaults to "text/html")
 * ''username'' - the default username for signing edits
+* ''password'' - optional password for basic authentication
+
+If the password parameter is specified then the browser will prompt the user for the username and password. Note that the password is transmitted in plain text so this implementation isn't suitable for general use.

 For example:

--- a/readme.md
+++ b/readme.md
--- a/serve.cmd
+++ b/serve.cmd
@ -7,5 +7,5 @@ rem Optional parameter is the username for signing edits
 node .\tiddlywiki.js ^
 	editions\clientserver ^
 	--verbose ^
-	--server 8080 $:/core/save/all text/plain text/html %1^
+	--server 8080 $:/core/save/all text/plain text/html %1 %2^
 	|| exit 1
--- a/serve.sh
+++ b/serve.sh
@ -7,5 +7,5 @@
 node ./tiddlywiki.js \
 	editions/clientserver \
 	--verbose \
-	--server 8080 $:/core/save/all text/plain text/html $1\
+	--server 8080 $:/core/save/all text/plain text/html $1 $2\
 	|| exit 1