Merge branch 'master' into add-JSDoc-comments

2025-08-08 14:46:41 +08:00 · 2022-04-21 13:01:22 +01:00
parent 03b2d8d521 e56ac7b03b
commit 6d22ebedca
185 changed files with 15986 additions and 5448 deletions
--- a/server/auth.js
+++ b/server/auth.js
@@ -2,7 +2,6 @@ const basicAuth = require("express-basic-auth");
 const passwordHash = require("./password-hash");
 const { R } = require("redbean-node");
 const { setting } = require("./util-server");
-const { debug } = require("../src/util");
 const { loginRateLimiter } = require("./rate-limiter");

 /**
@@ -12,6 +11,10 @@ const { loginRateLimiter } = require("./rate-limiter");
 * @returns {Promise<(Bean|null)>}
 */
 exports.login = async function (username, password) {
+    if (typeof username !== "string" || typeof password !== "string") {
+        return null;
+    }
+
    let user = await R.findOne("user", " username = ? AND active = 1 ", [
        username,
    ]);
@@ -44,31 +47,34 @@ exports.login = async function (username, password) {
 * @param {myAuthorizerCB} callback
 */
 function myAuthorizer(username, password, callback) {
-    setting("disableAuth").then((result) => {
-        if (result) {
-            callback(null, true);
-        } else {
-            // Login Rate Limit
-            loginRateLimiter.pass(null, 0).then((pass) => {
-                if (pass) {
-                    exports.login(username, password).then((user) => {
-                        callback(null, user != null);
+    // Login Rate Limit
+    loginRateLimiter.pass(null, 0).then((pass) => {
+        if (pass) {
+            exports.login(username, password).then((user) => {
+                callback(null, user != null);

-                        if (user == null) {
-                            loginRateLimiter.removeTokens(1);
-                        }
-                    });
-                } else {
-                    callback(null, false);
+                if (user == null) {
+                    loginRateLimiter.removeTokens(1);
                }
            });
-
+        } else {
+            callback(null, false);
        }
    });
 }

-exports.basicAuth = basicAuth({
-    authorizer: myAuthorizer,
-    authorizeAsync: true,
-    challenge: true,
-});
+exports.basicAuth = async function (req, res, next) {
+    const middleware = basicAuth({
+        authorizer: myAuthorizer,
+        authorizeAsync: true,
+        challenge: true,
+    });
+
+    const disabledAuth = await setting("disableAuth");
+
+    if (!disabledAuth) {
+        middleware(req, res, next);
+    } else {
+        next();
+    }
+};