Add support for basic authentication

tobiaseichert · tobiaseichert · commit ee642261429f · 2025-03-10T16:44:30.000+01:00
diff --git a/app.js b/app.js
@@ -41,6 +41,10 @@ function initApp(config, callback) {
 	app.server = http.createServer(app.express);
 	app.webservice = createClient(webserviceUrl);
 
+	// Apply basic authentication if necessary
+	loadBasicAuth(app, config);
+
+	// Load middleware
 	loadMiddleware(app);
 
 	// View engine
@@ -63,6 +67,34 @@ function defaultConfig(config) {
 	return config;
 }
 
+function loadBasicAuth(app, config) {
+	app.express.use((request, response, next) => {
+		const protection = config.protection.enabled || false;
+		if (protection) {
+			const auth = request.headers.authorization;
+			if (!auth) {
+				// Prompt the user for credentials
+				response.set('WWW-Authenticate', 'Basic realm="401"');
+				return response.status(401).send('Authentication required.');
+			}
+
+			const credentials = Buffer.from(auth.split(' ')[1], 'base64').toString().split(':');
+			const [username, password] = credentials;
+
+			// Use credentials from config
+			const USER = config.protection.user || '';
+			const PASS = config.protection.pass || '';
+
+			if (username === USER && password === PASS) {
+				return next(); // Proceed to the next middleware or route
+			}
+			response.set('WWW-Authenticate', 'Basic realm="401"'); // Prompt again
+			return response.status(401).send('Authentication required.');
+		}
+		return next();
+	});
+}
+
 function loadMiddleware(app) {
 	app.express.use(compression());
 
diff --git a/config/development.sample.json b/config/development.sample.json
@@ -2,6 +2,11 @@
 	"port": 4000,
 	"noindex": true,
 	"readonly": false,
+	"protection": {
+		"enabled": false,
+		"user": "pa11y",
+		"pass": "pa11y"
+	},
 	"webservice": {
 		"database": "mongodb://localhost/pa11y-webservice-dev",
 		"host": "0.0.0.0",
diff --git a/config/production.sample.json b/config/production.sample.json
@@ -2,6 +2,11 @@
 	"port": 4000,
 	"noindex": true,
 	"readonly": false,
+	"protection": {
+		"enabled": true,
+		"user": "pa11y",
+		"pass": "pa11y"
+	},
 	"webservice": {
 		"database": "mongodb://localhost/pa11y-webservice",
 		"host": "0.0.0.0",
diff --git a/config/test.sample.json b/config/test.sample.json
@@ -2,6 +2,11 @@
 	"port": 4000,
 	"noindex": true,
 	"readonly": false,
+	"protection": {
+		"enabled": false,
+		"user": "pa11y",
+		"pass": "pa11y"
+	},
 	"webservice": {
 		"database": "mongodb://127.0.0.1/pa11y-dashboard-integration-test",
 		"host": "127.0.0.1",
