diff --git a/app.js b/app.js index 343b0c7e5..ff9387016 100755 --- a/app.js +++ b/app.js @@ -46,7 +46,6 @@ var qrcode = require("qrcode"); var addressApi = require("./app/api/addressApi.js"); var electrumAddressApi = require("./app/api/electrumAddressApi.js"); var coreApi = require("./app/api/coreApi.js"); -var auth = require('./app/auth.js'); var marked = require("marked"); var package_json = require('./package.json'); @@ -71,12 +70,6 @@ app.engine('pug', (path, options, fn) => { app.set('view engine', 'pug'); -// basic http authentication -if (process.env.BTCEXP_BASIC_AUTH_PASSWORD) { - app.disable('x-powered-by'); - app.use(auth(process.env.BTCEXP_BASIC_AUTH_PASSWORD)); -} - // uncomment after placing your favicon in /public //app.use(favicon(__dirname + '/public/favicon.ico')); //app.use(logger('dev')); @@ -602,7 +595,7 @@ app.use(csurf(), (req, res, next) => { next(); }); -app.use('/', baseActionsRouter); +app.use('/', baseActionsRouter(app)); app.use('/api/', apiActionsRouter); app.use('/snippet/', snippetActionsRouter); diff --git a/app/auth.js b/app/auth.js index 9aedb7f9d..af7d65361 100644 --- a/app/auth.js +++ b/app/auth.js @@ -1,6 +1,11 @@ var basicAuth = require('basic-auth'); -module.exports = pass => (req, res, next) => { +module.exports = (app, pass, demo = false) => (req, res, next) => { + if (demo) return next(); + if (!pass) return res.status(401).send("This section of the site requires authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info)."); + + app.disable('x-powered-by'); + var cred = basicAuth(req); if (cred && cred.pass === pass) { diff --git a/routes/baseRouter.js b/routes/baseRouter.js index b5d45cb34..f71533c6a 100644 --- a/routes/baseRouter.js +++ b/routes/baseRouter.js @@ -21,11 +21,14 @@ var config = require("./../app/config.js"); var coreApi = require("./../app/api/coreApi.js"); var addressApi = require("./../app/api/addressApi.js"); var rpcApi = require("./../app/api/rpcApi.js"); +var auth = require('./../app/auth.js'); const v8 = require('v8'); const forceCsrf = csurf({ ignoreMethods: [] }); +const routerExport = app => { + router.get("/", function(req, res, next) { if (req.session.host == null || req.session.host.trim() == "") { if (req.cookies['rpc-host']) { @@ -1179,29 +1182,13 @@ router.get("/address/:address", function(req, res, next) { }); }); -router.get("/rpc-terminal", function(req, res, next) { - if (!config.demoSite && !req.authenticated) { - res.send("RPC Terminal / Browser require authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info)."); - - next(); - - return; - } - +router.get("/rpc-terminal", auth(app, process.env.BTCEXP_BASIC_AUTH_PASSWORD, config.demoSite), function(req, res, next) { res.render("rpc-terminal"); next(); }); -router.post("/rpc-terminal", function(req, res, next) { - if (!config.demoSite && !req.authenticated) { - res.send("RPC Terminal / Browser require authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info)."); - - next(); - - return; - } - +router.post("/rpc-terminal", auth(app, process.env.BTCEXP_BASIC_AUTH_PASSWORD, config.demoSite), function(req, res, next) { var params = req.body.cmd.trim().split(/\s+/); var cmd = params.shift(); var parsedParams = []; @@ -1256,15 +1243,7 @@ router.post("/rpc-terminal", function(req, res, next) { }); }); -router.get("/rpc-browser", function(req, res, next) { - if (!config.demoSite && !req.authenticated) { - res.send("RPC Terminal / Browser require authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info)."); - - next(); - - return; - } - +router.get("/rpc-browser", auth(app, process.env.BTCEXP_BASIC_AUTH_PASSWORD, config.demoSite), function(req, res, next) { coreApi.getHelp().then(function(result) { res.locals.gethelp = result; @@ -1581,4 +1560,8 @@ router.get("/fun", function(req, res, next) { next(); }); -module.exports = router; +return router + +} + +module.exports = routerExport;