fix: username/password in config file no longer honored #374

.tool-versions

@@ -1 +1 @@
-nodejs 6.9.1
+nodejs 23.2.0

app/app.js

@@ -4,7 +4,7 @@
 const express = require("express")
 const config = require("./config")
 const socketHandler = require("./socket")
-const sshRoutes = require("./routes")
+const sshRoutes = require("./routes")(config)
 const { applyMiddleware } = require("./middleware")
 const { createServer, startServer } = require("./server")
 const { configureSocketIO } = require("./io")

app/routes.js

@@ -16,10 +16,39 @@ const { ConfigError, handleError } = require("./errors")
 const { HTTP } = require("./constants")
 
 const debug = createNamespacedDebug("routes")
-const router = express.Router()
 
-// eslint-disable-next-line consistent-return
+module.exports = function(config) {
-function auth(req, res, next) {
+  const router = express.Router()
+
+  /**
+   * Middleware function that handles HTTP Basic Authentication for the application.
+   *
+   * If the `config.user.name` and `config.user.password` are set, it will use those
+   * credentials to authenticate the request and set the `req.session.sshCredentials`
+   * object with the username and password.
+   *
+   * If the `config.user.name` and `config.user.password` are not set, it will attempt
+   * to use HTTP Basic Authentication to authenticate the request. It will validate and
+   * sanitize the credentials, and set the `req.session.sshCredentials` object with the
+   * username and password.
+   *
+   * The function will also set the `req.session.usedBasicAuth` flag to indicate that
+   * Basic Authentication was used.
+   *
+   * If the authentication fails, the function will send a 401 Unauthorized response
+   * with the appropriate WWW-Authenticate header.
+   */
+  // eslint-disable-next-line consistent-return
+  function auth(req, res, next) {
+    if (config.user.name && config.user.password) {
+      req.session.sshCredentials = {
+        username: config.user.name,
+        password: config.user.password
+      }
+      req.session.usedBasicAuth = true
+      return next()
+    }
+    // Scenario 2: Basic Auth
     debug("auth: Basic Auth")
     const credentials = basicAuth(req)
     if (!credentials) {
@@ -33,16 +62,16 @@ function auth(req, res, next) {
     }
     req.session.usedBasicAuth = true // Set this flag when Basic Auth is used
     next()
-}
+  }
 
-// Scenario 1: No auth required, uses websocket authentication instead
+  // Scenario 1: No auth required, uses websocket authentication instead
-router.get("/", (req, res) => {
+  router.get("/", (req, res) => {
     debug("router.get./: Accessed / route")
     handleConnection(req, res)
-})
+  })
 
-// Scenario 2: Auth required, uses HTTP Basic Auth
+  // Scenario 2: Auth required, uses HTTP Basic Auth
-router.get("/host/:host", auth, (req, res) => {
+  router.get("/host/:host", auth, (req, res) => {
     debug(`router.get.host: /ssh/host/${req.params.host} route`)
 
     try {
@@ -71,17 +100,18 @@ router.get("/host/:host", auth, (req, res) => {
       const error = new ConfigError(`Invalid configuration: ${err.message}`)
       handleError(error, res)
     }
-})
+  })
 
-// Clear credentials route
+  // Clear credentials route
-router.get("/clear-credentials", (req, res) => {
+  router.get("/clear-credentials", (req, res) => {
     req.session.sshCredentials = null
     res.status(HTTP.OK).send(HTTP.CREDENTIALS_CLEARED)
-})
+  })
 
-router.get("/force-reconnect", (req, res) => {
+  router.get("/force-reconnect", (req, res) => {
     req.session.sshCredentials = null
     res.status(HTTP.UNAUTHORIZED).send(HTTP.AUTH_REQUIRED)
-})
+  })
 
-module.exports = router
+  return router
+}