feat: overridebasic fixes #243 included for #242

ChangeLog.md

@@ -10,6 +10,7 @@
   - added prettier 2.3.0, typescript modules, socket.io-client 4.1.1, airbnb linting tools
 ### Added
 - Lookup ip address for hostname in URL, fixes #199 thanks to @zwiy
+- Ability to override `Authorization: Basic` header and replace with credentials specified in `config.json` fixes #243. New config.json option `user.overridebasic`
 ### CONTRIBUTING
 In this release, we're trying our best to conform to the [Airbnb Javascript Style Guide](https://airbnb.io/projects/javascript/). I'm hoping this will make contributions easier and keep the code readable. I love shortcuts more than anyone but I've found when making changes to code I've not looked at in a while, it can take me a few momements to deconstruct what was being done due to readbility issues. While I don't agree with every decision in the style guide (semi-colons, yuk), it is a good base to keep the code consistent.
 

README.md

@@ -109,6 +109,8 @@ docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/conf
 
 * **user.password** - _string_ - Specify password to authenticate with. In normal cases this should be left to the default `null` setting.
 
+* **user.overridebasic** - _boolean_ - When set to `true` ignores `Authorization: Basic` header sent from client and use credentials defined in `user.name` and `user.password` instead. Defaults to `false`. [issue 242](../../issues/242) for more information.
+
 * **ssh.host** - _string_ - Specify host to connect to. May be either hostname or IP address. Defaults to `null`.
 
 * **ssh.port** - _integer_ - Specify SSH port to connect to, defaults to `22`

app/config.json.sample

@@ -10,6 +10,7 @@
     "name": null,
     "password": null,
     "privatekey": null
+    "overridebasic": false
   },
   "ssh": {
     "host": null,

app/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "webssh2",
-  "version": "0.4.0-testing-0",
+  "version": "0.4.0-testing-2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

app/server/app.js

@@ -32,7 +32,12 @@ const appSocket = require('./socket');
 const expressOptions = require('./expressOptions');
 const myutil = require('./util');
 
-myutil.setDefaultCredentials(config.user.name, config.user.password, config.user.privatekey);
+myutil.setDefaultCredentials(
+  config.user.name,
+  config.user.password,
+  config.user.privatekey,
+  config.user.overridebasic
+);
 
 // safe shutdown
 let shutdownMode = false;

app/server/config.js

@@ -19,6 +19,7 @@ let config = {
     name: null,
     password: null,
     privatekey: null,
+    overridebasic: false,
   },
   ssh: {
     host: null,

app/server/util.js

@@ -8,15 +8,24 @@ const Auth = require('basic-auth');
 
 const defaultCredentials = { username: null, password: null, privatekey: null };
 
-exports.setDefaultCredentials = function setDefaultCredentials(username, password, privatekey) {
+exports.setDefaultCredentials = function setDefaultCredentials(
+  username,
+  password,
+  privatekey,
+  overridebasic
+) {
   defaultCredentials.username = username;
   defaultCredentials.password = password;
   defaultCredentials.privatekey = privatekey;
+  defaultCredentials.overridebasic = overridebasic;
 };
 
 exports.basicAuth = function basicAuth(req, res, next) {
   const myAuth = Auth(req);
-  if (myAuth && myAuth.pass !== '') {
+  // If Authorize: Basic header exists and the password isn't blank
+  // AND config.user.overridebasic is false, extract basic credentials
+  // from client
+  if (myAuth && myAuth.pass !== '' && !defaultCredentials.overridebasic) {
     req.session.username = myAuth.name;
     req.session.userpassword = myAuth.pass;
     debug(