Basic Auth only on protected routes

app.js

@@ -46,7 +46,6 @@ var qrcode = require("qrcode");
 var addressApi = require("./app/api/addressApi.js");
 var electrumAddressApi = require("./app/api/electrumAddressApi.js");
 var coreApi = require("./app/api/coreApi.js");
-var auth = require('./app/auth.js');
 var marked = require("marked");
 
 var package_json = require('./package.json');
@@ -71,12 +70,6 @@ app.engine('pug', (path, options, fn) => {
 
 app.set('view engine', 'pug');
 
-// basic http authentication
-if (process.env.BTCEXP_BASIC_AUTH_PASSWORD) {
-	app.disable('x-powered-by');
-	app.use(auth(process.env.BTCEXP_BASIC_AUTH_PASSWORD));
-}
-
 // uncomment after placing your favicon in /public
 //app.use(favicon(__dirname + '/public/favicon.ico'));
 //app.use(logger('dev'));
@@ -602,7 +595,7 @@ app.use(csurf(), (req, res, next) => {
 	next();
 });
 
-app.use('/', baseActionsRouter);
+app.use('/', baseActionsRouter(app));
 app.use('/api/', apiActionsRouter);
 app.use('/snippet/', snippetActionsRouter);
 

app/auth.js

@@ -1,6 +1,11 @@
 var basicAuth = require('basic-auth');
 
-module.exports = pass => (req, res, next) => {
+module.exports = (app, pass, demo = false) => (req, res, next) => {
+	if (demo) return next();
+	if (!pass) return res.status(401).send("This section of the site requires authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info).");
+
+	app.disable('x-powered-by');
+
 	var cred = basicAuth(req);
 
 	if (cred && cred.pass === pass) {

routes/baseRouter.js

@@ -21,11 +21,14 @@ var config = require("./../app/config.js");
 var coreApi = require("./../app/api/coreApi.js");
 var addressApi = require("./../app/api/addressApi.js");
 var rpcApi = require("./../app/api/rpcApi.js");
+var auth = require('./../app/auth.js');
 
 const v8 = require('v8');
 
 const forceCsrf = csurf({ ignoreMethods: [] });
 
+const routerExport = app => {
+
 router.get("/", function(req, res, next) {
 	if (req.session.host == null || req.session.host.trim() == "") {
 		if (req.cookies['rpc-host']) {
@@ -1179,29 +1182,13 @@ router.get("/address/:address", function(req, res, next) {
 	});
 });
 
-router.get("/rpc-terminal", function(req, res, next) {
-	if (!config.demoSite && !req.authenticated) {
-		res.send("RPC Terminal / Browser require authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info).");
-
-		next();
-
-		return;
-	}
-
+router.get("/rpc-terminal", auth(app, process.env.BTCEXP_BASIC_AUTH_PASSWORD, config.demoSite), function(req, res, next) {
 	res.render("rpc-terminal");
 
 	next();
 });
 
-router.post("/rpc-terminal", function(req, res, next) {
-	if (!config.demoSite && !req.authenticated) {
-		res.send("RPC Terminal / Browser require authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info).");
-
-		next();
-
-		return;
-	}
-
+router.post("/rpc-terminal", auth(app, process.env.BTCEXP_BASIC_AUTH_PASSWORD, config.demoSite), function(req, res, next) {
 	var params = req.body.cmd.trim().split(/\s+/);
 	var cmd = params.shift();
 	var parsedParams = [];
@@ -1256,15 +1243,7 @@ router.post("/rpc-terminal", function(req, res, next) {
 	});
 });
 
-router.get("/rpc-browser", function(req, res, next) {
-	if (!config.demoSite && !req.authenticated) {
-		res.send("RPC Terminal / Browser require authentication. Set an authentication password via the 'BTCEXP_BASIC_AUTH_PASSWORD' environment variable (see .env-sample file for more info).");
-
-		next();
-
-		return;
-	}
-
+router.get("/rpc-browser", auth(app, process.env.BTCEXP_BASIC_AUTH_PASSWORD, config.demoSite), function(req, res, next) {
 	coreApi.getHelp().then(function(result) {
 		res.locals.gethelp = result;
 
@@ -1581,4 +1560,8 @@ router.get("/fun", function(req, res, next) {
 	next();
 });
 
-module.exports = router;
+return router
+
+}
+
+module.exports = routerExport;