Permalink
Browse files

Support secrecy

If a shared secret is provided, then the requester must
authorize with the username 'node' and the shared secret
as the password
  • Loading branch information...
1 parent 6192450 commit 15a494e8a6c1d006140b88081a96da9a7925df8f @isaacs isaacs committed May 27, 2012
Showing with 24 additions and 0 deletions.
  1. +1 −0 .gitignore
  2. +6 −0 config.js
  3. +17 −0 server.js
View
@@ -3,3 +3,4 @@ repos/*
checkout/*
!checkout/.do-not-delete
ssl
+secret.txt
View
@@ -6,6 +6,12 @@ exports.https = {
cert: fs.readFileSync(__dirname + '/ssl/server.crt')
}
+try {
+ exports.secret = fs.readFileSync(__dirname + '/secret.txt', 'utf8').trim()
+} catch (e) {
+ exports.secret = null
+}
+
if (process.platform === 'win32') {
exports.gitCmd = 'git'
View
@@ -36,8 +36,25 @@ var buildCmd = config.buildCmd
var buildArgs = config.buildArgs
var httpsOpt = config.https
var port = config.port
+var secret = config.secret
https.createServer(httpsOpt, function (req, res) {
+ // if we have a shared secret, then only accept requests with that
+ if (secret) {
+ var auth = req.headers.authorization
+ if (!auth) {
+ res.statusCode = 401
+ res.setHeader('WWW-Authenticate', 'Basic realm="node tester drone"')
+ return res.end('auth required')
+ }
+ auth = new Buffer(auth.replace(/^Basic /, ''), 'base64').toString()
+ auth = (auth === 'node:' + secret)
+ if (!auth) {
+ res.statusCode = 403
+ return res.end('unauthorized')
+ }
+ }
+
if (req.method === 'POST' && req.url === '/test') {
return runTests(req, res)
}

0 comments on commit 15a494e

Please sign in to comment.