Switching to http-auth module for digest auth option

mmattozzi · Dec 5, 2015 · 951f588 · 951f588
1 parent c62a918
commit 951f588
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 196 deletions.
diff --git a/http-digest.js b/http-digest.js
diff --git a/package.json b/package.json
@@ -6,14 +6,14 @@
   "author" : "Mike Mattozzi <mike.mattozzi@gmail.com>",
   "main" : "./webrepl.js",
   "engines": {
-      "node": ">=0.8.0"
+      "node": ">=4.2.3"
   },
   "repository": {
     "type": "git",
     "url": "git://github.com/mmattozzi/webrepl.git"
   },
   "dependencies": {
-      "http-digest": ">=0.1.0"
+      "http-auth": ">=2.2.8"
   },
   "keywords": [ "repl", "console", "management" ]
 }
diff --git a/webrepl.js b/webrepl.js
@@ -47,9 +47,25 @@ ReplHttpServer.prototype.start = function(port) {
     var self = this;
     if (this.username !== undefined && this.password !== undefined) {
         // Set up server that requires http digest authentication
-        var httpdigest = require('./http-digest');
-        self.server = httpdigest.createServer(this.username, this.password, 
-            function(req, res) { self.route(req, res); });
+        var configuredUsername = this.username;
+        var configuredPassword = this.password;
+        var auth = require('http-auth');
+        var crypto = require('crypto');
+
+        var digest = auth.digest({ realm: "webrepl" }, 
+            function (username, callback) { // Expecting md5(username:realm:password) in callback.		
+                if (username === configuredUsername) {
+                    var md5hash = crypto.createHash('md5');
+                    callback(md5hash.update(configuredUsername + ":webrepl:" + configuredPassword).digest("hex"));
+                } else {
+                    callback();			
+                }
+            }
+        );
+
+        self.server = http.createServer(digest, function(req, res) {
+            self.route(req, res);
+        });
         self.server.listen(port, this.hostname);
     } else {
         // No auth required