Time machine server.js #1589
Time machine server.js #1589
Conversation
web/server.js
Outdated
| @@ -158,9 +159,28 @@ app.get('/', (req, res) => { | |||
| } | |||
| const { locale } = res; | |||
| const fullUrl = 'https://www.electricitymap.org' + req.originalUrl; | |||
|
|
|||
| // basic auth and time machine cookie if we're in the back in time container | |||
There was a problem hiding this comment.
Can we change the comment to something even a contributor could understand
Something along the lines of:
// Basic auth for premium access
web/server.js
Outdated
| if (process.env['BASIC_AUTH_USERNAME;']){ | ||
| let user = auth(req); | ||
| let authorized = false; | ||
| if (user){ |
There was a problem hiding this comment.
Style: linter probably requires space between ) and {
web/server.js
Outdated
|
|
||
| // basic auth and time machine cookie if we're in the back in time container | ||
| if (process.env['BASIC_AUTH_USERNAME;']){ | ||
| let user = auth(req); |
There was a problem hiding this comment.
Linter will probably say it needs const instead.
web/server.js
Outdated
| @@ -158,9 +159,28 @@ app.get('/', (req, res) => { | |||
| } | |||
| const { locale } = res; | |||
| const fullUrl = 'https://www.electricitymap.org' + req.originalUrl; | |||
|
|
|||
| // basic auth and time machine cookie if we're in the back in time container | |||
| if (process.env['BASIC_AUTH_USERNAME;']){ | |||
There was a problem hiding this comment.
why does the env variable name have a semicolon at the end?
web/server.js
Outdated
| let user = auth(req); | ||
| let authorized = false; | ||
| if (user){ | ||
| let ix = process.env['BASIC_AUTH_USERNAMES'].split(';').indexOf(user.name); |
There was a problem hiding this comment.
More traditional to split using a comma
web/server.js
Outdated
| let user = auth(req); | ||
| let authorized = false; | ||
| if (user){ | ||
| let ix = process.env['BASIC_AUTH_USERNAMES'].split(';').indexOf(user.name); |
There was a problem hiding this comment.
You can be more explicit by naming a variable hasMatchingUserName and directly do the !== -1 comparaison here.
web/server.js
Outdated
| let authorized = false; | ||
| if (user){ | ||
| let ix = process.env['BASIC_AUTH_USERNAMES'].split(';').indexOf(user.name); | ||
| if (ix !== -1 && user.pass === process.env['BASIC_AUTH_PASSWORDS'].split(';')[ix]){ |
There was a problem hiding this comment.
It's a tad dangerous because this forces us to have two lists (one for users, one for passwords), and is therefore prone to errors (if you offset one item for example).
A better way would be to serialise auth using user1:pass1,user2:pass2...
web/server.js
Outdated
| } | ||
| if (!authorized){ | ||
| res.statusCode = 401; | ||
| res.setHeader('WWW-Authenticate', 'Basic realm="example"'); |
for the premium subdomain, adds basic auth and replies with a
set-cookieheader so that back in time works