mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-25 04:34:06 -08:00
⚡ Improve speed of basic-auth with hashed password
This commit is contained in:
parent
4cfd6c726c
commit
3d003fca72
|
@ -20,7 +20,7 @@ import { RequestOptions } from 'oauth-1.0a';
|
|||
import * as csrf from 'csrf';
|
||||
import * as requestPromise from 'request-promise-native';
|
||||
import { createHmac } from 'crypto';
|
||||
import { compareSync } from 'bcrypt';
|
||||
import { compare } from 'bcrypt';
|
||||
|
||||
import {
|
||||
ActiveExecutions,
|
||||
|
@ -189,7 +189,9 @@ class App {
|
|||
|
||||
const basicAuthHashEnabled = await GenericHelpers.getConfigValue('security.basicAuth.hash') as boolean;
|
||||
|
||||
this.app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
|
||||
let validPassword: null | string = null;
|
||||
|
||||
this.app.use(async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
||||
if (req.url.match(authIgnoreRegex)) {
|
||||
return next();
|
||||
}
|
||||
|
@ -201,12 +203,27 @@ class App {
|
|||
return ResponseHelper.basicAuthAuthorizationError(res, realm, 'Authorization is required!');
|
||||
}
|
||||
|
||||
if (basicAuthData.name !== basicAuthUser || (!basicAuthHashEnabled && basicAuthData.pass !== basicAuthPassword) || (basicAuthHashEnabled && compareSync(basicAuthData.pass, basicAuthPassword) === false)) {
|
||||
// Provided authentication data is wrong
|
||||
return ResponseHelper.basicAuthAuthorizationError(res, realm, 'Authorization data is wrong!');
|
||||
if (basicAuthData.name === basicAuthUser) {
|
||||
if (basicAuthHashEnabled === true) {
|
||||
if (validPassword === null && await compare(basicAuthData.pass, basicAuthPassword)) {
|
||||
// Password is valid so save for future requests
|
||||
validPassword = basicAuthData.pass;
|
||||
}
|
||||
|
||||
if (validPassword === basicAuthData.pass && validPassword !== null) {
|
||||
// Provided hash is correct
|
||||
return next();
|
||||
}
|
||||
} else {
|
||||
if (basicAuthData.pass === basicAuthPassword) {
|
||||
// Provided password is correct
|
||||
return next();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
next();
|
||||
// Provided authentication data is wrong
|
||||
return ResponseHelper.basicAuthAuthorizationError(res, realm, 'Authorization data is wrong!');
|
||||
});
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue