Commit graph

24 commits

Author SHA1 Message Date
Matthew Nickson 8a92054c2b
Added JSDoc to ESLint (#3529)
* Added JSDoc to eslint rules

Signed-off-by: Matthew Nickson <[email protected]>

* Fixed JSDoc eslint errors

Signed-off-by: Matthew Nickson <[email protected]>

* Update the check-linters workflow to Node.js 20

---------

Signed-off-by: Matthew Nickson <[email protected]>
Co-authored-by: Louis Lam <[email protected]>
2023-08-11 15:46:41 +08:00
Nelson Chan cc94609423 Chore: Add logging for failed auth 2023-06-26 04:49:49 +08:00
Matthew Nickson 42a69c16ca
Switched to crypto.randomBytes fpr key generation
Keys are now 32 bytes long encoded in a URL safe base64 string

Signed-off-by: Matthew Nickson <[email protected]>
2023-02-26 16:47:34 +00:00
Matthew Nickson b8720b46c3
Switched to using Authorization header
Prometheus doesn't support using custom headers for exporters, however
it does support using the Authorisation header with basic auth. As
such, we switched from using X-API-Key to Authorization with the basic
scheme and an empty username field.

Also added a rate limit for API endpoints of 60 requests in a minute

Signed-off-by: Matthew Nickson <[email protected]>
2023-02-15 21:53:49 +00:00
Matthew Nickson 01c71a0242
Fixed logic errors, removed dev leftovers
Fixed a logic error where a comma was used instead of an or, also
removed leftover console.logs from testing.

Date picker is now dissabled when don't expire is checked.

Signed-off-by: Matthew Nickson <[email protected]>
2023-02-15 11:15:15 +00:00
Matthew Nickson e7feca1cd6
Added API key authentication handler
API key authentication is now possible by making use of the X-API-Key
header. API authentication will only be enabled when a user adds their
first API key, up until this point, they can still use their username
and password to authenticate with API endpoints. After the user adds
their first API key, they may only use API keys in future to
authenticate with the API.

In this commit, the prometheus /metrics endpoint has been changed over
to the new authentication system.

Signed-off-by: Matthew Nickson <[email protected]>
2023-02-15 00:39:29 +00:00
Matthew Nickson caff9ca736
Added JSDoc for server/
Signed-off-by: Matthew Nickson <[email protected]>
2023-01-05 22:19:05 +00:00
Louis Lam 50711391d1
Revert "Auth: Case insensitive login check on username" 2023-01-01 22:19:00 +08:00
Mathias Haugsbø b3ac7c3d43 Username case insensitive, patch db instead of using LIKE 2022-12-19 12:18:33 +01:00
Mathias Haugsbø c79b2913a2 Auth: Case insensitive login check on username
Allows users to add users with capital letters and then login with just lowercase letters.

We accidentally capitalized the first letter of our username so the other people using it frequently thinks they wrote the wrong password.
2022-12-18 17:16:19 +01:00
Matthew Nickson 6d22ebedca
Merge branch 'master' into add-JSDoc-comments 2022-04-21 13:01:22 +01:00
Matthew Nickson 03b2d8d521
Add JSDoc to server/*
Signed-off-by: Matthew Nickson <[email protected]>
2022-04-20 19:56:40 +01:00
Louis Lam 17dcf6d3a2
Merge pull request #910 from andreasbrett/logging
introduce consistent logging
2022-04-13 23:47:08 +08:00
Louis Lam 772d009f43 Merge branch 'master' into fluencydoc_master
# Conflicts:
#	extra/update-version.js
#	server/client.js
#	server/server.js
2022-04-12 17:44:04 +08:00
Louis Lam 279e2eb3f6 Merge branch 'master' into logging
# Conflicts:
#	server/database.js
#	server/jobs.js
#	server/model/monitor.js
#	server/routers/api-router.js
#	server/server.js
#	server/socket-handlers/status-page-socket-handler.js
#	server/util-server.js
2022-04-12 16:32:14 +08:00
Louis Lam 0da6e6b1fb Some improvements 2022-03-29 17:38:48 +08:00
Louis Lam 71af08189e Clear useless code 2022-03-24 18:03:31 +08:00
Louis Lam d32ba7cadd Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 18:02:34 +08:00
Andreas Brett bdcdf47e52 introduce consistent logging 2021-11-11 12:31:28 +01:00
Calum Bird f55350bebc Generated documentation :) 2021-11-09 21:24:31 -08:00
Louis Lam b77b33e790 add login rate limiter 2021-10-23 16:35:13 +08:00
LouisLam 44c8ca9da8 requires empty username/password if set disableAuth for basic auth 2021-08-03 00:08:46 +08:00
Adam Stachowicz 9648d700d7 Autofix on save 2021-07-27 19:47:13 +02:00
LouisLam 209fa83cff Add Basic Auth for /metrics 2021-07-28 00:52:31 +08:00