From 6d417fac1b4d77ab5552b75483cfc787d466e699 Mon Sep 17 00:00:00 2001 From: Nicolai Ort Date: Sat, 14 Aug 2021 10:09:05 +0200 Subject: [PATCH] Added basics for auth --- Dockerfile | 2 +- package.json | 1 + src/server.js | 84 ++++++++++++++++++++++++++++----------------------- 3 files changed, 49 insertions(+), 38 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4c01315..1edee8d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:15-alpine as run +FROM node:16-alpine as run COPY package.json . RUN yarn --prod diff --git a/package.json b/package.json index e258b3f..2ab2228 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,7 @@ "dependencies": { "dotenv": "^10.0.0", "fastify": "^3.20.1", + "fastify-basic-auth": "^2.1.0", "knex": "^0.21.21", "sqlite3": "^5.0.2", "uniqid": "^5.3.0" diff --git a/src/server.js b/src/server.js index 12a14f3..de2b526 100644 --- a/src/server.js +++ b/src/server.js @@ -21,10 +21,8 @@ const knex = require('knex')({ } }); -//Basic home route -fastify.get('/', async (request, reply) => { - return { hello: 'world' } -}) +const authenticate = { realm: 'Short' } +fastify.register(require('fastify-basic-auth'), { validate, authenticate }); //Automagic Amazn redirects on /a/ fastify.get('/a/:id', async (req, res) => { @@ -162,46 +160,51 @@ fastify.get('/api/:shortcode', async (req, res) => { } }); -//Get url api route -fastify.get('/api/:shortcode/visits', async (req, res) => { - const shortcode = req.params.shortcode; +fastify.after(() => { + //Get url api route + fastify.get('/api/:shortcode/visits', { onRequest: fastify.basicAuth }, async (req, res) => { + const shortcode = req.params.shortcode; - //This should never happen but better safe than 500 - if (!shortcode) { - return 404; - } + //This should never happen but better safe than 500 + if (!shortcode) { + return 404; + } - const exists = await knex.select('shortcode', 'target') - .from('urls') - .where('shortcode', '=', shortcode) - .limit(1); - if (exists.length == 0) { - return 404; - } + const exists = await knex.select('shortcode', 'target') + .from('urls') + .where('shortcode', '=', shortcode) + .limit(1); + if (exists.length == 0) { + return 404; + } - const visits = await knex.select('timestamp') - .from('visits') - .where('shortcode', '=', shortcode); + const visits = await knex.select('timestamp') + .from('visits') + .where('shortcode', '=', shortcode); + + return visits; + }); + + //Get url api route + fastify.delete('/api/:shortcode', async (req, res) => { + const shortcode = req.params.shortcode; + + //This should never happen but better safe than 500 + if (!shortcode) { + return 404; + } + + await knex('urls') + .where('shortcode', '=', shortcode) + .delete(); + + res.statusCode = 204; + return true; + }); - return visits; }); -//Get url api route -fastify.delete('/api/:shortcode', async (req, res) => { - const shortcode = req.params.shortcode; - //This should never happen but better safe than 500 - if (!shortcode) { - return 404; - } - - await knex('urls') - .where('shortcode', '=', shortcode) - .delete(); - - res.statusCode = 204; - return true; -}); /** * Checks for some default providers with custom url schemes (amazon and youtube r/n) @@ -240,6 +243,13 @@ function checkKnownProviders(target) { return null; } +async function validate(username, password, req, reply) { + console.log(username) + if (username !== 'admin' || password !== 'admin') { + return new Error('Sorry only authorized users can do that.') + } +} + // Run the server! const start = async () => { try {