var fs = require('fs') var Path = require('path') var utils = require('./utils') module.exports = HTPasswd function HTPasswd(config, stuff) { var self = Object.create(HTPasswd.prototype) self._users = {} // config for this module self._config = config // sinopia logger self._logger = stuff.logger // sinopia main config object self._sinopia_config = stuff.config // all this "sinopia_config" stuff is for b/w compatibility only self._maxusers = self._config.max_users if (!self._maxusers) self._maxusers = self._sinopia_config.max_users // set maxusers to Infinity if not specified if (!self._maxusers) self._maxusers = Infinity self._last_time = null var file = self._config.file if (!file) file = self._sinopia_config.users_file if (!file) throw new Error('should specify "file" in config') self._path = Path.resolve(Path.dirname(self._sinopia_config.self_path), file) return self } HTPasswd.prototype.authenticate = function (user, password, cb) { var self = this self._reload(function (err) { if (err) return cb(err.code === 'ENOENT' ? null : err) if (!self._users[user]) return cb(null, false) if (!utils.verify_password(user, password, self._users[user])) return cb(null, false) // authentication succeeded! // return all usergroups this user has access to; // (this particular package has no concept of usergroups, so just return user herself) return cb(null, [user]) }) } // hopefully race-condition-free way to add users: // 1. lock file for writing (other processes can still read) // 2. reload .htpasswd // 3. write new data into .htpasswd.tmp // 4. move .htpasswd.tmp to .htpasswd // 5. reload .htpasswd // 6. unlock file HTPasswd.prototype.adduser = function (user, password, real_cb) { var self = this function sanity_check() { var err = null if (self._users[user]) { err = Error('this user already exists') } else if (Object.keys(self._users).length >= self._maxusers) { err = Error('maximum amount of users reached') } if (err) err.status = 403 return err } // preliminary checks, just to ensure that file won't be reloaded if it's not needed var s_err = sanity_check() if (s_err) return real_cb(s_err, false) utils.lock_and_read(self._path, function (err, res) { var locked = false // callback that cleans up lock first function cb(err) { if (locked) { utils.unlock_file(self._path, function () { // ignore any error from the unlock real_cb(err, !err) }) } else { real_cb(err, !err) } } if (!err) { locked = true } // ignore ENOENT errors, we'll just create .htpasswd in that case if (err && err.code !== 'ENOENT') return cb(err) var body = (res || '').toString('utf8') self._users = utils.parse_htpasswd(body) // real checks, to prevent race conditions var s_err = sanity_check() if (s_err) return cb(s_err) try { console.log('body = utils.add_user_to_htpasswd(body, user, password)') console.log(user, password) body = utils.add_user_to_htpasswd(body, user, password) } catch (err) { return cb(err) } fs.writeFile(self._path, body, function (err) { if (err) return cb(err) self._reload(function () { cb(null, true) }) }) }) } HTPasswd.prototype._reload = function (_callback) { var self = this fs.stat(self._path, function (err, stats) { if (err) return _callback(err) if (self._last_time === stats.mtime) return _callback() self._last_time = stats.mtime fs.readFile(self._path, 'utf8', function (err, buffer) { if (err) return _callback(err) self._users = utils.parse_htpasswd(buffer) _callback() }); }); }