forked from svrjs/svrjs
Optimize credential match checking
This commit is contained in:
parent
cbbf8ab79b
commit
f8cc7e45cd
3 changed files with 25 additions and 10 deletions
|
|
@ -3,7 +3,7 @@
|
||||||
"port": 80,
|
"port": 80,
|
||||||
"pubport": 80,
|
"pubport": 80,
|
||||||
"page404": "404.html",
|
"page404": "404.html",
|
||||||
"timestamp": 1691854862481,
|
"timestamp": 1692101055417,
|
||||||
"blacklist": [],
|
"blacklist": [],
|
||||||
"nonStandardCodes": [],
|
"nonStandardCodes": [],
|
||||||
"enableCompression": true,
|
"enableCompression": true,
|
||||||
|
|
|
||||||
31
svr.js
31
svr.js
|
|
@ -4440,7 +4440,22 @@ if (!cluster.isPrimary) {
|
||||||
// Handle HTTP authentication
|
// Handle HTTP authentication
|
||||||
if (authIndex > -1) {
|
if (authIndex > -1) {
|
||||||
var authcode = nonStandardCodes[authIndex];
|
var authcode = nonStandardCodes[authIndex];
|
||||||
|
|
||||||
|
function checkIfPasswordMatches(list, password, callback, _i) {
|
||||||
|
if(!_i) _i = 0;
|
||||||
|
var cb = function (hash) {
|
||||||
|
var matches = (hash == list[_i].pass);
|
||||||
|
if(matches) {
|
||||||
|
callback(true);
|
||||||
|
} else if(_i >= list.length-1) {
|
||||||
|
callback(false);
|
||||||
|
} else {
|
||||||
|
checkIfPasswordMatches(list, password, callback, _i+1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
cb(sha256(password + list[_i].salt));
|
||||||
|
}
|
||||||
|
|
||||||
function authorizedCallback(bruteProtection) {
|
function authorizedCallback(bruteProtection) {
|
||||||
var ha = getCustomHeaders();
|
var ha = getCustomHeaders();
|
||||||
ha["WWW-Authenticate"] = "Basic realm=\"" + (authcode.realm ? authcode.realm.replace(/(\\|")/g, "\\$1") : "SVR.JS HTTP Basic Authorization") + "\", charset=\"UTF-8\"";
|
ha["WWW-Authenticate"] = "Basic realm=\"" + (authcode.realm ? authcode.realm.replace(/(\\|")/g, "\\$1") : "SVR.JS HTTP Basic Authorization") + "\", charset=\"UTF-8\"";
|
||||||
|
|
@ -4465,14 +4480,13 @@ if (!cluster.isPrimary) {
|
||||||
}
|
}
|
||||||
var username = decodedCredentialsMatch[1];
|
var username = decodedCredentialsMatch[1];
|
||||||
var password = decodedCredentialsMatch[2];
|
var password = decodedCredentialsMatch[2];
|
||||||
var authorized = false;
|
var usernameMatch = users.filter(function (entry) {
|
||||||
for (var i = 0; i < users.length; i++) {
|
return entry.name == username;
|
||||||
var hash = sha256(password + users[i].salt);
|
});
|
||||||
if (users[i].name == username && users[i].pass == hash) {
|
if(usernameMatch.length == 0) {
|
||||||
authorized = true;
|
usernameMatch.push({name: username, pass: "FAKEPASS", salt: "FAKESALT"}); //Fake credentials
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
checkIfPasswordMatches(usernameMatch, password, function(authorized) {
|
||||||
if (!authorized) {
|
if (!authorized) {
|
||||||
if (bruteProtection) {
|
if (bruteProtection) {
|
||||||
if (process.send) {
|
if (process.send) {
|
||||||
|
|
@ -4501,6 +4515,7 @@ if (!cluster.isPrimary) {
|
||||||
}
|
}
|
||||||
modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, callServerError, getCustomHeaders, origHref, redirect, parsePostData));
|
modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, callServerError, getCustomHeaders, origHref, redirect, parsePostData));
|
||||||
}
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
if (authcode.disableBruteProtection) {
|
if (authcode.disableBruteProtection) {
|
||||||
authorizedCallback(false);
|
authorizedCallback(false);
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
0
|
2
|
||||||
Reference in a new issue