From 41a9052a0704a3f469b0ffe6551cc46892f0fefa Mon Sep 17 00:00:00 2001 From: Dorian Niemiec Date: Wed, 7 Feb 2024 01:14:56 +0100 Subject: [PATCH] RedBrick now no longer sets AUTH_TYPE and REMOTE_USER environment value, when 401 code is not specified in SVR.JS configuration. --- index.js | 55 +++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 8 deletions(-) diff --git a/index.js b/index.js index ee0fcee..bcb62c1 100644 --- a/index.js +++ b/index.js @@ -38,12 +38,41 @@ var disableModExposeSupported = process.versions.svrjs && process.versions.svrjs function Mod() {} -Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, ext, uobject, search, defaultpage, users, page404, head, foot, fd, elseCallback, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData) { +Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, ext, uobject, search, defaultpage, users, page404, head, foot, fd, elseCallback, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData, authUser) { return function () { if (!configJSON) { configJSON = configJSONS; } + function checkIfThereIsA401Rule() { + var actually401 = false; + + function createRegex(regex) { + var regexObj = regex.split("/"); + if (regexObj.length == 0) throw new Error("Invalid regex!"); + var modifiers = regexObj.pop(); + regexObj.shift(); + var searchString = regexObj.join("/"); + return new RegExp(searchString, modifiers); + } + + if(configJSON.nonStandardCodes) { + configJSON.nonStandardCodes.every(function (nonscode) { + if (nonscode.scode == 401) { + if (nonscode.regex && (req.url.match(createRegex(nonscode.regex)) || href.match(createRegex(nonscode.regex)))) { + actually401 = true; + return true; + } else if (nonscode.url && (nonStandardCodes[i].url == href || (os.platform() == "win32" && nonStandardCodes[i].url.toLowerCase() == href.toLowerCase()))) { + actually401 = true; + return true; + } + } + return false; + }); + } + return actually401; + } + if (!getCustomHeaders) { var bheaders = JSON.parse(JSON.stringify(configJSON.customHeaders)); } else { @@ -286,10 +315,15 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e } } - function executeCGIWithEnv(a, b, req, res, pubip, port, software, dh) { + function executeCGIWithEnv(a, b, req, res, pubip, port, software, dh, user) { // Function to set up environment variables and execute CGI scripts var nEnv = {}; - if (req.headers.authorization) { + if (typeof user != "undefined") { + if (user !== null) { + if (req.headers.authorization) nEnv["AUTH_TYPE"] = req.headers.authorization.split(" ")[0]; + nEnv["REMOTE_USER"] = user; + } + } else if (req.headers.authorization && (typeof checkIfThereIsA401Rule == "undefined" || checkIfThereIsA401Rule())) { nEnv["AUTH_TYPE"] = req.headers.authorization.split(" ")[0]; if (nEnv["AUTH_TYPE"] == "Basic") { var remoteCred = req.headers.authorization.split(" ")[1]; @@ -399,7 +433,8 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e process.version + ") RedBrick/" + version, - bheaders + bheaders, + authUser ); } catch (ex) { if (!callServerError) { @@ -450,7 +485,8 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e process.version + ") RedBrick/" + version, - bheaders + bheaders, + authUser ); } catch (ex) { if (!callServerError) { @@ -509,7 +545,8 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e process.version + ") RedBrick/" + version, - bheaders + bheaders, + authUser ); } catch (ex) { if (!callServerError) { @@ -566,7 +603,8 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e process.version + ") RedBrick/" + version, - bheaders + bheaders, + authUser ); } catch (ex) { if (!callServerError) { @@ -647,7 +685,8 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e process.version + ") RedBrick/" + version, - bheaders + bheaders, + authUser ); } catch (ex) { if (!callServerError) {