refactor: make authenticated async everywhere
Since this checks if they are authenticated using the hash/password and it's async, we need to update authenticated to be async, which means we have to update it everywhere it's used.
This commit is contained in:
parent
fcc3f0d951
commit
0cdbd33b46
|
@ -45,8 +45,13 @@ export const replaceTemplates = <T extends object>(
|
|||
/**
|
||||
* Throw an error if not authorized. Call `next` if provided.
|
||||
*/
|
||||
export const ensureAuthenticated = (req: express.Request, _?: express.Response, next?: express.NextFunction): void => {
|
||||
if (!authenticated(req)) {
|
||||
export const ensureAuthenticated = async (
|
||||
req: express.Request,
|
||||
_?: express.Response,
|
||||
next?: express.NextFunction,
|
||||
): Promise<void> => {
|
||||
const isAuthenticated = await authenticated(req)
|
||||
if (!isAuthenticated) {
|
||||
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
|
||||
}
|
||||
if (next) {
|
||||
|
@ -57,17 +62,19 @@ export const ensureAuthenticated = (req: express.Request, _?: express.Response,
|
|||
/**
|
||||
* Return true if authenticated via cookies.
|
||||
*/
|
||||
export const authenticated = (req: express.Request): boolean => {
|
||||
export const authenticated = async (req: express.Request): Promise<boolean> => {
|
||||
switch (req.args.auth) {
|
||||
case AuthType.None:
|
||||
return true
|
||||
case AuthType.Password:
|
||||
// The password is stored in the cookie after being hashed.
|
||||
// TODO@jsjoeio this also needs to be refactored to check if they're using the legacy password
|
||||
// or the new one. we can't assume hashed-password means legacy
|
||||
return !!(
|
||||
req.cookies.key &&
|
||||
(req.args["hashed-password"]
|
||||
? safeCompare(req.cookies.key, req.args["hashed-password"])
|
||||
: req.args.password && isHashMatch(req.args.password, req.cookies.key))
|
||||
: req.args.password && (await isHashMatch(req.args.password, req.cookies.key)))
|
||||
)
|
||||
default:
|
||||
throw new Error(`Unsupported auth type ${req.args.auth}`)
|
||||
|
|
|
@ -32,14 +32,15 @@ const maybeProxy = (req: Request): string | undefined => {
|
|||
return port
|
||||
}
|
||||
|
||||
router.all("*", (req, res, next) => {
|
||||
router.all("*", async (req, res, next) => {
|
||||
const port = maybeProxy(req)
|
||||
if (!port) {
|
||||
return next()
|
||||
}
|
||||
|
||||
// Must be authenticated to use the proxy.
|
||||
if (!authenticated(req)) {
|
||||
const isAuthenticated = await authenticated(req)
|
||||
if (!isAuthenticated) {
|
||||
// Let the assets through since they're used on the login page.
|
||||
if (req.path.startsWith("/static/") && req.method === "GET") {
|
||||
return next()
|
||||
|
|
|
@ -49,9 +49,9 @@ const limiter = new RateLimiter()
|
|||
|
||||
export const router = Router()
|
||||
|
||||
router.use((req, res, next) => {
|
||||
router.use(async (req, res, next) => {
|
||||
const to = (typeof req.query.to === "string" && req.query.to) || "/"
|
||||
if (authenticated(req)) {
|
||||
if (await authenticated(req)) {
|
||||
return redirect(req, res, to, { to: undefined })
|
||||
}
|
||||
next()
|
||||
|
|
|
@ -43,7 +43,8 @@ router.get("/(:commit)(/*)?", async (req, res) => {
|
|||
|
||||
// Make sure it's in code-server if you aren't authenticated. This lets
|
||||
// unauthenticated users load the login assets.
|
||||
if (!resourcePath.startsWith(rootPath) && !authenticated(req)) {
|
||||
const isAuthenticated = await authenticated(req)
|
||||
if (!resourcePath.startsWith(rootPath) && !isAuthenticated) {
|
||||
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
|
||||
}
|
||||
|
||||
|
|
|
@ -19,7 +19,8 @@ export const router = Router()
|
|||
const vscode = new VscodeProvider()
|
||||
|
||||
router.get("/", async (req, res) => {
|
||||
if (!authenticated(req)) {
|
||||
const isAuthenticated = await authenticated(req)
|
||||
if (!isAuthenticated) {
|
||||
return redirect(req, res, "login", {
|
||||
// req.baseUrl can be blank if already at the root.
|
||||
to: req.baseUrl && req.baseUrl !== "/" ? req.baseUrl : undefined,
|
||||
|
|
Loading…
Reference in New Issue