mirror of
https://github.com/SillyTavern/SillyTavern.git
synced 2025-06-05 21:59:27 +02:00
Merge pull request #154 from artisticMink/feature/basic-authentication
Add Basic Authentication Support to SillyTavern
This commit is contained in:
@@ -2,10 +2,12 @@
|
||||
const port = 8000;
|
||||
const whitelist = ['127.0.0.1']; //Example for add several IP in whitelist: ['127.0.0.1', '192.168.0.10']
|
||||
const whitelistMode = true; //Disabling enabling the ip whitelist mode. true/false
|
||||
const basicAuthMode = false; //Toggle basic authentication for endpoints.
|
||||
const basicAuthUser = {username: "user", password: "password"}; //Login credentials when basicAuthMode is true.
|
||||
const autorun = true; //Autorun in the browser. true/false
|
||||
const enableExtensions = true; //Enables support for TavernAI-extras project
|
||||
const listen = true; // If true, Can be access from other device or PC. otherwise can be access only from hosting machine.
|
||||
|
||||
module.exports = {
|
||||
port, whitelist, whitelistMode, autorun, enableExtensions, listen
|
||||
port, whitelist, whitelistMode, basicAuthMode, basicAuthUser, autorun, enableExtensions, listen
|
||||
};
|
||||
|
@@ -35,6 +35,7 @@ const rimraf = require("rimraf");
|
||||
const multer = require("multer");
|
||||
const http = require("http");
|
||||
const https = require('https');
|
||||
const basicAuthMiddleware = require('./src/middleware/basicAuthMiddleware');
|
||||
//const PNG = require('pngjs').PNG;
|
||||
const extract = require('png-chunks-extract');
|
||||
const encode = require('png-chunks-encode');
|
||||
@@ -194,6 +195,8 @@ const CORS = cors({
|
||||
|
||||
app.use(CORS);
|
||||
|
||||
if (listen && config.basicAuthMode) app.use(basicAuthMiddleware);
|
||||
|
||||
app.use(function (req, res, next) { //Security
|
||||
let clientIp = req.connection.remoteAddress;
|
||||
let ip = ipaddr.parse(clientIp);
|
||||
@@ -2395,6 +2398,10 @@ const setupTasks = async function () {
|
||||
|
||||
if (autorun) open(autorunUrl.toString());
|
||||
console.log('SillyTavern is listening on: ' + tavernUrl);
|
||||
if (listen &&
|
||||
!config.whitelistMode &&
|
||||
!config.basicAuthMode)
|
||||
console.log('Your SillyTavern is currently open to the public. To increase security, consider enabling whitelisting or basic authentication.')
|
||||
|
||||
if (fs.existsSync('public/characters/update.txt') && !is_colab) {
|
||||
convertStage1();
|
||||
|
39
src/middleware/basicAuthMiddleware.js
Normal file
39
src/middleware/basicAuthMiddleware.js
Normal file
@@ -0,0 +1,39 @@
|
||||
/**
|
||||
* When applied, this middleware will ensure the request contains the required header for basic authentication and only
|
||||
* allow access to the endpoint after successful authentication.
|
||||
*/
|
||||
|
||||
const {dirname} = require('path');
|
||||
const appDir = dirname(require.main.filename);
|
||||
const config = require(appDir + '/config.conf');
|
||||
|
||||
const unauthorizedResponse = (res) => {
|
||||
res.set('WWW-Authenticate', 'Basic realm="SillyTavern", charset="UTF-8"');
|
||||
return res.status(401).send('Authentication required');
|
||||
};
|
||||
|
||||
const basicAuthMiddleware = function (request, response, callback) {
|
||||
const authHeader = request.headers.authorization;
|
||||
|
||||
if (!authHeader) {
|
||||
return unauthorizedResponse(response);
|
||||
}
|
||||
|
||||
const [scheme, credentials] = authHeader.split(' ');
|
||||
|
||||
if (scheme !== 'Basic' || !credentials) {
|
||||
return unauthorizedResponse(response);
|
||||
}
|
||||
|
||||
const [username, password] = Buffer.from(credentials, 'base64')
|
||||
.toString('utf8')
|
||||
.split(':');
|
||||
|
||||
if (username === config.basicAuthUser.username && password === config.basicAuthUser.password) {
|
||||
return callback();
|
||||
} else {
|
||||
return unauthorizedResponse(response);
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = basicAuthMiddleware;
|
Reference in New Issue
Block a user