rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-01-21 06:03:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

[bug] Don't allow per user auth with accounts disabled

Browse Source
This commit is contained in:
Cohee 2024-10-09 10:43:52 +03:00
parent 15436d0f2a
commit fe1f9fafbd
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server.js
View File

@ -758,7 +758,9 @@ const postSetupTasks = async function (v6Failed, v4Failed) {
}
if (basicAuthMode) {
if (!perUserBasicAuth) {
if (perUserBasicAuth && !enableAccounts) {
console.error(color.red('Per-user basic authentication is enabled, but user accounts are disabled. This configuration may be insecure.'));
} else if (!perUserBasicAuth) {
const basicAuthUser = getConfigValue('basicAuthUser', {});
if (!basicAuthUser?.username || !basicAuthUser?.password) {
console.warn(color.yellow('Basic Authentication is enabled, but username or password is not set or empty!'));

6
src/middleware/basicAuth.js
View File

@ -7,6 +7,7 @@ const { getConfig, getConfigValue } = require('../util.js');
const storage = require('node-persist');
const PER_USER_BASIC_AUTH = getConfigValue('perUserBasicAuth', false);
const ENABLE_ACCOUNTS = getConfigValue('enableUserAccounts', false);
const unauthorizedResponse = (res) => {
res.set('WWW-Authenticate', 'Basic realm="SillyTavern", charset="UTF-8"');
@ -27,13 +28,14 @@ const basicAuthMiddleware = async function (request, response, callback) {
return unauthorizedResponse(response);
}
const usePerUserAuth = PER_USER_BASIC_AUTH && ENABLE_ACCOUNTS;
const [username, password] = Buffer.from(credentials, 'base64')
.toString('utf8')
.split(':');
if (!PER_USER_BASIC_AUTH && username === config.basicAuthUser.username && password === config.basicAuthUser.password) {
if (!usePerUserAuth && username === config.basicAuthUser.username && password === config.basicAuthUser.password) {
return callback();
} else if (PER_USER_BASIC_AUTH) {
} else if (usePerUserAuth) {
const userHandles = await getAllUserHandles();
for (const userHandle of userHandles) {
if (username === userHandle) {