64 lines
2.1 KiB
JavaScript
64 lines
2.1 KiB
JavaScript
const fs = require('fs');
|
|
const apacheMd5 = require('apache-md5');
|
|
|
|
module.exports = function(app, getToken) {
|
|
app.post('/action/login', (req, res) => {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).send('Username and password are required');
|
|
}
|
|
|
|
const passwdFilePath = '/etc/apache2/dav_svn.passwd';
|
|
const authzFilePath = '/etc/apache2/dav_svn.authz';
|
|
|
|
try {
|
|
const passwdContent = fs.readFileSync(passwdFilePath, 'utf8');
|
|
const userLine = passwdContent.split('\n').find(line => line.startsWith(`${username}:`));
|
|
|
|
if (!userLine) {
|
|
return res.status(401).send('Invalid credentials');
|
|
}
|
|
|
|
const storedHash = userLine.split(':')[1];
|
|
const calculatedHash = apacheMd5(password, storedHash);
|
|
|
|
if (storedHash !== calculatedHash) {
|
|
return res.status(401).send('Invalid credentials');
|
|
}
|
|
|
|
const authzContent = fs.readFileSync(authzFilePath, 'utf8');
|
|
const lines = authzContent.split('\n');
|
|
let isInAdminGroup = false;
|
|
let inGroupSection = false;
|
|
|
|
for (const line of lines) {
|
|
if (line.trim() === '[groups]') {
|
|
inGroupSection = true;
|
|
continue;
|
|
}
|
|
if (inGroupSection && line.startsWith('admin =')) {
|
|
const groupMembers = line.split('=')[1].trim().split(',').map(m => m.trim());
|
|
isInAdminGroup = groupMembers.includes(username);
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (isInAdminGroup) {
|
|
res.json({
|
|
authenticated: true,
|
|
isAdmin: true,
|
|
token: getToken()
|
|
});
|
|
} else {
|
|
res.json({
|
|
authenticated: true,
|
|
isAdmin: false
|
|
});
|
|
}
|
|
|
|
} catch (error) {
|
|
res.status(500).send('Authentication failed');
|
|
}
|
|
});
|
|
}; |