Paul Trowbridge
2c573a5eeb
- Express auth middleware checks Authorization: Basic header on all /api routes using bcrypt against LOGIN_USER/LOGIN_PASSWORD_HASH in .env - React login screen shown before app loads, stores credentials in memory, sends them with every API request, clears and returns to login on 401 - Logout button in sidebar header - manage.py option 9: set login credentials (bcrypt via node, writes to .env) - manage.py status shows whether login credentials are configured Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
29 lines
933 B
JavaScript
29 lines
933 B
JavaScript
const bcrypt = require('bcrypt');
|
|
|
|
function authMiddleware(req, res, next) {
|
|
const header = req.headers['authorization'];
|
|
|
|
if (!header || !header.startsWith('Basic ')) {
|
|
return res.status(401).json({ error: 'Authentication required' });
|
|
}
|
|
|
|
const [user, pass] = Buffer.from(header.slice(6), 'base64').toString().split(':');
|
|
const expectedUser = process.env.LOGIN_USER;
|
|
const expectedHash = process.env.LOGIN_PASSWORD_HASH;
|
|
|
|
if (!expectedUser || !expectedHash) {
|
|
return res.status(500).json({ error: 'Login credentials not configured — run manage.py option 9' });
|
|
}
|
|
|
|
if (user !== expectedUser) {
|
|
return res.status(401).json({ error: 'Invalid credentials' });
|
|
}
|
|
|
|
bcrypt.compare(pass, expectedHash, (err, match) => {
|
|
if (err || !match) return res.status(401).json({ error: 'Invalid credentials' });
|
|
next();
|
|
});
|
|
}
|
|
|
|
module.exports = authMiddleware;
|