Protect logging backend.

This commit is contained in:
baldo 2016-05-24 19:40:02 +02:00
parent 09b01f5ccf
commit 921052dff5
5 changed files with 32 additions and 1 deletions

View file

@ -12,6 +12,12 @@
"logRequests": false
},
"internal": {
"active": false,
"user": "admin",
"password": "secret"
},
"email": {
"from": "Freifunk Knotenformular <no-reply@musterstadt.freifunk.net>",

View file

@ -34,6 +34,7 @@
"grunt-svgmin": "~3.2.0",
"grunt-usemin": "~3.1.1",
"grunt-wiredep": "~3.0.1",
"http-auth": "~2.3.6",
"http-errors": "~1.4.0",
"imagemin-gifsicle": "~5.0.0",
"jshint-stylish": "~2.2.0",

View file

@ -2,11 +2,27 @@
angular.module('ffffng').factory('app', function (fs, config, _) {
var express = require('express');
var auth = require('http-auth');
var bodyParser = require('body-parser');
var compress = require('compression');
var app = express();
// urls beneath /internal are protected
var internalAuth = auth.basic(
{
realm: "Knotenformular - Intern"
},
function (username, password, callback) {
callback(
config.server.internal.active &&
username === config.server.internal.user &&
password === config.server.internal.password
);
}
);
app.use('/internal', auth.connect(internalAuth));
app.use(bodyParser.json());
var clientDir = __dirname + '/../client';

View file

@ -17,6 +17,12 @@ var defaultConfig = {
logRequests: false
},
internal: {
active: false,
user: 'admin',
password: 'secret'
},
email: {
from: 'Freifunk Knotenformular <no-reply@musterstadt.freifunk.net>',

View file

@ -30,7 +30,9 @@ angular.module('ffffng').factory('Logger', function (app) {
if (config.server.logging.logRequests) {
app.use(scribe.express.logger());
}
app.use('/internal/logs', scribe.webPanel());
if (config.server.internal.active) {
app.use('/internal/logs', scribe.webPanel());
}
return process.console;
});