Implement local file auth

diff --git a/src/auth.js b/src/auth.js
index 39c01a11d0711ada50269afbdd7ee5b09bb6d28b..6ddb125b1c6a543c4fefa2d9c3e63f0916089297 100644 (file)
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,8 +1,13 @@
 'use strict';
 
 var passport = require('passport'),
+    path = require('path'),
+    safe = require('safetydance'),
+    bcrypt = require('bcryptjs'),
     LdapStrategy = require('passport-ldapjs').Strategy;
 
+var LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
+
 passport.serializeUser(function (user, done) {
     console.log('serializeUser', user);
     done(null, user.uid);
@@ -21,13 +26,17 @@ if (LDAP_URL && LDAP_USERS_BASE_DN) {
 
     exports.ldap = passport.authenticate('ldap');
 } else {
-    exports.ldap = function (req, res, next) {
-        console.log('Disable ldap auth, use developer credentials!');
+    console.log('Use local user file:', LOCAL_AUTH_FILE);
 
-        if (req.query.username !== 'test') return res.send(401);
-        if (req.query.password !== 'test') return res.send(401);
-
-        next();
+    exports.ldap = function (req, res, next) {
+        var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
+        if (!users) return res.send(401);
+        if (!users[req.query.username]) return res.send(401);
+
+        bcrypt.compare(req.query.password, users[req.query.username].passwordHash, function (error, valid) {
+            if (error || !valid) return res.send(401);
+            next();
+        });
     };
 }