jeanmachine.dev / witchsky.app
forked from jollywhoppers.com/witchsky.app
Bluesky app fork with some witchin' additions 💫
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

bskyweb: optional basic auth password middleware (#4759)

authored by

bnewbold and committed by
GitHub fb278384 6298e689

+24 -3
+10 -3
bskyweb/cmd/bskyweb/main.go
··· 41 41 EnvVars: []string{"ATP_APPVIEW_HOST", "ATP_PDS_HOST"}, 42 42 }, 43 43 &cli.StringFlag{ 44 - Name: "ogcard-host", 45 - Usage: "scheme, hostname, and port of ogcard service", 44 + Name: "ogcard-host", 45 + Usage: "scheme, hostname, and port of ogcard service", 46 46 Required: false, 47 - EnvVars: []string{"OGCARD_HOST"}, 47 + EnvVars: []string{"OGCARD_HOST"}, 48 48 }, 49 49 &cli.StringFlag{ 50 50 Name: "http-address", ··· 66 66 Value: false, 67 67 Required: false, 68 68 EnvVars: []string{"DEBUG"}, 69 + }, 70 + &cli.StringFlag{ 71 + Name: "basic-auth-password", 72 + Usage: "optional password to restrict access to web interface", 73 + Required: false, 74 + Value: "", 75 + EnvVars: []string{"BASIC_AUTH_PASSWORD"}, 69 76 }, 70 77 }, 71 78 },
+14
bskyweb/cmd/bskyweb/server.go
··· 2 2 3 3 import ( 4 4 "context" 5 + "crypto/subtle" 5 6 "errors" 6 7 "fmt" 7 8 "io/fs" ··· 48 49 appviewHost := cctx.String("appview-host") 49 50 ogcardHost := cctx.String("ogcard-host") 50 51 linkHost := cctx.String("link-host") 52 + basicAuthPassword := cctx.String("basic-auth-password") 51 53 52 54 // Echo 53 55 e := echo.New() ··· 139 141 return c.String(http.StatusTooManyRequests, "Your request has been rate limited. Please try again later. Contact security@bsky.app if you believe this was a mistake.\n") 140 142 }, 141 143 })) 144 + 145 + // optional password gating of entire web interface 146 + if basicAuthPassword != "" { 147 + e.Use(middleware.BasicAuth(func(username, password string, c echo.Context) (bool, error) { 148 + // Be careful to use constant time comparison to prevent timing attacks 149 + if subtle.ConstantTimeCompare([]byte(username), []byte("admin")) == 1 && 150 + subtle.ConstantTimeCompare([]byte(password), []byte(basicAuthPassword)) == 1 { 151 + return true, nil 152 + } 153 + return false, nil 154 + })) 155 + } 142 156 143 157 // redirect trailing slash to non-trailing slash. 144 158 // all of our current endpoints have no trailing slash.