Commit graph

22 commits

Author SHA1 Message Date
Matthew Nickson
42a69c16ca
Switched to crypto.randomBytes fpr key generation
Keys are now 32 bytes long encoded in a URL safe base64 string

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
2023-02-26 16:47:34 +00:00
Matthew Nickson
b8720b46c3
Switched to using Authorization header
Prometheus doesn't support using custom headers for exporters, however
it does support using the Authorisation header with basic auth. As
such, we switched from using X-API-Key to Authorization with the basic
scheme and an empty username field.

Also added a rate limit for API endpoints of 60 requests in a minute

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
2023-02-15 21:53:49 +00:00
Matthew Nickson
01c71a0242
Fixed logic errors, removed dev leftovers
Fixed a logic error where a comma was used instead of an or, also
removed leftover console.logs from testing.

Date picker is now dissabled when don't expire is checked.

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
2023-02-15 11:15:15 +00:00
Matthew Nickson
e7feca1cd6
Added API key authentication handler
API key authentication is now possible by making use of the X-API-Key
header. API authentication will only be enabled when a user adds their
first API key, up until this point, they can still use their username
and password to authenticate with API endpoints. After the user adds
their first API key, they may only use API keys in future to
authenticate with the API.

In this commit, the prometheus /metrics endpoint has been changed over
to the new authentication system.

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
2023-02-15 00:39:29 +00:00
Matthew Nickson
caff9ca736
Added JSDoc for server/
Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
2023-01-05 22:19:05 +00:00
Louis Lam
50711391d1
Revert "Auth: Case insensitive login check on username" 2023-01-01 22:19:00 +08:00
Mathias Haugsbø
b3ac7c3d43 Username case insensitive, patch db instead of using LIKE 2022-12-19 12:18:33 +01:00
Mathias Haugsbø
c79b2913a2 Auth: Case insensitive login check on username
Allows users to add users with capital letters and then login with just lowercase letters.

We accidentally capitalized the first letter of our username so the other people using it frequently thinks they wrote the wrong password.
2022-12-18 17:16:19 +01:00
Matthew Nickson
6d22ebedca
Merge branch 'master' into add-JSDoc-comments 2022-04-21 13:01:22 +01:00
Matthew Nickson
03b2d8d521
Add JSDoc to server/*
Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
2022-04-20 19:56:40 +01:00
Louis Lam
17dcf6d3a2
Merge pull request #910 from andreasbrett/logging
introduce consistent logging
2022-04-13 23:47:08 +08:00
Louis Lam
772d009f43 Merge branch 'master' into fluencydoc_master
# Conflicts:
#	extra/update-version.js
#	server/client.js
#	server/server.js
2022-04-12 17:44:04 +08:00
Louis Lam
279e2eb3f6 Merge branch 'master' into logging
# Conflicts:
#	server/database.js
#	server/jobs.js
#	server/model/monitor.js
#	server/routers/api-router.js
#	server/server.js
#	server/socket-handlers/status-page-socket-handler.js
#	server/util-server.js
2022-04-12 16:32:14 +08:00
Louis Lam
0da6e6b1fb Some improvements 2022-03-29 17:38:48 +08:00
Louis Lam
71af08189e Clear useless code 2022-03-24 18:03:31 +08:00
Louis Lam
d32ba7cadd Fix #1318, basic auth is completely disabled if the auth is disabled 2022-03-24 18:02:34 +08:00
Andreas Brett
bdcdf47e52 introduce consistent logging 2021-11-11 12:31:28 +01:00
Calum Bird
f55350bebc Generated documentation :) 2021-11-09 21:24:31 -08:00
Louis Lam
b77b33e790 add login rate limiter 2021-10-23 16:35:13 +08:00
LouisLam
44c8ca9da8 requires empty username/password if set disableAuth for basic auth 2021-08-03 00:08:46 +08:00
Adam Stachowicz
9648d700d7 Autofix on save 2021-07-27 19:47:13 +02:00
LouisLam
209fa83cff Add Basic Auth for /metrics 2021-07-28 00:52:31 +08:00