inline basic-auth module

src/proxyauth.js

@@ -9,7 +9,6 @@ exports = module.exports = {
 
 const apps = require('./apps.js'),
     assert = require('assert'),
-    basicAuth = require('basic-auth'),
     blobs = require('./blobs.js'),
     branding = require('./branding.js'),
     constants = require('./constants.js'),
@@ -50,6 +49,23 @@ function jwtVerify(req, res, next) {
     });
 }
 
+function basicAuth(req) {
+    const CREDENTIALS_REGEXP = /^ *(?:[Bb][Aa][Ss][Ii][Cc]) +([A-Za-z0-9._~+/-]+=*) *$/;
+    const USER_PASS_REGEXP = /^([^:]*):(.*)$/;
+
+    const header = req.headers.authorization;
+    if (!header) return null;
+
+    const match = CREDENTIALS_REGEXP.exec(header);
+    if (!match) return null;
+
+    const decodedHeader = Buffer.from(match[1], 'base64').toString();
+    const userPass = USER_PASS_REGEXP.exec(decodedHeader);
+    if (!userPass) return null;
+
+    return { username: userPass[1], password: userPass[2] };
+}
+
 async function authorizationHeader(req, res, next) {
     const appId = req.headers['x-app-id'] || '';
     if (!appId) return next();
@@ -68,8 +84,8 @@ async function authorizationHeader(req, res, next) {
 
     if (!app.manifest.addons.proxyAuth.basicAuth) return next(); // this is a flag because this allows auth to bypass 2FA
 
-    const verifyFunc = credentials.name.indexOf('@') !== -1 ? users.verifyWithEmail : users.verifyWithUsername;
-    const [verifyError, user] = await safe(verifyFunc(credentials.name, credentials.pass, appId, { skipTotpCheck: true }));
+    const verifyFunc = credentials.username.indexOf('@') !== -1 ? users.verifyWithEmail : users.verifyWithUsername;
+    const [verifyError, user] = await safe(verifyFunc(credentials.username, credentials.password, appId, { skipTotpCheck: true }));
     if (verifyError) return next(new HttpError(403, 'Invalid username or password' ));
 
     req.user = user;