From b35a06e0892d51ed7b0ef63a42fa6f0572d005ae Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= Date: Thu, 15 Feb 2024 22:49:42 +0100 Subject: [PATCH] refactor: refine UI Server configuration checks MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Jérôme Benoit --- src/charging-station/ui-server/AbstractUIServer.ts | 2 +- src/charging-station/ui-server/UIServerFactory.ts | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/charging-station/ui-server/AbstractUIServer.ts b/src/charging-station/ui-server/AbstractUIServer.ts index 49ac6359..495729fa 100644 --- a/src/charging-station/ui-server/AbstractUIServer.ts +++ b/src/charging-station/ui-server/AbstractUIServer.ts @@ -137,7 +137,7 @@ export abstract class AbstractUIServer { } private isValidProtocolBasicAuth (req: IncomingMessage, next: (err?: Error) => void): boolean { - const authorizationProtocol = req.headers['sec-websocket-protocol']?.split(',').pop()?.trim() + const authorizationProtocol = req.headers['sec-websocket-protocol']?.split(/,\s+/).pop() const [username, password] = this.getUsernameAndPasswordFromAuthorizationToken( // eslint-disable-next-line @typescript-eslint/no-non-null-assertion `${authorizationProtocol}${Array(((4 - (authorizationProtocol!.length % 4)) % 4) + 1).join('=')}` diff --git a/src/charging-station/ui-server/UIServerFactory.ts b/src/charging-station/ui-server/UIServerFactory.ts index 3df45663..eccbbf0d 100644 --- a/src/charging-station/ui-server/UIServerFactory.ts +++ b/src/charging-station/ui-server/UIServerFactory.ts @@ -36,11 +36,14 @@ export class UIServerFactory { ) { throw new BaseError('Protocol basic authentication is not supported for HTTP UI server') } - // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - if (!UIServerUtils.isLoopback(uiServerConfiguration.options!.host!)) { + if ( + uiServerConfiguration.authentication?.enabled !== true && + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + !UIServerUtils.isLoopback(uiServerConfiguration.options!.host!) + ) { console.warn( chalk.yellow( - 'Loopback address not detected in UI server configuration. This is not recommended' + 'Non loopback address in UI server configuration without authentication enabled. This is not recommended' ) ) } -- 2.34.1