f.weber/homebrewery
0
0
Fork 0
mirror of https://github.com/naturalcrit/homebrewery.git synced 2026-01-06 18:42:40 +00:00
Code Wiki Activity

errors for access denied and authorization required

Browse Source
This commit is contained in:
Víctor Losada Hernández
2024-06-16 17:14:27 +02:00
parent f15c831b70
commit f07252d670
2 changed files with 45 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
client/homebrew/pages/errorPage/errors/errorIndex.js
View File

@@ -148,19 +148,55 @@ const errorIndex = (props)=>{
**Brew Title:** ${props.brew.brewTitle}`, **Brew Title:** ${props.brew.brewTitle}`,
// ####### Admin pages errors #######
'401': dedent`
## Authorization Required
You need to provide correct credentials to access this page.
:
This is an administrator only page to manage the site, if you should not have access, leave inmediately.
:
If you have received instructions to open this page, report
as so at our subreddit or discord you will find in the home page.
`,
'403': dedent`
## Access Denied
The credentials you entered are not correct, you may try again, attention, there is a limited number of tries before you are blocked.
:
This is an administrator only page to manage the site, if you should not have access, leave inmediately.
:
If you have received instructions to open this page, report
as so at our subreddit or discord you will find in the home page.
`,
'470' : dedent` '470' : dedent`
## You have runned out of attempts ## You have runned out of attempts
You are trying to access the admin page, reserved for the administrators of this tool. You have failed to provide correct credentials to access the page too many times, and you have run out of attempts.
This is not a page where regular users should be, please, refrain from further access attempts.
: :
If you are a part of the administrators team who does not remember the correct credentials, This is an administrator only page to manage the site, if you should not have access, leave inmediately.
please get in contact with the rest of the team before trying again.
: :
If you have received instructions to open this page, report
as so at our subreddit or discord you will find in the home page.
::
In any case, your attempts have been logged, and you will not be capable of doing any more attempt for now. In any case, your attempts have been logged, and you will not be capable of doing any more attempt for now.
`, `,
}; };

7
server/admin.api.js
View File

@@ -21,10 +21,7 @@ const mw = {
loginLimiter, loginLimiter,
(req, res, next) => { (req, res, next) => {
if (!req.get('authorization')) { if (!req.get('authorization')) {
return res throw { HBErrorCode: '401', code: 401, message: 'Authorization Required' };
.set('WWW-Authenticate', 'Basic realm="Authorization Required"')
.status(401)
.send('Authorization Required');
} }
const [username, password] = Buffer.from(req.get('authorization').split(' ').pop(), 'base64') const [username, password] = Buffer.from(req.get('authorization').split(' ').pop(), 'base64')
.toString('ascii') .toString('ascii')
@@ -32,7 +29,7 @@ const mw = {
if (process.env.ADMIN_USER === username && process.env.ADMIN_PASS === password) { if (process.env.ADMIN_USER === username && process.env.ADMIN_PASS === password) {
return next(); return next();
} }
return res.status(401).send('Access denied'); throw { HBErrorCode: '403', code: 403, message: 'Access denied' };
} }
] ]
}; };