dappnode · pablomendezroyo · Jun 19, 2024 · Jun 17, 2024 · Jun 18, 2024 · Jun 18, 2024
@@ -8,7 +8,7 @@ import morgan from "morgan";
 import { HttpError, BadRequestError, asyncHandler } from "./utils/asyncHandler";
 import { entriesDb } from "./db";
 import { reconfigureNGINX } from "./utils/nginx";
-import { sanitizeExternal, sanitizeFrom, sanitizeTo } from "./utils/sanitize";
+import { sanitizeAuth, sanitizeExternal, sanitizeFrom, sanitizeTo } from "./utils/sanitize";
 import { config } from "../config";
 
 function getHttpsApi(dappnodeDomain: string): Express {
@@ -22,6 +22,7 @@ function getHttpsApi(dappnodeDomain: string): Express {
       const from = await sanitizeFrom(req.query.from as string);
       const to = sanitizeTo(req.query.to as string);
       const external = sanitizeExternal(req.query.external as string); //true if not set, we should swap this, but it left like this for backwards compatibility
+      const auth = sanitizeAuth(req.query.auth as string);
 
       const entries = entriesDb.read();
       if (entries.some((entry) => entry.from === from)) {
@@ -38,7 +39,7 @@ function getHttpsApi(dappnodeDomain: string): Express {
         );
       }
 
-      entries.push({ from, to, external });
+      entries.push({ from, to, external, auth });
       entriesDb.write(entries);
 
       const reconfigured = await reconfigureNGINX(dappnodeDomain);

@@ -37,6 +37,13 @@ export function sanitizeExternal(external: string): boolean {
   return false;
 }
 
+export function sanitizeAuth(auth: string): string {
+  if (!auth) {
+    return "";
+  }
+  return auth;
+}
+
 function assertIsSubdomain(subdomain: string): void {
   if (subdomain.includes(".")) {
     throw Error("Must not be FQDN nor contain any subdomains");

@@ -40,6 +40,13 @@ export async function updateServerConfigs(
       await ensureValidCert(true);
       checkedCert = true;
     }
+    if(mapping.auth.length > 0) { 
+      console.log(` *-> Adding auth <-*`);
+      await fs.writeFileSync(
+        path.join(config.serverConfigDir, `${mapping.from}.${dappnodeDomain}.auth`),
+        mapping.auth  
+      )
+    }
     await fs.writeFileSync(
       path.join(config.serverConfigDir, filename),
       await generateServerConfig(mapping, dappnodeDomain)

@@ -15,6 +15,7 @@ export async function generateServerConfig(
     domain: `${mapping.from}.${dappnodeDomain}`,
     target: mapping.to,
     external: mapping.external,
+    auth: mapping.auth.length > 0
   };
   return await ejs.renderFile("./templates/default.ssl.conf.ejs", {
     data: data,

@@ -11,4 +11,8 @@ export interface DomainMapping {
    * Indicates whether mapping should made public
    */
   external?: boolean;
+  /**
+   * Optional auth string
+   */
+  auth?: string;
 }
@@ -49,6 +49,11 @@ server {
 
     location / {
 
+        <% if(data.auth) { %>
+        auth_basic           "Creds Required";
+        auth_basic_user_file <%- data.domain %>.auth;
+        <% } %>
+
         set $backend http://<%-data.target %>;
         proxy_pass $backend;
         proxy_set_header Host $host;