From 06f1bd207bfca218742b9d14e4362d5143dd94eb Mon Sep 17 00:00:00 2001 From: Miroslav Pejic Date: Wed, 12 Jul 2023 19:36:24 +0200 Subject: [PATCH] [mirotalk] - #168 use post method for login page --- app/src/server.js | 20 +++++++++++++------- public/views/login.html | 18 +++++++++++++++++- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/app/src/server.js b/app/src/server.js index a6f9e487..09c4f21f 100755 --- a/app/src/server.js +++ b/app/src/server.js @@ -248,28 +248,33 @@ app.use((err, req, res, next) => { // main page app.get(['/'], (req, res) => { if (hostCfg.protected == true) { - hostCfg.authenticated = false; - res.sendFile(views.login); + const ip = getIP(req); + if (allowedIP(ip)) { + res.sendFile(views.landing); + } else { + hostCfg.authenticated = false; + res.sendFile(views.login); + } } else { res.sendFile(views.landing); } }); // handle login on host protected -app.get(['/login'], (req, res) => { +app.post(['/login'], (req, res) => { if (hostCfg.protected == true) { const ip = getIP(req); - log.debug(`Request login to host from: ${ip}`, req.query); - const { username, password } = checkXSS(req.query); + log.debug(`Request login to host from: ${ip}`, req.body); + const { username, password } = checkXSS(req.body); if (username == hostCfg.username && password == hostCfg.password) { hostCfg.authenticated = true; authHost = new Host(ip, true); log.debug('LOGIN OK', { ip: ip, authorized: authHost.isAuthorized(ip) }); - res.sendFile(views.landing); + res.status(200).json({ message: 'authorized' }); } else { log.debug('LOGIN KO', { ip: ip, authorized: false }); hostCfg.authenticated = false; - res.sendFile(views.login); + res.status(401).json({ message: 'unauthorized' }); } } else { res.redirect('/'); @@ -1253,6 +1258,7 @@ function allowedIP(ip) { function removeIP(socket) { if (hostCfg.protected == true) { const ip = socket.handshake.address; + log.debug('Host protected check ip', { ip: ip }); if (ip && allowedIP(ip)) { authHost.deleteIP(ip); hostCfg.authenticated = false; diff --git a/public/views/login.html b/public/views/login.html index 3983ab9d..27c214af 100644 --- a/public/views/login.html +++ b/public/views/login.html @@ -48,6 +48,10 @@ + + + +
@@ -128,7 +132,19 @@ let password = filterXSS(document.getElementById('password').value); if (username && password) { - window.location.href = `/login?username=${username}&password=${password}`; + axios + .post('/login', { + username: username, + password: password, + }) + .then(function (response) { + console.log(response); + window.location.href = '/'; + }) + .catch(function (error) { + console.error(error); + alert('Unauthorized'); + }); return; } if (!username && !password) {