Authenticate requests

From GitbookIO#175

Author: rastiqdev

lib/nuts.js

@@ -40,6 +40,9 @@ function Nuts(opts) {
 
     // Prefix for all routes
     routePrefix: "/",
+
+    // Authenticator for non-api endpoints
+    authHandler: undefined,
   })
 
   if (
@@ -128,6 +131,12 @@ Nuts.prototype._init = function () {
     })
 }
 
+Nuts.prototype.checkAuth = async function (req, version) {
+  if (!this.opts.authHandler) return true
+
+  return await this.opts.authHandler(req, version)
+}
+
 // Perform a hook using promised functions
 Nuts.prototype.performQ = function (name, arg, fn) {
   var that = this
@@ -206,7 +215,9 @@ Nuts.prototype._onDownload = function (req, res, next) {
     })
 
     // Serve downloads
-    .then(function (version) {
+    .then(async function (version) {
+      if (!(await that.checkAuth(req, version))) return res.sendStatus(403)
+
       var asset
 
       if (filename) {
@@ -283,13 +294,15 @@ Nuts.prototype.onUpdate = function (req, res, next) {
         stripChannel: true,
       })
     })
-    .then(function (versions) {
+    .then(async function (versions) {
       var latest = versions[0]
 
       // Already using latest version?
       if (!latest || latest.tag == tag)
         return res.status(204).send("No updates")
 
+      if (!(await that.checkAuth(req, version))) return res.sendStatus(403)
+
       // Extract release notes from all versions in range
       var notesSlice =
         versions.length === 1 ? [versions[0]] : versions.slice(0, -1)
@@ -339,11 +352,13 @@ Nuts.prototype.onUpdateWin = function (req, res, next) {
         channel: channel,
       })
     })
-    .then(function (versions) {
+    .then(async function (versions) {
       // Update needed?
       var latest = _.first(versions)
       if (!latest) throw new Error("Version not found")
 
+      if (!(await that.checkAuth(req, version))) return res.sendStatus(403)
+
       // File exists
       var asset = _.find(latest.platforms, {
         filename: "RELEASES",
@@ -392,11 +407,13 @@ Nuts.prototype.onServeNotes = function (req, res, next) {
         channel: "*",
       })
     })
-    .then(function (versions) {
+    .then(async function (versions) {
       var latest = _.first(versions)
 
       if (!latest) throw new Error("No versions matching")
 
+      if (!(await that.checkAuth(req, version))) return res.sendStatus(403)
+
       res.format({
         "application/json": function () {
           res.send({
@@ -432,18 +449,20 @@ Nuts.prototype.onServeVersionsFeed = function (req, res, next) {
       })
     })
     .then(function (versions) {
-      _.each(versions, function (version) {
-        feed.addItem({
-          title: version.tag,
-          link: urljoin(
-            fullUrl,
-            "/../../../",
-            `download/version/${version.tag}`,
-          ),
-          description: version.notes,
-          date: version.published_at,
-          author: [],
-        })
+      _.each(versions, async function (version) {
+        if (await that.checkAuth(req, version)) {
+          feed.addItem({
+            title: version.tag,
+            link: urljoin(
+              fullUrl,
+              "/../../../",
+              `download/version/${version.tag}`,
+            ),
+            description: version.notes,
+            date: version.published_at,
+            author: [],
+          })
+        }
       })
 
       res.set("Content-Type", "application/atom+xml; charset=utf-8")