问题
I am using Hubot and I've defined the environment variables EXPRESS_USER and EXPRESS_PASSWORD to enable basic authentication. Hubot uses express and basically it's
setupExpress: ->
user = process.env.EXPRESS_USER
pass = process.env.EXPRESS_PASSWORD
stat = process.env.EXPRESS_STATIC
express = require 'express'
app = express()
app.use (req, res, next) =>
res.setHeader "X-Powered-By", "hubot/#{@name}"
next()
app.use express.basicAuth user, pass if user and pass
app.use express.query()
app.use express.bodyParser()
app.use express.static stat if stat`
I want to expose an HTTP command in a script that doesn't need basic auth. However I'm not able to change change the code in Hubot where express it's being initialized
robot.router.get '/some-anonymous-path', (req, res) ->
console.log 'Should be here without need to authenticate
Does anyone know if it's possible to do it in expressjs.
Thanks in advance
Bruno
回答1:
How about putting nginx in front of your Hubot? Then you can also add SSL, only allow access to specific paths, rewrite urls or even serve static content created by hubot scripts. A simple example nginx.conf block:
upstream hubot {
server localhost:8080;
}
server {
listen 80;
satisfy any;
allow 127.0.0.1;
deny all;
location ~ ^/(public|obscured) {
allow all;
proxy_pass http://hubot;
}
location ~ ^/(static) {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
root /www;
}
location ~ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
proxy_pass http://hubot;
}
}
Then toss an htpasswd pair in /etc/nginx/htpasswd and in your hubot init script set BIND_ADDRESS=localhost (default bind is 0.0.0.0) and you'll be off to the races.
来源:https://stackoverflow.com/questions/24392180/hubot-express-disable-basic-auth-in-a-specific-route