From 9ecfda0110e9787fb2aaef1971e2d1307f9768a1 Mon Sep 17 00:00:00 2001
From: jrandom <jrandom>
Date: Tue, 10 Aug 2004 19:51:11 +0000
Subject: [PATCH] added basic HTTP authentication for accessing the router
 console (if a consolePassword is specified in the router.config)
 unfortunately, this password setting is only read on router startup...

---
 .../i2p/router/web/RouterConsoleRunner.java   | 53 ++++++++++++++++++-
 installer/java/src/router.config.template     |  9 ++++
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java b/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
index a16f8d6ea6..134b89febc 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
@@ -1,13 +1,22 @@
 package net.i2p.router.web;
 
 import java.io.IOException;
+import java.util.List;
+
+import net.i2p.router.RouterContext;
+
 import org.mortbay.jetty.Server;
+import org.mortbay.jetty.servlet.WebApplicationContext;
+import org.mortbay.http.handler.SecurityHandler;
+import org.mortbay.http.HashUserRealm;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.SecurityConstraint;
 import org.mortbay.util.MultiException;
 
 public class RouterConsoleRunner {
     private Server _server;
     private String _listenPort = "7657";
-    private String _listenHost = "0.0.0.0";
+    private String _listenHost = "127.0.0.1";
     private String _webAppsDir = "./webapps/";
     
     public RouterConsoleRunner(String args[]) {
@@ -25,10 +34,15 @@ public class RouterConsoleRunner {
     
     public void startConsole() {
         _server = new Server();
+        WebApplicationContext contexts[] = null;
         try {
             _server.addListener(_listenHost + ':' + _listenPort);
             _server.setRootWebApp("routerconsole");
-            _server.addWebApplications(_webAppsDir);
+            contexts = _server.addWebApplications(_webAppsDir);
+            if (contexts != null) {
+                for (int i = 0; i < contexts.length; i++) 
+                    initialize(contexts[i]);
+            }
         } catch (IOException ioe) {
             ioe.printStackTrace();
         }
@@ -39,6 +53,41 @@ public class RouterConsoleRunner {
         }
     }
     
+    private void initialize(WebApplicationContext context) {
+        String password = getPassword();
+        if (password != null) {
+            HashUserRealm realm = new HashUserRealm();
+            realm.put("admin", password);
+            realm.addUserToRole("admin", "routerAdmin");
+            context.setRealm(realm);
+            context.addHandler(0, new SecurityHandler());
+            SecurityConstraint constraint = new SecurityConstraint("admin", "routerAdmin");
+            constraint.setAuthenticate(true);
+            context.addSecurityConstraint("/", constraint);
+        }
+    }
+    
+    private String getPassword() {
+        List contexts = RouterContext.listContexts();
+        if (contexts != null) {
+            for (int i = 0; i < contexts.size(); i++) {
+                RouterContext ctx = (RouterContext)contexts.get(i);
+                String password = ctx.getProperty("consolePassword");
+                if (password != null) {
+                    password = password.trim();
+                    if (password.length() > 0) {
+                        return password;
+                    }
+                }
+            }
+            // no password in any context
+            return null;
+        } else {
+            // no contexts?!
+            return null;
+        }
+    }
+    
     public void stopConsole() {
         try {
             _server.stop();
diff --git a/installer/java/src/router.config.template b/installer/java/src/router.config.template
index 5ddb71c78f..a2de6049c0 100644
--- a/installer/java/src/router.config.template
+++ b/installer/java/src/router.config.template
@@ -160,6 +160,15 @@ clientApp.2.args=-nocli -e "config localhost ##_router_i2cp_port##" -e "httpclie
 #clientApp.3.main=net.i2p.router.web.RouterConsoleRunner
 #clientApp.3.name=webConsole
 #clientApp.3.args=7657 127.0.0.1 ./webapps/
+#clientApp.3.onBoot=true
+
+# To require simple HTTP authentication for accessing any of the pages underneath the web console
+# (including any other webapps deployed), uncomment the following line and set the password
+# accordingly (the username is 'admin').  If the following is commented out, or is blank, then
+# no password will be required, and anyone will be able to access your router console (and change 
+# settings, etc).  This is only used for the new jetty console (started in clientApp.3.* above)
+#
+#consolePassword=fooBarBaz
 
 # Network monitor (harvests data from the network database and stores it under 
 # monitorData/, and with the netviewer GUI you can browse through its results)
-- 
GitLab