Add basic authentication to non-GET requests and update library management features

- Integrated express-basic-auth middleware in index.js to secure non-GET routes with basic authentication. - Updated libraryManager.py to use HTTPBasicAuth for API requests, enhancing security for book management operations. - Modified public/index.html to improve the user interface with a new search feature and dynamic book table. - Removed obsolete public/library.html file to streamline the project structure. - Updated package.json and package-lock.json to include express-basic-auth as a new dependency.
2024-12-11 10:01:51 -05:00
parent 3de9f3d8ee
commit a2a485dd8e
10 changed files with 283 additions and 176 deletions
--- a/index.js
+++ b/index.js
@@ -7,6 +7,7 @@ const sqlite3 = require('sqlite3').verbose();
 const bodyParser = require('body-parser');
 const nodemailer = require('nodemailer'); // Add nodemailer for sending emails
 const rateLimit = require('express-rate-limit'); // Ensure this line is present
+const basicAuth = require('express-basic-auth'); // Add express-basic-auth

 const library = require('./library');
 const {
@@ -38,6 +39,21 @@ app.use(express.json()); // Use built-in body-parser for JSON
 // Serve static files from the 'public' directory
 app.use(express.static(path.join(__dirname, 'public')));

+// Basic Auth middleware
+const authMiddleware = basicAuth({
+    users: { 'admin': process.env.ADMIN_PASSWORD }, // Use environment variable for password
+    challenge: true,
+    unauthorizedResponse: (req) => 'Unauthorized'
+});
+
+// Apply auth middleware to all non-GET requests
+app.use((req, res, next) => {
+    if (req.method !== 'GET') {
+        return authMiddleware(req, res, next);
+    }
+    next();
+});
+
 app.get('/book/:isbn', async (req, res) => {
    const { isbn } = req.params;
    console.log(`Fetching book data for ISBN: ${isbn}`);