Add optional password protection

README.md

@@ -56,6 +56,9 @@ BTCEXP_IPSTACK_KEY = 0000aaaafffffgggggg
 BTCEXP_COOKIE_SECRET = 0x000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f
 ```
 
+You may enable password protection by setting `BTCEXP_LOGIN=<password>`.
+Authenticating is done with http basic auth, using the selected password and an empty (or any) username.
+
 ## Run via Docker
 
 1. `docker build -t btc-rpc-explorer .`

app.js

@@ -27,6 +27,7 @@ var fs = require('fs');
 var electrumApi = require("./app/api/electrumApi.js");
 var Influx = require("influx");
 var coreApi = require("./app/api/coreApi.js");
+var auth = require('./app/auth.js');
 
 var crawlerBotUserAgentStrings = [ "Googlebot", "Bingbot", "Slurp", "DuckDuckBot", "Baiduspider", "YandexBot", "Sogou", "Exabot", "facebot", "ia_archiver" ];
 
@@ -46,6 +47,12 @@ app.engine('pug', (path, options, fn) => {
 
 app.set('view engine', 'pug');
 
+// basic http authentication
+if (process.env.BTCEXP_LOGIN) {
+	app.disable('x-powered-by');
+	app.use(auth(process.env.BTCEXP_LOGIN));
+}
+
 // uncomment after placing your favicon in /public
 //app.use(favicon(__dirname + '/public/favicon.ico'));
 app.use(logger('dev'));

app/auth.js

@@ -0,0 +1,11 @@
+var basicAuth = require('basic-auth');
+
+module.exports = pass => (req, res, next) => {
+	var cred = basicAuth(req);
+
+	if (cred && cred.pass === pass)
+		return next();
+
+	res.set('WWW-Authenticate', `Basic realm="Private Area"`)
+		.sendStatus(401);
+}

bin/cli.js

@@ -6,6 +6,7 @@ const args = require('meow')(`
 
     Options
       -p, --port <port>            port to bind http server [default: 3002]
+      -l, --login <password>       protect web interface with a password [default: no password]
       --coin <coin>                crypto-coin to enable [default: BTC]
 
       -H, --bitcoind-host <host>   hostname for bitcoind rpc [default: 127.0.0.1]
@@ -27,9 +28,9 @@ const args = require('meow')(`
       --influxdb-pass <pass>       password for influxdb [default: admin]
       --influxdb-dbname <db>       database name for influxdb [default: influxdb]
 
-      -e, --node-env <env>      nodejs environment mode [default: production]
-      -h, --help                output usage information
-      -v, --version             output version number
+      -e, --node-env <env>         nodejs environment mode [default: production]
+      -h, --help                   output usage information
+      -v, --version                output version number
 
     Example
       $ btc-rpc-explorer --port 8080 --bitcoind-port 18443 --bitcoind-cookie ~/.bitcoin/regtest/.cookie
@@ -38,10 +39,10 @@ const args = require('meow')(`
     All options may also be specified as environment variables:
       $ BTCEXP_PORT=8080 BTCEXP_BITCOIND_PORT=18443 BTCEXP_BITCOIND_COOKIE=~/.bitcoin/regtest/.cookie btc-rpc-explorer
 
-`, { flags: { port: {alias:'p'}, enableInfluxdb: {type:'boolean'}, nodeEnv: {alias:'e', default:'production'}
+`, { flags: { port: {alias:'p'}, login: {alias:'l'}
             , bitcoindHost: {alias:'H'}, bitcoindPort: {alias:'P'}, bitcoindCookie: {alias:'c'}
             , bitcoindUser: {alias:'u'}, bitcoindPass: {alias:'w'}
-            , demo: {type:'boolean'}
+            , demo: {type:'boolean'}, enableInfluxdb: {type:'boolean'}, nodeEnv: {alias:'e', default:'production'}
             } }
 ).flags;
 

package.json

@@ -22,6 +22,7 @@
     "url": "git+https://github.com/janoside/btc-rpc-explorer.git"
   },
   "dependencies": {
+    "basic-auth": "^2.0.1",
     "bitcoin-core": "2.0.0",
     "bitcoinjs-lib": "3.3.2",
     "body-parser": "~1.18.2",