Add basic auth

src/components/WebServer/Middleware/BasicAuthMiddleware.bs

@@ -0,0 +1,53 @@
+namespace Http
+
+    class BasicAuthMiddleware extends HttpRouter
+        public Username = "playlet"
+        public Password = "1234"
+
+        function new()
+            super()
+
+            m.All("*", function(context as object) as boolean
+                router = context.router
+                request = context.request
+                response = context.response
+
+                if not router.IsAuthorized(request, router)
+                    response.headers["WWW-Authenticate"] = `Basic realm="Playlet web app"`
+                    response.Default(401, "Unauthorized")
+                    return true
+                end if
+
+                return false
+            end function)
+        end function
+
+        function IsAuthorized(request as HttpRequest, router as HttpRouter) as boolean
+            authHeader = request.headers["Authorization"]
+            if authHeader = invalid
+                return false
+            end if
+
+            if not authHeader.StartsWith("Basic ")
+                return false
+            end if
+
+            encoded = authHeader.Mid(6)
+
+            buffer = createObject("roByteArray")
+            buffer.FromBase64String(encoded)
+
+            decoded = buffer.ToAsciiString()
+
+            components = decoded.Tokenize(":")
+
+            if components.Count() = 2
+                return components[0] = router.Username and components[1] = router.Password
+            end if
+
+            return false
+        end function
+
+    end class
+
+end namespace

src/components/WebServer/Task/WebServerTask.bs

@@ -7,6 +7,9 @@ import "pkg:/components/WebServer/Middleware/RegistryApiRouter.bs"
 import "pkg:/components/WebServer/Middleware/StateApiRouter.bs"
 import "pkg:/components/WebServer/Middleware/CommandsApiRouter.bs"
 import "pkg:/components/WebServer/Middleware/CorsMiddleware.bs"
+import "pkg:/components/WebServer/Middleware/BasicAuthMiddleware.bs"
+
+#const WEB_SERVER_BASIC_AUTH = false
 
 function Init()
     m.top.functionName = "WebServerLoop"
@@ -32,9 +35,12 @@ function WebServerLoop()
     m.server.UseRouter(homeRouter)
     m.server.UseRouter(new Http.CommandsApiRouter())
     m.server.UseRouter(new Http.StateApiRouter())
-    m.server.UseRouter(new Http.RegistryApiRouter())
     m.server.UseRouter(new Http.InvidiousRouter())
     m.server.UseRouter(new Http.HttpStaticFilesRouter(m.settings.WwwRoot))
+    #if WEB_SERVER_BASIC_AUTH
+        m.server.UseRouter(new Http.BasicAuthMiddleware())
+    #end if
+    m.server.UseRouter(new Http.RegistryApiRouter())
     m.server.UseRouter(new Http.HttpDefaultRouter())
 
     timeout = m.settings.Timeout

src/source/utils/WebUtils.bs

@@ -118,7 +118,7 @@ namespace WebUtils
         if hcm = invalid
             hcm = { n200: "OK", n206: "Partial Content" }
             hcm.append({ n301: "Moved Permanently", n304: "Not Modified" })
-            hcm.append({ n400: "Bad Request", n403: "Forbidden", n404: "Not Found", n413: "Request Entity Too Large" })
+            hcm.append({ n400: "Bad Request", n401: "Unauthorized", n403: "Forbidden", n404: "Not Found", n413: "Request Entity Too Large" })
             hcm.append({ n500: "Internal Server Error", n501: "Not Implemented" })
             m.HttpTitles = hcm
         end if