From dbc203fa443ba9546f0d8490e9d7a4c24e729976 Mon Sep 17 00:00:00 2001
From: Bilal Catic <bilal.catic@hotmail.com>
Date: Fri, 24 May 2019 10:37:42 +0200
Subject: [PATCH] add password protection

---
 package-lock.json | 16 ++++++++++++++++
 package.json      |  1 +
 server.js         | 19 +++++++++++++++++++
 3 files changed, 36 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index 5a67ff8..d89fbdc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -188,6 +188,14 @@
         }
       }
     },
+    "basic-auth": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
+      "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
+      "requires": {
+        "safe-buffer": "5.1.2"
+      }
+    },
     "binary-extensions": {
       "version": "1.13.1",
       "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.13.1.tgz",
@@ -878,6 +886,14 @@
         }
       }
     },
+    "express-basic-auth": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/express-basic-auth/-/express-basic-auth-1.2.0.tgz",
+      "integrity": "sha512-iJ0h1Gk6fZRrFmO7tP9nIbxwNgCUJASfNj5fb0Hy15lGtbqqsxpt7609+wq+0XlByZjXmC/rslWQtnuSTVRIcg==",
+      "requires": {
+        "basic-auth": "^2.0.1"
+      }
+    },
     "extend-shallow": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz",
diff --git a/package.json b/package.json
index 90299b0..266a50c 100644
--- a/package.json
+++ b/package.json
@@ -32,6 +32,7 @@
   "homepage": "https://gitlab.com/saburly/psihologija#README",
   "dependencies": {
     "express": "^4.17.0",
+    "express-basic-auth": "^1.2.0",
     "pg": "^7.11.0",
     "sequelize": "^5.8.6",
     "sequelize-cli": "^5.4.0"
diff --git a/server.js b/server.js
index 2a91416..307a53d 100644
--- a/server.js
+++ b/server.js
@@ -1,14 +1,33 @@
 'use strict';
 
 const express = require("express");
+const basicAuth = require('express-basic-auth');
 const path = require('path');
 const routes = require('./routes');
 
 const app = express();
 const port = process.env.PORT || 5000;
 
+function myAuthorizer(username, password) {
+    const userMatches = basicAuth.safeCompare(username, 'senadU');
+    const passwordMatches = basicAuth.safeCompare(password, 'Tulipan*123*');
+
+    return userMatches & passwordMatches
+}
+
+function getUnauthorizedResponse(req) {
+    return 'Forbidden';
+}
 
 app.use('/api', routes);
+app.use(basicAuth({
+    authorizer: myAuthorizer,
+    challenge: true,
+    unauthorizedResponse: getUnauthorizedResponse
+}));
+
+
+
 
 //Static file declaration
 app.use(express.static(path.join(__dirname, 'client/build')));