From e02d94ad2f668c3a13efda64f6457b2be1cf6237 Mon Sep 17 00:00:00 2001
From: Anmol Sethi <hi@nhooyr.io>
Date: Sun, 10 May 2020 02:35:15 -0400
Subject: [PATCH] Allow password authentication in the config file

---
 src/node/cli.ts   |  7 ++++++-
 src/node/entry.ts | 11 ++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/node/cli.ts b/src/node/cli.ts
index 34eaf2e52..f2b6de1fa 100644
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -23,6 +23,7 @@ export class OptionalString extends Optional<string> {}
 export interface Args extends VsArgs {
   readonly config?: string
   readonly auth?: AuthType
+  readonly password?: string
   readonly cert?: OptionalString
   readonly "cert-key"?: string
   readonly "disable-telemetry"?: boolean
@@ -83,6 +84,7 @@ type Options<T> = {
 
 const options: Options<Required<Args>> = {
   auth: { type: AuthType, description: "The type of authentication to use." },
+  password: { type: "string", description: "The password for password authentication." },
   cert: {
     type: OptionalString,
     path: true,
@@ -96,7 +98,10 @@ const options: Options<Required<Args>> = {
 
   "bind-addr": { type: "string", description: "Address to bind to in host:port." },
 
-  config: { type: "string", description: "Path to yaml config file." },
+  config: {
+    type: "string",
+    description: "Path to yaml config file. Every flag maps directory to a key in the config file.",
+  },
 
   // These two have been deprecated by bindAddr.
   host: { type: "string", description: "" },
diff --git a/src/node/entry.ts b/src/node/entry.ts
index fce92dce2..8ff9463a8 100644
--- a/src/node/entry.ts
+++ b/src/node/entry.ts
@@ -40,7 +40,8 @@ const main = async (args: Args): Promise<void> => {
   }
 
   const auth = args.auth || AuthType.Password
-  const originalPassword = auth === AuthType.Password && (process.env.PASSWORD || (await generatePassword()))
+  const generatedPassword = (args.password || process.env.PASSWORD) !== ""
+  const password = auth === AuthType.Password && (args.password || process.env.PASSWORD || (await generatePassword()))
 
   let host = args.host
   let port = args.port
@@ -55,7 +56,7 @@ const main = async (args: Args): Promise<void> => {
     auth,
     commit,
     host: host || (args.auth === AuthType.Password && args.cert !== undefined ? "0.0.0.0" : "localhost"),
-    password: originalPassword ? hash(originalPassword) : undefined,
+    password: password ? hash(password) : undefined,
     port: port !== undefined ? port : process.env.PORT ? parseInt(process.env.PORT, 10) : 8080,
     proxyDomains: args["proxy-domain"],
     socket: args.socket,
@@ -86,9 +87,9 @@ const main = async (args: Args): Promise<void> => {
   const serverAddress = await httpServer.listen()
   logger.info(`HTTP server listening on ${serverAddress}`)
 
-  if (auth === AuthType.Password && !process.env.PASSWORD) {
-    logger.info(`  - Password is ${originalPassword}`)
-    logger.info("    - To use your own password set the PASSWORD environment variable")
+  if (auth === AuthType.Password && generatedPassword) {
+    logger.info(`  - Password is ${password}`)
+    logger.info("    - To use your own password set it in the config file with the password key or use $PASSWORD")
     if (!args.auth) {
       logger.info("    - To disable use `--auth none`")
     }