Allow multiple users for basic HTTP authentication.

httpserver-basicauth.lua

@@ -4,6 +4,16 @@
 
 basicAuth = {}
 
+-- Returns true if the user/password match one of the users/passwords in httpserver-conf.lua.
+-- Returns false otherwise.
+function loginIsValid(user, pwd, users)
+   if user == nil then return false end
+   if pwd == nil then return false end
+   if users[user] == nil then return false end
+   if users[user] ~= pwd then return false end
+   return true
+end
+
 -- Parse basic auth http header.
 -- Returns the username if header contains valid credentials,
 -- nil otherwise.
@@ -15,12 +25,13 @@ function basicAuth.authenticate(header)
    end
    local credentials = dofile("httpserver-b64decode.lc")(credentials_enc)
    local user, pwd = credentials:match("^(.*):(.*)$")
-   if user ~= conf.auth.user or pwd ~= conf.auth.password then
+   if loginIsValid(user, pwd, conf.auth.users) then
+      print("httpserver-basicauth: User \"" .. user .. "\": Authenticated.")
+      return user
+   else
       print("httpserver-basicauth: User \"" .. user .. "\": Access denied.")
       return nil
    end
-   print("httpserver-basicauth: User \"" .. user .. "\": Authenticated.")
-   return user
 end
 
 function basicAuth.authErrorHeader()

httpserver-conf.lua

@@ -6,10 +6,10 @@ local conf = {}
 
 -- Basic Authentication Conf
 local auth = {}
-auth.enabled = false
+auth.enabled = true
 auth.realm = "nodemcu-httpserver" -- displayed in the login dialog users get
-auth.user = "user"
+-- Add users and passwords to this table. Do not leave this unchanged if you enable authentication!
-auth.password = "password" -- PLEASE change this
+auth.users = {user1 = "password1", user2 = "password2", user3 = "password3"}
 conf.auth = auth
 
 return conf