basic-auth
node.js basic auth parser
Last updated 2 years ago by dougwilson .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install basic-auth 
SYNC missed versions from official npm registry.

basic-auth

NPM Version NPM Downloads Node.js Version Build Status Test Coverage

Generic basic auth Authorization header field parser for whatever.

Installation

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

$ npm install basic-auth

API

var auth = require('basic-auth')

auth(req)

Get the basic auth credentials from the given request. The Authorization header is parsed and if the header is invalid, undefined is returned, otherwise an object with name and pass properties.

auth.parse(string)

Parse a basic auth authorization header string. This will return an object with name and pass properties, or undefined if the string is invalid.

Example

Pass a Node.js request object to the module export. If parsing fails undefined is returned, otherwise an object with .name and .pass.

var auth = require('basic-auth')
var user = auth(req)
// => { name: 'something', pass: 'whatever' }

A header string from any other location can also be parsed with auth.parse, for example a Proxy-Authorization header:

var auth = require('basic-auth')
var user = auth.parse(req.getHeader('Proxy-Authorization'))

With vanilla node.js http server

var http = require('http')
var auth = require('basic-auth')
var compare = require('tsscmp')

// Create server
var server = http.createServer(function (req, res) {
  var credentials = auth(req)

  // Check credentials
  // The "check" function will typically be against your user store
  if (!credentials || !check(credentials.name, credentials.pass)) {
    res.statusCode = 401
    res.setHeader('WWW-Authenticate', 'Basic realm="example"')
    res.end('Access denied')
  } else {
    res.end('Access granted')
  }
})

// Basic function to validate credentials for example
function check (name, pass) {
  var valid = true

  // Simple method to prevent short-circut and use timing-safe compare
  valid = compare(name, 'john') && valid
  valid = compare(pass, 'secret') && valid

  return valid
}

// Listen
server.listen(3000)

License

MIT

Current Tags

  • 2.0.1                                ...           latest (2 years ago)

9 Versions

  • 2.0.1                                ...           2 years ago
  • 2.0.0                                ...           3 years ago
  • 1.1.0                                ...           4 years ago
  • 1.0.4                                ...           4 years ago
  • 1.0.3                                ...           5 years ago
  • 1.0.2                                ...           5 years ago
  • 1.0.1                                ...           5 years ago
  • 1.0.0                                ...           6 years ago
  • 0.0.1                                ...           7 years ago
Downloads
Today 1,350
This Week 30,985
This Month 53,722
Last Day 2,515
Last Week 35,784
Last Month 120,534
Dependencies (1)
Dependents (794)

Copyright 2014 - 2016 © taobao.org |