|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 |
- # basic-auth
-
- [![NPM Version][npm-image]][npm-url]
- [![NPM Downloads][downloads-image]][downloads-url]
- [![Node.js Version][node-version-image]][node-version-url]
- [![Build Status][travis-image]][travis-url]
- [![Test Coverage][coveralls-image]][coveralls-url]
-
- Generic basic auth Authorization header field parser for whatever.
-
- ## Installation
-
- This is a [Node.js](https://nodejs.org/en/) module available through the
- [npm registry](https://www.npmjs.com/). Installation is done using the
- [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
- ```
- $ npm install basic-auth
- ```
-
- ## API
-
- <!-- eslint-disable no-unused-vars -->
-
- ```js
- var auth = require('basic-auth')
- ```
-
- ### auth(req)
-
- Get the basic auth credentials from the given request. The `Authorization`
- header is parsed and if the header is invalid, `undefined` is returned,
- otherwise an object with `name` and `pass` properties.
-
- ### auth.parse(string)
-
- Parse a basic auth authorization header string. This will return an object
- with `name` and `pass` properties, or `undefined` if the string is invalid.
-
- ## Example
-
- Pass a Node.js request object to the module export. If parsing fails
- `undefined` is returned, otherwise an object with `.name` and `.pass`.
-
- <!-- eslint-disable no-unused-vars, no-undef -->
-
- ```js
- var auth = require('basic-auth')
- var user = auth(req)
- // => { name: 'something', pass: 'whatever' }
- ```
-
- A header string from any other location can also be parsed with
- `auth.parse`, for example a `Proxy-Authorization` header:
-
- <!-- eslint-disable no-unused-vars, no-undef -->
-
- ```js
- var auth = require('basic-auth')
- var user = auth.parse(req.getHeader('Proxy-Authorization'))
- ```
-
- ### With vanilla node.js http server
-
- ```js
- var http = require('http')
- var auth = require('basic-auth')
- var compare = require('tsscmp')
-
- // Create server
- var server = http.createServer(function (req, res) {
- var credentials = auth(req)
-
- // Check credentials
- // The "check" function will typically be against your user store
- if (!credentials || !check(credentials.name, credentials.pass)) {
- res.statusCode = 401
- res.setHeader('WWW-Authenticate', 'Basic realm="example"')
- res.end('Access denied')
- } else {
- res.end('Access granted')
- }
- })
-
- // Basic function to validate credentials for example
- function check (name, pass) {
- var valid = true
-
- // Simple method to prevent short-circut and use timing-safe compare
- valid = compare(name, 'john') && valid
- valid = compare(pass, 'secret') && valid
-
- return valid
- }
-
- // Listen
- server.listen(3000)
- ```
-
- # License
-
- [MIT](LICENSE)
-
- [coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/basic-auth/master
- [coveralls-url]: https://coveralls.io/r/jshttp/basic-auth?branch=master
- [downloads-image]: https://badgen.net/npm/dm/basic-auth
- [downloads-url]: https://npmjs.org/package/basic-auth
- [node-version-image]: https://badgen.net/npm/node/basic-auth
- [node-version-url]: https://nodejs.org/en/download
- [npm-image]: https://badgen.net/npm/v/basic-auth
- [npm-url]: https://npmjs.org/package/basic-auth
- [travis-image]: https://badgen.net/travis/jshttp/basic-auth/master
- [travis-url]: https://travis-ci.org/jshttp/basic-auth
|
