You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

114 lines
3.1 KiB
Markdown

6 years ago
# basic-auth
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Node.js Version][node-version-image]][node-version-url]
[![Build Status][travis-image]][travis-url]
[![Test Coverage][coveralls-image]][coveralls-url]
Generic basic auth Authorization header field parser for whatever.
## Installation
This is a [Node.js](https://nodejs.org/en/) module available through the
[npm registry](https://www.npmjs.com/). Installation is done using the
[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
```
$ npm install basic-auth
```
## API
<!-- eslint-disable no-unused-vars -->
```js
var auth = require('basic-auth')
```
### auth(req)
Get the basic auth credentials from the given request. The `Authorization`
header is parsed and if the header is invalid, `undefined` is returned,
otherwise an object with `name` and `pass` properties.
### auth.parse(string)
Parse a basic auth authorization header string. This will return an object
with `name` and `pass` properties, or `undefined` if the string is invalid.
## Example
Pass a Node.js request object to the module export. If parsing fails
`undefined` is returned, otherwise an object with `.name` and `.pass`.
<!-- eslint-disable no-unused-vars, no-undef -->
```js
var auth = require('basic-auth')
var user = auth(req)
// => { name: 'something', pass: 'whatever' }
```
A header string from any other location can also be parsed with
`auth.parse`, for example a `Proxy-Authorization` header:
<!-- eslint-disable no-unused-vars, no-undef -->
```js
var auth = require('basic-auth')
var user = auth.parse(req.getHeader('Proxy-Authorization'))
```
### With vanilla node.js http server
```js
var http = require('http')
var auth = require('basic-auth')
var compare = require('tsscmp')
// Create server
var server = http.createServer(function (req, res) {
var credentials = auth(req)
// Check credentials
// The "check" function will typically be against your user store
if (!credentials || !check(credentials.name, credentials.pass)) {
res.statusCode = 401
res.setHeader('WWW-Authenticate', 'Basic realm="example"')
res.end('Access denied')
} else {
res.end('Access granted')
}
})
// Basic function to validate credentials for example
function check (name, pass) {
var valid = true
// Simple method to prevent short-circut and use timing-safe compare
valid = compare(name, 'john') && valid
valid = compare(pass, 'secret') && valid
return valid
}
// Listen
server.listen(3000)
```
# License
[MIT](LICENSE)
[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/basic-auth/master
[coveralls-url]: https://coveralls.io/r/jshttp/basic-auth?branch=master
[downloads-image]: https://badgen.net/npm/dm/basic-auth
[downloads-url]: https://npmjs.org/package/basic-auth
[node-version-image]: https://badgen.net/npm/node/basic-auth
[node-version-url]: https://nodejs.org/en/download
[npm-image]: https://badgen.net/npm/v/basic-auth
[npm-url]: https://npmjs.org/package/basic-auth
[travis-image]: https://badgen.net/travis/jshttp/basic-auth/master
[travis-url]: https://travis-ci.org/jshttp/basic-auth