Generic basic auth Authorization header field parser for whatever.
This is a Node.js module available through the npm registry. Installation is done using the npm install command:
$ npm install basic-auth varauth=require('basic-auth')Get the basic auth credentials from the given request. The Authorization header is parsed and if the header is invalid, undefined is returned, otherwise an object with name and pass properties.
Parse a basic auth authorization header string. This will return an object with name and pass properties, or undefined if the string is invalid.
Pass a Node.js request object to the module export. If parsing fails undefined is returned, otherwise an object with .name and .pass.
varauth=require('basic-auth')varuser=auth(req)// =>{name: 'something', pass: 'whatever' }A header string from any other location can also be parsed with auth.parse, for example a Proxy-Authorization header:
varauth=require('basic-auth')varuser=auth.parse(req.getHeader('Proxy-Authorization'))varhttp=require('http')varauth=require('basic-auth')varcompare=require('tsscmp')// Create servervarserver=http.createServer(function(req,res){varcredentials=auth(req)// Check credentials// The "check" function will typically be against your user storeif(!credentials||!check(credentials.name,credentials.pass)){res.statusCode=401res.setHeader('WWW-Authenticate','Basic realm="example"')res.end('Access denied')}else{res.end('Access granted')}})// Basic function to validate credentials for examplefunctioncheck(name,pass){varvalid=true// Simple method to prevent short-circuit and use timing-safe comparevalid=compare(name,'john')&&validvalid=compare(pass,'secret')&&validreturnvalid}// Listenserver.listen(3000)
