Generic basic auth Authorization header field parser for whatever.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
$ npm install basic-auth
js
var auth = require('basic-auth')
Get the basic auth credentials from the given request. The Authorization
header is parsed and if the header is invalid, undefined is returned,
otherwise an object with name and pass properties.
Parse a basic auth authorization header string. This will return an object
with name and pass properties, or undefined if the string is invalid.
Pass a Node.js request object to the module export. If parsing fails
undefined is returned, otherwise an object with .name and .pass.
js
var auth = require('basic-auth')
var user = auth(req)
// => { name: 'something', pass: 'whatever' }
A header string from any other location can also be parsed with
auth.parse, for example a Proxy-Authorization header:
js
var auth = require('basic-auth')
var user = auth.parse(req.getHeader('Proxy-Authorization'))
```js var http = require('http') var auth = require('basic-auth') var compare = require('tsscmp')
// Create server var server = http.createServer(function (req, res) { var credentials = auth(req)
// Check credentials // The "check" function will typically be against your user store if (!credentials || !check(credentials.name, credentials.pass)) { res.statusCode = 401 res.setHeader('WWW-Authenticate', 'Basic realm="example"') res.end('Access denied') } else { res.end('Access granted') } })
// Basic function to validate credentials for example function check (name, pass) { var valid = true
// Simple method to prevent short-circut and use timing-safe compare valid = compare(name, 'john') && valid valid = compare(pass, 'secret') && valid
return valid }
// Listen server.listen(3000) ```