◐ Shell
clean mode source ↗

GitHub - jshttp/basic-auth: Generic basic auth Authorization header field parser

NPM Version NPM Downloads Node.js Version Build Status Coverage Status

Generic basic auth Authorization header field parser for whatever.

Installation

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

API

const { parse } = require('basic-auth');

parse(string)

Parse a basic auth authorization header string. This will return an object with name and pass properties, or undefined if the string is invalid.

format(credentials)

Format a credentials object with name and pass properties as a basic auth authorization header string.

Example

Pass a Basic auth header to the parse() method. If parsing fails undefined is returned, otherwise an object with .name and .pass.

const { parse } = require('basic-auth');
const user = parse(req.headers.authorization);
// => { name: 'something', pass: 'whatever' }

A header string from any other location can also be parsed for example a Proxy-Authorization header:

const { parse } = require('basic-auth');
const user = parse(req.getHeader('Proxy-Authorization'));

A credentials object can be formatted with auth.format as basic auth header string.

const { format } = require('basic-auth');
const credentials = { name: 'foo', pass: 'bar' };
const authHeader = format(credentials);
// => "Basic Zm9vOmJhcg=="

With vanilla node.js http server

const http = require('node:http');
const { parse } = require('basic-auth');
const compare = require('tsscmp');

// Create server
const server = http.createServer(function (req, res) {
  const credentials = parse(req.headers.authorization);

  // Check credentials
  // The "check" function will typically be against your user store
  if (!credentials || !check(credentials.name, credentials.pass)) {
    res.statusCode = 401;
    res.setHeader('WWW-Authenticate', 'Basic realm="example"');
    res.end('Access denied');
  } else {
    res.end('Access granted');
  }
});

// Basic function to validate credentials for example
function check(name, pass) {
  let valid = true;

  // Simple method to prevent short-circuit and use timing-safe compare
  valid = compare(name, 'john') && valid;
  valid = compare(pass, 'secret') && valid;

  return valid;
}

// Listen
server.listen(3000);

License

MIT