Skip to content

Node.js package for HTTP basic and digest access authentication.

License

Notifications You must be signed in to change notification settings

gevorg/http-auth

Repository files navigation

http-auth

Node.js package for HTTP basic and digest access authentication.

build

Installation

Via git (or downloaded tarball):

$ git clone git@github.com:gevorg/http-auth.git

Via npm:

$ npm install http-auth

Usage

// HTTP module
const http = require("http");

// Authentication module.
const auth = require("http-auth");
const basic = auth.basic({
  realm: "Simon Area.",
  file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass
});

// Creating new HTTP server.
http
  .createServer(
    basic.check((req, res) => {
      res.end(`Welcome to private area - ${req.user}!`);
    })
  )
  .listen(1337, () => {
    // Log URL.
    console.log("Server running at http://127.0.0.1:1337/");
  });

Please check examples directory for more.

Configurations

  • realm - Authentication realm, by default it is Users.
  • file - File where user details are stored.
    • Line format is {user:pass} or {user:passHash} for basic access.
    • Line format is {user:realm:passHash} for digest access.
    • Using a callback, it needs to return the same line format, example: file: () => 'adam:adam\neve:eve',
  • algorithm - Algorithm that will be used only for digest access authentication.
    • MD5 by default.
    • MD5-sess can be set.
  • qop - Quality of protection that is used only for digest access authentication.
    • auth is set by default.
    • none this option is disabling protection.
  • msg401 - Message for failed authentication 401 page.
  • msg407 - Message for failed authentication 407 page.
  • contentType - Content type for failed authentication page.
  • skipUser - Set this to true, if you don't want req.user to be filled with authentication info.
  • proxy - Set this to true, if you want to use it with http-proxy.

Running tests

It uses mocha, so just run following command in package directory:

$ npm test

Questions

You can also use stackoverflow to ask questions using http-auth tag.

Utilities

  • htpasswd - Node.js package for HTTP Basic Authentication password file utility.
  • htdigest - Node.js package for HTTP Digest Authentication password file utility.

Integrations

Please check this link for integration packages.

License

The MIT License (MIT)