Exposing req object in custom auth function about http-auth HOT 8 CLOSED

An alternative would be to check what is being passed back into the callback. If it's a custom object, it should use that for req.user, instead of the default username string which it uses right now. If it's true/false, just continue with how you've implemented it right now.

from http-auth.

Hey,

I was wondering if you could do this after authentication callback processing.
Something like this:

// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
    realm: "Simon Area.",
    file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});

// Application setup.
var app = express();
app.use(auth.connect(basic));
app.use(function (req, res, next) {
  // After authentication you have proper req.user (skipped or not)
  // Feel free to change it anyway you want
  // e.g. req.user = {'some': 'superObject', 'that': 'youNeed'};
  ...
  // Do not forget to call next.
  next();
});

// Setup route.
app.get('/', function(req, res){
  res.send("Hello from express - " + req.user + "!");
});

Or if you don't use express you can organize it with native node.js http module as well, just after authentication already is processed. Will it work for you?

from http-auth.

I'm using Express, yeah. But I only need this for 1 specific route, not throughout the whole API. This is what my specific router currently looks like:

var router = express.Router();

    var basic = Auth.basic({
        realm: "Secure area",
        skipUser: true
    }, basicAuth);

    router.post("/authenticate_session", Auth.connect(basic), doAuthenticate);

    app.use("/api/v1", router);

Can I modify your above code to work specifically just for the router object?

from http-auth.

Great! Then I think you can use routing mechanism that expressjs provides:

var cb0 = function (req, res, next) {
  console.log('CB0');
  next();
}

var cb1 = function (req, res, next) {
  console.log('CB1');
  next();
}

app.get('/example/d', [cb0, cb1], function (req, res, next) {
  console.log('the response will be sent by the next function ...');
  next();
}, function (req, res) {
  res.send('Hello from D!');
});

instead of cb0 use Auth.connect(basic) and instead of cb1 use something like this:

function (req, res, next) {
  // After authentication you have proper req.user (skipped or not)
  // Feel free to change it anyway you want
  // e.g. req.user = {'some': 'superObject', 'that': 'youNeed'};
  ...
  // Do not forget to call next.
  next();
}

Does it help?

from http-auth.

Ah okay, I didn't know I could pass in an array for the second parameter! Good to know!

However, I still have a problem. I'm not strictly using basic auth, I'm using a slightly modified version of it to suit my project's needs. The username/password are custom tokens that mean something to my backend. I do quite a bit of custom logic inside the Auth.connect(basic) function that gets called. I need both the username and password to reconstruct everything.

But that would mean I would be calling the same logic twice for no real reason, which isn't ideal for me to be honest. I do quite a bit of hashing/decrypting inside of it.

It would be better for me if either the callback() accepted a custom object OR if the custom authenticate function was expanded to include the req object.

from http-auth.

Well...In that case I would recommend you to use something like passportjs. http-auth does http basic/digest authentication not more or less.

from http-auth.

Ok, thanks anyway.

from http-auth.

In 6f988b9 a custom user object was added. If anyone is looking for it, this is how you can use it:

var basic = auth.basic({
  realm: 'Simon Area'
}, (username, password, callback) => {

  // check your authorization and store the boolean in isAuthorized

  // fetch your custom user object as customUser

  // call the callback like this:
  callback(isAuthorized, customUser);

  // req.user will now contain customUser
});

from http-auth.