Comments (8)
An alternative would be to check what is being passed back into the callback. If it's a custom object, it should use that for req.user, instead of the default username string which it uses right now. If it's true/false, just continue with how you've implemented it right now.
from http-auth.
Hey,
I was wondering if you could do this after authentication callback processing.
Something like this:
// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
realm: "Simon Area.",
file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});
// Application setup.
var app = express();
app.use(auth.connect(basic));
app.use(function (req, res, next) {
// After authentication you have proper req.user (skipped or not)
// Feel free to change it anyway you want
// e.g. req.user = {'some': 'superObject', 'that': 'youNeed'};
...
// Do not forget to call next.
next();
});
// Setup route.
app.get('/', function(req, res){
res.send("Hello from express - " + req.user + "!");
});
Or if you don't use express you can organize it with native node.js http module as well, just after authentication already is processed. Will it work for you?
from http-auth.
I'm using Express, yeah. But I only need this for 1 specific route, not throughout the whole API. This is what my specific router currently looks like:
var router = express.Router();
var basic = Auth.basic({
realm: "Secure area",
skipUser: true
}, basicAuth);
router.post("/authenticate_session", Auth.connect(basic), doAuthenticate);
app.use("/api/v1", router);
Can I modify your above code to work specifically just for the router object?
from http-auth.
Great! Then I think you can use routing mechanism that expressjs provides:
var cb0 = function (req, res, next) {
console.log('CB0');
next();
}
var cb1 = function (req, res, next) {
console.log('CB1');
next();
}
app.get('/example/d', [cb0, cb1], function (req, res, next) {
console.log('the response will be sent by the next function ...');
next();
}, function (req, res) {
res.send('Hello from D!');
});
instead of cb0 use Auth.connect(basic) and instead of cb1 use something like this:
function (req, res, next) {
// After authentication you have proper req.user (skipped or not)
// Feel free to change it anyway you want
// e.g. req.user = {'some': 'superObject', 'that': 'youNeed'};
...
// Do not forget to call next.
next();
}
Does it help?
from http-auth.
Ah okay, I didn't know I could pass in an array for the second parameter! Good to know!
However, I still have a problem. I'm not strictly using basic auth, I'm using a slightly modified version of it to suit my project's needs. The username/password are custom tokens that mean something to my backend. I do quite a bit of custom logic inside the Auth.connect(basic) function that gets called. I need both the username and password to reconstruct everything.
But that would mean I would be calling the same logic twice for no real reason, which isn't ideal for me to be honest. I do quite a bit of hashing/decrypting inside of it.
It would be better for me if either the callback() accepted a custom object OR if the custom authenticate function was expanded to include the req object.
from http-auth.
Well...In that case I would recommend you to use something like passportjs. http-auth does http basic/digest authentication not more or less.
from http-auth.
Ok, thanks anyway.
from http-auth.
In 6f988b9 a custom user object was added. If anyone is looking for it, this is how you can use it:
var basic = auth.basic({
realm: 'Simon Area'
}, (username, password, callback) => {
// check your authorization and store the boolean in isAuthorized
// fetch your custom user object as customUser
// call the callback like this:
callback(isAuthorized, customUser);
// req.user will now contain customUser
});
from http-auth.
Related Issues (20)
- Add support Safari HOT 1
- how to use next or done in basic.check()? HOT 3
- Add ability to pass users array if file is not specified. HOT 1
- Loading linux musl addon Error: Cannot find module '@node-rs/bcrypt-linux-musl' HOT 1
- How to use htdigest method
- Usage of @node-rs/bcrypt results in crash when webpack is used HOT 3
- update uuid version to v7 later
- The `self = this` lines are not needed.
- The parser for the βBasicβ scheme is not RFC-compliant.
- How to handle `upgrade-insecure-requests` ? HOT 2
- Exclude a given network or IP from authentication HOT 1
- hapi 17 support HOT 1
- (express) Doesn't work with static content HOT 1
- typescript declaration file HOT 5
- Digest not working HOT 1
- Add documentation for digest usage HOT 5
- Koa@Next example not working HOT 6
- Replay is possible in digest notification HOT 2
- auth-scheme is supposed to be case-insensitive per RFC HOT 1
- Expressjs auth.connect does not work anymore HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from http-auth.