CODEWITHSUNDEEP
javascriptnode.jsbasic-authenticationrestify
Nico
Nico

Reputation: 1081

basic authentication with Node.js and restify

I'm currently developing a RESTful web service with NodeJS and restify.

I have everything up and running with node-mysql for the database, but I also would like to implement HTTP Basic authentication.

I only did this once with Apache and an .htaccess file.

But here the webserver comes with restify and I start it like this:

var server = restify.createServer({
  name: 'my webservice'
});

There is a Authentication Parser Plugin listed in the restify documentation (http://mcavage.me/node-restify/#Bundled-Plugins) but I can't figure out how to use it.

The req.username value is always set to anonymous, even when I use http://user:pass@url....

The best thing would be if I could use it with a .htpasswd file to store/access the user and pass.

Does anyone know how to implement this with restify or another module?

Upvotes: 6

Views: 5959

Answers (4)

Nico
Nico

Reputation: 1081

Finally I found a way to do it without any additional modules.

First I send the correkt header:

var auth = req.headers['authorization'];
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
res.end('need creds');

Then I check the user and pass and if its ok then send the correct status code

res.statusCode = 200;  // OK

If the password is not correct:

  res.statusCode = 401; // Force them to retry authentication
  res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
  res.end('<html><body>You shall not pass</body></html>');

This works pretty well. I only have some trouble to read the .htpasswd and the crypted password. Does anyone know how I can check a plain password against a .htpasswd file?

Upvotes: 6

gtsouk
gtsouk

Reputation: 5263

With express you can do something like this:

var auth = express.basicAuth(function(user, pass) {
    return (user == "admin" && pass == "1234");
},'Super duper secret area');

app.get('/test', auth, function(req, res){
    ...
});

expressjs.com

Upvotes: -4

Hogan
Hogan

Reputation: 70513

The req.username value is always set to anonymous, even when I use http: //user:pass@url....

The documentation seems to suggest that it expects the credentials in the header not in the url, you might need to use Curl or some other tool besides a browser to make headers with authorization headers.

Upvotes: 0

Lukas S.
Lukas S.

Reputation: 5758

Have a look at Passport.js. It supports Basic HTTP as one of the authentication schemes.

Upvotes: 1

Related Questions