Reputation: 153
Node.js http basic auth
Is it possible to do basic auth in Node.js just like in Apache?
http://doc.norang.ca/apache-basic-auth.html
I know that if using Express or Connect I can add middle-ware functionality and do user verification, but I'm trying to restrict the whole area (I don't need to authenticate users from a database just a couple of defined users) - I'm using Ubuntu.
https://github.com/kaero/node-http-digest
That's something I can do, but I'm not sure if "exposing" or directly writing the user and password in the code is secure enough.
Many thanks.
Upvotes: 14
Views: 14894
Answers (4)
Reputation: 5055
I think good choice could be http-auth module
// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
realm: "Simon Area.",
file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});
// Application setup.
var app = express();
app.use(auth.connect(basic));
// Setup route.
app.get('/', function(req, res){
res.send("Hello from express - " + req.user + "!");
});
Upvotes: 3
Reputation: 558
Put this
app.use(express.basicAuth(function(user, pass) {
return user === 'test' && pass === 'test';
}));
before the line to
app.use(app.router);
to protect all routes with http basic auth
Upvotes: 13
Reputation: 1849
Passport provides a clean mechanism to implement basic auth. I use it in my Node.js Express app to protect both my Angularjs-based UI as well as my RESTful API. To get passport up and running in your app do the following:
npm install passport
npm install passport-http (contains "BasicStrategy" object for basic auth)
Open up your app.js and add the following:
var passport = require('passport') var BasicStrategy = require('passport-http').BasicStrategy passport.use(new BasicStrategy( function(username, password, done) { if (username.valueOf() === 'yourusername' && password.valueOf() === 'yourpassword') return done(null, true); else return done(null, false); } )); // Express-specific configuration section // *IMPORTANT* // Note the order of WHERE passport is initialized // in the configure section--it will throw an error // if app.use(passport.initialize()) is called after // app.use(app.router) app.configure(function(){ app.use(express.cookieParser()); app.use(express.session({secret:'123abc',key:'express.sid'})); app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.set('view options', { layout: false }); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.static(__dirname + '/public')); app.use(passport.initialize()); app.use(app.router); app.use(logger); }); // Routes app.get('/', passport.authenticate('basic', { session: false }), routes.index); app.get('/partials/:name', routes.partials); // JSON API app.get('/api/posts', passport.authenticate('basic', { session: false }), api.posts); app.get('/api/post/:id', passport.authenticate('basic', { session: false }), api.post) // --Repeat for every API call you want to protect with basic auth-- app.get('*', passport.authenticate('basic', { session: false }), routes.index);
Upvotes: 18
Reputation: 11094
Have a look at: user authentication libraries for node.js?
It does not answer your question 100% - but maybe it helps.
Upvotes: 3
Related Questions
- Basic HTTP authentication with Node and Express 4
- https request basic authentication node.js
- Basic HTTP authentication in Node.JS?
- nodeJs basic authentication issue
- NodeJs HTTP proxy basic auth
- Node JS API Authentication
- Http authorization with node.js
- Secure HTTP basic auth
- how to do Auth in node.js client
- Basic authentication on node.js using curl