@mitmaro/http-authorization-header
Advanced tools
Parses and generates HTTP Authorization and Proxy-Authorization headers strictly following RFC-7235. Supports legacy style auth-schemes (Basic, Digest, Bearer) as well as the more modern key-value auth params.
npm install --save @mitmaro/http-authorization-header
const http = require('http');
const {parse} = require('@mitmaro/http-authorization-header');
const httpServer = http.createServer((req, res) => {
const authHeader = req.getHeader('Authorization');
// authHeader => 'myscheme foo=bar, baz=foobar, buzz="quoted \"value!\""
const authData = parse(authHeader);
console.log(authData);
/*
{
scheme: 'myscheme',
values: [
['foo', 'bar'],
['baz', 'foobar],
['buzz', 'quotes "value!"']
]
}
*/
}).listen();
const {create, createToken68} = require('@mitmaro/http-authorization-header');
// legacy header value support (Basic, Digest, Bearer)
const basicAuthHeader = createToken68('Basic', Buffer.from('username:password').toString('base64'));
// Basic dXNlcm5hbWU6cGFzc3dvcmQ=
// modern form
const rfc7235Header = create('Custom', [['foo', 'bar'], ['foo', 'fuzz'], ['buzz', 'quoted "value!"']]);
// Custom foo=bar,foo=fuzz,buzz="quoted \"value!\""
const {
create,
createUnsafe,
createToken68,
createToken68Unsafe,
parse,
InvalidHeaderError,
InvalidInputError,
} = require('@mitmaro/http-authorization-header');
If the library is not in compliance with RFC-7235 then create an issue explaining the issue with sample data, or even better create a pull request that adds a test that fails.
Development is done using Node 8 and NPM 5, and tested against both Node 6 and Node 8. To get started
git clone git@github.com:MitMaro/http-authorization-header.gitcd http-authorization-headernpm installnpm run testBased on auth-header which was licensed under CC0-1.0. This project is released under the ISC license.
1.0.0 - 2018-01-28
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.