basic-auth
Advanced tools
Comparing version 1.0.1 to 1.0.2
@@ -0,5 +1,14 @@ | ||
1.0.2 / 2015-06-12 | ||
================== | ||
* Improve error message when `req` argument missing | ||
* perf: enable strict mode | ||
* perf: hoist regular expression | ||
* perf: parse with regular expressions | ||
* perf: remove argument reassignment | ||
1.0.1 / 2015-05-04 | ||
================== | ||
* update readme | ||
* Update readme | ||
@@ -6,0 +15,0 @@ 1.0.0 / 2014-07-01 |
102
index.js
@@ -0,28 +1,92 @@ | ||
/*! | ||
* morgan | ||
* Copyright(c) 2013 TJ Holowaychuk | ||
* Copyright(c) 2014 Jonathan Ong | ||
* Copyright(c) 2015 Douglas Christopher Wilson | ||
* MIT Licensed | ||
*/ | ||
'use strict' | ||
/** | ||
* Parse the Authorization header field of `req`. | ||
* Module exports. | ||
* @public | ||
*/ | ||
module.exports = auth | ||
/** | ||
* RegExp for basic auth credentials | ||
* | ||
* @param {Request} req | ||
* @return {Object} with .name and .pass | ||
* @api public | ||
* credentials = auth-scheme 1*SP token68 | ||
* auth-scheme = "Basic" ; case insensitive | ||
* token68 = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"=" | ||
* @private | ||
*/ | ||
module.exports = function(req){ | ||
req = req.req || req; | ||
var credentialsRegExp = /^ *(?:[Bb][Aa][Ss][Ii][Cc]) +([A-Za-z0-9\-\._~\+\/]+=*) *$/ | ||
var auth = req.headers.authorization; | ||
if (!auth) return; | ||
/** | ||
* RegExp for basic auth user/pass | ||
* | ||
* user-pass = userid ":" password | ||
* userid = *<TEXT excluding ":"> | ||
* password = *TEXT | ||
* @private | ||
*/ | ||
// malformed | ||
var parts = auth.split(' '); | ||
if ('basic' != parts[0].toLowerCase()) return; | ||
if (!parts[1]) return; | ||
auth = parts[1]; | ||
var userPassRegExp = /^([^:]*):(.*)$/ | ||
// credentials | ||
auth = new Buffer(auth, 'base64').toString(); | ||
auth = auth.match(/^([^:]*):(.*)$/); | ||
if (!auth) return; | ||
/** | ||
* Parse the Authorization header field of a request. | ||
* | ||
* @param {object} req | ||
* @return {object} with .name and .pass | ||
* @public | ||
*/ | ||
return { name: auth[1], pass: auth[2] }; | ||
}; | ||
function auth(req) { | ||
if (!req) { | ||
throw new TypeError('argument req is required') | ||
} | ||
// get header | ||
var header = (req.req || req).headers.authorization | ||
// parse header | ||
var header = req.headers.authorization | ||
var match = credentialsRegExp.exec(header || '') | ||
if (!match) { | ||
return | ||
} | ||
// decode user pass | ||
var userPass = userPassRegExp.exec(decodeBase64(match[1])) | ||
if (!userPass) { | ||
return | ||
} | ||
// return credentials object | ||
return new Credentials(userPass[1], userPass[2]) | ||
} | ||
/** | ||
* Decode base64 string. | ||
* @private | ||
*/ | ||
function decodeBase64(str) { | ||
return new Buffer(str, 'base64').toString() | ||
} | ||
/** | ||
* Object to represent user credentials. | ||
* @private | ||
*/ | ||
function Credentials(name, pass) { | ||
this.name = name | ||
this.pass = pass | ||
} |
{ | ||
"name": "basic-auth", | ||
"description": "node.js basic auth parser", | ||
"version": "1.0.1", | ||
"version": "1.0.2", | ||
"license": "MIT", | ||
@@ -14,4 +14,4 @@ "keywords": [ | ||
"devDependencies": { | ||
"istanbul": "0.3.13", | ||
"mocha": "~2.2.4" | ||
"istanbul": "0.3.15", | ||
"mocha": "1.21.5" | ||
}, | ||
@@ -24,3 +24,3 @@ "files": [ | ||
"engines": { | ||
"node": ">= 0.8" | ||
"node": ">= 0.6" | ||
}, | ||
@@ -27,0 +27,0 @@ "scripts": { |
@@ -17,7 +17,19 @@ # basic-auth | ||
## API | ||
```js | ||
var auth = require('basic-auth') | ||
``` | ||
### auth(req) | ||
Get the basic auth credentials from the given request. The `Authorization` | ||
header is parsed and if the header is invalid, `undefined` is returned, | ||
otherwise an object with `name` and `pass` properties. | ||
## Example | ||
Pass a node request or koa Context object to the module exported. If | ||
parsing fails `undefined` is returned, otherwise an object with | ||
`.name` and `.pass`. | ||
Pass a node request or koa Context object to the module exported. If | ||
parsing fails `undefined` is returned, otherwise an object with | ||
`.name` and `.pass`. | ||
@@ -38,12 +50,11 @@ ```js | ||
// Create server | ||
var server = http.createServer(function(req, res){ | ||
var server = http.createServer(function (req, res) { | ||
var credentials = auth(req) | ||
if (!credentials || credentials.name !== 'john' || credentials.pass !== 'secret') { | ||
res.writeHead(401, { | ||
'WWW-Authenticate': 'Basic realm="example"' | ||
}) | ||
res.end() | ||
res.statusCode = 401 | ||
res.setHeader('WWW-Authenticate', 'Basic realm="example"') | ||
res.end('Access denied') | ||
} else { | ||
res.end('Access granted'); | ||
res.end('Access granted') | ||
} | ||
@@ -60,11 +71,11 @@ }) | ||
[npm-image]: https://img.shields.io/npm/v/basic-auth.svg?style=flat | ||
[npm-image]: https://img.shields.io/npm/v/basic-auth.svg | ||
[npm-url]: https://npmjs.org/package/basic-auth | ||
[node-version-image]: https://img.shields.io/badge/node.js-%3E%3D_0.8-brightgreen.svg?style=flat | ||
[node-version-image]: https://img.shields.io/node/v/basic-auth.svg | ||
[node-version-url]: http://nodejs.org/download/ | ||
[travis-image]: https://img.shields.io/travis/jshttp/basic-auth.svg?style=flat | ||
[travis-image]: https://img.shields.io/travis/jshttp/basic-auth/master.svg | ||
[travis-url]: https://travis-ci.org/jshttp/basic-auth | ||
[coveralls-image]: https://img.shields.io/coveralls/jshttp/basic-auth.svg?style=flat | ||
[coveralls-image]: https://img.shields.io/coveralls/jshttp/basic-auth/master.svg | ||
[coveralls-url]: https://coveralls.io/r/jshttp/basic-auth?branch=master | ||
[downloads-image]: https://img.shields.io/npm/dm/basic-auth.svg?style=flat | ||
[downloads-image]: https://img.shields.io/npm/dm/basic-auth.svg | ||
[downloads-url]: https://npmjs.org/package/basic-auth |
Sorry, the diff of this file is not supported yet
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
6087
73
79