koa-basic-auth
Advanced tools
koa-basic-auth - npm Package Compare versions
Comparing version 3.0.0 to 4.0.0
30
index.js
@@ -9,3 +9,3 @@ | ||
| const auth = require('basic-auth'); | ||
| const assert = require('assert'); | ||
| const compare = require('tsscmp'); | ||
@@ -18,2 +18,3 @@ /** | ||
| * - `pass` password | ||
| * - `realm` realm | ||
| * | ||
@@ -28,4 +29,4 @@ * @param {Object} opts | ||
| assert(opts.name, 'basic auth .name required'); | ||
| assert(opts.pass, 'basic auth .pass required'); | ||
| if (!opts.name && !opts.pass) | ||
| throw new Error('Basic auth `name` and/or `pass` is required'); | ||
@@ -36,11 +37,18 @@ if (!opts.realm) opts.realm = 'Secure Area'; | ||
| const user = auth(ctx); | ||
| if (user && user.name == opts.name && user.pass == opts.pass) { | ||
| return next(); | ||
| } else { | ||
| ctx.throw(401, null, { headers: { | ||
| 'WWW-Authenticate': 'Basic realm="' + opts.realm.replace(/"/g, '\\"') + '"' | ||
| } }); | ||
| } | ||
| if ( | ||
| !user || | ||
| (opts.name && !compare(opts.name, user.name)) || | ||
| (opts.pass && !compare(opts.pass, user.pass)) | ||
| ) | ||
| return ctx.throw( | ||
| 401, | ||
| null, | ||
| { | ||
| headers: { | ||
| 'WWW-Authenticate': 'Basic realm="' + opts.realm.replace(/"/g, '\\"') + '"' | ||
| } | ||
| } | ||
| ); | ||
| return next(); | ||
| }; | ||
| }; |
@@ -5,3 +5,3 @@ { | ||
| "repository": "koajs/basic-auth", | ||
| "version": "3.0.0", | ||
| "version": "4.0.0", | ||
| "scripts": { | ||
@@ -30,4 +30,5 @@ "test": "NODE_ENV=test mocha --reporter spec --exit", | ||
| "dependencies": { | ||
| "basic-auth": "^2.0.0" | ||
| "basic-auth": "^2.0.0", | ||
| "tsscmp": "^1.0.6" | ||
| } | ||
| } |
@@ -6,2 +6,4 @@ # koa-basic-auth [](https://travis-ci.org/koajs/basic-auth) | ||
| **v4.x+ Breaking Change:** This package no longer requires both a username and a password. Either or is supported, see [#39](https://github.com/jshttp/basic-auth/issues/39) for more insight. | ||
| ## Installation | ||
@@ -52,13 +54,11 @@ | ||
| ``` | ||
| $ curl -H "Authorization: basic dGo6dG9iaQ==" http://localhost:3000/ -i | ||
| HTTP/1.1 200 OK | ||
| X-Powered-By: koa | ||
| Content-Type: text/plain; charset=utf-8 | ||
| Content-Length: 6 | ||
| Date: Sat, 30 Nov 2013 19:35:17 GMT | ||
| Connection: keep-alive | ||
| $ curl -H "Authorization: basic dGo6dG9iaQ==" http://localhost:3000/ -i | ||
| HTTP/1.1 200 OK | ||
| X-Powered-By: koa | ||
| Content-Type: text/plain; charset=utf-8 | ||
| Content-Length: 6 | ||
| Date: Sat, 30 Nov 2013 19:35:17 GMT | ||
| Connection: keep-alive | ||
| secret | ||
| ``` | ||
| secret | ||
@@ -65,0 +65,0 @@ Using the [mount](https://github.com/koajs/mount) middleware you may specify auth for a given prefix: |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by10.55%
3939
- Lines of code
- increased by27.27%
42
Worsened metrics
- Dependency count
- increased by100%
2
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedtsscmp@^1.0.6
+ Addedtsscmp@1.0.6(transitive)