Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
nextjs-basic-auth-middleware
Advanced tools
> :warning: Current path support in the middleware shouldn't be used, use [matcher](https://nextjs.org/docs/advanced-features/middleware#matcher) to handle paths
:warning: Current path support in the middleware shouldn't be used, use matcher to handle paths
Adds basic auth support to Next.js projects using the official middleware approach (with a _middleware
file).
An alternative approach for server side rendered (SSR) pages is also available.
Options can be set on the basic auth middleware and overridden using environment variables.
Run either of the following commands to add the package, based on your package manager of choice:
# NPM
npm install nextjs-basic-auth-middleware
# Yarn
yarn add nextjs-basic-auth-middleware
The Next.js middleware functionality allows you to add basic auth in front of all your requests, see the Next.js Middleware documentation for more information.
You can use the createNextAuthMiddleware
function to create a default middleware function that sends a NextResponse.next()
when the auth passes:
import { createNextAuthMiddleware } from 'nextjs-basic-auth-middleware'
export const middleware = createNextAuthMiddleware(options)
You can also use the nextBasicAuthMiddleware
function to check basic auth in a bigger middleware function:
import { nextBasicAuthMiddleware } from 'nextjs-basic-auth-middleware'
export const middleware = (req) => {
nextBasicAuthMiddleware(options, req)
// Your other middleware functions
return NextResponse.next()
}
:warning: The middleware will still return a 401 and will quit processing the rest of the middleware. Add this middleware after any required work.
This approach only works for server side rendered pages where a request and response object are available.
Either add it to individual pages in the getServerSideProps
method:
import { pageMiddleware } from 'nextjs-basic-auth-middleware'
export async function getServerSideProps({ req, res }) => {
pageMiddleware(req, res)
...
}
Or add the middleware to the getInitialProps
method of your document:
import { pageMiddleware } from 'nextjs-basic-auth-middleware'
Document.getInitialProps = async ({ req, res }) => {
pageMiddleware(req, res)
...
}
:warning: This will not work if you have pages that use static optimization, e.g. no use of
getInitialProps
orgetServerSideProps
But this will work anywhere where there is a request and response object available (app/api routes as well).
Use the Next.js middleware approach if possible.
Some alternatives if this approach will not work for you:
If you want to override credentials you can use the BASIC_AUTH_CREDENTIALS
environment variable:
# Enables basic auth for user `test` with password `password`
BASIC_AUTH_CREDENTIALS=user:password
# You can set multiple accounts using `|` as a delimiter
BASIC_AUTH_CREDENTIALS=user:password|user2:password2
Users set using environment variables will override and thus disable users set in options. You can also set the paths that should (not) be checked:
# Enables basic authentication for /pages
BASIC_AUTH_PATHS=/pages
# You can set multiple paths using `;` as a delimiter
BASIC_AUTH_PATHS=/pages;/admin
# Setting excluded paths work in the same way
BASIC_AUTH_EXCLUDE_PATHS=/api;/healthchecks
basicAuthMiddleware(req: http.IncomingMessage, res: http.ServerResponse, options)
The options object can contain any of the following options:
option | description | default value |
---|---|---|
realm | The name of the basic auth realm | 'Protected' |
users | A list of users that can authenticate | [] |
includePaths | List of paths that should have protection | ['/'] |
excludePaths | List of paths that are excluded from protection | [] |
NOTE The exclude paths are always excluded from protection, even if they exist in the included paths
The user object consists of the following required fields:
field | description | type |
---|---|---|
name | The username | string |
password | The password | string |
Below is a list of commands you will probably find useful.
npm start
or yarn start
Runs the project in development/watch mode. Your project will be rebuilt upon changes. TSDX has a special logger for your convenience. Error messages are pretty printed and formatted for compatibility VS Code's Problems tab.
Your library will be rebuilt if you make edits.
npm run build
or yarn build
Bundles the package to the dist
folder.
The package is optimized and bundled with Rollup into multiple formats (CommonJS, UMD, and ES Module).
npm test
or yarn test
Runs the test watcher (Jest) in an interactive mode. By default, runs tests related to files changed since the last commit.
This project was bootstrapped with TSDX.
1.0.0
FAQs
Unknown package
The npm package nextjs-basic-auth-middleware receives a total of 3,521 weekly downloads. As such, nextjs-basic-auth-middleware popularity was classified as popular.
We found that nextjs-basic-auth-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.