static-auth
Advanced tools
The most simple way to add Basic Authentication to a static website hosted on Vercel.
The most simple way to add Basic Authentication to a static website hosted on Vercel.
I originally created this to add an authentication layer to my projects hosted on Vercel, but it can be used with Node's built-in http module too and should work with Express.
$ npm i static-auth -s
# or
$ yarn add static-auth
const auth = require('static-auth');
// Example with Vercel
module.exports = auth(
'/admin',
(user, pass) => (user === 'admin' && pass === 'admin') // (1)
);
(1) Checking credentials via the
==or===operators makes your code vulnerable to Timing attacks. This can be solved by using the safe-compare package instead.
index.js
const auth = require('static-auth');
// create a handler that will check for basic authentication before serving the files
const serveHandler = auth( /* ... */ );
// start the server
const http = require('http');
const server = http.createServer(serveHandler);
server.listen(4444, () => console.log('Listening on port 4444...'));
auth(url, validator, [options])
Required :
url (String) : The base url to protect with Basic Authentication. Use / to restrict access to the whole website, or /<path> (e.g. /admin) to restrict access only to a section of your site.validator (Function) : A function that accepts two parameters (user and pass) and returns true if the provided login credentials grant access to the restricted area.Optional :
[options] (Object) :
[directory] (String, defaults to process.cwd()) : The base path to serve the static assets from. For example, if a request to my-website.com/app.css should return the content of the file located at ./www/app.css (relative to the Node script), then you should set this to __dirname + '/www', otherwise the script will look for ./app.css − which doesn't exist − and return a 404.[onAuthFailed] (Function) : A callback that accepts one parameter (res, an http.ServerResponse object), useful if you want to return a custom error message or HTML page when the provided credentials are invalid.[realm] (String, defaults to 'default-realm') : See What is the "realm" in basic authentication (StackOverflow).[serveStaticOptions] (Object, defaults to {}) : Options to pass to the underlying serve-static module that's used to serve the files (see a usage example here).FAQs
The most simple way to add Basic Authentication to a static website hosted on Vercel.
We found that static-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.