Make a NodeJs application private on Heroku

Question

I'm trying to make a NodeJS application on Heroku private so that only developers can see it. Is there a simply way to do that, like basic auth? (All of the solutions I keep finding are specific to Ruby apps).

Are you using any sort of framework? – max Jul 24 '13 at 21:07 — max, Jul 24 '13 at 21:07

score 4 · Answer 1 · answered Jul 24 '13 at 23:14

4

If you want to leverage basic authentication, here are two options: http-auth and Passport. http-auth is a very simple module and Passport is a powerful module with alternatives for authentication. Both modules provide code examples ranging from basic code to Express framework integration.

answered Jul 24 '13 at 23:14

mongermd

227
2
2

I don't think this is what the question is asking for. This answers how to authenticate a user on an app. Not how to secure a stain environment, for example. – Noah Mar 05 '15 at 08:17

score 2 · Answer 2 · edited May 23 '17 at 10:33

I have the same problem. I managed to get one solution working that may work for you but wasn't suitable for me as it seems to interfere with the built in user login from angular-fullstack.

I just wanted a quick way to password protect the app so that only developers and stakeholders could see it. https://www.npmjs.org/package/http-auth seems to do the trick.

This involves add http-auth to your project (npm install http-auth --save). Then you'll need to find the file where your createServer is defined and the code there.

If you're using Express you can do something like this

// HTTP Authentication 
var preAuth = require('http-auth');
var basic = preAuth.basic({
        realm: "Restricted Access! Please login to proceed"
    }, function (username, password, callback) { 
         callback( (username === "user" && password === "password"));
    }
);

// Setup server
var app = express();
    app.use(preAuth.connect(basic));
var server = require('http').createServer(app);

If not then you can try one of the options from the http-auth documentation e.g.

// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
        realm: "Simon Area."
    }, function (username, password, callback) { // Custom authentication method.
        callback(username === "Tina" && password === "Bullock");
    }
);

// Creating new HTTP server.
http.createServer(basic, function(req, res) {
    res.end("Welcome to private area - " + req.user + "!");
}).listen(1337);

Here are also a couple of related threads with somewhat similar approaches.

express.basicAuth throwing error

Basic HTTP authentication in Node.JS?

Make a NodeJs application private on Heroku

2 Answers2