Node.js http basic auth

Question

Is it possible to do basic auth in Node.js just like in Apache?

http://doc.norang.ca/apache-basic-auth.html

I know that if using Express or Connect I can add middle-ware functionality and do user verification, but I'm trying to restrict the whole area (I don't need to authenticate users from a database just a couple of defined users) - I'm using Ubuntu.

https://github.com/kaero/node-http-digest

That's something I can do, but I'm not sure if "exposing" or directly writing the user and password in the code is secure enough.

Many thanks.

score 18 · Accepted Answer · answered Oct 10 '12 at 17:53

Passport provides a clean mechanism to implement basic auth. I use it in my Node.js Express app to protect both my Angularjs-based UI as well as my RESTful API. To get passport up and running in your app do the following:

npm install passport
npm install passport-http (contains "BasicStrategy" object for basic auth)

Open up your app.js and add the following:

var passport = require('passport')    
var BasicStrategy = require('passport-http').BasicStrategy

passport.use(new BasicStrategy(
  function(username, password, done) {
    if (username.valueOf() === 'yourusername' &&
      password.valueOf() === 'yourpassword')
      return done(null, true);
    else
      return done(null, false);
  }
));

// Express-specific configuration section
// *IMPORTANT*
//   Note the order of WHERE passport is initialized
//   in the configure section--it will throw an error
//   if app.use(passport.initialize()) is called after
//   app.use(app.router) 
app.configure(function(){
  app.use(express.cookieParser());
  app.use(express.session({secret:'123abc',key:'express.sid'}));
  app.set('views', __dirname + '/views');
  app.set('view engine', 'jade');
  app.set('view options', {
    layout: false
  });
  app.use(express.bodyParser());
  app.use(express.methodOverride());
  app.use(express.static(__dirname + '/public'));
  app.use(passport.initialize());
  app.use(app.router);
  app.use(logger);
});

// Routes

app.get('/', passport.authenticate('basic', { session: false }), routes.index);
app.get('/partials/:name', routes.partials);

// JSON API

app.get('/api/posts', passport.authenticate('basic', { session: false }), api.posts);
app.get('/api/post/:id', passport.authenticate('basic', { session: false }), api.post)
// --Repeat for every API call you want to protect with basic auth--

app.get('*', passport.authenticate('basic', { session: false }), routes.index);

score 13 · Answer 2 · answered Mar 05 '13 at 18:40

13

Put this

app.use(express.basicAuth(function(user, pass) {
  return user === 'test' && pass === 'test';
}));

before the line to

app.use(app.router);

to protect all routes with http basic auth

answered Mar 05 '13 at 18:40

Vidal Graupera

558
5
7

score 3 · Answer 3 · answered Apr 22 '16 at 11:19

3

I think good choice could be http-auth module

// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
    realm: "Simon Area.",
    file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});

// Application setup.
var app = express();
app.use(auth.connect(basic));

// Setup route.
app.get('/', function(req, res){
  res.send("Hello from express - " + req.user + "!");
});

answered Apr 22 '16 at 11:19

gevorg

4,835
4
35
52

5

I think a disclaimer that you are the maintainer of `http-auth` would be appropriate here. – Marco Roy Jan 11 '17 at 20:54

score 3 · Answer 4 · edited May 23 '17 at 12:33

3

Have a look at: user authentication libraries for node.js?

It does not answer your question 100% - but maybe it helps.

edited May 23 '17 at 12:33

Community

1
1

answered Sep 08 '11 at 10:59

Matthias

10,816
2
19
12

Hi @nivoc, thanks for replying, yeah probably middle-ware is the way to go, I have not seen any other solution for this case scenario. – Jaime Sep 08 '11 at 12:43

Node.js http basic auth

4 Answers4

Linked

Related