0.1.1 • Published 8 years ago

cavecanem v0.1.1

Weekly downloads
-
License
MIT
Repository
github
Last release
8 years ago

CaveCanem

Beware the dog! A Node.JS HTTP Basic Authentication library

Build Status

HTTP Basic authentication (BA)

HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn't require cookies, session identifier and login pages. Rather, HTTP Basic authentication uses static, standard fields in the HTTP header which means that no handshakes have to be done in anticipation. Wikipedia

CaveCanem Installation

$ npm install cavecanem

Getting started

Example with Express.js

var auth = require('cavecanem')

cavecanem includes a configuration object cc passed through the req object. The cc can specify a function named checkCredentials for testing the credentials against hardcoded values in the simplest case or stored in a database.

The way to intercept the req object and to add the cc object can be done in different way but the following is a good and simple approach:

app.use(function (req, res, next) {
  req.authentication = {
    checkCredentials: function(credentials){
      return (credentials.username === "canem" && credentials.password === "cave");
    }
  };
  next();
});

you can use the auth variable as a middleware for the routing of yours protected resource

app.use('/users', auth, protected_resource);

the function called by the route will receive the res object which will include authentication object with a code, a description and in case username and password.

codedescriptionusernamepassword
200successfully authenticatedyesyes
401The username or password are wrongnono
400Wrong authorization header is providednono
500Description of the errornono

The end function needs to use this information to send back the correct status to the client.

Test with cURL

A simple way to test the the request to a protected_resource

curl -v --header "authorization: Basic Y2FuZW06Y2F2ZQ==" http://localhost:3000/protected_resource

How it works

Get the basic auth credentials from the given request. The sender will add the Authorization header within the request. Suppose the username is canem and the password is cave then the Authorization header will results Basic Y2FuZW06Y2F2ZQ==. This header is parsed and an object with username and password is returned in a successful scenario.

License

MIT License

0.1.1

8 years ago

0.1.0

8 years ago

0.0.3

10 years ago

0.0.2

10 years ago

0.0.1

10 years ago