Generic basic auth Authorization header field parser for whatever.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
$ npm install basic-auth
const { parse } = require('basic-auth');Parse a basic auth authorization header string. This will return an object
with name and pass properties, or undefined if the string is invalid.
Pass a Basic auth header to the parse() method. If parsing fails
undefined is returned, otherwise an object with .name and .pass.
const { parse } = require('basic-auth');
const user = parse(req.headers.authorization);
// => { name: 'something', pass: 'whatever' }A header string from any other location can also be parsed for example a Proxy-Authorization header:
const { parse } = require('basic-auth');
const user = parse(req.getHeader('Proxy-Authorization'));const http = require('node:http');
const { parse } = require('basic-auth');
const compare = require('tsscmp');
// Create server
const server = http.createServer(function (req, res) {
const credentials = parse(req.headers.authorization);
// Check credentials
// The "check" function will typically be against your user store
if (!credentials || !check(credentials.name, credentials.pass)) {
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="example"');
res.end('Access denied');
} else {
res.end('Access granted');
}
});
// Basic function to validate credentials for example
function check(name, pass) {
let valid = true;
// Simple method to prevent short-circuit and use timing-safe compare
valid = compare(name, 'john') && valid;
valid = compare(pass, 'secret') && valid;
return valid;
}
// Listen
server.listen(3000);