I'm currently developing a RESTful web service with NodeJS and restify.
I have everything up and running with node-mysql for the database, but I also would like to implement HTTP Basic authentication.
I only did this once with Apache and an .htaccess file.
But here the webserver es with restify and I start it like this:
var server = restify.createServer({
name: 'my webservice'
});
There is a Authentication Parser Plugin listed in the restify documentation () but I can't figure out how to use it.
The req.username value is always set to anonymous, even when I use http://user:pass@url....
The best thing would be if I could use it with a .htpasswd file to store/access the user and pass.
Does anyone know how to implement this with restify or another module?
I'm currently developing a RESTful web service with NodeJS and restify.
I have everything up and running with node-mysql for the database, but I also would like to implement HTTP Basic authentication.
I only did this once with Apache and an .htaccess file.
But here the webserver es with restify and I start it like this:
var server = restify.createServer({
name: 'my webservice'
});
There is a Authentication Parser Plugin listed in the restify documentation (http://mcavage.me/node-restify/#Bundled-Plugins) but I can't figure out how to use it.
The req.username value is always set to anonymous, even when I use http://user:pass@url....
The best thing would be if I could use it with a .htpasswd file to store/access the user and pass.
Does anyone know how to implement this with restify or another module?
Share Improve this question edited May 2, 2014 at 20:16 Blackcoat 3,32033 silver badges25 bronze badges asked Apr 10, 2014 at 15:14 NicoNico 1,0811 gold badge25 silver badges39 bronze badges4 Answers
Reset to default 6Finally I found a way to do it without any additional modules.
First I send the correkt header:
var auth = req.headers['authorization'];
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
res.end('need creds');
Then I check the user and pass and if its ok then send the correct status code
res.statusCode = 200; // OK
If the password is not correct:
res.statusCode = 401; // Force them to retry authentication
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
res.end('<html><body>You shall not pass</body></html>');
This works pretty well. I only have some trouble to read the .htpasswd and the crypted password. Does anyone know how I can check a plain password against a .htpasswd file?
Have a look at Passport.js. It supports Basic HTTP as one of the authentication schemes.
The req.username value is always set to anonymous, even when I use http: //user:pass@url....
The documentation seems to suggest that it expects the credentials in the header not in the url, you might need to use Curl or some other tool besides a browser to make headers with authorization headers.
With express you can do something like this:
var auth = express.basicAuth(function(user, pass) {
return (user == "admin" && pass == "1234");
},'Super duper secret area');
app.get('/test', auth, function(req, res){
...
});
expressjs.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1742337193a4424886.html
评论列表(0条)