94 lines
2.3 KiB
JavaScript
94 lines
2.3 KiB
JavaScript
|
|
/*!
|
|
* Connect - basicAuth
|
|
* Copyright(c) 2010 Sencha Inc.
|
|
* Copyright(c) 2011 TJ Holowaychuk
|
|
* MIT Licensed
|
|
*/
|
|
|
|
/**
|
|
* Module dependencies.
|
|
*/
|
|
|
|
var utils = require('../utils')
|
|
, unauthorized = utils.unauthorized
|
|
, badRequest = utils.badRequest;
|
|
|
|
/**
|
|
* Enfore basic authentication by providing a `callback(user, pass)`,
|
|
* which must return `true` in order to gain access. Alternatively an async
|
|
* method is provided as well, invoking `callback(user, pass, callback)`. Populates
|
|
* `req.remoteUser`. The final alternative is simply passing username / password
|
|
* strings.
|
|
*
|
|
* Examples:
|
|
*
|
|
* connect(connect.basicAuth('username', 'password'));
|
|
*
|
|
* connect(
|
|
* connect.basicAuth(function(user, pass){
|
|
* return 'tj' == user & 'wahoo' == pass;
|
|
* })
|
|
* );
|
|
*
|
|
* connect(
|
|
* connect.basicAuth(function(user, pass, fn){
|
|
* User.authenticate({ user: user, pass: pass }, fn);
|
|
* })
|
|
* );
|
|
*
|
|
* @param {Function|String} callback or username
|
|
* @param {String} realm
|
|
* @api public
|
|
*/
|
|
|
|
module.exports = function basicAuth(callback, realm) {
|
|
var username, password;
|
|
|
|
// user / pass strings
|
|
if ('string' == typeof callback) {
|
|
username = callback;
|
|
password = realm;
|
|
if ('string' != typeof password) throw new Error('password argument required');
|
|
realm = arguments[2];
|
|
callback = function(user, pass){
|
|
return user == username && pass == password;
|
|
}
|
|
}
|
|
|
|
realm = realm || 'Authorization Required';
|
|
|
|
return function(req, res, next) {
|
|
var authorization = req.headers.authorization;
|
|
|
|
if (req.remoteUser) return next();
|
|
if (!authorization) return unauthorized(res, realm);
|
|
|
|
var parts = authorization.split(' ')
|
|
, scheme = parts[0]
|
|
, credentials = new Buffer(parts[1], 'base64').toString().split(':');
|
|
|
|
if ('Basic' != scheme) return badRequest(res);
|
|
|
|
// async
|
|
if (callback.length >= 3) {
|
|
var pause = utils.pause(req);
|
|
callback(credentials[0], credentials[1], function(err, user){
|
|
if (err || !user) return unauthorized(res, realm);
|
|
req.remoteUser = user;
|
|
next();
|
|
pause.resume();
|
|
});
|
|
// sync
|
|
} else {
|
|
if (callback(credentials[0], credentials[1])) {
|
|
req.remoteUser = credentials[0];
|
|
next();
|
|
} else {
|
|
unauthorized(res, realm);
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|