basic authentication with Node.js and restify

Question

I'm currently developing a RESTful web service with NodeJS and restify.

I have everything up and running with node-mysql for the database, but I also would like to implement HTTP Basic authentication.

I only did this once with Apache and an .htaccess file.

But here the webserver comes with restify and I start it like this:

var server = restify.createServer({
  name: 'my webservice'
});

There is a Authentication Parser Plugin listed in the restify documentation (http://mcavage.me/node-restify/#Bundled-Plugins) but I can't figure out how to use it.

The req.username value is always set to anonymous, even when I use http://user:pass@url....

The best thing would be if I could use it with a .htpasswd file to store/access the user and pass.

Does anyone know how to implement this with restify or another module?

Answer 1

Finally I found a way to do it without any additional modules.

First I send the correkt header:

var auth = req.headers['authorization'];
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
res.end('need creds');

Then I check the user and pass and if its ok then send the correct status code

res.statusCode = 200;  // OK

If the password is not correct:

  res.statusCode = 401; // Force them to retry authentication
  res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
  res.end('<html><body>You shall not pass</body></html>');

This works pretty well. I only have some trouble to read the .htpasswd and the crypted password. Does anyone know how I can check a plain password against a .htpasswd file?

Answer 2

Have a look at Passport.js. It supports Basic HTTP as one of the authentication schemes.