Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Basic HTTP authentication in Node.JS?

Tags:

http

authentication

node.js

basic-authentication

I'm trying to write a REST-API server with NodeJS like the one used by Joyent, and everything is ok except I can't verify a normal user's authentication. If I jump to a terminal and do curl -u username:password localhost:8000 -X GET, I can't get the values username:password on the NodeJS http server. If my NodeJS http server is something like 

var http = require('http'); http.createServer(function (req, res) {   res.writeHead(200, {'Content-Type': 'text/plain'});   res.end('Hello World\n'); }).listen(1337, "127.0.0.1");

, shouldn't I get the values username:password somewhere in the req object that comes from the callback ? How can I get those values without having to use Connect's basic http auth ?

like image 484
João Pinto Jerónimo Avatar asked May 10 '11 14:05

João Pinto Jerónimo

People also ask

How do I use basic authentication in node js?

Explanation: The first middleware is used for checking the authentication of the client when the server start and the client enter the localhost address. Initially req. headers. authorization is undefined and next() callback function return 401 status code unauthorized access to the browser.

1 Answers

The username:password is contained in the Authorization header as a base64-encoded string.

Try this:

const http = require('http');   http.createServer(function (req, res) {   var header = req.headers.authorization || '';       // get the auth header   var token = header.split(/\s+/).pop() || '';        // and the encoded auth token   var auth = Buffer.from(token, 'base64').toString(); // convert from base64   var parts = auth.split(/:/);                        // split on colon   var username = parts.shift();                       // username is first   var password = parts.join(':');                     // everything else is the password     res.writeHead(200, { 'Content-Type': 'text/plain' });   res.end('username is "' + username + '" and password is "' + password + '"'); }).listen(1337, '127.0.0.1');

From HTTP Authentication: Basic and Digest Access Authentication - Part 2 Basic Authentication Scheme (Pages 4-5)

Basic Authentication in Backus-Naur Form

basic-credentials = base64-user-pass base64-user-pass  = <base64 [4] encoding of user-pass,                     except not limited to 76 char/line> user-pass   = userid ":" password userid      = *<TEXT excluding ":"> password    = *TEXT
like image 151
Rob Raisch Avatar answered Oct 10 '22 22:10

Rob Raisch
Sign in to Comment

Related questions

Docker HTTP-requests between containers
HTTP basic authentication URL with "@" in password
Alternatives to Apache HttpComponents?
Is HTTP POST request allowed to send back a response body?
How can I use HTTP GET in PowerShell? [duplicate]
Why isn't HTTP PUT allowed to do partial updates in a REST API?
Using Git on Windows, behind an HTTP proxy, without storing proxy password on disk
How does HTTP 302 work?
Compressing HTTP Post Data sent from browser
urlencode an array of values
Are square brackets permitted in URLs?
How to encode UTF8 filename for HTTP headers? (Python, Django)
retrofit 2.0 how to print the full json response?
Why am I getting "(304) Not Modified" error on some links when using HttpWebRequest?
Send array via GET request with AngularJS' $http service
Is Content-Transfer-Encoding an HTTP header?
http post - how to send Authorization header?
How do I pass template context information when using HttpResponseRedirect in Django?
How can I set an HTTP Proxy (WebProxy) on a WCF client-side Service proxy?
Android HttpPost: how to get the result

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!