javascript - Express: basic authentication for one route - Stack Overflow

admin管理员组

文章数量:1405389

I'm trying to make a set of tools to access my database. Most are to do with accessing data by my webapps, but I also need a page of my express powered site with a password for the site owner to provide an online tool for editing the database; all other routes will not require auth.

With express 3, basic-auth made adding such a password easy, but its functionality has been reduced with the middleware in Express 4 and with most of the online tutorials out of date. The new version of basic-auth will process authentication header info, but how do I trigger the login popup in the browser?

The code below is little more than boilerplate, so some hints on the world's simplest login would be wele.

express = require('express')
app = express()
auth = require 'basic-auth'


port = Number(process.env.PORT || 9778);
app.listen port, () ->
    console.log "Listening on port: " + port


app.use '/editor', (req, res) ->
    user = auth req
    if (user == "....") ...
    console.log user


app.get '/editor', (req, res) ->
    # if authenticated send 'editor.html' else....
    res.send 401, "Need password"

At present I an adding authentication to access a page and then allowing that page to post to the CRUD node. I think I should really move to a proper REST API and require authentication on CUD?

I'm trying to make a set of tools to access my database. Most are to do with accessing data by my webapps, but I also need a page of my express powered site with a password for the site owner to provide an online tool for editing the database; all other routes will not require auth.

With express 3, basic-auth made adding such a password easy, but its functionality has been reduced with the middleware in Express 4 and with most of the online tutorials out of date. The new version of basic-auth will process authentication header info, but how do I trigger the login popup in the browser?

The code below is little more than boilerplate, so some hints on the world's simplest login would be wele.

express = require('express')
app = express()
auth = require 'basic-auth'


port = Number(process.env.PORT || 9778);
app.listen port, () ->
    console.log "Listening on port: " + port


app.use '/editor', (req, res) ->
    user = auth req
    if (user == "....") ...
    console.log user


app.get '/editor', (req, res) ->
    # if authenticated send 'editor.html' else....
    res.send 401, "Need password"

At present I an adding authentication to access a page and then allowing that page to post to the CRUD node. I think I should really move to a proper REST API and require authentication on CUD?

• javascript
• node.js
• authentication
• express

Share Improve this question Follow edited Jul 6, 2014 at 6:45 Simon H asked Jul 5, 2014 at 7:01 Simon HSimon H 21.1k1414 gold badges8181 silver badges142142 bronze badges

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 3

According to the Basic Authentication spec, the server can request authentication by sending a WWW-Authenticate header with a 401 status code. The following worked for me:

res.set({
  'WWW-Authenticate': 'Basic realm="simple-admin"'
}).send(401);

I put the in my own middleware which looks something like this:

var auth = require('basic-auth');

module.exports = function(req, res, next){
  var user = auth(req);
  if(validAuth){ // Here you need some logic to validate authentication
    next();
  } else {
    res.set({
      'WWW-Authenticate': 'Basic realm="simple-admin"'
    }).send(401);
  }
};

Based on @JustinY this is the end result

app.use '/editor', (req, res, next) ->
    user = auth req
    if (user.pass == '******')
        console.log user
        next()
    else
        res.set
            'WWW-Authenticate': 'Basic realm="simple-admin"'
        res.send 401, "Need password"


app.get '/editor', (req, res) ->
    res.sendfile 'editor/index.html'

本文标签： javascriptExpress basic authentication for one routeStack Overflow