UNPKG

http-auth

Version:

Node.js package for HTTP basic and digest access authentication.

github.com/gevorg/http-auth

gevorg/http-auth

118 lines (97 loc) 2.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
"use strict"; // Base class. const Base = require("./base"); // Utility module. const utils = require("./utils"); // Importing apache-md5 module. const md5 = require("apache-md5"); // Importing apache-crypt module. const crypt = require("apache-crypt"); // Bcrypt. const bcrypt = require("bcryptjs"); // Crypto. const crypto = require("crypto"); // Reuse. const basicSchemeRegExp = /^basic\s/i; // Define basic auth. class Basic extends Base { // Constructor. constructor(options, checker) { super(options, checker); } // Verifies if password is correct. validate(hash, password) { if (hash.substr(0, 5) === "{SHA}") { hash = hash.substr(5); return hash === utils.sha1(password); } else if (hash.substr(0, 6) === "$apr1$" || hash.substr(0, 3) === "$1$") { return hash === md5(password, hash); } else if (hash.substr(0, 4) === "$2y$" || hash.substr(0, 4) === "$2a$") { return bcrypt.compareSync(password, hash); } else if (hash === crypt(password, hash)) { return true; } else if (hash.length === password.length) { return crypto.timingSafeEqual ? crypto.timingSafeEqual(Buffer.from(hash), Buffer.from(password)) : hash === password; } } // Processes line from authentication file. processLine(userLine) { let lineSplit = userLine.split(":"); let username = lineSplit.shift(); let hash = lineSplit.join(":"); // Push user. this.options.users.push({ username: username, hash: hash }); } // Generates request header. generateHeader() { return `Basic realm="${this.options.realm}"`; } // Parsing authorization header. parseAuthorization(header) { if (basicSchemeRegExp.test(header)) { let tokens = header.split(" "); return tokens[1]; } } // Searching for user. findUser(req, hash, callback) { // Decode base64. let splitHash = utils.decodeBase64(hash).split(":"); let username = splitHash.shift(); let password = splitHash.join(":"); if (this.checker) { // Custom auth. this.checker.apply(this, [ username, password, (result, customUser) => { let params = undefined; if (result instanceof Error) { params = [result]; } else { params = [{ user: customUser || username, pass: !!result }]; } callback.apply(this, params); }, req ]); } else { // File based auth. let pass = false; // Loop users to find the matching one. this.options.users.forEach(user => { if (user.username === username && this.validate(user.hash, password)) { pass = true; } }); // Call final callback. callback.apply(this, [{ user: username, pass: pass }]); } } } // Export basic auth. module.exports = (options, checker) => { return new Basic(options, checker); };