nuxt-security
Version:
🛡️ Security Module for Nuxt based on HTTP Headers and Middleware
24 lines (23 loc) • 1.18 kB
JavaScript
import { useRuntimeConfig } from "nitropack/runtime";
import { createError, defineEventHandler, sendError, setHeader } from "h3";
import getCredentials from "basic-auth";
export default defineEventHandler((event) => {
const credentials = getCredentials(event.node.req);
const securityConfig = useRuntimeConfig(event).private;
const basicAuthConfig = securityConfig.basicAuth;
if (!basicAuthConfig) {
return;
}
const excludePaths = basicAuthConfig?.exclude || ["/"];
const isPathExcluded = excludePaths.some((el) => event.path?.startsWith(el));
const includePaths = basicAuthConfig?.include || [];
const isPathIncluded = includePaths.some((el) => event.path?.startsWith(el));
if (isPathExcluded && !isPathIncluded) {
return;
}
if (!credentials || !validateCredentials(credentials, basicAuthConfig)) {
setHeader(event, "WWW-Authenticate", `Basic realm=${basicAuthConfig.message || "Please enter username and password"}`);
sendError(event, createError({ statusCode: 401, statusMessage: "Access denied" }));
}
});
const validateCredentials = (credentials, config) => credentials?.name === config?.name && credentials?.pass === config?.pass;