How to use the http-auth.connect function in http-auth
To help you get started, we’ve selected a few http-auth examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
twitterdev / account-activity-dashboard / helpers / auth.js View on Github 
// twitter info
auth.twitter_oauth = {
consumer_key: process.env.TWITTER_CONSUMER_KEY,
consumer_secret: process.env.TWITTER_CONSUMER_SECRET,
token: process.env.TWITTER_ACCESS_TOKEN,
token_secret: process.env.TWITTER_ACCESS_TOKEN_SECRET
}
auth.twitter_webhook_environment = process.env.TWITTER_WEBHOOK_ENV
// basic auth middleware for express
if (typeof process.env.BASIC_AUTH_USER !== 'undefined' &&
typeof process.env.BASIC_AUTH_PASSWORD !== 'undefined') {
auth.basic = httpAuth.connect(httpAuth.basic({
realm: 'admin-dashboard'
}, function(username, password, callback) {
callback(username === process.env.BASIC_AUTH_USER && password === process.env.BASIC_AUTH_PASSWORD)
}))
} else {
console.warn([
'Your admin dashboard is accessible by everybody.',
'To restrict access, setup BASIC_AUTH_USER and BASIC_AUTH_PASSWORD',
'as environment variables.',
].join(' '))
}
// csrf protection middleware for express
auth.csrf = require('csurf')()}
}
}
});
// Application setup.
var app = express();
if (bUseAuth) {
console.log('Starting with basic authentication');
var basic = auth.basic({
realm: 'Datawake Forensic',
file: './.htpassword'
}
);
app.use(auth.connect(basic));
} else {
console.log('Starting with no authentication');
}
// Setup route.
app.use('/',express.static('../server/forensic_v2'));
app.listen(port);
console.log('Listening on port ' + port);app.use(compression());
const upload = multer({
dest: 'uploads/'
});
// Upload areas and reset/delete for videos and images can be protected by basic authentication
// by configuring ADMIN_USERNAME and ADMIN_PASSWORD environment variables.
const basic = auth.basic({
realm: 'Adminstrative Area'
}, (username, password, callback) => { // Custom authentication method.
// Authentication is configured through environment variables.
// If there are not set, upload is open to all users.
callback(username === process.env.ADMIN_USERNAME && password === process.env.ADMIN_PASSWORD);
});
const authenticator = auth.connect(basic);
const checkForAuthentication = (req, res, next) => {
if (process.env.ADMIN_USERNAME) {
console.log('Authenticating call...');
authenticator(req, res, next);
} else {
console.log('No authentication configured');
next();
}
};
// initialize local VCAP configuration
let vcapLocal = null;
if (!fs.existsSync('../local.env')) {
console.log('No local.env defined. VCAP_SERVICES will be used.');
} else {
try {}, function(err, user) {
done(err, user);
});
});
passport.use(new SteamStrategy({
returnURL: host + '/return',
realm: host,
apiKey: api_key
}, utility.initializeUser));
var basic = auth.basic({
realm: "Kue"
}, function(username, password, callback) { // Custom authentication method.
callback(username === (process.env.KUE_USER || "user") && password === (process.env.KUE_PASS || "pass"));
});
app.use(compression());
app.use("/kue", auth.connect(basic));
app.use("/kue", kue.app);
app.use("/public", express.static(path.join(__dirname, '/public')));
app.use(session({
store: new RedisStore({
client: redis
}),
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(bodyParser.urlencoded({
extended: false
}));
app.use(function(req, res, next) {var auth = require("http-auth");
var Blog = require("blog");
var User = require("user");
var database = require("./database");
module.exports = auth.connect(
// Beware that req as fourth argument might not be reliable:
// https://github.com/http-auth/http-auth/pull/67#issuecomment-244306701
auth.basic({ realm: "Git" }, function(email, token, callback, req) {
User.getByEmail(email, function(err, user) {
// There is no user with this email address
if (err || !user) {
return callback(false);
}
database.checkToken(user.uid, token, function(err, valid) {
// The token is bad
if (err || !valid) return callback(false);
// User is attempting to push or pull another user's repo
Blog.get({ handle: req.params.gitHandle }, function(err, blog) {
// There is no blog with this handle}
// Logging
logger.express.access(app);
logger.express.error(app);
// Authentication
if (config.get('auth:enabled')) {
var basic = auth.basic({
realm: config.get('auth:realm')
}, function(username, password, callback) {
// Custom authentication method.
callback(username === config.get('auth:username') &&
password === config.get('auth:password'));
});
app.use(auth.connect(basic));
}
// Asset handling
var assets = {};
try {
assets = require('../assets.json');
} catch (e) {}
// Configure Mustache for templating
var mustacheLocals = {
branding: config.get('branding'),
version: version,
unassigned: fs.readdirSync(path.join(config.get('path:static'), 'images', 'unassigned')),
grade: 'medium',
asset: function() {it('should not authenticate using basic', done => {
app.use(auth.connect(basic))
app.get('/', (req, res) => {
res.send(req.user)
})
curl.setOpt('HTTPAUTH', CurlAuth.AnySafe)
curl.setOpt('USERNAME', username)
curl.setOpt('PASSWORD', password)
curl.on('end', status => {
status.should.be.equal(401)
done()
})
curl.on('error', done)app.boardData[position] = data.charCodeAt(position);
}
}
app.needWrite = true;
app.websocket.emit('force-sync');
res.sendStatus(200);
}
});
});
router.get('/backup/:filename', auth.connect(basic), (req, res) => {
res.sendFile(path.join(__dirname, '../backups', req.params.filename));
});
router.post('/announce', auth.connect(basic), (req, res) => {
app.websocket.emit('alert', req.body.message);
res.sendStatus(200);
});
router.post('/delete', auth.connect(basic), (req, res) => {
let obj = {
start: {
x: parseInt(req.body.startx),
y: parseInt(req.body.starty)
},
end: {
x: parseInt(req.body.endx),
y: parseInt(req.body.endy)
}
}app.set('config', config)
/**
* Basic HTTP-Auth restriction middleware
* for production access only.
*/
if (config.auth.basic.username) {
const basic = auth.basic({
authRealm: 'Authentication required'
}, (username, password, cb) => {
cb(username === config.auth.basic.username &&
password === config.auth.basic.password)
})
app.use(auth.connect(basic))
}
/**
* Load endpoint for CertBot certificate validation
*/
app.use(certbotEndpoint(config.certbot))
/**
* Set `public-assets` default path
*/
app.use(express.static(path.resolve('public')))
app.use(bodyParser.urlencoded({ extended: true }))
app.use(bodyParser.json())export function authConnector(
req: Express.Request,
res: Express.Response,
next: Express.NextFunction,
): void {
if (Config.get().username && Config.get().password) {
const basicAuth = Auth.basic(
{ realm: 'Vimtur Media Manager' },
(username: string, password: string, callback: (result: boolean) => void) => {
callback(username === Config.get().username && password === Config.get().password);
},
);
return Auth.connect(basicAuth)(req, res, next);
}
next();
}http-auth
Node.js package for HTTP basic and digest access authentication.
