-
Notifications
You must be signed in to change notification settings - Fork 0
Add basic authentication endpoint #92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| import { Router } from 'express'; | ||
| import { HttpStatusCodes } from '../utils/http.js'; | ||
|
|
||
| const basicAuthRouter = Router(); | ||
|
|
||
| basicAuthRouter.all('/', (req, res) => { | ||
| const { user, password } = req.query; | ||
|
|
||
| // Validate that both user and password are provided and non-empty | ||
| if ( | ||
| !user || | ||
| !password || | ||
| typeof user !== 'string' || | ||
| typeof password !== 'string' || | ||
| user.trim() === '' || | ||
| password.trim() === '' | ||
| ) { | ||
| res.status(HttpStatusCodes.BAD_REQUEST).json({ | ||
| error: { | ||
| message: 'Missing user or password query parameter', | ||
| }, | ||
| }); | ||
| return; | ||
| } | ||
|
|
||
| const authHeader = req.headers.authorization; | ||
| if (!authHeader || !authHeader.startsWith('Basic ')) { | ||
| res.setHeader('WWW-Authenticate', 'Basic realm="Access to /basic-auth"'); | ||
| res.status(HttpStatusCodes.UNAUTHORIZED).json({ | ||
| authenticated: false, | ||
| message: 'Authentication required', | ||
| }); | ||
| return; | ||
| } | ||
|
Comment on lines
+26
to
+34
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This block of code is repeated again in lines 48-50. To follow the DRY principle (Don't Repeat Yourself), you could extract this into a separate function. + const sendUnauthorizedResponse = (res) => {
+ res.setHeader('WWW-Authenticate', 'Basic realm="Access to /basic-auth"');
+ res.status(HttpStatusCodes.UNAUTHORIZED).json({
+ authenticated: false,
+ message: 'Authentication required',
+ });
+ }
- if (!authHeader || !authHeader.startsWith('Basic ')) {
- res.setHeader('WWW-Authenticate', 'Basic realm="Access to /basic-auth"');
- res.status(HttpStatusCodes.UNAUTHORIZED).json({
- authenticated: false,
- message: 'Authentication required',
- });
- return;
- }
+ if (!authHeader || !authHeader.startsWith('Basic ')) {
+ sendUnauthorizedResponse(res);
+ return;
+ } |
||
|
|
||
| const base64Credentials = authHeader.split(' ')[1]; | ||
| const credentials = Buffer.from(base64Credentials as string, 'base64').toString('utf-8'); | ||
| const [providedUser, providedPassword] = credentials.split(':'); | ||
|
|
||
| if (providedUser === user && providedPassword === password) { | ||
| res.status(HttpStatusCodes.OK).json({ | ||
| authenticated: true, | ||
| message: 'Authentication successful', | ||
| user, | ||
| password, | ||
|
Comment on lines
+44
to
+45
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
| }); | ||
| } else { | ||
| res.setHeader('WWW-Authenticate', 'Basic realm="Access to /basic-auth"'); | ||
| res.status(HttpStatusCodes.UNAUTHORIZED).json({ | ||
| authenticated: false, | ||
|
Comment on lines
+48
to
+50
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use the - } else {
- res.setHeader('WWW-Authenticate', 'Basic realm="Access to /basic-auth"');
- res.status(HttpStatusCodes.UNAUTHORIZED).json({
- authenticated: false,
- message: 'Authentication failed',
- user: providedUser,
- password: providedPassword,
- });
- }
+ } else {
+ sendUnauthorizedResponse(res);
+ } |
||
| message: 'Authentication failed', | ||
| user: providedUser, | ||
| password: providedPassword, | ||
|
Comment on lines
+52
to
+53
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
| }); | ||
| } | ||
| }); | ||
|
|
||
| export { basicAuthRouter }; | ||
|
Comment on lines
+1
to
+58
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The user and password are being extracted directly from the query parameters. This is not secure as it exposes sensitive information in the URL. It's recommended to use HTTP Basic Authentication which sends credentials in the
Authorizationheader encoded with Base64. The existing code already handles this case starting from line 26, so the extraction of credentials from query parameters can be removed.