Comments (7)
felixSchober
commented on June 18, 2024
10
I had the same problem and "solved" it for now by adding a middleware-wrapper around the basic auth call
const basicAuthMiddleware = basicAuth({ 'admin': 'supersecret' });
app.use((req, res, next) => shouldAuthenticate(req) ? basicAuthMiddleware(req, res, next) : next());
In the shouldAuthenticate method you can then decide (based on the path) if you want to want to use the auth middleware (return true) or proceed without authentication (return false)
from express-basic-auth.
LionC
commented on June 18, 2024
That is possible in the way express handles middleware - you can attach middleware only to the routers / routes that you want to protect, instead of attaching it to the whole app. If you need an example on how to do that, feel free to ask and I will write one :-)
from express-basic-auth.
alvarolorentedev
commented on June 18, 2024
thanks for the fast response 😃 .
that is true'ish I think that authorization at least for me is a top level concern and not route base, so declaring it on each router could be very complex for me because y go quite granular on it for my api designs.
From the request object of the middlewares it is possible to get the path through 2 fields (originalUrl and path).
app.use((req, res,next) =>{
console.log(originalUrl) ///rest/v1/prod/.../images
console.log(path) ///rest/v1/prod/.../images
next()
})So i think is quite feasable to add whitelisting at a configuration level. Do you think this is a functionality valid for your middleware? do you accept PRs?. If not alternativelly will it be possible to pass to the authorizer option the request to work around this?
from express-basic-auth.
LionC
commented on June 18, 2024
Passing req as a third argument to the authorizer sounds like a good idea anyways - and it enables you to build a whitelist very easily without making express-basic-auth more complex (I try to keep it as simple as possible).
I will do that!
from express-basic-auth.
alvarolorentedev
commented on June 18, 2024
thanks :) , that would be awesome
from express-basic-auth.
LionC
commented on June 18, 2024
Hm. Passing req would be a breaking change (as it would break the signature of the async authorizer signature).
So I will move this to v2, which will also be after the rewrite in typescript.
from express-basic-auth.
LionC
commented on June 18, 2024
I will close the issue for now, as the passing req idea is accepted and moved to a release. Thanks for the input!
from express-basic-auth.
Related Issues (20)
- TypeError: "string" must be a string, Buffer, or ArrayBuffer HOT 4
- Require hashes instead of plain text passwords HOT 2
- How to pass additional data from myAsyncAuthorizer() to req.auth? HOT 3
- Allow previos authentication middlewares. HOT 1
- Using express-basic-auth with router ? HOT 3
- Can express-basic-auth be used with jwt? HOT 1
- unAuthorizedResponse does not work returned blank response
- Challenge doesn't show up on lambda / serverless API HOT 2
- Blank page in safari when pw contains ! HOT 1
- LICENSE HOT 2
- Custom authorizer is not called without Authorization header HOT 2
- TypeError [ERR_INVALID_ARG_TYPE]: The "string" argument must be of type string or an instance of Buffer or ArrayBuffer. Received undefined HOT 3
- 401 responses MUST have a `WWW-Authenticate` header.
- Add the UTF-8 `charset` `auth-param`. HOT 2
- Add login request on authorizer HOT 1
- feature request - set auth username on request object. HOT 1
- Authorization without data, just press "cancel" HOT 1
- [BUG] error TS2688: Cannot find type definition file for 'express'. HOT 2
- Backoff retry algorithm HOT 1
- [Question] safeCompare function HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-basic-auth.