Comments (7)
I had the same problem and "solved" it for now by adding a middleware-wrapper around the basic auth call
const basicAuthMiddleware = basicAuth({ 'admin': 'supersecret' });
app.use((req, res, next) => shouldAuthenticate(req) ? basicAuthMiddleware(req, res, next) : next());
In the shouldAuthenticate
method you can then decide (based on the path) if you want to want to use the auth middleware (return true
) or proceed without authentication (return false
)
from express-basic-auth.
That is possible in the way express handles middleware - you can attach middleware only to the routers / routes that you want to protect, instead of attaching it to the whole app. If you need an example on how to do that, feel free to ask and I will write one :-)
from express-basic-auth.
thanks for the fast response 😃 .
that is true'ish I think that authorization at least for me is a top level concern and not route base, so declaring it on each router could be very complex for me because y go quite granular on it for my api designs.
From the request
object of the middlewares it is possible to get the path through 2 fields (originalUrl
and path
).
app.use((req, res,next) =>{
console.log(originalUrl) ///rest/v1/prod/.../images
console.log(path) ///rest/v1/prod/.../images
next()
})
So i think is quite feasable to add whitelisting at a configuration level. Do you think this is a functionality valid for your middleware? do you accept PRs?. If not alternativelly will it be possible to pass to the authorizer
option the request to work around this?
from express-basic-auth.
Passing req
as a third argument to the authorizer sounds like a good idea anyways - and it enables you to build a whitelist very easily without making express-basic-auth
more complex (I try to keep it as simple as possible).
I will do that!
from express-basic-auth.
thanks :) , that would be awesome
from express-basic-auth.
Hm. Passing req
would be a breaking change (as it would break the signature of the async authorizer signature).
So I will move this to v2, which will also be after the rewrite in typescript.
from express-basic-auth.
I will close the issue for now, as the passing req
idea is accepted and moved to a release. Thanks for the input!
from express-basic-auth.
Related Issues (20)
- TypeError: "string" must be a string, Buffer, or ArrayBuffer HOT 4
- Require hashes instead of plain text passwords HOT 2
- How to pass additional data from myAsyncAuthorizer() to req.auth? HOT 3
- Allow previos authentication middlewares. HOT 1
- Using express-basic-auth with router ? HOT 3
- Can express-basic-auth be used with jwt? HOT 1
- unAuthorizedResponse does not work returned blank response
- Challenge doesn't show up on lambda / serverless API HOT 2
- Blank page in safari when pw contains ! HOT 1
- LICENSE HOT 2
- Custom authorizer is not called without Authorization header HOT 2
- TypeError [ERR_INVALID_ARG_TYPE]: The "string" argument must be of type string or an instance of Buffer or ArrayBuffer. Received undefined HOT 3
- 401 responses MUST have a `WWW-Authenticate` header.
- Add the UTF-8 `charset` `auth-param`. HOT 2
- Add login request on authorizer HOT 1
- feature request - set auth username on request object. HOT 1
- Authorization without data, just press "cancel" HOT 1
- [BUG] error TS2688: Cannot find type definition file for 'express'. HOT 2
- Backoff retry algorithm HOT 1
- [Question] safeCompare function HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-basic-auth.