| |
| /*! |
| * Connect - basicAuth |
| * Copyright(c) 2010 Sencha Inc. |
| * Copyright(c) 2011 TJ Holowaychuk |
| * MIT Licensed |
| */ |
| |
| /** |
| * Module dependencies. |
| */ |
| |
| var utils = require('../utils') |
| , unauthorized = utils.unauthorized |
| , badRequest = utils.badRequest; |
| |
| /** |
| * Enfore basic authentication by providing a `callback(user, pass)`, |
| * which must return `true` in order to gain access. Alternatively an async |
| * method is provided as well, invoking `callback(user, pass, callback)`. Populates |
| * `req.remoteUser`. The final alternative is simply passing username / password |
| * strings. |
| * |
| * Examples: |
| * |
| * connect(connect.basicAuth('username', 'password')); |
| * |
| * connect( |
| * connect.basicAuth(function(user, pass){ |
| * return 'tj' == user & 'wahoo' == pass; |
| * }) |
| * ); |
| * |
| * connect( |
| * connect.basicAuth(function(user, pass, fn){ |
| * User.authenticate({ user: user, pass: pass }, fn); |
| * }) |
| * ); |
| * |
| * @param {Function|String} callback or username |
| * @param {String} realm |
| * @api public |
| */ |
| |
| module.exports = function basicAuth(callback, realm) { |
| var username, password; |
| |
| // user / pass strings |
| if ('string' == typeof callback) { |
| username = callback; |
| password = realm; |
| if ('string' != typeof password) throw new Error('password argument required'); |
| realm = arguments[2]; |
| callback = function(user, pass){ |
| return user == username && pass == password; |
| } |
| } |
| |
| realm = realm || 'Authorization Required'; |
| |
| return function(req, res, next) { |
| var authorization = req.headers.authorization; |
| |
| if (req.remoteUser) return next(); |
| if (!authorization) return unauthorized(res, realm); |
| |
| var parts = authorization.split(' ') |
| , scheme = parts[0] |
| , credentials = new Buffer(parts[1], 'base64').toString().split(':'); |
| |
| if ('Basic' != scheme) return badRequest(res); |
| |
| // async |
| if (callback.length >= 3) { |
| var pause = utils.pause(req); |
| callback(credentials[0], credentials[1], function(err, user){ |
| if (err || !user) return unauthorized(res, realm); |
| req.remoteUser = user; |
| next(); |
| pause.resume(); |
| }); |
| // sync |
| } else { |
| if (callback(credentials[0], credentials[1])) { |
| req.remoteUser = credentials[0]; |
| next(); |
| } else { |
| unauthorized(res, realm); |
| } |
| } |
| } |
| }; |
| |