npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@alexandrainst/node-red-http-basic-auth

v3.2.0

Published

Node-RED node for HTTP Basic Authorization

Downloads

132

Readme

@alexandrainst/node-red-http-basic-auth

Node-RED node for HTTP Basic Auth.

This Node-RED module performs HTTP Basic authentication. It is to be used in conjunction with an HTTP Input node.

In other words, it allows putting a password on a Node-RED HTTP listener node.

Note that this standard protocol sends passwords in plain-text by design, so HTTPS is required to ensure the security of the transmission.

Supports bcrypt to store passwords on disc (such as in the Apache htpasswd format). Note that this node will cache the bcrypt checks in memory (until the flow is redeployed / restarted) to improve performance (bcrypt is slow by design, to protect passwords on disc).

Example

Example of flow, with username test and password test: flow.json

flow.png

Can be tested with e.g.:

curl 'https://test:[email protected]/basic-auth-demo'

Config

There are three types of configuration:

  1. Simple: each node has its own credentials. (one credential)
  2. Multiple credentials: credentials shared with multiple nodes. (multiple credentials)
  3. File with multiple credentials: the user credentials are stored in a file. (multiple credentials)

Definitions

  • Realm

    • Authorization realm for which the credentials will be valid
    • Example: node-red
  • Username

    • The username
    • Example: alice
  • Password

    • The password may be in plain-text or hashed (only bcrypt is supported)
    • Example in plain-text: test
    • Example in bcrypt: $2y$10$5TSZDldoJ7MxDZdtK/SG2O3cwORqLDhHabYlKX9OsM.W/Z/oLwKW6
  • File

    • Location of the file containing the credentials relative to the presently working directory
    • Example: /data/.htpasswd
    • The format for each line is username:password

Example of file: (see also Apache htpasswd)

user1:test
user2:$2y$10$5TSZDldoJ7MxDZdtK/SG2O3cwORqLDhHabYlKX9OsM.W/Z/oLwKW6

Outputs

The first node output is used when the authentication succeeded, and it contains the username:

"msg": {
	"realm": "node-red",
	"username": "alice",
	"req": "...",
	"res": "...",
	"...": "..."
}

The second node output is used when the authentication failed, and it contains error information:

"msg": {
	"realm": "node-red",
	"username": "",
	"authError": "Unknown user 'test'",
	"req": "...",
	"res": "...",
	"...": "..."
}

Both outputs contain the req object, which can be inspected for detailed information about HTTP request headers, IP address, URL, etc.

Hints

Here are examples to create hashed passwords:

In Linux Debian / Ubuntu command line

sudo apt install apache2-utils
htpasswd -nbB -C 10 '' 'my-password' | cut -d: -f2

With Node.js

npm install bcryptjs
node -e "console.log(require('bcryptjs').hashSync('my-password', 10));"

Credits

Forked from endemecio02/node-red-contrib-httpauth (abandoned) by Alexandre Alapetite for the Alexandra Institute, October 2023.