npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@eelkevdbos/elysia-basic-auth

v2.0.0

Published

Basic auth for Elysia.js

Downloads

1,357

Readme

Elysia Basic Auth example workflow

Basic auth for Elysia.js.

  • Uses the request event to handle authentication, decoupling authentication from route existence, limiting url fuzzing exposure.
  • Compares credentials timing-attack safely via crypto.timingSafeEqual.
  • Exposes the authenticated realm via store.basicAuthRealm.
  • Optionally, bypasses CORS preflight requests, blocks them by default (in scope).
  • Loads credentials from:
    • A list of {username, password} objects.
    • A file containing username:password pairs, separated by newlines.
    • An environment variable containing username:password pairs, separated by semicolons.

Future releases may include:

  • Support for hashed passwords.

Install

bun add @eelkevdbos/elysia-basic-auth

Usage

Check out full samples at examples or check out the tests tests.

import { Elysia } from 'elysia'
import { basicAuth } from '@eelkevdbos/elysia-basic-auth'

process.env["BASIC_AUTH_CREDENTIALS"] = "admin:admin;user:user"

new Elysia()
  .use(basicAuth())
  // all routes are protected by default
  .get("/", () => "private")
  // access to realm within a handler
  .get('/private/realm-stored', ({ store }) => store.basicAuthRealm)
  .listen(3000)

Configuration

credentials

{ file: string } | { env: string } | { username: string, password: string }[]

A list of credentials valid for authentication, a file with credential pairs separated by newlines, or an environment variable with credential pairs separated by semicolons.

Default: { env: "BASIC_AUTH_CREDENTIALS" }

header

string

Default: Authorization

Header used for basic authentication.

realm

string

Default: Secure Area

Realm used for basic authentication

unauthorizedMessage

string

Default: Unauthorized

Response body for unauthorized requests

unauthorizedStatus

number

Default: 401

Response status for unauthorized requests

scope

string | string[] | (ctx: PreContext) => boolean

Default: /

A string or list of strings that will be compared with the current request path via startsWith.

Alternatively, a function can be provided that returns true if the context (and thereby request) is in the scope of the current basic auth protection space.

skipCorsPreflight

boolean

Default: false

A boolean that determines whether CORS preflight requests should be skipped.

enabled

boolean

Default: true

A boolean that determines whether basic auth should be enabled. If set to false, will disable the onRequest handler.