npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

auth-header

v1.0.0

Published

For HTTP `Authorization` and `WWW-Authenticate` headers.

Downloads

665,674

Readme

auth-header

Deal with obscene HTTP Authorization and WWW-Authenticate headers.

build status coverage license version downloads

| Type | Parse | Format | | ------------- | ------- | ------- | | Basic | ✓ | ✓ | | Digest | ✓ | ✓ | | AWS | ✓ | ✓ | | Bearer/OAuth | ✓ | ✓ | | RFC7235 | ✓ | ✓ |

Note: If you're looking for an all-on-one solution to do authentication against these headers check out express-authentication-header which uses this library behind the scenes.

The HTTP Authorization and WWW-Authenticate family of headers are both pretty nightmareish; there has been, up until recently, no wide consensus about how they should be formatted and so parsing them is lots of fun if fun is pulling your hair out.

This library provides an implementation of RFC7235 which allows for the parsing of many known existing authorization headers (like Basic and Digest) as well as any future ones which follow the standard. Noteably, this library is less strict than it could be to parse some of these legacy formats.

In addition to the format of the header itself being in flux, WWW-Authenticate has its own nasty surprise: sometimes multiple authentication prompts can appear in one header, sometimes they can appear in multiple headers; we ONLY support the latter case since trying to disambiguate between a second prompt and parameters for the first is just about impossible.

import * as authorization from 'auth-header';
import express from 'express';

const app = express();

app.get('/', function(req, res) {

	// Something messed up.
	function fail() {
		res.set('WWW-Authenticate', authorization.format('Basic'));
		res.status(401).send();
	}

	// Get authorization header.
	var auth = authorization.parse(req.get('authorization'));

	// No basic authentication provided.
	if (auth.scheme !== 'Basic') {
		return fail();
	}

	// Get the basic auth component.
	var [un, pw] = Buffer(auth.token, 'base64').toString().split(':', 2);

	// Verify authentication.
	if (pw !== 'admin') {
		return fail();
	}

	// We've reached the promise land.
	res.send('Hello world.');
});