npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

http-authentication

v1.1.5

Published

Digest authentication for HTTP communication.

Downloads

16

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tdecaluwetdecaluwe

Keywords

httpauthenticationbasicdigest

Readme

http-authentication

HTTP Basic and Digest authentication. Setting up Digest authentication with protection against replay attacks can be as easy as:

var express = require('express');
var authentication = require('http-authentication');

var app = express();

var users = {
  'John': { password: 'password' }
};

app.use(authentication(function (user, done) {
  done(null, users[user] && users[user].password);
}).connect());

app.get('/', function (req, res) {
  res.end('Successfully authenticated!');
});

app.listen(3000);

Configuration

The module provides an authenticator object creation function which can be called as follows:

var auth = require('http-authentication');

var authenticator = auth([options,] callback);

The options argument is optional and can be used to configure the authenticator object. It should be an object containing any of the parameters below.

Option | Type | Possible values --------: | :------: | :-------------- method | String | Either 'basic' or 'digest', default value is 'digest'. timeout | Number | A timeout can be specified for digest authentication and should be a positive integer value. It specifies the time in seconds after which a nonce provided by the server can no longer be used for authentication. If this value is set to zero, the nonces will never expire.

These authenticator objects cannot be used directly but can be used to create listeners or middlewares through methods defined on the authenticator object:

Method | Return value type | Possible values ---------: | :-------------------------: | :-------------- listener | Function (req, res) | A general purpose listener accepting a request/response pair. connect | Function (req, res, next) | A connect middleware. passport | Authenticator | An object that is compatible with passport.Strategy.

For usage examples see the section on middlewares.

Two alternative constructors are provided for the basic and digest method respectively. They can be called as follows:

var auth = require('http-authentication');

var authenticator = auth.basic(callback);
var authenticator = auth.digest([options,] callback);

Replay protection

Protection against replay attacks is provided by the ReplayDetector class and is included with each middleware. This class also handles expiration of server provided nonces. It only keeps track of non-expired nonces, expired nonces are automatically discarded.

Middleware

Middleware can be created for various frameworks. They can optionally be configured using any of the parameters below:

Option | Type | Possible values -------: | :------: | :-------------- realm | String | The name of the realm to be used for authentication.

http.Server

var auth = require('http-authentication');

var authenticator = auth(options, callback);

// Authenticate another listener.
var privateListener = authenticator.listener([options,] listener);

http.createServer(privateListener);

Express

var auth = require('http-authentication');

var authenticator = auth(options, callback);

// Obtain a connect middleware.
var connect = authenticator.connect([options]);

app.use(connect);

Passport

var auth = require('http-authentication');

var authenticator = auth(options, callback);

// Obtain a passport strategy. Options can be passed to
// passport itself.
var strategy = authenticator.strategy();

passport.use(strategy);