Basic auth header of a subdomain on NodeJS with Express
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** Password protect a subdomain on ExpressJS | |
* Uses HTTP Basic authorization... https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization | |
* with the WWW-Authenticate header... https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate | |
* | |
* By then checking if the user is visting from the given subdomain, you know they are authorized. | |
* I use this concept to password protect beta site features that aren't yet released publicly, on which | |
* certain pages are only accessible via the password protected 'beta.domain.com' url | |
*/ | |
const config = { | |
subDomain: 'beta', | |
desc: 'Access to Beta site', | |
username: 'admin', | |
password: 'password' | |
} | |
router.use(( req,res,next )=>{ | |
if (req.subdomains[0] == SubDomain){ | |
var auth = req.headers['authorization']; // get the auth header, '<type> <base64 credentials>' | |
function noAuth(){ | |
res.statusCode = 401; // 401:unauthorized | |
res.setHeader('WWW-Authenticate', 'Basic realm="' + config.desc + '"'); // Basic authentication | |
res.end('<html><body>' + config.desc + ' requires authentication!</body></html>'); | |
} | |
if (!auth){ // no auth header has been set | |
noAuth(); | |
}else{ // auth header has been set | |
var tmp = auth.split(' '); // split auth type from credentials | |
var buf = Buffer.from(tmp[1], 'base64'); // create buffer from base64 creds | |
var creds = buf.toString().split(':'); // creds[0] = username, creds[1] = password | |
if (creds[0] === config.username && creds[1] === config.password){ // VALID | |
next(); // move onto routing the users request | |
}else{ // INVALID | |
noAuth(); | |
} | |
} | |
}else{ // user not visiting from specified subdomain, so just route their request normally | |
next(); | |
} | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment