tr00gle/basic_auth_nodejs_test.js

## basic_auth_nodejs_test.js
var http = require('http');

var server = http.createServer(function(req, res) {
        // console.log(req);   // debug dump the request

        // If they pass in a basic auth credential it'll be in a header called "Authorization" (note NodeJS lowercases the names of headers in its request object)

        var auth = req.headers['authorization'];  // auth is in base64(username:password)  so we need to decode the base64
        console.log("Authorization Header is: ", auth);

        if(!auth) {     // No Authorization header was passed in so it's the first time the browser hit us

                // Sending a 401 will require authentication, we need to send the 'WWW-Authenticate' to tell them the sort of authentication to use
                // Basic auth is quite literally the easiest and least secure, it simply gives back  base64( username + ":" + password ) from the browser
                res.statusCode = 401;
                res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');

                res.end('<html><body>Need some creds son</body></html>');
        }

        else if(auth) {    // The Authorization was passed in so now we validate it

                var tmp = auth.split(' ');   // Split on a space, the original auth looks like  "Basic Y2hhcmxlczoxMjM0NQ==" and we need the 2nd part

                var buf = new Buffer(tmp[1], 'base64'); // create a buffer and tell it the data coming in is base64
                var plain_auth = buf.toString();        // read it back out as a string

                console.log("Decoded Authorization ", plain_auth);

                // At this point plain_auth = "username:password"

                var creds = plain_auth.split(':');      // split on a ':'
                var username = creds[0];
                var password = creds[1];

                if((username == 'hack') && (password == 'thegibson')) {   // Is the username/password correct?

                        res.statusCode = 200;  // OK
                        res.end('<html><body>Congratulations you just hax0rd teh Gibson!</body></html>');
                }
                else {
                        res.statusCode = 401; // Force them to retry authentication
                        res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');

                        // res.statusCode = 403;   // or alternatively just reject them altogether with a 403 Forbidden

                        res.end('<html><body>You shall not pass</body></html>');
                }
        }
});


server.listen(5000, function() { console.log("Server Listening on http://localhost:5000/"); });
	var http = require('http');

	var server = http.createServer(function(req, res) {
	// console.log(req); // debug dump the request

	// If they pass in a basic auth credential it'll be in a header called "Authorization" (note NodeJS lowercases the names of headers in its request object)

	var auth = req.headers['authorization']; // auth is in base64(username:password) so we need to decode the base64
	console.log("Authorization Header is: ", auth);

	if(!auth) { // No Authorization header was passed in so it's the first time the browser hit us

	// Sending a 401 will require authentication, we need to send the 'WWW-Authenticate' to tell them the sort of authentication to use
	// Basic auth is quite literally the easiest and least secure, it simply gives back base64( username + ":" + password ) from the browser
	res.statusCode = 401;
	res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');

	res.end('<html><body>Need some creds son</body></html>');
	}

	else if(auth) { // The Authorization was passed in so now we validate it

	var tmp = auth.split(' '); // Split on a space, the original auth looks like "Basic Y2hhcmxlczoxMjM0NQ==" and we need the 2nd part

	var buf = new Buffer(tmp[1], 'base64'); // create a buffer and tell it the data coming in is base64
	var plain_auth = buf.toString(); // read it back out as a string

	console.log("Decoded Authorization ", plain_auth);

	// At this point plain_auth = "username:password"

	var creds = plain_auth.split(':'); // split on a ':'
	var username = creds[0];
	var password = creds[1];

	if((username == 'hack') && (password == 'thegibson')) { // Is the username/password correct?

	res.statusCode = 200; // OK
	res.end('<html><body>Congratulations you just hax0rd teh Gibson!</body></html>');
	}
	else {
	res.statusCode = 401; // Force them to retry authentication
	res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');

	// res.statusCode = 403; // or alternatively just reject them altogether with a 403 Forbidden

	res.end('<html><body>You shall not pass</body></html>');
	}
	}
	});


	server.listen(5000, function() { console.log("Server Listening on http://localhost:5000/"); });