I'm trying to write a REST-API server with NodeJS like the one used by Joyent, and everything is ok except I can't verify a normal user's authentication. If I jump to a terminal and do curl -u username:password localhost:8000 -X GET
, I can't get the values username:password on the NodeJS http server. If my NodeJS http server is something like
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(1337, "127.0.0.1");
, shouldn't I get the values username:password somewhere in the req object that comes from the callback ? How can I get those values without having to use Connect's basic http auth ?
It can be implemented easily in pure node.js with no dependency, this is my version which is based on this answer for express.js but simplified so you can see the basic idea easily:
You can use node-http-digest for basic auth or everyauth, if adding authorization from external services are in you roadmap.
If you're using express, you can use the connect plugin (included with express):
The restify framework (http://mcavage.github.com/node-restify/) includes an authorization header parser for "basic" and "signature" authentication schemes.
I use this code for my own starter sites with auth.
It does several things:
Before using the code, npm install express
The username:password is contained in the Authorization header as a base64-encoded string.
Try this:
Detail on http authorization can be found at http://www.ietf.org/rfc/rfc2617.txt