/auth-middleware

HTTP authentication middleware

MIT LicenseMIT

auth-middleware

deno land deno doc GitHub release (latest by date) codecov GitHub

test NPM

HTTP authentication middleware.

Compliant with RFC 9110, 11 HTTP Authentication.

Middleware

For a definition of Universal HTTP middleware, see the http-middleware project.

Usage

You specify the Authenticate scheme and provide the authentication function for token.

import {
  auth,
  Authentication,
  type Handler,
} from "https://deno.land/x/auth_middleware@$VERSION/mod.ts";

declare const authentication: Authentication;
declare const request: Request;
declare const handler: Handler;

const middleware = auth(authentication);
const response = await middleware(request, handler);

Basic authentication

Provides ready-to-use Authorization for Basic Authentication.

Compliant with RFC 7617, The 'Basic' HTTP Authentication Scheme.

import {
  auth,
  Basic,
  type Handler,
  timingSafeEqual,
  type User,
} from "https://deno.land/x/auth_middleware@$VERSION/mod.ts";
import { assert } from "https://deno.land/std/testing/asserts.ts";
import { assertSpyCalls, spy } from "https://deno.land/std/testing/mock.ts";

declare const admin: User;
declare const request: Request;
declare const handler: Handler;

const middleware = auth(
  new Basic(({ username, password }) => {
    const userResult = timingSafeEqual(username, admin.username);
    const passResult = timingSafeEqual(password, admin.password);

    return userResult && passResult;
  }),
);
const spiedHandler = spy(handler);
const response = await middleware(request, spiedHandler);

assertSpyCalls(spiedHandler, 0);
assert(response.headers.has("www-authenticate"));

yield:

WWW-Authenticate: Basic realm="Secure area"

License

Copyright © 2023-present httpland.

Released under the MIT license