Question

I have added the following

var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var fs = require("fs");

var index = require('./routes/index');
var users = require('./routes/users');

var app = express();
var basicAuth = require('express-basic-auth');
app.use(basicAuth({
    users: { 'worker': '????????' }
}));

to my app.js. Depending on place, where I put this code, the site either stops work at all (displaying white space) or works without any auth.

Which is the correct place to put this code?

When white space, in Chrome Developer tools can be seen

Failed to load resource: the server responded with a status of 401 (Unauthorized)

but no login popup appears.

I am running my site on localhost under WebStorm. May be no popups is default browser behavior on localhost? Firefox does the same

Answer 1

With basic-auth, I use following code (in app.js or if you want this only on certain routes, then before those routes only):

var auth = require('basic-auth');

app.use(function(req, res, next){
    var user = auth(req);

    if (user === undefined || user['name'] !== 'mike' || user['pass'] !== 'mike123') {
        res.statusCode = 401;
        res.setHeader('WWW-Authenticate', 'Basic realm="NodeJS"');
        res.end('Unauthorized');
    } else {
        next();
    }
});

Answer 2

通过使用 express-basic-auth 模块，中间件的默认配置不会向未经授权的请求响应添加WWW-Authenticate质询标头。您必须通过将challenge: true添加到options对象来启用它，如下所示：

app.use(basicAuth({
    users: { 'worker': '????????' },
    challenge: true
}));

这段代码将允许大多数浏览器显示一个弹出窗口，用于在未经授权的响应中输入用户名/密码。

Adding basic auth to node.js + express has no effect

2 个答案: