upgrade connect, change basic auth

newer connect 3.4.1 deprecated old basic auth, see http://www.senchalabs.org/connect/basicAuth.html update middleware to use newer basic-auth package
sintaxi · Mar 24, 2019 · 56080e1 · 56080e1
1 parent ebf786d
commit 56080e1
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 615 deletions.
diff --git a/lib/middleware.js b/lib/middleware.js
@@ -11,6 +11,7 @@ var utilsPause      = require('pause')
 var utilsEscape     = require('escape-html')
 var parse           = require('parseurl')
 var url             = require('url')
+var auth            = require('basic-auth')
 
 exports.notMultihostURL = function(req, rsp, next){
   var host      = req.headers.host
@@ -418,8 +419,7 @@ exports.setup = function(req, rsp, next){
  * Basic Auth
  */
 
-exports.basicAuth = function(req, rsp, next){
-
+exports.basicAuth = function(req, res, next){
   // default empty
   var creds = []
 
@@ -434,12 +434,21 @@ exports.basicAuth = function(req, rsp, next){
   // move on if no creds
   if(creds.length === 0) return next()
 
-  // use connect auth lib iterate over all creds provided
-  connect.basicAuth(function(user, pass){
+  function check (name, pass) {
     return creds.some(function(cred){
-      return cred === user + ":" + pass
+      return cred === name + ":" + pass
     })
-  })(req, rsp, next)
+  }
+  var credentials = auth(req)
+  if (!credentials || !check(credentials.name, credentials.pass)) {
+    res.statusCode = 401
+    res.setHeader('WWW-Authenticate', 'Basic realm="example"')
+    res.end('Access denied')
+  } else {
+    res.end('Access granted')
+  }
+
+
 }
 
 /**