4 * Copyright(c) 2010 Sencha Inc.
5 * Copyright(c) 2011 TJ Holowaychuk
10 * Module dependencies.
13 var utils = require('../utils')
14 , unauthorized = utils.unauthorized;
19 * Enfore basic authentication by providing a `callback(user, pass)`,
20 * which must return `true` in order to gain access. Alternatively an async
21 * method is provided as well, invoking `callback(user, pass, callback)`. Populates
22 * `req.user`. The final alternative is simply passing username / password
25 * Simple username and password
27 * connect(connect.basicAuth('username', 'password'));
29 * Callback verification
32 * .use(connect.basicAuth(function(user, pass){
33 * return 'tj' == user & 'wahoo' == pass;
36 * Async callback verification, accepting `fn(err, user)`.
39 * .use(connect.basicAuth(function(user, pass, fn){
40 * User.authenticate({ user: user, pass: pass }, fn);
43 * @param {Function|String} callback or username
44 * @param {String} realm
48 module.exports = function basicAuth(callback, realm) {
49 var username, password;
51 // user / pass strings
52 if ('string' == typeof callback) {
55 if ('string' != typeof password) throw new Error('password argument required');
57 callback = function(user, pass){
58 return user == username && pass == password;
62 realm = realm || 'Authorization Required';
64 return function(req, res, next) {
65 var authorization = req.headers.authorization;
67 if (req.user) return next();
68 if (!authorization) return unauthorized(res, realm);
70 var parts = authorization.split(' ')
72 if (parts.length !== 2) return next(utils.error(400));
75 , credentials = new Buffer(parts[1], 'base64').toString().split(':')
76 , user = credentials[0]
77 , pass = credentials[1];
79 if ('Basic' != scheme) return next(utils.error(400));
82 if (callback.length >= 3) {
83 var pause = utils.pause(req);
84 callback(user, pass, function(err, user){
85 if (err || !user) return unauthorized(res, realm);
86 req.user = req.remoteUser = user;
92 if (callback(user, pass)) {
93 req.user = req.remoteUser = user;
96 unauthorized(res, realm);