0

I find myself in a bit of a dilemma. I am preparing to push code out to a test server (out in the wilds of the Internet) which handles user registration and authentication (using Express + Passport) for acceptance testing.

However, I would like to be able to restrict access to the test server to those users who will be performing testing. I know node does not support an .htpasswd file mechanism but looking for another way to restrict users from accessing the server even before the application authentication process begins.

All thoughts welcome!

Not a machine
  • 508
  • 1
  • 5
  • 21
  • Are you using a server virtualization service? This could be as easy as restricting a certain port to a specific IP if so. Also, google "express ip whitelist" –  Jan 06 '16 at 20:25
  • I am using a virtualization service but a very simple one which does not provide the ability to run a RP. I may be able to use the firewall to restrict by IP but since most of us are at the whim of DHCP at least a good portion of the IP addresss is subject to change. I love Node but I sure miss some of the simple aspects of the Apache HTTP server. – Not a machine Jan 06 '16 at 22:40
  • In a nutshell, I would like to block access to the server (or at least the exposed port) while allowing the Passport + JS code to handle authenticating with the application. – Not a machine Jan 06 '16 at 22:45

1 Answers1

0

You can restrict via IP address in your application, or the server's firewall. If you have a reverse proxy like nginx in front of node, then you can set it up to require basic authentication via an htpasswd-like file.

weiyin
  • 6,819
  • 4
  • 47
  • 58
  • Thanks weiyin. We are a virtual team so we all have varied and changing IP addresses. Possible but not simple. We are currently unable to run an RP right now due to the hosting service. I'd love to be able to run nginx in front of Node and may upgrade our server to be able to do that eventually. It would solve many problems. – Not a machine Jan 06 '16 at 22:44