2

I'm trying to setup a simple auth using http-auth module.

I've created this setup but it's not working properly. The dialog prompting the user/pass show up but if I close the dialog the app continues to work, that is, the auth don't seem to be working.

Seem that's not working because I've tried to setup this http-auth to work in my static folder www.

My app.js is based on this one.

Here is my setup:

'use strict';

var express = require('express');
var app = express();
var auth = require('http-auth');

app.use(express.static('www'));

var basic = auth.basic({
  realm: 'SUPER SECRET STUFF'
}, function(username, password, callback) {
  callback(username == 'username' && password == 'password');
});

app.use("/", auth.connect(basic));

app.set('port', (process.env.PORT || 4000));
app.listen(app.get('port'), function() {
  console.log('Node app is running on port', app.get('port'));
});
gevorg
  • 4,835
  • 4
  • 35
  • 52
Osny Netto
  • 562
  • 3
  • 9
  • 28

1 Answers1

2

Your example works perfectly if you browse http://localhost:4000/, after hitting cancel you see 401 message instead of content that you could add to / route (now you don't have route handler for it).

To make it work for static files you just need to enable authentication for static files also, something like this will do it:

'use strict';

var express = require('express');
var app = express();
var auth = require('http-auth');

var basic = auth.basic({
    realm: 'SUPER SECRET STUFF'
}, function(username, password, callback) {
    callback(username == 'username' && password == 'password');
});

app.use(auth.connect(basic));
app.use(express.static('www'));

app.set('port', (process.env.PORT || 4000));
app.listen(app.get('port'), function() {
    console.log('Node app is running on port', app.get('port'));
});

As you may notice authentication middleware auth.connect should be declared before static file middleware express.static and without route prefix as your static file middleware does not have route prefix.

gevorg
  • 4,835
  • 4
  • 35
  • 52
  • Well, here when I click cancel the page load perfectly. And how I add a default route working in your example? I mean a `get('/', ...)`. I tried to add the get after `app.use` but now I type the user/pass and keep asking me the enter the user/pass. Because I'd like to access `http://localhost:4000` and see the files from `www` folder. – Osny Netto Sep 25 '16 at 21:34
  • @OsnyNetto Not sure if I understand what do you want...after clicking cancel you see 401 page (this means authentication was not successful) instead of success page that should come with 200 status see https://en.wikipedia.org/wiki/List_of_HTTP_status_codes for more info – gevorg Sep 25 '16 at 21:44
  • @OsnyNetto do you want `/` route to be password protected or not? Do you need static files to be password protected or not? – gevorg Sep 25 '16 at 21:46
  • yes, I want to protect all my static files, Im setting up this auth to protect everything in my app for public view. So accessing `localhost:4000` I want to prompt the user/pass, if wrong show `401 Unauthorized`, otherwise show the static files that live in `www` folder. – Osny Netto Sep 25 '16 at 22:10
  • And how my example does not fit to it? – gevorg Sep 25 '16 at 22:12
  • Never see the app, I type the correct user/pass, click Login, and then it prompt again. I'm stuck in this loop. I'm trying to show you and online example. – Osny Netto Sep 25 '16 at 22:18
  • I tried it with Google Chrome and after typing `username` in username field and `password` in password field I get the files. Do you do the same? Which version of http-auth do you use? Which version of node.js? Do you see any errors in console? – gevorg Sep 25 '16 at 22:21
  • I took a look and seems it's working, the fact I keep getting the prompt showing up is because my app (which uses Framework7) has a router in `www` folder that loads another page (ex: splash.html), and when it load I get the prompt again. I thought this auth would work for everything, once I type the user/pass everything would work like a charm. – Osny Netto Sep 25 '16 at 22:39
  • Glad it works! It has few integrations listed here http://http-auth.info – gevorg Sep 25 '16 at 22:57