如何与护照一起使用快速基本身份验证

Question

I'm using Passport with a NodeJS/Express app for user authentication, and it's working great. However, I want to lock down certain deployments with basic authentication (similar to .htaccess basic HTTP auth on Apache), such as a staging server.

To be more clear, I have a dev environment which runs everything locally. I have a test environment which kicks-off with every build. I have a staging environment to use with black box testing, and finally a production environment. I would like to apply the basic auth to the staging environment so that a user/pass combo is required to even reach it. All other functionality should be available once the basic auth is passed.

I've tried Express' built-in basicAuth, which works well, except that it populates req.user, which is what Passport uses. Thus, my sessions get polluted so that logging in and out with Passport no longer works correctly since it thinks a user has already logged in.

Here's a snippet of where I'm using basicAuth:

// Basic auth (for staging env)
// Note: I'm checking for my dev env just to test this
if (process.env.NODE_ENV == 'development') {
    app.use(express.basicAuth('dev', 'abc123'));
}

Is there another method I can use in lieu of basicAuth, or another way I can use basicAuth to make this happen?

Answer 1

Perhaps you can do this:

if (process.env.NODE_ENV == 'development') {
  app.use(express.basicAuth('dev', 'abc123'));
  app.use(function(req, res, next) {
    req.basicAuthUser = req.user;
    req.user = null;
    next();
  });
}

So when a user got authenticated with basic authentication, req.user is stored somewhere (if you need it) and subsequently reset to null as to not confuse Passport.