Node.js HTTP基本身份验证
[英]Node.js http basic auth
问题描述
Is it possible to do basic auth in Node.js just like in Apache? 
是否可以像在Apache中一样在Node.js中执行基本身份验证?
http://doc.norang.ca/apache-basic-auth.html http://doc.norang.ca/apache-basic-auth.html
I know that if using Express or Connect I can add middle-ware functionality and do user verification, but I'm trying to restrict the whole area (I don't need to authenticate users from a database just a couple of defined users) - I'm using Ubuntu. 我知道如果使用Express或Connect可以添加中间件功能并进行用户验证,但是我试图限制整个区域(我不需要仅从几个定义的用户中就对数据库进行身份验证)-我正在使用Ubuntu。
https://github.com/kaero/node-http-digest https://github.com/kaero/node-http-digest
That's something I can do, but I'm not sure if "exposing" or directly writing the user and password in the code is secure enough. 我可以这样做,但是我不确定在代码中“公开”或直接写用户和密码是否足够安全。
Many thanks. 非常感谢。
4 个解决方案
解决方案1
17 已采纳 2012-10-10 17:53:55
Passport provides a clean mechanism to implement basic auth. Passport提供了一种干净的机制来实现基本身份验证。 I use it in my Node.js Express app to protect both my Angularjs-based UI as well as my RESTful API. 我在Node.js Express应用程序中使用它来保护基于Angularjs的UI和RESTful API。 To get passport up and running in your app do the following: 要启动和运行护照,请执行以下操作:
npm install passport
npm安装护照 npm install passport-http (contains "BasicStrategy" object for basic auth)
npm install Passport-http(包含用于基本身份验证的“ BasicStrategy”对象) Open up your app.js and add the following:
打开您的app.js并添加以下内容: var passport = require('passport') var BasicStrategy = require('passport-http').BasicStrategy passport.use(new BasicStrategy( function(username, password, done) { if (username.valueOf() === 'yourusername' && password.valueOf() === 'yourpassword') return done(null, true); else return done(null, false); } )); // Express-specific configuration section // *IMPORTANT* // Note the order of WHERE passport is initialized // in the configure section--it will throw an error // if app.use(passport.initialize()) is called after // app.use(app.router) app.configure(function(){ app.use(express.cookieParser()); app.use(express.session({secret:'123abc',key:'express.sid'})); app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.set('view options', { layout: false }); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.static(__dirname + '/public')); app.use(passport.initialize()); app.use(app.router); app.use(logger); }); // Routes app.get('/', passport.authenticate('basic', { session: false }), routes.index); app.get('/partials/:name', routes.partials); // JSON API app.get('/api/posts', passport.authenticate('basic', { session: false }), api.posts); app.get('/api/post/:id', passport.authenticate('basic', { session: false }), api.post) // --Repeat for every API call you want to protect with basic auth-- app.get('*', passport.authenticate('basic', { session: false }), routes.index);
解决方案2
12 2013-03-05 18:40:42
Put this 放这个
app.use(express.basicAuth(function(user, pass) {
return user === 'test' && pass === 'test';
}));
before the line to 行前
app.use(app.router);
to protect all routes with http basic auth 使用http基本身份验证保护所有路由
解决方案3
3 2016-04-22 11:19:26
I think good choice could be http-auth module 我认为不错的选择可能是http-auth模块
// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
realm: "Simon Area.",
file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});
// Application setup.
var app = express();
app.use(auth.connect(basic));
// Setup route.
app.get('/', function(req, res){
res.send("Hello from express - " + req.user + "!");
});
解决方案4
3 2011-09-08 10:59:34
Have a look at: user authentication libraries for node.js? 看一下: node.js的用户身份验证库?
It does not answer your question 100% - but maybe it helps. 它不能100%回答您的问题-但也许有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.