Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/eelkevdbos/elysia-basic-auth
Basic auth plugin for Elysiajs
https://github.com/eelkevdbos/elysia-basic-auth
Last synced: 26 days ago
JSON representation
Basic auth plugin for Elysiajs
- Host: GitHub
- URL: https://github.com/eelkevdbos/elysia-basic-auth
- Owner: eelkevdbos
- License: mit
- Created: 2023-09-03T18:27:13.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-10-08T12:52:39.000Z (2 months ago)
- Last Synced: 2024-10-08T16:37:32.851Z (2 months ago)
- Language: TypeScript
- Size: 39.1 KB
- Stars: 12
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-elysia - Basic Auth - Basic http authentication (using 'request' event). (Plugins)
README
Elysia Basic Auth ![example workflow](https://github.com/eelkevdbos/elysia-basic-auth/actions/workflows/test.yml/badge.svg)
===Basic auth for [Elysia.js](https://elysiajs.com/).
- Uses the `request` event to handle authentication, decoupling authentication from route existence, limiting url [fuzzing](https://owasp.org/www-project-web-security-testing-guide/latest/6-Appendix/C-Fuzzing) exposure.
- Compares credentials timing-attack safely via `crypto.timingSafeEqual`.
- Exposes the authenticated realm via `store.basicAuthRealm`.
- Optionally, bypasses CORS preflight requests, blocks them by default (in scope).
- Loads credentials from:
- A list of `{username, password}` objects.
- A file containing `username:password` pairs, separated by `newlines`.
- An environment variable containing `username:password` pairs, separated by `semicolons`.Future releases may include:
- Support for hashed passwords.Install
---```
bun add @eelkevdbos/elysia-basic-auth
```Usage
---Check out full samples at [`examples`](./examples/) or check out the tests [`tests`](src/index.test.ts).
```ts
import { Elysia } from 'elysia'
import { basicAuth } from '@eelkevdbos/elysia-basic-auth'process.env["BASIC_AUTH_CREDENTIALS"] = "admin:admin;user:user"
new Elysia()
.use(basicAuth())
// all routes are protected by default
.get("/", () => "private")
// access to realm within a handler
.get('/private/realm-stored', ({ store }) => store.basicAuthRealm)
.listen(3000)
```Configuration
---### credentials
`{ file: string } | { env: string } | { username: string, password: string }[]`
A list of credentials valid for authentication, a file with credential pairs separated by newlines, or an environment variable with credential pairs separated by semicolons.
Default: `{ env: "BASIC_AUTH_CREDENTIALS" }`
### header
`string`
Default: `Authorization`
Header used for basic authentication.
### realm
`string`
Default: `Secure Area`
Realm used for basic authentication
### unauthorizedMessage
`string`
Default: `Unauthorized`
Response body for unauthorized requests
### unauthorizedStatus
`number`
Default: `401`
Response status for unauthorized requests
### scope
`string | string[] | (ctx: PreContext) => boolean`
Default: `/`
A string or list of strings that will be compared with the current request path via `startsWith`.
Alternatively, a function can be provided that returns `true` if the context (and thereby request) is in the scope of the current basic auth protection space.
### skipCorsPreflight
`boolean`
Default: `false`
A boolean that determines whether CORS preflight requests should be skipped.
### enabled
`boolean`
Default: `true`
A boolean that determines whether basic auth should be enabled. If set to `false`, will disable the `onRequest` handler.