1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.basicAuth = void 0;
const buffer_1 = require("../../utils/buffer");
const encode_1 = require("../../utils/encode");
const CREDENTIALS_REGEXP = /^ *(?:[Bb][Aa][Ss][Ii][Cc]) +([A-Za-z0-9._~+/-]+=*) *$/;
const USER_PASS_REGEXP = /^([^:]*):(.*)$/;
const auth = (req) => {
const match = CREDENTIALS_REGEXP.exec(req.headers.get('Authorization') || '');
if (!match) {
return undefined;
}
const userPass = USER_PASS_REGEXP.exec((0, encode_1.decodeBase64)(match[1]));
if (!userPass) {
return undefined;
}
return { username: userPass[1], password: userPass[2] };
};
const basicAuth = (options, ...users) => {
if (!options) {
throw new Error('basic auth middleware requires options for "username and password"');
}
if (!options.realm) {
options.realm = 'Secure Area';
}
users.unshift({ username: options.username, password: options.password });
return async (ctx, next) => {
const requestUser = auth(ctx.req);
if (requestUser) {
for (const user of users) {
const usernameEqual = await (0, buffer_1.timingSafeEqual)(user.username, requestUser.username, options.hashFunction);
const passwordEqual = await (0, buffer_1.timingSafeEqual)(user.password, requestUser.password, options.hashFunction);
if (usernameEqual && passwordEqual) {
// Authorized OK
await next();
return;
}
}
}
ctx.res = new Response('Unauthorized', {
status: 401,
headers: {
'WWW-Authenticate': 'Basic realm="' + options.realm?.replace(/"/g, '\\"') + '"',
},
});
};
};
exports.basicAuth = basicAuth;
|
