AuthenticateΒΆ
The authenticate
middleware allow one to perform HTTP basic and digest
authentication.
It takes three parameters:
- an
Authentication
object described in HTTP authentication - a callback to challenge a user-provided
Authorization
header - a forward callback invoked on success with the corresponding authorization object
If the authentication fails, a 401 Unauthorized
status is raised with
a WWW-Authenticate
header.
app.use (authenticate (new BasicAuthentication ("realm")), (authorization) => {
return authorization.challenge ("some password");
}, (req, res, next, ctx, username) => {
return res.expand_utf8 ("Hello %s".printf (username));
});
To perform custom password comparison, it is best to cast the authorization
parameter and access the password directly.
public bool authenticate_user (string username, string password) {
// authenticate the user against the database...
}
app.use (authenticate (new BasicAuthentication ("realm")), (authorization) => {
var basic_authorization = authorization as BasicAuthorization;
return authenticate_user (basic_authorization.username, basic_authorization.password);
});