Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Basic authorization #63

Closed
wants to merge 3 commits into from

7 participants

@marcin-wosinek

I've merged @gkostov commit 3927c97 mentioned in issue #10 to current master; and hide password.

@mansilladev

Marcin, I've tested out your code and it works swell. Before I merge in, I'd like to propose that we slightly modify the JSON configuration schema to support multiple authentication mechanisms -- so that both HTTP Basic auth and API key authorization is supported on the same API. For example:

{
    "yourAPI": {
        "name":"Your API",
        "protocol": "http",
        "auth": {
            "key": {
                "keyParam": "api_key",
                "signature": {
                    "type": "signed_md5",
                    "sigParam": "sig",
                    "digest": "hex"  
                }
            },
            "basic": {}
        }
    }
}

I have run into APIs that require both an API key and HTTP basic auth. Does anyone have any thoughts they'd like to add to this before I start coding?

@marcin-wosinek

Sounds reasonable for me

@jedwood

Any word on this? It'd be great to have Basic Auth built-in.

@lazutkin

Guys! Please merge it in.

@mansilladev

Looking back, there was a big schema change to accommodate simul. apiKey+basic auth. Will revisit soon. Thanks for ping.

@mansilladev mansilladev added the auth label
@egeek egeek referenced this pull request
Closed

Updated BASIC AUTH support #172

@mansilladev

Basic auth feature added for both Node server level and API request level.

@mansilladev mansilladev closed this
@phairow phairow referenced this pull request
Closed

Add HTTP Basic Auth Type #10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 42 additions and 24 deletions.
  1. +7 −1 app.js
  2. +4 −2 public/javascripts/docs.js
  3. +31 −21 views/api.jade
View
8 app.js
@@ -490,7 +490,8 @@ function processRequest(req, res, next) {
// Unsecured API Call helper
function unsecuredCall() {
- console.log('Unsecured Call');
+ console.log('Unsecured Call:');
+// console.dir(reqQuery);
if (['POST','PUT','DELETE'].indexOf(httpMethod) === -1) {
options.path += ((paramString.length > 0) ? '?' + paramString : "");
@@ -508,6 +509,11 @@ function processRequest(req, res, next) {
}
// Perform signature routine, if any.
+ if (apiConfig.auth=='basicAuth') {
+ options.headers['Authorization']='Basic '+new Buffer(reqQuery.apiUsername+':'+reqQuery.apiPassword).toString('base64');
+ }
+
+ // Perform signature routine, if any.
if (apiConfig.signature) {
if (apiConfig.signature.type == 'signed_md5') {
// Add signature parameter
View
6 public/javascripts/docs.js
@@ -173,9 +173,11 @@
var params = $(this).serializeArray(),
apiKey = { name: 'apiKey', value: $('input[name=key]').val() },
apiSecret = { name: 'apiSecret', value: $('input[name=secret]').val() },
- apiName = { name: 'apiName', value: $('input[name=apiName]').val() };
+ apiName = { name: 'apiName', value: $('input[name=apiName]').val() },
+ apiUsername = { name: 'apiUsername', value: $('input[name=username]').val() },
+ apiPassword = { name: 'apiPassword', value: $('input[name=password]').val() };
- params.push(apiKey, apiSecret, apiName);
+ params.push(apiKey, apiSecret, apiName, apiUsername, apiPassword);
// Setup results container
var resultContainer = $('.result', self);
View
52 views/api.jade
@@ -14,30 +14,40 @@ form#credentials
img(src='/images/accept.png')
- else
h2 API Credentials
- img(src='/images/key.png')
+ img(src='/images/key.png')
- - if (apiInfo.oauth)
- input(type='hidden', name='oauth', value='authrequired')
-
- - if (apiInfo.auth.defaultKey)
- - var defaultKey =apiInfo.auth.defaultKey
- - else
- - var defaultKey =''
-
- - if (apiInfo.auth.defaultSecret)
- - var defaultSecret =apiInfo.auth.defaultSecret
+ - if(apiInfo.auth == 'basicAuth')
+ div (basic HTTP authorization)
+ br
+ div
+ label(for='key') User name
+ input(id='username', name='username', style='color=#EEEEEE')
+ div
+ label(for='key') Password
+ input(id='password', name='password', type='password', value=defaultKey, style='color=#EEEEEE')
- else
- - var defaultSecret =''
- div
- label(for='key') API Key
- input(id='key', name='key', value=defaultKey, style='color=#EEEEEE')
- div
- - if (apiInfo.oauth || apiInfo.signature)
- label(for='secret') Shared Secret
- input(id='secret', name='secret', value=defaultSecret, style='color=#EEEEEE')
- - if (apiInfo.oauth && apiInfo.oauth.type !='two-legged')
+ - if (apiInfo.oauth)
+ input(type='hidden', name='oauth', value='authrequired')
+
+ - if (apiInfo.auth.defaultKey)
+ - var defaultKey =apiInfo.auth.defaultKey
+ - else
+ - var defaultKey =''
+
+ - if (apiInfo.auth.defaultSecret)
+ - var defaultSecret =apiInfo.auth.defaultSecret
+ - else
+ - var defaultSecret =''
+ div
+ label(for='key') API Key
+ input(id='key', name='key', value=defaultKey, style='color=#EEEEEE')
div
- input(name='oauth', value='Authenticate with OAuth', type='submit', id='oauth-auth')
+ - if (apiInfo.oauth || apiInfo.signature)
+ label(for='secret') Shared Secret
+ input(id='secret', name='secret', value=defaultSecret, style='color=#EEEEEE')
+ - if (apiInfo.oauth && apiInfo.oauth.type !='two-legged')
+ div
+ input(name='oauth', value='Authenticate with OAuth', type='submit', id='oauth-auth')
div(id='controls')
ul
Something went wrong with that request. Please try again.