Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Basic authorization #63

Closed
wants to merge 3 commits into from

7 participants

Marcin Wosinek Neil Mansilla Jed Wood Dmitry M. Lazutkin trevorwilliams Mark Pasternak gkostov
Marcin Wosinek

I've merged @gkostov commit 3927c97 mentioned in issue #10 to current master; and hide password.

Neil Mansilla
Owner

Marcin, I've tested out your code and it works swell. Before I merge in, I'd like to propose that we slightly modify the JSON configuration schema to support multiple authentication mechanisms -- so that both HTTP Basic auth and API key authorization is supported on the same API. For example:

{
    "yourAPI": {
        "name":"Your API",
        "protocol": "http",
        "auth": {
            "key": {
                "keyParam": "api_key",
                "signature": {
                    "type": "signed_md5",
                    "sigParam": "sig",
                    "digest": "hex"  
                }
            },
            "basic": {}
        }
    }
}

I have run into APIs that require both an API key and HTTP basic auth. Does anyone have any thoughts they'd like to add to this before I start coding?

Marcin Wosinek

Sounds reasonable for me

Jed Wood

Any word on this? It'd be great to have Basic Auth built-in.

Dmitry M. Lazutkin

Guys! Please merge it in.

Neil Mansilla
Owner

Looking back, there was a big schema change to accommodate simul. apiKey+basic auth. Will revisit soon. Thanks for ping.

Neil Mansilla mansilladev added the auth label
Stephen Houston egeek referenced this pull request
Closed

Updated BASIC AUTH support #172

Neil Mansilla
Owner

Basic auth feature added for both Node server level and API request level.

Neil Mansilla mansilladev closed this
phairow phairow referenced this pull request
Closed

Add HTTP Basic Auth Type #10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 42 additions and 24 deletions.
  1. +7 −1 app.js
  2. +4 −2 public/javascripts/docs.js
  3. +31 −21 views/api.jade
8 app.js
View
@@ -490,7 +490,8 @@ function processRequest(req, res, next) {
// Unsecured API Call helper
function unsecuredCall() {
- console.log('Unsecured Call');
+ console.log('Unsecured Call:');
+// console.dir(reqQuery);
if (['POST','PUT','DELETE'].indexOf(httpMethod) === -1) {
options.path += ((paramString.length > 0) ? '?' + paramString : "");
@@ -508,6 +509,11 @@ function processRequest(req, res, next) {
}
// Perform signature routine, if any.
+ if (apiConfig.auth=='basicAuth') {
+ options.headers['Authorization']='Basic '+new Buffer(reqQuery.apiUsername+':'+reqQuery.apiPassword).toString('base64');
+ }
+
+ // Perform signature routine, if any.
if (apiConfig.signature) {
if (apiConfig.signature.type == 'signed_md5') {
// Add signature parameter
6 public/javascripts/docs.js
View
@@ -173,9 +173,11 @@
var params = $(this).serializeArray(),
apiKey = { name: 'apiKey', value: $('input[name=key]').val() },
apiSecret = { name: 'apiSecret', value: $('input[name=secret]').val() },
- apiName = { name: 'apiName', value: $('input[name=apiName]').val() };
+ apiName = { name: 'apiName', value: $('input[name=apiName]').val() },
+ apiUsername = { name: 'apiUsername', value: $('input[name=username]').val() },
+ apiPassword = { name: 'apiPassword', value: $('input[name=password]').val() };
- params.push(apiKey, apiSecret, apiName);
+ params.push(apiKey, apiSecret, apiName, apiUsername, apiPassword);
// Setup results container
var resultContainer = $('.result', self);
52 views/api.jade
View
@@ -14,30 +14,40 @@ form#credentials
img(src='/images/accept.png')
- else
h2 API Credentials
- img(src='/images/key.png')
+ img(src='/images/key.png')
- - if (apiInfo.oauth)
- input(type='hidden', name='oauth', value='authrequired')
-
- - if (apiInfo.auth.defaultKey)
- - var defaultKey =apiInfo.auth.defaultKey
- - else
- - var defaultKey =''
-
- - if (apiInfo.auth.defaultSecret)
- - var defaultSecret =apiInfo.auth.defaultSecret
+ - if(apiInfo.auth == 'basicAuth')
+ div (basic HTTP authorization)
+ br
+ div
+ label(for='key') User name
+ input(id='username', name='username', style='color=#EEEEEE')
+ div
+ label(for='key') Password
+ input(id='password', name='password', type='password', value=defaultKey, style='color=#EEEEEE')
- else
- - var defaultSecret =''
- div
- label(for='key') API Key
- input(id='key', name='key', value=defaultKey, style='color=#EEEEEE')
- div
- - if (apiInfo.oauth || apiInfo.signature)
- label(for='secret') Shared Secret
- input(id='secret', name='secret', value=defaultSecret, style='color=#EEEEEE')
- - if (apiInfo.oauth && apiInfo.oauth.type !='two-legged')
+ - if (apiInfo.oauth)
+ input(type='hidden', name='oauth', value='authrequired')
+
+ - if (apiInfo.auth.defaultKey)
+ - var defaultKey =apiInfo.auth.defaultKey
+ - else
+ - var defaultKey =''
+
+ - if (apiInfo.auth.defaultSecret)
+ - var defaultSecret =apiInfo.auth.defaultSecret
+ - else
+ - var defaultSecret =''
+ div
+ label(for='key') API Key
+ input(id='key', name='key', value=defaultKey, style='color=#EEEEEE')
div
- input(name='oauth', value='Authenticate with OAuth', type='submit', id='oauth-auth')
+ - if (apiInfo.oauth || apiInfo.signature)
+ label(for='secret') Shared Secret
+ input(id='secret', name='secret', value=defaultSecret, style='color=#EEEEEE')
+ - if (apiInfo.oauth && apiInfo.oauth.type !='two-legged')
+ div
+ input(name='oauth', value='Authenticate with OAuth', type='submit', id='oauth-auth')
div(id='controls')
ul
Something went wrong with that request. Please try again.