Add support for .htaccess/htpasswd

[jamo]

There has been cases where the single username+password for http basic auth just isn't enough.

So we should consider adding a full .htaccess/.htpasswd basic auth support to easily allow configuring multiple users with individual passwords.

[derhuerst]

[imho]

I think in the year of 2017, we don't need .htpasswd. Often, users store (hashed) passwords in the webroot. Authentication should nowadays be done by either by a (reverse) proxy or a separate auth service. Theoretically, even password authentication should be a thing of the past.

For the simple use case of setting up and adhoc web server, user & pw auth is sufficient.

I guess this is an ideological decision wether supporting these use cases is worth it for zeit and the broader community.

[jamo]

Yeah, necessary .htpasswd isn't the auth file format we should have.
But it should be something that wouldn't vendor lock and that is hassle free.

[derhuerst]

Not sure I expressed clearly enough what my opinion on this matter is. If I did, don't take this as an offence.

I think it's not the job of serve to deal with any auth more sophisticated than user/pw. It should be done by another service (as in web service) or proxy/api layer.

I've been following the development of http-server for a while. This is a feature that, as you can see with many feature requests over at http-server, only serves the needs of a very narrow user base and can easily be done by external packages.

[leo]

I agree with both of you. But overall, I think this would be too much for this little package. People should put something on top and use another service.