├── .gitignore
├── app.js
├── basicauth.js
├── package.json
└── userdata
    └── users.js


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | 


--------------------------------------------------------------------------------
/app.js:
--------------------------------------------------------------------------------
 1 | // Basic Authentication
 2 | // Part of the course on "REST API Design Development & Management"
 3 | // http://www.acloudfan.com
 4 | 
 5 | var     express = require('express')
 6 | var     basicauth = require(__dirname + '/basicauth')
 7 | 
 8 | 
 9 | // Express app setup
10 | var app = express();
11 | var router = express.Router();
12 | 
13 | // This is the passport middlewae function that get called first
14 | var  auth = basicauth.auth
15 | // Setup the route with basic authentication
16 | router.get('/private',auth,function(req, res){
17 |     res.send('Access granted to private resource!!!')
18 | });
19 | 
20 | app.use(router);
21 | 
22 | app.listen(3000);
23 | 
24 | console.log('Listening on 3000')
25 | 


--------------------------------------------------------------------------------
/basicauth.js:
--------------------------------------------------------------------------------
 1 | // This has all the code for implementing basic auth
 2 | var passport = require('passport')
 3 | // This the strategy for basic authentication
 4 | var BasicStrategy = require('passport-http').BasicStrategy
 5 | 
 6 | // Access to the users data
 7 | var users = require(__dirname + '/userdata/users')
 8 | 
 9 | // Setup the passport strategy
10 | passport.use(new BasicStrategy(function (username, password, done) {
11 | 
12 |     var user = users.checkCredentials(username,password)
13 |     if(user)
14 |         return done(null, true)
15 |     else
16 |         return done(null, false)
17 | }));
18 | 
19 | // This is the middleware function that gets invoked
20 | var auth = passport.authenticate('basic', { session: false })
21 | 
22 | exports.auth = auth;
23 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "rest-api-course-security",
 3 |   "version": "1.0.0",
 4 |   "description": "Demonstrates the implementation of authentication for REST API",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.14.0",
13 |     "passport": "^0.3.2",
14 |     "passport-http": "^0.3.0"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/userdata/users.js:
--------------------------------------------------------------------------------
 1 | // Hardcoded users for testing
 2 | // Can be changed to store the users in a database
 3 | var users = [
 4 |     { id: 1, name: "jim", email: "jim@mail.com", password: "jim123" },
 5 |     { id: 2, name: "sam", email: "sam@mail.com", password: "sam123" }
 6 | ];
 7 | 
 8 | 
 9 | var checkCredentials = function (username, password) {
10 |     // Check if username/password are good
11 |     var user = users.find(function (u) {
12 |         return u.name === username && u.password === password;
13 |     });
14 | 
15 |     return user
16 | }
17 | 
18 | exports.checkCredentials = checkCredentials;


--------------------------------------------------------------------------------