Options
All
  • Public
  • Public/Protected
  • All
Menu

Node HTTP Authorization Header Parser and Generator

Dependency Status Build Status Coverage Status NPM version GitHub license

Parses and generates HTTP Authorization and Proxy-Authorization headers strictly following RFC-7235. Supports legacy style auth-schemes (Basic, Digest, Bearer) as well as the more modern key-value auth params.

Install

npm install --save @mitmaro/http-authorization-header

Documentation

Usage

Parse Header

const http = require('http');
const {parse} = require('@mitmaro/http-authorization-header');

const httpServer = http.createServer((req, res) => {
    const authHeader = req.getHeader('Authorization');
    // authHeader => 'myscheme foo=bar, baz=foobar, buzz="quoted \"value!\""

    const authData = parse(authHeader);

    console.log(authData);
    /*
    {
        scheme: 'myscheme',
        values: [
            ['foo', 'bar'],
            ['baz', 'foobar],
            ['buzz', 'quotes "value!"']
        ]
    }
    */
}).listen();

Create Header

const {create, createToken68} = require('@mitmaro/http-authorization-header');

// legacy header value support (Basic, Digest, Bearer)
const basicAuthHeader = createToken68('Basic', Buffer.from('username:password').toString('base64'));
// Basic dXNlcm5hbWU6cGFzc3dvcmQ=

// modern form
const rfc7235Header = create('Custom', [['foo', 'bar'], ['foo', 'fuzz'], ['buzz', 'quoted "value!"']]);
// Custom foo=bar,foo=fuzz,buzz="quoted \"value!\""

All exports

const {
    create,
    createUnsafe,
    createToken68,
    createToken68Unsafe,
    parse,
    InvalidHeaderError,
    InvalidInputError,
} = require('@mitmaro/http-authorization-header');

Contributing

If the library is not in compliance with RFC-7235 then create an issue explaining the issue with sample data, or even better create a pull request that adds a test that fails.

Development

Development is done using Node 8 and NPM 5, and tested against both Node 6 and Node 8. To get started

  • Install Node 8 from NodeJS.org or using nvm
  • Clone the repository using git clone git@github.com:MitMaro/http-authorization-header.git
  • cd http-authorization-header
  • Install the dependencies npm install
  • Make changes, add tests, etc.
  • Run linting and test suite using npm run test

License

Based on auth-header which was licensed under CC0-1.0. This project is released under the ISC license.

Index

Functions

create

  • create(scheme: string, params?: string[]): string
  • Creates a Authorization header value from a scheme as an optional array of 2-tuple, where each 2-tuple contains the auth-param name and value, respectively. Auth param values are automatically quotes only when needed. A InvalidInputError will be thrown if the provided values are not valid.

    create('Custom', [
        ['foo', 'bar'],
        ['foo', 'fuzz'],
        ['buzz', 'quoted "value!"']
    ]);
    // Custom foo=bar,foo=fuzz,buzz="quoted \"value!\""
    
    throws

    {InvalidInputError} If scheme or a param name are not valid values

    Parameters

    • scheme: string

      The auth scheme

    • Optional params: string[]

      An array of tuple pairs of key and value

    Returns string

    A formatted authorization header value

createToken68

  • createToken68(scheme: string, token?: undefined | string): string
  • Used to generate legacy auth-schemes (Basic, Digest, Bearer) Authorization header values. It takes a scheme and an optional token. You are responsible for encoding the token using base64, base64url, base32, base16 or another compatible encoding. An InvalidInputError will be thrown if any of the input values are invalid.

    createToken68('Basic', Buffer.from('username:password').toString('base64'));
    // Basic dXNlcm5hbWU6cGFzc3dvcmQ=
    
    throws

    {InvalidInputError} If scheme or token are not valid values

    Parameters

    • scheme: string

      The auth scheme

    • Optional token: undefined | string

      A Token68 formatted auth parameter

    Returns string

    A formatted authorization header value

createToken68Unsafe

  • createToken68Unsafe(scheme: string, token?: undefined | string): string
  • The createToken68Unsafe function is identical to createToken68 in every way except that it does not perform any input validation. It is faster for cases where you can be sure the values provided will not cause an error.

    Parameters

    • scheme: string

      The auth scheme

    • Optional token: undefined | string

      A Token68 formatted auth parameter

    Returns string

    A formatted authorization header value

createUnsafe

  • createUnsafe(scheme: string, params?: string[]): string
  • The createUnsafe function is identical to create in every way except that it does not perform any input validation. It is faster for cases where you can be sure the values provided will not cause an error.

    Parameters

    • scheme: string

      The auth scheme

    • Optional params: string[]

      An array of tuple pairs of key and value

    Returns string

    A formatted authorization header value

parse

  • Parses a authorization header value returning the parsed data as a JavaScript object. If the header cannot be successfully parsed due to invalid input, a InvalidHeaderError will be thrown.

    For legacy headers the return will contain values for the properties that are strings, a scheme and a value.

    // Basic Zm9vOmJhcg==
    {
         scheme: 'Basic',
         value: 'Zm9vOmJhcg=='
    }
    

    For modern headers the return will contain important properties, a scheme and values. scheme is astring while values in an array of 2-tuples, where each 2-tuple contains the auth param name and value, respectively.

    // Custom foo=bar,foo=fuzz,buzz="quoted \"value!\""
    {
      scheme: 'Custom',
        values: [
            ['foo', 'bar'],
            ['foo', 'fuzz'],
            ['buzz', 'quoted "value!"']
        ]
    }
    

    Parameters

    • headerValue: string

      The value of an authorization header

    Returns IParsedHeader

    The parsed header params

Legend

  • Module
  • Object literal
  • Variable
  • Function
  • Function with type parameter
  • Index signature
  • Type alias
  • Enumeration
  • Enumeration member
  • Property
  • Method
  • Interface
  • Interface with type parameter
  • Constructor
  • Property
  • Method
  • Index signature
  • Class
  • Class with type parameter
  • Constructor
  • Property
  • Method
  • Accessor
  • Index signature
  • Inherited constructor
  • Inherited property
  • Inherited method
  • Inherited accessor
  • Protected property
  • Protected method
  • Protected accessor
  • Private property
  • Private method
  • Private accessor
  • Static property
  • Static method

Generated using TypeDoc