Node HTTP Authorization Header Parser and Generator
Parses and generates HTTP Authorization and Proxy-Authorization headers strictly following RFC-7235. Supports legacy style auth-schemes (Basic, Digest, Bearer) as well as the more modern key-value auth params.
Install
npm install --save @mitmaro/http-authorization-header
Documentation
Usage
Parse Header
const http = require('http');
const {parse} = require('@mitmaro/http-authorization-header');
const httpServer = http.createServer((req, res) => {
const authHeader = req.getHeader('Authorization');
// authHeader => 'myscheme foo=bar, baz=foobar, buzz="quoted \"value!\""
const authData = parse(authHeader);
console.log(authData);
/*
{
scheme: 'myscheme',
values: [
['foo', 'bar'],
['baz', 'foobar],
['buzz', 'quotes "value!"']
]
}
*/
}).listen();
Create Header
const {create, createToken68} = require('@mitmaro/http-authorization-header');
// legacy header value support (Basic, Digest, Bearer)
const basicAuthHeader = createToken68('Basic', Buffer.from('username:password').toString('base64'));
// Basic dXNlcm5hbWU6cGFzc3dvcmQ=
// modern form
const rfc7235Header = create('Custom', [['foo', 'bar'], ['foo', 'fuzz'], ['buzz', 'quoted "value!"']]);
// Custom foo=bar,foo=fuzz,buzz="quoted \"value!\""
All exports
const {
create,
createUnsafe,
createToken68,
createToken68Unsafe,
parse,
InvalidHeaderError,
InvalidInputError,
} = require('@mitmaro/http-authorization-header');
Contributing
If the library is not in compliance with RFC-7235 then create an issue explaining the issue with sample data, or even better create a pull request that adds a test that fails.
Development
Development is done using Node 8 and NPM 5, and tested against both Node 6 and Node 8. To get started
- Install Node 8 from NodeJS.org or using nvm
- Clone the repository using
git clone git@github.com:MitMaro/http-authorization-header.git cd http-authorization-header- Install the dependencies
npm install - Make changes, add tests, etc.
- Run linting and test suite using
npm run test
License
Based on auth-header which was licensed under CC0-1.0. This project is released under the ISC license.
Index
Classes
Interfaces
Functions
Functions
create
-
Parameters
-
scheme: string
The auth scheme
-
Optional params: string[]
An array of tuple pairs of key and value
Returns string
A formatted authorization header value
-
createToken68
-
Used to generate legacy auth-schemes (Basic, Digest, Bearer) Authorization header values. It takes a
schemeand an optionaltoken. You are responsible for encoding thetokenusing base64, base64url, base32, base16 or another compatible encoding. AnInvalidInputErrorwill be thrown if any of the input values are invalid.createToken68('Basic', Buffer.from('username:password').toString('base64')); // Basic dXNlcm5hbWU6cGFzc3dvcmQ=Parameters
-
scheme: string
The auth scheme
-
Optional token: undefined | string
A Token68 formatted auth parameter
Returns string
A formatted authorization header value
-
createToken68Unsafe
-
The
createToken68Unsafefunction is identical tocreateToken68in every way except that it does not perform any input validation. It is faster for cases where you can be sure the values provided will not cause an error.Parameters
-
scheme: string
The auth scheme
-
Optional token: undefined | string
A Token68 formatted auth parameter
Returns string
A formatted authorization header value
-
createUnsafe
-
The
createUnsafefunction is identical tocreatein every way except that it does not perform any input validation. It is faster for cases where you can be sure the values provided will not cause an error.Parameters
-
scheme: string
The auth scheme
-
Optional params: string[]
An array of tuple pairs of key and value
Returns string
A formatted authorization header value
-
parse
-
Parses a authorization header value returning the parsed data as a JavaScript object. If the header cannot be successfully parsed due to invalid input, a
InvalidHeaderErrorwill be thrown.For legacy headers the return will contain values for the properties that are strings, a
schemeand avalue.// Basic Zm9vOmJhcg== { scheme: 'Basic', value: 'Zm9vOmJhcg==' }For modern headers the return will contain important properties, a
schemeandvalues.schemeis astring whilevaluesin an array of 2-tuples, where each 2-tuple contains the auth param name and value, respectively.// Custom foo=bar,foo=fuzz,buzz="quoted \"value!\"" { scheme: 'Custom', values: [ ['foo', 'bar'], ['foo', 'fuzz'], ['buzz', 'quoted "value!"'] ] }Parameters
-
headerValue: string
The value of an authorization header
Returns IParsedHeader
The parsed header params
-
Generated using TypeDoc
Creates a Authorization header value from a scheme as an optional array of 2-tuple, where each 2-tuple contains the auth-param name and value, respectively. Auth param values are automatically quotes only when needed. A
InvalidInputErrorwill be thrown if the provided values are not valid.create('Custom', [ ['foo', 'bar'], ['foo', 'fuzz'], ['buzz', 'quoted "value!"'] ]); // Custom foo=bar,foo=fuzz,buzz="quoted \"value!\""{InvalidInputError} If
schemeor a param name are not valid values