-
-
Notifications
You must be signed in to change notification settings - Fork 547
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor(utils/basic-auth): Split the code into utils
- Loading branch information
1 parent
bdaaa7f
commit 24bd2dd
Showing
3 changed files
with
91 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
import { HonoRequest } from '../request' | ||
import { auth } from './basic-auth' | ||
|
||
describe('auth', () => { | ||
it('auth() - not include Authorization Header', () => { | ||
const req = new HonoRequest(new Request('http://localhost/auth')) | ||
const res = auth(req) | ||
expect(res).toBeUndefined() | ||
}) | ||
|
||
it('auth() - invalid Authorization Header format', () => { | ||
const req = new HonoRequest( | ||
new Request('http://localhost/auth', { | ||
headers: { Authorization: 'InvalidAuthHeader' }, | ||
}) | ||
) | ||
const res = auth(req) | ||
expect(res).toBeUndefined() | ||
}) | ||
|
||
it('auth() - invalid Base64 string in Authorization Header', () => { | ||
const req = new HonoRequest( | ||
new Request('http://localhost/auth', { | ||
headers: { Authorization: 'Basic InvalidBase64' }, | ||
}) | ||
) | ||
const res = auth(req) | ||
expect(res).toBeUndefined() | ||
}) | ||
|
||
it('auth() - valid Authorization Header', () => { | ||
const validBase64 = btoa('username:password') | ||
const req = new HonoRequest( | ||
new Request('http://localhost/auth', { | ||
headers: { Authorization: `Basic ${validBase64}` }, | ||
}) | ||
) | ||
const res = auth(req) | ||
expect(res).toEqual({ username: 'username', password: 'password' }) | ||
}) | ||
|
||
it('auth() - empty username', () => { | ||
const validBase64 = btoa(':password') | ||
const req = new HonoRequest( | ||
new Request('http://localhost/auth', { | ||
headers: { Authorization: `Basic ${validBase64}` }, | ||
}) | ||
) | ||
const res = auth(req) | ||
expect(res).toEqual({ username: '', password: 'password' }) | ||
}) | ||
|
||
it('auth() - empty password', () => { | ||
const validBase64 = btoa('username:') | ||
const req = new HonoRequest( | ||
new Request('http://localhost/auth', { | ||
headers: { Authorization: `Basic ${validBase64}` }, | ||
}) | ||
) | ||
const res = auth(req) | ||
expect(res).toEqual({ username: 'username', password: '' }) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
import type { HonoRequest } from '../request' | ||
import { decodeBase64 } from './encode' | ||
|
||
const CREDENTIALS_REGEXP = /^ *(?:[Bb][Aa][Ss][Ii][Cc]) +([A-Za-z0-9._~+/-]+=*) *$/ | ||
const USER_PASS_REGEXP = /^([^:]*):(.*)$/ | ||
const utf8Decoder = new TextDecoder() | ||
|
||
export type Auth = (req: HonoRequest) => { username: string; password: string } | undefined | ||
|
||
export const auth: Auth = (req: HonoRequest) => { | ||
const match = CREDENTIALS_REGEXP.exec(req.header('Authorization') || '') | ||
if (!match) { | ||
return undefined | ||
} | ||
|
||
let userPass = undefined | ||
// If an invalid string is passed to atob(), it throws a `DOMException`. | ||
try { | ||
userPass = USER_PASS_REGEXP.exec(utf8Decoder.decode(decodeBase64(match[1]))) | ||
} catch {} // Do nothing | ||
|
||
if (!userPass) { | ||
return undefined | ||
} | ||
|
||
return { username: userPass[1], password: userPass[2] } | ||
} |