Closed maheshyamsani closed 5 years ago
Any luck on accessing the req object within the authorizer method?
I, too, would like to see this functionality. Accepting PRs?
I did a little bit of reading. It seems as tho the authentication is fired prior to delivery of the request object. This means the request object is not yet sent/available.
Possible work around is to NOT use basic auth, and parse your own authentication parameters in the body of the request payload. Then configure some kind of middleware that fires to authenticate before actually executing the request/route.
@willemevenwel Thanks for replying!
Can you elaborate on "authentication is fired prior to delivery of the request object", or link to a source that says this? My understanding was that requesting auth is accomplished by the server sending a 401 (possibly with the WWW-Authenticate
or similar headers), and the client sends auth by responding with its own header. This sending/receiving of the headers surely happens after express has built the request object..?
Even in the code here:
return function authMiddleware(req, res, next) {
req
is available by definition, since its an express middleware. I dont think its even possible to have an express middleware without there being a req
.
Sorry for the late reply - I am still in the process of rewriting in typescript before releasing new features. Passing req
will be one of them. @yonilerner I will accept PRs once that is done and I have a contributors agreement in place.
I will close this for now, thanks for the elaborate answers @yonilerner !
Any update on this?
https://github.com/LionC/express-basic-auth/blob/738ef5bf2cb6ea2389467fa6d9cce345ab4319e2/index.js#L45
if(isAsync) return authorizer(authentication.name, authentication.pass, authorizerCallback,req) else if(!authorizer(authentication.name, authentication.pass)) return unauthorized()