Enable custom unauthorized handling via middleware (req, res, next)

[matmar10]

Background

Current behavior supports:

• string (rendered as text in response)
• object (rendered as JSON object in response)

Enhancement

Enable passing a normal middleware. This allows full customization of the response handling in the case of unauthorized:

  app.use(basicAuth({
    unauthorizedResponse: function(req, res, next) {
      // use an application's existing error handling stack
      if (req.auth) {
        next(new UnauthorizedError('Login required'));
        return;
      }
      // or send an html page
      if (req.accepts('html') {
        res.render('unauthorized');
        return;
      }
      // or whatever you like!
      res.status(403)
        send({
          message: 'That user will NEVER have access. Ever!'
        });
    }
  }));

[andorfermichael]

It would be great if this was released. :)

[dazwiafl]

push push

[AlphaJuliettOmega]

Bump?

[LionC]

I will take a look at this the following week - thank you for your patience :-)