Enable passing a normal middleware. This allows full customization of the response handling in the case of unauthorized:
app.use(basicAuth({
unauthorizedResponse: function(req, res, next) {
// use an application's existing error handling stack
if (req.auth) {
next(new UnauthorizedError('Login required'));
return;
}
// or send an html page
if (req.accepts('html') {
res.render('unauthorized');
return;
}
// or whatever you like!
res.status(403)
send({
message: 'That user will NEVER have access. Ever!'
});
}
}));
Background
Current behavior supports:
Enhancement
Enable passing a normal middleware. This allows full customization of the response handling in the case of unauthorized: