{"id":15121,"library":"http-auth-connect","title":"Connect HTTP Authentication Middleware","description":"http-auth-connect provides a specialized middleware adapter that integrates the robust `http-auth` module with the `Connect` framework, thereby extending its utility to widely-used web frameworks like `Express.js`. It enables straightforward implementation of HTTP Basic and Digest authentication within Node.js web applications by wrapping `http-auth` configurations into a `Connect`-compatible middleware function. The current stable version is 1.0.6, with recent updates primarily focused on addressing security audit findings, indicating a maintenance-oriented release cadence rather than active feature development. Its primary differentiator is simplifying the application of `http-auth`'s comprehensive authentication schemes directly within the standard `Connect`/`Express` middleware stack, allowing developers to leverage existing, proven authentication logic without custom integration boilerplate.","status":"maintenance","version":"1.0.6","language":"javascript","source_language":"en","source_url":"https://github.com/http-auth/http-auth-connect","tags":["javascript","connect","http","basic","digest","access","authentication"],"install":[{"cmd":"npm install http-auth-connect","lang":"bash","label":"npm"},{"cmd":"yarn add http-auth-connect","lang":"bash","label":"yarn"},{"cmd":"pnpm add http-auth-connect","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core dependency providing the underlying HTTP Basic and Digest authentication logic. This package acts as an adapter for it.","package":"http-auth","optional":false}],"imports":[{"note":"This package is primarily CommonJS. Use `require` for Node.js environments.","symbol":"authConnect","correct":"const authConnect = require('http-auth-connect');"},{"note":"While CommonJS modules can often be imported with `import defaultExport from 'module'`, named imports like `{ authConnect }` will not work as it does not have a named export of 'authConnect'.","wrong":"import { authConnect } from 'http-auth-connect';","symbol":"authConnect","correct":"import authConnect from 'http-auth-connect';"},{"note":"The core `http-auth` module, which `http-auth-connect` integrates, must be imported separately to configure authentication schemes.","symbol":"auth","correct":"const auth = require('http-auth');"}],"quickstart":{"code":"const express = require('express');\nconst auth = require('http-auth');\nconst authConnect = require('http-auth-connect');\nconst path = require('path');\nconst fs = require('fs');\n\n// Create a dummy htpasswd file for demonstration\nconst htpasswdPath = path.join(__dirname, 'users.htpasswd');\nfs.writeFileSync(htpasswdPath, 'gevorg:$apr1$D9ByKj6f$d2yF/X7zN4L9P.hR/oE3w1\\nSarah:$apr1$uL9P.hR/oE3w1$D9ByKj6f$d2yF/X7zN4L9P.hR/oE3w1\\n');\n\nconst basic = auth.basic({\n  realm: 'Secure Area',\n  file: htpasswdPath // Path to .htpasswd file (gevorg:gpass, Sarah:testpass)\n});\n\nconst app = express();\n\n// Apply the authentication middleware\napp.use(authConnect(basic));\n\n// Setup a protected route\napp.get('/', (req, res) => {\n  res.send(`Hello from express - ${req.user}! You are authenticated.`);\n});\n\n// Start server\nconst PORT = process.env.PORT || 1337;\napp.listen(PORT, () => {\n  console.log(`Server running at http://127.0.0.1:${PORT}/`);\n  console.log('Try accessing with user \"gevorg\" and password \"gpass\", or \"Sarah\" and \"testpass\".');\n});\n\n// Clean up dummy file on exit (for proper demonstration)\nprocess.on('exit', () => {\n    if (fs.existsSync(htpasswdPath)) {\n        fs.unlinkSync(htpasswdPath);\n    }\n});","lang":"javascript","description":"This quickstart demonstrates how to set up HTTP Basic Authentication using `http-auth-connect` with Express, protecting a simple route. It includes creating a temporary .htpasswd file for user credentials."},"warnings":[{"fix":"Ensure `http-auth` is installed (`npm install http-auth`) and correctly configured according to its documentation before passing its `auth` instance to `http-auth-connect`.","message":"This package is an adapter for `http-auth`. It requires `http-auth` to be installed as a separate dependency (`npm install http-auth`) and configured independently. Misconfigurations in the `http-auth` module (e.g., incorrect `realm`, invalid user file paths, or weak credentials) will directly impact the security and functionality of your application.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"For production, configure `http-auth` to use a custom `verify` function or integrate with a proper user management system. Refer to the `http-auth` documentation for advanced authentication strategies.","message":"The example and typical usage of `http-auth-connect` relies on file-based user storage (`.htpasswd` files). While convenient for development, this method is generally not scalable or secure for production environments with many users. Consider integrating `http-auth` with a more robust and dynamic user management system (e.g., database, LDAP, OAuth) for production deployments.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Ensure your application uses a Connect-compatible framework (like Express or Connect itself) to integrate this middleware. For other frameworks, a custom adapter might be necessary.","message":"`http-auth-connect` is designed for Connect/Express-style middleware. Attempting to use it directly with Node.js's native `http` module or other non-Connect compatible frameworks will result in errors or unexpected behavior, as it expects a middleware signature (`req`, `res`, `next`).","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-21T00:00:00.000Z","next_check":"2026-07-20T00:00:00.000Z","problems":[{"fix":"Install the core `http-auth` package: `npm install http-auth`.","cause":"`http-auth` is a peer dependency that `http-auth-connect` wraps but does not automatically install.","error":"Error: Cannot find module 'http-auth'"},{"fix":"Double-check the `file` path for your `.htpasswd` to ensure it's absolute and points to a valid file. Verify the `.htpasswd` file format is correct. Ensure the `realm` option in `auth.basic` configuration is set as intended.","cause":"The `file` path for your `.htpasswd` file is incorrect, the file is malformed, or the specified `realm` in `auth.basic` configuration does not match what the browser expects or the server is sending.","error":"HTTP 401 Unauthorized (in browser) or 'Basic realm=\"Secure Area\"' header missing (in console)"},{"fix":"Inspect your `.htpasswd` file for correct username:hashedpassword format. Ensure no extra newlines or invalid characters are present. Use a tool to generate valid Apache-compatible `.htpasswd` entries.","cause":"Typically indicates a malformed or incorrect entry in the `.htpasswd` file, or issues with the `http-auth` module parsing the provided credentials.","error":"TypeError: Cannot read properties of undefined (reading 'split') or similar errors related to authentication credentials"}],"ecosystem":"npm"}