Basic HTTP Authentication Parser
simple-auth-basic is a lightweight Node.js module designed for parsing HTTP Basic Authorization headers. It extracts the username and password from the 'Authorization' header in an incoming request or a raw header string, returning an object with `name` and `pass` properties. If the header is invalid or missing, it returns `undefined`. The current stable version is 2.0.8. As a focused utility for a well-established standard, its release cadence is generally slow, primarily for maintenance and compatibility updates rather than new features. Its key differentiator is its simplicity and singular focus on parsing the header, leaving credential validation to the application logic, often paired with a timing-safe string comparison library like `tsscmp` for security.
Common errors
-
TypeError: auth is not a function
cause Attempting to call `auth` directly on a string instead of a request object, or attempting to call `auth.parse` before `auth` is imported correctly.fixEnsure `auth` is imported correctly as a default export (`import auth from 'simple-auth-basic'`) and that `auth` is called with a request object (`auth(req)`). For string parsing, use `auth.parse(headerString)`. -
ReferenceError: require is not defined in ES module scope
cause Using CommonJS `require()` syntax in an ESM project (e.g., `"type": "module"` in package.json or `.mjs` files).fixReplace `const auth = require('simple-auth-basic')` with `import auth from 'simple-auth-basic'`.
Warnings
- gotcha This module only parses the Basic Authorization header. It does not perform any credential validation or database lookups. Developers must implement their own logic for checking usernames and passwords, preferably using timing-safe comparison methods to prevent timing attacks.
- gotcha The `auth(req)` function expects a standard Node.js HTTP request object. When parsing a header string from other sources (e.g., a custom proxy header or a non-Node.js environment), use `auth.parse(string)` instead.
Install
-
npm install simple-auth-basic -
yarn add simple-auth-basic -
pnpm add simple-auth-basic
Imports
- auth
const auth = require('simple-auth-basic')import auth from 'simple-auth-basic'
- auth.parse
import { parse } from 'simple-auth-basic'import auth from 'simple-auth-basic'; auth.parse(headerString)
Quickstart
import http from 'http';
import auth from 'simple-auth-basic';
import compare from 'tsscmp'; // Often used for timing-safe comparisons
const server = http.createServer((req, res) => {
const credentials = auth(req);
// Basic function to validate credentials (against a user store in real apps)
function check (name, pass) {
let valid = true;
// Using tsscmp to prevent timing attacks
valid = compare(name, 'john') && valid;
valid = compare(compare(pass, 'secret') && valid);
return valid;
}
if (!credentials || !check(credentials.name, credentials.pass)) {
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
res.end('Access denied');
} else {
res.end(`Welcome, ${credentials.name}! Access granted.`);
}
});
const port = 3000;
server.listen(port, () => {
console.log(`Server listening on http://localhost:${port}`);
console.log('Try accessing with "john:secret" basic auth.');
});