{"library":"passport-http-header-strategy","title":"Passport HTTP Header Authentication Strategy","description":"The `passport-http-header-strategy` package provides a flexible HTTP header-based authentication strategy for the Passport.js framework. It enables developers to authenticate requests by extracting a token from a custom HTTP header (e.g., `X-API-Key`), or optionally from a request body or query parameter, rather than being limited to the standard `Authorization: Bearer` scheme. Currently at version 1.1.0, the package has not seen significant updates in several years, suggesting a stable but largely unmaintained status. It integrates seamlessly into existing Passport-based applications, allowing for stateless (session-less) authentication, which is common for API-driven services. Its key differentiator is the configurability of the header name and parameter name, offering more customization than some other token-based strategies.","language":"javascript","status":"maintenance","last_verified":"Thu Apr 23","install":{"commands":["npm install passport-http-header-strategy"],"cli":null},"imports":["import { Strategy } from 'passport-http-header-strategy';","import passport from 'passport';","type VerifyCallback = (req: Request, token: string, done: (error: any, user?: any, info?: any) => void) => void;"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import express from 'express';\nimport passport from 'passport';\nimport { Strategy } from 'passport-http-header-strategy';\n\nconst app = express();\napp.use(express.json()); // For parsing req.body if 'param' option is used\n\n// Mock user database for demonstration\nconst users = [\n  { id: 1, username: 'testuser', token: 'mysecrettoken123' },\n  { id: 2, username: 'admin', token: 'adminsecuretoken' }\n];\n\n// Configure the HTTP Header Strategy\npassport.use('header-token', new Strategy({\n    header: 'X-APP-TOKEN',          // Name of the header to check for the token\n    param: 'app_token',            // Optional: Name of param in req.body/req.query if header isn't found\n    passReqToCallback: true        // Pass the request object to the verify callback\n  },\n  function(req, token, done) {\n    console.log(`Attempting authentication with token: ${token} from header: ${req.headers['x-app-token']}`);\n\n    const user = users.find(u => u.token === token);\n\n    if (!user) {\n      return done(null, false, { message: 'Invalid token provided.' });\n    }\n    // In a real application, perform secure token validation (e.g., database lookup, JWT verification)\n    return done(null, user, { scope: 'all' });\n  }\n));\n\n// Protected route using the 'header-token' strategy\napp.get('/protected', \n  passport.authenticate('header-token', { session: false }),\n  function(req, res) {\n    res.json({ \n      message: `Hello, ${req.user.username}! This is a protected resource.`, \n      user: req.user \n    });\n  }\n);\n\n// Unprotected root route\napp.get('/', (req, res) => {\n    res.send('Welcome. Try GET /protected with an X-APP-TOKEN header.');\n});\n\nconst PORT = process.env.PORT || 3000;\napp.listen(PORT, () => {\n  console.log(`Server running on http://localhost:${PORT}`);\n  console.log('Test with cURL:');\n  console.log(`curl -H \"X-APP-TOKEN: mysecrettoken123\" http://localhost:${PORT}/protected`);\n  console.log(`curl http://localhost:${PORT}/protected`); // Should result in 401 Unauthorized\n});\n","lang":"typescript","description":"This quickstart demonstrates setting up an Express application with Passport.js and the `passport-http-header-strategy` to protect a route using a custom `X-APP-TOKEN` header. It includes a mock user database and instructions for testing via cURL.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}