Merge pull request #42 from 21TORR/httpauth-list

Add http basic auth integration for a list of credentials

CHANGELOG.md

@@ -1,3 +1,9 @@
+2.3.1
+=====
+
+* (improvement) Add method `integrateHttpBasicAuth()` for handling a list of Http Basic Auth Credentials
+* (deprecation) Deprecate `handleHttpBasicAuth` method
+
 2.3.0
 =====
 

UPGRADE.md

@@ -2,6 +2,7 @@
 ==========
 
 * The `createEvent` helper was removed, use `new CustomEvent()` directly.
+* The `handleHttpBasicAuth()` method was removed, use `integrateHttpBasicAuth()` directly
 
 
 1.x to 2.0

src/next/middleware/http-auth.ts

@@ -1,7 +1,14 @@
 import type {NextRequest} from "next/server";
 
+export interface Credentials {
+	username: string;
+	password: string;
+}
+
 /**
  * Handles basic authentication
+ *
+ * @deprecated Use the new method 'integrateHttpBasicAuth' allowing a list of credentials to check against instead
  */
 export function handleHttpBasicAuth (
 	request: NextRequest,
@@ -10,6 +17,24 @@ export function handleHttpBasicAuth (
 	responseText: string = "Auth required",
 	realmLabel: string = "Secure Area",
 ) : Response | undefined
+{
+	return integrateHttpBasicAuth(
+		request,
+		[{username, password}],
+		responseText,
+		realmLabel
+	);
+}
+
+/**
+ * Handles basic authentication
+ */
+export function integrateHttpBasicAuth (
+	request: NextRequest,
+	users: Credentials[],
+	responseText: string = "Auth required",
+	realmLabel: string = "Secure Area",
+) : Response | undefined
 {
 	const auth = request.headers.get("authorization");
 	const authToken = /^Basic (?<token>.*?)$/.exec(auth || "");
@@ -20,7 +45,9 @@ export function handleHttpBasicAuth (
 			.toString()
 			.split(":");
 
-		if (givenUser === username && givenPassword === password)
+		const hasValidUser = users.some(item => givenUser === item.username && givenPassword === item.password);
+
+		if (hasValidUser)
 		{
 			return;
 		}