Thursday, 27 April 2017

basic auth, server nodejs . client from android


android client side:

if you use retrofit, then it has perfect integration:

https://futurestud.io/tutorials/android-basic-authentication-with-retrofit

or you can just change your url:

https://username:password@www.yourapplicationurl.com/ssssssxxxx/xxxx



Nodejs server side:

npm basic-auth

app.use('*', basicAuth.basicAuth('username', 'password'));
app.use('', basicAuth.basicAuth('username', 'password'));
app.use('/*', basicAuth.basicAuth('username', 'password'));
app.use('/', basicAuth.basicAuth('username', 'password'));


exports.basicAuth = function(username, password) {
    return function(req, res, next) {
        var user = basicAuth(req);
        if (!user || user.name !== username || user.pass !== password) {
            res.set('WWW-Authenticate', 'Basic realm=Authorization Required');
            return res.send(401);
        } else {
            next();
        }

    };
};


CI

Your app should work ok locally after above changes.
but you may have small issues with CI:

If you use CI and use url checking from CI, then you may get below issue:

because you have put CI ip into the whitelist,  and your CI cannot do basic auth automatically.... then you :


solution:




For Hosting 

I am using Heroku for hosting, other cloud platform should have similar issue:


fwd: HTTP request X-Forwarded-For header value

http://stackoverflow.com/questions/38819153/what-does-fwd-mean-in-the-heroku-logs

Then you should use this in your nodejs code:

    app.use(ipfilter(whitelistIPs, {mode: 'allow', logLevel:'deny', allowedHeaders:["X-Forwarded-For", "x-forwarded-for"]}));






Localhost/xxx
BTW, you may use localhost when you are developing locally, and "localhost" is not the ip. you need to put this"'::1'" into your whitelist.


No comments:

Post a comment