Add HTTP Basic Auth support (#49)

* Add HTTP Basic Auth support * Revert package.json version to 0.8.2 Did this so the library owners can choose to update it on their own. * Look for basic auth credentials in environment variables * Add error reporting for invalid basic auth configuration
vercel · Dec 4, 2016 · 8fd3255 · 8fd3255
1 parent 3776755
commit 8fd3255
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -37,6 +37,11 @@ You can find a list of all options [below](#options).
 | -s, --single           | Serve single page apps with only one `index.html` in the root directory | - |
 | -u, --unzipped         | Disable gzip compression | false |
 | -i, --ignore           | Files and directories to ignore | - |
+| -a, --auth             | Enable HTTP Basic Authentication | false |
+
+### Basic Auth 
+
+If you enable basic auth with `--auth` `list` will look for a username and password in the `LIST_USER` and `LIST_PASSWORD` environment variables.
 
 ## Examples
 

diff --git a/bin/list b/bin/list
@@ -15,13 +15,15 @@ import filesize from 'filesize'
 import mime from 'mime-types'
 import compress from 'micro-compress'
 import fs from 'fs-promise'
+import auth from 'basic-auth'
 
 args
   .option('port', 'Port to listen on', process.env.PORT || 3000)
   .option('cache', 'How long static files should be cached in the browser (seconds)', 3600)
   .option('single', 'Serve single page apps with only one index.html')
   .option('unzipped', 'Disable GZIP compression')
-  .option('ignore', 'Files and directories to ignore')
+  .option('ignore', 'Files and directories to ignore', '')
+  .option('auth', 'Serve behind basic auth')
 
 const flags = args.parse(process.argv)
 const directory = args.sub[0]
@@ -68,7 +70,7 @@ let ignoredFiles = [
   '.git/'
 ]
 
-if (flags.ignore.length) {
+if (flags.ignore && flags.ignore.length) {
   ignoredFiles = ignoredFiles.concat(flags.ignore.split(','))
 }
 
@@ -168,6 +170,22 @@ const renderDirectory = async dir => {
 }
 
 const handler = async (req, res) => {
+
+  if (flags.auth) {
+    const credentials = auth(req)
+
+    if (!process.env.LIST_USER || !process.env.LIST_PASSWORD) {
+      console.error(red('You are running List with basic auth but did not set the LIST_USER and LIST_PASSWORD environment variables.'))
+      process.exit(1)
+    }
+
+    if (!credentials || credentials.name !== process.env.LIST_USER || credentials.pass !== process.env.LIST_PASSWORD) {
+      res.statusCode = 401
+      res.setHeader('WWW-Authenticate', 'Basic realm="User Visible Realm"')
+      return send(res, 401, 'Access Denied')
+    }
+  }
+
   const {pathname} = parse(req.url)
   let related = path.parse(path.join(current, pathname))
 

diff --git a/package.json b/package.json
@@ -56,6 +56,7 @@
   },
   "dependencies": {
     "args": "2.1.0",
+    "basic-auth": "1.1.0",
     "chalk": "1.1.3",
     "filesize": "3.3.0",
     "fs-promise": "1.0.0",