Simple API KEY auth middleware

Simple middleware to authenticate requests using an API Key, supports:

• Basic Auth: http://apikey:@example.com/
• custom headers
  • x-apikey
  • x-api-key
  • apikey
• query strings
  • api-key
  • apikey
  • api

Currently works only on Express.

Example

Express Server:

var app = require('express')();
 
app.use(require('apikey')(auth, 'my realm'));
 
function auth (key, fn) {
  if ('test' === key)
    fn(null, { id: '1', name: 'John Dorian'})
  else
    fn(null, null)
}
 
app.get('/' function (req,res) {
  res.send('I can be reached only using an authorised api key.')
})

Without authentication: ❯❯❯ curl -vv localhost:3000

> GET / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: localhost:3000
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< WWW-Authenticate: Basic realm="my realm"
< Date: Tue, 09 Sep 2014 09:22:49 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
< 
Unauthorized

With password authentication ❯❯❯ curl -vv test:@localhost:3000

> GET / HTTP/1.1
> Authorization: Basic dGVzdDo=
> User-Agent: curl/7.37.1
> Host: localhost:3000
> Accept: */*
> 
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: text/html; charset=utf-8
< Content-Length: 2
< ETag: W/"2-2044517703"
< Date: Tue, 09 Sep 2014 09:22:55 GMT
< Connection: keep-alive
< 
ok

Example using Koa.js

var app = require('koa')()
 
app.use(require('apikey/koa')(auth, 'my realm'))
 
// auth function should be a thunk or a promise
function auth (key) {
  return function (fn) {
    if ('test' === key)
      fn(null, { id: '1', name: 'John Dorian'})
    else
      fn(null, null)
  }
}
 
app.use('/' function *() {
  this.body = this.user
})

License

MIT