midichlorians-htpasswd

Installation

$ npm install midichlorians
$ npm install midichlorians-htpasswd

PS: Actually, this module is bundled with midichlorians, so you don't have to install it like this. But with other auth plugins you have to.

Config

Add to your config.yaml:

auth:
  htpasswd:
    file: ./htpasswd

    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    #max_users: 1000

Password file format

Passwords are stored in htpasswd file, and it is designed to be compatible with Nginx.

We use standard password hashing in linux (same as in /etc/shadow, on most modern systems it's salted SHA-512), but you can use whatever your glibc supports.

You can manually add new user with this command (see different commands here):

$ echo "user:`mkpasswd --method=sha-512 password`" >> htpasswd

For plugin writers

It's called as:

require('midichlorians-htpasswd')(config, stuff)

Where:

• config - module's own config
• stuff - collection of different internal midichlorians objects
  • stuff.config - main config
  • stuff.logger - logger

This should export two functions:

• adduser(user, password, cb)

  It should respond with:

  • cb(err) in case of an error (error will be returned to user)
  • cb(null, false) in case registration is disabled (next auth plugin will be executed)
  • cb(null, true) in case user registered successfully

  It's useful to set err.status property to set http status code (e.g. err.status = 403).

• authenticate(user, password, cb)

  It should respond with:

  • cb(err) in case of a fatal error (error will be returned to user, keep those rare)
  • cb(null, false) in case user not authenticated (next auth plugin will be executed)
  • cb(null, [groups]) in case user is authenticated

  Groups is an array of all users/usergroups this user has access to. You should probably include username itself here.