feat: add header option (#47) (#52)

mattyod · web-flow · commit fdfe2fb3c474 · 2021-07-13T21:27:33.000+02:00
diff --git a/README.md b/README.md
@@ -179,6 +179,17 @@ fastify.register(require('fastify-basic-auth'), {
 })
 ```
 
+### `header` String (optional)
+
+When supplied, the header option is the name of the header to get
+credentials from for validation.
+
+```js
+fastify.register(require('fastify-basic-auth'), {
+  validate,
+  header: 'x-forwarded-authorization'
+})
+```
 
 ## License
 
diff --git a/index.d.ts b/index.d.ts
@@ -25,6 +25,7 @@ export interface FastifyBasicAuthOptions {
     done: (err?: Error) => void
   ): void | Promise<void>;
   authenticate?: boolean | { realm: string };
+  header?: string;
 }
 
 declare const fastifyBasicAuth: FastifyPlugin<FastifyBasicAuthOptions>
diff --git a/index.js b/index.js
@@ -9,11 +9,13 @@ async function basicPlugin (fastify, opts) {
     throw new Error('Basic Auth: Missing validate function')
   }
   const authenticateHeader = getAuthenticateHeader(opts.authenticate)
+  const header = (opts.header && opts.header.toLowerCase()) || 'authorization'
+
   const validate = opts.validate.bind(fastify)
   fastify.decorate('basicAuth', basicAuth)
 
   function basicAuth (req, reply, next) {
-    const credentials = auth(req)
+    const credentials = auth.parse(req.headers[header])
     if (credentials == null) {
       done(new Unauthorized('Missing or bad formatted authorization header'))
     } else {
diff --git a/index.test-d.ts b/index.test-d.ts
@@ -17,7 +17,8 @@ app.register(fastifyBasicAuth, {
     expectType<string>(password)
     expectType<FastifyRequest>(req)
     expectType<FastifyReply>(reply)
-  }
+  },
+  header: 'x-forwarded-authorization'
 })
 
 app.register(fastifyBasicAuth, {
diff --git a/test.js b/test.js
@@ -260,6 +260,47 @@ test('WWW-Authenticate Realm (authenticate: {realm: "example"})', t => {
   })
 })
 
+test('Header option specified', t => {
+  t.plan(2)
+
+  const fastify = Fastify()
+  fastify.register(basicAuth, {
+    validate,
+    header: 'X-Forwarded-Authorization'
+  })
+
+  function validate (username, password, req, res, done) {
+    if (username === 'user' && password === 'pwd') {
+      done()
+    } else {
+      done(new Error('Unauthorized'))
+    }
+  }
+
+  fastify.after(() => {
+    fastify.route({
+      method: 'GET',
+      url: '/',
+      preHandler: fastify.basicAuth,
+      handler: (req, reply) => {
+        reply.send({ hello: 'world' })
+      }
+    })
+  })
+
+  fastify.inject({
+    url: '/',
+    method: 'GET',
+    headers: {
+      authorization: basicAuthHeader('notuser', 'notpwd'),
+      'x-forwarded-authorization': basicAuthHeader('user', 'pwd')
+    }
+  }, (err, res) => {
+    t.error(err)
+    t.equal(res.statusCode, 200)
+  })
+})
+
 test('Missing validate function', t => {
   t.plan(1)
 

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ export interface FastifyBasicAuthOptions {`
`25`	`25`	`done: (err?: Error) => void`
`26`	`26`	`): void \| Promise<void>;`
`27`	`27`	`authenticate?: boolean \| { realm: string };`
	`28`	`+ header?: string;`
`28`	`29`	`}`
`29`	`30`
`30`	`31`	`declare const fastifyBasicAuth: FastifyPlugin<FastifyBasicAuthOptions>`