node-http-proxy icon indicating copy to clipboard operation
node-http-proxy copied to clipboard
verified publisher icon http-party

auth config is not working

Open shallwefootball opened this issue 9 years ago • 10 comments 

//
// Basic Http Proxy Server
//
httpProxy.createServer({
  target:'http://localhost:9003',
  auth: 'amos:gogo'
}).listen(8003);

shallwefootball avatar Apr 25 '16 05:04 shallwefootball

I'm seeing the same thing. Did you ever figure out what was going on?

edsu avatar Jul 26 '16 14:07 edsu

Same.

shredding avatar Aug 17 '17 08:08 shredding

Same.

vvianyy avatar Nov 14 '17 08:11 vvianyy

@shallwefootball try using header directly:

httpProxy.createServer({
  target:'http://localhost:9003',
  auth: 'amos:gogo',
  headers: {
    Authorization: 'the calculation result here'
  }
}).listen(8003);

It works for me.

vvianyy avatar Nov 14 '17 08:11 vvianyy

This still does not work with the headers...does anyone have another example? Do we have to strip out any headers from request?

codercatdev avatar Jan 31 '18 18:01 codercatdev

this STILL does not work

ajbeach2 avatar Apr 26 '18 20:04 ajbeach2

Very broken, very sad :(

wi-ski avatar Jul 22 '18 23:07 wi-ski

I am going to try to add this npm package and handle the auth separately https://www.npmjs.com/package/basic-auth

wiiiimm avatar Dec 04 '19 06:12 wiiiimm

Here is how you can use https://www.npmjs.com/package/basic-auth to provide auth with node-http-proxy:



const http = require('http'),
   httpProxy = require('http-proxy'),
   auth = require('basic-auth');

//
// Create a proxy server with custom application logic
//
const proxy = httpProxy.createProxyServer({changeOrigin: true, autoRewrite: true, hostRewrite: true, followRedirects: true});


const server = http.createServer(function(req, res) {


 const authRequired = true;//subdomain.endsWith('-p');

 if (authRequired) {
   const credentials = auth(req)
   if (!credentials || !check(credentials.name, credentials.pass)) {
     res.statusCode = 401
     res.setHeader('WWW-Authenticate', 'Basic realm="example"')
     res.end('Access denied, please contact the BBI team for access.')
   } else {
     // do nothing, carry on
     // res.end('Access granted')
   }
 }


 proxy.on('proxyRes', function(proxyRes, req, res) {
   // console.log('Raw [target] response', JSON.stringify(proxyRes.headers, true, 2));
   
   proxyRes.headers['x-reverse-proxy'] = "password-proxy";
   
 });

 proxy.web(req, res, { target: `https://macao20.com` });
});

console.log("reverse proxy started on port 3000...");
server.listen(3000);





const check = function (name, pass) {
 var valid = true

 // Simple method to prevent short-circut and use timing-safe compare
 valid = name === 'john' && valid
 valid = pass === 'secret' && valid

 return valid
}

wiiiimm avatar Dec 04 '19 06:12 wiiiimm

What is working is setting the header (again):

{
  target: 'some.target',
  onProxyReq: (proxyReq) => {
    // Removing existing cookie and overwriting header with authorized credentials
    const authHeader = Buffer.from(
      `${process.env.DATABASE_USER}:${process.env.DATABASE_PASSWORD}`,
    ).toString('base64');
    proxyReq.setHeader('authorization', `Basic ${authHeader}`);

  },
}

What is not working is:

{
  target: 'some.target',
  auth: 'user:pass'
}

If the request to the proxy already has a auth header. In this case the existing auth header will not be overwritten.

TheSlimvReal avatar Mar 02 '22 15:03 TheSlimvReal