README
hauth: authentication, authorization and accounting module for web apps with PG database
This hauth
package provides secured client password-based authentication so that express-based web applications can reuse without rewriting most frequently used authentication flows.
Introduction
This module is aimed at authenticating web users as well as devices. The use of this module assumes that:
- the app is powered by express
- the app can connect to a Postgres database, and has right to create tables on that database
Features
Password Authentication
If a client makes a request to a path for which the app expects authentication, the app sends an HTTP
response with a 401
status code, a reason phrase indicating an authentication error, and a WWW-Authenticate
header.
The client can then submit login credentials in either request body, or request header using HTTP Basic Authentication
with Authorization
header:
Authorization: Basic login:password
Role-based Access Control
Hauth manages access rules based on URLs path (without query string) and on roles. Each user can be assigned one role. Access rules look like :
'/node_modules': 'skip', // disable access control => no authentication required
'\.css