Back

Version 66

6/23/2024
function extractCredentials(authorization) {
const parts = authorization.split(" ");
if (parts[0] != "Basic") {
return null;
}

const plainAuth = atob(parts[1]);
return plainAuth.split(":");
}

export type ServeHandler = (req: Request) => Response | Promise<Response>

export function basicAuth(next: ServeHandler, params: {
verifyUser: (username: string, password: string) => boolean | Promise<boolean>;
}): ServeHandler {
return async (req: Request) => {
if (req.headers.get("referer") == "https://www.val.town/") {
return new Response(
`Basic Auth is disabled in Val Town iframes.
<a href="/" target="blank_">Open in a new tab.</a>`,
{
status: 400,
headers: {
"Content-type": "text/html",
},
},
);
}

if (!req.headers.get("authorization")) {
return new Response("Unauthorized", {
status: 401,
headers: {
"WWW-Authenticate": "Basic",
},
});
Updated: June 23, 2024