Protect an HTTP endpoint with Basic Auth
@dylburger
code:
data:privatelast updated:9 months ago
today
Build integrations remarkably fast!
You're viewing a public workflow template.
Sign up to customize, add steps, modify code and more.
Join 200,000+ developers using the Pipedream platform
steps.
trigger
HTTP API
Deploy to generate unique URL
This workflow runs on Pipedream's servers and is triggered by HTTP / Webhook requests.
steps.
validate_auth_header
auth
to use OAuth tokens and API keys in code via theauths object
params
User
string ·params.user
Password
string ·params.password
code
Write any Node.jscodeand use anynpm package. You can alsoexport datafor use in later steps via return or this.key = 'value', pass input data to your code viaparams, and maintain state across invocations with$checkpoint.
async (event, steps, params) => {
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
}
34
if (!event.headers.authorization) {
  reject()
  $end("No Authorization header present")
}

// The data in the Authorization header looks like this:
// Basic <base64-encoded-username-and-password>
// Parse and decode it
const authData = Buffer.from(event.headers.authorization.split(" ")[1] || "", 'base64').toString()
if (!authData) {
  reject()
  $end("No data in Authorization header")
}

// Validate the username and password with those configured in params
const [user, pass] = authData.split(":")
if (user !== params.user || pass !== params.password) {
  reject()
  $end("Username / password don't match")
}

// If we've reached this point, we've validated the Authorization header!
$respond({
  status: 200,
  body: "Successfully authenticated"
})

function reject() {
  $respond({
    status: 401,
  })
}