Kitura

Docs Build Status - Master macOS Linux Apache 2 Slack Status

Kitura-CredentialsHTTP

A plugin for the Kitura-Credentials framework that authenticates using HTTP Basic and Digest authentication.

Summary

A plugin for Kitura-Credentials framework that authenticates using HTTP Basic and Digest authentication.

Our implementation of Digest authentication doesn’t remember nonce values it generated, and doesn’t check received request’s nonce and nc. It uses MD5 algorithm, and the quality of protection (qop) is ‘auth’.

Table of Contents

Swift version

The latest version of Kitura-CredentialsHTTP requires Swift 4.0 or later. You can download this version of the Swift binaries by following this link. Compatibility with other Swift versions is not guaranteed.

API

Basic authentication

To create an instance of CredentialsHTTPBasic plugin, a VerifyPassword function and an optional realm should be passed to the constructor:

public init (verifyPassword: @escaping VerifyPassword, realm: String?=nil)

verifyPassword is a function of type:

/// Type alias for the callback that verifies the userId and password.
/// If the authentication pair verifies, then a user profile is returned.
public typealias VerifyPassword = (userId: String, password: String, callback: @escaping (UserProfile?) -> Void) -> Void

Digest authentication

CredentialsHTTPDigest initialization is similar to CredentialsHTTPBasic. In addition, an optional opaque value can be passed to the constructor.

Example

Codable routing

First create a struct or final class that conforms to TypeSafeHTTPBasic, adding any instance variables, which you will initialise in verifyPassword:

import CredentialsHTTP

public struct MyBasicAuth: TypeSafeHTTPBasic {

    public let id: String

    static let users = ["John" : "12345", "Mary" : "qwerasdf"]

    public static func verifyPassword(username: String, password: String, callback: @escaping (MyBasicAuth?) -> Void) {
        if let storedPassword = users[username], storedPassword == password {
            callback(MyBasicAuth(id: username))
        } else {
            callback(nil)
        }
    }
}

Add authentication to routes by adding your TypeSafeHTTPBasic object, as a TypeSafeMiddleware, to your codable routes:

router.get("/protected") { (userProfile: MyBasicAuth, respondWith: (MyBasicAuth?, RequestError?) -> Void) in
   print("authenticated \(userProfile.id) using \(userProfile.provider)")
   respondWith(userProfile, nil)
}

Raw routing

This example shows how to use this plugin to authenticate requests with HTTP Basic authentication. HTTP Digest authentication is similar.

First create an instance of Credentials and an instance of CredentialsHTTPBasic plugin, supplying a verifyPassword function:

import Credentials
import CredentialsHTTP

let credentials = Credentials()
let users = ["John" : "12345", "Mary" : "qwerasdf"]
let basicCredentials = CredentialsHTTPBasic(verifyPassword: { userId, password, callback in
    if let storedPassword = users[userId], storedPassword == password {
        callback(UserProfile(id: userId, displayName: userId, provider: "HTTPBasic"))
    } else {
        callback(nil)
    }
})

Now register the plugin:

credentials.register(plugin: basicCredentials)

Connect credentials middleware to profile requests:

router.all("/profile", middleware: credentials)

If the authentication is successful, request.userProfile will contain user profile information:

router.get("/profile", handler:
    { request, response, next in
      ...
      let profile = request.userProfile
      let userId = profile.id
      let userName = profile.displayName
      ...
      next()
})

Troubleshooting

Seeing error ld: library not found for -lCHttpParser for architecture x86_64 on build?

To solve this, go to your Xcode build settings and add $SRCROOT/.build/debug to the Library Search Paths for the CredentialsHTTP targets.

License

This library is licensed under Apache 2.0. Full license text is available in LICENSE.