HonoBearer Auth Middleware
The Bearer Auth Middleware provides authentication by verifying an API token in the Request header. The HTTP clients accessing the endpoint will add the Authorization header with Bearer {token} as the header value.
Using curl from the terminal, it would look like this:
curl -H 'Authorization: Bearer honoiscool' http://localhost:8787/auth/page
curl -H 'Authorization: Bearer honoiscool' http://localhost:8787/auth/page
Import
ts
import { Hono } from 'hono'
import { bearerAuth } from 'hono/bearer-auth'
import { Hono } from 'hono'
import { bearerAuth } from 'hono/bearer-auth'
ts
import { Hono } from 'https://deno.land/x/hono/mod.ts'
import { bearerAuth } from 'https://deno.land/x/hono/middleware.ts'
import { Hono } from 'https://deno.land/x/hono/mod.ts'
import { bearerAuth } from 'https://deno.land/x/hono/middleware.ts'
Usage
ts
const app = new Hono()
const token = 'honoiscool'
app.use('/api/*', bearerAuth({ token }))
app.get('/api/page', (c) => {
return c.json({ message: 'You are authorized' })
})
const app = new Hono()
const token = 'honoiscool'
app.use('/api/*', bearerAuth({ token }))
app.get('/api/page', (c) => {
return c.json({ message: 'You are authorized' })
})
To restrict to a specific route + method:
ts
const app = new Hono()
const token = 'honoiscool'
app.get('/api/page', (c) => {
return c.json({ message: 'Read posts' })
})
app.post('/api/page', bearerAuth({ token }), (c) => {
return c.json({ message: 'Created post!' }, 201)
})
const app = new Hono()
const token = 'honoiscool'
app.get('/api/page', (c) => {
return c.json({ message: 'Read posts' })
})
app.post('/api/page', bearerAuth({ token }), (c) => {
return c.json({ message: 'Created post!' }, 201)
})
Options
token: string - required- The string to validate the incoming bearer token against
realm: string- The domain name of the realm, as part of the returned WWW-Authenticate challenge header. Default is
"" - _See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#directives_
- The domain name of the realm, as part of the returned WWW-Authenticate challenge header. Default is
prefix: string- The prefix for the Authorization header value. Default is
"Bearer"
- The prefix for the Authorization header value. Default is
hashFunction: Function- A function to handle hashing for safe comparison of authentication tokens
Recipes
Using on Fastly [email protected]
To use this middleware on [email protected], you need to do one of two things:
- Polyfill the
cryptomodule - Install the
crypto-jspackage, and provide ahashFunctionto the middleware. (recommended)
Here's how to use this middleware with the crypto-js method:
- Install
crypto-jsvia npm:
npm i crypto-js
npm i crypto-js
- Provide a
hashFunction, using the SHA-256 implementation fromcrypto-js, to the middleware:
ts
import { SHA256 } from 'crypto-js'
app.use(
'/auth/*',
bearerAuth({
token: 'honoiscool', // Required
hashFunction: (d: string) => SHA256(d).toString(),
})
)
import { SHA256 } from 'crypto-js'
app.use(
'/auth/*',
bearerAuth({
token: 'honoiscool', // Required
hashFunction: (d: string) => SHA256(d).toString(),
})
)