feat: basic auth include

nuxt-modules · Sep 28, 2023 · 40c6a72 · 40c6a72
1 parent bf5d18e
commit 40c6a72
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 6 deletions.
diff --git a/docs/content/1.documentation/3.middleware/6.basic-auth.md b/docs/content/1.documentation/3.middleware/6.basic-auth.md
@@ -33,6 +33,7 @@ Rate limiter accepts following configuration options:
 ```ts
 type BasicAuth = {
   exclude?: string[];
+  include?: string[];
   name: string;
   pass: string;
   enabled: boolean;
@@ -46,6 +47,12 @@ type BasicAuth = {
 
 Paths to exclude from Basic Auth functionality.
 
+### `include`
+
+- Default: `-`
+
+Paths to include in Basic Auth functionality.
+
 ### `name`
 
 - Default: `-`

diff --git a/src/runtime/nitro/plugins/02-cspSsg.ts b/src/runtime/nitro/plugins/02-cspSsg.ts
@@ -7,8 +7,7 @@ import type {
   ModuleOptions
 } from '../../../types'
 import type {
-  ContentSecurityPolicyValue,
-  SecurityHeaders
+  ContentSecurityPolicyValue
 } from '../../../types/headers'
 import { useRuntimeConfig } from '#imports'
 

diff --git a/src/runtime/server/middleware/basicAuth.ts b/src/runtime/server/middleware/basicAuth.ts
@@ -10,9 +10,10 @@ type Credentials = {
 
 export type BasicAuth = {
   exclude?: string[];
+  include?: string[];
   name: string;
   pass: string;
-  enabled: boolean;
+  enabled?: boolean;
   message: string;
 }
 
@@ -22,7 +23,7 @@ export default defineEventHandler((event) => {
   const credentials = getCredentials(event.node.req)
   const basicAuthConfig: BasicAuth = securityConfig.basicAuth
 
-  if (basicAuthConfig?.exclude?.some(el => event.path?.startsWith(el))) { return }
+  if (basicAuthConfig?.exclude?.some(el => event.path?.startsWith(el)) || basicAuthConfig?.include?.some(el => !event.path?.startsWith(el))) { return }
 
   if (!credentials || !validateCredentials(credentials!, basicAuthConfig)) {
     setHeader(event, 'WWW-Authenticate', `Basic realm=${basicAuthConfig.message || 'Please enter username and password'}`)

diff --git a/src/types/index.ts b/src/types/index.ts
@@ -24,6 +24,6 @@ export interface NuxtSecurityRouteRules {
   rateLimiter?: RateLimiter | false;
   xssValidator?: XssValidator | false;
   corsHandler?: CorsOptions | false;
-  allowedMethodsRestricter: AllowedHTTPMethods | false;
+  allowedMethodsRestricter?: AllowedHTTPMethods | false;
   nonce?: NonceOptions | false;
 }
diff --git a/src/types/middlewares.ts b/src/types/middlewares.ts
@@ -25,9 +25,10 @@ export type XssValidator = {
 
 export type BasicAuth = {
   exclude?: string[];
+  include?: string[];
   name: string;
   pass: string;
-  enabled: boolean;
+  enabled?: boolean;
   message: string;
 }