scrypt_basic_auth

Basic HTTP authentication for Deno, featuring scrypt verification of hashed passwords

Features:

Demo (username1 / password1): https://scrypt-basic-auth.deno.dev/

Use

Basic :)

Allowed users are read from the environment variable scrypt_basic_auth_users:

import { scryptBasicAuth } from "https://deno.land/x/scrypt_basic_auth@1.0.1/mod.ts";

const scryptProtected = (request) => {
  const response = await scryptBasicAuth(request);
  if (!response.ok) {
    return response;
  }
  // Continue with authenticated user
  return new Response("Authenticated");
};
Deno.serve(scryptProtected);

Advanced configuration

The scryptBasicAuth handler function is highly configurable. You may for example inject a custom verifier:

import { verify as argon2Verify } from "https://deno.land/x/argon2@v0.9.2/lib/mod.ts";

const options = {
  verify: async (password, hash) => await argon2Verify(hash, password),
};
const response = await scryptBasicAuth(request, options);

Users

Env format

The scrypt_basic_auth_users env variable must store users as a JSON array of [username, hash] tuples, ie. like [["user1","hash1"]].

To obtain a tuple, run:

$ deno run hash.ts user1 password1
["user1","c2…"]

Linux/bash

export scrypt_basic_auth_users='[["username","c2N…"]]'

Test

$ deno task test