Basic authentication with Hapi

Basic authentication in Hapi.js, a popular Node.js framework, can be achieved using the 'hapi-auth-basic' plugin. This plugin provides a straightforward way to implement basic authentication for your routes.

Here's a step-by-step guide on how to set up basic authentication with Hapi.js:

1. First, create a new Hapi.js project or open your existing one.
2. Install the 'hapi-auth-basic' plugin if you haven't already. You can install it using npm:

bash        

npm install @hapi/basic
        

1. Import the necessary modules in your server setup file (usually server.js or similar):

javascript        

const Hapi = require('@hapi/hapi');
const Basic = require('@hapi/basic');
        

1. Create a new Hapi server instance and register the hapi-auth-basic plugin:

javascript        

const server = Hapi.server({
  port: 3000,
  host: 'localhost',
});

const validate = async (request, username, password, h) => {
  // Add your authentication logic here.
  // Check if the provided username and password are valid.
  // For example, you can compare them against a database.
  const isValid = username === 'yourUsername' && password === 'yourPassword';

  const credentials = { id: 'user123', name: 'John Doe' }; // Replace with your user data

  return { isValid, credentials };
};

const init = async () => {
  await server.register(Basic);

  server.auth.strategy('simple', 'basic', { validate });
  server.auth.default('simple');

  // Define your routes here
  server.route({
    method: 'GET',
    path: '/',
    handler: (request, h) => {
      return 'Hello, World!';
    },
  });

  await server.start();
  console.log(`Server is running at ${server.info.uri}`);
};

init();        

1. In the code above, we first import the necessary modules, create a Hapi server instance, and register the 'hapi-auth-basic' plugin.
2. We define a 'validate' function that will be called to validate the credentials provided during basic authentication. In this function, you should implement your custom logic to verify the provided username and password. If they are valid, return '{ isValid: true, credentials: ... }'. If not, return { isValid: false, credentials: null }.
3. Next, we set up the authentication strategy by calling server.auth.strategy with the strategy name 'simple', the authentication scheme 'basic', and the validate function we defined earlier. We also set 'simple' as the default authentication strategy using server.auth.default('simple').
4. Finally, we define a sample route, and you can protect any route by adding the 'simple' authentication strategy to its configuration. For example:

javascript        

server.route({
  method: 'GET',
  path: '/protected',
  config: {
    auth: 'simple',
  },
  handler: (request, h) => {
    return 'This route is protected!';
  },
});        

In this example, the '/protected' route is protected with basic authentication, and users will need to provide valid credentials to access it.

Remember to replace the sample username and password in the 'validate' function with your actual authentication logic, such as checking against a database or other user management system.