From 4f28ce2a00fe93e1a97ae3c4434f4f06556c7a1d Mon Sep 17 00:00:00 2001 From: KernelDeimos <7225168+KernelDeimos@users.noreply.github.com> Date: Fri, 28 Nov 2025 20:00:18 -0500 Subject: [PATCH 1/2] fix: fail fast on `--password` without `--user` When passing a password without a username, http-server will launch successfully but the first request with an Authorization header will crash the server. This behavior is very inconvenient. This commit makes it fail fast instead so you know there's a problem before you log out of SSH or walk out of the house or office. Also alised `--user` to `--username` for added convenience. Resolves #935 --- bin/http-server | 3 ++- lib/http-server.js | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/http-server b/bin/http-server index 928002260..6042d9c38 100755 --- a/bin/http-server +++ b/bin/http-server @@ -13,7 +13,8 @@ var chalk = require('chalk'), var argv = require('minimist')(process.argv.slice(2), { alias: { tls: 'ssl', - header: 'H' + header: 'H', + user: 'username', }, boolean: ['proxy-all'] }); diff --git a/lib/http-server.js b/lib/http-server.js index 5a04cfdd0..f1b31b922 100644 --- a/lib/http-server.js +++ b/lib/http-server.js @@ -93,6 +93,10 @@ function HttpServer(options) { } if (options.username || options.password) { + if (!options.username || !options.password) { + throw new Error('Basic authentication requires both username and password to be specified'); + } + before.push(function (req, res) { var credentials = auth(req); From 8f90718ba86b7f331654820229cd214e0199c026 Mon Sep 17 00:00:00 2001 From: KernelDeimos <7225168+KernelDeimos@users.noreply.github.com> Date: Fri, 28 Nov 2025 20:11:07 -0500 Subject: [PATCH 2/2] doc: update documentation for `--username` flag --- README.md | 2 +- bin/http-server | 4 ++-- doc/http-server.1 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 42535fb47..3f1622cd5 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ with the provided Dockerfile. |`-P` or `--proxy` |Proxies all requests which can't be resolved locally to the given url. e.g.: -P http://someurl.com | | |`--proxy-all` |Forward every request to the proxy target instead of serving local files|`false`| |`--proxy-options` |Pass proxy [options](https://github.com/http-party/node-http-proxy#options) using nested dotted objects. e.g.: --proxy-options.secure false | -|`--username` |Username for basic authentication | | +|`--user` or `--username` |Username for basic authentication | | |`--password` |Password for basic authentication | | |`-S`, `--tls` or `--ssl` |Enable secure request serving with TLS/SSL (HTTPS)|`false`| |`-C` or `--cert` |Path to ssl cert file |`cert.pem` | diff --git a/bin/http-server b/bin/http-server index 6042d9c38..6a31bf6c3 100755 --- a/bin/http-server +++ b/bin/http-server @@ -67,8 +67,8 @@ if (argv.h || argv.help) { ' --proxy-options Pass options to proxy using nested dotted objects. e.g.: --proxy-options.secure false', ' --websocket Enable websocket proxy', '', - ' --username Username for basic authentication [none]', - ' Can also be specified with the env variable NODE_HTTP_SERVER_USERNAME', + ' --user --username Username for basic authentication [none]', + ' Can also be specified with the env variable NODE_HTTP_SERVER_USERNAME', ' --password Password for basic authentication [none]', ' Can also be specified with the env variable NODE_HTTP_SERVER_PASSWORD', '', diff --git a/doc/http-server.1 b/doc/http-server.1 index 469f2be4d..29e089e47 100644 --- a/doc/http-server.1 +++ b/doc/http-server.1 @@ -112,7 +112,7 @@ Requires \-\-proxy. Pass proxy options using nested dotted objects. .TP -.BI \-\-username " " \fIUSERNAME\fR +.BI \-\-user ", " \-\-username " " \fIUSERNAME\fR Username for basic authentication. Can also be specified with the environment variable NODE_HTTP_SERVER_USERNAME. Defaults to none.