flawyte / vercel-basic-auth Goto Github PK

Hi,
how can i exclude the protected folder from the build process. I added a nuxt project in the protected route, when i deploy to now there will be always an error that says

Error: The lambda function size (104.57mb) exceeds the maximum size limit (50mb). Learn more: https://zeit.co/docs/v2/deployments/concepts/lambdas/#maximum-bundle-size

But when i deploy the static site without those protected features it works without any problems

Just came upon this today but the pure vercel.json example doesn't seem to work at all.

It's unclear to me if any of the examples there are compatible with the Next.js "serverless" mode, hosted on Vercel.

👋 thank you for making these recipes available, it’s been very helpful for me.

Just wanted to point out that both the node and node-static-auth examples are in theory vulnerable to a timing attack to determine the login/password.

Here is how express-basic-auth fixed this: LionC/express-basic-auth#21

For further reference, see also how Rails fixed the same issue in their basic auth check, and how that CVE is classified: rails/rails@a6fa396.

It seems like you might be able to add basic auth to a simple SPA using vercel.json like so:

https://github.com/orgs/vercel/discussions/2920

Hi Mickaël,
Thank you very much for you work and making this repo with basic-auth examples! I found these examples pretty useful!

Issue

I've tested things locally with my own repo and compared it to your examples and noticed that _static directory doesn't contain any *.js files and there are no <script src="*.js"></script> lines in the _static/index.html.
It seems that express serves all *.css and .svg files however fails on *.js (and maybe on some other extension, I didn't test it that far)

Reproduce steps

1. Create an empty main.js within _static/.
2. Add <script src="main.js"></script> line in _static/index.html.
3. Deploy via now.
   All *.js files will fail with 404:
   
   (note that styles.css loaded just fine)

What I've tried

• I've checked all the paths many times to make sure they are correct.
• I've tried to add a second build with @now/static.
• I've played with the router in now.json.

Nothing helped me but I'm new to now so I think I'm missing something.

Conclusion

I would appreciate if you could find time and try to update your examples with *.js files added. I also would be really thankful if you could give me a hint to point me in the right direction in my investigation of this problem.

Have a nice day! 👍

Hi - thank you for putting this together. I've been trying to figure out how to password protect a standard static HTML site on Vercel. It looks like I can use one of these as a wrapper.

In testing these examples, should I just run vercel from a local copy of the repo, and specify the "root directory" as node or the other two, correct? Or is it better to use ./?

First of all, thank you for this very useful repository. 👍

I have a small question about the now-basic-auth/node code in this file: https://github.com/flawyte/now-basic-auth/blob/master/node/index.js .

(My entire website is password-protected and my output directory is called dist instead of _static)

How do i show a custom 404 page instead of the "404 Not Found" message (when authorized)?
https://github.com/flawyte/now-basic-auth/blob/86e9bdd5b6f39a8635fe2b01ec4273738961dfe8/node/index.js#L35

I want to show my 404.html file instead of the "404 Not Found" message. The file is located at /dist/404.html.
Vercel supports custom 404 pages via a 404.html file in the output directory. How can i use that feature together with your now-basic-auth/node code? Vercel should detect the 404.html file automatically right? I don't have to reference the /dist/404.html file in the index.js right? Do i have to remove the handle404 part at line 33-36?:

// Serve files
-  return serve(req, res, () => {
-    res.statusCode = 404;
-    res.end('404 Not Found');
-  });
+  return serve(req, res);