Description
I've deployed my angular-fullstack app to Heroku, however since it's a prototype I need to add some basic password protection to prevent the general public from accessing it. I don't want to use the user login within angular-fullstack as that needs to work as part of the app for user testing allowing users to create a new account etc.
I had some limited success implementing https://www.npmjs.org/package/http-auth in server/app.js.
var preAuth = require('http-auth');
var basic = preAuth.basic({
realm: "Restricted Access. Please login to proceed."
}, function (username, password, callback) {
callback( (username === "user" && password === "password"));
}
);
// Setup server
var app = express();
app.use(preAuth.connect(basic));
var server = require('http').createServer(app);
This gave me the expected functionality with just a simple login prompt before I could access the app. Unfortunately it also seems to trigger every time I try to login as a user after the initial password prompt, and as a result makes it impossible to login as a user in the actual app. As I just keep getting the preAuth callback whenever I try to login as a regular user.
I tried into using the wwwhisper addon, but it seemed to just break the entire app when I added it.
Is there any way to achieve this without breaking the normal login functionality and completely preventing users from seeing the app before logging in? I'm running out of ideas, the only other thing I can think of is to rewrite the app so that the default reverts to a login screen but that would change the flow of the prototype compared to what the live version would be.