Added username/token to req.user when using the authentication method…

…s. These will be available to downtream middleware and endpoint handlers.

README.md

@@ -190,9 +190,12 @@ with the username and password.
 For example, `basicauth('user', 'passwd')` would compare the
 user-submitted username/password to `user` and `passwd`. If
 they do not match, a 401 (Not Authorized) response is sent.
+If authentication is successful, a `user` attribute will be 
+appended to the request (i.e. `req.user`).
 
 ```javascript
 app.get('/secure', API.basicauth('user', 'passwd'), (req, res) => ...)
+// req.user would be set "user" when authentication succeeds.
 ```
 
 It is also possible to perform a more advanced authentication
@@ -210,7 +213,9 @@ app.get('/secure', API.basicauth(function (username, password, grantedFn, denied
 
 The `username`/`password` will be supplied in plain text. The
 `grantedFn()` should be run when user authentication succeeds,
-and the `deniedFn()` should be run when it fails.
+and the `deniedFn()` should be run when it fails. Any downstream
+middleware or other handlers will be able to access the username
+by referencing `req.user`.
 
 ### bearer(token)
 This method looks for a bearer token in the `Authorization` request header. If the token does not match, a `401 (Unauthorized)` status is returned.
@@ -235,6 +240,11 @@ app.get('/secure/path', API.bearer(function (token) {
 }), API.reply('authenticated'))
 ```
 
+Tokens do not necessarily represent a unique user, but they are often used
+to lookup a user. To facilitate this, the `req.user` attribute is set to the
+value of the token so downstream middleware can perform lookups or further
+validate the token.
+
 ### applyCommonConfiguration(app, [autolog])
 
 ```javascript

index.js

@@ -189,11 +189,15 @@ class Endpoint {
           if (credentials.length === 2) {
             // If an authentication function is provided, use it
             if (typeof username === 'function') {
-              return username(credentials[0], credentials[1], next, () => {
+              return username(credentials[0], credentials[1], () => {
+                req.user = credentials[0]
+                next()
+              }, () => {
                 res.set('WWW-Authenticate', `Basic realm=${req.get('host')}`)
                 return res.sendStatus(401)
               })
             } else if (credentials[0] === username && credentials[1] === password) {
+              req.user = username
               return next()
             }
           }
@@ -230,7 +234,8 @@ class Endpoint {
         let input = req.get('authorization').replace(/^(\s+)?bearer(\s+)?/i, '')
 
         if (typeof token === 'function') {
-          return token(input) ? next() : res.sendStatus(401)
+          let data = token(input)
+          return data ? () => { req.user = data; next() } : res.sendStatus(401)
         }
 
         if (!caseSensitive) {
@@ -239,6 +244,7 @@ class Endpoint {
         }
 
         if (input === token) {
+          req.user = token
           return next()
         }
       }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@butlerlogic/common-api",
-  "version": "1.3.10",
+  "version": "1.4.0",
   "description": "An API engineering productivity kit for Express.",
   "main": "index.js",
   "scripts": {