http://blog.fens.me/nodejs-https-server/

express书第10章 有讲什么情况下用basic auth.下面是express中常用的中间件

Much of the middleware previously(before Express4.0) bundled with Express is quite fundamental, so it’s

important to know “where it went” and how to get it. You will almost always want Connect, so it’s recommended that you always install it alongside Express (npm install --save connect), and have it available in your application (var connect = re quire(connect);).basicAuth (app.use(connect.basicAuth)();) Provides basic access authorization. Keep in mind that basic auth offers only themost basic security, and you should use basic auth only over HTTPS (otherwise,usernames and passwords are transmitted in the clear). You should use basic authonly when you need something very quick and easy and you’re using HTTPS.

body-parser (npm install --save body-parser, app.use(require(bbody-

parser)());) Convenience middleware that simply links in json and urlencoded. This middleware is also still available in Connect, but will be removed in 3.0, so it’s recommended that you start using this package instead. Unless you have a specific reason to use json or urlencoded individually, I recommend using this package.json (see body-parser) Parses JSON-encoded request bodies. You’ll need this middleware if you’re writing an API that’s expecting a JSON-encoded body. This is not currently very common (most APIs still use application/x-www-form-urlencoded, which can be parsed by the urlencoded middleware), but it does make your application robust and future-proof.urlencoded (see body-parser) Parses request bodies with Internet media type application/x-www-form- urlencoded. This is the most common way to handle forms and AJAX requests.

multipart (DEPRECATED)

Parses request bodies with Internet media type multipart/form-data. This mid‐ dleware is deprecated and will be removed in Connect 3.0. You should be using Busboy or Formidable instead (see Chapter 8).compress (app.use(connect.compress);) Compresses response data with gzip. This is a good thing, and your users will thank you, especially those on slow or mobile connections. It should be linked in early, before any middleware that might send a response. The only thing that I recom‐ mend linking in before compress is debugging or logging middleware (which do not send responses).cookie-parser (npm install --save cookie-parser, app.use(require(cookie- parser)(your secret goes here); Provides cookie support. See Chapter 9.cookie-session (npm install --save cookie-session, app.use(require(cookie-session)());) Provides cookie-storage session support. I do not generally recommend this ap‐ proach to sessions. Must be linked in after cookie-parser. See Chapter 9.express-session (npm install --save express-session, app.use(require(express-session)());) Provides session ID (stored in a cookie) session support. Defaults to a memory store, which is not suitable for production, and can be configured to use a database store. See Chapters 9 and 13.csurf (npm install --save csurf, app.use(require(csurf)()); Provides protection against cross-site request forgery (CSRF) attacks. Uses sessions, so must be linked in after express-session middleware. Currently, this is identical to the connect.csrf middleware. Unfortunately, simply linking this middleware in does not magically protect against CSRF attacks; see Chapter 18 for more information.directory (app.use(connect.directory());) Provides directory listing support for static files. There is no need to include this middleware unless you specifically need directory listing.errorhandler (npm install --save errorhandler, app.use(require(errorhan dler)()); Provides stack traces and error messages to the client. I do not recommend linking this in on a production server, as it exposes implementation details, which can have security or privacy consequences. See Chapter 20 for more information.

static-favicon (npm install --save static-favicon, app.use(require(static-favicon)(path_to_favicon)); Serves the “favicon” (the icon that appears in the title bar of your browser). This is not strictly necessary: you can simply put a favicon.ico in the root of your static directory, but this middleware can improve performance. If you use it, it should be linked in very high in the middleware stack. It also allows you to designate a filename other than favicon.ico. morgan (previously logger, npm install --save morgan, app.use(require(mor gan)()); Provides automated logging support: all requests will be logged. See Chapter 20 for more information. method-override (npm install --save method-override, app.use(require(method-override)()); Provides support for the x-http-method-override request header, which allows browsers to “fake” using HTTP methods other than GET and POST. This can be useful for debugging. Only needed if you’re writing APIs. query Parses the querystring and makes it available as the query property on the request object. This middleware is linked in implicitly by Express, so do not link it in yourself. response-time (npm install --save response-time, app.use(require(response-time)()); Adds the X-Response-Time header to the response, providing the response time in milliseconds. You usually don’t need this middleware unless you are doing perfor‐ mance tuning. static (app.use(express.static(path_to_static_files)()); Provides support for serving static (public) files. You can link this middleware in multiple times, specifying different directories. See Chapter 16 for more details. vhost (npm install --save vhost, var vhost = require(vhost); Virtual hosts (vhosts), a term borrowed from Apache, makes subdomains easier to manage in Express. See Chapter 14 for more information.