A Next.js application demonstrating password-based access control using Contentstack Edge Functions. This project shows how to implement password protection for specific domains using Basic Authentication.
- Password Protection: Secure access control using Basic Authentication
- Domain-based Protection: Apply protection to specific domains only
- Edge Function Integration: Uses Contentstack Edge Functions for real-time authentication
- Real-time Access Control: Authentication validation happens at the edge for optimal performance
- Node.js 22+
- npm or yarn
- Contentstack account (for Edge Functions deployment)
-
Clone the repository
git clone <repository-url> cd launch-edge-custom-Password-Protection-example
-
Install dependencies
npm install
-
Run the development server
npm run dev
-
Open your browser Navigate to http://localhost:3000
Edit the functions/[proxy].edge.js file to configure your protected domains and credentials:
// Protected domain configuration
if(hostname.includes('test-protected-domain.devcontentstackapps.com')){
// Check for Basic Authentication
const authHeader = request.headers.get('Authorization');
if (!authHeader || !authHeader.startsWith('Basic ')) {
return new Response('Authentication Required', {
status: 401,
headers: {
'WWW-Authenticate': 'Basic realm="Protected Area"',
'Content-Type': 'text/html'
}
});
}
// Validate credentials (admin/admin)
const base64Credentials = authHeader.split(' ')[1];
const credentials = atob(base64Credentials);
const [username, password] = credentials.split(':');
if(username === 'admin' && password === 'admin'){
return await fetch(request);
}
}To add new protected domains:
- Add a new
else ifcondition for your domain - Configure the authentication logic
- Deploy the Edge Function
launch-edge-custom-Password-Protection-example/
├── app/ # Next.js app directory
│ ├── page.tsx # Main application page
│ ├── layout.tsx # Root layout component
│ └── globals.css # Global styles
├── functions/
│ └── [proxy].edge.js # Edge Function for password protection
├── public/ # Static assets
├── package.json # Dependencies and scripts
└── next.config.ts # Next.js configuration
- Request Interception: All requests are intercepted by the Edge Function
- Domain Check: The request hostname is checked against protected domains
- Authentication: For protected domains, Basic Authentication is required
- Access Control:
- ✅ Allowed: Request proceeds to the application (valid credentials)
- ❌ Denied: Returns 401 Unauthorized response (invalid/missing credentials)
The Edge Function handles Basic Authentication:
- Checks for
Authorizationheader withBasicprefix - Decodes base64 credentials
- Validates username and password
- Returns appropriate HTTP status codes
const authHeader = request.headers.get('Authorization');
const base64Credentials = authHeader.split(' ')[1];
const credentials = atob(base64Credentials);
const [username, password] = credentials.split(':');npm run devnpm run build
npm start- Valid Credentials: Should see the success page (admin/admin)
- Invalid Credentials: Should see "Unauthorized" message
- No Authentication: Should see browser authentication prompt
- Non-protected Domain: Should access directly without authentication
You can test the authentication by:
- Accessing the protected domain without credentials
- Using correct credentials (admin/admin)
- Using incorrect credentials
- Accessing non-protected domains
This project is licensed under the MIT License - see the LICENSE file for details.
If you encounter any issues or have questions:
- Check the Contentstack documentation
- Review the Edge Function logs in your Contentstack dashboard
- Ensure your domain configuration is correct
- Verify your authentication credentials
Note: This is an example implementation. In production, consider additional security measures such as:
- Strong password policies
- HTTPS enforcement
- Rate limiting
- Logging and monitoring
- Consider using more secure authentication methods