Friday, January 31, 2014

Creating the simplest HTTP server with basic authentication using node.js

        In this article I will show you how to create the simplest possible HTTP server with basic authentication in node.js. I have to warn you though, I needed a quick and dirty solution for testing purposes, so this is definitely not for production use. You should at least keep hashes of user passwords, not plaintext passwords themselves, and use digest authentication as a more secure method.
        First, install the htpasswd module globally:
npm install -g htpasswd
        Create a directory for your project and install http-auth module locally:
npm install http-auth
        Create a file auth-server.js with your editor of choice. Put the following lines into it:
var http = require("http");
var auth = require("http-auth");

var basic = auth.basic({
    file: __dirname + '/htpasswd'

http.createServer(basic, function(req, res) {
    console.log('Received request: ' + req.url);
    res.end('User successfully authenticated: ' + req.user);
        Now create a file htpasswd in the same directory and populate it with a user name and a password separated by a colon:
        Now run the node server:
node auth-server.js
        Go to the http://localhost:8080 URL in your browser. It will greet you with a standard basic-auth panel to enter your username and password. After successful authentication, you will see the message from server.
        For more info on how to use the http-auth package for basic and digest authentication, see its page on github: For more info on htpasswd module, including using different types of hashes instead of plain text passwords, see

Wednesday, January 29, 2014

T-SQL: Unicode-escaping characters in a string

I am in no way a T-SQL pro, but today I had a need of escaping a varchar field value to create a valid JSON string, while being limited only to Microsoft T-SQL features.
The JSON RFC states that:
All Unicode characters may be placed within the quotation marks except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).
As it turns out, the way of iterating through a string in T-SQL is as such:
set @wcount = 0
set @index = 1
set @len = len(@string)

while @index <= @len
  set @char = substring(@string, @index, 1)
  /* do something with @char */
  set @index += 1
To escape a quote or a backslash, we just prefix it with a backslash. As for the control characters, this gets a bit trickier, as we need to convert them to \u-notation that is used in JSON. We can use the built-in unicode function to get the ordinal value of a char and determine that it needs to be escaped.
when unicode(@char) < 32
Then we take advantage of the fn_varbintohexstr system function to convert a char value through varbinary type to a hex string.
sys.fn_varbintohexstr(cast(@char as varbinary))
Finally, after some string chopping and concatenating, we get what we want:
'\u00' + right(sys.fn_varbintohexstr(cast(@char as varbinary)), 2)
Here's the code of the function json_escape in its entirety.
if object_id(N'dbo.json_escape', N'FN') is not null
    drop function dbo.json_escape

create function dbo.json_escape (@string varchar(max)) returns varchar(max)
    declare @wcount int, @index int, @len int, @char char, @escaped_string varchar(max)

    set @escaped_string = ''
    set @wcount = 0
    set @index = 1
    set @len = len(@string)

    while @index <= @len
        set @char = substring(@string, @index, 1)
        set @escaped_string += 
            when @char = '"' then '\"'
            when @char = '\' then '\\'
            when unicode(@char) < 32 then '\u00' + right(sys.fn_varbintohexstr(cast(@char as varbinary)), 2)
            else @char
        set @index += 1