From 0dc1a5a664ae5ae08daf3a5ff4a71a869952952f Mon Sep 17 00:00:00 2001
From: Irakli Nadareishvili <irakli@gmail.com>
Date: Sat, 5 Jan 2013 22:12:48 -0500
Subject: [PATCH 1/2] Update lib/basicAuth.js

Fixing a "Error: Can't set headers after they are sent." bug
---
 lib/basicAuth.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/basicAuth.js b/lib/basicAuth.js
index b49b5b9..17dc65f 100644
--- a/lib/basicAuth.js
+++ b/lib/basicAuth.js
@@ -6,6 +6,7 @@ module.exports = function basicAuth(callback, realm) {
   function unauthorized(res) {
     res.writeHead(401, {"WWW-Authenticate": 'Basic realm="' + realm + '"'});
     res.end();
+    return null;
   }
 
   return function(req, res, next) {
@@ -21,6 +22,7 @@ module.exports = function basicAuth(callback, realm) {
     if (scheme !== "Basic") {
       res.writeHead(400);
       res.end();
+      return null;
     }
 
     if (callback(credentials[0], credentials[1]) === true) {

From d2f39a9df4b77b85b77cb79f0bc32068eb197117 Mon Sep 17 00:00:00 2001
From: Irakli Nadareishvili <irakli@gmail.com>
Date: Sat, 5 Jan 2013 22:24:27 -0500
Subject: [PATCH 2/2] Update lib/basicAuth.js

Calling res.end() does not terminate middleware's execution. Explicit exit from the function is necessary to prevent unwanted side-effect, which can include a "Error: Can't set headers after they are sent." from another (later) middleware.
---
 lib/basicAuth.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/basicAuth.js b/lib/basicAuth.js
index 17dc65f..760bb18 100644
--- a/lib/basicAuth.js
+++ b/lib/basicAuth.js
@@ -6,7 +6,6 @@ module.exports = function basicAuth(callback, realm) {
   function unauthorized(res) {
     res.writeHead(401, {"WWW-Authenticate": 'Basic realm="' + realm + '"'});
     res.end();
-    return null;
   }
 
   return function(req, res, next) {
@@ -14,6 +13,7 @@ module.exports = function basicAuth(callback, realm) {
 
     if (!authorization)
       unauthorized(res);
+      return;
 
     var parts       = authorization.split(" ");
     var scheme      = parts[0];
@@ -22,7 +22,7 @@ module.exports = function basicAuth(callback, realm) {
     if (scheme !== "Basic") {
       res.writeHead(400);
       res.end();
-      return null;
+      return;
     }
 
     if (callback(credentials[0], credentials[1]) === true) {