Older mongoose (4.x) password protection was simple - I supplied the file name of password file and authentication was done internally before calling the user event handler (causing problems with the OPTIONS request required for JSON-RPC CORS support, which cannot/shouldnot authenticate).
Password with current mongoose 6.4 is more complicated. It does not call authentication at all (except when serving files? this is not well documented) and most functions required to do authentication have been made private (but thank you for exporting mg_http_check_digest_auth() in the latest development version).
In addition, in our web server, I want to implement an in-memory password file. This needs a custom version of mg_http_check_digest_auth() which in turn needs following functions to be made public: mg_mkmd5resp, mg_check_nonce.
Also mg_http_send_digest_auth_request needs to be public to make the browser prompt for the user name and password.
Then, to implement application-level per-user permissions, I would like for mg_http_check_digest_auth() to return the name of the authenticated user. (I suppose I can get the user name indirectly by looking at the http headers).
So this is a request for either: (a) export private functions needed for digest authentication, (b) improve mg_http_check_digest_auth() to use in-memory password file and return authenticated username (or password file entry).