header('Authorization'), 'Basic '); $authParts = explode(':', base64_decode($authorization), 2); [$user, $password] = $authParts; if (! $this->credentialsAreAllowed($user, $password)) { throw new \InvalidArgumentException('Invalid Login'); } return true; } catch (\Throwable $e) { $httpConnection->send(str(new Response(401, [ 'WWW-Authenticate' => 'Basic realm="Expose"', ]))); } return false; } protected function credentialsAreAllowed(string $user, string $password) { return config('expose.admin.users.'.$user) === $password; } }