@corbado/node-sdk - npm Package Compare versions

Comparing version 1.1.12 to 1.1.13

dist/cjs/config/configuration.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/entities/User.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/index.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/middlewares/webhookMiddleware.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/package.json

 {
     "type": "commonjs"
 }

dist/cjs/SDK.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/authtokens.service.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/CorbadoApi.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/CorbadoApiError.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/CorbadoError.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/emaillinks.service.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/NotAuthedError.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/passkeys.service.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/session.service.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/users.service.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/services/webhooks.service.js

@@ -0,0 +0,0 @@ "use strict";

dist/cjs/utils/clientInfo.utils.js

@@ -0,0 +0,0 @@ "use strict";

examples/app.js

@@ -0,0 +0,0 @@ import express from 'express';

examples/package.json

@@ -0,0 +0,0 @@ {

package.json

 {
   "name": "@corbado/node-sdk",
-  "version": "1.1.12",
+  "version": "1.1.13",
   "description": "This Node.js SDK eases the integration of Corbado's passkey-first authentication solution.",
@@ -5,0 +5,0 @@ "main": "dist/cjs/index.js",

README.md

@@ -72,4 +72,6 @@ # Corbado Node.js SDK
 
-### Corbado session management
+Some selected services are explained in more detail below:
 
+#### Corbado session management
+
 Corbado offers an efficient and secure session management system (refer to
@@ -91,2 +93,110 @@ the [documentation](https://docs.corbado.com/overview/welcome) for more details).
 
+#### Corbado webhooks
+
+When using webhooks, it's best practice to provide the webhooks username and password in the config during instantiation:
+
+##### ES5:
+
+```JavaScript
+const Corbado = require('@corbado/node-sdk');
+
+const projectID = process.env.PROJECT_ID;
+const apiSecret = process.env.API_SECRET;
+
+const config = new Corbado.Configuration(projectID, apiSecret);
+config.webhookUsername = process.env.WEBHOOK_USERNAME;
+config.webhookPassword = process.env.WEBHOOK_PASSWORD;
+const corbado = new Corbado.SDK(config);
+```
+
+##### ES6:
+
+```JavaScript 
+import {SDK, Configuration} from '@corbado/node-sdk';
+
+const projectID = process.env.PROJECT_ID;
+const apiSecret = process.env.API_SECRET;
+const config = new Configuration(projectID, apiSecret);
+config.webhookUsername = process.env.WEBHOOK_USERNAME;
+config.webhookPassword = process.env.WEBHOOK_PASSWORD;
+const corbado = new SDK(config);
+```
+
+You can protect routes with the webhooks middleware, e.g.:
+
+```JavaScript
+app.post('/api/corbado/webhook', corbado.webhooks.middleware, json(), handleWebhook);
+```
+
+A sample endpoint, handling the webhooks could look like:
+```JavaScript
+export const handleWebhook = async (req, res) => {
+    try {
+        // Get the webhook action and act accordingly. Every Corbado
+        // webhook has an action.
+
+        let request: any;
+        let response: any;
+        console.log("BEFORE ACTION");
+        switch (corbado.webhooks.getAction(req)) {
+
+            // Handle the "authMethods" action which basically checks
+            // if a user exists on your side/in your database.
+            case corbado.webhooks.WEBHOOK_ACTION.AUTH_METHODS: {
+                console.log("WEBHOOK AUTH METHODS");
+                request = corbado.webhooks.getAuthMethodsRequest(req);
+
+                // Now check if the given user/username exists in your
+                // database and send status. Implement getUserStatus()
+                // function below.#
+                console.log("BEFORE USER STATUS");
+
+                const status = await getUserStatus(request.data.username);
+                let correctUserStatus = status.userStatus;
+                if(status.createdByCorbado) {
+                    correctUserStatus = "not_exists"
+                }
+                response = corbado.webhooks.getAuthMethodsResponse(correctUserStatus);
+                res.json(response);
+                break;
+            }
+
+            // Handle the "passwordVerify" action which basically checks
+            // if the given username and password are valid.
+            case corbado.webhooks.WEBHOOK_ACTION.PASSWORD_VERIFY: {
+                console.log("WEBHOOK PASSWORD VERIFY");
+                request = corbado.webhooks.getPasswordVerifyRequest(req);
+
+                // Now check if the given username and password is
+                // valid. Implement verifyPassword() function below.
+                const isValid = await verifyPassword(request.data.username, request.data.password)
+                response = corbado.webhooks.getPasswordVerifyResponse(isValid);
+                res.json(response);
+                break;
+            }
+            default: {
+                res.status(400).send('Bad Request');
+                return;
+            }
+        }
+    } catch (error: any) {
+
+        // We expose the full error message here. Usually you would
+        // not do this (security!) but in this case Corbado is the
+        // only consumer of your webhook. The error message gets
+        // logged at Corbado and helps you and us debugging your
+        // webhook.
+        console.log(error);
+
+        // If something went wrong just return HTTP status
+        // code 500. For successful requests Corbado always
+        // expects HTTP status code 200. Everything else
+        // will be treated as error.
+
+        res.status(500).send(error.message);
+        return;
+    }
+}
+```
+
 ### Utility functions
@@ -93,0 +203,0 @@

src/config/configuration.js

@@ -0,0 +0,0 @@ import assert from 'assert';

src/entities/User.js

@@ -0,0 +0,0 @@ class User {

src/index.js

@@ -0,0 +0,0 @@ import SDK from './SDK.js';

src/middlewares/webhookMiddleware.js

@@ -0,0 +0,0 @@ const ALLOWED_METHOD = "POST";

src/SDK.js

@@ -0,0 +0,0 @@ import Passkeys from './services/passkeys.service.js';

src/services/authtokens.service.js

@@ -0,0 +0,0 @@

src/services/CorbadoApi.js

@@ -0,0 +0,0 @@ import axios from 'axios';

src/services/CorbadoApiError.js

@@ -0,0 +0,0 @@ class CorbadoApiError extends Error {

src/services/CorbadoError.js

@@ -0,0 +0,0 @@ class CorbadoError extends Error {

src/services/emaillinks.service.js

@@ -0,0 +0,0 @@ class EmailLinks {

src/services/NotAuthedError.js

@@ -0,0 +0,0 @@ class NotAuthedError extends Error {

src/services/passkeys.service.js

@@ -0,0 +0,0 @@ class Passkeys {

src/services/session.service.js

@@ -0,0 +0,0 @@ import assert from "assert";

src/services/users.service.js

@@ -0,0 +0,0 @@ class UsersService {

src/services/webhooks.service.js

@@ -0,0 +0,0 @@ import assert from "assert";

src/utils/clientInfo.utils.js

@@ -0,0 +0,0 @@ const getRemoteAddress = (req) => {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

200548

increased by0.37%

Number of lines in readme file

210

increased by110%

No dependency changes