
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
@essential-projects/auth
Advanced tools
Passport-based module to authorize user-requests, for example with google.
doc/auth.json
to config/ENVIRONMENT/auth/auth.json
in your projecthttp://localhost:8000
is the backend, and http://localhost:9000
is the frontend)npm install @5minds/auth --save
ioc_module.js
const auth = require('@5minds/auth/ioc_module');
auth.registerInContainer(container);
'auth'
as dependency to your http-extensioninitializeMiddlewareBeforeRouters
call
this.auth.initializeSessioning(this.app);
Let the IoC-Container inject the auth-module into the classes, that register the routes that need authorization
add the auth-modules middleware to the routes that need authorization, like so:
this.router.get('/tasks/:smartlistId', this.auth.middleware, YOUR_NEXT_MIDDLEWARE_GOES_HERE);
If the authorization failed for some reason, the middleware will redirect to the failRedirect
-route provided in the config, and no other middleware will be called
If the authorization succeeded, the request now has a session-object and a user-object. The user-object has the following structure:
for google-auth
req.user = {
credentials: {
access_token: 'SOME_OAUTH_ACCESS_TOKEN',
refresh_token: 'SOME_OAUTH_REFRESH_TOKEN',
refresh_after: 'THE_ACCESS_TOKEN_EXPIRATION_TIME',
},
profile: {
name: {
first: 'Heiko',
last: 'Mathes',
display: 'Heiko Mathes',
},
language: 'de',
image: 'https://someUrl',
email: 'heiko.mathes@5minds.de',
},
userToken: 'SOME_TOKEN_THAT_IDENTIFIES_THE_USER',
strategy: 'google',
}
for local password-auth:
req.user = {
profile: THE_USER_PROFILE_OBJECT_FROM_YOUR_APP,
strategy: 'password',
}
For the local password-strategy to work, you need to listen to the auth-modules userLogin
-event at some point in your application.
This event will get fired, everytime a user wants to login. A Demo-implementation could look like this:
this.auth.on('userLogin', (userParams) => {
this.user.getUserByMailAddress(userParams.username)
.then((userInfo) => {
if (!userInfo.password === this.hash(userParams.password)) {
logger.debug(`${userParams.username} tried to login with a wrong password`);
return Promise.reject(new Error('password mismatch'));
}
return userParams.resolve(userInfo);
})
.catch((error) => {
userParams.reject(error);
});
});
The userParams
-Object looks like this:
{
username: 'SOMEUSERNAME',
password: 'SOMEPASSWORD',
resolve: FUNCTION,
reject: FUNCTION,
}
You need to call resolve, when the user could be verified, or reject if something went wrong.
Whatever you give it as parameter in the userParams.reject-method will be in req.user.profile in later requests
For all auth-medthods, the following events can be listened on:
This event gets called, every time a request is about to get authorized. Every listener gets a userParams-Object that looks like this:
{
request: SOMEREQUEST,
user: USER\_OBJECT,
resolve: FUNCTION,
reject: FUNCTION,
}
403 - Forbidden
FAQs
Passport-based module to authorize user-requests
The npm package @essential-projects/auth receives a total of 1 weekly downloads. As such, @essential-projects/auth popularity was classified as not popular.
We found that @essential-projects/auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
Product
Socket now supports Scala and Kotlin, bringing AI-powered threat detection to JVM projects with easy manifest generation and fast, accurate scans.
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.