@essential-projects/auth
Advanced tools
Passport-based module to authorize user-requests, for example with google.
doc/auth.json to config/ENVIRONMENT/auth/auth.json in your projecthttp://localhost:8000 is the backend, and http://localhost:9000 is the frontend)npm install @5minds/auth --saveioc_module.jsconst auth = require('@5minds/auth/ioc_module');auth.registerInContainer(container);'auth' as dependency to your http-extensioninitializeMiddlewareBeforeRouters call
this.auth.initializeSessioning(this.app);Let the IoC-Container inject the auth-module into the classes, that register the routes that need authorization
add the auth-modules middleware to the routes that need authorization, like so:
this.router.get('/tasks/:smartlistId', this.auth.middleware, YOUR_NEXT_MIDDLEWARE_GOES_HERE);
If the authorization failed for some reason, the middleware will redirect to the failRedirect-route provided in the config, and no other middleware will be called
If the authorization succeeded, the request now has a session-object and a user-object. The user-object has the following structure:
for google-auth
req.user = {
credentials: {
access_token: 'SOME_OAUTH_ACCESS_TOKEN',
refresh_token: 'SOME_OAUTH_REFRESH_TOKEN',
refresh_after: 'THE_ACCESS_TOKEN_EXPIRATION_TIME',
},
profile: {
name: {
first: 'Heiko',
last: 'Mathes',
display: 'Heiko Mathes',
},
language: 'de',
image: 'https://someUrl',
email: 'heiko.mathes@5minds.de',
},
userToken: 'SOME_TOKEN_THAT_IDENTIFIES_THE_USER',
strategy: 'google',
}
for local password-auth:
req.user = {
profile: THE_USER_PROFILE_OBJECT_FROM_YOUR_APP,
strategy: 'password',
}
For the local password-strategy to work, you need to listen to the auth-modules userLogin-event at some point in your application.
This event will get fired, everytime a user wants to login. A Demo-implementation could look like this:
this.auth.on('userLogin', (userParams) => {
this.user.getUserByMailAddress(userParams.username)
.then((userInfo) => {
if (!userInfo.password === this.hash(userParams.password)) {
logger.debug(`${userParams.username} tried to login with a wrong password`);
return Promise.reject(new Error('password mismatch'));
}
return userParams.resolve(userInfo);
})
.catch((error) => {
userParams.reject(error);
});
});
The userParams-Object looks like this:
{
username: 'SOMEUSERNAME',
password: 'SOMEPASSWORD',
resolve: FUNCTION,
reject: FUNCTION,
}
You need to call resolve, when the user could be verified, or reject if something went wrong.
Whatever you give it as parameter in the userParams.reject-method will be in req.user.profile in later requests
For all auth-medthods, the following events can be listened on:
This event gets called, every time a request is about to get authorized. Every listener gets a userParams-Object that looks like this:
{
request: SOMEREQUEST,
user: USER\_OBJECT,
resolve: FUNCTION,
reject: FUNCTION,
}
403 - ForbiddenFAQs
Passport-based module to authorize user-requests
The npm package @essential-projects/auth receives a total of 0 weekly downloads. As such, @essential-projects/auth popularity was classified as not popular.
We found that @essential-projects/auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.