Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@fastify/bearer-auth
Advanced tools
@fastify/bearer-auth - npm Package Compare versions
Comparing version 9.3.0 to 9.4.0
@@ -9,2 +9,4 @@ 'use strict' | ||
| const FST_BEARER_AUTH_INVALID_SPEC = createError('FST_BEARER_AUTH_INVALID_SPEC', 'options.specCompliance has to be set to \'rfc6750\' or \'rfc6749\'') | ||
| const FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER = createError('FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER', 'missing authorization header', 401) | ||
| const FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER = createError('FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER', 'invalid authorization header', 401) | ||
@@ -15,3 +17,5 @@ module.exports = { | ||
| FST_BEARER_AUTH_KEYS_OPTION_INVALID_KEY_TYPE, | ||
| FST_BEARER_AUTH_INVALID_SPEC | ||
| FST_BEARER_AUTH_INVALID_SPEC, | ||
| FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER, | ||
| FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER | ||
| } |
@@ -7,3 +7,5 @@ 'use strict' | ||
| FST_BEARER_AUTH_KEYS_OPTION_INVALID_KEY_TYPE, | ||
| FST_BEARER_AUTH_INVALID_SPEC | ||
| FST_BEARER_AUTH_INVALID_SPEC, | ||
| FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER, | ||
| FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER | ||
| } = require('./errors') | ||
@@ -64,12 +66,11 @@ | ||
| function handleUnauthorized (request, reply, done, message) { | ||
| const noHeaderError = Error(message) | ||
| if (verifyErrorLogLevel) request.log[verifyErrorLogLevel]('unauthorized: %s', noHeaderError.message) | ||
| function handleUnauthorized (request, reply, done, error) { | ||
| if (verifyErrorLogLevel) request.log[verifyErrorLogLevel]('unauthorized: %s', error.message) | ||
| if (contentType) reply.header('content-type', contentType) | ||
| reply.code(401) | ||
| if (!addHook) { | ||
| done(noHeaderError) | ||
| done(error) | ||
| return | ||
| } | ||
| reply.send(errorResponse(noHeaderError)) | ||
| reply.send(errorResponse(error)) | ||
| } | ||
@@ -80,7 +81,9 @@ | ||
| if (!authorizationHeader) { | ||
| return handleUnauthorized(request, reply, done, 'missing authorization header') | ||
| const error = new FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER() | ||
| return handleUnauthorized(request, reply, done, error) | ||
| } | ||
| if (verifyBearerType(authorizationHeader)) { | ||
| return handleUnauthorized(request, reply, done, 'invalid authorization header') | ||
| const error = new FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER() | ||
| return handleUnauthorized(request, reply, done, error) | ||
| } | ||
@@ -112,3 +115,4 @@ | ||
| if (val === false) { | ||
| handleUnauthorized(request, reply, done, 'invalid authorization header') | ||
| const error = new FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER() | ||
| handleUnauthorized(request, reply, done, error) | ||
| return | ||
@@ -115,0 +119,0 @@ } |
| { | ||
| "name": "@fastify/bearer-auth", | ||
| "version": "9.3.0", | ||
| "version": "9.4.0", | ||
| "description": "An authentication plugin for Fastify", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -10,3 +10,3 @@ # @fastify/bearer-auth | ||
| [fastify]: https://fastify.io/ | ||
| [fastify]: https://fastify.dev/ | ||
@@ -38,5 +38,5 @@ ## Example | ||
| *@fastify/bearer-auth* exports a standard [Fastify plugin][plugin]. This allows | ||
| *@fastify/bearer-auth* exports a standard [Fastify plugin](https://github.com/fastify/fastify-plugin). This allows | ||
| you to register the plugin within scoped paths. Therefore, you could have some | ||
| paths that are not protected by the plugin and others that are. See the [Fastify][fastify] | ||
| paths that are not protected by the plugin and others that are. See the [Fastify](https://fastify.dev/docs/latest) | ||
| documentation and examples for more details. | ||
@@ -53,8 +53,8 @@ | ||
| * `specCompliance`: | ||
| Configure how this plugin follow the spec. Accept either | ||
| Plugin spec compliance. Accepts either | ||
| [`rfc6749`](https://datatracker.ietf.org/doc/html/rfc6749) or | ||
| [`rfc6750`](https://datatracker.ietf.org/doc/html/rfc6750). | ||
| Default is set to `rfc6750`. | ||
| * `rfc6749` is about the generic OAuth2.0 protocol which allows token type to be case-insensitive. | ||
| * `rfc6750` is about the Bearer Token Usage which forces the token type to be exact match. | ||
| Defaults to `rfc6750`. | ||
| * `rfc6749` is about the generic OAuth2.0 protocol, which allows the token type to be case-insensitive | ||
| * `rfc6750` is about the Bearer Token Usage, which forces the token type to be an exact match | ||
| * `function auth (key, req) {}` : this function will test if `key` is a valid token. | ||
@@ -61,0 +61,0 @@ The function must return a literal `true` if the key is accepted or a literal |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by1.3%
47328
- Lines of code
- increased by0.61%
1310
No dependency changes