Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
@mondomob/gae-js-google-auth
Advanced tools
Utilities extending on Google Auth Library, such as middleware to validate Google JWT.
npm install @mondomob/gae-js-google-auth
Middleware to require a valid Google JWT token, for your endpoints.
An example can be found in the Example Pub/Sub JWT. This middlware will always verify:
Authorization
header is present with a Bearer <token>
value<token>
component is a valid token according to Google Auth Libraryemail_verified
is true
iss
is "https://accounts.google.com"
Simplest usage
// Apply middleware however you normally would
app.use("/pubsub", requiresGoogleJwt());
// Now any matching routes will be protected
app.post("/pubsub/start-job", (req, res) => res.send("OK"));
app.post("/pubsub/poll-status", (req, res) => res.send("OK"));
It is recommended that you also verify the email
matches the identity you expect of the signer (e.g. a service account email).
// Apply middleware however you normally would
app.use("/pubsub", requiresGoogleJwt({
email: "your-service-account@your-project.iam.gserviceaccount.com"
}));
// Now any matching routes will be protected
app.post("/pubsub/start-job", (req, res) => res.send("OK"));
app.post("/pubsub/poll-status", (req, res) => res.send("OK"));
Note: The email
property also supports an array of values if your endpoints should be one of a set of allowed emails.
If you care about the audience
property you can also specify this property as a single value or an array.
By default, this middleware will be disabled if run in an environment outside of GCP (local testing, for example). If you would like to override
this behaviour, you can set disableForNonGcpEnvironment
to false
.
FAQs
Tools for Google Cloud Authentication
The npm package @mondomob/gae-js-google-auth receives a total of 24 weekly downloads. As such, @mondomob/gae-js-google-auth popularity was classified as not popular.
We found that @mondomob/gae-js-google-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.