Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@redwoodjs/auth
Advanced tools
If you want to contribute a new auth provider integration we recommend you
start by implementing it as a custom auth provider in a Redwood App first. When
that works you can package it up as an npm package and publish it on your own.
You can then create a PR on this repo with support for your new auth provider
in our yarn rw setup auth
cli command. The easiest option is probably to just
look at one of the existing auth providers in
packages/cli/src/commands/setup/auth/providers
and the corresponding
templates in ../templates
.
If you need help setting up a custom auth provider you can read the auth docs on the web.
If you want to contribute to our auth implementation, the interface towards
both auth service providers and RW apps we recommend you start looking in
authFactory.ts
and then continue to AuthProvider.tsx
. AuthProvider.tsx
has most of our implementation together with all the custom hooks it uses.
Another file to be accustomed with is AuthContext.ts
. The interface in there
has pretty good code comments, and is what will be exposed to RW apps.
getCurrentUser
returns the user information together with
an optional collection of roles used by requireAuth() to check if the user is authenticated or has role-based access.
Use in conjunction with requireAuth
in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
@param decoded - The decoded access token containing user info and JWT claims like `sub`
@param { token, SupportedAuthTypes type } - The access token itself as well as the auth provider type
@param { APIGatewayEvent event, Context context } - An object which contains information from the invoker
such as headers and cookies, and the context information about the invocation such as IP Address
This example is the standard use of getCurrentUser
.
export const getCurrentUser = async (
decoded,
{ _token, _type },
{ _event, _context },
) => {
return { ...decoded, roles: parseJWT({ decoded }).roles }
}
export const getCurrentUser = async (decoded) => {
return await db.user.findUnique({ where: { decoded.email } })
}
export const getCurrentUser = async (decoded) => {
return { ...decoded }
}
export const getCurrentUser = async (decoded) => {
return { ...decoded, roles: parseJWT({ decoded }).roles }
}
export const getCurrentUser = async (decoded) => {
const currentUser = await db.user.findUnique({
where: { email: decoded.email },
})
return {
...currentUser,
roles: parseJWT({ decoded: decoded, namespace: NAMESPACE }).roles,
}
}
const getCurrentUser = async (decoded) => {
const currentUser = await db.user.findUnique({
where: { userIdentity: decoded.sub },
})
return {
...currentUser,
roles: parseJWT({ decoded: decoded }).roles,
}
}
const getCurrentUser = async (_decoded, _raw, { event, _context }) => {
const cookies = cookie(event.headers.cookies)
const session = cookies['my.cookie.name']
const currentUser = await db.sessions.findUnique({ where: { id: session } })
return currentUser
}
Use requireAuth
in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
@param {string=} roles - An optional role or list of roles
@param {string[]=} roles - An optional list of roles
@returns {boolean} - If the currentUser is authenticated (and assigned one of the given roles)
@throws {AuthenticationError} - If the currentUser is not authenticated
@throws {ForbiddenError} If the currentUser is not allowed due to role permissions
requireAuth()
requireAuth({ role: 'admin' })
requireAuth({ role: ['editor', 'author'] })
requireAuth({ role: ['publisher'] })
FAQs
Unknown package
The npm package @redwoodjs/auth receives a total of 3,967 weekly downloads. As such, @redwoodjs/auth popularity was classified as popular.
We found that @redwoodjs/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.