Socket
Socket
Sign inDemoInstall

andbang-express-auth

Package Overview
Dependencies
77
Maintainers
3
Versions
10
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.0.4 to 0.0.5

52

index.js

@@ -59,3 +59,2 @@ var _ = require('underscore'),

this.apiUrl = config.local ? 'http://localhost:3000' : 'https://api.andbang.com';
this.secureCookies = !config.local;

@@ -65,7 +64,6 @@ // The login route. If we already have a token in the session we'll

this.app.get('/auth', function (req, res) {
if (req.cookies.accessToken || req.session.token) {
if (req.cookies.accessToken) {
return res.redirect(self.defaultRedirect);
}
delete req.session.token;
res.clearCookie('accessToken');

@@ -103,4 +101,3 @@ req.session.oauthState = crypto.createHash('sha1').update(crypto.randomBytes(4098)).digest('hex');

token = JSON.parse(body);
req.session.token = token;
req.session.token.grant_date = Date.now();
req.token = token;
var nextUrl = req.session.nextUrl || self.defaultRedirect || '/';

@@ -110,4 +107,4 @@ delete req.session.nextUrl;

response.cookie('accessToken', token.access_token, {
maxAge: 86400000,
secure: self.secureCookies
maxAge: parseInt(token.expires_in, 10) * 1000,
secure: req.secure || req.host != 'localhost'
});

@@ -125,3 +122,2 @@ return self.userRequired(req, response, function () {

this.app.get('/auth/andbang/failed', function (req, res) {
delete req.session.token;
res.clearCookie('accessToken');

@@ -151,3 +147,3 @@ res.redirect('/auth');

headers: {
authorization: 'Bearer ' + req.session.token.access_token
authorization: 'Bearer ' + req.token.access_token
},

@@ -171,19 +167,8 @@ json: true

return function (req, res, next) {
var cookieToken = req.cookies.accessToken,
sessionToken;
var cookieToken = req.cookies.accessToken;
if (req.session.token) {
sessionToken = req.session.token.access_token;
}
if (!cookieToken && !sessionToken) {
if (!cookieToken) {
req.session.nextUrl = req.url;
return res.redirect('/auth');
} else if (!cookieToken && sessionToken) {
res.cookie('accessToken', sessionToken, {
maxAge: 86400000,
secure: self.secureCookies
});
return self.userRequired(req, res, next);
} else if (cookieToken && !sessionToken) {
} else {
request.post({

@@ -198,20 +183,13 @@ url: self.accountsUrl + '/oauth/validate',

if (res2 && res2.statusCode === 200) {
var token = JSON.parse(body);
if (token.access_token === cookieToken) {
req.session.token = token;
req.session.token.grant_date = Date.now();
req.token = JSON.parse(body);
if (req.token.access_token === cookieToken) {
res.cookie('accessToken', req.token.access_token, {
maxAge: parseInt(req.token.expires_in, 10) * 1000,
secure: req.secure || req.host != 'localhost'
});
return self.userRequired(req, res, next);
}
}
res.clearCookie('accessToken');
res.redirect('/auth');
res.redirect('/auth/andbang/failed');
});
} else if (cookieToken && sessionToken && cookieToken !== sessionToken) {
res.cookie('accessToken', sessionToken, {
maxAge: 86400000,
secure: self.secureCookies
});
return self.userRequired(req, res, next);
} else {
return self.userRequired(req, res, next);
}

@@ -218,0 +196,0 @@ }

2

package.json
{
"name": "andbang-express-auth",
"description": "Dead simple And Bang auth middleware.",
"version": "0.0.4",
"version": "0.0.5",
"dependencies": {

@@ -6,0 +6,0 @@ "express": "3.x",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc