andyet-express-auth
Advanced tools
Comparing version 0.0.12 to 0.1.0
96
index.js
| var _ = require('underscore'), | ||
| colors = require('colors'), | ||
| config = require('getconfig'), | ||
| crypto = require('crypto'), | ||
| request = require('request'), | ||
| querystring = require('querystring'); | ||
| querystring = require('querystring'), | ||
| log = require('bucker').createLogger(config.bucker, module); | ||
| config.andyetAPIs = _.extend({ | ||
| 'accounts': 'https://apps.andyet.com', | ||
| 'shippy': 'https://api.shippy.io', | ||
| 'talky': 'https://api.talky.io' | ||
| }, config.andyetAPIs || {}); | ||
| function AndYetMiddleware() { | ||
| var self = this; | ||
| this.showHelp = function (message) { | ||
| var output = [ | ||
| "\n", | ||
| message.red, | ||
| "_____________________________________________________________", | ||
| "", | ||
| "var express = require('express'),", | ||
| " auth = require('andyet-express-auth'),", | ||
| " app = express();", | ||
| "", | ||
| "", | ||
| "app.use(express.cookieParser());", | ||
| "app.use(express.session({ secret: 'keyboard cat' }));", | ||
| "app.use(auth.middleware({", | ||
| " app: app", | ||
| " clientId: 'YOUR CLIENT ID',", | ||
| " clientSecret: 'YOUR CLIENT SECRET',", | ||
| " defaultRedirect: '/app'", | ||
| "});", | ||
| "", | ||
| "", | ||
| "// a route that requires being logged in with your &yet account", | ||
| "app.get('/my-secured-route', auth.secure(), function (req, res) {", | ||
| " // req.user is everything we know about the andyet user", | ||
| " // req.token is now the auth token", | ||
| " res.send(req.user)", | ||
| "});", | ||
| "_____________________________________________________________", | ||
| "", | ||
| "" | ||
| ].join('\n'); | ||
| console.log(output); | ||
| }; | ||
| this.middleware = function (app, opts) { | ||
| var self = this; | ||
| this.middleware = function (config) { | ||
| var self = this; | ||
| if (!config.app || !config.clientId || !config.clientSecret || !config.defaultRedirect) { | ||
| this.showHelp('You have to pass the app, clientId and clientSecret and a default redirect. For example:'); | ||
| self.app = app; | ||
| if (!opts.defaultRedirect) { | ||
| log.warn('Missing defaultRedirect in andyetAuth settings, using "/"'); | ||
| } | ||
| if (!opts.api) { | ||
| log.warn('Missing api in andyetAuth settings, using "shippy"'); | ||
| } | ||
| // store our configs as properties | ||
| _.extend(this, { | ||
| loggedOutRedirect: '/' | ||
| }, config); | ||
| self.api = opts.api || 'shippy'; | ||
| self.defaultRedirect = opts.defaultRedirect || '/'; | ||
| self.loggedOutRedirect = opts.loggedOutRedirect || '/'; | ||
| self.onRefreshToken = opts.onRefreshToken || function (user, token, cb) { cb(); }; | ||
| // set our account and API urls | ||
| this.accountsUrl = config.accountsUrl || (config.local ? 'http://localhost:3001' : 'https://apps.andyet.com'); | ||
| this.apiUrl = config.apiUrl || (config.local ? 'http://localhost:3000' : 'https://api.shippy.io'); | ||
| this.onRefreshToken = config.onRefreshToken || function (user, token, cb) { cb(); }; | ||
| // The login route. If we already have a token in the session we'll | ||
@@ -76,5 +51,5 @@ // just continue through. | ||
| req.session.save(function () { | ||
| var url = self.accountsUrl + '/oauth/authorize?' + querystring.stringify({ | ||
| var url = config.andyetAPIs.accounts + '/oauth/authorize?' + querystring.stringify({ | ||
| response_type: 'code', | ||
| client_id: self.clientId, | ||
| client_id: config.andyetAuth.id, | ||
| state: req.session.oauthState | ||
@@ -90,2 +65,3 @@ }); | ||
| if (result.error) { | ||
| log.error('Failed to parse querystring: ' + result.error); | ||
| return response.redirect('/auth/andyet/failed'); | ||
@@ -95,2 +71,3 @@ } | ||
| if (result.state != req.session.oauthState) { | ||
| log.error('OAuth state values do not match: %s != %s', result.state, req.session.oauthState); | ||
| return response.redirect('/auth/andyet/failed'); | ||
@@ -100,3 +77,3 @@ } | ||
| request.post({ | ||
| url: self.accountsUrl + '/oauth/access_token', | ||
| url: config.andyetAPIs.accounts + '/oauth/access_token', | ||
| strictSSL: true, | ||
@@ -106,8 +83,8 @@ form: { | ||
| grant_type: 'authorization_code', | ||
| client_id: self.clientId, | ||
| client_secret: self.clientSecret | ||
| client_id: config.andyetAuth.id, | ||
| client_secret: config.andyetAuth.secret | ||
| } | ||
| }, function (err, res, body) { | ||
| if (res && res.statusCode === 200) { | ||
| token = JSON.parse(body); | ||
| var token = JSON.parse(body); | ||
| req.token = token; | ||
@@ -128,2 +105,3 @@ var nextUrl = req.session.nextUrl || self.defaultRedirect || '/'; | ||
| } else { | ||
| log.error('Error requesting access token: %s', err); | ||
| response.redirect('/auth/andyet/failed'); | ||
@@ -157,3 +135,3 @@ } | ||
| request.get({ | ||
| url: self.apiUrl + '/me', | ||
| url: config.andyetAPIs[self.api] + '/me', | ||
| strictSSL: true, | ||
@@ -169,2 +147,3 @@ headers: { | ||
| } else { | ||
| log.error('Error requesting user information: %s', err); | ||
| res.redirect('/auth/andyet/failed'); | ||
@@ -188,8 +167,8 @@ } | ||
| request.post({ | ||
| url: self.accountsUrl + '/oauth/validate', | ||
| url: config.andyetAPIs.accounts + '/oauth/validate', | ||
| strictSSL: true, | ||
| form: { | ||
| access_token: cookieToken, | ||
| client_id: self.clientId, | ||
| client_secret: self.clientSecret | ||
| client_id: config.andyetAuth.id, | ||
| client_secret: config.andyetAauth.secret, | ||
| } | ||
@@ -207,2 +186,3 @@ }, function (err, res2, body) { | ||
| } | ||
| log.error('Error validating cached token: %s', err); | ||
| res.redirect('/auth/andyet/failed'); | ||
@@ -209,0 +189,0 @@ }); |
| { | ||
| "name": "andyet-express-auth", | ||
| "description": "Dead simple &yet auth middleware.", | ||
| "version": "0.0.12", | ||
| "version": "0.1.0", | ||
| "dependencies": { | ||
| "express": "3.x", | ||
| "colors": "0.6.0-1", | ||
| "bucker": "0.4.0", | ||
| "getconfig": "0.0.5", | ||
| "request": "2.21.0" | ||
| }, | ||
| "devDependencies": { | ||
| "express": "3.x", | ||
| "precommit-hook": "0.3.4" | ||
| }, | ||
| "main": "index.js" | ||
| } |
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Number of package files
- increased by40%
7
Worsened metrics
- Total package byte prevSize
- decreased by-1.9%
10340
- Dev dependency count
- increased byInfinity%
2
- Lines of code
- decreased by-10.43%
189
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedbucker@0.4.0
+ Addedgetconfig@0.0.5
+ Addedbucker@0.4.0(transitive)
+ Addedgetconfig@0.0.5(transitive)
- Removedcolors@0.6.0-1
- Removedexpress@3.x
- Removedaccepts@1.2.131.3.8(transitive)
- Removedbase64-url@1.2.1(transitive)
- Removedbasic-auth@1.0.4(transitive)
- Removedbasic-auth-connect@1.0.0(transitive)
- Removedbatch@0.5.3(transitive)
- Removedbody-parser@1.13.3(transitive)
- Removedbytes@2.1.02.4.0(transitive)
- Removedcolors@0.6.0-1(transitive)
- Removedcommander@2.6.0(transitive)
- Removedcompressible@2.0.18(transitive)
- Removedcompression@1.5.2(transitive)
- Removedconnect@2.30.2(transitive)
- Removedconnect-timeout@1.6.2(transitive)
- Removedcontent-disposition@0.5.0(transitive)
- Removedcontent-type@1.0.5(transitive)
- Removedcookie@0.1.3(transitive)
- Removedcookie-parser@1.3.5(transitive)
- Removedcookie-signature@1.0.6(transitive)
- Removedcore-util-is@1.0.3(transitive)
- Removedcrc@3.3.0(transitive)
- Removedcsrf@3.0.6(transitive)
- Removedcsurf@1.8.3(transitive)
- Removeddebug@2.2.02.6.9(transitive)
- Removeddepd@1.0.11.1.2(transitive)
- Removeddestroy@1.0.31.0.4(transitive)
- Removedee-first@1.1.1(transitive)
- Removederrorhandler@1.4.3(transitive)
- Removedescape-html@1.0.21.0.3(transitive)
- Removedetag@1.7.0(transitive)
- Removedexpress@3.21.2(transitive)
- Removedexpress-session@1.11.3(transitive)
- Removedfinalhandler@0.4.0(transitive)
- Removedforwarded@0.1.2(transitive)
- Removedfresh@0.3.0(transitive)
- Removedhttp-errors@1.3.1(transitive)
- Removediconv-lite@0.4.110.4.13(transitive)
- Removedinherits@2.0.4(transitive)
- Removedipaddr.js@1.0.5(transitive)
- Removedisarray@0.0.1(transitive)
- Removedmedia-typer@0.3.0(transitive)
- Removedmerge-descriptors@1.0.0(transitive)
- Removedmethod-override@2.3.10(transitive)
- Removedmethods@1.1.2(transitive)
- Removedmime@1.3.4(transitive)
- Removedmime-db@1.52.0(transitive)
- Removedmime-types@2.1.35(transitive)
- Removedminimist@0.0.8(transitive)
- Removedmkdirp@0.5.1(transitive)
- Removedmorgan@1.6.1(transitive)
- Removedms@0.7.10.7.22.0.0(transitive)
- Removedmultiparty@3.3.2(transitive)
- Removednegotiator@0.5.30.6.3(transitive)
- Removedon-finished@2.3.0(transitive)
- Removedon-headers@1.0.2(transitive)
- Removedparseurl@1.3.3(transitive)
- Removedpause@0.1.0(transitive)
- Removedproxy-addr@1.0.10(transitive)
- Removedqs@4.0.0(transitive)
- Removedrandom-bytes@1.0.0(transitive)
- Removedrange-parser@1.0.3(transitive)
- Removedraw-body@2.1.7(transitive)
- Removedreadable-stream@1.1.14(transitive)
- Removedresponse-time@2.3.2(transitive)
- Removedrndm@1.2.0(transitive)
- Removedsend@0.13.00.13.2(transitive)
- Removedserve-favicon@2.3.2(transitive)
- Removedserve-index@1.7.3(transitive)
- Removedserve-static@1.10.3(transitive)
- Removedstatuses@1.2.11.5.0(transitive)
- Removedstream-counter@0.2.0(transitive)
- Removedstring_decoder@0.10.31(transitive)
- Removedtsscmp@1.0.5(transitive)
- Removedtype-is@1.6.18(transitive)
- Removeduid-safe@2.0.02.1.4(transitive)
- Removedunpipe@1.0.0(transitive)
- Removedutils-merge@1.0.0(transitive)
- Removedvary@1.0.11.1.2(transitive)
- Removedvhost@3.0.2(transitive)