andyet-express-auth
Advanced tools
Comparing version 0.0.12 to 0.1.0
96
index.js
var _ = require('underscore'), | ||
colors = require('colors'), | ||
config = require('getconfig'), | ||
crypto = require('crypto'), | ||
request = require('request'), | ||
querystring = require('querystring'); | ||
querystring = require('querystring'), | ||
log = require('bucker').createLogger(config.bucker, module); | ||
config.andyetAPIs = _.extend({ | ||
'accounts': 'https://apps.andyet.com', | ||
'shippy': 'https://api.shippy.io', | ||
'talky': 'https://api.talky.io' | ||
}, config.andyetAPIs || {}); | ||
function AndYetMiddleware() { | ||
var self = this; | ||
this.showHelp = function (message) { | ||
var output = [ | ||
"\n", | ||
message.red, | ||
"_____________________________________________________________", | ||
"", | ||
"var express = require('express'),", | ||
" auth = require('andyet-express-auth'),", | ||
" app = express();", | ||
"", | ||
"", | ||
"app.use(express.cookieParser());", | ||
"app.use(express.session({ secret: 'keyboard cat' }));", | ||
"app.use(auth.middleware({", | ||
" app: app", | ||
" clientId: 'YOUR CLIENT ID',", | ||
" clientSecret: 'YOUR CLIENT SECRET',", | ||
" defaultRedirect: '/app'", | ||
"});", | ||
"", | ||
"", | ||
"// a route that requires being logged in with your &yet account", | ||
"app.get('/my-secured-route', auth.secure(), function (req, res) {", | ||
" // req.user is everything we know about the andyet user", | ||
" // req.token is now the auth token", | ||
" res.send(req.user)", | ||
"});", | ||
"_____________________________________________________________", | ||
"", | ||
"" | ||
].join('\n'); | ||
console.log(output); | ||
}; | ||
this.middleware = function (app, opts) { | ||
var self = this; | ||
this.middleware = function (config) { | ||
var self = this; | ||
if (!config.app || !config.clientId || !config.clientSecret || !config.defaultRedirect) { | ||
this.showHelp('You have to pass the app, clientId and clientSecret and a default redirect. For example:'); | ||
self.app = app; | ||
if (!opts.defaultRedirect) { | ||
log.warn('Missing defaultRedirect in andyetAuth settings, using "/"'); | ||
} | ||
if (!opts.api) { | ||
log.warn('Missing api in andyetAuth settings, using "shippy"'); | ||
} | ||
// store our configs as properties | ||
_.extend(this, { | ||
loggedOutRedirect: '/' | ||
}, config); | ||
self.api = opts.api || 'shippy'; | ||
self.defaultRedirect = opts.defaultRedirect || '/'; | ||
self.loggedOutRedirect = opts.loggedOutRedirect || '/'; | ||
self.onRefreshToken = opts.onRefreshToken || function (user, token, cb) { cb(); }; | ||
// set our account and API urls | ||
this.accountsUrl = config.accountsUrl || (config.local ? 'http://localhost:3001' : 'https://apps.andyet.com'); | ||
this.apiUrl = config.apiUrl || (config.local ? 'http://localhost:3000' : 'https://api.shippy.io'); | ||
this.onRefreshToken = config.onRefreshToken || function (user, token, cb) { cb(); }; | ||
// The login route. If we already have a token in the session we'll | ||
@@ -76,5 +51,5 @@ // just continue through. | ||
req.session.save(function () { | ||
var url = self.accountsUrl + '/oauth/authorize?' + querystring.stringify({ | ||
var url = config.andyetAPIs.accounts + '/oauth/authorize?' + querystring.stringify({ | ||
response_type: 'code', | ||
client_id: self.clientId, | ||
client_id: config.andyetAuth.id, | ||
state: req.session.oauthState | ||
@@ -90,2 +65,3 @@ }); | ||
if (result.error) { | ||
log.error('Failed to parse querystring: ' + result.error); | ||
return response.redirect('/auth/andyet/failed'); | ||
@@ -95,2 +71,3 @@ } | ||
if (result.state != req.session.oauthState) { | ||
log.error('OAuth state values do not match: %s != %s', result.state, req.session.oauthState); | ||
return response.redirect('/auth/andyet/failed'); | ||
@@ -100,3 +77,3 @@ } | ||
request.post({ | ||
url: self.accountsUrl + '/oauth/access_token', | ||
url: config.andyetAPIs.accounts + '/oauth/access_token', | ||
strictSSL: true, | ||
@@ -106,8 +83,8 @@ form: { | ||
grant_type: 'authorization_code', | ||
client_id: self.clientId, | ||
client_secret: self.clientSecret | ||
client_id: config.andyetAuth.id, | ||
client_secret: config.andyetAuth.secret | ||
} | ||
}, function (err, res, body) { | ||
if (res && res.statusCode === 200) { | ||
token = JSON.parse(body); | ||
var token = JSON.parse(body); | ||
req.token = token; | ||
@@ -128,2 +105,3 @@ var nextUrl = req.session.nextUrl || self.defaultRedirect || '/'; | ||
} else { | ||
log.error('Error requesting access token: %s', err); | ||
response.redirect('/auth/andyet/failed'); | ||
@@ -157,3 +135,3 @@ } | ||
request.get({ | ||
url: self.apiUrl + '/me', | ||
url: config.andyetAPIs[self.api] + '/me', | ||
strictSSL: true, | ||
@@ -169,2 +147,3 @@ headers: { | ||
} else { | ||
log.error('Error requesting user information: %s', err); | ||
res.redirect('/auth/andyet/failed'); | ||
@@ -188,8 +167,8 @@ } | ||
request.post({ | ||
url: self.accountsUrl + '/oauth/validate', | ||
url: config.andyetAPIs.accounts + '/oauth/validate', | ||
strictSSL: true, | ||
form: { | ||
access_token: cookieToken, | ||
client_id: self.clientId, | ||
client_secret: self.clientSecret | ||
client_id: config.andyetAuth.id, | ||
client_secret: config.andyetAauth.secret, | ||
} | ||
@@ -207,2 +186,3 @@ }, function (err, res2, body) { | ||
} | ||
log.error('Error validating cached token: %s', err); | ||
res.redirect('/auth/andyet/failed'); | ||
@@ -209,0 +189,0 @@ }); |
{ | ||
"name": "andyet-express-auth", | ||
"description": "Dead simple &yet auth middleware.", | ||
"version": "0.0.12", | ||
"version": "0.1.0", | ||
"dependencies": { | ||
"express": "3.x", | ||
"colors": "0.6.0-1", | ||
"bucker": "0.4.0", | ||
"getconfig": "0.0.5", | ||
"request": "2.21.0" | ||
}, | ||
"devDependencies": { | ||
"express": "3.x", | ||
"precommit-hook": "0.3.4" | ||
}, | ||
"main": "index.js" | ||
} |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
7
10340
2
189
1
+ Addedbucker@0.4.0
+ Addedgetconfig@0.0.5
+ Addedbucker@0.4.0(transitive)
+ Addedgetconfig@0.0.5(transitive)
- Removedcolors@0.6.0-1
- Removedexpress@3.x
- Removedaccepts@1.2.131.3.8(transitive)
- Removedbase64-url@1.2.1(transitive)
- Removedbasic-auth@1.0.4(transitive)
- Removedbasic-auth-connect@1.0.0(transitive)
- Removedbatch@0.5.3(transitive)
- Removedbody-parser@1.13.3(transitive)
- Removedbytes@2.1.02.4.0(transitive)
- Removedcolors@0.6.0-1(transitive)
- Removedcommander@2.6.0(transitive)
- Removedcompressible@2.0.18(transitive)
- Removedcompression@1.5.2(transitive)
- Removedconnect@2.30.2(transitive)
- Removedconnect-timeout@1.6.2(transitive)
- Removedcontent-disposition@0.5.0(transitive)
- Removedcontent-type@1.0.5(transitive)
- Removedcookie@0.1.3(transitive)
- Removedcookie-parser@1.3.5(transitive)
- Removedcookie-signature@1.0.6(transitive)
- Removedcore-util-is@1.0.3(transitive)
- Removedcrc@3.3.0(transitive)
- Removedcsrf@3.0.6(transitive)
- Removedcsurf@1.8.3(transitive)
- Removeddebug@2.2.02.6.9(transitive)
- Removeddepd@1.0.11.1.2(transitive)
- Removeddestroy@1.0.31.0.4(transitive)
- Removedee-first@1.1.1(transitive)
- Removederrorhandler@1.4.3(transitive)
- Removedescape-html@1.0.21.0.3(transitive)
- Removedetag@1.7.0(transitive)
- Removedexpress@3.21.2(transitive)
- Removedexpress-session@1.11.3(transitive)
- Removedfinalhandler@0.4.0(transitive)
- Removedforwarded@0.1.2(transitive)
- Removedfresh@0.3.0(transitive)
- Removedhttp-errors@1.3.1(transitive)
- Removediconv-lite@0.4.110.4.13(transitive)
- Removedinherits@2.0.4(transitive)
- Removedipaddr.js@1.0.5(transitive)
- Removedisarray@0.0.1(transitive)
- Removedmedia-typer@0.3.0(transitive)
- Removedmerge-descriptors@1.0.0(transitive)
- Removedmethod-override@2.3.10(transitive)
- Removedmethods@1.1.2(transitive)
- Removedmime@1.3.4(transitive)
- Removedmime-db@1.52.0(transitive)
- Removedmime-types@2.1.35(transitive)
- Removedminimist@0.0.8(transitive)
- Removedmkdirp@0.5.1(transitive)
- Removedmorgan@1.6.1(transitive)
- Removedms@0.7.10.7.22.0.0(transitive)
- Removedmultiparty@3.3.2(transitive)
- Removednegotiator@0.5.30.6.3(transitive)
- Removedon-finished@2.3.0(transitive)
- Removedon-headers@1.0.2(transitive)
- Removedparseurl@1.3.3(transitive)
- Removedpause@0.1.0(transitive)
- Removedproxy-addr@1.0.10(transitive)
- Removedqs@4.0.0(transitive)
- Removedrandom-bytes@1.0.0(transitive)
- Removedrange-parser@1.0.3(transitive)
- Removedraw-body@2.1.7(transitive)
- Removedreadable-stream@1.1.14(transitive)
- Removedresponse-time@2.3.2(transitive)
- Removedrndm@1.2.0(transitive)
- Removedsend@0.13.00.13.2(transitive)
- Removedserve-favicon@2.3.2(transitive)
- Removedserve-index@1.7.3(transitive)
- Removedserve-static@1.10.3(transitive)
- Removedstatuses@1.2.11.5.0(transitive)
- Removedstream-counter@0.2.0(transitive)
- Removedstring_decoder@0.10.31(transitive)
- Removedtsscmp@1.0.5(transitive)
- Removedtype-is@1.6.18(transitive)
- Removeduid-safe@2.0.02.1.4(transitive)
- Removedunpipe@1.0.0(transitive)
- Removedutils-merge@1.0.0(transitive)
- Removedvary@1.0.11.1.2(transitive)
- Removedvhost@3.0.2(transitive)