arctic
Advanced tools
Comparing version 0.0.0 to 0.1.0
{ | ||
"name": "arctic", | ||
"version": "0.0.0", | ||
"description": "Database migration API for Knex", | ||
"main": "./src", | ||
"scripts": { | ||
"lint": "standard", | ||
"test": "npm run lint && babel-tape-runner test/*" | ||
}, | ||
"type": "module", | ||
"version": "0.1.0", | ||
"description": "A collection of auth-related utilities", | ||
"main": "dist/index.js", | ||
"types": "dist/index.d.ts", | ||
"module": "dist/index.js", | ||
"files": [ | ||
"/dist/" | ||
], | ||
"author": "pilcrowOnPaper", | ||
"license": "MIT", | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/knex/arctic.git" | ||
"url": "https://github.com/pilcrowOnPaper/oslo" | ||
}, | ||
"keywords": [ | ||
"knex", | ||
"migrations", | ||
"database" | ||
], | ||
"author": "", | ||
"license": "MIT", | ||
"bugs": { | ||
"url": "https://github.com/knex/arctic/issues" | ||
}, | ||
"homepage": "https://github.com/knex/arctic", | ||
"contributors": [ | ||
"Ben Drucker <bvdrucker@gmail.com> (http://bendrucker.me)", | ||
"Tim Griesser <tgriesser10@gmail.com>" | ||
], | ||
"devDependencies": { | ||
"babel": "~5.1.10", | ||
"babel-tape-runner": "~1.1.0", | ||
"blue-tape": "~0.1.8", | ||
"isparta": "^2.2.0", | ||
"knex": "~0.7.6", | ||
"proxyquire": "^1.4.0", | ||
"sinon": "^1.14.1", | ||
"sinon-as-promised": "^2.0.3", | ||
"sqlite3": "~3.0.5", | ||
"standard": "bendrucker/standard#babel" | ||
"@types/node": "^20.8.6", | ||
"@typescript-eslint/eslint-plugin": "^6.7.5", | ||
"@typescript-eslint/parser": "^6.7.5", | ||
"eslint": "^8.51.0", | ||
"prettier": "^3.0.3", | ||
"typescript": "^5.2.2" | ||
}, | ||
"dependencies": { | ||
"bluebird": "^2.9.14", | ||
"easydate": "^1.2.1", | ||
"interpret": "~0.5.2", | ||
"lodash.template": "^3.3.2", | ||
"xtend": "^4.0.0" | ||
"oslo": "0.19.0" | ||
}, | ||
"standard": { | ||
"ignore": [ | ||
"src/stubs/*" | ||
] | ||
"scripts": { | ||
"build": "rm -rf dist/* && tsc", | ||
"format": "prettier -w .", | ||
"lint": "eslint src", | ||
"test": "vitest run --sequence.concurrent" | ||
} | ||
} | ||
} |
223
README.md
@@ -1,2 +0,221 @@ | ||
# arctic | ||
Database migration API for Knex | ||
# `arctic` | ||
Library for handling OAuth 2.0 with built-in providers. Light weight, fully-typed, runtime-agnostic. Built using [`oslo`](http://github.com/pilcrowonpaper/oslo). For a more flexible OAuth 2.0 client, see [`oslo/oauth2`](http://github.com/pilcrowonpaper/oslo). | ||
``` | ||
npm install arctic | ||
``` | ||
## Providers | ||
- [Apple](#oauth-20) | ||
- [Azure AD](#oauth-20-with-pkce-flow) | ||
- [Discord](#oauth-20) | ||
- [Facebook](#oauth-20) | ||
- [Github](#oauth-20) | ||
- [Google](#oauth-20) | ||
- [LINE](#oauth-20) | ||
- [Spotify](#oauth-20) | ||
- [Twitch](#oauth-20) | ||
- [Twitter](#oauth-20-with-pkce-flow) | ||
## OAuth 2.0 | ||
Most providers require the `client_id` and `client_secret`. You may also optionally pass `scope`. For OIDC clients, `openid` and `profile` scope are always included. | ||
```ts | ||
import { Github } from "arctic"; | ||
const github = new Github(clientId, clientSecret, { | ||
scope: ["user:email"] // etc | ||
}); | ||
``` | ||
Some providers also require the redirect URI. | ||
```ts | ||
import { Google } from "arctic"; | ||
const redirectURI = "http://localhost:3000/login/google/callback"; | ||
const github = new Github(clientId, clientSecret, redirectURI); | ||
``` | ||
### Create authorization URL | ||
Generate state using `generateState()` and store it as a cookie. Use it to create an authorization URL with `createAuthorizationURL()` and redirect the user to it. | ||
```ts | ||
import { generateState } from "arctic"; | ||
const state = generateState(); | ||
const url = await github.createAuthorizationURL(state); | ||
// store state as cookie | ||
setCookie("state", state, { | ||
secure: true, // set to false in localhost | ||
path: "/", | ||
httpOnly: true, | ||
maxAge: 60 * 10 // 10 min | ||
}); | ||
return redirect(url); | ||
``` | ||
### Validate authorization code | ||
Compare the state, and use `validateAuthorizationCode()` to validate the authorization code. This returns an object with an access token, and a refresh token if requested. If the code is invalid, it will throw an `AccessTokenRequestError`. | ||
```ts | ||
import { OAuth2RequestError } from "arctic"; | ||
const code = request.url.searchParams.get("code"); | ||
const state = request.url.searchParams.get("state"); | ||
const storedState = getCookie("state"); | ||
if (!code || !storedState || state !== storedState) { | ||
// 400 | ||
throw new Error("Invalid request"); | ||
} | ||
try { | ||
const tokens = await github.validateAuthorizationCode(code); | ||
} catch (e) { | ||
if (e instanceof OAuth2RequestError) { | ||
const { message, description, request } = e; | ||
} | ||
// unknown error | ||
} | ||
``` | ||
### Other | ||
See also: | ||
- [Get the current user](#get-the-current-user) | ||
- [Refresh access tokens](#refresh-access-tokens) | ||
## OAuth 2.0 with PKCE flow | ||
Most providers require the `client_id` and `client_secret`. You may also optionally pass `scope`. For OIDC clients, `openid` and `profile` scope are always included. | ||
```ts | ||
import { Github } from "arctic"; | ||
const github = new Github(clientId, clientSecret, { | ||
scope: ["user:email"] // etc | ||
}); | ||
``` | ||
Some providers also require the redirect URI. | ||
```ts | ||
import { Google } from "arctic"; | ||
const redirectURI = "http://localhost:3000/login/google/callback"; | ||
const github = new Github(clientId, clientSecret, redirectURI); | ||
``` | ||
### Create authorization URL | ||
Generate state and code verifier using `generateState()` and `generateCodeVerifier()`, and store them as cookies. Use them to create an authorization URL with `createAuthorizationURL()` and redirect the user to it. | ||
```ts | ||
import { generateState, generateCodeVerifier } from "arctic"; | ||
const state = generateState(); | ||
const codeVerifier = generateCodeVerifier(); | ||
const url = await github.createAuthorizationURL(state, codeVerifier); | ||
// store state and code verifier as cookie | ||
setCookie("state", state, { | ||
secure: true, // set to false in localhost | ||
path: "/", | ||
httpOnly: true, | ||
maxAge: 60 * 10 // 10 min | ||
}); | ||
setCookie("code_verifier", state, { | ||
secure: true, // set to false in localhost | ||
path: "/", | ||
httpOnly: true, | ||
maxAge: 60 * 10 // 10 min | ||
}); | ||
return redirect(url); | ||
``` | ||
### Validate authorization code | ||
Compare the state, and use `validateAuthorizationCode()` to validate the authorization code with the code verifier. This returns an object with an access token, and a refresh token if requested. If the code is invalid, it will throw an `AccessTokenRequestError`. | ||
```ts | ||
import { OAuth2RequestError } from "arctic"; | ||
const code = request.url.searchParams.get("code"); | ||
const state = request.url.searchParams.get("state"); | ||
const codeVerifier = request.url.searchParams.get("code_verifier"); | ||
const storedState = getCookie("state"); | ||
if (!code || !codeVerifier || state !== storedState) { | ||
// 400 | ||
throw new Error("Invalid request"); | ||
} | ||
try { | ||
const tokens = await github.validateAuthorizationCode(code, codeVerifier); | ||
} catch (e) { | ||
if (e instanceof OAuth2RequestError) { | ||
// see https://oslo.js.org/reference/oauth2/OAuth2RequestError/ | ||
const { request, message, description } = e; | ||
} | ||
// unknown error | ||
} | ||
``` | ||
### Other | ||
See also: | ||
- [Get the current user](#get-the-current-user) | ||
- [Refresh access tokens](#refresh-access-tokens) | ||
## Other | ||
### Get the current user | ||
Some providers expose `getUser()` to get the current user from an access token. This will throw an `RequestError` if the access token is invalid. | ||
```ts | ||
import { RequestError } from "arctic"; | ||
try { | ||
const user = await github.getUser(tokens.accessToken); | ||
} catch (e) { | ||
if (e instanceof RequestError) { | ||
// get fetch Request and Response | ||
const { request, response } = e; | ||
} | ||
// unknown error | ||
} | ||
``` | ||
### Refresh access tokens | ||
Some providers expose `refreshAccessToken()` to get a new access token from a refresh token. This will throw an `OAuth2RequestError` if the refresh token is invalid. | ||
```ts | ||
import { OAuth2RequestError } from "arctic"; | ||
try { | ||
const tokens = await google.refreshAccessToken(refreshToken); | ||
} catch (e) { | ||
if (e instanceof OAuth2RequestError) { | ||
// see https://oslo.js.org/reference/oauth2/OAuth2RequestError/ | ||
const { request, message, description } = e; | ||
} | ||
// unknown error | ||
} | ||
``` |
Sorry, the diff of this file is not supported yet
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
41757
1
6
27
993
0
222
0
Yes
1
2
11
+ Addedoslo@0.19.0
+ Added@emnapi/core@1.2.0(transitive)
+ Added@emnapi/runtime@1.2.0(transitive)
+ Added@emnapi/wasi-threads@1.0.1(transitive)
+ Added@napi-rs/wasm-runtime@0.2.4(transitive)
+ Added@node-rs/argon2@1.8.3(transitive)
+ Added@node-rs/argon2-android-arm-eabi@1.8.3(transitive)
+ Added@node-rs/argon2-android-arm64@1.8.3(transitive)
+ Added@node-rs/argon2-darwin-arm64@1.8.3(transitive)
+ Added@node-rs/argon2-darwin-x64@1.8.3(transitive)
+ Added@node-rs/argon2-freebsd-x64@1.8.3(transitive)
+ Added@node-rs/argon2-linux-arm-gnueabihf@1.8.3(transitive)
+ Added@node-rs/argon2-linux-arm64-gnu@1.8.3(transitive)
+ Added@node-rs/argon2-linux-arm64-musl@1.8.3(transitive)
+ Added@node-rs/argon2-linux-x64-gnu@1.8.3(transitive)
+ Added@node-rs/argon2-linux-x64-musl@1.8.3(transitive)
+ Added@node-rs/argon2-wasm32-wasi@1.8.3(transitive)
+ Added@node-rs/argon2-win32-arm64-msvc@1.8.3(transitive)
+ Added@node-rs/argon2-win32-ia32-msvc@1.8.3(transitive)
+ Added@node-rs/argon2-win32-x64-msvc@1.8.3(transitive)
+ Added@node-rs/bcrypt@1.10.4(transitive)
+ Added@node-rs/bcrypt-android-arm-eabi@1.10.4(transitive)
+ Added@node-rs/bcrypt-android-arm64@1.10.4(transitive)
+ Added@node-rs/bcrypt-darwin-arm64@1.10.4(transitive)
+ Added@node-rs/bcrypt-darwin-x64@1.10.4(transitive)
+ Added@node-rs/bcrypt-freebsd-x64@1.10.4(transitive)
+ Added@node-rs/bcrypt-linux-arm-gnueabihf@1.10.4(transitive)
+ Added@node-rs/bcrypt-linux-arm64-gnu@1.10.4(transitive)
+ Added@node-rs/bcrypt-linux-arm64-musl@1.10.4(transitive)
+ Added@node-rs/bcrypt-linux-x64-gnu@1.10.4(transitive)
+ Added@node-rs/bcrypt-linux-x64-musl@1.10.4(transitive)
+ Added@node-rs/bcrypt-wasm32-wasi@1.10.4(transitive)
+ Added@node-rs/bcrypt-win32-arm64-msvc@1.10.4(transitive)
+ Added@node-rs/bcrypt-win32-ia32-msvc@1.10.4(transitive)
+ Added@node-rs/bcrypt-win32-x64-msvc@1.10.4(transitive)
+ Added@tybys/wasm-util@0.9.0(transitive)
+ Addedoslo@0.19.0(transitive)
+ Addedtslib@2.6.3(transitive)
- Removedbluebird@^2.9.14
- Removedeasydate@^1.2.1
- Removedinterpret@~0.5.2
- Removedlodash.template@^3.3.2
- Removedxtend@^4.0.0
- Removedbluebird@2.11.0(transitive)
- Removedeasydate@1.4.0(transitive)
- Removedinterpret@0.5.2(transitive)
- Removedlodash._basecopy@3.0.1(transitive)
- Removedlodash._basetostring@3.0.1(transitive)
- Removedlodash._basevalues@3.0.0(transitive)
- Removedlodash._getnative@3.9.1(transitive)
- Removedlodash._isiterateecall@3.0.9(transitive)
- Removedlodash._reinterpolate@3.0.0(transitive)
- Removedlodash._root@3.0.1(transitive)
- Removedlodash.escape@3.2.0(transitive)
- Removedlodash.isarguments@3.1.0(transitive)
- Removedlodash.isarray@3.0.4(transitive)
- Removedlodash.keys@3.1.2(transitive)
- Removedlodash.restparam@3.6.1(transitive)
- Removedlodash.template@3.6.2(transitive)
- Removedlodash.templatesettings@3.1.1(transitive)
- Removedxtend@4.0.2(transitive)