Socket
Socket
Sign inDemoInstall

att-express-auth

Package Overview
Dependencies
0
Maintainers
3
Versions
4
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.0.3 to 0.0.4

191

index.js

@@ -1,126 +0,95 @@

var _ = require('underscore'),
colors = require('colors'),
request = require('request'),
var https = require('https'),
querystring = require('querystring');
exports.middleware = function (config) {
if (!config.app || !config.clientId || !config.clientSecret || !config.defaultUrl || !config.scopes) {
throw new Error('You have to pass the app, clientId and clientSecret, a default redirect and a list of scopes. For example:');
}
function ATTTAuthMiddleware() {
this.showHelp = function (message) {
var output = [
"\n",
message.red,
"_____________________________________________________________",
"",
"var express = require('express'),",
" auth = require('att-express-auth'),",
" app = express();",
"",
"",
"app.use(express.cookieParser());",
"app.use(express.session({ secret: 'keyboard cat' }));",
"app.use(attAuth.middleware({",
" app: app,",
" clientId: 'YOUR CLIENT ID',",
" clientSecret: 'YOUR CLIENT SECRET',",
" scopes: ['profile', 'addessbook'],",
" redirectUrl: 'http://localhost:3000/secured'",
"}));",
"",
"// a route that requires being logged in with att",
"app.get('/my-secured-route', auth.secure(), function (req, res) {",
" // req.user is everything we know about the att user",
" // req.token is now the auth token",
" res.send(req.user)",
"});",
"_____________________________________________________________",
"",
""
].join('\n');
console.log(output);
};
config.logoutUrl = config.logoutUrl || '/';
this.middleware = function (config) {
var self = this;
if (!config.app || !config.clientId || !config.clientSecret || !config.redirectUrl || !config.scopes) {
this.showHelp('You have to pass the app, clientId and clientSecret, a default redirect and a list of scopes. For example:');
}
// store our configs as properties
_.extend(this, {
loggedOutRedirect: '/',
loginPageUrl: '/login',
accountsUrl: 'https://auth.tfoundry.com'
}, config);
// the login route
this.app.get('/auth', function (req, res) {
var url = self.accountsUrl + '/oauth/authorize?' + querystring.stringify({
response_type: 'code',
client_id: self.clientId,
type: 'web_server',
scope: self.scopes.join(','),
redirect_uri: self.redirectUrl
});
res.redirect(url);
config.app.get('/auth', function (req, res) {
var authUrl = 'https://auth.tfoundry.com/oauth/authorize?' + querystring.stringify({
response_type: 'code',
client_id: config.clientId,
type: 'web_server',
scope: config.scopes.join(','),
redirect_uri: ''
});
res.redirect(authUrl);
});
this.app.get('/auth/callback', function (req, response) {
var code = querystring.parse(req.url.split('?')[1]).code,
token;
request.post({
url: self.accountsUrl + '/oauth/token',
form: {
code: code,
grant_type: 'authorization_code',
client_id: self.clientId,
client_secret: self.clientSecret,
redirect_uri: self.redirectUrl
}
}, function (err, res, body) {
if (res && res.statusCode === 200) {
token = JSON.parse(body).access_token;
}
request.get({
url: self.accountsUrl + '/me.json',
qs: {access_token: token},
json: true
}, function (err, res, body) {
var nextUrl = req.session.nextUrl || self.redirectUrl || '/';
if (res && res.statusCode === 200) {
req.session.user = body;
req.session.accessToken = token;
config.app.get('/auth/callback', function (req, res) {
var tokenReq = https.request({
method: 'POST',
headers: {
'Content-Type': 'x-www-form-urlencoded',
'Content-Length': 0
},
hostname: 'auth.tfoundry.com',
path: '/oauth/token?' + querystring.stringify({
code: req.query.code,
grant_type: 'authorization_code',
client_id: config.clientId,
client_secret: config.clientSecret,
redirect_uri: '',
type: 'web_server'
}),
port: 443
}, function (response) {
var body = '';
response.on('data', function (data) {
body += data;
});
response.on('end', function (data) {
if (data) body += data;
body = JSON.parse(body);
req.session.auth = body;
var meReq = https.request({
hostname: 'auth.tfoundry.com',
path: '/me.json?access_token=' + req.session.auth.access_token,
}, function (response) {
var me = '';
if (response.statusCode !== 200) return res.redirect('/auth/failed');
response.on('data', function (data) {
me += data;
});
response.on('end', function (data) {
if (data) me += data;
me = JSON.parse(me);
req.session.user = me;
var nextUrl = req.session.nextUrl || config.defaultUrl;
delete req.session.nextUrl;
req.session.save(function () {
response.redirect(nextUrl);
});
} else {
response.redirect('/login-failed');
}
res.redirect(nextUrl);
});
});
meReq.end();
});
if (response.statusCode !== 200)
return res.redirect('/auth/failed');
});
tokenReq.end();
});
this.app.get('/logout', function (req, res) {
req.session.destroy();
res.redirect(self.loggedOutRedirect);
});
config.app.get('/logout', function (req, res) {
req.session.destroy();
res.redirect(config.logoutUrl);
});
return function (req, res, next) {
next();
};
return function (req, res, next) {
next();
};
};
this.secure = function () {
var self = this;
return function (req, res, next) {
if (req.session.user) {
next();
} else {
req.session.nextUrl = req.url;
res.redirect(self.loginPageUrl);
}
};
exports.secure = function () {
return function (req, res, next) {
if (req.session.user && req.session.auth) return next();
req.session.nextUrl = req.url;
res.redirect('/auth');
};
}
module.exports = new ATTTAuthMiddleware();
};

7

package.json

@@ -5,7 +5,4 @@ {

"description": "Drop-in auth middleware for alpha-auth AT&T.",
"version": "0.0.3",
"version": "0.0.4",
"dependencies": {
"colors": "",
"request": "",
"underscore": ""
},

@@ -17,2 +14,2 @@ "devDependencies": {

"main": "index.js"
}
}
.jshintrc

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc