Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

auth

Package Overview
Dependencies
Maintainers
1
Versions
17
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

auth - npm Package Compare versions

Comparing version 0.0.9 to 1.0.0

index.js
LICENSE

49

package.json
{
"name": "auth",
"version": "0.0.9",
"description": "ERROR: No README.md file found!",
"main": "./lib/index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
"description": "The CLI tool by Auth.js to supercharge your authentication workflow.",
"homepage": "https://cli.authjs.dev",
"version": "1.0.0",
"type": "module",
"bin": {
"auth": "index.js"
},
"repository": {
"type": "git",
"url": "git://github.com/crcn/node-auth.git"
},
"author": "",
"license": "BSD",
"files": [
"*.d.ts*",
"*.js",
"lib",
"src"
],
"keywords": [
"authjs",
"cli"
],
"author": "Balázs Orbán <info@balazsorban.com>",
"license": "MIT",
"dependencies": {
"outcome": "0.0.x",
"step": "0.0.x",
"structr": "0.2.x",
"underscore": "1.4.x",
"dsync": "0.0.x",
"vine": "0.1.x",
"dustjs-linkedin": "1.1.x",
"seq": "0.3.x",
"comerr": "0.0.x",
"verify": "0.0.x"
"commander": "11.1.0"
},
"browserify": "./browser/index.js",
"devDependencies": {
"plugin": "*",
"plugin-express": "0.0.x",
"plugin-mongodb": "0.0.x"
"prettier": {
"semi": false
}
}
}

181

README.md

@@ -0,175 +1,32 @@

# Auth.js CLI
The CLI tool by [Auth.js](https://authjs.dev) to supercharge your authentication workflow.
## Features
## Installation
- share items with multiple users
- creating account tokens with access to specific collections & items
- used for locking down public access to certain features.
- ability to add expiration for tokens
-
You don't need to install this package, run any of the following commands:
```javascript
var mongoose = require("mongoose"),
step = require("step"),
Schema = mongoose.Schema,
ObjectId = Schema.Types.ObjectId;
var auth = require("auth").connect({
connection: mongoose.createConnection("mongodb://localhost/auth-test")
});
var Post = new Schema({
message: String
});
//make the post ownable
Post.plugin(auth.ownable);
step(
function() {
auth.signup({ email: "me@email.com", password: "password" }, this);
},
function(err, account) {
this.account = account;
var post = new Post({
message: "Hello World!"
});
//make the account OWN the post
account.own(post);
post.save(this);
},
function() {
Post.find(this.account.ownQuery(), this);
},
function(err, post) {
console.log(post.message); //Hello World!
}
);
```sh
npx auth
```
## Usage
## auth API
<!-- TODO: Generate by running `node index.js --help` and writing this -->
### auth auth.connect(options)
- options
`connection` - mongodb connection
```sh
Usage: auth [options] [command]
### auth.Account.signup(account, onCreated)
Options:
-V, --version output the version number
-h, --help display help for command
creates a new user
### auth.Account.login(credentals, onLogin)
Logs the user in with u/p, or a token
Example:
```javascript
auth.Account.login({ token: tokenKey }, onLogin);
auth.Account.login({ email: "email", password: "password" }, onLogin);
Commands:
secret [options] Generate a random string.
framework [framework] Clone a framework template.
help [command] display help for command
```
## Account API
## Acknowledgements
### account.getMainToken(callback)
returns the main access token with super privileges. No restrictions to collections & items.
```javascript
user.getMainToken(function(null, token) {
console.log(token.key); //key used to login
console.log(token.ttl); // -1 = no expiration date.
console.log(token.scope); //[ { collectionName: null, item: null, access: ["GET", "POST", "PUT", "DELETE", "SUPER"]}]
})
```
### account.createToken(options, callback)
- `options` - options for the token
- `item` - the item to grant access to (optional)
- `collectionName` - the collection
- `ttl` - time in MS for expiration
- `access` - (array) scope access. default is `access.all()`
```javascript
//only give access to the posts collection, and only allow reading items
user.createToken({ item: Posts.collection.name, access: [access.POST] }, function(err, token) {
console.log(token.scope); //[ { collectionName: "posts", item: null, access: ["GET"]}]
});
```
### account.ownItem(item)
makes the account an owner of an item with SUPER privileges on item
```javascript
var p = new Post({ message: "hello!" });
user.ownItem(p);
p.save();
```
### account.shareItem(item, access)
Shares an item with another user
- `item` - item to own
- `access` - access level for the given item. Blank = ALL privileges.
```javascript
var access = require("auth").access;
Post.findOne({message:"hello!"}, function(err, post) {
user2.shareItem(post, [access.GET]); //ability to only see item
post.save();
});
```
### account.authorized(item, access)
returns TRUE if the account has access to the item. Note that the result can be variable
depending if whether the given user logs in with a restricted login token. See below.
```javascript
//logged
user2.authorized(post); //TRUE
user2.authorized(post, [access.POST]); //FALSE
user2.authorized(post, [access.GET]); //TRUE
user2.authorized(post, [access.GET, access.POST]); //TRUE
//login with the post owner, but restrict access with the created
//token above.
User.login({ token: aboveTokenKey }, function(err, user) {
user.authorized(post, [access.TRUE]); //FALSE
user.authorized(post, [access.POST]); //FALSE
})
```
### Error account.unauthorized(callback)
Tiny flow-control utility.
### account.addToSearch(query)
adds account to the given search. For example:
```javascript
Post.findOne(user.addToSearch(), function(err, post) {
user.authorized(post); //TRUE
})
## TODO
- make sub-schemas ownable
- sharing whole collections (job & timer)
- custom authentication schema
- validation of credentials (email/pass)
- Auth.lockdown - prevent models from being saved or serialized if unauthorized
- hooks with [passport](https://github.com/jaredhanson/passport)
Special thanks to Craig for the `auth` package name on npm.
.cupboard
.npmignore
browser/account.js
browser/index.js
docs/issues.md
docs/pseudo-1.js
examples/ex1.js
examples/ex2.js
examples/models.js
examples/plugin-1.js
examples/pseduo.js
examples/pseudo-2.js
examples/pseudo-3.js
lib/access.js
lib/http/middleware/index.js
lib/http/routes/index.js
lib/http/routes/lostPassword.js
lib/http/routes/reqOutcome.js
lib/index.js
lib/mixin/ownableModel.js
lib/models/account.js
lib/models/lostPassword.js
lib/models/token.js
models.md
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc