Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
a simple slay preboot to instantiate an auth middleware and a custom/default lookup function on the app object
A simple slay
preboot that initializes an authboot
namespaced lookup
function
and middeware
on the app object to be used within the application. Its meant
to wrap up some configuration conventions to be more easily reused in multiple
slay applications without duplicating code unnecessarily.
The purpose of this library is to simply wrap an auth middleware (currently basic-auth based)
and give a mechanism for async validation of that auth. We support
properties of express-basic-auth
as configuration. The lookup
function
replaces the authorizer function with a slightly tweaked API which we will cover
below.
npm install authboot --save
users
- ObjectThe users
object we give contains assumptions if you are not passing in your
own lookup
function. Those assumptions is that that each key
must be the
username for your authorized users while the value must be a hexidecimal
encoding of the sha256
hash of the password. This ensures we are following security best practices even
when this information is loaded in memory from an encrypted config.
lookup({ name, password }, callback)
Function to override the default behavior of using the users
object as
a direct comparison map for who is authorized and using the provided algorithm to
compare the given password with the hash
we have stored as part of the users
object.
challenge
BooleanIndicating whether we will send a challenge response for browser based requests.
realm
StringThe realm given for the service for browser storage of basic auth.
algorithm
StringThe algorithm given to crypto
when creating a hash
.
// root slay preboot in preboots/index.js or preboots.js
module.exports = function (app, opts, callback) {
app.preboot(require('authboot')({
users: {
name: 'hexOfSHA256HashOfPassword'
},
// send challenge request for browser auth
challenge: true,
realm: 'myservicerealm'
}));
callback();
};
// middlewares/index.js or middlewares.js
module.exports = function (app, options, callback) {
// add the middleware itself to the app object when you setup all your other
// middlewares. If its not going to be used across the board for all routes,
// this would be setup in each route handler or on the router itself.
app.use(app.authboot.middleware);
};
const db = require('./db');
const verify = require('./verify');
// root slay preboot in preboots/index.js or preboots.js
module.exports = function (app, opts, callback) {
app.preboot(require('authboot')({
// override lookup with our own async lookup
lookup: ({ user, password }, callback) => {
db.users.get(user, (err, user) => {
if (err) return callback(err);
verify.password(user.passwordHash, password, callback);
});
},
// send challenge request for browser auth
challenge: true,
realm: 'myservicerealm'
}));
callback();
};
// routes/index.js or routes.js
const db = require('./db');
module.exports = function (app, options, callback) {
app.routes.get('/resource', app.authboot.middleware, (req, res, next) => {
// authed route
db.resource.get(req.params, (err, resource) => {
if (err) return next(err);
res.status(200).json(resource);
})
});
};
npm test
FAQs
a simple slay preboot to instantiate an auth middleware and a custom/default lookup function on the app object
We found that authboot demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.