Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
autohost
Advanced tools
Readme
Opinionated HTTP server lib based on express. Automatically configured based on convention driven resources.
Ripped from the guts of Anvil.
Simple navigate to /_autohost to review the current set of resources:
var host = require( 'autohost' )();
host.init();
Configuration can be provided optionally to the init call or during instantiation after the require. The object literal follows the format:
{
processes: 1, // # of processes to spawn - not currently in use
static: './public', // where to host static resources from, default value shown
resources: './resource', // where to load resource modules from, default value shown
port: 8800, // what port to host at, default shown
allowedOrigin: 'leankit.com', // used to filter incoming web socket connections based on origin
websockets: true // enables websockets
}
Resources are expected to be simple modules that return a parameterless function resulting in a JS literal that follows the format:
{
name: 'resource-name',
resources: '', // relative path to static assets for this resource
actions: [
{
alias: 'send', // not presently utilized
verb: 'get', // http verb
topic: 'send', // topic segment appended the resource name
path: '', // url pattern appended to the resource name
handle: function( envelope ) {
// envelope.data, envelope.headers and envelope.params may contain
// information about the request/message received
// envelope reply takes a object literal with data property for
// http body|websocket message
}
}
]
}
Authentication support is supplied via Passport integration. Your application is expected to provide a strategy and authentication method. You can also provide a regex path to make part of your path open to anonymous access.
You must set this up BEFORE calling .init, calling it after initialization will probably cause 'splosions.
// Note: this is an over-simplification, typically you'd tie in auth store access inside the callback.
// Each passport strategy implementation will differ, please see those for details.
var passport = require( 'passport' );
var BasicStrategy = require( 'passport-http' ).BasicStrategy;
var host = require( '../src/autohost.js' )();
host.withPassportStrategy(
new BasicStrategy({}, function( username, password, done ) {
if( username == 'anon' || ( username == 'admin' && password == 'admin' ) ) {
done( null, username );
} else {
done( null, false );
}
} ),
passport.authenticate( 'basic', { session: false } ),
/^[\/]anon.*/ );
The general approach is this:
This basically goes against least-priviledge. If this is a problem, assign a baseline 'authenticated' or 'user' role to every action returned to you during server start-up OR always return either of these during the 'getRolesFor' call.
The authorization strategy MUST implement 3 calls:
Will recieve a hashmap of resources and resource action names. Action names follow a namespace convention of {resource name}.{alias}. The done call back MUST be called.
Here's an example of the format.
{
'_autohost': [
'_autohost.api',
'_autohost.resources',
'_autohost.actions',
'_autohost.connected-sockets'
]
}
This is provided to your auth provider so that actions can automatically be updated (as in storage) on-the-fly when the server spins up.
Given a user's id, this must return any roles assigned to the user in the system. Done must be called with error or roles. An exception should never be allowed to bubble up through this call.
During activation, the action name ( resource.alias ) is passed to this call to determine what roles are able to activate the action. If you don't want actions to default to enabled despite user role, ALWAYS return at least some baseline role ( i.e. 'user', 'authenticated', etc. ).
Done must be called with error or roles. An exception should never be allowed to bubble up through this call.
In order to use this feature, you must provide an authorization strategy with several additional calls. It should go without saying that you're expected invoke the call back with either the result or an error.
Returns the list of users in the authentication store. Necessary in order to map roles to users.
Returns the list of roles in the authorization store.
Sets the total list of roles for an action. (destructive update)
Sets the total list of roles for a user. (destructive update)
Remove a role from the authorization strategy.
Remove a role from the authorization strategy.
MIT License - http://opensource.org/licenses/MIT
FAQs
Resource driven, transport agnostic host
The npm package autohost receives a total of 47 weekly downloads. As such, autohost popularity was classified as not popular.
We found that autohost demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.