Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
brightspace-auth-token
Advanced tools
const AuthToken = require('brightspace-auth-token');
// See brightspace-auth-validation to do this for you!
function authorizeRequest(req) {
const signature = req.headers.authorization.match(/Bearer (.+)/)[1];
const payload = parseAndValidateSignature(signature);
return new AuthToken(payload, signature);
}
require('http')
.createServer((req, res) => {
const token = authorizeRequest(req);
if (!token.hasScope('random', 'greetings', 'read')) {
res.statusCode = 403;
res.end('You don\'t have sufficient scope!\n');
return;
}
let msg;
if (token.isUserContext()) {
msg = 'Hello user!\n';
} else if (token.isTenantContext()) {
msg = 'Hello service, acting at the tenant level!\n';
} else if (token.isGlobalContext()) {
msg = 'Hello service, maintaining all of our systems!\n';
}
res.statusCode = 200;
res.end(msg);
})
.listen(3000);
new AuthToken(Object decodedPayload, String source)
-> AuthToken
decodedPayload should be an already verified and parsed JWT body. source should be the signature from which the payload was retrieved.
.user
-> String|Undefined
The identifier for the user this token belongs to. Not present outside of user context.
.tenant
-> String|Undefined
The tenant UUID this token belongs to. Not present outside of user and tenant contexts.
.actualUser
-> String|Undefined
The identifier for the acting user. For convenience, this will always be the
same as user
except in the case of impersonation. Not present outside of
user context.
.isGlobalContext()
-> Boolean
.isTenantContext()
-> Boolean
.isUserContext()
-> Boolean
.isImpersonating()
-> Boolean
.context
-> Symbol
.hasScope(String group, String resource, String permission)
-> Boolean
.scope
-> Map
.cacheKey
-> String
A normalized string which could be used as part of cache keys when caching resources.
.source
-> String
The source signature provider when creating the token.
npm test
Fork the repository. Committing directly against this repository is highly discouraged.
Make your modifications in a branch, updating and writing new unit tests
as necessary in the spec
directory.
Ensure that all tests pass with npm test
rebase
your changes against master. Do not merge.
Submit a pull request to this repository. Wait for tests to run and someone to chime in.
This repository is configured with EditorConfig and ESLint rules.
FAQs
Helper for interacting with an incoming Brightspace JWT
The npm package brightspace-auth-token receives a total of 445 weekly downloads. As such, brightspace-auth-token popularity was classified as not popular.
We found that brightspace-auth-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.