cf-auth-middleware
Advanced tools
cf-auth-middleware - npm Package Compare versions
Comparing version 3.0.0 to 3.1.0
16
auth.js
@@ -7,4 +7,3 @@ var getCredentials = require('./get-credentials') | ||
| function createMiddleware (authProvider, options) { | ||
| if (!options) options = {} | ||
| var logger = options.logger || console | ||
| options = options || {} | ||
| var reqProperty = options.reqProperty || 'authedClient' | ||
@@ -87,3 +86,3 @@ | ||
| var valid = validSignature(req, authPacket, key, creds.signature, | ||
| { logger: logger, ignoreQueryKeys: options.ignoreQueryKeys }) | ||
| { ignoreQueryKeys: options.ignoreQueryKeys, defaultTtl: options.defaultTtl }) | ||
@@ -112,2 +111,3 @@ if (!valid) { | ||
| options = options || {} | ||
| options.defaultTtl = options.defaultTtl || 60000 | ||
@@ -128,3 +128,2 @@ options.ignoreQueryKeys = options.ignoreQueryKeys || [] | ||
| }) | ||
| var contentType = req.headers['content-type'] ? req.headers['content-type'].split(';')[0] : '' | ||
@@ -135,8 +134,11 @@ var ourSig = createSignature(key, req.method, contentType, authPacket.date, url.format(urlParts), authPacket.ttl) | ||
| var difference = Math.abs(currentDate - requestDate) | ||
| var maxDifference = authPacket.ttl || 60000 | ||
| var maxDifference = authPacket.ttl || options.defaultTtl | ||
| debug('Comparing:', ourSig, theirSig) | ||
| debug('Request Time: ' + requestDate + ' Current Time: ' + currentDate + ' Difference: ' + difference) | ||
| debug('Request Time: ' + requestDate + | ||
| ' Current Time: ' + currentDate + | ||
| ' Difference: ' + difference + | ||
| ' TTL:' + maxDifference) | ||
| return (theirSig === ourSig) && difference < maxDifference | ||
| return (theirSig === ourSig) && difference <= maxDifference | ||
| } | ||
@@ -143,0 +145,0 @@ |
@@ -5,3 +5,3 @@ { | ||
| "description": "Authentication middleware for APIs using cf-auth-provider", | ||
| "version": "3.0.0", | ||
| "version": "3.1.0", | ||
| "tags": [], | ||
@@ -8,0 +8,0 @@ "repository": { |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.75%
9164
- Lines of code
- increased by2.22%
138
- Number of medium supply chain risk alerts
- decreased by-100%
0