cf-auth-middleware
Authentication middleware for APIs using cf-auth-provider
Installation
npm install --save cf-auth-middleware
Usage
var express = require('express')
, createAuthMiddleware = require('cf-auth-middleware')
, authProvider = require('cf-auth-provider')(myCollection, hashFn)
var app = express()
, authMiddleware = createAuthMiddleware(authProvider)
app.get('/private', authMiddleware, function (req, res) {
})
An authenticated request must contain either the following headers:
Content-Type: 'application/json'
x-cf-date: 'Tue, 05 Nov 2013 12:22:23 GMT'
authorization: 'Catfish {authorizing entity id}:{signed request}'
OR
It must contain the following query string keys:
?authorization={authorizing entity id}:{signed request}&x-cf-date=1423481045233
The client must sign requests with the cf-signature module.
API
var createMiddleware = require('cf-auth-middleware')
var middleware = createMiddleware(AuthProvider: authProvider, Object: options)
authProvider
is an instance of cf-auth-provider
.
Options:
options.logger
: an object with debug()
, info()
, warn()
, error()
. Defaults to console
.options.reqProperty
: the authed client's id is stored on the request object: req[options.reqProperty]
. Defaults to authedClient
.options.ignoreQueryKeys
: an array of keys to ignore when comparing the request to the signature.
This is useful when requests get augmented by unknown cache-busting values. Defaults to []
.
Credits
Built by developers at Clock.
Licence
Licensed under the New BSD License