corbado - npm Package Compare versions
Comparing version 1.0.2 to 1.1.0
| { | ||
| "name": "corbado", | ||
| "version": "1.0.2", | ||
| "version": "1.1.0", | ||
| "description": "", | ||
| "main": "./src/corbado.js", | ||
| "scripts": { | ||
| "test": "echo \"Error: no test specified\" && exit 1", | ||
| "build": "webpack --config webpack.config.js" | ||
| "test": "mocha --reporter spec" | ||
| }, | ||
@@ -27,7 +26,10 @@ "repository": { | ||
| "dependencies": { | ||
| "assert": "^2.0.0", | ||
| "axios": "^1.3", | ||
| "jose": "^4.14.4" | ||
| }, | ||
| "devDependencies": { | ||
| "chai": "^4.3.7", | ||
| "mocha": "^10.2.0", | ||
| "sinon": "^15.0.4" | ||
| "mocha": "^10.2.0" | ||
| } | ||
| } |
| const PasskeyService = require('./services/passkey.service'); | ||
| const EmailLinkService = require('./services/emaillink.service'); | ||
| const ShortSession = require('./services/shortsession.service'); | ||
| const SessionService = require('./services/session.service'); | ||
| const getClientInfo = require('./utils/clientInfo.utils'); | ||
| const assert = require('assert') | ||
| class Corbado { | ||
| const EMAIL_TEMPLATES = { | ||
| EMAIL_SIGN_UP_TEMPLATE: 'email_signup_user', | ||
| EMAIL_LOGIN_TEMPLATE: 'email_login_user', | ||
| PASSKEY_SIGN_UP_TEMPLATE: 'webauthn_signup_user', | ||
| PASSKEY_LOGIN_TEMPLATE: 'webauthn_login_user', | ||
| } | ||
| #shortSession = null | ||
| #passkeyService = null | ||
| #emailLinkService = null | ||
| #sessionService = null | ||
| const API_URL = 'https://api.corbado.com/v1/'; | ||
| /** | ||
| * @type {Configuration} | ||
| */ | ||
| #config = null | ||
| class Corbado { | ||
| /** | ||
| * | ||
| * @param {Configuration} config | ||
| */ | ||
| constructor(config) { | ||
| this.#config = config | ||
| } | ||
| /** | ||
| * @param {string} projectID Project ID from https://app.corbado.com/ | ||
| * @param {string} apiSecret Api secret from https://app.corbado.com/app/settings/credentials/api-keys | ||
| * @param {string} baseURL Optional different api url | ||
| * | ||
| * @returns {PasskeyService} | ||
| */ | ||
| constructor(projectID, apiSecret, baseURL = API_URL) { | ||
| get passkey() { | ||
| if (this.#passkeyService === null) { | ||
| this.#passkeyService = new PasskeyService( | ||
| this.#config.projectID, | ||
| this.#config.apiSecret, | ||
| this.#config.apiURL, | ||
| this.emailLink, | ||
| ) | ||
| } | ||
| if (!projectID) { | ||
| throw new Error('Project ID is required'); | ||
| } else if (projectID.substr(0, 4) !== 'pro-') { | ||
| throw new Error('Project ID is invalid'); | ||
| return this.#passkeyService | ||
| } | ||
| /** | ||
| * | ||
| * @returns {EmailLinkService} | ||
| */ | ||
| get emailLink() { | ||
| if (this.#emailLinkService === null) { | ||
| this.#emailLinkService = new EmailLinkService( | ||
| this.#config.projectID, | ||
| this.#config.apiSecret, | ||
| this.#config.apiURL, | ||
| this.#config.emailTemplates, | ||
| ) | ||
| } | ||
| if (!apiSecret) { | ||
| throw new Error('API secret is required'); | ||
| return this.#emailLinkService | ||
| } | ||
| /** | ||
| * | ||
| * @returns {SessionService} | ||
| */ | ||
| get session() { | ||
| if (this.#sessionService === null) { | ||
| this.#sessionService = new SessionService( | ||
| this.#config.projectID, | ||
| this.#config.apiSecret, | ||
| this.#config.apiURL, | ||
| ) | ||
| } | ||
| this.passkeyService = new PasskeyService(projectID, apiSecret, baseURL); | ||
| this.emailLinkService = new EmailLinkService(projectID, apiSecret, baseURL, EMAIL_TEMPLATES); | ||
| this.sessionService = new SessionService(projectID, apiSecret, baseURL); | ||
| this.utils = {getClientInfo}; | ||
| return this.#sessionService | ||
| } | ||
| /** | ||
| * | ||
| * @returns {ShortSession} | ||
| */ | ||
| get shortSession() { | ||
| if (this.#shortSession === null) { | ||
| assert(this.#config.issuer !== undefined, 'Issuer undefined') | ||
| assert(this.#config.issuer.length > 0, 'Issuer is empty') | ||
| assert(this.#config.jwksURI !== undefined, 'Issuer undefined') | ||
| assert(this.#config.jwksURI.length > 0, 'JWKS uri is empty') | ||
| assert(this.#config.cacheMaxAge > 0, 'Cache max age is invalid') | ||
| this.#shortSession = new ShortSession( | ||
| this.#config.shortSessionCookieName, | ||
| this.#config.issuer, | ||
| this.#config.jwksURI, | ||
| this.#config.cacheMaxAge, | ||
| ) | ||
| } | ||
| return this.#shortSession | ||
| } | ||
| } | ||
| module.exports = Corbado; |
@@ -28,3 +28,3 @@ const axios = require('axios'); | ||
| } catch (error) { | ||
| throw new CorbadoApiError(error.response.status, error.response.statusText, error.request.method, error.config.url, error.config.data); | ||
| throw new CorbadoApiError(error.response.status, error.response.statusText, error.request.method, error.config.url, error.response.data.error); | ||
| } | ||
@@ -34,2 +34,2 @@ } | ||
| module.exports = CorbadoApi; | ||
| module.exports = CorbadoApi; |
@@ -16,2 +16,2 @@ class CorbadoApiError extends Error { | ||
| module.exports = CorbadoApiError | ||
| module.exports = CorbadoApiError |
@@ -59,3 +59,3 @@ const CorbadoApi = require('./CorbadoApi'); | ||
| return await this.corbadoApi.request('emailLinks', 'POST', params); | ||
| return await this.corbadoApi.request('/emailLinks', 'POST', params); | ||
| }; | ||
@@ -88,3 +88,3 @@ | ||
| } | ||
| return await this.corbadoApi.request('emailLinks/' + emailLinkID + '/validate', 'PUT', params); | ||
| return await this.corbadoApi.request('/emailLinks/' + emailLinkID + '/validate', 'PUT', params); | ||
@@ -91,0 +91,0 @@ } |
@@ -6,6 +6,5 @@ const EmailLinkService = require('./emaillink.service'); | ||
| constructor(projectID, apiSecret, apiURL, email_templates) { | ||
| constructor(projectID, apiSecret, apiURL, emailLinkService) { | ||
| this.corbadoApi = new CorbadoApi(projectID, apiSecret, apiURL); | ||
| this.emailLinkService = new EmailLinkService(projectID, apiSecret, apiURL, email_templates); | ||
| this.emailLinkService = emailLinkService | ||
| } | ||
@@ -50,3 +49,3 @@ | ||
| return await this.corbadoApi.request('webauthn/register/start', 'POST', params); | ||
| return await this.corbadoApi.request('/webauthn/register/start', 'POST', params); | ||
| }; | ||
@@ -90,3 +89,3 @@ | ||
| return await this.corbadoApi.request('webauthn/register/finish', 'POST', params); | ||
| return await this.corbadoApi.request('/webauthn/register/finish', 'POST', params); | ||
| }; | ||
@@ -145,3 +144,3 @@ | ||
| return await this.corbadoApi.request('webauthn/credential/${credentialID}', 'PUT', params); | ||
| return await this.corbadoApi.request('/webauthn/credential/${credentialID}', 'PUT', params); | ||
@@ -184,3 +183,3 @@ } | ||
| return await this.corbadoApi.request('webauthn/authenticate/start', 'POST', params); | ||
| return await this.corbadoApi.request('/webauthn/authenticate/start', 'POST', params); | ||
| } | ||
@@ -225,3 +224,3 @@ | ||
| return await this.corbadoApi.request('webauthn/authenticate/finish', 'POST', params); | ||
| return await this.corbadoApi.request('/webauthn/authenticate/finish', 'POST', params); | ||
| } | ||
@@ -228,0 +227,0 @@ } |
@@ -31,3 +31,3 @@ const CorbadoApi = require('./CorbadoApi'); | ||
| } | ||
| return await this.corbadoApi.request('sessions/verify', 'POST', params); | ||
| return await this.corbadoApi.request('/sessions/verify', 'POST', params); | ||
| } | ||
@@ -34,0 +34,0 @@ } |
132
test/test.js
@@ -0,4 +1,9 @@ | ||
| const Configuration = require('../src/config/configuration') | ||
| const Corbado = require('../src/corbado') | ||
| const {expect} = require("chai"); | ||
| const {expect, config} = require("chai"); | ||
| const generateUsername = () => { | ||
| return "test+" + (new Date()).getTime() + "@corbado.com" | ||
| } | ||
| describe('Corbado endpoint tests', function () { | ||
@@ -12,6 +17,13 @@ | ||
| const validConfig = new Configuration() | ||
| validConfig.projectID = process.env.PROJECT_ID | ||
| validConfig.apiSecret = process.env.API_SECRET | ||
| const username = generateUsername() | ||
| it('Validation projectID should work', function () { | ||
| const cfg = new Configuration() | ||
| try { | ||
| new Corbado(undefined, undefined) | ||
| new Corbado(cfg) | ||
| } catch (err) { | ||
@@ -27,3 +39,6 @@ expect(err).to.be.a('error') | ||
| try { | ||
| new Corbado('pro-1234', undefined) | ||
| const cfg = new Configuration() | ||
| cfg.projectID = process.env.PROJECT_ID | ||
| new Corbado(cfg) | ||
| } catch (err) { | ||
@@ -37,7 +52,8 @@ expect(err).to.be.a('error') | ||
| it('Email link should get send', function (done) { | ||
| const corbado = new Corbado(process.env.PROJECT_ID, process.env.API_SECRET) | ||
| corbado.emailLinkService.send( | ||
| "test@corbado.com", | ||
| 'http://localhost', | ||
| const corbado = new Corbado(validConfig) | ||
| corbado.emailLink.send( | ||
| generateUsername(), | ||
| 'http://localhost', | ||
| true, | ||
@@ -61,29 +77,7 @@ {UserFullName: "Test Name"}, | ||
| it('Session verify', function (done) { | ||
| const corbado = new Corbado(process.env.PROJECT_ID, process.env.API_SECRET) | ||
| corbado.sessionService.verify( | ||
| process.env.SESSION_TOKEN, | ||
| clientInfo, | ||
| ).then(rsp => { | ||
| expect(rsp).to.be.a('object'); | ||
| expect(rsp).to.have.property('httpStatusCode').with.equal(200); | ||
| expect(rsp).to.have.property('message') | ||
| expect(rsp).to.have.property('requestData') | ||
| expect(rsp).to.have.property('runtime') | ||
| expect(rsp).to.have.property('data').with.property('userID').with.contains('usr-') | ||
| expect(rsp).to.have.property('data').with.property('userData') | ||
| done() | ||
| }).catch(err => { | ||
| done(err) | ||
| }) | ||
| }) | ||
| it('Passkey register', function (done) { | ||
| const corbado = new Corbado(process.env.PROJECT_ID, process.env.API_SECRET) | ||
| const corbado = new Corbado(validConfig) | ||
| corbado.passkeyService.registerStart( | ||
| 'test@corbado.com', | ||
| corbado.passkey.registerStart( | ||
| username, | ||
| clientInfo, | ||
@@ -108,6 +102,6 @@ 'http://localhost', | ||
| it('Passkey authentication', function (done) { | ||
| const corbado = new Corbado(process.env.PROJECT_ID, process.env.API_SECRET) | ||
| const corbado = new Corbado(validConfig) | ||
| corbado.passkeyService.authenticateFinish( | ||
| 'test@corbado.com', | ||
| corbado.passkey.authenticateStart( | ||
| username, | ||
| clientInfo, | ||
@@ -130,2 +124,70 @@ 'http://localhost', | ||
| }) | ||
| it('Short session validation issuer undefined', function (done) { | ||
| const corbado = new Corbado(validConfig) | ||
| try { | ||
| corbado.shortSession.validate( | ||
| null | ||
| ).then(() => { | ||
| done(new Error('Should not happen')) | ||
| }).catch(err => { | ||
| done(err) | ||
| }) | ||
| } catch (err) { | ||
| expect(err.name).equals('AssertionError') | ||
| expect(err.message).equals('Issuer undefined') | ||
| done() | ||
| } | ||
| }) | ||
| it('Short session validation issuer undefined', function (done) { | ||
| const cfg = new Configuration() | ||
| cfg.projectID = validConfig.projectID | ||
| cfg.apiSecret = validConfig.apiSecret | ||
| cfg.issuer = validConfig.projectID + '.auth.corbado.com' | ||
| const corbado = new Corbado(cfg) | ||
| try { | ||
| corbado.shortSession.validate( | ||
| null | ||
| ).then(() => { | ||
| done(new Error('Should not happen')) | ||
| }).catch(err => { | ||
| done(err) | ||
| }) | ||
| } catch (err) { | ||
| expect(err.name).equals('AssertionError') | ||
| expect(err.message).equals('Issuer undefined') | ||
| done() | ||
| } | ||
| }) | ||
| it('Short session validation valid', function (done) { | ||
| const cfg = new Configuration() | ||
| cfg.projectID = validConfig.projectID | ||
| cfg.apiSecret = validConfig.apiSecret | ||
| cfg.issuer = validConfig.projectID + '.auth.corbado.com' | ||
| cfg.jwksURI = 'https://' + config.issuer + '/.well-known/jwks' | ||
| const corbado = new Corbado(cfg) | ||
| const req = { | ||
| cookies: { | ||
| cbo_short_session: "", | ||
| } | ||
| } | ||
| corbado.shortSession.validate( | ||
| req, | ||
| ).then(() => { | ||
| done(new Error('Should not happen')) | ||
| }).catch(err => { | ||
| expect(err.message === 'JWSInvalid: Invalid Compact JWS') | ||
| done() | ||
| }) | ||
| }) | ||
| }) |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by28.56%
29406
- Dependency count
- decreased by-25%
3
- Number of package files
- increased by30%
13
- Lines of code
- increased by44.6%
710
- Number of low quality alerts
- decreased by-100%
0
- Number of low supply chain risk alerts
- decreased by-66.67%
3
Worsened metrics
- Dev dependency count
- increased byInfinity%
2
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedassert@^2.0.0
+ Addedjose@^4.14.4
+ Addedassert@2.1.0(transitive)
+ Addedavailable-typed-arrays@1.0.7(transitive)
+ Addedcall-bind@1.0.8(transitive)
+ Addedcall-bind-apply-helpers@1.0.1(transitive)
+ Addedcall-bound@1.0.3(transitive)
+ Addeddefine-data-property@1.1.4(transitive)
+ Addeddefine-properties@1.2.1(transitive)
+ Addeddunder-proto@1.0.1(transitive)
+ Addedes-define-property@1.0.1(transitive)
+ Addedes-errors@1.3.0(transitive)
+ Addedes-object-atoms@1.0.0(transitive)
+ Addedfor-each@0.3.3(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-intrinsic@1.2.6(transitive)
+ Addedgopd@1.2.0(transitive)
+ Addedhas-property-descriptors@1.0.2(transitive)
+ Addedhas-symbols@1.1.0(transitive)
+ Addedhas-tostringtag@1.0.2(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedis-arguments@1.2.0(transitive)
+ Addedis-callable@1.2.7(transitive)
+ Addedis-generator-function@1.0.10(transitive)
+ Addedis-nan@1.3.2(transitive)
+ Addedis-typed-array@1.1.15(transitive)
+ Addedjose@4.15.9(transitive)
+ Addedmath-intrinsics@1.1.0(transitive)
+ Addedobject-is@1.1.6(transitive)
+ Addedobject-keys@1.1.1(transitive)
+ Addedobject.assign@4.1.7(transitive)
+ Addedpossible-typed-array-names@1.0.0(transitive)
+ Addedset-function-length@1.2.2(transitive)
+ Addedutil@0.12.5(transitive)
+ Addedwhich-typed-array@1.1.18(transitive)
- Removedchai@^4.3.7
- Removedmocha@^10.2.0
- Removedsinon@^15.0.4
- Removed@sinonjs/commons@3.0.1(transitive)
- Removed@sinonjs/fake-timers@10.3.011.3.1(transitive)
- Removed@sinonjs/samsam@8.0.2(transitive)
- Removed@sinonjs/text-encoding@0.7.3(transitive)
- Removedansi-colors@4.1.3(transitive)
- Removedansi-regex@5.0.1(transitive)
- Removedansi-styles@4.3.0(transitive)
- Removedanymatch@3.1.3(transitive)
- Removedargparse@2.0.1(transitive)
- Removedassertion-error@1.1.0(transitive)
- Removedbalanced-match@1.0.2(transitive)
- Removedbinary-extensions@2.3.0(transitive)
- Removedbrace-expansion@2.0.1(transitive)
- Removedbraces@3.0.3(transitive)
- Removedbrowser-stdout@1.3.1(transitive)
- Removedcamelcase@6.3.0(transitive)
- Removedchai@4.5.0(transitive)
- Removedchalk@4.1.2(transitive)
- Removedcheck-error@1.0.3(transitive)
- Removedchokidar@3.6.0(transitive)
- Removedcliui@7.0.4(transitive)
- Removedcolor-convert@2.0.1(transitive)
- Removedcolor-name@1.1.4(transitive)
- Removeddebug@4.4.0(transitive)
- Removeddecamelize@4.0.0(transitive)
- Removeddeep-eql@4.1.4(transitive)
- Removeddiff@5.2.0(transitive)
- Removedemoji-regex@8.0.0(transitive)
- Removedescalade@3.2.0(transitive)
- Removedescape-string-regexp@4.0.0(transitive)
- Removedfill-range@7.1.1(transitive)
- Removedfind-up@5.0.0(transitive)
- Removedflat@5.0.2(transitive)
- Removedfs.realpath@1.0.0(transitive)
- Removedfsevents@2.3.3(transitive)
- Removedget-caller-file@2.0.5(transitive)
- Removedget-func-name@2.0.2(transitive)
- Removedglob@8.1.0(transitive)
- Removedglob-parent@5.1.2(transitive)
- Removedhas-flag@4.0.0(transitive)
- Removedhe@1.2.0(transitive)
- Removedinflight@1.0.6(transitive)
- Removedis-binary-path@2.1.0(transitive)
- Removedis-extglob@2.1.1(transitive)
- Removedis-fullwidth-code-point@3.0.0(transitive)
- Removedis-glob@4.0.3(transitive)
- Removedis-number@7.0.0(transitive)
- Removedis-plain-obj@2.1.0(transitive)
- Removedis-unicode-supported@0.1.0(transitive)
- Removedjs-yaml@4.1.0(transitive)
- Removedjust-extend@6.2.0(transitive)
- Removedlocate-path@6.0.0(transitive)
- Removedlodash.get@4.4.2(transitive)
- Removedlog-symbols@4.1.0(transitive)
- Removedloupe@2.3.7(transitive)
- Removedminimatch@5.1.6(transitive)
- Removedmocha@10.8.2(transitive)
- Removedms@2.1.3(transitive)
- Removednise@5.1.9(transitive)
- Removednormalize-path@3.0.0(transitive)
- Removedonce@1.4.0(transitive)
- Removedp-limit@3.1.0(transitive)
- Removedp-locate@5.0.0(transitive)
- Removedpath-exists@4.0.0(transitive)
- Removedpath-to-regexp@6.3.0(transitive)
- Removedpathval@1.1.1(transitive)
- Removedpicomatch@2.3.1(transitive)
- Removedrandombytes@2.1.0(transitive)
- Removedreaddirp@3.6.0(transitive)
- Removedrequire-directory@2.1.1(transitive)
- Removedsafe-buffer@5.2.1(transitive)
- Removedserialize-javascript@6.0.2(transitive)
- Removedsinon@15.2.0(transitive)
- Removedstring-width@4.2.3(transitive)
- Removedstrip-ansi@6.0.1(transitive)
- Removedstrip-json-comments@3.1.1(transitive)
- Removedsupports-color@7.2.08.1.1(transitive)
- Removedto-regex-range@5.0.1(transitive)
- Removedtype-detect@4.0.84.1.0(transitive)
- Removedworkerpool@6.5.1(transitive)
- Removedwrap-ansi@7.0.0(transitive)
- Removedwrappy@1.0.2(transitive)
- Removedy18n@5.0.8(transitive)
- Removedyargs@16.2.0(transitive)
- Removedyargs-parser@20.2.9(transitive)
- Removedyargs-unparser@2.0.0(transitive)
- Removedyocto-queue@0.1.0(transitive)