express-user - npm Package Compare versions

Comparing version 0.0.1-alpha.7 to 0.0.1-alpha.8

126

example/Example.js

		@@ -15,2 +15,5 @@ //Copyright (c) 2015 Eric Vallee <eric_vallee2003@yahoo.ca>

		var ExpressBruteAPI = require('express-brute');
		var BruteStoreAPI = require('express-brute-mongo');

		var ExpressUser = require('../lib/ExpressUser');
		@@ -23,2 +26,4 @@
		var SessionStoreOptions = {'TimeToLive': 300, 'IndexSessionID': true, 'DeleteFlags': true};
		var Wait = 256060*1000;
		var ExpressBruteOptions = {'freeRetries': 10, 'minWait': Wait, 'maxWait': Wait, 'lifetime': 60*60, 'refreshTimeoutOnRequest': false};
		var StaticPath = Path.resolve(__dirname, 'Static');
		@@ -28,66 +33,71 @@ var Index = Path.resolve(Path.resolve(__dirname, "Views"), "Index.html");
		MongoDB.MongoClient.connect("mongodb://localhost:27017/"+RandomIdentifier, {native_parser:true}, function(Err, DB) {
		UserStoreAPI(DB, {'Email': {'Unique': 1, 'NotNull': 1}, 'Username': {'Unique': 1, 'NotNull': 1}, 'Password': {'NotNull': 1}}, function(Err, UserStore) {
		SessionStoreAPI(DB, function(Err, SessionStore) {

		App.use(Session({
		'secret': 'qwerty!',
		'resave': true,
		'saveUninitialized': true,
		'store': SessionStore
		}));

		App.use('/Static', Express.static(StaticPath));
		App.use(BodyParser.json());

		var UserRouter = ExpressUser(UserStore, {'Validator': ExpressUserLocal()});
		App.use(ExpressUser.SessionRoute(UserStore, '_id'));
		App.use(UserRouter);

		//Obviously for testing purposes, never put this in a production environment without rock-solid access control
		App.post('/User/Self/Memberships/Admin', function(Req, Res, Next) {
		if(Req.session.User)
		{
		UserStore.AddMembership({'Email': Req.session.User.Email}, 'Admin', function(Err, Result) {
		if(Err)
		{
		Next(Err);
		}
		else
		{
		if(Result>0)
		DB.createCollection('PasswordAccess', {'w': 1}, function(Err, BruteCollection) {
		var BruteStore = new BruteStoreAPI(function (Ready) {Ready(BruteCollection)});
		var ExpressBrute = new ExpressBruteAPI(BruteStore, ExpressBruteOptions);
		var ExpressUserLocalOptions = {'BruteForceRoute': ExpressBrute.prevent};
		UserStoreAPI(DB, {'Email': {'Unique': 1, 'NotNull': 1}, 'Username': {'Unique': 1, 'NotNull': 1}, 'Password': {'NotNull': 1}}, function(Err, UserStore) {
		SessionStoreAPI(DB, function(Err, SessionStore) {

		App.use(Session({
		'secret': 'qwerty!',
		'resave': true,
		'saveUninitialized': true,
		'store': SessionStore
		}));

		App.use('/Static', Express.static(StaticPath));
		App.use(BodyParser.json());

		var UserRouter = ExpressUser(UserStore, {'Validator': ExpressUserLocal(ExpressUserLocalOptions)});
		App.use(ExpressUser.SessionRoute(UserStore, '_id'));
		App.use(UserRouter);

		//Obviously for testing purposes, never put this in a production environment without rock-solid access control
		App.post('/User/Self/Memberships/Admin', function(Req, Res, Next) {
		if(Req.session.User)
		{
		UserStore.AddMembership({'Email': Req.session.User.Email}, 'Admin', function(Err, Result) {
		if(Err)
		{
		Res.status(200).end();
		Next(Err);
		}
		else
		{
		Res.status(400).end();
		if(Result>0)
		{
		Res.status(200).end();
		}
		else
		{
		Res.status(400).end();
		}
		}
		}
		});
		}
		else
		{
		Res.status(400).end();
		}
		});

		//Probably another questionable one to put in a production environment for regular users
		App.get('/Session/Self/User', function(Req, Res, Next) {
		if(Req.session.User)
		{
		Res.json(Req.session.User);
		}
		else
		{
		Res.status(400).end();
		}
		});

		App.get('/', function(Req,Res) {
		Res.sendFile(Index);
		});

		Http.createServer(App).listen(8080);
		}, SessionStoreOptions);
		});
		}
		else
		{
		Res.status(400).end();
		}
		});

		//Probably another questionable one to put in a production environment for regular users
		App.get('/Session/Self/User', function(Req, Res, Next) {
		if(Req.session.User)
		{
		Res.json(Req.session.User);
		}
		else
		{
		Res.status(400).end();
		}
		});

		App.get('/', function(Req,Res) {
		Res.sendFile(Index);
		});

		Http.createServer(App).listen(8080);
		}, SessionStoreOptions);
		});
		});
		});

package.json

		{
		"name": "express-user",
		"version": "0.0.1-alpha.7",
		"version": "0.0.1-alpha.8",
		"description": "Ressource Oriented Express Middleware to Manage Users.",
		@@ -38,3 +38,5 @@ "keywords": [
		"mongodb": "~1.4.30",
		"express-user-local": "0.0.1-alpha.3"
		"express-user-local": "0.0.1-alpha.3",
		"express-brute": "~0.5.2",
		"express-brute-mongo": "~0.1.0"
		},
		@@ -41,0 +43,0 @@ "license": "MIT",

README.md

		@@ -15,3 +15,3 @@ Express-User

		- While I do not foresee that many architectural changes for this, I do not rule them out entirely as I integrate the following features in my web applications: email verification, csrf tokens, brute force mitigation for login, etc.
		- While I do not foresee that many architectural changes for this, I do not rule them out entirely as I integrate the following features in my web applications: email verification, csrf tokens, etc.

		@@ -221,1 +221,8 @@ Known Bug(s)
		- Added '/Users/:Field/:ID/Count/' consideration for validator security section of the doc.

		0.0.1-alpha.8
		-------------

		- Updated dev dependency of express-user-local to 0.0.1-alpha.4.
		- Added express-brute and express-brute-mongo to the dev dependencies
		- Augmented the example with brute-force mitigation

example/Example.js~

Sorry, the diff of this file is not supported yet

package.json~

Sorry, the diff of this file is not supported yet

README.md~

Sorry, the diff of this file is not supported yet

express-user - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics