fastify-jwt - npm Package Compare versions

Comparing version 0.3.0 to 0.4.0

jwt.js

@@ -7,2 +7,6 @@ 'use strict'
 const steed = require('steed')
+const {
+  BadRequest,
+  Unauthorized
+} = require('http-errors')
 
@@ -125,7 +129,7 @@ function wrapStaticSecretInCallback (secret) {
         if (!/^Bearer$/i.test(scheme)) {
-          return next(new Error('Format is Authorization: Bearer [token]'))
+          return next(new BadRequest('Format is Authorization: Bearer [token]'))
         }
       }
     } else {
-      return next(new Error('No Authorization was found in request.headers'))
+      return next(new Unauthorized('No Authorization was found in request.headers'))
     }
@@ -132,0 +136,0 @@

package.json

 {
   "name": "fastify-jwt",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "JWT utils for Fastify",
@@ -30,11 +30,12 @@ "main": "jwt.js",
   "dependencies": {
-    "fastify-plugin": "^1.0.1",
-    "jsonwebtoken": "^8.2.0",
+    "fastify-plugin": "^1.2.0",
+    "http-errors": "^1.7.1",
+    "jsonwebtoken": "^8.3.0",
     "steed": "^1.1.3"
   },
   "devDependencies": {
-    "fastify": "^1.4.0",
-    "standard": "^11.0.1",
-    "tap": "^11.1.4"
+    "fastify": "^1.11.2",
+    "standard": "^12.0.1",
+    "tap": "^12.0.1"
   }
 }

README.md

 # fastify-jwt
 
-[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)  [![Build Status](https://travis-ci.org/fastify/fastify-jwt.svg?branch=master)](https://travis-ci.org/fastify/fastify-jwt)
+[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)  [![Build Status](https://travis-ci.org/fastify/fastify-jwt.svg?branch=master)](https://travis-ci.org/fastify/fastify-jwt) [![Greenkeeper badge](https://badges.greenkeeper.io/fastify/fastify-jwt.svg)](https://greenkeeper.io/)
 
@@ -32,2 +32,67 @@ JWT utils for Fastify, internally uses [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken).
 
+For verifying & accessing the decoded token inside your services, you can use a global `preHandler` hook to define the verification process like so:
+
+```js
+const fastify = require('fastify')
+fastify.register(require('fastify-jwt'), { 
+  secret: 'supersecret' 
+})
+
+fastify.addHook("preHandler", async (request, reply) => {
+  try {
+    await request.jwtVerify()
+  } catch (err) {
+    reply.send(err)
+  }
+})
+```
+
+Aftewards, just use `request.user` in order to retrieve the user information:
+
+```js
+module.exports = async function(fastify, opts) {
+  fastify.get("/", async function(request, reply) {
+    return request.user
+  })
+}
+```
+
+However, most of the time we want to protect only some of the routes in our application. To achieve this you can wrap your authentication logic into a plugin like
+
+```js
+const fp = require("fastify-plugin")
+
+module.exports = fp(async function(fastify, opts) {
+  fastify.register(require("fastify-jwt"), {
+    secret: "supersecret"
+  })
+
+  fastify.decorate("authenticate", async function(request, reply) {
+    try {
+      await request.jwtVerify()
+    } catch (err) {
+      reply.send(err)
+    }
+  })
+})
+```
+
+Then use the `beforeHandler` of a route to protect it & access the user information inside:
+
+```js
+module.exports = async function(fastify, opts) {
+  fastify.get(
+    "/",
+    {
+      beforeHandler: [fastify.authenticate]
+    },
+    async function(request, reply) {
+      return request.user
+    }
+  )
+}
+```
+
+Make sure that you also check [fastify-auth](https://github.com/fastify/fastify-auth) plugin for composing more complex strategies.
+
 ## API Spec
@@ -34,0 +99,0 @@

test.js

@@ -277,3 +277,3 @@ 'use strict'
       t.test('no authorization header error', function (t) {
-        t.plan(1)
+        t.plan(2)
 
@@ -286,2 +286,3 @@ fastify.inject({
           t.is(error.message, 'No Authorization was found in request.headers')
+          t.is(response.statusCode, 401)
         })
@@ -291,3 +292,3 @@ })
       t.test('authorization header format error', function (t) {
-        t.plan(1)
+        t.plan(2)
 
@@ -303,2 +304,3 @@ fastify.inject({
           t.is(error.message, 'Format is Authorization: Bearer [token]')
+          t.is(response.statusCode, 400)
         })
@@ -305,0 +307,0 @@ })

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

20294

increased by10.07%

Lines of code

386

increased by1.58%

Number of lines in readme file

218

increased by42.48%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Dependency count

4

increased by33.33%

Dependency changes

• + Addedhttp-errors@^1.7.1

• + Addeddepd@1.1.2(transitive)

• + Addedhttp-errors@1.8.1(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedsetprototypeof@1.2.0(transitive)

• + Addedstatuses@1.5.0(transitive)

• + Addedtoidentifier@1.0.1(transitive)

• Updatedfastify-plugin@^1.2.0

• Updatedjsonwebtoken@^8.3.0