feathers-authentication - npm Package Compare versions

Comparing version 0.0.6 to 0.0.7

lib/hooks.js

 'use strict';
 
-function _typeof(obj) { return obj && typeof Symbol !== "undefined" && obj.constructor === Symbol ? "symbol" : typeof obj; }
+var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol ? "symbol" : typeof obj; };
 
-var bcrypt = require('bcrypt');
-var Errors = require('feathers').errors.types;
+var _bcrypt = require('bcrypt');
 
+var _bcrypt2 = _interopRequireDefault(_bcrypt);
+
+var _feathersErrors = require('feathers-errors');
+
+var _feathersErrors2 = _interopRequireDefault(_feathersErrors);
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
 /**
@@ -20,4 +27,4 @@ * A function that generates a feathers hook that replaces a password located
     var next = arguments[1];
-    bcrypt.genSalt(10, function (err, salt) {
-      bcrypt.hash(hook.data.password, salt, function (err, hash) {
+    _bcrypt2.default.genSalt(10, function (err, salt) {
+      _bcrypt2.default.hash(hook.data.password, salt, function (err, hash) {
         hook.data.password = hash;
@@ -32,4 +39,4 @@ return next();
       return function (hook, next) {
-        bcrypt.genSalt(10, function (err, salt) {
-          bcrypt.hash(hook.data[passwordField], salt, function (err, hash) {
+        _bcrypt2.default.genSalt(10, function (err, salt) {
+          _bcrypt2.default.hash(hook.data[passwordField], salt, function (err, hash) {
             hook.data[passwordField] = hash;
@@ -51,3 +58,3 @@ return next();
   if (!hook.params.user) {
-    return next(new Errors.NotAuthenticated('Please include a valid auth token in the Authorization header.'));
+    return next(new _feathersErrors2.default.NotAuthenticated('Please include a valid auth token in the Authorization header.'));
   } else {
@@ -126,3 +133,3 @@ return next(null, hook);
 exports.stop = function (hook, next) {
-  return next(new Errors.Forbidden('Safety check. We just stopped you from blowing things up.'));
+  return next(new _feathersErrors2.default.Forbidden('Safety check. We just stopped you from blowing things up.'));
 };
@@ -129,0 +136,0 @@

lib/index.js

@@ -25,21 +25,23 @@ 'use strict';
 
+    // Route for token refresh
+    app.post(settings.loginEndpoint + '/refresh', verifyToken, function (req, res) {
+      var data = req.authData;
+      delete data.password;
+      var token = _jsonwebtoken2.default.sign(data, settings.secret, settings.jwtOptions);
+      return res.json({
+        token: token,
+        data: data
+      });
+    });
+
     // Add a route for passport login and token refresh.
-    app.post(settings.loginEndpoint, function (req, res, next) {
-      // If a non-expired token is passed, refresh it.
-      if (req.body.token) {
-        // TODO: Move token verification into its own middleware. See line ~96.
-        _jsonwebtoken2.default.verify(req.body.token, settings.secret, function (err, data) {
-          if (err) {
-            // Return a 401 Unauthorized if the token has expired.
-            if (err.name === 'TokenExpiredError') {
-              return res.status(401).json(err);
-            }
-            return next(err);
-          }
-          delete data.password;
-          var token = _jsonwebtoken2.default.sign(data, settings.secret, settings.jwtOptions);
-          return res.json({
-            token: token,
-            data: data
-          });
+    app.post(settings.loginEndpoint, verifyToken, function (req, res, next) {
+      // Non-expired token was passed in and refreshed
+      if (req.authData) {
+        var data = req.authData;
+        delete req.authData.password;
+        var token = _jsonwebtoken2.default.sign(req.authData, settings.secret, settings.jwtOptions);
+        return res.json({
+          token: token,
+          data: data
         });
@@ -56,2 +58,3 @@
             if (user) {
+              user = !user.toJSON ? user : user.toJSON();
               delete user.password;
@@ -127,14 +130,25 @@ var token = _jsonwebtoken2.default.sign(user, settings.secret, settings.jwtOptions);
         io.use(function (socket, next) {
+
           // If there's a token in place, decode it and set up the feathers.user
-          checkToken(socket.handshake.query.token, socket, next);
-          socket.on('authenticate', function (data) {
-            checkToken(data.token, socket, function (err, data) {
-              delete data.password;
-              if (data) {
-                socket.emit('authenticated', data);
-              }
+          checkToken(socket.handshake.query.token, socket, function (err, data) {
+            if (err) {
+              return next(err);
+            }
+
+            // If no token was passed, still allow the websocket. Service hooks can take care of Auth.
+            if (data === true) {
+              return next(null, true);
+            }
+
+            socket.on('authenticate', function (data) {
+              checkToken(data.token, socket, function (err, data) {
+                delete data.password;
+                if (data) {
+                  socket.emit('authenticated', data);
+                }
+              });
             });
+
+            return next(null, data);
           });
-          // If no token was passed, still allow the websocket. Service hooks can take care of Auth.
-          return next(null, true);
         });
@@ -154,2 +168,19 @@ }
   };
+  function verifyToken(req, res, next) {
+    if (req.body.token) {
+      _jsonwebtoken2.default.verify(req.body.token, settings.secret, function (err, data) {
+        if (err) {
+          // Return a 401 Unauthorized if the token has expired.
+          if (err.name === 'TokenExpiredError') {
+            return res.status(401).json(err);
+          }
+          return next(err);
+        }
+        req.authData = data;
+        next();
+      });
+    } else {
+      next();
+    }
+  }
 };
@@ -156,0 +187,0 @@

package.json

 {
   "name": "feathers-authentication",
   "description": "Add Authentication to your FeathersJS app.",
-  "version": "0.0.6",
+  "version": "0.0.7",
   "homepage": "https://github.com/feathersjs/feathers-authentication",
@@ -46,2 +46,3 @@ "main": "lib/",
     "debug": "^2.2.0",
+    "feathers-errors": "^1.1.5",
     "feathers-hooks": "^0.4.0",
@@ -48,0 +49,0 @@ "jsonwebtoken": "^5.4.0",

README.md

@@ -29,3 +29,3 @@ # feathers-authentication
   }))
-  .use('/api/users', mongooseService({
+  .use('/api/users', new mongooseService('user', {
     schema: {
@@ -32,0 +32,0 @@ email: {type: String, required: true, unique: true },

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

28156

increased by4.34%

Lines of code

451

increased by6.87%

Worsened metrics

Dependency count

8

increased by14.29%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedfeathers-errors@^1.1.5

• + Addedcall-bind-apply-helpers@1.0.2(transitive)

• + Addedfeathers-errors@1.2.4(transitive)

• - Removedcall-bind-apply-helpers@1.0.1(transitive)