New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
feathers-authentication
Advanced tools
feathers-authentication - npm Package Compare versions
Comparing version 1.2.2 to 1.2.3
@@ -16,3 +16,4 @@ # Migrating to 1.0 | ||
| - [feathers-authentication-oauth2](https://github.com/feathersjs/feathers-authentication-oauth2) | ||
| - [feathers-permissions](https://github.com/feathersjs/feathers-permissions) | ||
| - [feathers-authentication-hooks](https://github.com/feathersjs/feathers-authentication-hooks) | ||
| - [feathers-permissions](https://github.com/feathersjs/feathers-permissions) **(experimental)** | ||
@@ -160,2 +161,4 @@ For most of you, migrating your app should be fairly straight forward as there are only a couple breaking changes to the public interface. | ||
| You can use `feathers-authentication-compatibility` on the server to keep the old client functional, this helps to migrate large scale deployments where you can not update all clients/api consumers before migrating to `>=1.0.0` Check https://www.npmjs.com/package/feathers-authentication-compatibility for more information. | ||
| **The Old Way (< v0.8.0)** | ||
@@ -203,3 +206,3 @@ | ||
| app.set('user', user); | ||
| console.log('User', client.get('user')); | ||
| console.log('User', app.get('user')); | ||
| // Do whatever you want now | ||
@@ -342,11 +345,7 @@ }) | ||
| const local = require('feathers-authentication-local'); | ||
| const permissions = require('feathers-permissions'); | ||
| const { | ||
| queryWithCurrentUser, | ||
| restrictToOwner | ||
| } = require('feathers-authentication-hooks'); | ||
| const myCustomQueryWithCurrentUser = function(options ={}) { | ||
| return function(hook) { | ||
| hook.params.query.userId = hook.params.user._id; | ||
| return Promise.resolve(hook); | ||
| }; | ||
| }; | ||
| exports.before = { | ||
@@ -356,10 +355,7 @@ all: [], | ||
| auth.hooks.authenticate('jwt'), | ||
| permissions.hooks.checkPermissions({ service: 'users' }), | ||
| permissions.hooks.isPermitted(), | ||
| myCustomQueryWithCurrentUser() // instead of auth.queryWithCurrentUser() | ||
| queryWithCurrentUser() | ||
| ], | ||
| get: [ | ||
| auth.hooks.authenticate('jwt'), | ||
| permissions.hooks.checkPermissions({ service: 'users' }), | ||
| permissions.hooks.isPermitted() | ||
| restrictToOwner({ ownerField: '_id' }) | ||
| ], | ||
@@ -371,4 +367,3 @@ create: [ | ||
| auth.hooks.authenticate('jwt'), | ||
| permissions.hooks.checkPermissions({ service: 'users' }), | ||
| permissions.hooks.isPermitted(), | ||
| restrictToOwner({ ownerField: '_id' }), | ||
| local.hooks.hashPassword() | ||
@@ -378,4 +373,3 @@ ], | ||
| auth.hooks.authenticate('jwt'), | ||
| permissions.hooks.checkPermissions({ service: 'users' }), | ||
| permissions.hooks.isPermitted(), | ||
| restrictToOwner({ ownerField: '_id' }), | ||
| local.hooks.hashPassword() | ||
@@ -382,0 +376,0 @@ ], |
@@ -44,70 +44,2 @@ # New 1.0 Features | ||
| ## Better Permissions Control | ||
| We have introduced 3 new hooks and 2 new middleware as part of [feathers-permissions](https://github.com/feathersjs.com) that give you much more flexibility and control over access permissions than was previously possible. Permissions are stored in the database on the entity record that needs to have access permissions checked (typically a user). They look like this: | ||
| ```js | ||
| [ | ||
| '*', // all services, all methods, all docs | ||
| 'users:*', // all methods on users service | ||
| 'users:remove:*', // can remove any user | ||
| '*:remove', // can remove on any service | ||
| 'users:remove:1234', // can only remove user with id 1234 | ||
| 'users:*:1234' // can call any service method for user with id 1234 | ||
| ] | ||
| ``` | ||
| you use your hooks like this: | ||
| ```js | ||
| const permissions = require('feathers-permissions'); | ||
| userService.hooks({ | ||
| before: { | ||
| all: [ | ||
| permissions.hooks.checkPermissions({service: 'users', on: 'user', field: 'permissions'}), | ||
| permissions.hooks.isPermitted() | ||
| ] | ||
| } | ||
| }); | ||
| userService.hooks({ | ||
| after: { | ||
| create: [ | ||
| permissions.hooks.setPermissions({permissions: ['users:*:[id]'], field: 'permissions'}) | ||
| ] | ||
| } | ||
| }); | ||
| ``` | ||
| and the middleware like this: | ||
| ```js | ||
| const permissions = require('feathers-permissions'); | ||
| const requiredPermissions = ['users:*', 'admin']; // whatever permissions you want | ||
| app.get( | ||
| '/protected', | ||
| permissions.express.checkPermissions({ | ||
| on: 'user', | ||
| field: 'permissions', | ||
| permissions: requiredPermissions | ||
| }), | ||
| permissions.express.isPermitted, | ||
| (req, res, next) => { | ||
| // Do your thing | ||
| } | ||
| ); | ||
| ``` | ||
| By default this new hook and new middleware assume you are storing your permissions on a `permissions` field either as an array of strings or a string with comma separated permissions. As always, you can customize the field you are storing your permissions under so you can still use the old role based system by doing this: | ||
| ```js | ||
| const auth = require('feathers-authentication').hooks; | ||
| userService.before({ | ||
| all: [ | ||
| auth.isAuthenticated(), | ||
| auth.checkPermissions({roles: ['admin'], on: 'user', field: 'role'}) | ||
| ] | ||
| }); | ||
| ``` | ||
| ## More Flexible Tokens | ||
@@ -114,0 +46,0 @@ |
@@ -18,2 +18,6 @@ 'use strict'; | ||
| var _longTimeout = require('long-timeout'); | ||
| var _longTimeout2 = _interopRequireDefault(_longTimeout); | ||
| function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } | ||
@@ -122,3 +126,3 @@ | ||
| logoutTimer = setTimeout(function () { | ||
| logoutTimer = _longTimeout2.default.setTimeout(function () { | ||
| debug('Token expired. Logging out.'); | ||
@@ -125,0 +129,0 @@ logout(); |
| { | ||
| "name": "feathers-authentication", | ||
| "description": "Add Authentication to your FeathersJS app.", | ||
| "version": "1.2.2", | ||
| "version": "1.2.3", | ||
| "homepage": "https://github.com/feathersjs/feathers-authentication", | ||
@@ -67,3 +67,4 @@ "main": "lib/", | ||
| "lodash.pick": "^4.4.0", | ||
| "ms": "^0.7.1", | ||
| "long-timeout": "^0.1.1", | ||
| "ms": "^1.0.0", | ||
| "passport": "^0.3.2" | ||
@@ -82,7 +83,7 @@ }, | ||
| "feathers-configuration": "^0.4.1", | ||
| "feathers-hooks": "^1.6.0", | ||
| "feathers-hooks": "^2.0.0", | ||
| "feathers-memory": "^1.0.0", | ||
| "feathers-primus": "^2.0.0", | ||
| "feathers-rest": "^1.5.0", | ||
| "feathers-socketio": "^1.3.2", | ||
| "feathers-socketio": "^2.0.0", | ||
| "istanbul": "^1.1.0-alpha.1", | ||
@@ -94,11 +95,11 @@ "jshint": "^2.9.3", | ||
| "passport-strategy": "^1.0.0", | ||
| "primus": "^6.0.5", | ||
| "primus": "^7.0.0", | ||
| "rimraf": "^2.5.4", | ||
| "sinon": "^1.17.6", | ||
| "sinon": "^2.1.0", | ||
| "sinon-chai": "^2.8.0", | ||
| "semistandard": "^9.1.0", | ||
| "socket.io-client": "^1.4.8", | ||
| "semistandard": "^11.0.0", | ||
| "socket.io-client": "^2.0.0", | ||
| "superagent": "^3.0.0", | ||
| "ws": "^1.1.1" | ||
| "ws": "^2.2.3" | ||
| } | ||
| } |
| # feathers-authentication | ||
| [](https://greenkeeper.io/) | ||
| [](https://travis-ci.org/feathersjs/feathers-authentication) | ||
@@ -4,0 +6,0 @@ [](https://codeclimate.com/github/feathersjs/feathers-authentication) |
Sorry, the diff of this file is too big to display
No alert changes
Improved metrics
- Total package byte prevSize
- increased by123.58%
310129
- Number of package files
- increased by18.75%
38
- Lines of code
- increased by0.18%
1136
- Number of lines in readme file
- increased by0.93%
218
Worsened metrics
- Dependency count
- increased by9.09%
12
Dependency changes
+ Addedlong-timeout@^0.1.1
+ Addedlong-timeout@0.1.1(transitive)
+ Addedms@1.0.0(transitive)
- Removedms@0.7.3(transitive)
Updatedms@^1.0.0