Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
geddy-passport
Advanced tools
Geddy-Passport
Geddy provides built-in authentication which integrates with Passport to allow auth against either local accounts or third-party social services like Facebook and Twitter.
To set up a new Geddy app with built-in authentication, create your application
like normal, then run the geddy auth
command inside, like so:
$ geddy app by_tor
$ cd by_tor
$ geddy auth
This will pull down Geddy-Passport using NPM, and install all the needed code into your app. This includes the needed Passport libraries, and the Geddy models and controllers for the local User accounts and the login process.
The geddy auth
generator should only be used in a new Geddy app. If you
run it inside an existing app, it may overwrite existing files that you wanted
to keep.
If you need to add auth to an existing app, you can take a look at the Geddy-Passport project, which is itself a Geddy app scaffold, and use the pieces you need.
You'll need to add the settings for Passport in your app's environment.js file. That includes the redirect locations for after an auth failure or success, and the OAuth keys for your app. The setting will look something like this:
passport: {
successRedirect: '/'
, failureRedirect: '/login'
, twitter: {
consumerKey: 'XXXXXXX'
, consumerSecret: 'XXXXXXX'
}
, facebook: {
clientID: 'XXXXXXX'
, clientSecret: 'XXXXXXX'
}
}
Local User accounts just go through the usual RESTful actions you'd get in a normal Geddy resource. Start at "/users/add" to create a new User. You can modify "/app/models/user.js" to add any other properties you want.
A successful login with a third-party service like Facebook or Twitter will create a linked local User account if one does not exist.
After a user successfully authenticates, she will end up redirected to the
successRedirect
you've specified, and there will be two new items in the
user's session:
FAQs
Passport authentication for Geddy
We found that geddy-passport demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.