Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
hapi-auth-bearer-simple
Advanced tools
hapi Bearer Token Authentication Scheme
If you have any problems and/or questions make a new issue.
If you want to contribute feel free to fork and add a pull request or again make an issue.
The plugin requires validating a token passed in by the bearer authorization header. The validation function is something you have to provide to the plugin.
Example:
var Hapi = require('hapi');
var server = new Hapi.Server('localhost', 8000);
server.pack.register(require('hapi-auth-bearer-simple'), function (err) {
if (err) throw err;
server.auth.strategy('basic', 'bearerAuth', {
validateFunction: validateFunction
});
// Add a standard route here as example
server.route({
method: 'GET',
path: '/',
handler: function (request, reply) {
reply({
success: true
});
},
config: {
auth: 'basic'
}
});
server.start(function () {
console.log('Server started at: ' + server.info.uri);
});
});
var validateFunction = function (token, callback) {
// Use a real strategy here to check if the token is valid
if (token === "123456789") {
callback(null, true, {
token: token
});
} else {
callback(null, false, {
token: token
});
}
};
validateFunc
- (required) a token lookup and validation function with the signature function (token, callback)
token
- the auth token received from the client.callback
- a callback function with the signature function (err, isValid, credentials)
where:
err
- any error.isValid
- true
if both the username was found and the password matched, otherwise false
.credentials
- an object passed back to the plugin and which will become available in the request
object as request.auth.credentials
. Normally credentials are only included when isValid
is true
. This object can be only the token as in the example but is preferably all the info you need from the authenticated userexposeRequest
- (optional / advanced) If set to true
the validateFunction
's signature will be function (token, request, callback)
. This can be usefull if you have plugins that expose certain functions/object to the request
object and you want to use them in your validateFunction
. Be aware that modifying the object is not recommended because this is the same object that you will use in the whole lifecycle. Also exposing functions/object to the resuest
object during the validation is not recommended. Follow the Hapi
standards whenever you can!You can chain strategies when you give no error
and isValid = true
but leave the credentials
empty
FAQs
Custom authentication plugin for Hapi using Bearer tokens
The npm package hapi-auth-bearer-simple receives a total of 98 weekly downloads. As such, hapi-auth-bearer-simple popularity was classified as not popular.
We found that hapi-auth-bearer-simple demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.