hapi-auth-ownership
Advanced tools
Simple authentication scheme to verify resource ownership. Clients must pass the validation rule assigned to a route to be able to access it. The ownership-access scheme takes the following options:
rules - (required) an object with rules; each rule is a function with the signature function(request, credentials, callback) where:
request - is the Hapi request object of the request which is being authenticatedcredentials - the credentials object, taken from request.auth.credentialscallback - a callback function with the signature function(err, isValid, credentials) where:
err - an internal errorisValid - true if the client is granted accesscredentials - a credentials object passed back to the application in request.auth.credentials; if you do not include this,
the plugin will pass the previous credentials back to HapierrorMessage - (optional) the error message that will be sent on invalid requests; set to You do not have access to this resource by defaultcompanionStrategy - (required) the strategy that will be used to retrieve credentials; this is required because ownership checks require a credentials objectvar users = {
john: {
id: '123',
username: 'john',
password: 'secret'
}
};
var validate = function(request, username, password, callback) {
var user = users[username];
if (!user) {
return callback(null, false);
}
callback(null, password === user.password, user);
};
server.register(require('hapi-auth-basic'), function(err) {
server.auth.strategy('simple', 'basic', { validateFunc: validate }); // [1]
server.register(require('hapi-auth-ownership'), function (err) {
server.auth.strategy('ownership', 'ownership-access', {
rules: {
account: function(request, credentials, callback) {
callback(null, request.params.id === credentials.account.id); // [2]
}
},
errorMessage: 'OOPS!', // [3]
companionStrategy: 'simple' // [4]
});
server.route({
method: 'DELETE',
path: '/account/{id}',
config: {
plugins: {
hapiAuthOwnership: {
ownershipRule: 'account' // [5]
}
}
}
});
});
});
options.rules object. If you don't specify an ownershipRule the request will be validated => the client has access.FAQs
Ownership-based access control for your routes.
The npm package hapi-auth-ownership receives a total of 12 weekly downloads. As such, hapi-auth-ownership popularity was classified as not popular.
We found that hapi-auth-ownership demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.