Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
hapi_welding
Advanced tools
A hapi and primus plugin which extends primus' spark with a `getSession(cb)` method which returns the current hapi session object.
A hapi and primus plugin which extends primus' spark with a getSession(cb)
method which returns the current hapi session object.
Typically primus binds to the same http server as hapi, but listens for it's own specific requests for setting up the websockets. These requests aren't routed through the hapi stack, so it won't have the session object added to the request object, which is needed if you want to check user session/auth information from within a primus connection/request.
This plugin extends both hapi and primus to allow you access to the session from within a primus request.
Install it from npm: npm install hapi_primus_sessions --save
.
Require in your hapi server pack as with any hapi plugin:
var Hapi = require('hapi');
var server = new Hapi.Server('localhost', 3030);
var Primus = require('primus');
vae primus = new Primus(server.listener, { transformer: 'socket.io' });
server.pack.require({
hapi_primus_sessions: { primus: primus, server: server }
},
function pluginsCallback (err) {
if (err) throw err;
});
primus.on('connection', function (spark) {
spark.getSession(function (err, session) {
if (err) throw err;
// You can now use the session object as if you were within hapi
var user = session.user;
var loggedIn = session._isAuthenticated(); //if using travelogue
// ... etc
});
});
The hapi plugin will register the primus half of the plugin with primus for you.
The hapi plugin takes a number of options:
primus
[required] - a primus instanceserver
[required] - the hapi server instancedebug
[optional, default=false] - whether to log debug messageslogger
[optional, default=console] - where to log debug messages, anything with a log
method will workroutePath
[optional, default='/hapi-primus-sesssions/write-session'] - the internal route url created to share sessions. You should only need to change this if you want to use that "prime piece of real-estate" path within your own app.spark.getSession(cb)
A getSession
method is added to every primus spark object. It accepts a callback with the signature: function (err, session)
.
Session is the session object direct from hapi, so you can use it to auth/lookup the current user/etc as if you were within the hapi stack.
Don't ask.
Ok, really?
You sure?
Ok, fine. The spark object in primus is a partial request object, all it really has access to is the raw HTTP headers. But these are typically encrypted and decrypted deep in the bowels of hapi, so they aren't much use outside of the hapi stack.
Hapi doesn't expose any methods to retrieve a session, so we have to get funky. The plugin creates a fake http request and response object, which it emits from the http server that hapi is listening to, pointed at a custom route we inject into hapi. We add the encrypted headers from the primus spark to the request object, and a custom writeSession
method to the response object which is scoped within the primus spark object.
Hapi happily takes the fake request, decodes the session information, and passes it all along to our custom hapi route handler, along with our fake response object. Our hapi handler then calls our custom writeSession
method on the fake response object passing the session object, and writeSession
passes it back into the scope of the spark.
MIT
Philip Roberts with much help from Michael Garvin and Nathan LaFreniere. All &yetis.
FAQs
## License
The npm package hapi_welding receives a total of 8 weekly downloads. As such, hapi_welding popularity was classified as not popular.
We found that hapi_welding demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.