hawk - npm Package Compare versions

Comparing version 7.0.10 to 7.1.0

lib/browser.js

 'use strict';
 
-/*
-    HTTP Hawk Authentication Scheme
-    Copyright (c) 2012-2017, Eran Hammer <eran@hammer.io>
-    BSD Licensed
-*/
-
-
-// Declare namespace
-
 const hawk = {
@@ -257,6 +248,4 @@ internals: {}
         const serverAuthorization = getHeader('server-authorization');
-        if (!serverAuthorization &&
-            !options.required) {
-
-            return true;
+        if (!serverAuthorization) {
+            return !options.required;
         }
@@ -287,4 +276,4 @@
 
-        if (!options.payload &&
-            options.payload !== '') {
+        if (options.payload === null ||
+            options.payload === undefined) {
 
@@ -291,0 +280,0 @@ return true;

lib/client.js

 'use strict';
 
-// Load modules
-
 const Url = require('url');
 
-const B64 = require('b64');
-const Boom = require('boom');
-const Hoek = require('hoek');
+const B64 = require('@hapi/b64');
+const Boom = require('@hapi/boom');
+const Cryptiles = require('@hapi/cryptiles');
+const Hoek = require('@hapi/hoek');
 
-const Cryptiles = require('cryptiles');
 const Crypto = require('./crypto');
@@ -16,4 +14,2 @@ const Utils = require('./utils');
 
-// Declare internals
-
 const internals = {};
@@ -175,4 +171,6 @@
 
-    if (!res.headers['server-authorization'] &&
-        !options.required) {
+    if (!res.headers['server-authorization']) {
+        if (options.required) {
+            throw new Boom('Missing Server-Authorization header', { decorate: result });
+        }
 
@@ -199,4 +197,4 @@ return result;
 
-    if (!options.payload &&
-        options.payload !== '') {
+    if (options.payload === null ||
+        options.payload === undefined) {
 
@@ -203,0 +201,0 @@ return result;

lib/crypto.js

 'use strict';
 
-// Load modules
-
 const Crypto = require('crypto');
@@ -11,4 +9,2 @@ const Url = require('url');
 
-// Declare internals
-
 const internals = {};
@@ -15,0 +11,0 @@

lib/index.js

 'use strict';
 
-// Export sub-modules
 
-exports.sntp = require('sntp');
+exports.sntp = require('@hapi/sntp');
 
@@ -15,2 +14,3 @@ exports.server = require('./server');
 
+exports.plugin = require('./plugin');
 
@@ -17,0 +17,0 @@ exports.uri = {

lib/server.js

 'use strict';
 
-// Load modules
+const B64 = require('@hapi/b64');
+const Boom = require('@hapi/boom');
+const Cryptiles = require('@hapi/cryptiles');
+const Hoek = require('@hapi/hoek');
 
-const B64 = require('b64');
-const Boom = require('boom');
-const Cryptiles = require('cryptiles');
-const Hoek = require('hoek');
-
 const Crypto = require('./crypto');
@@ -14,4 +12,2 @@ const Utils = require('./utils');
 
-// Declare internals
-
 const internals = {};
@@ -215,3 +211,3 @@
 
-    Return value: { credentials, artifacts } or throws an error.
+    Return value: void or throws an error.
 */
@@ -234,3 +230,3 @@
 
-    Return value: { artifacts } or throws an error.
+    Return value: void or throws an error.
 */
@@ -237,0 +233,0 @@

lib/utils.js

 'use strict';
 
-// Load modules
+const Boom = require('@hapi/boom');
+const Sntp = require('@hapi/sntp');
 
-const Boom = require('boom');
-const Sntp = require('sntp');
 
-
-// Declare internals
-
 const internals = {};
@@ -12,0 +8,0 @@

package.json

 {
   "name": "hawk",
   "description": "HTTP Hawk Authentication Scheme",
-  "version": "7.0.10",
-  "repository": "git://github.com/hueniverse/hawk",
+  "version": "7.1.0",
+  "repository": "git://github.com/hapijs/hawk",
   "main": "lib/index.js",
-  "browser": "dist/browser.js",
   "keywords": [
@@ -15,22 +14,18 @@ "http",
   "dependencies": {
-    "hoek": "6.x.x",
-    "b64": "4.x.x",
-    "boom": "7.x.x",
-    "cryptiles": "4.x.x",
-    "sntp": "3.x.x"
+    "@hapi/hoek": "6.x.x",
+    "@hapi/b64": "4.x.x",
+    "@hapi/boom": "7.x.x",
+    "@hapi/cryptiles": "4.x.x",
+    "@hapi/sntp": "3.x.x"
   },
   "devDependencies": {
-    "babel-cli": "^6.26.0",
-    "babel-preset-env": "^1.6.1",
-    "babel-preset-minify": "^0.3.0",
-    "code": "5.x.x",
-    "lab": "17.x.x"
+    "@hapi/code": "5.x.x",
+    "@hapi/hapi": "18.x.x",
+    "@hapi/lab": "18.x.x"
   },
   "scripts": {
-    "build-client": "mkdir -p dist; babel lib/browser.js --out-file dist/browser.js",
-    "prepare": "npm run-script build-client",
-    "test": "lab -a code -t 100 -L",
-    "test-cov-html": "lab -a code -r html -o coverage.html"
+    "test": "lab -a @hapi/code -t 100 -L",
+    "test-cov-html": "lab -a @hapi/code -r html -o coverage.html"
   },
   "license": "BSD-3-Clause"
 }

README.md

@@ -1,11 +0,11 @@
-![hawk Logo](https://raw.github.com/hueniverse/hawk/master/images/hawk.png)
+<a href="http://hapijs.com"><img src="https://github.com/hapijs/assets/blob/master/images/family.svg" width="180px" align="right" /></a>
 
+# hawk
+
 <img align="right" src="https://raw.github.com/hueniverse/hawk/master/images/logo.png" /> **Hawk** is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial
-HTTP request cryptographic verification. For more complex use cases such as access delegation, see [Oz](https://github.com/hueniverse/oz).
+HTTP request cryptographic verification.
 
-Current version: **7.x**
-
 Note: the protocol has not changed since version 1.1. The version increments reflect changes in the node API.
 
-[![Build Status](https://travis-ci.org/hueniverse/hawk.svg?branch=master)](https://travis-ci.org/hueniverse/hawk)
+[![Build Status](https://travis-ci.org/hapi/hawk.svg?branch=master)](https://travis-ci.org/hapi/hawk)
 
@@ -21,2 +21,3 @@ # Table of Content
   - [Browser Support and Considerations](#browser-support-and-considerations)
+  - [hapi Plugin](#hapi-plugin)
 - [**Single URI Authorization**](#single-uri-authorization)
@@ -102,5 +103,5 @@ - [Usage Example](#bewit-usage-example)
 
-```javascript
+```js
 const Http = require('http');
-const Hawk = require('hawk');
+const Hawk = require('@hapi/hawk');
 
@@ -125,9 +126,17 @@
 
+    let payload, status;
+    
     // Authenticate incoming request
+    
+    try {
+        const { credentials, artifacts } = await Hawk.server.authenticate(req, credentialsFunc);
+        payload = `Hello ${credentials.user} ${artifacts.ext}`;
+        status = 200;
+    } catch (error) {
+        payload = 'Shoosh!';
+        status = 401;
+    }
 
-    const { credentials, artifacts } = await Hawk.server.authenticate(req, credentialsFunc);
-
     // Prepare response
 
-    const payload = (!err ? `Hello ${credentials.user} ${artifacts.ext}` : 'Shoosh!');
     const headers = { 'Content-Type': 'text/plain' };
@@ -142,3 +151,3 @@
 
-    res.writeHead(!err ? 200 : 401, headers);
+    res.writeHead(status, headers);
     res.end(payload);
@@ -154,5 +163,5 @@ };
 
-```javascript
+```js
 const Request = require('request');
-const Hawk = require('hawk');
+const Hawk = require('@hapi/hawk');
 
@@ -198,3 +207,3 @@
 
-```javascript
+```js
 Hawk.sntp.start();
@@ -303,3 +312,3 @@ ```
 POST
-/resource/1?a=1&b=2
+/resource/1?b=1&a=2
 example.com
@@ -316,3 +325,3 @@ 8000
 ```
-POST /resource/1?a=1&b=2 HTTP/1.1
+POST /resource/1?b=1&a=2 HTTP/1.1
 Host: example.com:8000
@@ -369,2 +378,146 @@ Authorization: Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", hash="Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=", ext="some-app-ext-data", mac="aSe1DERmZuRl3pI36/9BdZmnErTw3sNzOOAUlfeKjVw="
 
+## hapi Plugin
+
+**hawk** includes an authentication plugin for **hapi** which registers two authentication schemes.
+
+### hawk Strategy
+
+The scheme supports payload authentication. The scheme requires the following options:
+
+- `getCredentialsFunc` - credential lookup function with the signature `[async] function(id)` where:
+    - `id` - the Hawk credentials identifier.
+    - _throws_ an internal error.
+    - _returns_ `{ credentials }` object where:
+        - `credentials` a credentials object passed back to the application in `request.auth.credentials`. Set to be `null` or `undefined` to
+          indicate unknown credentials (which is not considered an error state).
+- `hawk` - optional protocol options passed to `Hawk.server.authenticate()`.
+
+```js
+const Hapi = require('@hapi/hapi');
+const Hawk = require('@hapi/hawk');
+
+const credentials = {
+    d74s3nz2873n: {
+        key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
+        algorithm: 'sha256'
+    }
+};
+
+const getCredentialsFunc = function (id) {
+
+    return credentials[id];
+};
+
+const start = async () => {
+
+    const server = Hapi.server({ port: 4000 });
+
+    await server.register(Hawk);
+
+    server.auth.strategy('default', 'hawk', { getCredentialsFunc });
+    server.auth.default('default');
+
+    server.route({
+        method: 'GET',
+        path: '/',
+        handler: function (request, h) {
+
+            return 'welcome';
+        }
+    });
+
+    await server.start();
+
+    console.log('Server started listening on %s', server.info.uri);
+};
+
+start();
+
+// Ensure process exits on unhandled rejection
+
+process.on('unhandledRejection', (err) => {
+
+    throw err;
+});
+
+```
+
+### bewit Strategy
+
+The scheme can only be used with 'GET' requests and requires the following options:
+
+- `getCredentialsFunc` - credential lookup function with the signature `async function(id)` where:
+    - `id` - the Hawk credentials identifier.
+    - _throws_ an internal error.
+    - _returns_ `{ credentials }` object where:
+        - `credentials` a credentials object passed back to the application in `request.auth.credentials`. Set to be `null` or `undefined` to
+      indicate unknown credentials (which is not considered an error state).
+- `hawk` - optional protocol options passed to `Hawk.server.authenticateBewit()`.
+
+```js
+const Hapi = require('@hapi/hapi');
+const Hawk = require('@hapi/hawk');
+
+const credentials = {
+    d74s3nz2873n: {
+        key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
+        algorithm: 'sha256'
+    }
+};
+
+const getCredentialsFunc = function (id) {
+
+    return credentials[id];
+};
+
+const start = async () => {
+
+    const server = Hapi.server({ port: 4000 });
+
+    await server.register(Hawk);
+
+    server.auth.strategy('default', 'bewit', { getCredentialsFunc });
+    server.auth.default('default');
+
+    server.route({
+        method: 'GET',
+        path: '/',
+        handler: function (request, h) {
+
+            return 'welcome';
+        }
+    });
+
+    await server.start();
+
+    console.log('Server started listening on %s', server.info.uri);
+};
+
+start();
+
+// Ensure process exits on unhandled rejection
+
+process.on('unhandledRejection', (err) => {
+
+    throw err;
+});
+```
+
+To send an authenticated Bewit request, the URI must contain the `'bewit'` query parameter which can be generated using the Hawk module:
+
+```js
+const Hawk = require('@hapi/hawk');
+
+const credentials = {
+    id: 'd74s3nz2873n',
+    key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
+    algorithm: 'sha256'
+};
+
+let uri = 'http://example.com:8080/endpoint';
+const bewit = Hawk.client.getBewit(uri, { credentials: credentials, ttlSec: 60 });
+uri += '?bewit=' + bewit;
+```
+
+
 # Single URI Authorization
@@ -389,5 +542,5 @@
 
-```javascript
+```js
 const Http = require('http');
-const Hawk = require('hawk');
+const Hawk = require('@hapi/hawk');
 
@@ -427,5 +580,4 @@
 
-```javascript
-const Request = require('request');
-const Hawk = require('hawk');
+```js
+const Hawk = require('@hapi/hawk');
 
@@ -432,0 +584,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

3

decreased by-40%

Lines of code

1432

increased by1.7%

Number of medium maintenance alerts

0

decreased by-100%

Number of lines in readme file

791

increased by23.79%

Worsened metrics

Total package byte prevSize

104306

decreased by-5.99%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Added@hapi/b64@4.x.x

• + Added@hapi/boom@7.x.x

• + Added@hapi/cryptiles@4.x.x

• + Added@hapi/hoek@6.x.x

• + Added@hapi/sntp@3.x.x

• + Added@hapi/b64@4.2.1(transitive)

• + Added@hapi/boom@7.4.11(transitive)

• + Added@hapi/bounce@1.3.2(transitive)

• + Added@hapi/cryptiles@4.2.1(transitive)

• + Added@hapi/hoek@6.2.48.5.1(transitive)

• + Added@hapi/sntp@3.1.2(transitive)

• + Added@hapi/teamwork@3.3.1(transitive)

• - Removedb64@4.x.x

• - Removedboom@7.x.x

• - Removedcryptiles@4.x.x

• - Removedhoek@6.x.x

• - Removedsntp@3.x.x

• - Removedb64@4.1.2(transitive)

• - Removedboom@7.3.0(transitive)

• - Removedbounce@1.2.3(transitive)

• - Removedcryptiles@4.1.3(transitive)

• - Removedhoek@6.1.3(transitive)

• - Removedsntp@3.0.2(transitive)

• - Removedteamwork@3.2.0(transitive)