Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

heroku-bouncer

Package Overview
Dependencies
Maintainers
1
Versions
13
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

heroku-bouncer

heroku bouncer middleware for express

  • 3.1.2
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
1
decreased by-75%
Maintainers
1
Weekly downloads
 
Created
Source

node-heroku-bouncer Build Status

node-heroku-bouncer is an easy-to-use module for adding Heroku OAuth authentication to express 4 apps.

Install

$ npm install heroku-bouncer --save

Use

node-heroku-bouncer assumes you've already added cookie-parser and client-sessions middlewares to your app. To set it up, pass it your OAuth client ID and secret and another secret used to encrypt your user's OAuth session data.

Use the bouncer.middleware object to set up middleware that will ensure that your users are logged in (and redirect otherwise), and the bouncer.routes object to add the OAuth-specific routes to your app:

var express = require('express');
var app     = express();

app.use(require('cookie-parser')('your cookie secret'));
app.use(require('client-sessions')({
  cookieName    : 'session',
  secret        : 'your session secret',
  cookie        : {
    path     : '/',
    ephemeral: false,
    httpOnly : true
  }
}));

var bouncer = require('heroku-bouncer')({
  herokuOAuthID      : 'client-id',
  herokuOAuthSecret  : 'client-secret',
  herokuBouncerSecret: 'abcd1234abcd1234'
});

app.use(bouncer.middleware);
app.use(bouncer.router);

app.get('/', function(req, res) {
  res.end('you are clearly logged in!');
});

After requests pass through bouncer.middleware, they'll have a heroku-bouncer property on them:

{
  token: 'user-api-token',
  id   : 'user-id',
  name : 'user-name',
  email: 'user-email'
}

To log a user out, send them to /auth/heroku/logout.

Options

OptionsRequired?DefaultDescription
herokuOAuthIDYesn/aThe ID of your Heroku OAuth client
herokuOAuthSecretYesn/aThe secret of your Heroku OAuth client
herokuBouncerSecretYesn/aA random string used to encrypt your user session data
sessionSyncNonceNonullThe name of a nonce cookie to validate sessions against
ignoreRoutesNo[]An array of regular expressions to match routes to be ignored
herokuAuthURLNo"https://id.heroku.com"The location of the Heroku OAuth server
herokaiOnlyNofalseWhether or not to restrict the app to Herokai only
herokaiOnlyRedirectNo"https://www.heroku.com"Where to redirect non-Herokai to when using herokaiOnly

Test

$ npm test

FAQs

Package last updated on 14 Aug 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Tech's $90B Ghost Engineer Problem: Stanford Study Finds 9.5% of Engineers Do Almost Nothing

Security News

Tech's $90B Ghost Engineer Problem: Stanford Study Finds 9.5% of Engineers Do Almost Nothing

A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."

By Sarah Gooding  -  Nov 25, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc