keycloak-connect
Advanced tools
Comparing version 0.1.0 to 0.2.0
var Keycloak = require('keycloak-connect'); | ||
var hogan = require('hogan-express'); | ||
var express = require('express'); | ||
var session = require('express-session') | ||
var session = require('express-session'); | ||
@@ -10,3 +10,3 @@ var app = express(); | ||
app.set('view engine', 'html'); | ||
app.set('views', __dirname + '/view'); | ||
app.set('views', require('path').join(__dirname, '/view')); | ||
app.engine('html', hogan); | ||
@@ -19,10 +19,9 @@ | ||
app.use( session({ | ||
app.use(session({ | ||
secret: 'mySecret', | ||
resave: false, | ||
saveUninitialized: true, | ||
store: memoryStore, | ||
} )) | ||
store: memoryStore | ||
})); | ||
// Provide the session store to the Keycloak so that sessions | ||
@@ -47,27 +46,24 @@ // can be invalidated from the Keycloak console callback. | ||
app.use( keycloak.middleware( { | ||
app.use(keycloak.middleware({ | ||
logout: '/logout', | ||
admin: '/', | ||
} )); | ||
admin: '/' | ||
})); | ||
// A normal un-protected public URL. | ||
app.get( '/', function(req,res) { | ||
res.render('index'); | ||
} ) | ||
app.get('/', function (req, res) { | ||
res.render('index'); | ||
}); | ||
app.get('/login', keycloak.protect(), function(req, res) { | ||
app.get('/login', keycloak.protect(), function (req, res) { | ||
res.render('index', { | ||
result: JSON.stringify(JSON.parse(req.session['keycloak-token']), null, 4), | ||
event: "1. Authentication\n2. Login" | ||
event: '1. Authentication\n2. Login' | ||
}); | ||
}); | ||
var server = app.listen(3000, function () { | ||
var host = server.address().address | ||
var port = server.address().port | ||
console.log('Example app listening at http://%s:%s', host, port) | ||
}) | ||
var host = server.address().address; | ||
var port = server.address().port; | ||
console.log('Example app listening at http://%s:%s', host, port); | ||
}); |
{ | ||
"name": "nodejs-keycloak-example", | ||
"version": "0.0.17", | ||
"version": "0.1.0", | ||
"description": "Example page that demonstrates available keycloak functionality", | ||
@@ -12,3 +12,3 @@ "main": "index.js", | ||
"dependencies": { | ||
"keycloak-connect": "0.0.17", | ||
"keycloak-connect": "0.1.0", | ||
"hogan-express": "*", | ||
@@ -15,0 +15,0 @@ "express": "*", |
#Basic NodeJS Example | ||
======================== | ||
##Start and configure Keycloak | ||
---------------------------- | ||
@@ -13,4 +12,4 @@ ###Start Keycloak: | ||
Open the Keycloak admin console, click on Add Realm, click on 'Choose a JSON file', | ||
select nodejs-example-realm.json and click Upload. | ||
Open the Keycloak admin console, click on Add Realm, click on import 'Select file', | ||
select nodejs-example-realm.json and click Create. | ||
@@ -17,0 +16,0 @@ Link the HEAD code of keycloak-connect by running: |
166
index.js
@@ -0,25 +1,31 @@ | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
var Q = require('q'); | ||
var crypto = require('crypto'); | ||
var BearerStore = require('./stores/bearer-store'); | ||
var CookieStore = require('./stores/cookie-store'); | ||
var BearerStore = require('./stores/bearer-store'); | ||
var CookieStore = require('./stores/cookie-store'); | ||
var SessionStore = require('./stores/session-store'); | ||
var Config = require('keycloak-auth-utils').Config; | ||
var GrantManager = require('keycloak-auth-utils').GrantManager; | ||
var Config = require('keycloak-auth-utils').Config; | ||
var GrantManager = require('keycloak-auth-utils').GrantManager; | ||
var fs = require('fs'); | ||
var path = require('path'); | ||
var url = require('url'); | ||
var http = require('http'); | ||
var Setup = require('./middleware/setup'); | ||
var AdminLogout = require('./middleware/admin-logout'); | ||
var Logout = require('./middleware/logout'); | ||
var PostAuth = require('./middleware/post-auth'); | ||
var GrantAttacher = require('./middleware/grant-attacher'); | ||
var Protect = require('./middleware/protect'); | ||
var Setup = require('./middleware/setup'); | ||
var AdminLogout = require('./middleware/admin-logout'); | ||
var Logout = require('./middleware/logout'); | ||
var PostAuth = require('./middleware/post-auth' ); | ||
var GrantAttacher = require('./middleware/grant-attacher' ); | ||
var Protect = require('./middleware/protect'); | ||
/** | ||
@@ -53,23 +59,21 @@ * Instantiate a Keycloak. | ||
*/ | ||
function Keycloak(config, keycloakConfig) { | ||
function Keycloak (config, keycloakConfig) { | ||
// If keycloakConfig is null, Config() will search for `keycloak.json`. | ||
this.config = new Config(keycloakConfig); | ||
this.grantManager = new GrantManager( this.config ); | ||
this.grantManager = new GrantManager(this.config); | ||
this.stores = [ BearerStore ]; | ||
if ( config && config.store && config.cookies ) { | ||
throw new Error( "Either `store` or `cookies` may be set, but not both" ); | ||
if (config && config.store && config.cookies) { | ||
throw new Error('Either `store` or `cookies` may be set, but not both'); | ||
} | ||
if ( config && config.store ) { | ||
this.stores.push( new SessionStore( config.store ) ); | ||
} else if ( config && config.cookies ) { | ||
this.stores.push( CookieStore ); | ||
if (config && config.store) { | ||
this.stores.push(new SessionStore(config.store)); | ||
} else if (config && config.cookies) { | ||
this.stores.push(CookieStore); | ||
} | ||
} | ||
/** | ||
@@ -96,14 +100,17 @@ * Obtain an array of middleware for use in your application. | ||
*/ | ||
Keycloak.prototype.middleware = function(options) { | ||
Keycloak.prototype.middleware = function (options) { | ||
if (!options) { | ||
options = {logout: '', admin: ''}; | ||
} | ||
options.logout = options.logout || '/logout'; | ||
options.admin = options.admin || '/'; | ||
options.admin = options.admin || '/'; | ||
var middlewares = []; | ||
middlewares.push( Setup ); | ||
middlewares.push( PostAuth(this) ); | ||
middlewares.push( AdminLogout(this, options.admin) ); | ||
middlewares.push( GrantAttacher(this) ); | ||
middlewares.push( Logout(this, options.logout) ); | ||
middlewares.push(Setup); | ||
middlewares.push(PostAuth(this)); | ||
middlewares.push(AdminLogout(this, options.admin)); | ||
middlewares.push(GrantAttacher(this)); | ||
middlewares.push(Logout(this, options.logout)); | ||
@@ -172,4 +179,4 @@ return middlewares; | ||
*/ | ||
Keycloak.prototype.protect = function(spec) { | ||
return Protect( this, spec ); | ||
Keycloak.prototype.protect = function (spec) { | ||
return Protect(this, spec); | ||
}; | ||
@@ -194,3 +201,3 @@ | ||
*/ | ||
Keycloak.prototype.authenticated = function(request) { | ||
Keycloak.prototype.authenticated = function (request) { | ||
// no-op | ||
@@ -208,3 +215,3 @@ }; | ||
*/ | ||
Keycloak.prototype.deauthenticated = function(request) { | ||
Keycloak.prototype.deauthenticated = function (request) { | ||
// no-op | ||
@@ -224,15 +231,15 @@ }; | ||
*/ | ||
Keycloak.prototype.accessDenied = function(request, response) { | ||
response.status( 403 ); | ||
response.end( "Access denied" ); | ||
Keycloak.prototype.accessDenied = function (request, response) { | ||
response.status(403); | ||
response.end('Access denied'); | ||
}; | ||
/*! ignore */ | ||
Keycloak.prototype.getGrant = function(request, response) { | ||
Keycloak.prototype.getGrant = function (request, response) { | ||
var rawData; | ||
for ( var i = 0 ; i < this.stores.length ; ++i ) { | ||
rawData = this.stores[i].get( request ); | ||
if ( rawData ) { | ||
store = this.stores[i]; | ||
for (var i = 0; i < this.stores.length; ++i) { | ||
rawData = this.stores[i].get(request); | ||
if (rawData) { | ||
// store = this.stores[i]; | ||
break; | ||
@@ -243,13 +250,13 @@ } | ||
var grantData = rawData; | ||
if (typeof(grantData)==='string') { | ||
grantData = JSON.parse( grantData ); | ||
if (typeof (grantData) === 'string') { | ||
grantData = JSON.parse(grantData); | ||
} | ||
if ( grantData && ! grantData.error ) { | ||
var grant = this.grantManager.createGrant( JSON.stringify(grantData) ); | ||
if (grantData && !grantData.error) { | ||
var grant = this.grantManager.createGrant(JSON.stringify(grantData)); | ||
var self = this; | ||
return this.grantManager.ensureFreshness(grant) | ||
.then( function(grant) { | ||
self.storeGrant( grant, request, response ); | ||
.then(grant => { | ||
self.storeGrant(grant, request, response); | ||
return grant; | ||
@@ -259,7 +266,7 @@ }); | ||
return Q.reject(); | ||
return Promise.reject(); | ||
}; | ||
Keycloak.prototype.storeGrant = function(grant, request, response) { | ||
if ( this.stores.length < 2 ) { | ||
Keycloak.prototype.storeGrant = function (grant, request, response) { | ||
if (this.stores.length < 2) { | ||
// cannot store, bearer-only, this is weird | ||
@@ -269,3 +276,3 @@ return; | ||
this.stores[1].wrap( grant ); | ||
this.stores[1].wrap(grant); | ||
grant.store(request, response); | ||
@@ -275,4 +282,4 @@ return grant; | ||
Keycloak.prototype.unstoreGrant = function(sessionId) { | ||
if ( this.stores.length < 2 ) { | ||
Keycloak.prototype.unstoreGrant = function (sessionId) { | ||
if (this.stores.length < 2) { | ||
// cannot unstore, bearer-only, this is weird | ||
@@ -282,16 +289,16 @@ return; | ||
this.stores[1].clear( sessionId ); | ||
this.stores[1].clear(sessionId); | ||
}; | ||
Keycloak.prototype.getGrantFromCode = function(code, request, response) { | ||
if ( this.stores.length < 2 ) { | ||
Keycloak.prototype.getGrantFromCode = function (code, request, response) { | ||
if (this.stores.length < 2) { | ||
// bearer-only, cannot do this; | ||
throw new Error( "Cannot exchange code for grant in bearer-only mode" ); | ||
throw new Error('Cannot exchange code for grant in bearer-only mode'); | ||
} | ||
var sessionId = this.stores[1].getId( request ); | ||
var sessionId = request.session.id; | ||
var self = this; | ||
return this.grantManager.obtainFromCode( request, code, sessionId ) | ||
.then( function(grant) { | ||
return this.grantManager.obtainFromCode(request, code, sessionId) | ||
.then(function (grant) { | ||
self.storeGrant(grant, request, response); | ||
@@ -302,28 +309,25 @@ return grant; | ||
Keycloak.prototype.loginUrl = function(uuid, redirectUrl ) { | ||
Keycloak.prototype.loginUrl = function (uuid, redirectUrl) { | ||
return this.config.realmUrl + | ||
'/protocol/openid-connect/auth' + | ||
'?client_id=' + encodeURIComponent(this.config.clientId) + | ||
'&state=' + encodeURIComponent(uuid) + | ||
'&redirect_uri=' + encodeURIComponent(redirectUrl) + | ||
'&response_type=code'; | ||
'/protocol/openid-connect/auth' + | ||
'?client_id=' + encodeURIComponent(this.config.clientId) + | ||
'&state=' + encodeURIComponent(uuid) + | ||
'&redirect_uri=' + encodeURIComponent(redirectUrl) + | ||
'&response_type=code'; | ||
}; | ||
Keycloak.prototype.logoutUrl = function(redirectUrl) { | ||
Keycloak.prototype.logoutUrl = function (redirectUrl) { | ||
return this.config.realmUrl + | ||
'/protocol/openid-connect/logout' + | ||
'?redirect_uri=' + encodeURIComponent(redirectUrl); | ||
'/protocol/openid-connect/logout' + | ||
'?redirect_uri=' + encodeURIComponent(redirectUrl); | ||
}; | ||
Keycloak.prototype.accountUrl = function() { | ||
Keycloak.prototype.accountUrl = function () { | ||
return this.config.realmUrl + '/account'; | ||
}; | ||
Keycloak.prototype.getAccount = function(token) { | ||
Keycloak.prototype.getAccount = function (token) { | ||
return this.grantManager.getAccount(token); | ||
}; | ||
module.exports = Keycloak; |
@@ -1,4 +0,21 @@ | ||
function AdminLogout(keycloak, url) { | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
function AdminLogout (keycloak, url) { | ||
this._keycloak = keycloak; | ||
if ( url[ url.length - 1 ] != '/' ) { | ||
if (url[ url.length - 1 ] !== '/') { | ||
url += '/;'; | ||
@@ -9,10 +26,9 @@ } | ||
AdminLogout.prototype.getFunction = function() { | ||
AdminLogout.prototype.getFunction = function () { | ||
return this._adminLogout.bind(this); | ||
}; | ||
module.exports = function(keycloak, adminUrl) { | ||
var url = adminUrl; | ||
if ( url[ url.length - 1 ] != '/' ) { | ||
module.exports = function (keycloak, adminUrl) { | ||
let url = adminUrl; | ||
if (url[ url.length - 1 ] !== '/') { | ||
url = url + '/'; | ||
@@ -23,35 +39,34 @@ } | ||
return function adminLogout(request, response, next) { | ||
if ( request.url != url ) { | ||
return function adminLogout (request, response, next) { | ||
if (request.url !== url) { | ||
return next(); | ||
} | ||
var data = ''; | ||
var self = this; | ||
let data = ''; | ||
request.on( 'data', function(d) { | ||
request.on('data', d => { | ||
data += d.toString(); | ||
}); | ||
request.on( 'end', function() { | ||
var parts = data.split('.'); | ||
var payload = JSON.parse( new Buffer( parts[1], 'base64' ).toString() ); | ||
if ( payload.action == 'LOGOUT' ) { | ||
var sessionIDs = payload.adapterSessionIds; | ||
if ( ! sessionIDs ) { | ||
request.on('end', function () { | ||
let parts = data.split('.'); | ||
let payload = JSON.parse(new Buffer(parts[1], 'base64').toString()); | ||
if (payload.action === 'LOGOUT') { | ||
let sessionIDs = payload.adapterSessionIds; | ||
if (!sessionIDs) { | ||
keycloak.grantManager.notBefore = payload.notBefore; | ||
response.send( 'ok' ); | ||
response.send('ok'); | ||
return; | ||
} | ||
if ( sessionIDs && sessionIDs.length > 0 ) { | ||
var seen = 0; | ||
sessionIDs.forEach( function(id) { | ||
if (sessionIDs && sessionIDs.length > 0) { | ||
let seen = 0; | ||
sessionIDs.forEach(id => { | ||
keycloak.unstoreGrant(id); | ||
++seen; | ||
if ( seen == sessionIDs.length ) { | ||
response.send( 'ok' ); | ||
if (seen === sessionIDs.length) { | ||
response.send('ok'); | ||
} | ||
}); | ||
} else { | ||
response.send( 'ok' ); | ||
response.send('ok'); | ||
} | ||
@@ -62,2 +77,1 @@ } | ||
}; | ||
@@ -0,13 +1,26 @@ | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
module.exports = function(keycloak) { | ||
return function grantAttacher(request, response, next) { | ||
keycloak.getGrant( request, response ) | ||
.then( function(grant) { | ||
module.exports = function (keycloak) { | ||
return function grantAttacher (request, response, next) { | ||
keycloak.getGrant(request, response) | ||
.then(grant => { | ||
request.kauth.grant = grant; | ||
}) | ||
.then( next ) | ||
.catch( function() { | ||
next(); | ||
} ); | ||
.then(next).catch(() => next()); | ||
}; | ||
}; |
@@ -1,10 +0,26 @@ | ||
module.exports = function(keycloak, logoutUrl) { | ||
return function logout(request, response, next) { | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
if ( request.url != logoutUrl ) { | ||
module.exports = function (keycloak, logoutUrl) { | ||
return function logout (request, response, next) { | ||
if (request.url !== logoutUrl) { | ||
return next(); | ||
} | ||
if ( request.kauth.grant ) { | ||
keycloak.deauthenticated( request ); | ||
if (request.kauth.grant) { | ||
keycloak.deauthenticated(request); | ||
request.kauth.grant.unstore(request, response); | ||
@@ -14,12 +30,10 @@ delete request.kauth.grant; | ||
var host = request.hostname; | ||
var headerHost = request.headers.host.split(':'); | ||
var port = headerHost[1] || ''; | ||
let host = request.hostname; | ||
let headerHost = request.headers.host.split(':'); | ||
let port = headerHost[1] || ''; | ||
let redirectUrl = request.protocol + '://' + host + (port === '' ? '' : ':' + port) + '/'; | ||
let keycloakLogoutUrl = keycloak.logoutUrl(redirectUrl); | ||
var redirectUrl = request.protocol + '://' + host + ( port === '' ? '' : ':' + port ) + '/'; | ||
var keycloakLogoutUrl = keycloak.logoutUrl(redirectUrl); | ||
response.redirect( keycloakLogoutUrl ); | ||
response.redirect(keycloakLogoutUrl); | ||
}; | ||
}; |
@@ -1,18 +0,35 @@ | ||
var URL = require('url'); | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
module.exports = function(keycloak) { | ||
return function postAuth(request, response, next) { | ||
if ( ! request.query.auth_callback ) { | ||
const URL = require('url'); | ||
module.exports = function (keycloak) { | ||
return function postAuth (request, response, next) { | ||
if (!request.query.auth_callback) { | ||
return next(); | ||
} | ||
if ( request.query.error ) { | ||
return keycloak.accessDenied(request,response,next); | ||
if (request.query.error) { | ||
return keycloak.accessDenied(request, response, next); | ||
} | ||
keycloak.getGrantFromCode( request.query.code, request, response ) | ||
.then( function(grant) { | ||
var urlParts = { | ||
keycloak.getGrantFromCode(request.query.code, request, response) | ||
.then(grant => { | ||
let urlParts = { | ||
pathname: request.path, | ||
query: request.query, | ||
query: request.query | ||
}; | ||
@@ -24,13 +41,13 @@ | ||
var cleanUrl = URL.format( urlParts ); | ||
let cleanUrl = URL.format(urlParts); | ||
request.kauth.grant = grant; | ||
try { | ||
keycloak.authenticated( request ); | ||
keycloak.authenticated(request); | ||
} catch (err) { | ||
console.log( err ); | ||
console.log(err); | ||
} | ||
response.redirect( cleanUrl ); | ||
response.redirect(cleanUrl); | ||
}); | ||
}; | ||
}; | ||
}; |
@@ -1,48 +0,65 @@ | ||
var UUID = require('./../uuid' ); | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
function forceLogin(keycloak, request, response) { | ||
var host = request.hostname; | ||
var headerHost = request.headers.host.split(':'); | ||
var port = headerHost[1] || ''; | ||
var protocol = request.protocol; | ||
const UUID = require('./../uuid'); | ||
var redirectUrl = protocol + '://' + host + ( port === '' ? '' : ':' + port ) + request.url + '?auth_callback=1'; | ||
function forceLogin (keycloak, request, response) { | ||
let host = request.hostname; | ||
let headerHost = request.headers.host.split(':'); | ||
let port = headerHost[1] || ''; | ||
let protocol = request.protocol; | ||
request.session.auth_redirect_uri = redirectUrl; | ||
let redirectUrl = protocol + '://' + host + (port === '' ? '' : ':' + port) + (request.originalUrl || request.url) + '?auth_callback=1'; | ||
var uuid = UUID(); | ||
var loginURL = keycloak.loginUrl( uuid, redirectUrl ); | ||
response.redirect( loginURL ); | ||
if (request.session) { | ||
request.session.auth_redirect_uri = redirectUrl; | ||
} | ||
let uuid = UUID(); | ||
let loginURL = keycloak.loginUrl(uuid, redirectUrl); | ||
response.redirect(loginURL); | ||
} | ||
function simpleGuard(role,token) { | ||
function simpleGuard (role, token) { | ||
return token.hasRole(role); | ||
} | ||
module.exports = function(keycloak, spec) { | ||
module.exports = function (keycloak, spec) { | ||
let guard; | ||
var guard; | ||
if ( typeof spec == 'function' ) { | ||
if (typeof spec === 'function') { | ||
guard = spec; | ||
} else if ( typeof spec == 'string' ) { | ||
} else if (typeof spec === 'string') { | ||
guard = simpleGuard.bind(undefined, spec); | ||
} | ||
return function protect(request, response, next) { | ||
if ( request.kauth && request.kauth.grant ) { | ||
if ( ! guard || guard( request.kauth.grant.access_token, request, response ) ) { | ||
return function protect (request, response, next) { | ||
if (request.kauth && request.kauth.grant) { | ||
if (!guard || guard(request.kauth.grant.access_token, request, response)) { | ||
return next(); | ||
} | ||
return keycloak.accessDenied(request,response,next); | ||
return keycloak.accessDenied(request, response, next); | ||
} | ||
if (keycloak.config.bearerOnly){ | ||
return keycloak.accessDenied(request,response,next); | ||
}else{ | ||
if (keycloak.config.bearerOnly) { | ||
return keycloak.accessDenied(request, response, next); | ||
} else { | ||
forceLogin(keycloak, request, response); | ||
} | ||
}; | ||
}; |
@@ -0,5 +1,21 @@ | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
module.exports = function setup(request, response, next) { | ||
module.exports = function setup (request, response, next) { | ||
request.kauth = {}; | ||
next(); | ||
}; |
{ | ||
"name": "keycloak-connect", | ||
"version": "0.1.0", | ||
"version": "0.2.0", | ||
"description": "Keycloak Connect Middleware", | ||
@@ -8,5 +8,7 @@ "homepage": "http://keycloak.org", | ||
"scripts": { | ||
"lint": "jshint *.js stores/*.js middleware/*.js", | ||
"lint": "jshint *.js stores/*.js middleware/*.js example/*.js", | ||
"format": "semistandard", | ||
"coverage": "./node_modules/.bin/istanbul cover tape -- test/**.js", | ||
"prepublish": "nsp check", | ||
"test": "node test/index.js" | ||
"test": "node test/*.js" | ||
}, | ||
@@ -34,9 +36,13 @@ "keywords": [ | ||
"dependencies": { | ||
"keycloak-auth-utils": "0.1.0", | ||
"q": "^1.1.2" | ||
"keycloak-auth-utils": "0.1.1" | ||
}, | ||
"devDependencies": { | ||
"express": "^4.13.4", | ||
"express-session": "^1.13.0", | ||
"istanbul": "^0.4.3", | ||
"jshint": "^2.9.1", | ||
"tape": "^4.5.1", | ||
"nsp": "*" | ||
"nsp": "*", | ||
"semistandard": "^8.0.0", | ||
"supertest": "^1.2.0", | ||
"tape": "^4.5.1" | ||
}, | ||
@@ -43,0 +49,0 @@ "repository": { |
@@ -0,12 +1,28 @@ | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
BearerStore = {}; | ||
let BearerStore = {}; | ||
BearerStore.get = function(request) { | ||
var header = request.headers.authorization; | ||
BearerStore.get = (request) => { | ||
let header = request.headers.authorization; | ||
if ( header ) { | ||
if ( header.indexOf( 'bearer ') === 0 || header.indexOf( 'Bearer ' ) === 0 ) { | ||
var access_token = header.substring( 7 ); | ||
if (header) { | ||
if (header.indexOf('bearer ') === 0 || header.indexOf('Bearer ') === 0) { | ||
let accessToken = header.substring(7); | ||
return { | ||
access_token: access_token, | ||
access_token: accessToken | ||
}; | ||
@@ -17,2 +33,2 @@ } | ||
module.exports = BearerStore; | ||
module.exports = BearerStore; |
@@ -0,11 +1,27 @@ | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
CookieStore = {}; | ||
let CookieStore = {}; | ||
CookieStore.TOKEN_KEY = 'keycloak-token'; | ||
CookieStore.get = function(request) { | ||
var value = request.cookies[ CookieStore.TOKEN_KEY ]; | ||
if ( value ) { | ||
CookieStore.get = (request) => { | ||
let value = request.cookies[CookieStore.TOKEN_KEY]; | ||
if (value) { | ||
try { | ||
return JSON.parse( value ); | ||
return JSON.parse(value); | ||
} catch (err) { | ||
@@ -17,12 +33,12 @@ // ignore | ||
var store = function(request, response) { | ||
response.cookie( CookieStore.TOKEN_KEY, this.__raw ); | ||
let store = (request, response) => { | ||
response.cookie(CookieStore.TOKEN_KEY, this.__raw); | ||
}; | ||
var unstore = function(request, response) { | ||
response.clearCookie( CookieStore.TOKEN_KEY ); | ||
let unstore = (request, response) => { | ||
response.clearCookie(CookieStore.TOKEN_KEY); | ||
}; | ||
CookieStore.wrap = function(grant) { | ||
grant.store = store; | ||
CookieStore.wrap = (grant) => { | ||
grant.store = store; | ||
grant.unstore = unstore; | ||
@@ -29,0 +45,0 @@ }; |
@@ -0,3 +1,19 @@ | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
function SessionStore(store) { | ||
function SessionStore (store) { | ||
this.store = store; | ||
@@ -8,33 +24,30 @@ } | ||
SessionStore.prototype.getId = function(request) { | ||
return request.session.id; | ||
}; | ||
SessionStore.prototype.get = (request) => request.session[SessionStore.TOKEN_KEY]; | ||
SessionStore.prototype.get = function(request) { | ||
return request.session[ SessionStore.TOKEN_KEY ]; | ||
}; | ||
SessionStore.prototype.clear = function(sessionId) { | ||
var self = this; | ||
this.store.get( sessionId, function(err, session) { | ||
if ( session ) { | ||
delete session[ SessionStore.TOKEN_KEY ]; | ||
self.store.set( sessionId, session ); | ||
SessionStore.prototype.clear = (sessionId) => { | ||
let self = this; | ||
this.store.get(sessionId, (err, session) => { | ||
if (err) { | ||
console.log(err); | ||
} | ||
if (session) { | ||
delete session[SessionStore.TOKEN_KEY]; | ||
self.store.set(sessionId, session); | ||
} | ||
}); | ||
}; | ||
var store = function(request, response) { | ||
request.session[ SessionStore.TOKEN_KEY ] = this.__raw; | ||
let store = (request, response) => { | ||
request.session[SessionStore.TOKEN_KEY] = this.__raw; | ||
}; | ||
var unstore = function(request, response) { | ||
delete request.session[ SessionStore.TOKEN_KEY ]; | ||
let unstore = (request, response) => { | ||
delete request.session[SessionStore.TOKEN_KEY]; | ||
}; | ||
SessionStore.prototype.wrap = function(grant) { | ||
grant.store = store; | ||
SessionStore.prototype.wrap = (grant) => { | ||
grant.store = store; | ||
grant.unstore = unstore; | ||
}; | ||
module.exports = SessionStore; | ||
module.exports = SessionStore; |
29
uuid.js
@@ -0,6 +1,22 @@ | ||
/* | ||
* Copyright 2016 Red Hat Inc. All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
'use strict'; | ||
module.exports = function() { | ||
var s = []; | ||
var hexDigits = '0123456789abcdef'; | ||
for (var i = 0; i < 36; i++) { | ||
module.exports = function () { | ||
let s = []; | ||
const hexDigits = '0123456789abcdef'; | ||
for (let i = 0; i < 36; i++) { | ||
s[i] = hexDigits.substr(Math.floor(Math.random() * 0x10), 1); | ||
@@ -11,4 +27,3 @@ } | ||
s[8] = s[13] = s[18] = s[23] = '-'; | ||
var uuid = s.join(''); | ||
return uuid; | ||
}; | ||
return s.join(''); | ||
}; |
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
50048
1
20
988
0
0
8
29
+ Addedkeycloak-auth-utils@0.1.1(transitive)
- Removedq@^1.1.2
- Removedkeycloak-auth-utils@0.1.0(transitive)
- Removedq@1.5.1(transitive)
Updatedkeycloak-auth-utils@0.1.1