limes - npm Package Compare versions
Comparing version 4.0.0 to 4.1.0
@@ -107,5 +107,16 @@ "use strict"; | ||
| else { | ||
| const payload = { | ||
| [`${issuerForAnonymousTokens}/is-anonymous`]: true | ||
| }; | ||
| let subject = 'anonymous'; | ||
| if (req.headers['x-anonymous-id']) { | ||
| subject += `-${req.headers['x-anonymous-id']}`; | ||
| } | ||
| else if (req.query.anonymousId) { | ||
| subject += `-${req.query.anonymousId}`; | ||
| } | ||
| ({ token, decodedToken } = Limes.issueUntrustedToken({ | ||
| issuer: issuerForAnonymousTokens, | ||
| subject: 'anonymous' | ||
| subject, | ||
| payload | ||
| })); | ||
@@ -112,0 +123,0 @@ } |
@@ -173,5 +173,18 @@ import IdentityProvider from './IdentityProvider'; | ||
| } else { | ||
| const payload = { | ||
| [`${issuerForAnonymousTokens}/is-anonymous`]: true | ||
| }; | ||
| let subject = 'anonymous'; | ||
| if (req.headers['x-anonymous-id']) { | ||
| subject += `-${req.headers['x-anonymous-id']}`; | ||
| } else if (req.query.anonymousId) { | ||
| subject += `-${req.query.anonymousId}`; | ||
| } | ||
| ({ token, decodedToken } = Limes.issueUntrustedToken({ | ||
| issuer: issuerForAnonymousTokens, | ||
| subject: 'anonymous' | ||
| subject, | ||
| payload | ||
| })); | ||
@@ -178,0 +191,0 @@ } |
| { | ||
| "name": "limes", | ||
| "version": "4.0.0", | ||
| "version": "4.1.0", | ||
| "description": "limes authenticates users.", | ||
@@ -30,4 +30,5 @@ "contributors": [ | ||
| "express": "4.17.1", | ||
| "roboter": "7.1.1", | ||
| "supertest": "4.0.2" | ||
| "roboter": "7.1.2", | ||
| "supertest": "4.0.2", | ||
| "uuidv4": "5.0.0" | ||
| }, | ||
@@ -34,0 +35,0 @@ "repository": { |
@@ -128,8 +128,22 @@ # limes | ||
| If a request does not provide a token, a token for an anonymous user will be issued. This issue uses `anonymous` for the `sub` property, and the aforementioned issuer for anonymous tokens. | ||
| If a request does have an invalid token, an expired one, or one from an unknown issuer, the middleware returns the status code `401`. | ||
| ### Handling anonymous users | ||
| If a request does not provide a token, a token for an anonymous user will be issued. This issued token uses `anonymous` for the `sub` property, and the aforementioned issuer for anonymous tokens. Anonymous tokens have an additional claim `<issuerForAnonymousTokens>/is-anonymous` set to `true`. | ||
| _Please make sure that your application code handles anonymous users in an intended way! The middleware does not block anonymous users, it just identifies and marks them!_ | ||
| If a request does have an invalid token, an expired one, or one from an unknown issuer, the middleware returns the status code `401`. | ||
| To differ between multiple anonymous users, your client can send a uuid using the `X-Anonymous-Id` header: | ||
| X-Anonymous-Id: <uuid> | ||
| Alternatively, you may pass the uuid via the query string parameter `anonymousId`: | ||
| GET /foo/bar?anonymousId=<uuid> | ||
| This issued token uses `anonymous-<uuid>` for the `sub` property. | ||
| If both a token and an anonymous id are provided, the anonymous id is ignored. | ||
| ## Running the build | ||
@@ -136,0 +150,0 @@ |
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by6.6%
21996
- Lines of code
- increased by5.22%
423
- Number of lines in readme file
- increased by10.07%
153
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Dev dependency count
- increased by14.29%
8