Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
moneypenny
Advanced tools
moneypenny - Authentication Service
[
](https://circleci.com/gh/blueflag/m
oneypenny/tree/master)
Moneypenny acts as an authentication service that offers multiple authentication strategies to a backend service and sends a JSON web token(JWT) encripted using a shared secret as a response.
Other services in the architecture should also know the shared secret allowing the token to be passed around in API calls to provide user information related to the request.
##Generating Documentation
npm run doc
##Related Projects
##Sample Useage
##Endpoints
The following endpoints are established by the initialize(app) function
| Endpoint | Description |
|---|---|
| /oauth2/authorization | oAuth2 Authorization Endpoint |
| /oauth2/token | oAuth2 Token Endpoint |
| /logout | Logout user from moneypenny |
##API documentation.
moneypenny-server
Authentication server that uses both oAuth2 and JWT for authentication For single sign on.
- moneypenny-server
- module.exports(options) ⇒
MoneyPenny⏏
- module.exports(options) ⇒
module.exports(options) ⇒ MoneyPenny ⏏
Create a moneypenny server
Kind: Exported function
Returns: MoneyPenny - moneypenny service.
| Param | Type | Description |
|---|---|---|
| options | Options | options to configure moneypenny with. |
module.exports~ensureAuthenticated
Middleware for checking that people using the service are authenticated.
Adds req.sesson.returnTo, the url to redirect the user to after login.
Kind: inner property of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request to check authenticated |
| res | response | express response related to this request |
| next | function | callback to next middleware to handle request. |
module.exports~ensureAuthenticated(req, res, next)
Middleware for checking that people using the service are authenticated.
Adds req.sesson.returnTo, the url to redirect the user to after login.
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request to check authenticated |
| res | response | express response related to this request |
| next | function | callback to next middleware to handle request. |
module.exports~initialize(app)
Initalize moneypenny. adds oauth authentication endpoints to express app
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| app | express-app | the express app that this will run on. |
Example
var express = require('express');
var moneypenny = require('moneypenny');
var MongoStore = require('moneypenny-mongo-storage');
var MongoClient = require('mongodb').MongoClient;
MongoClient.connect('monogdb://localhost:27017/moneypenny', function(err, db) {
var mpMongoStore = MongoStore(db);
var app = express();
var mpOptions = {
secretOrPrivateKey: 'topsecret',
storageProvider: mpMongoStore
}
var mps = moneypenny(mpOptions);
// Following endpoints will be addded to the server.
// /oauth2/token - token endpoint.
// /logout - logout endpoint.
// /oauth2/authorization - authorization endpoint.
mps.initialize(app);
});
module.exports~serializeUser()
Used for passport to serialize the session user. using this method will allow the oauth server to send whatever details are in the user object serialized.
Kind: inner method of module.exports
See: http://passportjs.org/docs/configure#sessions
Example
passport.serializeUser(authServer.serializeUser);
Example
//remove password from user, then serialize.
passport.serializeUser((user, done)=>{
user.password = ''
return authServer.serializeUser(user, done);
})
module.exports~deserializeUser()
Used for passport to deserialize the session user.
Kind: inner method of module.exports
Example
passport.deserializeUser(authServer.deserializeUser);
module.exports~loginAndRedirect(req, res, next)
Helper method for login, this method can be used once a login is established from a passport strategy
It will redirect the users back to the approprate locationexpiresIn
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request to check authenticated |
| res | response | express response related to this request |
| next | function | callback to next middleware to handle request. |
module.exports~jwtToken(req, res) ⇒ String
Express middleware that returns a JWT token.
Kind: inner method of module.exports
Returns: String - jwt token for the user
| Param | Type | Description |
|---|---|---|
| req | request | Express JS Request Object |
| res | response | Express JS Response Object |
module.exports~jwt(user, ttl) ⇒ String
Sign a JWT token.
Kind: inner method of module.exports
Returns: String - encoded JWT token.
| Param | Type | Description |
|---|---|---|
| user | Object | user to encode. |
| ttl | Number | time for the token to live. (set to value in option if none is sent) |
module.exports~user(JWT) ⇒ Object
Get a user from a JWT token.
Kind: inner method of module.exports
Returns: Object - enncoded user object.
| Param | Type | Description |
|---|---|---|
| JWT | String | token to decode. |
module.exports~logoutAndRedirect(req, res, next)
Helper method for logging out, logs user out of authentication server after logging user out from all other servers.
Not Yet Implemented
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request |
| res | response | express response |
| next | function | callback to next middleware to handle request. |
module.exports~Options : Options
Options that will be passed to the moneypenny server to determine how to initialize.
Kind: inner typedef of module.exports
Properties
| Name | Type | Description |
|---|---|---|
| redirectUrl | String | default redirect url to use if no previous url is found. |
| loginUrl | String | url to redirect to for login. |
| secretOrPrivateKey | String | secret or private key to use for JWT encryption. |
| ttl | Number | lifespan of a token. |
| storageProvider | StorageProvider | storage provider to use to store autentication details. Such as 'moneypenny-mongo-store'. @see https://github.com/blueflag/moneypenny-mongo-storage |
FAQs
Authentication Server
We found that moneypenny demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 12 Feb 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025