Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

mongoose-plugin-auth

Package Overview
Dependencies
Maintainers
2
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

mongoose-plugin-auth

Mongoose.js plugin to add authorization methods to models.

  • 2.0.1
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
2
Created
Source

mongoose-plugin-auth

Build Status Code Climate for CentralPing/mongoose-plugin-auth Dependency Status for CentralPing/mongoose-plugin-auth

A mongoose.js plugin to add authorization methods to models and instances.

Installation

npm i --save mongoose-plugin-auth

API Reference

Example

const authPlugin = require('mongoose-plugin-auth');
const schema = Schema({...});
schema.plugin(authPlugin[, OPTIONS]);

mongoose-plugin-auth~options

Kind: inner property of mongoose-plugin-auth

ParamTypeDefaultDescription
[options]object
[options.username]objectoptions for configuring the username.
[options.username.path]string"username"the path for storing the username. Value can be set to _id
[options.username.options]objectoptions for configuring the username path in the schema.
[options.username.options.type]objectStringobject type for the username path. Specifying an existing username path ignores all options specified here.
[options.username.options.required]booleantruespcifies wether the username path is required.
[options.username.options.unique]booleantruespcifies wether the username path is required.
[options.username.options.sparse]booleantruespcifies wether the username path is required.
[options.username.options.trim]booleantruespcifies wether the username path is required.
[options.username.missingError]string"Username was not specified"message returned via an error object for methods requiring a username.
[options.username.incorrectError]string"Unknown username"message returned via an error object if username does not match a record.
[options.passphrase]objectoptions for configuring the passphrase.
[options.passphrase.path]string"passphrase"the path for storing the passphrase.
[options.passphrase.options]objectoptions for configuring the passphrase path in the schema.
[options.passphrase.options.type]objectStringobject type for the passphrase path. Specifying an existing passphrase path ignores all options specified here.
[options.passphrase.options.required]booleantruespcifies wether the passphrase path is required.
[options.passphrase.missingError]string"Passphrase was not specified"message returned via an error object for methods requiring a passphrase.
[options.passphrase.incorrectError]string"Incorrect passphrase"message returned via an error object if passphrase does not match the record.
[options.salt]objectoptions for configuring the salt.
[options.salt.path]string"salt"the path for storing the salt.
[options.salt.options]objectoptions for configuring the salt path in the schema.
[options.salt.options.type]objectStringobject type for the salt path. Specifying an existing salt path ignores all options specified here.
[options.salt.options.required]booleantruespcifies wether the salt path is required.
[options.salt.len]number32the string length to use for the salt.
[options.hash]objectoptions for configuring the hash using the crypto module.
[options.hash.iterations]number25000number of iterations for generating the hash.
[options.hash.keylen.type]number512the string length of the generated hash.
[options.hash.encoding]string"hex"the encoding algorithm to use for the hash.
[options.hash.digest]string"sha512"the HMAC digest algorithm to use for the hash. (Node v8+)
[options.Error]objectErrorError object to use for reporting errors. Must be of the type Error or inherites from it
[options.select]stringMongoose field selection to use for authenticate method/static.
[options.populate]stringMongoose populate selection to use for authenticate method/static.

mongoose-plugin-auth~register([username], passphrase, [extra], [cb]) ⇒ promise

The register static is a convenience function to add a new user document.

Kind: inner method of mongoose-plugin-auth

ParamTypeDescription
[username]stringUsername value to use. Optional if using the _id value.
passphrasestringRaw passphrase value. Hashed automatically before storing using crypto module.
[extra]objectAny extra object properties that match the schema to be included in the new user document.
[cb]functionA mongoose promise is returned if no callback is provided.

Example

MyUserModel.register('tom', 'my secret passphrase', { email: tom@jerry.com }, function(err, user) { ..});
MyUserModel.register('tom', 'my secret passphrase', { email: tom@jerry.com }).then(function(user) {...}).catch(function(err) {...}); // Uses promise
MyUserModel.register('tom', 'my secret passphrase', function(err, user) {...});
MyUserModel.register('tom', 'my secret passphrase').then(function(user) {...}).catch(function(err) {...}); // Uses promise
MyUserModel.register('my secret passphrase', { email: tom@jerry.com }, function(err, user) {...}); // Uses `_id` for the username
MyUserModel.register('my secret passphrase', { email: tom@jerry.com }).then(function(user) {...}).then(function(err) {...}); // Uses promise and `_id` for the username
MyUserModel.register('my secret passphrase', function(err, user) {...}); // Uses `_id` for the username
MyUserModel.register('my secret passphrase').then(function(user) {...}).then(function(err) {...}); // Uses promise and `_id` for the username

mongoose-plugin-auth~setPassphrase(username, passphrase, newPassphrase, [extra], [cb]) ⇒ promise

The setPassphrase static is a convenience function to set the passphrase for a user. Alternatively you can simply set the passphrase to a new value directly on the document object and save/update.

Kind: inner method of mongoose-plugin-auth

ParamTypeDescription
usernamestringUsername value to use.
passphrasestringRaw passphrase value. Hashed automatically before storing using crypto module.
newPassphrasestringRaw new passphrase value. Hashed automatically before storing using crypto module.
[extra]objectAny extra object properties that match the schema to be included in the update.
[cb]functionA mongoose promise is returned if no callback is provided.

Example

MyUserModel.setPassphrase('tom', 'my secret passphrase', 'my new secret passphrase', { email: tom@jerry.com }, function(err, user) {...});
MyUserModel.setPassphrase('tom', 'my secret passphrase', 'my new secret passphrase', { email: tom@jerry.com }).then(function(user) {...}).then(function(err) {...}); // Uses promise
MyUserModel.setPassphrase('tom', 'my secret passphrase', 'my new secret passphrase', function(err, user) {...});
MyUserModel.setPassphrase('tom', 'my secret passphrase', 'my new secret passphrase').then(function(user) {...}).then(function(err) {...}); // Uses promise

mongoose-plugin-auth~setPassphrase(passphrase, [extra], [cb]) ⇒ promise

The setPassphrase method is a convenience function to set the passphrase for a user. Alternatively you can simply set the passphrase to a new value directly on the document object and save/update.

Kind: inner method of mongoose-plugin-auth

ParamTypeDescription
passphrasestringRaw new passphrase value. Hashed automatically before storing using crypto module.
[extra]objectAny extra object properties that match the schema to be included in the update.
[cb]functionA mongoose promise is returned if no callback is provided.

Example

user.setPassphrase('my new secret passphrase', { email: tom@jerry.com }, function(err, user) {...});
user.setPassphrase('my new secret passphrase', { email: tom@jerry.com }).then(function(user) {...}).then(function(err) {...}); // Uses promise
user.setPassphrase('my new secret passphrase', function(err, user) {...});
user.setPassphrase('my new secret passphrase').then(function(user) {...}).then(function(err) {...}); // Uses promise

mongoose-plugin-auth~authenticate(username, passphrase, [cb]) ⇒ promise

The authenticate static is a function to validate the passphrase for a user.

Kind: inner method of mongoose-plugin-auth

ParamTypeDescription
usernamestringUsername value to use.
passphrasestringRaw passphrase value. Hashed automatically before storing using crypto module.
[cb]functionA mongoose promise is returned if no callback is provided.

Example

MyUserModel.authenticate('tom', 'my secret passphrase', function(err, user) {...});
MyUserModel.authenticate('tom', 'my secret passphrase').then(function(user) {...}).then(function(err) {...}); // Uses promise

mongoose-plugin-auth~authenticate(passphrase, [cb]) ⇒ promise

The authenticate method is a function to validate the passphrase for a user.

Kind: inner method of mongoose-plugin-auth

ParamTypeDescription
passphrasestringRaw passphrase value. Hashed automatically before storing using crypto module.
[cb]functionA mongoose promise is returned if no callback is provided.

Example

user.authenticate('my secret passphrase', function(err, user) {...});
user.authenticate('my secret passphrase').then(function(user) {...}).then(function(err) {...}); // Uses promise

Examples

With Defaults

const authPlugin = require('mongoose-plugin-auth');
const schema = Schema({ foo: String });
schema.plugin(authPlugin);

const Foo = mongoose.model('Foo', schema);
Foo.register('tom', 'my new passphrase').then(function (user) {
  // user is a new document persisted to the database
});

// ...

Foo.authenticate('tom', 'my new passphrase').then(function (user) {
  // user is the authenticated user document
}).catch(function(err) {
  // err will report any authentication errors.
});

With Options (using _id as username)

const authPlugin = require('mongoose-plugin-auth');
const schema = Schema({ foo: String });
schema.plugin(authPlugin{
  username: { path: '_id' }
});

const Foo = mongoose.model('Foo', schema);
Foo.register('my new passphrase').then(function (user) {
  // user is a new document persisted to the database
});

// ...

Foo.authenticate('507f191e810c19729de970fb', 'my new passphrase').then(function (user) {
  // user is the authenticated user document
}).catch(function(err) {
  // err will report any authentication errors.
});

License

Apache 2.0

Keywords

FAQs

Package last updated on 08 Aug 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft

Security News

Research

Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft

Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.

By Kirill Boychenko  -  Nov 27, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc