Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
This package provides authentication module with interceptor
npm install ngx-auth --save
Note: If you want to use library for angular 5, use version 3.1.0
npm install ngx-auth@3.1.0 --save
Note: If you want to use library for angular 4, use version 2.2.0
npm install ngx-auth@2.2.0 --save
Full example you can find in this repo serhiisol/ngx-auth-example
Authentication modules provides ability to attach authentication token automatically to the headers (through http interceptors), refresh token functionality, guards for protected or public pages and more.
AuthService
interface to implement it with your custom Authentication service, e.g.:import { AuthService } from 'ngx-auth';
@Injectable()
export class AuthenticationService implements AuthService {
constructor(private http: Http) {}
public isAuthorized(): Observable<boolean> {
const isAuthorized: boolean = !!localStorage.getItem('accessToken');
return Observable.of(isAuthorized);
}
public getAccessToken(): Observable<string> {
const accessToken: string = localStorage.getItem('accessToken');
return Observable.of(accessToken);
}
public refreshToken(): Observable<any> {
const refreshToken: string = localStorage.getItem('refreshToken');
return this.http
.post('http://localhost:3001/refresh-token', { refreshToken })
.catch(() => this.logout())
}
public refreshShouldHappen(response: HttpErrorResponse): boolean {
return response.status === 401;
}
public verifyTokenRequest(url: string): boolean {
return url.endsWith('refresh-token');
}
}
PublicGuard
for public routes and ProtectedGuard
for protected respectively, e.g.:const publicRoutes: Routes = [
{
path: '',
component: LoginComponent,
canActivate: [ PublicGuard ]
}
];
const protectedRoutes: Routes = [
{
path: '',
component: ProtectedComponent,
canActivate: [ ProtectedGuard ],
children: [
{ path: 'dashboard', loadChildren: './dashboard/dashboard.module#DashboardModule' }
]
}
];
AuthenticationModule
and provide important providers and imports, e.g.:import { NgModule } from '@angular/core';
import { AuthModule, AUTH_SERVICE, PUBLIC_FALLBACK_PAGE_URI, PROTECTED_FALLBACK_PAGE_URI } from 'ngx-auth';
import { AuthenticationService } from './authentication.service';
@NgModule({
imports: [ AuthModule ],
providers: [
{ provide: PROTECTED_FALLBACK_PAGE_URI, useValue: '/' },
{ provide: PUBLIC_FALLBACK_PAGE_URI, useValue: '/login' },
{ provide: AUTH_SERVICE, useClass: AuthenticationService }
]
})
export class AuthenticationModule {
}
where,
PROTECTED_FALLBACK_PAGE_URI
- main protected page to be redirected to, in case if user will reach public route, that is protected
by PublicGuard
and will be authenticated
PUBLIC_FALLBACK_PAGE_URI
- main public page to be redirected to, in case if user will reach protected route, that is protected
by ProtectedGuard
and won't be authenticated
AUTH_SERVICE
- Authentication service token providers
AuthenticationModule
in your AppModule
By default, requests are intercepted and a { Authorization: 'Bearer ${token}'}
header is injected. To customize this behavior, implement the getHeaders
method on your AuthenticationService
FAQs
Angular 16+ Authentication module
The npm package ngx-auth receives a total of 1,424 weekly downloads. As such, ngx-auth popularity was classified as popular.
We found that ngx-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.