Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
node-oauth2-server
Advanced tools
node-oauth2-server - npm Package Compare versions
Comparing version 1.2.5 to 1.3.0
@@ -0,1 +1,17 @@ | ||
| /** | ||
| * Copyright 2013-present NightWorld. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| // Modules | ||
@@ -2,0 +18,0 @@ var error = require('./error'); |
@@ -0,1 +1,16 @@ | ||
| /** | ||
| * Copyright 2013-present NightWorld. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
@@ -2,0 +17,0 @@ module.exports = OAuth2Error; |
@@ -44,2 +44,3 @@ /** | ||
| this.debug = config.debug || false; | ||
| this.passthroughErrors = config.passthroughErrors; | ||
@@ -68,22 +69,34 @@ this.accessTokenLifetime = config.accessTokenLifetime || 3600; | ||
| var allowed = this.allow, | ||
| allowedIsArray = Array.isArray(allowed), | ||
| allowCache = allowedIsArray ? false : {}, | ||
| oauth = this; | ||
| return function (req, res, next) { | ||
| var allow = [], | ||
| method; | ||
| var method = req.method.toLowerCase(), | ||
| allow = allowedIsArray ? allowCache : allowCache[method]; | ||
| // Convert allow object into array for this method | ||
| if (allowed instanceof Array) { | ||
| allow = allowed; | ||
| } else { | ||
| allow = allow.concat(allowed.all || []); | ||
| allow = allow.concat(allowed[req.method.toLowerCase()] || []); | ||
| // Build allow object this method if haven't yet already | ||
| if (!allow) { | ||
| var paths = allowedIsArray ? allowed : | ||
| Array.prototype.concat(allowed.all || [], allowed[method] || []); | ||
| allow = { | ||
| len: paths.length, | ||
| regex: new RegExp('^(' + paths.join('|') + ')$') | ||
| }; | ||
| if (allowedIsArray) { | ||
| allowCache = allow; | ||
| } else { | ||
| allowCache[method] = allow; | ||
| } | ||
| } | ||
| // Setup request params | ||
| req.oauth = {}; | ||
| req.oauth = { internal: false }; | ||
| if (req.path === '/oauth/token') { | ||
| req.oauth.internal = true; | ||
| return token.handle.apply(oauth, arguments); | ||
| } else if (!allow.length || !req.path.match(new RegExp('^(' + allow.join('|') + ')$'))) { | ||
| } else if (!allow.len || !req.path.match(allow.regex)) { | ||
| return authorise.handle.apply(oauth, arguments); | ||
@@ -115,6 +128,7 @@ } else { | ||
| if (oauth.debug) console.log(err.stack || err); | ||
| if (oauth.passthroughErrors && !req.oauth.internal) return next(err); | ||
| delete err.stack; | ||
| res.send(err.code, err); | ||
| }; | ||
| }; |
@@ -0,1 +1,16 @@ | ||
| /** | ||
| * Copyright 2013-present NightWorld. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| // Modules | ||
@@ -2,0 +17,0 @@ var crypto = require('crypto'), |
| { | ||
| "name": "node-oauth2-server", | ||
| "description": "Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js", | ||
| "version": "1.2.5", | ||
| "version": "1.3.0", | ||
| "keywords": [ | ||
@@ -6,0 +6,0 @@ "oauth", |
@@ -39,4 +39,16 @@ # Node OAuth2 Server [](https://travis-ci.org/nightworld/node-oauth2-server) | ||
| Note: As no model was actually implemented here, delving any deaper, i.e. passing an access token, will just cause a server error. See below for the specification of what's required from the model. | ||
| Note: As no model was actually implemented here, delving any deeper, i.e. passing an access token, will just cause a server error. See below for the specification of what's required from the model. | ||
| See: https://github.com/nightworld/node-oauth2-server/tree/master/examples/postgresql for a full examply using postgres. | ||
| ## Features | ||
| - Supports password and extension (custom) grant types | ||
| - Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis... | ||
| - Full test suite | ||
| ## Limitations | ||
| - Does not yet support authorization code or refresh_token grant types | ||
| ## Options | ||
@@ -48,2 +60,3 @@ | ||
| - `debug` `Boolean` Whether to log errors to console | ||
| - `passthroughErrors` `Boolean` If true, **non grant** errors will not be handled internally (so you can ensure a consistent format with the rest of your api) | ||
| - `accessTokenLifetime` `Number` Life of access tokens in seconds (defaults to 3600) | ||
@@ -79,2 +92,6 @@ - `refreshTokenLifetime` `Number` Life of refresh tokens in seconds (defaults to 1209600) | ||
| `client` should, at least, take the form: | ||
| - `client_id` `String` Client id | ||
| ### grantTypeAllowed(clientId, grantType, callback) | ||
@@ -104,2 +121,3 @@ - `clientId` `String` | ||
| ### getUser(username, password, callback) | ||
| used only when granting tokens using password grant type | ||
| - `username` `String` | ||
@@ -109,3 +127,3 @@ - `password` `String` | ||
| - `error` `Mixed` Truthy to indicate an error | ||
| - `user` `Object|Boolean` The user retrieved from storage or falsey to indicate an invalid user (saved in req.user) | ||
| - `user` `Object|Boolean` The user retrieved from storage or falsey to indicate an invalid user | ||
@@ -112,0 +130,0 @@ |
New alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by21.82%
67036
- Number of package files
- increased by38.46%
18
- Lines of code
- increased by20.53%
1403
- Number of lines in readme file
- increased by13.14%
155
Worsened metrics
- Number of low supply chain risk alerts
- increased by100%
2
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes