passport-control-tower - npm Package Compare versions

Comparing version 0.1.1 to 0.1.2

lib/auth.js

@@ -7,6 +7,6 @@ const request = require('superagent');
   this.name = 'control-tower';
-  if (!options.apiUrl) throw new TypeError('apiUrl param is required');
+  if (!options.controlTowerUrl) throw new TypeError('Control Tower URL (controlTowerUrl) param is required');
   if (!options.callbackUrl) throw new TypeError('callbackUrl param is required');
   passport.Strategy.call(this);
-  this.apiUrl = options.apiUrl;
+  this.controlTowerUrl = options.controlTowerUrl;
   this.callbackUrl = options.callbackUrl;
@@ -18,2 +18,10 @@ }
 
+function reqParamFromQuery(paramName, request) {
+  let token = null;
+  if (request.query && Object.prototype.hasOwnProperty.call(request.query, paramName)) {
+    token = request.query[paramName];
+  }
+  return token;
+}
+
 /**
@@ -23,12 +31,26 @@ * Authentication method
 Strategy.prototype.authenticate = function authenticate(req) {
-  passport.Strategy.call(this);
-  if (!req.isAuthenticated() && !req.query.token) {
-    this.redirect(`${this.apiUrl}/auth?callbackUrl=${this.callbackUrl}&token=true`);
-  } else {
-    this.verify({ token: req.query.token }, (err, user, info) => {
-      if (err) return this.error(err);
-      if (!user) return this.fail(info);
-      return this.success(user, info);
-    });
+  const self = this;
+  const token = reqParamFromQuery('token', req);
+
+  if (!token) {
+    return self.fail(new Error('No auth token'));
   }
+
+  // Save token in session
+
+  const verified = function(err, user, info) {
+    if (err) {
+      return self.error(err);
+    }
+    if (!user) {
+      return self.fail(info);
+    }
+    return self.success(user, info);
+  };
+
+  try {
+    self.verify(token, verified);
+  } catch(ex) {
+    self.error(ex);
+  }
 };
@@ -39,5 +61,5 @@
  */
-Strategy.prototype.verify = function verify(user, done) {
-  request(`${this.apiUrl}/auth/check-logged`)
-    .set('Authorization', `Bearer ${user.token}`)
+Strategy.prototype.verify = function verify(token, done) {
+  request(`${this.controlTowerUrl}/auth/check-logged`)
+    .set('Authorization', `Bearer ${token}`)
     .end((err, res) => {
@@ -52,2 +74,6 @@ if (err) {
 
+Strategy.prototype.login = function(req, res) {
+  res.redirect(`${this.controlTowerUrl}/auth?callbackUrl=${this.callbackUrl}&token=true`);
+};
+
 Strategy.prototype.error = function error(err) {
@@ -54,0 +80,0 @@ throw err || 'An error happened';

package.json

 {
   "name": "passport-control-tower",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "A Passport's strategy for Control Tower",
@@ -5,0 +5,0 @@ "main": "lib/auth.js",

README.md

@@ -1,4 +0,4 @@
-# Passport control tower Strategy
+# Passport Control Cower Strategy
 
-A Passport's strategy for Control Tower
+A Passport's strategy for applications based on [Control Tower](https://github.com/control-tower/control-tower)'s authentication.
 
@@ -11,65 +11,24 @@ ## Installation
 
-## Example of use
 
+## Usage
+
 ```js
-const express = require('express');
-const passport = require('passport');
-const ControlTowerStrategy = require('passport-control-tower');
-const cookieParser = require('cookie-parser');
-const bodyParser = require('body-parser');
-const app = express();
-
-function isAuthenticated(req, res, next) {
-  if (req.isAuthenticated()) return next();
-  // if they aren't redirect them to the home page
-  res.redirect('/login');
-}
-
-// Use the Control Tower Strategy within Passport.
 passport.use(new ControlTowerStrategy({
-  apiUrl: '[CONTROL_TOWER_API_URL]',
+  controlTowerUrl: '[CONTROL_TOWER_API_URL]',
   callbackUrl: '[YOUR_CALLBACK_URL]'
 }));
+```
 
-// Passport session setup.
-//   To support persistent login sessions, Passport needs to be able to
-//   serialize users into and deserialize users out of the session.
-passport.serializeUser(function(user, done) {
-  done(null, user);
-});
-passport.deserializeUser(function(obj, done) {
-  done(null, obj);
-});
+### Examples of use:
 
-// configure Express
-app.use(cookieParser());
-app.use(bodyParser.urlencoded({ extended: false }));
-app.use(bodyParser.json());
-app.use(require('express-session')({ secret: 'keyboard cat', resave: false, saveUninitialized: false }));
-// Initialize Passport!  Also use passport.session() middleware, to support
-// persistent login sessions (recommended).
-app.use(passport.initialize());
-app.use(passport.session());
+* [Express JS](./examples/express-example.js)
+* [Next JS](./examples/next-example.js)
 
-app.get('/', function(req, res) {
-  res.send('Welcome!');
-});
 
-app.get('/private', isAuthenticated, function(req, res) {
-  res.send('Success!');
-});
+## Contributing
 
-app.get('/login', passport.authenticate('control-tower'), function(req, res) {
-  // Success
-  res.redirect('/private');
-});
-
-app.get('/logout', function(req, res) {
-  req.session.destroy();
-  req.logout();
-  // Success
-  res.redirect('/');
-});
-
-app.listen(3000);
-```
+* Fork it!
+* Create your feature branch: git checkout -b feature/my-new-feature
+* Commit your changes: git commit -am 'Add some feature'
+* Push to the branch: git push origin feature/my-new-feature
+* Submit a pull request :D

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Improved metrics

Total package byte prevSize

98524

4.27%

Number of package files

10

25%

Lines of code

218

257.38%

Worsened metrics

Number of lines in readme file

34

-54.67%

Number of low supply chain risk alerts

4

Infinity%

No dependency changes