Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
passport-selfkey
Advanced tools
Readme
Passport strategy for authenticating using Login with SelfKey.
This is the passport strategy for integrating Login with SelfKey authentication for NodeJS apps. Reasonably simple to integrate with standard NodeJS middleware including Connect and Express.
$ npm install passport-selfkey
The Login with SelfKey strategy authenticates users using a nonce, signature and ethereum address public key. You will need to include the selfkey.js library to perform the signature verification. This strategy requires a verify
callback, which accepts these credentials and calls done
providing a user. The request object is passed as the first argument.
const selfkey = require('selfkey.js')
const SelfKeyStrategy = require('passport-selfkey').Strategy
/**
* Login with SelfKey Passport Config
*/
passport.use(new SelfKeyStrategy((req, nonce, signature, publicKey, done) => {
// if the signature verification succeeds
if (selfkey.verifySignature(nonce, signature, publicKey)) {
// find user with existing wallet
User.findOne({wallet: publicKey}, (err, existingUser) => {
if (err) return done(err)
// if a wallet is found then add token to user object
if (existingUser) {
const token = generateToken()
User.update({wallet: publicKey}, {token: token}, (err, user) => {
if (err) return done(err)
return done(null, user)
})
} else {
// no user with this address
return done(null, false)
}
})
} else {
// verification fails
return done(null, false)
}
}))
Use passport.authenticate()
, specifying the 'selfkey'
strategy, to authenticate requests.
For example, as route middleware in an Express application:
app.post('/auth/selfkey', passport.authenticate('selfkey', {session: false}), (req, res) => {
return res.status(200).json({message: 'Is Authenticated', successUrl: 'https://example.com/success.html'})
})
Copyright (c) 2018 SelfKey Foundation https://selfkey.org/
FAQs
Login with SelfKey strategy for PassportJS.
The npm package passport-selfkey receives a total of 0 weekly downloads. As such, passport-selfkey popularity was classified as not popular.
We found that passport-selfkey demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.