
Product
Announcing Socket Fix 2.0
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
resolve-auth
Advanced tools
Provides an authentication mechanism using Passport authentication strategy.
First of all, create file with your strategy and add auth
section into config.app.json
for your application (see hacker-news
example).
Next, choose a type of authentication strategy (see passport-local or [passport-google-oauth](https://github.com/jaredhanson/passport-google-oauth for example) ) and define options of it.
Create your strategy in strategyConstructor
function using options
.
Return an array of tuples { strategy, options }
for every used route in your app.
Here is the simple example of local
strategy, but you can use any other Passport strategy similarly.
import { Strategy } from 'passport-local'
import jwt from 'jsonwebtoken'
import jwtSecret from './jwtSecret'
const options = routes.map(({ path, method, callback }) => ({
strategy: {
usernameField: 'username',
passwordField: 'username',
successRedirect: null
},
route: {
path: '/register',
method: 'POST'
},
callback: async (_, username) =>
jwt.sign( // here fake use is created
{ // for user storing into db see HakerNews example
name: username // https://github.com/reimagined/resolve/tree/master/examples/hacker-news
},
jwtSecret
)
}))
const strategyConstructor = options =>
new Strategy(
{
...options.strategy,
passReqToCallback: true
},
async (req, username, password, done) => {
try {
done(null, await options.callback(req, username, password))
} catch (error) {
done(error)
}
}
)
export default [{ options, strategyConstructor }]
FAQs
This package provide an auth to your app.
The npm package resolve-auth receives a total of 27 weekly downloads. As such, resolve-auth popularity was classified as not popular.
We found that resolve-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
Security News
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
Product
Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.