Timo Hocker
a3f021fdd2
All checks were successful
continuous-integration/drone/push Build is passing
3.9 KiB
3.9 KiB
auth-server-helper
version: 2.0.x
customizable and simple authentication
Installation
npm:
npm i --save auth-server-helper
yarn:
yarn add auth-server-helper
Usage
1. put a gateway in front of the routes you want to secure
const {create_gateway} = require('@sapphirecode/auth-server-helper');
const gateway = create_gateway({
redirect_url: '/auth',
cookie_name: 'auth_cookie', // if defined, access tokens will be read from this cookie
});
// express
app.use(gateway);
// node http
http.createServer((main_req, main_res) =>
gateway(main_req, main_res, (req, res) => {
// your request handler
});
);
the gateway will forward any authorized requests to the next handler and redirect all others to the specified url
2. creating the auth endpoint
const {create_auth_handler} = require('@sapphirecode/auth-server-helper');
const handler = create_auth_handler(
async (req) => {
if (req.user === 'foo' && req.password === 'bar')
const {access_token_id, refresh_token_id} = await req.allow_access({
access_token_expires_in: 600, // seconds until access tokens expire
include_refresh_token: true, // should the answer include a refresh token? default: false
refresh_token_expires_in: 3600, // seconds until refresh tokens expire (required if refresh tokens are generated)
data: {user: 'foo'}, // additional custom data to include in the token
});
if (req.user === 'part' && req.password === 'baz')
const part_id = await req.allow_part(
60, // seconds until part_token expires
'some_module', // next module handler (defined below)
{foo: 'bar'} // custom data to attach to the token
);
// all allow_ functions return a token id, which can later be used to invalidate specific tokens from the server side
req.deny();
},
{
refresh: {
/*...same options as allow_access */
}, // define the behaviour of refresh tokens. Refresh tokens will not be accepted if this option is undefined
modules: {
some_module(req) {
// request handlers for part_tokens
// access custom data:
const auth_data = req.request.connection.auth;
auth_data.token_id; // token id
auth_data.token_data; // custom data
// the same works in handlers after the gateway, information is always stored in request.connection.auth
},
},
cookie_name: 'auth_cookie', // if defined, access tokens will be stored in this cookie
}
);
// express
app.use(handler);
// node http
// ... create server, on path /auth run the handler
handler(req, res);
after the auth handler, the request will be completed, no additional content should be served here.
Invalidating tokens after they are delivered to the client
const {blacklist} = require('@sapphirecode/auth-server-helper');
blacklist.add_signature(token_id); // the token id is returned from any function that creates tokens
Exporting and importing public keys to validate tokens across server instances
const {keystore} = require('@sapphirecode/auth-server-helper');
const export = keystore.export_verification_data();
// second instance
keystore.import_verification_data(export);
Exporting and importing blacklist entries across server instances
const {blacklist} = require('@sapphirecode/auth-server-helper');
const export = blacklist.export_blacklist();
// second instance
blacklist.import_blacklist(export);
Clearing Keystore and Blacklist
Resetting the Keystore instance generates a new instance id and deletes all imported or generated keys.
const {keystore, blacklist} = require('@sapphirecode/auth-server-helper');
// clear keystore
keystore.reset_instance();
// clear blacklist
blacklist.clear();
// clear blacklist items older than 10 seconds
blacklist.clear(Date.now() - 10000);
License
MIT © Timo Hocker timo@scode.ovh