@acastellon/auth
v1.0.20
Published
Authorization Filtering for NodeJS Express Application (uses:NTLM + LDAP + JWT)
Downloads
81
Maintainers
acastellonReadme
auth
Authentication Control System for microservices that uses a combination of NTLM + LDAP + JWT to check the security
usage
module.exports = {
url: 'ldaps://<address>:636'
,DOMAIN : '<domain>'
,baseDN: '<baseDN>'
,username: '<user-ldap>'
,password: '<password>'
,tlsOptions: {
ca: '<path/andfile/to/ca/certificate>',
rejectUnauthorized: false,
}
,NTLM_DEBUG: false // to activate log messages
,NTLM_OPTIONS: true // to activate configuration from tlsOptions or use the default if it's false
,NTLM_LDAP: false // to enable/disable request to ldap module automatically for each NTLM request
,NTLM_PATH : '*' // path to be controlled by NTLM, by default is '*" all paths
,CNAME: 'dev.example.com'
,passToken: '<passphrase-optional>' /* if doesn't exists the module generates ones automatically */
,EXPIRES: 86400 /* JWT expires in 24 hours */
,MOCKUP_USERS : ['acastellon','lskywalker']
,MOCKUP_ROLES : ['User','Admin']
,ROLES : {
'User': 'GI RD USER '
, 'Admin': 'GI RD ADMINISTRATOR '
, 'Viewer': 'GI RD VIEWER '
}
}
const auth = require('@acastellon/auth')(def_auth);In case of Authentication based in NTLM (normally is related to the Server Web FrontEnd), use:.
auth.setNTLMAuth(app);
In case of Authentication based in JWT use:
auth.validateToken(app);Uses an internal cache to avoid continues queries to the LDAP server.
@TODO: update the cache when throws the expiration of the token.
Values in Header created:
x-access-token - JWT generated
is-authenticated - a flag if it was validated already for ldap
auth-user - name of the user validatedNote: In order to increase the Security (if it's required) we could use the following techniques:
- reduce the expiration time for the tokens
- create a hash with : < users >: < passwordToken-autogenerated >
all in order that practically every request contain a new token (but this tech. decrease the performance)