npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@carbonplan/auth

v1.0.0

Published

library for adding simple authentication to sites

Downloads

53

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shane98cshane98cfreeman-labfreeman-labkatamartinkatamartin

Keywords

Readme

carbonplan / auth

adding simple password authentication to sites

GitHub MIT License NPM Version

A library for adding simple password authentication to next.js sites. Rather than use a full-blown user-based authentication system, we adopt a password-only model that is well suited to sharing content previews and similar use cases that do not involve user accounts or other forms of user data.

usage

To use, install the package with

npm i @carbonplan/auth

You then need to follow four steps to incorporate auth into your site. For these purposes, we assume you have a fairly standard next.js app setup. Feel free to check out the example in this repo to follow along.

step 01

Create an api route in your pages folder e.g. api/auth.js. This file needs to define a secret key for use with the jsonwebtoken package, and also define a mapping from one or more user ids to passwords, and then pass these to the api function which returns a handler. Typically, you will source these from environmental variables so that they are only accessible on the server. Remember to never commit these keys to GitHub or otherwise make them public!

import { api } from '@carbonplan/auth'

const secret = process.env.JWT_SECRET

const users = [
  {
    username: 'user',
    password: process.env.USER_PASSWORD,
  },
]

const handler = api({ secret, users })

export default handler

The handler accepts one additional option, expiration, which controls the expiration time for the JSON webtokens. The default is 1hr but you can provide either a number to specify in seconds e.g. {expiration: 60} or as a string e.g. {expiration: '5hrs'}. See the jsonwebtoken docs for more details.

step 02

Wrap your app in an AuthProvider by adding the following to your _app.js file.

import { AuthProvider } from '@carbonplan/auth'

const App = ({ Component, pageProps }) => {
  return (
    <AuthProvider>
      <Component {...pageProps} />
    </AuthProvider>
  )
}

The AuthProvider component also accepts a config property. Currently the only configuration is whether to use localStorage to store JSON webtokens, which enables authentication to persist so long as the key is valid. You can turn this on using config={{ useLocalStorage: true }}.

step 03

Create a login.js page with the following content in your pages folder.

import { Login } from '@carbonplan/auth'

export default Login

step 04

For any page where you want to require authentication for access, wrap the page component using the withAuth higher-order component. For example, we could define a page pages/protected.js as follows.

import { withAuth } from '@carbonplan/auth'

const Protected = () => {
  return <div>This page is protected</div>
}

export default withAuth(Protected, ['user'])

Whenever someone routes to /protected they will first be redirected to the login page to enter their password, and then if the password is valid they will be directed back to /protected to see its content.

The second argument to withAuth specifies a list of valid user ids, which correspond to the ids used when defining the list of valid passwords in step 01. For example, if in that step we defined

const users = [
  {
    username: 'user',
    password: 'foo',
  },
  {
    username: 'admin',
    password: 'duh',
  },
]

Then a page using withAuth(Protected, ['user']) would be accessible with the password foo (but not duh) and a page using withAuth(Protected, ['admin']) would be accessible with the password duh (but not foo). A page using withAuth(Protected, ['user', 'admin']) would be accessible with either password. Because we set the list of users for every page, this pattern creates a lot of flexibility in terms of who gets access to which page, but without requiring an explicit model of user accounts or user data.

license

All the code in this repository is MIT licensed, but we request that you please provide attribution if reusing any of our digital content (graphics, logo, articles, etc.).

about us

CarbonPlan is a non-profit organization that uses data and science for climate action. We aim to improve the transparency and scientific integrity of climate solutions with open data and tools. Find out more at carbonplan.org or get in touch by opening an issue or sending us an email.