npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@conga/framework-security

v2.1.1

Published

Conga.js security bundle

Downloads

18

Readme

conga-security Build Status

The security bundle allows you to create firewalls that control access to your controllers, and configure encryption algorithms for your application.

  • Automate request authentication
  • Restrict access to routes by attached roles.
  • Provide services to authenticate and fetch resources (users, accounts, etc).
  • Control entity password encryption

See the documentation for more information.

Configuration

security:
    
    encryption:
        
        user:
            path: demo-bundle:model/user
            algorithm: sha512
            secret: asd8f6ja#*sJHGdfg234jkw@#$%erhg=!
            encode_as_base64: true
        
        admin:
            path: demo-bundle:model/admin
            id: account_encryptor.service.id
        
        protected.data:
            path: demo-bundle:model/protected-data
            algorithm: bcrypt
            saltRounds: 10
            
    
    firewall:
    
        anonymous_access:
            route: ^/my/route/anonymous
            anonymous: true
        
        simple_access_control:
            route: ^/my/route
            roles: ["ROLE_CUSTOM"]
            stateless: false
        
        in_memory_access:
            route: ^/memory
            roles: ROLE_USER
            authenticator: http.authenticator
            provider: memory.provider
        
        api_access_firewall:
            route: ^/api
            authenticator: api.authenticator
            provider: api_client.provider
            stateless: true
            secret: 'auth-token-encryption-key'
        
        html_form_access:
            route: ^/private
            stateless: false
            provider: memory.provider   # any registered provider below
 
            # the encryption options instruct the firewall on how to encrypt and decrypt
            # the auth token when it's saved in a session - for stateful firewalls
            encryption:
                salt: private-session-encryption-salt
                algorithm: 'bf-ecb'  # blowfish
            
            # optionally, the firewall respects some built-in routes
            routes:
                # for stateful firewalls, this route will instruct the firewall processor to
                # remove the matching security realm. it does not destroy the session, it
                # just logs the user out of this realm
                logout:
                    path: /private/logout
                    target: /private/login   # optional redirect target after logout, if not given, redirect is used
 
                # this route allows you to control where to send users to display access denied
                # this options changes the behavior of the firewall - a 302 Found HTTP Status
                # is returned instead of the normal 401 or 403
                redirect: /private/denied
            
            # configure the firewall to use the HTTP Form authenticator
            authenticator:
                service: '@security.firewall.authenticator.http_form'
                
                # the HTTP Form authenticator supports custom configuration
                options:
                    view_route: /private/login                  # (required) the route that shows the login form view
                    action_route: /private/_login               # (required) the route that the form submits to
                    action_failed_route: /private/login/fail    # (optional) the route that the user is redirected to on a failed login attempt
                    success_redirect_route: /private            # (optional) the route that the user should land on when successfully logging in
                    login_field: email                          # (required) the login / username field in the form post data
                    secret_field: password                      # (required) the secret / password field in the form post data
            
            
    authenticators:
    
        http.authenticator: '@security.firewall.authenticator.http_basic'
    
        api.authenticator: '@api.authenticator.service'
    
    providers:
    
        memory.provider:
            memory:
                users:
                    foo:
                        password: foo
                        roles: ROLE_USER
                    bar:
                        password: bar
                        roles: [ROLE_USER, ROLE_ADMIN]
        
        bass.provider:
             bass:
                document: demo-bundle:model/user    # the document path
                login: email                        # the login / username field in the document
                secret: password                    # the password field in the document
        
        api_client.provider: '@api_client.provider.service'
        
        chain.provider: ["memory.provider", "bass.provider"]