npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@nxcd/auth-api-key

v3.4.0

Published

A express middleware to authentication by api-key

Downloads

47

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

cmuramotocmuramotocaiodelgadocaiodelgado

Keywords

authapi-keymiddleware

Readme

Expresso Auth Api-key

Authentication Middleware for Expresso by api-key

Summary

Basic Usage

Install:

$ npm i @nxcd/auth-api-key

Import and use:

const { app } = require('@expresso/app')
const server = require('@expresso/server')
const { factory: errors } = require('@expresso/errors')

// Import auth-api-key module
const { factory: apiKeyFactory, scopes } = require('auth-api-key')

const appFactory = app((app, config, environment) => {
  const { mongodbConnection, redisConnection } = await database.factory(config.database)

  const { apiKey } = apiKeyFactory(mongodbConnection, redisConnection, config.apiKey)

  app.get('/', apiKey, scopes('namespace:your-scope-a'), routeHandler)
})

const options = {
  name: 'myApp',
  apiKey: {
    scopesField: 'permissions',
    mongodbRepository: {
      collectionName: 'serviceAccounts',
      fields: {
        key: 'state.userId',
        secret: 'state.token',
        enabledCriteria: { 'state.deletedAt': null }
      },
      projection: 'state'
    },
    redisRepository: {
      context: 'sessions',
      ttl: 15 // seconds
    }
  }
}

server.start(appFactory, options)

Connections

The mongodb connection and redis connection is required. The user and their permissions will be fetched from redis and if not found they will be fetched from mongodb and then sent to redis.

MongoDB connection example

  const { MongoClient } = require('mongodb')

  const defaults = {
    poolSize: 10,
    useNewUrlParser: true
  }

  const connect = async ({ url, dbname, options = { } }) => {
    const client = await MongoClient.connect(url, { ...defaults, ...options })

    return client.db(dbname)
  }

  module.exports = { connect }

Redis connection example

  const redis = require('redis')

  const connect = ({ uri }) => {
    const client = redis.createClient({ url: uri })

    return client
  }

  module.exports = { connect }

Options

The auth api-key middleware takes option object as configuration. This object is as follows with default values:

const apiKeyConfig = {
  scopesField: 'permissions',
  mongodbRepository: {
    collectionName: 'serviceAccounts',
    fields: {
      key: 'state.userId',
      secret: 'state.token',
      enabledCriteria: { 'state.deletedAt': null }
    },
    projection: 'state'
  },
  redisRepository: {
    context: 'sessions',
    ttl: 15 // seconds
  }
}

The scopesField gets the field name that has the enabled scopes from user in database, by default is "permissions". This field will be obtained from projection result.

The mongodbRepository.enabledCriteria receive an 'object' with a criteria to filter only fit users, for example excluding inactive users.

Database Scopes

This middleware supports scopes. This means you can restrict your token to explicit permission levels using the scopes in database entity:

{
  "name": "John Doe",
  "user": "johndoe",
  "passwordHash": "28dffbf8c249c638465005663d605b46dcd581bdfc5fd",
  "scopes": [ "namespace:your-scope-a", "namespace:your-scope-b" ]
}

The scope can be either a string or an Array. But it'll only validate if your determined scope is equal to the string or if it is included in the array.

You can perform wildcard validation using the * keyword as long as your scope separator is ., for instance, users.* will match all the scopes within the users namespace, but users:* won't.

For more information see is-path-in-scope.