npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@uscreen.de/fastify-mongo-auth

v1.1.0

Published

Stateless session backed by authentication against mongodb collection

Downloads

16

Readme

fastify-mongo-auth

Test CI Test Coverage Known Vulnerabilities NPM Version

Stateless session backed by authentication against mongodb collection

Provides:

  • fastify.auth - the authentication adapter with it's api (see below)
  • req.session - as provided by @fastify/secure-session
  • req.user - (default, customize by decorateRequest option) will be a current authenticated user account

Uses secure-password for hashing and verification

Install

$ yarn add @uscreen.de/fastify-mongo-auth

Add Dependencies

$ yarn add @fastify/mongodb @uscreen.de/fastify-mongo-crud

The session package @fastify/secure-session (see @npm) requires a secret or key. We stick to recommended setup with a generated key below, so you should generate one too:

$ secure-session-gen-key > session-key

Example

Setup within a plugins/mongo.js file to resolve required dependencies before:

import fs from 'fs'
import path from 'path'
import fp from 'fastify-plugin'
import mongodb from '@fastify/mongodb'
import crud from '@uscreen.de/fastify-mongo-crud'
import auth from '@uscreen.de/fastify-mongo-auth'

/**
 * mongodb related
 */
export default fp(async (fastify, opts) => {
  /**
   * 1) setup mongodb connection
   */
  await fastify.register(mongodb, {
    url: opts.mongoUri
  })

  /**
   * 2) setup CRUD factory
   */
  await fastify.register(crud)

  /**
   * 3) enable authentication
   */
  await fastify.register(auth, {
    key: fs.readFileSync(path.join(fastify.root, 'session-key')),
    decorateRequest: 'account'
  })
})

Prepare account within a service/accounts.js file:

export default async fastify => {
  const { auth } = fastify

  /**
   * registration
   * -> body.{username, password}
   * <- account.{username, _id}
   */
  fastify.post('/register', async req => ({
    account: await auth.collection.create({
      hash: auth.createHash(req.body.password),
      username: req.body.username.toLowerCase()
    })
  }))
}

Usage within a services/auth.js file:

export default async fastify => {
  const { auth } = fastify

  /**
   * authentication / login
   * -> body.{username, password}
   * <- account.{username, _id}
   */
  fastify.post('/login', auth.loginHandler)

  /**
   * authentication / logout
   * -> {} - no payload required
   * <- {} - no payload returned
   */
  fastify.post('/logout', auth.logoutHandler)

  /**
   * authentication / check currentUser
   * <- account.{username, _id}
   */
  fastify.get(
    '/currentUser',
    {
      preHandler: auth.authorized
    },
    auth.currentUserHandler
  )
}

Options

| Option | Description | Default | |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------| | collection | Name of the mongodb collection the accounts are stored in. | "accounts" | | cookie | Options for session cookie as listed here cookie. | { path: '/' } | | key | Path to file of session-key @fastify/secure-session uses to ensure secure stateless cookie sessions. | "" | | decorateRequest | Property providing current authenticated account object within request object. (ie.: req.user as default) | "user" | | usernameToLowerCase | Should usernames be treated case-insensitive (by lower-casing all queries) or not. | true | | usernameField | Name of property for usernames. Affects mongodb documents and the login handler (see below). | "username" | | passwordField | Name of property for passwords. | "password" | | filter | Filter expression for valid accounts (e.g. { active: true }). | {} |

API

get collection()

Returns the fastify-mongo-crud collection object where the accounts are stored.

authorized(req, res, next)

PreHandler validating authentication. Throws an 401 Unauthorized error on unvalid authentication.

createHash(password)

Creates a hash from given password. Useful when creating a new account or changing an account's password.

verifyHash(password, hash)

Verifies the given password to the given hash.

async loginHandler(req)

Handler for logging in to an account (i.e. called by POST /login). Expects a req object with a body containing credentials as configured in Options, defaults to:

{
  "username": "a user's name",
  "password": "a user's password"
}

async logoutHandler(req)

Handler for logging off from an account (i.e. called by POST /logout). Expects a req object without a body.

async currentUserHandler(req)

Handler returning the current authenticated account (i.e. called by GET /currentUser) or an empty object if no account is authenticated. Expects a req object without a body.


Roadmap

  • docs
  • improved dependency handling
  • improved onboarding
  • maybe add more handler (register, reset, etc.)?
  • maybe add routes?

Changelog

v1.1.0

Added

  • filter option to filter valid accounts (defaults to {})

v1.0.0

Changed

v0.2.0

Added

  • cookie options (see cookie defaults to { path: '/' }

v0.1.0

Changed

  • uses lower case usernames by default
  • preHandler stops logging empty session as error

Added

  • new option usernameToLowerCase to disable case-insensitive usernames (defaults to true)

v0.0.0

  • init

License

Licensed under MIT.

Published, Supported and Sponsored by u|screen