npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@viron/lib

v2.3.1

Published

This library covers all the functions needed to build a viron server, and provides them as simple functions. It is not dependent on any particular framework and can be used by anyone.

Downloads

11,789

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

npm-viron-ionpm-viron-ioejithonejithonnpm-camnpm-camfkeifkei

Keywords

Readme

Viron standard library for node.js server

This library covers all the functions needed to build a viron server, and provides them as simple functions. It is not dependent on any particular framework and can be used by anyone.

Features

  • [x] Authentication
    • [x] Email/Password
    • [x] GoogleOAuth2
    • [x] Signout
  • [x] AuthConfig
  • [x] AdminRole
  • [x] AdminUser
  • [x] AdminAccount
  • [x] AuditLog
  • [x] OpenAPI

Authentication

It supports its own authentication by email and password, and authentication using GoogleOAuth2. In both cases, the signed-up user is managed as admin-user and authenticated to the Viron server using JWT. All features are available from domainsAuth.

Email/Password

Since this library does not have a function to check the validity of e-mails, new user registration must be done by the system administrator. Please set an initial password and tell the users to change the password at the first login.

Passwords are hashed and stored using SHA512 and PBKDF2.

GoogleOAuth2

If you want to use GoogleOAuth2, you first need to create an OAuth2.0 client in GoogleCloudPlatform. Set the client ID and client secret provided there to GoogleOAuthConfig.

If your organization is using GSuite, you can make it more secure by specifying userHostedDomains.

Signout

When you sign out, the JWT will be saved in revoked-tokens. Next when validating the JWT, check to see if the user has already signed out.

AuthConfig

When the server fails to validate the JWT and returns Unauthorized(HTTP status 401), viron calls the API that get the authentication method. (GET:/viron/authconfigs in this library.) domainsAuthConfig provides only a simple function to form the response of the API.

AdminRole

For the management of admin user roles, we use casbin RBAC model. Assign resources to roles and allow them to actions. Only three actions are allowed: READ, WRITE, ALL, and DENY. These correspond to HTTP request methods. POST, PUT methods can only action on resources for which WRITE is allowed. GET method can action on resources for READ or WRITE actions are allowed. Of course, DENY does not allow any requests.

You can specify the resource in your specifications .info['x-pages'][].contents[].resourceId. Also, all APIs related to the Operation corresponding to the resourceId are determined to be the same resource.

Assign roles to admin users and allow them to perform actions.

Special Roles

super

super is the role with the greatest privileges on the system. It has full access to all resources regardless of the permission settings. Use caution when granting super privileges.

viewer

The viewer is a reference-only user that is created automatically. It has READ privileges for all resources present at the time of creation, but privileges for resources added thereafter must be maintained by the system administrator, just like any other role.

This is the initial role for users who have logged in through OAuth.

AdminUser

domainsAdminUser provides CRUD for admin users. It manages credentials such as salt and hashed passwords in the case of password authentication, and access tokens and refresh tokens in the case of Google OAuth.

AdminAccount

domainsAdminAccount is a function to manage the logged-in user yourself. You can use it to change your own password.

AuditLog

It provides several functions for recording the audit logs of viron servers. Besides createOne() for recording the audit log, there is the isSkip() function to determine whether to skip recording or not. By writing x-skip-auditlog: true in the Operation of your specifications, isSkip() will return true.

OpenAPI

domainsOas provides functions for loading specifications and various other functions using your specifications.

The get() method is an important function to get a specification that optimized by a role. The API registered with the viron endpoint should return the entire specifications. In this library, each function is provided as a different yaml file, but we expect them to be merged on your server. get() method is a function that removes inaccessible pages from the merged specification .info['x-page'] and returns a user-optimized specification. This way, the inaccessible pages will not be displayed in viron.

Basic Commands

# To check build.
$ npm run build --workspace=@viron/lib

# To test.
$ npm test --workspace=@viron/lib