npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

angularjs-auth-interceptor

v1.0.1

Published

AngularJS http interceptor to set csrf and bearer token

Downloads

7

Readme

auth-interceptor

AngularJS Http Interceptor for managing security tokens in an SPA Architecture.

The interceptor allows you to:

  • include the CSRF token header in HTTP requests, via cookie, meta tag or module configuration
  • include the Bearer token in HTTP requests, with its initial value set in the meta tag/configuration or retrieved through endpoint request
  • redirect to login page in case of error on getting the auth token, keeping the current page on session storage
  • redirect to error page when request is rejected for reasons other than repairable auth errors

Installation

npm install --save angularjs-auth-interceptor

Configuration

Import the minified script from dist/auth-interceptor.min.js to your page

<script src="node_modules/angularjs-auth-interceptor/dist/auth-interceptor.min.js"></script>

Add the module authInterceptor as dependency of your main application module

angular.module('myapp', ['authInterceptor'])

By doing so, interceptor will be running using the default values, you can nevertheless configure parameters by two means

  • Configuring through provider in your module config method
angular.module('myapp', ['authInterceptor'])
    .config(['authProvider',function(authProvider) {
        var opts = {}
        //set parameters that you want to change, for example
        opts.redirectToLogin = true;
        authProvider.configure(opts)
    }])
  • Include configuration in meta tags within token namespace
<head>
    <meta name="token:csrf" content="your_csrf_token_here" />
    <meta name="token:auth" content="your_first_stage_auth_token_here" />
    <meta name="token:refreshUrl" content="/url-to-refresh-token" />
</head>

Check out the complete list of options in the Options section below.

Usage

Once configured, the interceptor will automatically capture the requests made via $http within the controllers, attaching a csrf token and a Bearer token, if the interceptor was configured to do so. If the request made returns an 401 error, the interceptor will attempt to refresh the request, by making a new POST request to the url set in refreshUrl parameter, that must return a json containing the key token. If the request to the refreshUrl also returns an 401 error, the interceptor will store the current url in sessionStorage and can be configured to redirect the page to the login page. If any of the requests are rejected by other means, the interceptor can be configured to redirect to an error page.

Token request example (NodeJS)

app.post('/token', (req, res) => {
  res.json({'token':'your_auth_token_here'});
});

Options

The options available to be set are:

  • refreshUrl (String): The url which will be called (via POST) in case of 401 error is thrown from the original request, that must return a json response containing the key token with the Bearer token to be attached in the original request. Default: /token
  • redirectToLogin (Boolean): If it is set to true, the interceptor will redirect to the login page in case of the request to the refreshUrl returns an 401 error. Default false
  • loginUrl (String): Url to the login page in case of redirectToLogin is true and is triggered. Default /login
  • csrfCookie (String): The interceptor will attempt to retrieve the csrf token from the cookie parameter name set in this option, if the parameter is available in the cookie. Default _csrf
  • csrfKey (String): The csrf will be attached to the request under the name set in this option. Default csrf-token
  • csrf (String): The csrf token itself. Default undefined
  • auth (String): The auth token itself, it is optional as it is managed through token request, even though it is wise to have it initially set to spare the request from an initial rejection. Default undefined
  • trackState (Boolean): If it is set to true, the interceptor will store the current url to the session storage in case of redirecting to the login page. Default true
  • stateKey (String): Session storage's parameter name to hold the current url in case of trackState is set to true. Default state
  • redirectToError (Boolean): Redirects to error page in the case the interceptor could not resolve request rejection. Default false
  • errorUrl (String): Url to be redirect to in case of redirectToError is set to true and is triggered. Default /error
  • httpMethods (Array): List of HTTP methods to be intercepted. Default ['GET', 'PATCH', 'PUT', 'POST', 'DELETE']

Build

If you are cloning the repository you must have gulp globally installed and run the following commands in order to have the dist folder generated:

npm install
npm run build

Testing

Tests are coded using Karma + Jasmine. The easiest way to run these checks is the following

npm install
npm test