npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

anonysecure

v0.2.2

Published

It authorizes the connection between your client and server without any logins. It fits the applcations which doesn't have a login / user system.

Downloads

15

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sercanovsercanov

Keywords

authreactfetchcryptoprovideroauthsecureanonymouswithoutloginuser

Readme

anonysecure

Anonymous authorization for JS applications

What is it?

It authorizes the connection between your client and server endpoints without any login providers.

How it works?

Client sends the request with a token, which is simply an encrypted timestamp.

When server gets the request, the module decrypts token with passphrase -which is used in the client- if decyrption succesful and timestamp is not timed out, it passes request to handler.

If decyrption fails -which means passphrase is wrong- or timestamp timed out, bang. 403.

When to use?

It should be used when your application have no login / auth systems. It's like an anonymous authorization system. Yes, like the name.

How to use ?

anonysecure has two parts, first one for the server, other one is for the client side which is optional. Server side is eligible with restify right now, but you get the idea so you can port it to other frameworks too.

Options object

  • PASSPHRASE : It's a secret string for to decrypt incoming authorization token. It must be same with the one on the client side.
  • excludeMethods : If you want to exclude any HTTP methods from the authorization process, use this prop.
  • excludeURLs : If you want to exclude any server routes from the authorization process, use this prop. Commonly used with Signup and Login routes.
  • timeout : It's a timeout treshold in seconds. That means when client sends the request with a timestamp, server checks it and if it's in the specified timeout, returns OK, if not. Bang. 403.

Server

    var anonysecure = require('anonysecure').serverSide;
    var restify = require('restify');
    
    // CREATE SERVER //
    var server = restify.createServer();

    server.use(restify.authorizationParser());
    server.use(function(req,res,next){
        // Options object
        var options = {
            "PASSPHRASE": "thisisapassphrase",
            "excludeMethods": ['POST'],
            "excludeURLs":['/Login'],
            "timeout":60
        };

        // Initialize anonysecure
        anonysecure(req,res,next,options);
    });

The code above creates restify server and executes anonysecure with options before route handler. See restify docs docs for more.

    // This is not excluded, will throw 403.
    server.get('/Ping',
        function handlePing(req, res) {
            res.send("OK");
        });
    
    // This is excluded in URLs, will be OK to any request.
    server.get('/Login',
        function handleLogin(req, res) {
            res.send("OK");
        });
    
    // This is excluded by method type (POST), will be OK to any request.
    server.post('/A',
        function handleA(req, res) {
            res.send("OK");
        });
    
    server.listen(8080, function() {
        console.log('%s listening at %s', server.name, server.url);
    });

Client

    var anonysecure = require('anonysecure').clientSide;
    
    // This generates a header object.
    var myHeader = anonysecure('GET', 'thisisapassphrase');
    
    // Include header in request and sent it.
    fetch('http://localhost:8080/Login', myHeader).then(function(response) {
    
        if (response.ok)
            alert('Shall we?');
        else if (response.status == '403')
            alert('You sneaky bastard!');
    
    });

TODO

  • hapijs integration
  • ?