authorization-header
v0.2.0
Published
Authorization Header middleware for Express and Sails.js
Downloads
117
Maintainers
Readme
node-authorization-header
Authorization Header middleware for Express and Sails.js
Validates and extracts token
value from Authorization Header of a given type, e.g. Bearer
.
Install
$ npm install authorization-header --save
Overview
authorizationHeader(options, [callback])
options
type
The type of Authorization, e.g.Bearer
,Basic
,Digest
, etc.attachTo
Where the token value extracted will be attach to, defaults totoken
.compareTo
This options allows user to pass a value to compare against the extractedtoken
.
Usage in Express
Default behavior
const authorizationHeader = require('authorization-header');
app.get('/', authorizationHeader(), function(req, res) {
// toke value extracted can be found at `req.token`
});
Usage of type
and attachTo
options.
const authorizationHeader = require('authorization-header');
app.use(authorizationHeader({
type: 'Basic',
attachTo: 'apiKey'
});
app.get('/', function(req, res) {
res.send(req.apiKey);
});
Usage of compareTo
option.
app.get('/', authorizationHeader({
compareTo: TOKEN_VALUE
}, function(err, req, res, next) {
if (err) {
return res.status(401).send(err);
}
return res.send(`Your token is valid.`);
}));
Usage in Sails.js
Default behavior
// Will return 401 HTTP status code if any errors occurred.
// policies/authorizationHeader.js
module.exports = require('authorization-header')({ type: 'Digest' });
Default behavior
// policies/authorizationHeader.js
module.exports = require('authorization-header')(function(err, req, res, next) {
if (!err) {
return next();
}
return res.unauthorized(err);
});
Error handling
Possible thrown errors
AuthorizationHeaderError
| message | code |
| ---------------------------------------------------|:------------------------------------:|
| No Authorization header is present. | E_AUTHORIZATION_REQUIRED
|
| Formats should be Authorization: <type> <token>
. | E_AUTHORIZATION_INVALID_FORMAT
|
| Authorization of type <type>
was expected. | E_AUTHORIZATION_INVALID_TYPE
|
| Token provided is invalid. | E_AUTHORIZATION_INVALID_TOKEN
|
Suppose E_AUTHORIZATION_INVALID_TYPE
error was thrown
app.use(authorizationHeader(function(err, req, res, next) {
if (err) {
console.log(err.toJSON());
/*
{
status: 401,
message: 'Authorization of type Bearer was expected',
code: 'E_AUTHORIZATION_INVALID_TYPE'
}
*/
}
}));
Test
$ npm test