cas-secure

Secure Express/connect APIs against a CAS server

Install

npm install --save cas-secure

How to use

Require Package

var secure = require('cas-secure').set(options);

Where options is one of the following:

• String: The base url of CAS (For example: http://my.cas-server.com/cas).
• Object: An object with the following properties:
• base_ur [Mandaory]: The base url of CAS (For example: http://my.cas-server.com/cas).
• version [Optional]: CAS protocol version. Posible values are 1, 2 or 3. Default 3.
• action [Optional]: Default action that cas_secure should take with failed authentication (Default block):
  • block: Returns a 401 (Unauthorized) status code.
  • pass: Pass the error to next, to be handled by express/connect error handler.
  • ignore: call next middleware, but don't write info about user.
• validateUrl [Optional]: Url for proxy/ticket validation:
  • Default for protocol version 1: /validate
  • Default for protocol version 2: /proxyValidate
  • Default for protocol version 3: /p3/proxyValidate
• service [Optional]: this service identification. Defaults to the value of the Host header.

Use middleware

/*
    secure.validate expects the ticket to be found in "ticket" query parameter (req.query.ticket), 
    or in "Authorization" header (req.headers.authorization) of Bearer type .
*/
app.use(secure.validate(action), function SecuredMiddleware(req, res, next){
    /* 
    Your code goes here
    If user got authenticated:
        * req.cas.user will have user id
        * req.cas.attributes will have user attributes released by cas.
    */
})

action can be one of block, pass or ignore, and will override the configured default action.

If no action is provided, will use the default one.