npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

deepsight-auth-core

v0.0.9

Published

Core authentication library for DeepSight

Downloads

13

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

fadedcontrollerfadedcontroller

Keywords

Readme

deepsight-auth-core

This is the core authentication library for deepsight. I made this library because I was tired of how complex and non-extensible Auth.js is. Don't get me wrong, Auth.js is a great library, but implementing some specific usecases, specially when it comes to various apps connecting to a single auth server, Auth.js can get really messy and hard to work with.

This is my attempt at creating a simple, yet flexible authentication solution, so that developers can host their own secure auth server in minutes, and extend it as their needs grow.

Current state

This library is extremely early, and very much a work in progress. It is not even usable/complete at the moment, and it lacks 90% of neccesary features to be even considered production ready. However, I expect this to change in the near future.

How will this be better than Auth.js?

Great defaults

I am also inspired by Clerk, which is a very popular authentication solution for modern web apps. One of the things I like about Clerk, is that they provide great defaults, which make it easy to get started, and very easy to use.

Of course, because Clerk is a completely external service/solution, we can't expect the same level of simplicity for configurating Deepsight Auth, however, we will still make it very easy to get started, so that it's not that much of a difference to set up your own auth server, compared to using Clerk.

REST API

First of all, I want this library to expose a very simple REST API, that can make it easy to develop clients for pretty much every platform. Auth.js REST API is difficult to use from environments like React Native, because it relies on browser-specific behaviours to work.

Instead, this library (along with the dedicated server packages for your platform of choice) will provide a simple, yet flexible authentication solution, that can be used to authenticate users in a secure manner, from any platform.

A fully working API should could be implemented by copy-pasting a single file, for instance, imagine a nextjs api route:

// /api/auth/[[...actions]]/route.ts
import { defineConfig } from "deepsight-auth-core";
import { MemoryDatabase } from "deepsight-auth-core/databases";
import { CredentialsProvider } from "deepsight-auth-core/providers";

import { createHandler } from "deepsight-auth-next";

const config = defineConfig({
  endpoint: "/api/auth",
  secret: process.env.DEEPSIGHT_AUTH_SECRET,
  providers: [new CredentialsProvider()],
  database: new MemoryDatabase(),
});

export const { POST, GET } = createHandlers(config);

Client libraries

I also want to provide official client libraries for popular platforms and clients, such as expo, react, nextjs, etc. This will make it easy to authenticate users on your own server, securely, and from any platform.

Extensible

Well defined interfaces for things like Providers (like OAuth, email/password, etc), and Databases (like MongoDB, Postgres, etc), will make it easy to extend the library with your own custom implementations. First party providers and databases will be available, facilitating development of common usecases, while also providing the flexibility to build custom solutions.

I also have some ideas for how to make some crazy custom flows possible, for example

Imagine you want to store your users in some PostgreSQL database, but you want your JWT blacklist to be stored in Redis, since this is a much faster datastore. You should be able to define accesorFunctions, so that we can call your custom functions for specific things, like getFromBlacklist and addToBlacklist.

Example concept:

const config = defineConfig({
  endpoint: "/api/auth",
  secret: process.env.DEEPSIGHT_AUTH_SECRET,
  providers: [new CredentialsProvider()],
  database: new PostgreSQLAdapter({
    connectionString: process.env.DATABASE_URL,
    accessorFunctions: {
      getFromBlacklist: async (jti: string) => {
        const result = await redis.get(jti);
        return result ? true : false;
      },
      addToBlacklist: async (jti: string) => {
        await redis.set(jti, "true", { EX: 60 * 60 * 24 * 30 }); // 1 month
      },
    },
  }),
});

Patterns like this one will be possible, and will make it easy to extend the library when the default configurations no longer suit your needs.

Underrated one, DOCS

This one will probably have to wait, unfortunatelly. But I do believe that good documentation is key to a library's success, so I will spend some time to write good documentation for this library, and I will also provide some examples and a guide on how to use the library.

Sold. How do I use it?

You don't. For now at least. The library is not even in a state where it can be used.

Okay, can I help then?

Sure! I'm always looking for help, and I'm grateful for any contributions. Just pick up any issue and open a PR, and I will be happy to review it.

License?

Still not decided, but will definetely be an open source license. Probably MIT.

Mirror

https://gitea.axelpadilla.me/adpadillar/deepsight-auth