npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hapi-clef

v1.0.1

Published

hapijs plugin for clef two-factor authentication

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mtharrisonmtharrison

Keywords

2fatwo-factorauthauthenticationhapisecurityclefhapijs

Readme

hapi-clef Build Status

Magical Two-Factor Auth with Clef and hapijs

This is a plugin that you can use to add Clef login to your hapi apps.

Check out the example under examples for a full working example (Clef credentials required).

Getting started

  1. Sign up with Clef
  2. Create a new application
  3. Grab your api credentials
  4. Download the Clef app
  5. Checkout the example under example/, read the docs and then integrate with your own apps!

Installation

npm install --save hapi-clef

Usage

The user authentication happens entirely with Clef. There's no need for a separate login stage on your site, which makes integration really siple.

To get started you just need to define a new authentication strategy:

server.auth.strategy('clef', 'clef', {
    appID: 'YOUR APP ID',
    appSecret: 'YOUR APP SECRET',
    cookieName: 'hapi-clef',
    cookieOptions: {
        isSecure: false,
        path: '/',
        encoding: 'iron',
        password: 'CHANGE THIS'
    }
});

You need a page to embed the clef button on, let's make a route for that:

server.route([{
    method: 'GET',
    path: '/',
    handler: function (request, reply) {

        const state = HapiClef.getStateParameter();
        reply.view('index', { state: state }).state('hapi-clef', state);
    }
});

The HapiClef.getStateParameter() function returns a random string which you need to embed in the Clef button. This is a CSRF token used later to confirm that the request really came from the user and not someone else. You also need to set a cookie here containing the state parameter. The name of the cookie should be the same as the cookieName specified when create the auth strategy.

If the state isn't both present in the button and in the cookie, the login request will fail.

Here's an example of the view template you could use:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Clef example</title>
</head>
<body>
    <script 
        type="text/javascript" 
        src="https://clef.io/v3/clef.js" 
        class="clef-button" 
        data-app-id="YOUR APP ID" 
        data-color="blue" 
        data-style="flat" 
        data-redirect-url="http://localhost:4000/login" 
        data-state="{{state}}" 
        data-type="login">
    </script>
</body>
</html>

Then define both the login and logout routes. These are routes that Clef will request with an OAuth token. You don't need to worry about OAuth though. That's all handled internally by the plugin.

The login and logout routes, if successful will have request.auth.credentials set. Exactly what is exposed depends on your application's setup in Clef. A thorough reading of their developer docs is recommended.

server.route([{
    method: 'GET',
    config: {
        auth: 'clef'
    },
    path: '/login',
    handler: function (request, reply) {

        console.log(request.auth.credentials);

        // Do your login stuff

        reply('ok');
    }
}, {
    method: 'POST',
    config: {
        auth: {
            strategies: ['clef'],
            payload: true
        }
    },
    path: '/logout',
    handler: function (request, reply) {

        console.log(request.auth.credentials);

        // Do your logout stuff

        reply('ok');
    }
}]);

Within these handler's you're expected to implement your own login behaviour. You'll probably create a new account, or retrieve one from the database. Or you might prompt the user for more information relevant to your app. You'll probably go ahead and create a session for the user using hapi-auth-cookie too.

Logout Gotchas

Your logout route will be called by Clef, not by the user themselves, so it's not possible to clear their cookie here to log them out, as you would do in a more traditional session-based app. You're expected to store logout timestamps in the database and check that requests elsewhere aren't coming from a user that should be logged out. There's more info on this in the Clef docs.