npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hc-signature-auth

v1.0.10

Published

Auth middleware for honeycomb app.

Downloads

7

Readme

hc-signature-auth

支持 系统签名、用户签名、jwt签名

hc-signature-auth 支持三种签名:

  • systenCall: 系统签名
  • userAuth: 用户签名
  • jwt: JsonWebToken签名

签名结构及规则设计

调用端在调用中传入签名header进行签名校验,格式如下:

{
    '<signatureHeader>': '<protocol> <accessKeyId>:<signaturedString>'
}

一般可通过 hc-service-client 进行与本库配套的签名。

场景案例

接口需要支持得签名有如下四中:

  • 系统签名(systemCall)
  • 用户签名(userAuth)
  • JsonWebToken(jwt)
  • loginAuth(登录校验)
/api/systenCall/*           需要支持 系统签名
/api/userAuth/*             需要支持 用户签名
/api/jwt/*                  需要支持 jwt校验
/api/userAuthLoginAuth/*    需要支持 用户签名 / 登录验证
/api/systemCallLoginAuth/*  需要支持 用户签名 / 登录验证

在 config/config_default.js 中配置如下

{
  middleware: {
    systemCall: {
      router: '/api/systenCall/*',
      module: 'hc-signature-auth',
      config: {
        authType: 'systemCall',
        signatures: [   // 枚举所有支持的签名密钥
          {
            accessKeyId: 'dtboost-system',        // 默认值,各系统间协商
            // accessKeySecret: '可缺省,缺省时,读取 config.systemToken'
          }
        ]
      }
    },
    userAuth: {
      router: '/api/userAuth/*',
      module: 'hc-signature-auth',
      config: {
        authType: 'userAuth',
        accessSecretGetter: 'service-client',    // 从接口动态拉取密钥
        signatureConfig: {
          serviceClient: {
            accessKeyId: 'dtboost-system',
            endpoint: `${systemEndpoint}/system/api/authinfo`
          },
          method: 'GET',
          getAccessSecret: (d) => {
            return d;
          }
        }
      }
    },
    userAuth1: {
      router: '/api/userAuth1/*',
      module: 'hc-signature-auth',
      config: {
        authType: 'userAuth',
        accessSecretGetter: 'service-client'     // 从接口动态拉取密钥
        // signatureConfig 不配置时,默认使用 app.config.system.endpoint、app.config.system、app.systemToken等全局配置
      }
    },
    jwt: {
      router: '/api/jwt/*',
      module: 'hc-signature-auth',
      config: {
        authType: 'jwt',
        signatures: [
          {
            accessKeyId: 'mobile',
            // accessKeySecret: '可缺省,缺省时,读取 config.systemToken'
          }
        ]
      }
    },
    loginAuth: {
      module: 'aliyun-auth',
      config: {
        // some config
      }
    },
    combineUserAuthLoginAuth: {
      router: '/api/userAuthLoginAuth/*',
      module: ['userAuth', 'loginAuth']   // combineMiddleware语法,详见hc-bee文档
    },
    combineSystemCallLoginAuth: {
      router: '/api/systemCallLoginAuth/*',
      module: ['systemCall', 'loginAuth']   // combineMiddleware语法,详见hc-bee文档
    }
  }
}

config中配置详情

{
  authType: 'systemCall',     // optional, default: systemCall,  enum: [ systemCall / userAuth / jwt ]
  header: 'signature',        // optional, systemCall时默认为signature,其它情况默认为 authorization,用户可以自己指定
  accessSecretGetter: 'enum', // optional, 表示签名信息的来源,可以是枚举和通过serviceClient获取,default enum, 取值: [ enum / serviceClient ]
  signatures: [               // optional, accessSecretGetter=enum时必填,枚举出支持的签名对,可支持多对
    {
      accessKeyId: 'dtboost-system',  // required, 签名协议串中使用的accessKeyId
      accessKeySecret: ''             // optional, 与accessKeyId对应的accessKeySecret,可省略,默认使用 config.systemToken / config.accessKeySecret
    }
  ],
  signatureConfig: {          // optional, accessSecretGetter=service-client时必填,填写远程调用的信息。
    serviceClient: {          // optional, 配置service-client调用远程时的签名信息。默认使用系统间调用,更多配置可见: https://github.com/node-honeycomb/hc-service-client
      accessKeyId: 'hc-service-client',    // optional, 默认 hc-service-client
      accessKeySecret: '',            // optional, 同signatures的accessKeySecret
      endpoint: ''                    // optional, 不填时使用 (app.config.system.endpoint || app.config.system) + '/system/api/auth'
    },
    method: 'GET',                    // optional, default GET
    genParam: function (accessKeyId) {    // optional, 构造请求参数,不传时就是前面这个函数
      return {
        accessKeyId
      };
    },
    getAccessSecret: function (data) {    // optional, 根据返回结果取得 accessKeySecret,不传时就是前面这个函数
      return data.accessKeySecret;
    }
  }
}

本地开发环境不想要前校验签名?

使用debug = true的配置

// .honeycomb.json

{
  "cmomon": {
    "debug": true
  }
}

有bug找问题?

使用 DEBUG=hc-* ,打印hc-signature-auth和hc-service-client的log帮助排查

DEBUG=hc-* honeycomb start