npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

predix-acs-client

v1.4.3

Published

Node module to check authorization for an action with ACS protecting REST endpoints. This library does not provide ACS administration functionality.

Downloads

12

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bsykbsykpredixpredix

Keywords

predixacsclient

Readme

predix-acs-client

Node module to check authorization for a user to perform an action against Predix ACS policies. Primarily used when protecting REST endpoints with UAA JWT tokens.

NOTE that the client credentials that you use to query ACS must have the appropriate permissions to do so. As this is a UAA client, these should be added as authorities, not scopes. The minimun is acs.policies.read and predix-acs.zones.your-acs-zone-id.user

Usage

Install via npm

npm install --save predix-acs-client

Basic usage with a known user and ACS endpoint

const config = {
    uaa: {
        uri: 'https://your-uaa-service.predix.io/oauth/token',
        clientId: 'your-uaa-client',
        clientSecret: 'your-uaa-secret'
    },
    acsUri: 'https://predix-acs.example.predix.io',
    zoneId: 'your-acs-zone-id'
};
const acs = require('predix-acs-client')(config);
acs.isAuthorizedFor({ method: 'GET', resourceIdentifier: 'example', subjectIdentifier: 'my-user'}).then((result) => {
     // 'my-user' is authorized to perform the 'GET' action on the 'example' resource.
     console.log('Permission Granted');
}).catch((err) => {
    // Not authorized, or unable to check permissions due to an error
    console.log('No access for you', err);
});

As an expressjs middleware

'use strict';
const express = require('express');
const app = express();

// Configure the ACS client
const options = {
    uaa: {
        uri: 'https://your-uaa-service.predix.io/oauth/token',
        clientId: 'your-uaa-client',
        clientSecret: 'your-uaa-secret'
    },
    acsUri: 'https://predix-acs.example.predix.io',
    zoneId: 'your-acs-zone-id'
};
const acs = require('predix-acs-client')(options);

app.get('/hello', (req, res, next) => {
    res.send('Howdy, you can read this without authorization!');
});

// To ensure Authorization header has a bearer token
// use something like predix-fast-token https://github.com/PredixDev/predix-fast-token

// This assumes that the user token has been validated already
app.all('*', (req, res, next) => {
    // This would come from the token
    const username = 'demo';

	// This defaults to using:
	// req.method as the ACS action
	// req.path as the ACS resourceIdentifier
	// username as the ACS subjectIdentifier
	// If you want to use a resource name other than the path,
	// just pass in a new object - see example above
    acs.isAuthorized(req, username).then((result) => {
        console.log('Access is permitted');
        next();
    }).catch((err) => {
        console.log('Nope', err, err.stack);
        res.status(403).send('Unauthorized');
    });
});

app.get('/secure', (req, res, next) => {
    res.send('Hello, my authorized chum!');
});

// Need to let CF set the port if we're deploying there.
const port = process.env.PORT || 9001;
app.listen(port);
console.log('Started on port ' + port);

Working together with predix-fast-token as an expressjs middleware

'use strict';
const express = require('express');
const bearerToken = require('express-bearer-token');
const predixFastToken = require('predix-fast-token');
const app = express();

// Configure the ACS client
const options = {
    uaa: {
        uri: 'https://your-uaa-service.predix.io/oauth/token',
        clientId: 'your-uaa-client',
        clientSecret: 'your-uaa-secret'
    },
    acsUri: 'https://predix-acs.example.predix.io',
    zoneId: 'your-acs-zone-id'
};
const acs = require('predix-acs-client')(options);

const trusted_issuers = ['https://abc.predix-uaa.example.predix.io/oauth/token', 'https://xyz.predix-uaa.example.predix.io/oauth/token/oauth/token'];

app.get('/hello', (req, res, next) => {
    res.send('Howdy my unsecured friend!');
});

// Ensure Authorization header has a bearer token
app.all('*', bearerToken(), function(req, res, next) {
    console.log('Req Headers', req.headers);
    if(req.token) {
        predixFastToken.verify(req.token, trusted_issuers).then((decoded) => {
            acs.isAuthorized(req, decoded.user_name).then((result) => {
                console.log('Access is permitted');
                req.decoded = decoded;
                console.log('Looks good');
                next();
            }).catch((err) => {
                console.log('Nope', err);
                res.status(403).send('Unauthorized');
            });
        }).catch((err) => {
            console.log('Nope', err);
            res.status(403).send('Unauthorized');
        });
    } else {
        console.log('Nope, no token');
        res.status(401).send('Authentication Required');
    }
});

app.get('/secure', (req, res, next) => {
    res.send('Hello ' + req.decoded.user_name + ', my authenticated chum!');
});

// Need to let CF set the port if we're deploying there.
const port = process.env.PORT || 9001;
app.listen(port);
console.log('Started on port ' + port);