npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

punch-auth

v0.0.1

Published

Package for handling third-party, and local authentication and authorization

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

punchagencypunchagency

Keywords

Readme

punch-auth

Exposes methods for google oauth2, linkedin oauth2 and local authorization (username/password strategy).

google oauth2

Following are the settings required for google oauth2.

  var config = {
    CLIENT_ID: 'client id', //application id that you create on developer.google.
    CLIENT_SECRET: 'client secret', //secret for the application.
    REDIRECT_URL: 'callback url' //the path in your app where the user will redirected once allowed access.
  };

OAuth2 wrapper for google can be initialized like so:

  var punchAuth = require('punch-auth');
  var googleOAuth = punchAuth.googleOAuth(config);

The googleOAuth exposes following methods.

  • Following gets the url (string) to redirect the user to google's authorization page. Its an synchronous call.
  var url = googleOAuth.getAuthURL();
  • Once the user grants access to your app, control would be redirected to the REDIRECT_URL with a parameter code. This method redeems the code, initializes the services and returns user's profile.
  googleOAuth.verifyAndInitialize(code)
  .then(userProfile => {...});
  • Once the services have been initialized, this method can be used to get the profile of the currently authorized user.
  googleOAuth.getProfile()
  .then(userProfile => {...});

linkedin oauth2

Following are the settings required for linkedin oauth2.

  var config = {
    CLIENT_ID: 'client id', //application id that you create on developer.linkedin.
    CLIENT_SECRET: 'client secret', //secret for the application.
    REDIRECT_URL: 'callback url' //the path in your app where the user will redirected once allowed access.
  };

OAuth2 wrapper for linkedin can be initialized like so:

  var punchAuth = require('punch-auth');
  var linkedinOAuth = punchAuth.linkedinOAuth(config);

The linkedinOAuth exposes following methods.

  • Following gets the url (string) to redirect the user to linkedin's authorization page. Its an synchronous call.
  var url = linkedinOAuth.getAuthURL();
  • Once the user grants access to your app, control would be redirected to the REDIRECT_URL with parameters code and state. This method redeems the code and state, initializes the services and returns user's profile.
  linkedinOAuth.verifyAndInitialize(code)
  .then(userProfile => {...});
  • Once the services have been initialized, this method can be used to get the profile of the currently authorized user.
  googleOAuth.getProfile()
  .then(userProfile => {...});

Services are initialized when the auth code is successfully redeemed. This holds true for both google and linkedin services.

local auth

Implements local username/password strategy. Following are the settings required for local auth module.

  var config = {
    USER_COLLECTION: UserModel, //mongoose model for the users collection.
    ID_FIELD: 'username', //name of the field to be treated as identifier like username, email.
    PASSWORD_FIELD: 'password', //name of the field that contains the hashed password.
  }

Optional settings include:

  config.SALT_ROUNDS = 11 //number,  defaults to 10, used to create password hash using 'bcrypt'.
  config.TOKE_KEY = 'some key' //string, defaults to 'punch-token-key', used to create bearer token using 'jasonwebtoken'.

localAuth can be initialized like so:

  var punchAuth = require('punch-auth');
  var localAuth = punchAuth.localAuth(config);

Middleware exposed by localAuth

  • The following middleware is for authentication (username/password). On successfull authentication the user object and an accessToken is attached to the req object, otherwise a 401 is returned along with appropriate error message. This middleware can be used like so:
  router.post('/login',
    localAuth.loginMW(), //method that returns the middleware
    (req, res, next) => {...}
  );
  • The following middleware verifies the bearer token. On successfull verification the user object is attached to the req object, otherwise a 401 is returned with the appropriate error message. This middleware can be used like so:
  router.get('/index',
    localAuth.bearerMW(), //method that returns the middleware
    (req, res, next) => {...}
  );

Methods exposed by localAuth

Following are some helping methods, that can be used as alternatives to the middleware, and allows more flexibility.

  • This method implements logic for login (username/password), and returns the user object on success.
  localAuth.login(req.body.username, req.body.password)
  .then(user => {...})
  .catch(err => {...});
  • This method creates a hash for a plain string password. SALT_ROUNDS for creating the hash can be set in the config.
  var password = 'some password';

  localAuth.createHash(password)
  .then(hash => {...})
  .catch(err => {...});
  • Method to check if the given password matches with the hash.
  var password = 'some password';

  localAuth.checkPassword(password, user.savedPasswordHash)
  .then(_ => {//password matched})
  .catch(err => {...});
  • Method to verify jasonwebtoken.
  var token = 'the bearer token';

  localAuth.authorizeBearer(token)
  .then(user => {//the user object from the user collection set in config})
  .catch(err => {...});