npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

quoti-auth

v2.0.0

Published

library that helps you implement Quoti's Authentication and Authorization APIs in your project

Downloads

231

Readme

Quoti Auth

Quoti Auth is a library that helps you implement Quoti's Authentication and Authorization APIs within your project. It is essentially an express middleware that will perform checks and inject user information into req.user.

Installation

You can use the NPM package manager to install it using the terminal:

npm install quoti-auth

Initializing Quoti Auth

In this section, we initialize Quoti Auth by calling the quotiAuth.setup function. This function takes an object with two properties: orgSlug and apiKey.

const { quotiAuth } = require('quoti-auth')

quotiAuth.setup({
    orgSlug: 'someOrgSlug',
    apiKey: 'some-api-key',
})
  • orgSlug: This is a unique string identifier for your organization. It serves as the path of your organization within the Quoti system.
  • apiKey: This is a unique key for your organization. It acts as a private key, providing your organization with access to the Quoti API. It's important to keep this key secure as it can be used to perform any action that your organization has permissions for.

Usage

Injecting user data into req.user:

app.post('/', QuotiAuth.middleware(), async (req, res) => {
  console.debug('UserName:', req.user.name)
  res.send('OK!')
})

In practice, this middleware will authenticate with the Quoti API using the Authorization Header that would already be contained in your req.headers. This header can be:

  • Authorization: Bearer TOKEN
  • Authorization: BearerStatic TOKEN

Checking user permissions

Basic usage

In this example, the middleware will check if the user has the posts.filter permission. If they do not, Quoti Auth will return a 403 error at the endpoint:

app.post('/', QuotiAuth.middleware([['posts.filter']]), async (req, res) => {
  res.send(`OK! The user ${req.user.name} has the 'posts.filter' permission`)
})

Check if satisfies multiple permissions

The middleware checks if the user has all of the specified permissions in the array. If the user doesn't have all these permissions, Quoti Auth will respond with a 403 error at the endpoint. Here's how it looks:

app.post('/', QuotiAuth.middleware([['people.list', 'person.list']]), async (req, res) => {
  res.send(`Success! The user ${req.user.name} has both 'people.list' and 'person.list' permissions.`)
})

Check for some given permissions

The middleware can check if the user has at least one of the specified permissions in the array. If the user doesn't have any of these permissions, Quoti Auth will respond with a 403 error at the endpoint. Here's how it looks:

app.post('/', QuotiAuth.middleware([['people.list'], ['person.list']]), async (req, res) => {
  res.send(`Success! The user ${req.user.name} has either 'people.list' or 'person.list' permission.`)
})

In both cases, if the user has the necessary permissions, the endpoint will return a success message.

QuotiAuth.setup function parameters

The quotiAuth.setup function in src/quotiauth.js takes an object with the following properties:

  • orgSlug (String): The organization slug. This is a unique identifier for your organization.
  • apiKey (String): The Quoti API key. This is used to authenticate your application with the Quoti API.
  • getUserData (Function, optional): A function that returns user data. If provided, this function will be used instead of the default getUserData method in the QuotiAuth class.
  • logger (Object, optional): A Winston logger. If not provided, console will be used as the logger.
  • errorLogLevel (String, optional): The log level for errors. If not provided, 'error' will be used as the default log level.

Advanced Settings

Replacing the getUserData function

Customizing this function can be useful if you want to modify what will be injected into req.user, or even if you want to call a custom endpoint or service instead of calling the standard API used by QuotiAuth

const { quotiAuth } = require('quoti-auth')

// This function will be called, passing the user's token that you are querying to return the user's data
async getUserData (token) {
  const url = process.env['api_url'] || 'https://api.quoti.cloud/api/v1/'
  const headers = {
    ApiKey: 'some-api-key'
  }
  const { data } = await axios.post(`${url}${this.orgSlug}/auth/login/getuser`, { token }, { headers })
  
  // The return of this function will be injected into req.user.
  return data.user
}

quotiAuth.setup({
    orgSlug: 'someOrgSlug',
    apiKey: 'some-api-key',
    getUserData: getUserData,
    logger: console,
    errorLogLevel: 'error'
})