npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

whowho

v0.0.4

Published

Authenticating reverse-proxy for writing simpler apps

Downloads

6

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

baconscriptbaconscript

Keywords

authenticationproxyreverse proxy

Readme

whowho

A simple authenticating proxy for your apps.

Installation

npm install --save whowho

Configuration

There are four items that need to be in place for your app to work correctly, all of which can be found in the configuration object passed to the constructor:

targets

This is a hash of paths and hosts/ports that you want to proxy to. For instance:

targets: {
  '/*': 'http://localhost:8000'
}

This will proxy to an app running on the same machine on port 8000. If your proxy is only proxying one page, make sure you haven't forgotten the asterisk on the path. Otherwise, it will literally only match the / path.

If you need to, you can also specify publicTargets which won't be authenticated, e.g. for assets. However, in production, I encourage you to use nginx or another static server for assets.

strategies

These are normal PassportJS strategies, tied to their name. The various strategies need to be required from their packages, such as var LocalStrategy = require('passport-local').Strategy;. You can then write the following:

strategies: {
  local: new LocalStrategy(
           function(username, password, done) {
             if(username === 'admin' && password === 'admin') {
               return done(null, {
                 id:1,
                 name:{
                   givenName:'Admin',
                 familyName:'Root'}
               });
             } else {
               return done(null, false, {
                 message: 'Wrong username or password.'
               });
             }
           })
}

This represents a simple authentication for username admin and password admin.

auth

This represents how you want to authentiate to WhoWho. For instance, to continue the above example:

auth: {
  'post /login': function(passport){
    return passport.authenticate('local', {
      successRedirect: '/', 
      failureRedirect: '/login'
    });
  }
}

serializeUser/deserializeUser

Okay, I'm cheating; these are two functions, not one. This is for your caching layer.

For this example, we'll cheat, and do it in memory. This is a Bad IdeaTM for a few reasons, but I don't want to muddle the example with Redis calls or similar.

Suppose that before creating the proxy, you had created a users hash:

var users = {};

Then, in your WhoWho config, you could simply use:

serializeUser: function(user, done){
  users[user.id] = user;
  done(null, user.id);
},
deserializeUser: function(id, done){
  done(null, users[id]);
}

Sample config

Putting the above all together in a full example, you'd get:

var passport = require('passport');
var AuthProxy = require('whowho').AuthProxy;
var LocalStrategy = require('passport-local').Strategy;

var users = {};

var proxyServer = new AuthProxy({
  strategies: {
    local: new LocalStrategy(
             function(username, password, done) {
               if(username === 'admin' && password === 'admin') {
                 return done(null, {
                   id:1,
                   name:{
                     givenName:'Admin',
                   familyName:'Root'}
                 });
               } else {
                 return done(null, false, {
                   message: 'Wrong username or password.'
                 });
               }
             })
  },
  auth: {
    'post /login': function(passport){
      return passport.authenticate('local', {
        successRedirect: '/', 
        failureRedirect: '/login'
      });
    }
  },
  targets: {
    '/*': 'http://localhost:8000'
  },
  serializeUser: function(user, done){
    users[user.id] = user;
    done(null, user.id);
  },
  deserializeUser: function(id, done){
    done(null, users[id]);
  }
});

proxyServer.start();

This simple script will run on the default port (3000) and proxy authenticated users through to the app running on port 8000. Unauthenticated users will see a "403 Forbidden" message.