npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@ash0080/hasura-oauth-service

v1.0.0

Published

This is a full-featured OAuth proxy service, It works with hasura to provide users with login, logout and authentication features

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ash0080ash0080

Keywords

Readme

@ash0080/hasura-oauth-service

This is a full-featured OAuth proxy service, It works with hasura to provide users with login, logout and authentication features.

For now, it's OAuth proxy only, does not provide local registration, the biggest reason is that I do not need it, in addition to the implementation of registration also involves email/SMS verification, etc., which will make the size and complexity of the project greatly increased, however, this does not mean that you do not own the user data, the service still provides the basic user data, including, id, email, bio, avatar_url, etc., and the user can update these data through hasura.

Changelog

1.0.0 - A full-featured oauth service used to extend HASURA

Architecture

Features

OAuth: Based on grant, so it is easy to add 200+ OAuth Providers through a single configuration file. without adding any new dependencies.

Automatic Setup: Based on my @ash0080/fastify-hasura When the service starts and connects to hasura, it automatically sets up the database and metadata. Hands free.

Roles: public, user, subscriber

Redis Cache: The actual use is keyDB (an enhanced version of redis), which includes out-of-the-box data persistence and some other features. It is used to cache basic user data and tokens. Reduce the time of token exchanging and the pressure on the database from frequent exchanges.

Finger Print: A simple back-end user fingerprint verification based on my @ash0080/one-char-hash

Rate Limiting: Based on fastify-rate-limiter.

Multi-device login: Supports multiple device login for the same account, and the local Redis database keeps track of the user's tokens;

Protected Hooks: A built-in hooks endpoint validation.

Internal Event Triggers: Out of the box, you don't have to worry much about it, for synchronizing basic user data and roles, still for a faster token exchange mechanism.

Remote Cron Jobs: Currently there are two,

  • Auto-downgrade expired subscribers
  • Auto-clean processed events and events logs. These take up a lot of space in hasura, and I saw someone say that he has 1.8G events_logs in the database.

Unified endpoints: Unified OAuth callback endpoint at /token and unified event webhook endpoint at /events, In fact, I actually don't really like mixing Graphql and REST, so I want to expose as few endpoints as possible if I have to use them, This also has the advantage that when you need to extend this project, you only need to extend these few endpoints, and the code is clearer and easier to understand.

| Features | Highlights | |--------------|:------------------------------------------------------| | OAuth | Based on grant, Easy to expand to 200+ providers; | | Auto | Auto set up, Hands free; | | Cache | keyDB for jwt and basic user profile caching; | | Rate-Limit | Rate limiting; | | Multi-Device | Supports multiple device login; | | Security | Fingerprint & Protected Hooks; | | Cron | Roles cleaning and logs cleaning; | | Unified | Few exposed endpoints, easier to maintain and extend; |

Prepare

Step 1: rename .example.env as .env and configure it with your data;

Step 2: run src/config/key/jwtRS256.sh to generate keys, 1 pair for jwt, the other for session;

Step 3: copy .jwt.example.json as .env to HASURA's path, fill it with the public_key you generated in step 2;

Step 4: config and restart your hasura with this new HASURA_GRAPHQL_JWT_SECRET environment variable;

Run Service

Step 5: yarn i

Step 6: yarn start

Step 7: This service will config your hasura and database automatically, if no exception is thrown, The service will be started and exposed at 0.0.0.0:${port} DONE!

Routers

/- healthz check return 'ok'::string

/$ROUTE_PREFIX/:provider_name - the entry point user start login (eg: /oauth/github)

/$ROUTE_PREFIX/:provider_name/callback - the oauth callback url (eg: /oauth/github/callback)

/token - the final redirect url after oauth callback, you GET {access_token, refresh_token}::json

/refresh - refresh token, you POST {refresh_token}, GET {access_token, refresh_token?}::json

/revoke - revoke token, you POST {refresh_token}, GET {success}::json

/events - the hasura events webhook endpoint

Q&A

  1. Why REST but not Remote Schema?
    The oauth process is a series of redirects but nothing; All necessary basic user data is redis cached, there is no need to forward it through hasura;

  2. Can I use Redis replace keyDB?
    For now, Yes, you can. But in the future I may add some features unique to keydb, which may only be available in the Redis enterprise version

Todo

  1. Rewrite with typescript;
  2. Add a function to limit the number of devices for multi-device login;
  3. More Tests;

Thanks

Thanks all people who helped develop this project, especially,

@simov - Author of Grant

@Johan Eliasson - Author of nhost/hasura-auth

Contributing

Everyone is welcome to contribute. Please take a moment to review the contributing guidelines.

Authors and license

ash0080 and contributors.

MIT License, see the included License.md file.