npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@koopjs/auth-direct-file

v3.0.0

Published

Module for implementing a direct authentication pattern with file-based user-store in Koop

Downloads

146

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sanshrsanshrdrspacemanphddrspacemanphdsonofflynn89sonofflynn89tomtom92tomtom92haolianghaoliangrichgwozdzrichgwozdzdhatcherdhatcher

Keywords

Readme

Koop-Auth-Direct-File

A authentication module for implementing direct authentication from client to Koop server with a file-based user-store

npm

Usage

To use this plugin, you need to create a JSON file store. This should be an array of objects with properties username and password. See user-store.json.example as an example. Note, that this is a terrible way to store credentials! This plugin is really just meant as an example of how to design a Koop authorization plugin and not meant for any production environment.

This module exports an initialization function that must be supplied with a secret-key and the path to the file that is the user-store. It will return a plugin object that can be registered with Koop.

    const authPlugin = require('@koopjs/auth-direct-file')('your-secret-key', `path/to/user-store.json`, { tokenExpirationMinutes: 300 })
    
    koop.register(auth)

Registration order

For an auth-plugin to secure the data served by a provider, it must be registered before the provider. Any providers registered after the auth-plugin will not have the plugin's authorization code applied.

    const Koop = require('@koopjs/koop-core');
    const providerOne = require('koop-provider-one');
    const providerTwo = require('koop-provider-two');
    const authPlugin = require('@koopjs/auth-direct-file')('your-secret-key', `path/to/user-store.json`);

    const koop = new Koop();

    // providerOne, registered before auth-plugin, will be secured by auth-plugin methods
    koop.register(providerOne);

    koop.register(authPlugin);

    // providerTwo, registered after auth-plugin, will NOT be secured
    koop.register(providerTwo);

    const provider = require('./')
    koop.register(provider)

The underlying reason that order matter is because an auth-plugin add its authorize and authenticate functions to all registered providers. (Note that providers may implement their own authorize and authenticate prototype methods, and if they do these will be used preferentially.) Output services will leverage these functions to secure the service endpoints and properly route requests to authenticate.

API

Module initialization function

(secret, userStoreFilePath, options) ⇒ Object

  • configure the authentication module with secret use for token encoding/decoding

| Param | Type | Description | | --- | --- | --- | | secret | string | secret for encoding/decoding tokens | | userStoreFilePath | string | path to the JSON file containing the array of username/password objects | | options | object | options object | | options.tokenExpirationMinutes | integer | minutes until token expires (default 60) |

Notes on use with ArcGIS Online and ArcGIS Portal

This authorization plugin has been tested with ArcGIS Online and ArcGIS Enterprise. Note that these ArcGIS products appear to block or be impaired by SSH-tunneling tools like ngrok, so if you are trying to test a local Koop instance against Online or Enterprise, it may not work as otherwise expected. Generally, you'll have to do a "real" deployment to actually test authorization against these products.

For enterprise versions of Portal earlier than 10.6, you may need to import the root of your certificate into Portal's trust store. We have observed the inability to store credentials for a secured Koop service on Portal instances that have not yet imported the root SSL certificate (of the Koop instance) into the trust-store.

General notes on the authentication pattern used here

The authentication module implemented here uses a direct authentication pattern; it receives user credentials (username/password) from a client and authenticates those credentials against an identity/user-store. Requests with valid credentials are issued an access-token (a string of encoded-data); The access token is encoded with the use of a secret known only to the Koop server. The access-token expires and becomes invalid after a certain period (default of 60 minutes).

get access token

In addition to directly accepting username and password, the authenticate method will also accept a valid token. If receivied, a new token (with new expiry time) is issued and returned.

The issued access-token should be attached to all subsequent service requests by the client. When the server receives a request, it will check for the presence of an access-token and reject any requests that are missing such token. If the token is present, the server attempts to decode it with its stored secret. Failure to decode results in a request rejection. Once decoded, the server checks the token's expiration-date and rejects any token with a date that is out of range. If the token is not expired, the request for the desired resource proceeds.

enter image description here