npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

hapi-auth-sns

v2.0.0

Published

AWS SNS Authentication

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

devin_stewartdevin_stewart

Keywords

AWSSNSauthenticationpluginhapi

Readme

hapi Auth Plugin for AWS SNS

Plugin for hapi to easily setup an auth strategy that validates an AWS SNS payload using the sns-payload-validator.

Coverage Status GitHub Workflow Status Maintainability Rating Security Rating Reliability Rating

Installing

npm install --save hapi-auth-sns

Please note: While SignatureVersion 1 is the default, on 2022-09-19 AWS announced the ability to set topics with SignatureVersion 2. Starting with version 1.1.0 of this plugin, SignatureVersion 1 and 2 are supported.

Getting Started

const Hapi = require('hapi');
const Sns = require('hapi-auth-sns');

const init = async () => {

    const server = Hapi.server({
        port: 3000,
        host: '0.0.0.0'
    });

    // Register the plugin
    await server.register(Sns);

    // Declare an authentication strategy using the sns scheme.
    server.auth.strategy('mySnsStrategy', 'sns');

    // Add a route that requires authentication.
    server.route({
        method: 'POST',
        path: '/',
        config: {
            auth: {
                strategy: 'mySnsStrategy',
                scope: 'myTopic' // optional
            },
        },
        handler: (request, h) => {

            // Make sure the message is a notification, not a subscription confirmation.
            if (request.payload.Type === 'Notification') {
                return `The message from myTopic is: ${request.payload.Message}`;
            }

            return 'This is a subscription confirmation message.';
        }

        await server.start();
        console.log('Server running on %s', server.info.uri);
    });
};

init();

Scopes

The scope in the credentials is set to the topic name, derived from the TopicArn in the payload.

To limit the route to a single topic, set the scope option to the topic name:

auth: {
    strategy: 'mySnsStrategy',
    scope: 'myTopic'
}

To allow multiple topics, set the scope option to an array of topic names:

auth: {
    strategy: 'mySnsStrategy',
    scope: ['myTopic1', 'myTopic2']
}

To allow all topics, omit the scope option:

auth: {
    strategy: 'mySnsStrategy'
}

Options

There are four options available for the sns strategy:

  • autoSubscribe - A message type of SubscriptionConfirmation automatically subscribes the route to the topic after validation, default true.
  • autoResubscribe - A message type of UnsubscribeConfirmation automatically resubscribes the route to the topic after validation, default true.
  • useCache - The plugin uses a cache to store the certificate for each topic. This is enabled by default, but can be disabled if you don't want to use the cache. If disabled, the certificate will be fetched from the SNS service for each request.
  • maxCerts - The maximum number of certificates to store in the cache. This is only used if useCache is enabled. The default is 5000.

All settings can be changed when declaring the strategy:

server.auth.strategy('mySnsStrategy', 'sns', {
    autoSubscribe: false,
    autoResubscribe: false,
    useCache: true,
    maxCerts: 100
});

Additional Information

The request.payload will have the following properties:

  • Type - The message type: Notification, SubscriptionConfirmation or UnsubscribeConfirmation.
  • MessageId - A uuid provided by the SNS service for each message.
  • Token - The token that must be passed to the SubscribeURL to confirm the subscription when the message type is SubscriptionConfirmation or UnsubscribeConfirmation.
  • TopicArn - The ARN of the topic the message was sent from.
  • Subject - The subject of the message when the message type is Notification. This is not present if a Subject was not provided when the message was published.
  • Message - The message body when the message type is Notification.
  • Timestamp - The time the message was sent.
  • SignatureVersion - The version of the signature algorithm used to sign the message. Defaults to 1, can also be 2.
  • Signature - The signature of the message used to verify the message integrity.
  • SigningCertURL - The URL of the certificate used to sign the message.
  • SubscribeURL - The URL used to subscribe the route when the message type is SubscriptionConfirmation or UnsubscribeConfirmation.
  • UnsubscribeURL - The URL used to unsubscribe the route when the message type is Notification.

Due to how payload validation works, request.auth.credentials.sns will be set to true if payload is valid. However, it is not used by the plugin.

Acknowledgements

The format of the code was adapted from the @hapi/jwt module, BSD-3-Clause, which is maintained by the fine folks in the hapijs community.