npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

mw-delog

v0.0.4

Published

A library enabling login with decentralized identity solutions

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

sareth93sareth93

Keywords

Readme

Delog

Introduction

Delog is a server-side library that implements a middleware for any express-based web server. It can be used to manage the login and access control as well as user management in a web application without the need for a prior registration. It is a light-weight library built for ease-of-use and easy implementation. To start, simply use the middleware and it will handle the authentication of incoming requests automatically. The library allows for generation of disclosure requests and has a built-in cache where it saves authentication data.

Installation

npm install mw-delog

After installing the library, you can import the middleware in the following way:

const Delog = require('mw-delog')

Usage

To initialize the middleware, you need to call the init() function.

It is called with the route you want to use for login, the callback route, the requested information and optionally required claims for access control (see below).

Example:

Delog.init('/login', '/callback', ['name'])

As you can see, the paths are relative and the required claims is an array of claim objects consisting of an issuer DID and a certificate name.

To use the middleware, you need an express server that uses delog. Please make sure to install a body-parser aswell.

Pleasse be aware that uport only supports https callback addresses, so you have to make sure your server is using that protocol.

Example

const express = require('express')
const bodyParser = require('body-parser')

const app = express()
app.use(bodyParser.json({ type: '*/*' }))

Delog.init('/login', '/callback', [{issuer: 'did:ethr:0x1420cedd4ce6db3b05161277f55f71db2310bcf3', name: 'Testkurs'}])

app.use(Delog.delog)

From now on, every incoming request will first pass through the delog middleware. It will check if an access token is set in the request header. If it is, the token will be validated and the request is forwarded to its original destination. If the access token is not set, or not valid, the request will fail.

Test Server

To test your application locally, you can set up a ngrok server, so your uport app is able to address your localhost directly. For more information on how to set up a ngrok server, click here.

Alternatively, go to Delog-TestApp and follow instructions to set up the application. This is a simple React App that allows you to login and displays your name and DID once successful.

Test Certificate

You can visit MW-Verification and follow the instructions there. This application will allow you to create verified claims, with issuer and claimname being customizable. You can then use this claim with Delog.

Set required claims

You may want to require some verified claims to be send with the credentials of your user, to verify that this identity is allowed to access the application. This can be set in the init-function as additional parameter - an array of objects consisting of the issuer DID as key and the claim name as value.

Example

Delog.init('/login', '/callback', ['name'], [{issuer: 'did:ethr:0x1420cedd4ce6db3b05161277f55f71db2310bcf3', name: 'Testkurs'}])

Beware that the issuer and name of the course are just examples and need to be replaced with the correct claim that you want to require. Delog will check if the claim issuer is valid and if the claim name is corrrect.

Start Login Request

To start a login request to get an access token, the client will have to construct a POST request to the predefined login route. It needs to include the attribute network, which for now can only be 'uport'.

Example

import axios from 'axios'

axios.post('https://1c865c9e.ngrok.io/login', {
    network: 'uport'
}).then(res => {
    console.log(res.data.qr, res.data.jwt)
})

The response is an object containing the jwt token for the request and the encoded QR-Code image. The QR Code can be displayed by embedding it in an HTML img-tag.

<img src={qr} alt="QR Code" />

Alternatively, you may want to install the frontend library uport-connect to be able to send the jwt through this library, which automatically uses the standard popup for uport.

import { Connect } from 'uport-connect'
let uport = new Connect('DeLog')
...
uport.send(jwt, 'disclosureReq')

The QR code can be scanned by the uport app on the user's phone. The user can then decide to share his credentials, in which case the response will be sent to the callback URL specified in the request.

The response will be catched by the delog middleware and the signature of the JWT is validated. If it is valid, the token will be saved into the delog cache with the corresponding request URL as key.

To get the access token, the client will have to poll the server. To identify the request, the request JWT token has to be included in the headers of the request.

Example:

axios.get('https://1c865c9e.ngrok.io', {
      network: 'uport',
      headers: {
        'x-access-token': jwt
      }
    }).then(res => {
      if(res) {
        console.log(res)
      }
    })

If the server has received a valid response token from the user's uport app, it will return this token and the decoded credentials to the client.

This new token can be used for interaction with the server from now on by setting it in the request header under the attribute x-access-token. You can put the token and credentials into a cookie to preserve the login information over a session.

To access user data in the backend, you can decode the JWT access token to get the credentials. A method for this is implemented in the Delog class.

Example

delog.decode(jwt).then(res => console.log(res))