Gathering detailed insights and metrics for hapi-auth-bearer-token-token-multiname
Installations
npm install hapi-auth-bearer-token-token-multinameDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=8.0.0
Node Version
14.21.3
NPM Version
6.14.18
Score
64.3
Supply Chain
99.3
Quality
75.2
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
1
Download Statistics
Total Downloads
220
Last Day
6
Last Week
9
Last Month
13
Last Year
117
Bundle Size
17.68 kB
Minified
6.17 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
8.1.0
Package Id
hapi-auth-bearer-token-token-multiname@8.1.0
Unpacked Size
11.29 kB
Size
4.34 kB
File Count
5
NPM Version
6.14.18
Node Version
14.21.3
Publised On
08 Oct 2023
Total Downloads
Cumulative downloads
Total Downloads
220
Last day
500%
6
Compared to previous day
Last week
800%
9
Compared to previous week
Last month
116.7%
13
Compared to previous month
Last year
13.6%
117
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
3
Dev Dependencies
5
Versions
hapi auth bearer token
This is a fork of original hapi-auth-bearer-token with token's multi name feature (see options)
Reason:
In my private project i need to pass different bearer tokens in the same header authorization like usual bearer and like custom apitoken, that's impossible in original plugin.
[Release Notes] @hapi/hapi, joi, and @hapi/boom are all now peer dependencies to allow maximum flexibility. A reference to joi is now required as opposed to the older @hapi/joi.
For hapi 17.x and above used in combination with the new joi v17.x package. Requires Node 12 or greater.
Note: For hapi v17 and above implementations using @hapi/joi, it is recommended to use Version 6.x.x of this module.
Note: For hapi versions below v17, you must use versions v5.x.x of this module.
Lead Maintainer: John Brett
Bearer authentication requires validating a token passed in by bearer authorization header or query parameter.
This module creates a 'bearer-access-token' scheme takes the following options:
validate- (required) a token validation function with the signature[async] function(request, token, h)where:request- is the hapi request object of the request which is being authenticated.token- the auth token received from the client.h- the response toolkit.- Returns an object
{ isValid, credentials, artifacts }where:isValid-trueif token is valid, otherwisefalse.credentials- a credentials object passed back to the application inrequest.auth.credentials. Note that due to underlying Hapi expectations, this value must be defined even ifisValidisfalse. We recommend it be set to{}ifisValidisfalseand you have no other value to provide.artifacts- optional authentication related data that is not part of the user's credential.
options- (optional)-
accessTokenName(Default:'access_token') - Rename token key e.g. 'new_name' would rename the token query parameter to/route1?new_name=1234. Alternatively can be assign as array of strings:accessTokenName: [ 'access_token', 'custom_access_token' ] -
allowQueryToken(Default:false) - Accept token via query parameter. -
allowCookieToken(Default:false) - Accept token via cookie. -
allowMultipleHeaders(Default:false) - Accept multiple authorization headers, e.g.Authorization: FD AF6C74D1-BBB2-4171-8EE3-7BE9356EB018; Bearer 12345678. -
tokenType(Default:'Bearer') - Accept a custom token type e.g.Authorization: Basic 12345678. Alternatively can be assign as array of strings:accessTokenName: [ 'Bearer', 'Customkey' ] -
allowChaining(Default:false) - Allow attempt of additional authentication strategies. -
unauthorized(Default:Boom.unauthorized) - A function to call when unauthorized with signaturefunction([message], [scheme], [attributes]). More detailsIf using a custom
unauthorizedfunction, it is recommended you read hapi's documentation on authentication schemes, especially in the case of using multiple strategies: Authentication scheme.
-
1const Hapi = require('hapi'); 2const AuthBearer = require('hapi-auth-bearer-token'); 3 4const server = Hapi.server({ port: 8080 }); 5 6const start = async () => { 7 8 await server.register(AuthBearer) 9 10 server.auth.strategy('simple', 'bearer-access-token', { 11 allowQueryToken: true, // optional, false by default 12 validate: async (request, token, h) => { 13 14 // here is where you validate your token 15 // comparing with token from your database for example 16 const isValid = token === '1234'; 17 18 const credentials = { token }; 19 const artifacts = { test: 'info' }; 20 21 return { isValid, credentials, artifacts }; 22 } 23 }); 24 25 server.auth.default('simple'); 26 27 server.route({ 28 method: 'GET', 29 path: '/', 30 handler: async function (request, h) { 31 32 return { info: 'success!' }; 33 } 34 }); 35 36 await server.start(); 37 38 return server; 39} 40 41start() 42 .then((server) => console.log(`Server listening on ${server.info.uri}`)) 43 .catch(err => { 44 45 console.error(err); 46 process.exit(1); 47 }) 48 49 50/* 51 * To test this example, from your terminal try: 52 * curl localhost:8080 53 * response: {"statusCode":401,"error":"Unauthorized","message":"Missing authentication"} 54 * curl localhost:8080?access_token=abc 55 * response: {"statusCode":401,"error":"Unauthorized","message":"Bad token","attributes":{"error":"Bad token"}} 56 * curl localhost:8080?access_token=1234 57 * response: {"info":"success!"} 58 */
License MIT @ John Brett and other contributors 2018
No vulnerabilities found.
No security vulnerabilities found.