npmpackage.info

Gathering detailed insights and metrics for koa-eula

Approximately 800 new packages are uploaded to the npm registry every day. This number can vary, but it reflects the active and growing nature of the JavaScript development community.

koa-eula

2.1.1

JavaScript

1,879

1.3

Installations

npm install koa-eula

Score

67.8

Supply Chain

99.2

Quality

73.7

Maintenance

Vulnerability

98.6

License

Pull Requests

Open

0

Total

0

Closed

0

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Contributors

View all 1 contributors

Developer

xploratics

Module System

BETA

CommonJS

Statistics

9 Commits

2 Watching

1 Branches

1 Contributors

Updated on 07 Feb 2017

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

1,879

Last day

100%

Compared to previous day

Last week

150%

Compared to previous week

Last month

44.4%

Compared to previous month

Last year

5.8%

146

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

jsonwebtoken koa-unless

Dev Dependencies

koa mocha nyc supertest

Versions

koa-eula

Koa middleware that validates JSON Web Tokens and sets ctx.state.eula (by default) if a valid EULA token is provided.

This module lets you validate EULA on HTTP requests using JSON Web Tokens in your Koa (node.js) applications.

Installation

1npm install koa-eula

Usage

The JWT eula middleware validate EULA acceptation of callers using a JWT token. If the token is valid, ctx.state.eula (by default) will be set with the JSON object decoded to be used by later middleware.

Retrieving the token

The token is normally provided in a HTTP header (Eula), but it can also be provided in a cookie by setting the opts.cookie option to the name of the cookie that contains the token. Custom token retrieval can also be done through the opts.getEulaToken option. The provided function should match the following interface:

1/**
2 * Your custom token resolver
3 * @this The ctx object passed to the middleware
4 *
5 * @param  {object}      opts The middleware's options
6 * @return {String|null}      The resolved token or null if not found
7 */

The resolution order for the token is the following. The first non-empty token resolved will be the one that is verified.

opts.getToken function
check the cookies (if opts.cookie is set)
check the Authorization header for a bearer token

Passing the secret

Normally you provide a single shared secret in opts.secret, but another alternative is to have an earlier middleware set ctx.state.secret, typically per request. If this property exists, it will be used instead of the one in opts.secret.

Example

1var koa = require('koa');
2var eula = require('koa-eula');
3
4var app = koa();
5
6// Custom 403 handling if you don't want to expose koa-eula errors to users
7app.use(function(ctx, next) {
8  return next().catch((err) => {
9    if (401 == err.status) {
10      ctx.status = 401;
11      ctx.body = 'Protected resource, use Eula header to get access\n';
12    } else {
13      throw err;
14    }
15  });
16});
17
18// Unprotected middleware
19app.use(function(ctx, next) {
20  if (ctx.url.match(/^\/public/)) {
21    ctx.body = 'unprotected\n';
22  } else {
23    return next();
24  }
25});
26
27// Middleware below this line is only reached if eula token is valid
28app.use(eula({ secret: 'shared-secret' }));
29
30// Protected middleware
31app.use(function (ctx){
32  if (ctx.url.match(/^\/api/)) {
33    ctx.body = 'protected\n';
34  }
35});
36
37app.listen(3000);

Alternatively you can conditionally run the eula middleware under certain conditions:

1var koa = require('koa');
2var eula = require('koa-eula');
3
4var app = koa();
5
6// Middleware below this line is only reached if eula token is valid
7// unless the URL starts with '/public'
8app.use(eula({ secret: 'shared-secret' }).unless({ path: [/^\/public/] }));
9
10// Unprotected middleware
11app.use(function *(next){
12  if (this.url.match(/^\/public/)) {
13    this.body = 'unprotected\n';
14  } else {
15    yield next;
16  }
17});
18
19// Protected middleware
20app.use(function *(){
21  if (this.url.match(/^\/api/)) {
22    this.body = 'protected\n';
23  }
24});
25
26app.listen(3000);

For more information on unless exceptions, check koa-unless.

You can also add the passthrough option to always yield next, even if no valid Authorization header was found:

1app.use(eula({ secret: 'shared-secret', passthrough: true }));

This lets downstream middleware make decisions based on whether ctx.state.user is set.

If you prefer to use another ctx key for the decoded data, just pass in key, like so:

1app.use(eula({ secret: 'shared-secret', key: 'euladata' }));

This makes the decoded data available as ctx.state.euladata.

If the tokenKey option is present, and a valid token is found, the original raw token is made available to subsequent middleware as ctx.state[opts.tokenKey].

You can specify audience and/or issuer as well:

1app.use(eula({ secret:   'shared-secret',
2               audience: 'http://myapi/protected',
3               issuer:   'http://issuer' }));

If the eula has an expiration (exp), it will be checked.

Tests

1npm install
2npm test

Credits

This code is largely based on koa-jwt.

Stian Grytøyr

License

The MIT License

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

SAST

Determines if the project uses static code analysis.

0

License

Determines if the project has defined a license.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

41 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-rvg8-pwq2-xj7q
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-h452-7996-h45h
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

1.3

/10

Last Scanned on 2024-11-11

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More