Gathering detailed insights and metrics for middy-middleware-jwt-auth
Gathering detailed insights and metrics for middy-middleware-jwt-auth
Installations
npm install middy-middleware-jwt-authDeveloper
dbartholomae
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
25 Stars
685 Commits
8 Forks
3 Watching
4 Branches
6 Contributors
Updated on 18 Oct 2024
Bundle Size
80.71 kB
Minified
24.12 kB
Minified + Gzipped
Languages
TypeScript (94.88%)
JavaScript (5.12%)
Total Downloads
Cumulative downloads
Total Downloads
219,951
Last day
88.2%
352
Compared to previous day
Last week
42.1%
1,242
Compared to previous week
Last month
-5.3%
3,668
Compared to previous month
Last year
38.4%
70,983
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Peer Dependencies
1
Dev Dependencies
40
@commitlint/cli@commitlint/config-conventional@middy/core@middy/http-error-handler@middy/http-header-normalizer@semantic-release/changelog@semantic-release/commit-analyzer@semantic-release/git@semantic-release/npm@semantic-release/release-notes-generator@types/aws-lambda@types/debug@types/http-errors@types/jest@types/jsonwebtoken@types/node@types/supertest@typescript-eslint/eslint-plugin@typescript-eslint/parsercodecovconcurrentlycross-enveslintjestmomentpkg-okprettierrimrafsemantic-releaseserverlessserverless-offlineserverless-webpacksource-map-supportsupertestts-jestts-loadertypedoctypescriptwait-onwebpack
Versions
middy-middleware-jwt-auth
A middy JSON web token authorization middleware inspired by express-jwt.
Installation
Download node at nodejs.org and install it, if you haven't already.
1npm install middy-middleware-jwt-auth --save
Documentation
There is additional documentation.
Usage
1import createHttpError from "http-errors"; 2import middy from "@middy/core"; 3import httpErrorHandler from "@middy/http-error-handler"; 4import httpHeaderNormalizer from "@middy/http-header-normalizer"; 5import JWTAuthMiddleware, { 6 EncryptionAlgorithms, 7 IAuthorizedEvent, 8} from "middy-middleware-jwt-auth"; 9 10// Optionally define the token payload you expect to receive 11interface ITokenPayload { 12 permissions: string[]; 13} 14 15// Optionally define a type guard for the token payload 16function isTokenPayload(token: any): token is ITokenPayload { 17 return ( 18 token != null && 19 Array.isArray(token.permissions) && 20 token.permissions.every((permission: any) => typeof permission === "string") 21 ); 22} 23 24// This is your AWS handler 25const helloWorld = async (event: IAuthorizedEvent<ITokenPayload>) => { 26 // The middleware adds auth information if a valid token was added 27 // If no auth was found and credentialsRequired is set to true, a 401 will be thrown. If auth exists you 28 // have to check that it has the expected form. 29 if (event.auth!.payload.permissions.indexOf("helloWorld") === -1) { 30 throw createHttpError( 31 403, 32 `User not authorized for helloWorld, only found permissions [${event.auth!.permissions.join(", ")}]`, 33 { 34 type: "NotAuthorized", 35 }, 36 ); 37 } 38 39 return { 40 body: JSON.stringify({ 41 data: `Hello world! Here's your token: ${event.auth!.token}`, 42 }), 43 statusCode: 200, 44 }; 45}; 46 47// Let's "middyfy" our handler, then we will be able to attach middlewares to it 48export const handler = middy(helloWorld) 49 .use(httpHeaderNormalizer()) // Make sure authorization header is saved in lower case 50 .use(httpErrorHandler()) // This middleware is needed do handle the errors thrown by the JWTAuthMiddleware 51 .use( 52 JWTAuthMiddleware({ 53 /** Algorithm to verify JSON web token signature */ 54 algorithm: EncryptionAlgorithms.HS256, 55 /** An optional boolean that enables making authorization mandatory */ 56 credentialsRequired: true, 57 /** An optional function that checks whether the token payload is formatted correctly */ 58 isPayload: isTokenPayload, 59 /** A string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA */ 60 secretOrPublicKey: "secret", 61 /** 62 * An optional function used to search for a token e. g. in a query string. By default, and as a fall back, 63 * event.headers.authorization and event.headers.Authorization are used. 64 */ 65 tokenSource: (event: any) => event.queryStringParameters.token, 66 }), 67 );
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-pppg-cpfq-h7wr
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
Found 0/6 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/close-stale-issues.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-labels.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close-stale-issues.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/close-stale-issues.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-labels.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/update-labels.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-labels.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dbartholomae/middy-middleware-jwt-auth/update-labels.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 24 are checked with a SAST tool
Score
2.6
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More