em-passport

Authorization middleware for ee-webservice

em-passport

Authorization middleware for ee-webservice

npm install em-passport

The passport middleware provides a authorization framework. It does not validate authorizations itself but it does rely on other middleware which is able to work with ee-passport api.

The consturcotr takes no options.

var Passport = require('em-passport');
var myPassport = new Passport();

The use method accepts em-passport compatible middleware. Em-Compatible middleware must expose a request() method which takes the arguments «request», «response» and «next».

example of a passport middleware which accepts all request execpt requests on /yeah

var MyPassportMiddleware = new Class({

    init: function(){
        // set up your stuff
    }

    , request: function(request, response, next){
        if(request.pathname === "/yeah") response.send(401);
        else {
            requests.authorization.authorized = true;
            next();
        }
    }
});

passport.use(new MyPassportMiddleware());

Using the whitelist method you can whitelist some urls with specific methods, headers and ip ranges which schould not be authorized but also not be rejected.

example of the passport middleware and the ee-passport middleware

var   Passport      = require('em-passport')
    , EEPassport    = require('em-passport-ee');


var passport = new Passport();

var eePassport = new EEPassport({ authorizationUrl: '/session' });

// you have to check yourself if the authroization is valid
eePassport.on('authorization', function(authorization, finished){
    new this.db.session({ token: authorization}).exec(function(err, session){
        authorization.authorized = session && !session.valid;
        callback();
    });
});


// no authorization for this url & this method
passport.whitelist('/session', { method: 'POST' });

// let the passport middleware use the ee passport
passport.use(session);

// let the webservice use the passport middleware
webservice.use(passport);