Neurotic Programmer Masquerade

    sequelize-authentication

    0.3.0 • Public • Published

    sequelize-authentication

    A connect module for authentication against a database.

    Build status

    The automated tests we talk about just so much are running on Travis public CI, here is its status:

    Build Status

    Usage

    var app            = express()
      , authentication = require('sequelize-authentication')
      , Sequelize      = require('sequelize')
      , sequelize      = new Sequelize('database', 'user', 'password')
    
    app.configure(function() {
      // express.static would go here
      app.use(authentication(sequelize[, options]))
      // express router would go here
    })
    

    Note: If you are serving static files (e.g. via express.static), make sure, that authentication is added afterwards. Also you should make sure, that the router is added after the authentication module.

    Options

    The second parameter of the authentication function is an object with options. Let's assume an application, that delivers hello world if the a user has authenticated successfully for the following description. You might want to check the example application under example/app.js. My local database has a root user without password.

    Option: via

    via defines, where the module will find the credentials.

    Credentials in the params (default)

    authentication(sequelize, { via: 'params' })
    

    This will tell the module, that the credentials are either in the URL of the request or the body (POST). If you don't want to use headers, this is most likely what you want.

    curl "http://localhost:3000?user=root&password="
    # => hello world
    
    curl "http://localhost:3000?user=root&password=fnord"
    # => Unauthorized
    
    curl -d "user=root&password=" "http://localhost:3000"
    # => hello world
    
    curl -d "user=root&password=fnord" "http://localhost:3000"
    # => Unauthorized
    

    Credentials in the headers

    authentication(sequelize, { via: 'headers' })
    

    This defines, that the credentials are in the headers of the request.

    curl "http://localhost:3000?user=root&password="
    # => Unauthorized
    
    curl "http://localhost:3000?user=root&password=fnord"
    # => Unauthorized
    
    curl -d "user=root&password=" "http://localhost:3000"
    # => Unauthorized
    
    curl -d "user=root&password=fnord" "http://localhost:3000"
    # => Unauthorized
    
    curl -H "user: root" -H "password: " http://localhost:3000
    # => hello world
    
    curl -H "user: root" -H "password: fnord" http://localhost:3000
    # => Unauthorized
    

    Credentials in the URL

    authentication(sequelize, { via: 'query' })
    

    Credentials are in the URL of the request only.

    curl "http://localhost:3000?user=root&password="
    # => hello world
    
    curl "http://localhost:3000?user=root&password=fnord"
    # => Unauthorized
    
    curl -d "user=root&password=" "http://localhost:3000"
    # => Unauthorized
    
    curl -d "user=root&password=fnord" "http://localhost:3000"
    # => Unauthorized
    

    Credentials in the post body

    authentication(sequelize, { via: 'body' })
    

    Credentials are in the body of the request only.

    curl "http://localhost:3000?user=root&password="
    # => Unauthorized
    
    curl "http://localhost:3000?user=root&password=fnord"
    # => Unauthorized
    
    curl -d "user=root&password=" "http://localhost:3000"
    # => hello world
    
    curl -d "user=root&password=fnord" "http://localhost:3000"
    # => Unauthorized
    

    Option: scope

    scope defines, which urls should receive protection via the module.

    authentication(sequelize, { scope: '/api' })
    

    This will protect each url that starts with /api.

    curl http://localhost:3000
    # => hello world
    
    curl http://localhost:3000/api/secret
    # => Unauthorized
    
    curl http://localhost:3000/api/secret?user=root&password=
    # => hello world
    

    Option: param

    param defines a parameter name which scopes the credentials. The default is none.

    authentication(sequelize, { param: 'credentials' })
    

    The module will now check, if the credentials are located in the credentials object.

    curl "http://localhost:3000?credentials\[user\]=root&credentials\[password\]="
    # => hello world
    

    Hm? So, what's next?

    The server will send each request through the authentication module. If the request authenticates correctly, it will be passed to the router. If authentication fails, the module will response with a 401 and the message 'Unauthorized'.

    License

    Hereby placed under MIT license.

    Keywords

    none

    Install

    npm i sequelize-authentication

    DownloadsWeekly Downloads

    2

    Version

    0.3.0

    License

    MIT

    Last publish

    Collaborators

    • sdepold