UNPKG

koas-security

Version:

Koas security checks if a request matches the security requirement of an operation. For example, given the following partial OpenAPI document:

gitlab.com/remcohaszing/koas/tree/master/packages/koas-security

107 lines (84 loc) 2.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Koas Security Koas security checks if a request matches the security requirement of an operation. For example, given the following partial OpenAPI document: ```yaml components: securitySchemes: basicAuth: type: http scheme: basic cookieAuth: type: apiKey in: cookie name: key oauth2: type: oauth2 scopes: email: Read the user’s email address. profile: Get the user’s profile. paths: /me: get: security: - basicAuth: [] cookieAuth: [] - oauth2: - profile ``` Koas security will make sure the user is either authenticated using HTTP basic authentication **and** a cookie named `key`, **or** using OAuth2. The first authentication requirement specified in the document wins. ## Installation ```sh npm install koa koas-core koas-security ``` ## Usage ```js const Koa = require('koa'); const { koas } = require('koas-core'); const { security } = require('koas-security'); const api = require('./api.json'); const app = new Koa(); app.use( koas(api, [ security({ // User getters }), ]), ); ``` This middleware sets the `users` and `clients` variables in the Koa context. These are mappings of security requirements to authenticated users and OAuth2 clients respectively. Also `user` and `client` are set to match a single user and client. Since most API calls only require a single authentication method at a time, this can be used for convenience. ## Options Koas security takes a mapping of security requirement keys to user get functions. The signature depends on the type of authentication. ### `apiKey` The function accepts the API key, and should return the user that is authenticated using that key. ### `http` | scheme | Description | | -------- | ---------------------------------------------------------------------------------------------------------- | | `basic` | The function accepts the username and password, and should return the user that matches these credentials. | | `bearer` | The function accepts the bearer access token, and should return the user that matches these credentials. | ### `oauth2` / `openIdConnect` The function accepts the access token, and should return a tuple which consists of the user and the authenticated OAuth2 client. ## Declaring clients and users When using TypeScript, the `Clients` and `Users` interfaces can be augmented to map security scheme to custom types. For example: ```typescript declare module 'koas-security' { interface Users { basicAuth: User; cookieAuth: User; oauth2: User; } interface Clients { oauth2: { type: 'oauth2'; scopes: ('email' | 'profile')[]; }; } } ```