UNPKG

passport-auth-token

Version:

Authentication token strategy for Passport.

github.com/mbell8903/passport-auth-token

mbell8903/passport-auth-token

129 lines (112 loc) 3.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/** * Module dependencies. */ var passport = require('passport-strategy'), util = require('util'), lookup = require('./utils').lookup; /** * `Strategy` constructor. * * The token authentication strategy authenticates requests based on the * credentials submitted through an authentication token. * * Applications must supply a `verify` callback which accepts `token` * credentials, and then calls the `done` callback supplying a * `user` associated with the token, which should be set to `false` * if the credentials are not valid. * If an exception occured, `err` should be set. * The token can be optional, so the strategy can support both authenticated and * not authenticated calls * * Optionally, `options` can be used to change the fields in which the * credentials are found. * * Options: * - `tokenFields` array of field names where the token is found, defaults to [token] * - `headerFields` array of field names where the token is found, defaults to [] * - `passReqToCallback` when `true`, `req` is the first argument to the verify callback (default: `false`) * - `params` when `true` the request params are also included in the lookup * - `optional` when `true` the token is optional and the strategy doesn't return an error * * Examples: * * passport.use(new AuthTokenStrategy( * function(token, done) { * AccessToken.findById(token, function (err, user) { * done(err, user); * }); * } * )); * * @param {Object} options * @param {Function} verify * @api public */ function Strategy (options, verify) { if (typeof options == 'function') { verify = options; options = {}; } if (!verify) { throw new TypeError('AuthTokenStrategy requires a verify callback'); } this._tokenFields = options.tokenFields || ['token']; this._headerFields = options.headerFields || []; passport.Strategy.call(this); this.name = 'authtoken'; this._verify = verify; this._passReqToCallback = options.passReqToCallback; } /** * Inherit from `passport.Strategy`. */ util.inherits(Strategy, passport.Strategy); /** * Authenticate request based on the contents of a form submission. * * @param {Object} req * @api protected */ Strategy.prototype.authenticate = function(req, options) { options = options || {}; var i, len, token; for (i = 0, len = this._headerFields.length; !token && i < len; i++) { token = lookup(req.headers, this._headerFields[i]); } for (i = 0, len = this._tokenFields.length; !token && i < len; i++) { token = lookup(req.body, this._tokenFields[i]) || lookup(req.query, this._tokenFields[i]); if (options.params) { token = lookup(req.params, this._tokenFields[i]); } } if (!options.optional) { if (!token) { return this.fail({ message: options.badRequestMessage || 'Missing auth token' }, 400); } } var self = this; function verified (err, user, info) { if (err) { return self.error(err); } if (!options.optional) { if (!user) { return self.fail(info); } } self.success(user, info); } try { if (self._passReqToCallback) { this._verify(req, token, verified); } else { this._verify(token, verified); } } catch (ex) { return self.error(ex); } }; /** * Expose `Strategy`. */ module.exports = Strategy;