@futoin/security v0.3.16
About
FutoIn Security Concept is alternative to token based authentication & authorization mechanisms.
Features:
- FutoIn SecVault sensitive data storage security
- User & configuration management (FTN8):
- Stateless Authentication (FTN8.1):
- Clear text
- Message Authentication Code (HMAC with static key)
- Master Secret Authentication (FTN8.2):
- multiple master keys with custom scope support
- derived key per each peer
- automatic time-based derived key rotation
- optional automatic master key rotation
Documentation --> FutoIn Guide
Reference implementation of:
Author: Andrey Galkin
Installation for Node.js
Command line:
$ npm install @futoin/security --saveor:
$ yarn add @futoin/security --saveExamples
API documentation
Classes
CachedManageService
FTN8: Cached Manage Service
Kind: global class
new CachedManageService(scope, options)
C-tor
| Param | Type | Default | Description |
|---|---|---|---|
| scope | object | scope of related services | |
| options | object | passed to superclass c-tor | |
| options.scope | integer | main.globalScope | scope state |
ManageFace
Manage Face
Kind: global class
ManageService
FTN8: main Manage Service
Kind: global class
MasterAutoregFace
FTN8.2: Master Auth Face
Kind: global class
MasterAuthService
FTN8.2: Master Auth Service
Kind: global class
MasterAutoregFace
FTN8.2: Master Auth Auto-registration Face
Kind: global class
MasterAutoregService
FTN8.2: Master Auth Auto-registration Service
Kind: global class
MasterManageFace
FTN8.2: Master Auth Manage Face
Kind: global class
MasterManageService
FTN8.2: Master Auth Manage Service
Kind: global class
ServiceApp
All-in-one AuthService initialization
Kind: global class
- ServiceApp
- new ServiceApp(as, options)
- .ccm() ⇒ AdvancedCCM
- .executor() ⇒ Executor
- .close([done])
new ServiceApp(as, options)
C-tor
| Param | Type | Default | Description |
|---|---|---|---|
| as | AsyncSteps | AsyncSteps interface | |
| options | object | {} | options |
| options.ccm | AdvancedCCM | external CCM instance | |
| options.publicExecutor | Executor | external public executor instance | |
| options.privateExecutor | Executor | external private executor instance | |
| options.storagePassword | string | Base64 encoded KEK for storage | |
| options.config | object | config overrides for MasterService | |
| options.ccmOptions | object | auto-CCM options | |
| options.notExpectedHandler | callable | 'notExpected' error handler | |
| options.privateExecutorOptions | object | private auto-Executor options | |
| options.publicExecutorOptions | object | public auto-Executor options | |
| options.evtOptions | object | eventstream options | |
| options.secVaultOptions | object | secure vault options | |
| options.securityOptions | object | security interface options |
serviceApp.ccm() ⇒ AdvancedCCM
CCM instance accessor
Kind: instance method of ServiceApp
Returns: AdvancedCCM - instance
serviceApp.executor() ⇒ Executor
Executor instance accessor
Kind: instance method of ServiceApp
Returns: Executor - instance
serviceApp.close(done)
Shutdown of app and related instances
Kind: instance method of ServiceApp
| Param | Type | Default | Description |
|---|---|---|---|
| done | callable | done callback |
SimpleSecurityProvider
Simple passthru FTN8 security provider for Executor.
NOTE: it's suitable for lightweight services without own SecVault.
Kind: global class
SatelessAuthFace
FTN8.1: Stateless AuthService Face
Kind: global class
StatelessAuthService
Manage Service
Kind: global class
StatelessManageFace
FTN8.1: Stateless Manage Face
Kind: global class
StatelessManageService
FTN8.1.: Stateless Manage Service
Kind: global class
StaticMasterAuth
MasterAuth implementation for AdvancedCCM with static Master Key
NOTE: this implementation rotates only derived keys
Kind: global class
new StaticMasterAuth(options, keyId, keyData, paramFormat, kds, macAlgo)
C-tor
| Param | Type | Default | Description |
|---|---|---|---|
| options | object | Options | |
| keyId | string | master key ID | |
| keyData | string | master key data in Base64 | |
| paramFormat | string | "YYYYMMDD" | format for derivation parameter |
| kds | string | "HKDF256" | key derivation strategy |
| macAlgo | string | "HS256" | MAC algorithm |
BaseFace
Base Face with neutral common registration functionality
Kind: global class
Note: Not official API
BaseFace.LATEST_VERSION
Latest supported FTN13 version
Kind: static property of BaseFace
BaseFace.PING_VERSION
Latest supported FTN4 version
Kind: static property of BaseFace
BaseFace.register(as, ccm, name, endpoint, credentials, options)
CCM registration helper
Kind: static method of BaseFace
| Param | Type | Default | Description |
|---|---|---|---|
| as | AsyncSteps | steps interface | |
| ccm | AdvancedCCM | CCM instance | |
| name | string | CCM registration name | |
| endpoint | * | see AdvancedCCM#register | |
| credentials | * | see AdvancedCCM#register | |
| options | object | {} | interface options |
| options.version | string | "1.0" | interface version to use |
BaseService
Base Service with common registration logic
Kind: global class
new BaseService(scope, options)
C-tor
| Param | Type | Description |
|---|---|---|
| scope | object | scope of related services |
| options | object | passed to superclass c-tor |
BaseService.register(as, executor, scope, options) ⇒ BaseService
Register Service with Executor
Kind: static method of BaseService
Returns: BaseService - instance
| Param | Type | Description |
|---|---|---|
| as | AsyncSteps | steps interface |
| executor | Executor | executor instance |
| scope | object | scope of related services |
| options | object | implementation defined options |