@theriot.dev/middleware NPM

@theriot.dev/middleware

This project provides a set of middleware to provide configurable functionality to an express app, including security protections, authentication, rate limiting, and internal error handling

Installation

npm install express # express is a peer dependency
npm install @theriot.dev/middleware

Import

import {
  applyOne,   # Used to apply one middleware
  applyMany,  # Used to apply an array of middleware
  auth,
  catch_errors,
  cors,
  csrf,
  rate_limit,
  session
} from '@theriot.dev/middleware'

Overview

applyOne:

Applies one piece of middleware to the express app

const app = express();
applyOne(app, cors());

applyMany:

Applies an array of middleware to the express app

const app = express();
applyMany(app, [
  cors(),
  catch_errors()
]);

auth

Allows routes to be protected using:

passport.authenticate('google-one-tap')

and to sign in using the callback route /oauth2/callback

The auth middleware has the following options:

serializeFn: A function to serialize a user into the session
deserializeFn: A function to deserialize a user from the session
clientID: Your google client id
clientSecret: Your google client secret
verifyFn: A function to authenticate a user from a google profile

import express from 'express';
import { applyOne auth } from '@theriot.dev/middleware';

const app = express();
applyOne(app, auth({
  serializeFn: () => {...},
  deserializeFn: () => {...},
  clientID: '...',
  clientSecret: '...',
  verifyFn: () => {...}
}));

catch-errors

Allows errors to be captured and a default error response to be sent

The catch_errors middleware has the following options:

status: The status code to send (default is 500)
message: The message to send (default is Internal Server Error)

import express from 'express';
import { applyOne, catch_errors } from '@theriot.dev/middleware';

const app = express();
applyOne(app, catch_errors());

cors

A wrapper for the cors middleware, takes only a single parameter defining a list of regex defining allowed origins

import express from 'express';
import { applyOne, cors } from '@theriot.dev/middleware';

const app = express();
applyOne(app, cors([
  /localhost/,
  /https?:\/\/my.domain.com(:4200)?/
]));

csrf

A wrapper for the csurf middleware, takes a single parameter defining the route for the csrf cookie generator. This must be provided as /<your-route>:_form, where :_form is required verbatim

import express from 'express';
import { applyOne, csrf } from '@theriot.dev/middleware';

const app = express();

// $.get('/csrfForSubmit')
// $.post('...', {_csrf, _form: 'Submit'})
applyOne(app, csrf('/csrfFor:_form'));

rate-limit

A wrapper for the express-rate-limit middleware, takes two parameters for

limit: The amount of requests to allow (100 by default)
windowMs: The amount of time to create the window for, in milliseconds (1000 by default)

import express from 'express';
import { applyOne, rate_limit } from '@theriot.dev/middleware';

const app = express();
applyOne(app, rate_limit());

session

A wrapper for the express-session middleware, and has the following options

secret: The secret to encrypt the session
store: The store implementation to use instead of the default MemoryStore
secure: Whether the app is securing its cookies (https and httpOnly)

import express from 'express';
import { applyOne, session } from '@theriot.dev/middleware';

const app = express();
applyOne(app, session({
  secret: '...',
  store: new Store(...),
  secure: true
}));

middleware auth cors csrf session rate limit

cors csurf express-rate-limit express-session passport passport-google-one-tap

@everything-registry/sub-chunk-913 @zalastax/nolb-_ther

4 years ago

4 years ago

4 years ago

4 years ago