4.0.1 • Published 10 years ago

heroku-bouncer v4.0.1

Weekly downloads
2
License
MIT
Repository
github
Last release
10 years ago

node-heroku-bouncer Build Status

node-heroku-bouncer is an easy-to-use module for adding Heroku OAuth authentication to Express 4 apps.

Install

$ npm install heroku-bouncer --save

Requirements

  • Node 0.10.x
  • Express 4.x

Use

Ensure your app is using the cookie-parser and client-sessions middlewares. This module is not guaranteed to work with any other session middleware.

var express      = require('express');
var cookieParser = require('cookie-parser');
var sessions     = require('client-sessions');
var bouncer      = require('heroku-bouncer');
var app          = express();

app.use(cookieParser('your cookie secret'));

// NOTE: These options are good general options for use in a Heroku app, but
// carefully review your own environment's needs before just copying these.
app.use(sessions({
  cookieName    : 'session',
  secret        : 'your session secret',
  duration      : 24 * 60 * 60 * 1000,
  activeDuration: 1000 * 60 * 5,
  cookie        : {
    path     : '/',
    ephemeral: false,
    httpOnly : true,
    secure   : false
  }
}));

app.use(bouncer({
  oAuthClientID      : 'client-id',
  oAuthClientSecret  : 'client-secret',
  encryptionSecret   : 'abcd1234abcd1234'
}));

app.get('/', function(req, res) {
  res.end('You must be logged in.');
});

After requests pass through the bouncer middleware, they'll have the heroku-bouncer property on them:

{
  token: 'user-api-token',
  id   : 'user-id',
  name : 'user-name',
  email: 'user-email'
}

To log a user out, send them to /auth/heroku/logout.

Options

OptionsRequired?DefaultDescription
encryptionSecretYesn/aA random string used to encrypt your user session data
oAuthClientIDYesn/aThe ID of your Heroku OAuth client
oAuthClientSecretYesn/aThe secret of your Heroku OAuth client
herokuAPIHostNon/aAn optional override host to send Heroku API requests to
sessionSyncNonceNonullThe name of a nonce cookie to validate sessions against
ignoredRoutesNo[]An array of regular expressions to match routes to be ignored when there is no session active
oAuthServerURLNo"https://id.heroku.com"The location of the Heroku OAuth server
herokaiOnlyHandlerNonullA route handler that will be called on requests by non-Herokai

Test

$ npm test
4.0.1

10 years ago

4.0.0

10 years ago

3.1.2

10 years ago

3.1.1

10 years ago

3.1.0

10 years ago

3.0.0

10 years ago

2.1.0

10 years ago

2.0.1

11 years ago

2.0.0

11 years ago

1.1.2

11 years ago

1.1.1

11 years ago

1.1.0

11 years ago

1.0.0

11 years ago

0.1.0

11 years ago