kjd-auth v1.0.12

This module provides authentication into an SSO service that is capable of providing the following endpoints (Endpoint location is configurable):

GET /validate: Validates a "session_key" header (exact name of header is configurable) or "x-api-key" header
and retunrs a JSON string of the authenticated user. The sso service validates HTTP basic auth which
cerifies the authenenticity of the X-Forwarded-For header containing the clients IP Address. This establishes
a trust between the calling microserice and the sso provider. 

GET /logout: Logs out the user

Install: npm install --save kjd-auth

Usage: const auth = require('kjd-auth'); let authClient = auth.AuthClient(config); //This must be a full config object.

//This enables authentication in the middleware app. This allows using
//req.user in routes to get the authenticated user. If no user is authenticated 
//then req.user will be null/undefined (falsey).
app.use(auth.ssoMiddlewareAuthentication);

//To require authentication on a route
app.get('/private', auth.authRequiredFailureRedirect, function(req, res){
	//req.user has an authenitcated user. If auth failed the user is redirected to the
	//signin page provided in the config.
	res.json(req.user);
});

app.get('/api/v1/private', auth.authRequiredFailure401, function(req, res){
	//req.user has an authenitcated user. If auth failed a 401 unauthroized
	//is returned. Use this when you don't want the caller to be redirect (api endpoints)
	res.json(req.user);
});

//Returns the current user. If not authenticated this route will return a 401
app.get('/me', auth.getCurrentUserRoute);

//Logout the current user from the SSO service by redirectly them to the SSO logout
//url provided in the config. First verify they are logged in since there is no 
//need to logout a user who is not logged in. Either way this has the same end result
//of returning the caller to the SSO login page.
app.get('/logout', auth.authRequiredFailureRedirect, auth.getCurrentUserRoute);

This module keeps a cache of valid session and API keys to increase performance. A single request can skip the cache by adding ?noCache=true to the URL or includig noCache=true in the request header. See the example configuration below: { //When set to false 401 (uathroized) will not be returned authenticationEnabled: true,

	//This is used when auth fails and the request should be redirected back to the origin hostname
	currentApplicationHostname: "someapp.example.com", 
	
	//The name of the session cookie that will be checked for authentication
	sessionCookieName: "my_session", 
	//Defines the name of the session key header name. Note x-api-key is used for API key since this is standard
	sessionKeyHeaderName: "my_session",
	//The domain the cookie is assinged to. The leading . is important here.
	cookieDomain: ".example.com",
	
	//Login Page URL - Full url (with protocol) for login
	loginPageUrl: "https://sso.example.com",
	
	//Validation URL - Full url (with protocl) used to validate authentication
	validationUrl: "https://sso.example.com/validate",
	
	//Microservice Basic Auth Username and Password - Used for basic auth to the validaton service.
	//Clients IP address added into the X-Forwaded-For header so the clients IP can be validated
	username: "user",
	password: "password",	
	
	//Logout URL - Full url (with protocl) for logout. There is a logout route below that redircts the user to this logout URL
	ssoLogoutUrl: "https://sso.example.com/logout",

	//Cache enabled - If this is set to false then no caching will occur. This is not recomened for performance reasons.
	//Single requests can skip the cache by adding no-cache in the header or in the url query. Example: example.com?nocache=true
	cacheEnabled: true,
	cacheTTLSec: 300
}

Without Comments in JSON:
{
	"authenticationEnabled": true,
	"currentApplicationHostname": "someapp.example.com",
	"sessionCookieName": "my_session",
	"sessionKeyHeaderName": "my_session",
	"cookieDomain": ".example.com",
	"loginPageUrl": "https://sso.example.com",
	"validationUrl": "https://sso.example.com/validate",
	"username": "user",
	"password": "password",
	"ssoLogoutUrl": "https://sso.example.com/logout",
	"cacheEnabled": true,
	"cacheTTLSec": 300
}