2.1.5 • Published 8 years ago
prototype-auth-service v2.1.5
Prototype - Authentication service
Authentication REST API service that uses redis for a token whitelist.
Setup
Dependencies
- Docker
- Node v4.2.2
Install
Clone the repository
$ git clone https://github.com/logikaljay/prototype-auth-service Cloning into 'prototype-auth-service'... remote: Counting objects: 145, done. remote: Compressing objects: 100% (83/83), done. remote: Total 145 (delta 34), reused 0 (delta 0), pack-reused 62 Receiving objects: 100% (145/145), 22.83 KiB | 0 bytes/s, done. Resolving deltas: 100% (52/52), done. Checking connectivity... done.
Change directory into the cloned repository
$ cd prototype-auth-service
Install node dependencies
$ npm install
Start redis docker container
$ ./scripts/start-redis.sh Unable to find image 'redis:latest' locally latest: Pulling from library/redis c950d63587be: Pull complete ... 983055d62ddd: Pull complete Digest: sha256:4db2d14088d8bf21d9541010fdbca78697bd9dd51010728f50ee8f7893321367 Status: Downloaded newer image for redis:latest d9e1de4982ddea060c06df6d30b68671dc1370d9ca2ada46b20b8beddc02031f
Run tests
$ npm test > prototype-auth-service@0.0.0-semantic-release test /home/user/prototype-auth-service > lab Hapi listening on http://127.0.0.1:8080 ...... 6 tests complete Test duration: 72 ms No global variable leaks detected
Start service
$ npm start > prototype-auth-service@0.0.0-semantic-release start /home/user/prototype-auth-service > node index Hapi listening on http://127.0.0.1:8080
Endpoints
- GET / - return list of active tokens
- POST / - log in
- DELETE / - log out
Usage
Get a token
$ curl -X "POST" http://localhost:8080/ -H "Content-Type: application/json" -d '{"userName": "some.fake@user.co", "password": "password1" }'
Output
{
"userId":"fs8sy22i9",
"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiZThiZDI1NDUzNTUxNDk4MDhmMTkwZDNkMGM4MDlhMGMiLCJpYXQiOjE0NTEyNzQ1Mjd9.KqqSB3cCwpeYae3DgmLlvgcw0ZIMMID962HVfTaFRuE"
}
List all tokens
$ curl -X "GET" http://localhost:8080/ -H "Content-Type: application/json" -H "Authorization: Bearer TOKEN"
Output
[
{
"sessionId":"378424be897e4903b69842eb6f9429b2",
"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiMzc4NDI0YmU4OTdlNDkwM2I2OTg0MmViNmY5NDI5YjIiLCJpYXQiOjE0NTEyNzQ5MDV9.OdeQAqxfYtjUE9IO5wfAosaaoRkMvpCBV72C81mhzRw"
},
{
"sessionId":"37fb84e8525c40fdb5a682bc9ef09ed7",
"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiMzdmYjg0ZTg1MjVjNDBmZGI1YTY4MmJjOWVmMDllZDciLCJpYXQiOjE0NTEyNzQ5MDF9.f_9jWUyLya2cFW6mMWo1f27vzBAdiYvvpfl0S7zKWV8"
},
{
"sessionId":"e8bd2545355149808f190d3d0c809a0c",
"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiZThiZDI1NDUzNTUxNDk4MDhmMTkwZDNkMGM4MDlhMGMiLCJpYXQiOjE0NTEyNzQ1Mjd9.KqqSB3cCwpeYae3DgmLlvgcw0ZIMMID962HVfTaFRuE"
}
]
Delete/revoke a token
$ curl -X "DELETE" http://localhost:8080/ -H "Content-Type: application/json" -H "Authorization: Bearer TOKEN"
Output
{
"status":"Token removed"
}
Validate a token
$ curl -X "POST" http://localhost:8080/validate -H "Content-Type: application/json" -d '{ "userid": "63c233d2", "token": "TOKEN" }'
Output
{
"status":"Valid token"
}
Validate a token (Less secure, but much faster)
$ curl -X "DELETE" http://localhost:8080/secure -H "Content-Type: application/json" -H "Authorization: Bearer TOKEN"
Output
{
"status": "Valid token"
}
Benchmarks
Benchmark run on a Late 2013 Macbook Pro 2.3ghz i7 with 16gb of RAM
$ cd scripts $ ./ab-session.sh 10000 -c 130
Output
Server Software: Server Hostname: 127.0.0.1 Server Port: 8080 Document Path: / Document Length: 270 bytes Concurrency Level: 130 Time taken for tests: 9.288 seconds Complete requests: 10000 Failed requests: 0 Total transferred: 4380000 bytes Total body sent: 1960000 HTML transferred: 2700000 bytes Requests per second: 1076.70 [#/sec] (mean) Time per request: 120.739 [ms] (mean) Time per request: 0.929 [ms] (mean, across all concurrent requests) Transfer rate: 460.54 [Kbytes/sec] received 206.09 kb/s sent 666.63 kb/s total
Benchmark run on a AMD Phenom 965 3.4ghz with 32gb of RAM
$ cd scripts $ ./ab-session.sh 10000 -c 650
Output
Server Software: Server Hostname: 127.0.0.1 Server Port: 8080 Document Path: / Document Length: 270 bytes Concurrency Level: 650 Time taken for tests: 17.089 seconds Complete requests: 10000 Failed requests: 0 Total transferred: 4380000 bytes Total body sent: 1960000 HTML transferred: 2700000 bytes Requests per second: 585.17 [#/sec] (mean) Time per request: 1110.792 [ms] (mean) Time per request: 1.709 [ms] (mean, across all concurrent requests) Transfer rate: 250.30 [Kbytes/sec] received 112.00 kb/s sent 362.30 kb/s total
TODO
- Integrate with data layer to persist tokens
- Check data layer when token does not exist in whitelist
- Revoke all tokens