2.1.5 • Published 9 years ago

prototype-auth-service v2.1.5

Weekly downloads
19
License
ISC
Repository
github
Last release
9 years ago

Prototype - Authentication service

CircleCI Status

Authentication REST API service that uses redis for a token whitelist.

  1. Setup
    1. Dependencies
    2. Install
  2. Endpoints
  3. Usage
    1. Get a token
    2. List all tokens
    3. Delete a token
    4. Validate a token
    5. Validate a token (less secure but much faster)
  4. Benchmarks
  5. Todo

Setup

Dependencies

  1. Docker
  2. Node v4.2.2

Install

  1. Clone the repository

    $ git clone https://github.com/logikaljay/prototype-auth-service
    Cloning into 'prototype-auth-service'...
    remote: Counting objects: 145, done.
    remote: Compressing objects: 100% (83/83), done.
    remote: Total 145 (delta 34), reused 0 (delta 0), pack-reused 62
    Receiving objects: 100% (145/145), 22.83 KiB | 0 bytes/s, done.
    Resolving deltas: 100% (52/52), done.
    Checking connectivity... done.
  2. Change directory into the cloned repository

    $ cd prototype-auth-service
  3. Install node dependencies

    $ npm install
  4. Start redis docker container

    $ ./scripts/start-redis.sh 
    Unable to find image 'redis:latest' locally
    latest: Pulling from library/redis
    c950d63587be: Pull complete 
    ...
    983055d62ddd: Pull complete 
    Digest: sha256:4db2d14088d8bf21d9541010fdbca78697bd9dd51010728f50ee8f7893321367
    Status: Downloaded newer image for redis:latest
    d9e1de4982ddea060c06df6d30b68671dc1370d9ca2ada46b20b8beddc02031f
  5. Run tests

    $ npm test
    
    > prototype-auth-service@0.0.0-semantic-release test /home/user/prototype-auth-service
    > lab
    
    Hapi listening on http://127.0.0.1:8080
    
    ......
    
    6 tests complete
    Test duration: 72 ms
    No global variable leaks detected
  6. Start service

    $ npm start
    
    > prototype-auth-service@0.0.0-semantic-release start /home/user/prototype-auth-service
    > node index
    
    Hapi listening on http://127.0.0.1:8080

Endpoints

  • GET / - return list of active tokens
  • POST / - log in
  • DELETE / - log out

Usage

Get a token

$ curl -X "POST" http://localhost:8080/ -H "Content-Type: application/json" -d '{"userName": "some.fake@user.co", "password": "password1" }'

Output

{
    "userId":"fs8sy22i9",
    "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiZThiZDI1NDUzNTUxNDk4MDhmMTkwZDNkMGM4MDlhMGMiLCJpYXQiOjE0NTEyNzQ1Mjd9.KqqSB3cCwpeYae3DgmLlvgcw0ZIMMID962HVfTaFRuE"
}

List all tokens

$ curl -X "GET" http://localhost:8080/ -H "Content-Type: application/json" -H "Authorization: Bearer TOKEN"

Output

[
    {
        "sessionId":"378424be897e4903b69842eb6f9429b2",
        "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiMzc4NDI0YmU4OTdlNDkwM2I2OTg0MmViNmY5NDI5YjIiLCJpYXQiOjE0NTEyNzQ5MDV9.OdeQAqxfYtjUE9IO5wfAosaaoRkMvpCBV72C81mhzRw"
    },
    {
        "sessionId":"37fb84e8525c40fdb5a682bc9ef09ed7",
        "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiMzdmYjg0ZTg1MjVjNDBmZGI1YTY4MmJjOWVmMDllZDciLCJpYXQiOjE0NTEyNzQ5MDF9.f_9jWUyLya2cFW6mMWo1f27vzBAdiYvvpfl0S7zKWV8"
    },
    {
        "sessionId":"e8bd2545355149808f190d3d0c809a0c",
        "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InNvbWUuZmFrZUB1c2VyLmNvIiwidXNlcklkIjoiZnM4c3kyMmk5Iiwic2Vzc2lvbklkIjoiZThiZDI1NDUzNTUxNDk4MDhmMTkwZDNkMGM4MDlhMGMiLCJpYXQiOjE0NTEyNzQ1Mjd9.KqqSB3cCwpeYae3DgmLlvgcw0ZIMMID962HVfTaFRuE"
    }
]

Delete/revoke a token

$ curl -X "DELETE" http://localhost:8080/ -H "Content-Type: application/json" -H "Authorization: Bearer TOKEN"

Output

{
    "status":"Token removed"
}

Validate a token

$ curl -X "POST" http://localhost:8080/validate -H "Content-Type: application/json" -d '{ "userid": "63c233d2", "token": "TOKEN" }'

Output

{
    "status":"Valid token"
}

Validate a token (Less secure, but much faster)

$ curl -X "DELETE" http://localhost:8080/secure -H "Content-Type: application/json" -H "Authorization: Bearer TOKEN"

Output

{
    "status": "Valid token"
}

Benchmarks

  1. Benchmark run on a Late 2013 Macbook Pro 2.3ghz i7 with 16gb of RAM

    $ cd scripts 
    $ ./ab-session.sh 10000 -c 130

    Output

    Server Software:        
    Server Hostname:        127.0.0.1
    Server Port:            8080
    
    Document Path:          /
    Document Length:        270 bytes
    
    Concurrency Level:      130
    Time taken for tests:   9.288 seconds
    Complete requests:      10000
    Failed requests:        0
    Total transferred:      4380000 bytes
    Total body sent:        1960000
    HTML transferred:       2700000 bytes
    Requests per second:    1076.70 [#/sec] (mean)
    Time per request:       120.739 [ms] (mean)
    Time per request:       0.929 [ms] (mean, across all concurrent requests)
    Transfer rate:          460.54 [Kbytes/sec] received
                            206.09 kb/s sent
                            666.63 kb/s total
  2. Benchmark run on a AMD Phenom 965 3.4ghz with 32gb of RAM

    $ cd scripts
    $ ./ab-session.sh 10000 -c 650

    Output

    Server Software:        
    Server Hostname:        127.0.0.1
    Server Port:            8080
    
    Document Path:          /
    Document Length:        270 bytes
    
    Concurrency Level:      650
    Time taken for tests:   17.089 seconds
    Complete requests:      10000
    Failed requests:        0
    Total transferred:      4380000 bytes
    Total body sent:        1960000
    HTML transferred:       2700000 bytes
    Requests per second:    585.17 [#/sec] (mean)
    Time per request:       1110.792 [ms] (mean)
    Time per request:       1.709 [ms] (mean, across all concurrent requests)
    Transfer rate:          250.30 [Kbytes/sec] received
                            112.00 kb/s sent
                            362.30 kb/s total

TODO

  1. Integrate with data layer to persist tokens
  2. Check data layer when token does not exist in whitelist
  3. Revoke all tokens
2.1.5

9 years ago

2.1.4

9 years ago

2.1.3

9 years ago

2.1.2

9 years ago

2.1.1

9 years ago

2.1.0

9 years ago

2.0.0

9 years ago

1.3.0

10 years ago

1.2.5

10 years ago

1.2.4

10 years ago

1.2.3

10 years ago

1.2.2

10 years ago

1.2.1

10 years ago

1.2.0

10 years ago

1.1.0

10 years ago

1.0.0

10 years ago