0.2.3 • Published 9 years ago

r-oauth2 v0.2.3

Weekly downloads
5
License
MIT
Repository
github
Last release
9 years ago

r-oauth2

OAuth2 in RethinkDB and 150 lines of code. For RethinkDBDash and Express.

By Chris Cates :star:

Intended to be used with Express. R-OAuth2 is a non prescriptive method for storing sessions with OAuth2 protocol. It automatically generates your OAuth2 database and tables.

Features

  • HMAC SHA3 Cryptography.
  • BCrypt
  • Non prescriptive method.
  • Simple functions to restrict and authenticate endpoints.
  • 5 minute configuration and setup.

Installation

npm install r-oauth2 --save

Configuration and Example

The example below should walk you through how to create your own OAuth2 server.

If using bcrypt

  • When you go to the generateClient() endpoint. You have to supply a clientId clientSecret and grantType.
  • When you go to the generateToken() endpoint. You have to supply the original unencrypted clientSecret.
var r = require('rethinkdbdash')();
//Create database
require('rethink-config')({
  "r": r,
  "database": "oauth",
  "tables": ["users", "token"]
})
//Dependencies
var express = require('express');
var bodyParser = require('body-parser');
var oauth2 = require('../index');
// in real world you would do `var oauth2 = require('r-oauth2')`

//Initialize oauth2 module
oauth2.init({
  'r': r
});
/*
Alternatively you can supply a configuration object.
var config = {
  r: RethinkDBDash initialized object
  db: Desired database,
  oauthTable: Where OAuth clients are stored,
  tokenTable: Where Tokens are stored,
  expiry: Set how long until a token expires,
  bcrypt: Set bcrypt to be enabled true or false.
}
oauth2.init(config);
*/

app = express();
//Enable JSON to be parsed and passed in request.
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
    extended: true
}));

//Enable CORS - Note you need to add `Authorization` in the headers.
app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, authorization");
  res.header('Access-Control-Allow-Methods', 'POST, PATCH, GET, PUT, DELETE, OPTIONS');
  next();
});
/*
Generate a Client ID and Client Secret
All that's required in the body is `grantType`.
*/
app.post('/client', oauth2.generateClient());
/*
Generate an access token and refresh token
All that's required in is the client object supplied by `/client`
*/
app.post('/oauth', oauth2.generateToken());
/*
Generate a new token exchanging the old one
All that's required is the `refreshToken parameter`
*/
app.post('/refresh', oauth2.refreshToken());
/*
To access a restricted area you must put in your header `Authorization: Bearer [Access Token]`
*/
app.get('/restricted', oauth2.authenticate(), function(req,res,next) {
  res.send('Restricted area accessed.');
})

app.get('/', function(req,res,next) {
  res.send('Open area.');
})

app.listen(9001);
console.log("Demo server running on port 9001")

Demo

  • Demo can be found in /demo in this github repo.
  • You can run :coffee: the mocha test by running.
  1. npm install in the /demo directory.
  2. sudo npm install mocha -g in the demo directory.
  3. npm start in the demo directory.
  4. In a new tab: npm test in the demo directory.

Note that you can alternatively run the server then use the postman collection to test the demo.

By Chris Cates

-- Thanks for checking out this npm module. Any questions, email me at :mailbox: chris@pilotinteractive.ca

ChrisCatesRethinkDBOAuthOAuth2
asyncbcryptcrypto-jsrethinkdbdash
@infinitebrahmanuniverse/nolb-r-@everything-registry/sub-chunk-2519
0.2.3

9 years ago

0.2.2

10 years ago

0.2.1

10 years ago

0.2.0

10 years ago

0.1.7

10 years ago

0.1.5

10 years ago

0.1.4

10 years ago

0.1.2

10 years ago

0.1.1

10 years ago

0.1.0

10 years ago