passport-http-api-token-bearer

.gitignore

@@ -0,0 +1,11 @@
+build
+reports
+
+# Mac OS X
+.DS_Store
+
+# Node.js
+node_modules
+npm-debug.log
+
+.idea

.jshintrc

@@ -0,0 +1,20 @@
+{
+  "node": true,
+
+  "bitwise": true,
+  "camelcase": true,
+  "curly": true,
+  "forin": true,
+  "immed": true,
+  "latedef": true,
+  "newcap": true,
+  "noarg": true,
+  "noempty": true,
+  "nonew": true,
+  "quotmark": "single",
+  "undef": true,
+  "unused": true,
+  "trailing": true,
+
+  "laxcomma": true
+}

.npmignore

@@ -0,0 +1,19 @@
+README.md
+Makefile
+build/
+docs/
+examples/
+reports/
+support/
+test/
+
+# Mac OS X
+.DS_Store
+
+# Node.js
+.npmignore
+node_modules/
+npm-debug.log
+
+# Git
+.git*

LICENSE

@@ -0,0 +1,20 @@
+(The MIT License)
+
+Copyright (c) 2011-2013 Jared Hanson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,80 @@
+# passport-http-api-token-bearer
+
+
+HTTP Bearer authentication strategy for [Passport](http://passportjs.org/).
+
+This module lets you authenticate HTTP requests using bearer tokens in your Node.js
+applications.  Bearer tokens are typically used protect API endpoints, and are
+often issued using OAuth 2.0.  You have to pass token in req.header, req.body and req.query, (priority is as mentioned)
+
+By plugging into Passport, bearer token support can be easily and unobtrusively
+integrated into any application or framework that supports
+[Connect](http://www.senchalabs.org/connect/)-style middleware, including
+[Express](http://expressjs.com/).
+
+## Install
+
+    $ npm install passport-http-api-token-bearer
+
+## Usage
+
+#### Configure Strategy
+
+The HTTP Bearer authentication strategy authenticates users using a bearer
+token.  The strategy requires a `verify` callback, which accepts that
+credential and calls `done` providing a user.  Optional `info` can be passed,
+typically including associated scope or object.
+
+    This strategy will use default token name, which is `access_token`
+    passport.use(new BearerStrategy(
+      function(token, done) {
+        User.findOne({ token: token }, function (err, user) {
+          if (err) { return done(err); }
+          if (!user) { return done(null, false); }
+          return done(null, user, { scope: 'all' });
+        });
+      }
+    ));
+
+    OR
+
+    passport.use(new BearerStrategy({
+            access_token: 'x-access-token'      /// you can define custom access_token name here,
+        },
+      function(token, done) {
+        User.findOne({ token: token }, function (err, user) {
+          if (err) { return done(err); }
+          if (!user) { return done(null, false, {statusCode:404, error: true, message: "Not Found"}); }
+          return done(null, user, { scope: 'all' });
+        });
+      }
+    ));      
+
+#### Authenticate Requests
+
+Use `passport.authenticate()`, specifying the `'token-bearer'` strategy, to
+authenticate requests.  Requests containing bearer tokens do not require session
+support, so the `session` option can be set to `false`.
+
+For example, as route middleware in an [Express](http://expressjs.com/)
+application:
+
+    app.get('/profile', 
+      passport.authenticate('token-bearer', { session: false }),
+      function(req, res) {
+        res.json(req.user);
+      });
+
+      app.all('/api/*', function(req, res, next){
+          passport.authenticate('token-bearer', { session: false }, function(err, user, info) {
+            return res.status(info.statusCode).json({ error: info.error, message: info.message, result: info.result });
+          })(req, res);
+      });
+
+## Credits
+
+  - [Arsalan Bilal](http://github.com/mabc224)
+
+## License
+
+[The MIT License](http://opensource.org/licenses/MIT)

lib/index.js

@@ -0,0 +1,15 @@
+/**
+ * Module dependencies.
+ */
+var Strategy = require('./strategy');
+
+
+/**
+ * Expose `Strategy` directly from package.
+ */
+exports = module.exports = Strategy;
+
+/**
+ * Export constructors.
+ */
+exports.Strategy = Strategy;

lib/strategy.js

@@ -0,0 +1,140 @@
+/**
+ * Module dependencies.
+ */
+var passport = require('passport-strategy')
+  , util = require('util')
+  , lookup = require('./utils').lookup;
+
+
+/**
+ * Creates an instance of `Strategy`.
+ *
+ * The HTTP Bearer authentication strategy authenticates requests based on
+ * a bearer token contained in the `request` object, `access_token`
+ * body parameter, or `access_token` query parameter. or anyother, it is configurable
+ *
+ * Applications must supply a `verify` callback, for which the function
+ * signature is:
+ *
+ *     function(token, done) { ... }
+ *
+ * `token` is the bearer token provided as a credential.  The verify callback
+ * is responsible for finding the user who posesses the token, and invoking
+ * `done` with the following arguments:
+ *
+ *     done(err, user, info);
+ *
+ * If the token is not valid, `user` should be set to `false` to indicate an
+ * authentication failure.  Additional token `info` can optionally be passed as
+ * a third argument, which will be set by Passport at `req.authInfo`, where it
+ * can be used by later middleware for access control.  This is typically used
+ * to pass any scope associated with the token.
+ *
+ * Options:
+ *
+ *   - `scope`  list of scope values indicating the required scope of the access
+ *              token for accessing the requested resource
+ *
+ * Examples:
+ *
+ *     passport.use(new BearerStrategy(
+ *       function(token, done) {
+ *         User.findByToken({ token: token }, function (err, user) {
+ *           if (err) { return done(err); }
+ *           if (!user) { return done(null, false); }
+ *           return done(null, user, { scope: 'read' });
+ *         });
+ *       }
+ *     ));
+ *
+ * For further details on HTTP Bearer authentication, refer to [The OAuth 2.0 Authorization Protocol: Bearer Tokens](http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer)
+ *
+ * @constructor
+ * @param {Object} [options]
+ * @param {Function} verify
+ * @api public
+ */
+function Strategy(options, verify) {
+  if (typeof options == 'function') {
+    verify = options;
+    options = {};
+  }
+  if (!verify) { throw new TypeError('HTTPBearerStrategy requires a verify callback'); }
+
+  this._access_token = options.access_token || 'access_token';
+
+  passport.Strategy.call(this);
+  this.name = 'token-bearer';
+  this._verify = verify;
+  if (options.scope) {
+    this._scope = (Array.isArray(options.scope)) ? options.scope : [ options.scope ];
+  }
+  this._passReqToCallback = options.passReqToCallback;
+}
+
+/**
+ * Inherit from `passport.Strategy`.
+ */
+util.inherits(Strategy, passport.Strategy);
+
+/**
+ * Authenticate request based on the contents of a HTTP Bearer authorization
+ * header, body parameter, or query parameter.
+ *
+ * @param {Object} req
+ * @api protected
+ */
+Strategy.prototype.authenticate = function(req, options) {
+
+  options = options || {};
+
+  var self = this;
+
+  var token;
+
+  if (req.headers && req.headers[self._access_token]) {
+    token = req.headers[self._access_token];
+  } else {
+    var access_token = lookup(req.body, this._access_token) || lookup(req.query, this._access_token);
+    token = access_token;
+  }
+
+
+  if (!token) { return this.fail(this._challenge()); }
+
+  function verified(err, user, info) {
+    if (err) { return self.error(err); }
+    if (!user) { return self.fail(info); }
+    self.success(user, info);
+  }
+
+  try {
+    if (self._passReqToCallback) {
+      this._verify(req, token, verified);
+    } else {
+      this._verify(token, verified);
+    }
+  } catch (ex) {
+    return self.error(ex);
+  }
+
+};
+
+/**
+ * Build authentication challenge.
+ *
+ * @api private
+ */
+Strategy.prototype._challenge = function(code, desc, uri) {
+  var challenge = 'Tokin missing "' + this._access_token + '"';
+  if (this._scope) {
+    challenge += ', scope="' + this._scope.join(' ') + '"';
+  }
+  return challenge;
+};
+
+
+/**
+ * Expose `Strategy`.
+ */
+module.exports = Strategy;

lib/utils.js

@@ -0,0 +1,11 @@
+exports.lookup = function(obj, field) {
+  if (!obj) { return null; }
+  var chain = field.split(']').join('').split('[');
+  for (var i = 0, len = chain.length; i < len; i++) {
+    var prop = obj[chain[i]];
+    if (typeof(prop) === 'undefined') { return null; }
+    if (typeof(prop) !== 'object') { return prop; }
+    obj = prop;
+  }
+  return null;
+};

package.json

@@ -0,0 +1,41 @@
+{
+  "name": "passport-http-api-token-bearer",
+  "version": "1.0.1",
+  "description": "HTTP Bearer authentication strategy for Passport.",
+  "keywords": [
+    "passport",
+    "auth",
+    "authn",
+    "authentication",
+    "authz",
+    "authorization",
+    "http",
+    "bearer",
+    "token",
+    "oauth"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/mabc224/passport-http-api-token-bearer.git"
+  },
+  "bugs": {
+    "url": "http://github.com/mabc224/passport-http-api-token-bearer/issues"
+  },
+  "author": {
+    "name": "Arsalan",
+    "email": "[email protected]"
+  },
+  "licenses": [
+    {
+      "type": "MIT",
+      "url": "http://www.opensource.org/licenses/MIT"
+    }
+  ],
+  "main": "./lib",
+  "dependencies": {
+    "passport-strategy": "1.x.x"
+  },
+  "engines": {
+    "node": ">= 0.4.0"
+  }
+}