search

johnbrett / Getting-Started-with-hapi.js

Code examples for the book: Getting Started with hapi.js
https://gettingstartedwithhapijs.com
27 stars 16 forks source link

hapi-auth-bearer-token example #8

Closed pabl-o-ce closed 8 years ago

pabl-o-ce commented 8 years ago

Hi John, I was looking at your plugin of hapi-auth-bearer-token and I have some questions to understand (I'm new in hapi.js). I'm making a RESTful service.

I register the app in a file auth.js

  1. In the validateFunc function I have to make a match of the token if the user send me the same token I have in the DB of that specific user? if I don't want to save the token at the DB what approach should you recommend (In other project I use .NET and they save the token a in server memory for a set time)
  2. How generate the token (with jsonwebtoken)
  3. need some lightning if you can help me with a example

/*jshint esversion: 6 */

const PromiseBlueBird = require('bluebird');
const AuthBearer = require('hapi-auth-bearer-token');

const db = require('../models');

exports.register = (server, options, next) => {
  server.register(AuthBearer, registerAuth);

  function registerAuth (err) {
    if (err) { return next(err); }

    server.auth.strategy('simple', 'bearer-access-token', {
      allowQueryToken: true,
      allowMultipleHeaders: false,
      accessTokenName: 'access_token',
      validateFunc: validate
    });
    // if I want to make all routes auth
    //server.auth.default('simple');

    return next();
  }

  function validate (token, callback) {
    const User = db.User;
    return new Promise((resolve) => {
      User.findAsync({token: token})
      .then((user) => {
        if (!user) {
          return callback(null, false);
        }

        return callback(null, true);
      });
    });
  }
};

exports.register.attributes = {
  name: 'cye-auth-bearer-token',
  version: '1.0.0'
};
johnbrett commented 8 years ago

Hi @pablocarreraest, sorry for the late reply, I was on holidays for a couple of weeks.

Answers: 1: You could use server cache to store tokens in server memory.

2: What library do you plan to use to create a jsonwebtoken, I can show you then?

3: Example: Just modify the validate function to use server cache instead of DB:

function validate (token, callback) {

   // this would have been created when creating your server with: 
   // server.app.userCache = server.cache({ segment: 'userCache', expiresIn: 60 * 60 * 1000 });
   server.app.userCache.get(token, (err, value, cached, log) => {
       if (err || !value) {
           return callback(null, false);
       }

       return callback(null, true, value);
   })
}
pabl-o-ce commented 8 years ago

great example thanks @johnbrett

johnbrett commented 8 years ago

no problem @pablocarreraest.

IshanBhuta commented 7 years ago

@johnbrett Hi I need your little help that, How can I send access token from postman

johnbrett commented 7 years ago

The easiest is probably append it to the url like ?access_token=123.

Make sure to enable query params tokens when registering the auth strategy!

On Sat, 17 Jun 2017, 22:36 Ishan, notifications@github.com wrote:

@johnbrett https://github.com/johnbrett Hi I need your little help that, How can I send access token from postman

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/johnbrett/Getting-Started-with-hapi.js/issues/8#issuecomment-309238719, or mute the thread https://github.com/notifications/unsubscribe-auth/AD1HQ_SyZMUaJHPDKlzcKj1CAeZaXlBeks5sFDjJgaJpZM4I2lao .

-- John Brett

Stay in touch: @johnbrett <https://twitter.com/johnbrett> | linkedin.com/in/johnbrett1

IshanBhuta commented 7 years ago

@johnbrett It works for me. I also got the way with headers Params in this Both works for me now Thank so much.

ankitlp commented 7 years ago

@johnbrett i am using auth token in REST Api where their is a bug that if the user tries to logIn from 2 different devices at the same time fully synchronised the user get logged in both the device. This is most probably due to the time parameter it uses to create the token. So i was wondering how can i give this time as milliseconds to make it unique.

johnbrett commented 7 years ago

I'm not sure I follow the issue @ankitlp...is the issue with the hapi-auth-bearer-token library? That library doesn't create auth tokens for you, that is something you are doing yourself. You'll have to elaborate more on how your tokens are created before I can help.