Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/spoonx/stix-security

A security module for stix using stix-gates. Provides gates for authentication methods.
https://github.com/spoonx/stix-security

Last synced: about 2 months ago
JSON representation

A security module for stix using stix-gates. Provides gates for authentication methods.

Host: GitHub
URL: https://github.com/spoonx/stix-security
Owner: SpoonX
License: mit
Created: 2019-01-31T20:31:15.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2022-12-22T09:54:01.000Z (about 2 years ago)
Last Synced: 2024-11-10T04:27:12.404Z (2 months ago)
Language: TypeScript
Size: 199 KB
Stars: 1
Watchers: 3
Forks: 1
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Stix-security

> This module currently only offers a bearer authentication gate.

[![Slack Status](https://spoonx-slack.herokuapp.com/badge.svg)](https://spoonx-slack.herokuapp.com)

A [stix](https://github.com/SpoonX/stix) module that provides gates for default authentication/security methods.

## Installation

1. `yarn add stix-security`

2. Add to your `config/modules.ts`.

	```ts

   	import { Security } from 'stix-security';

	export const modules = [

	  /* ... */

     Security,

   ];

	```

3. ~~Storm~~ Use the gates.

## Usage

Simply import the desired gate and add it in your config. See the examples below. More info on gates can be found [in the docs](https://stixjs.io/docs/modules/stix-gates/gates-usage).

## Available gates

Each gate implements support for a specific authentication method.

### BearerGate

The BearerGate is for basic header auth using a Bearer.

```

Authorization: Bearer some.jwt.here

```

This gate:

- Verifies that the header exists

- Verifies the header is properly formatted

- Verifies that the token is valid

If these checks fail the request will be denied (unauthorized).

The payload and token will be set on and accessible from:

- `ctx.state.authorization`.

### Configuration

The only required configuration value for this gate is `secret` used to validate the JWT.

```ts

import { SecurityConfig } from 'stix-security';

export const security: SecurityConfig = {

  schemes: {

    bearer: {

      options: {

        secret: 'A SECRET HERE',

      },

    },

  },

};

```

### Example

```ts

import { GateManagerConfigType } from 'stix-gates';

import { BearerGate } from 'stix-security';

export const gate: GateManagerConfigType = {

  rules: new Map([

    [ SomeController, { someAction: BearerGate } ],

  ]),

};

```

## Todo

The following gates still have to be built.

- basic

- apiKey

- openIdConnect

- oauth2

## License

MIT