🏄

Author: j

.gitignore

@@ -0,0 +1,2 @@
+node_modules/
+reports/

.travis.yml

@@ -0,0 +1,4 @@
+language: node_js
+
+node_js:
+  - 0.10

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2014 Jordan Stout
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

Makefile

@@ -0,0 +1,27 @@
+REPORTER = dot
+MOCHA = ./node_modules/.bin/mocha
+_MOCHA = ./node_modules/.bin/_mocha
+ISTANBUL = ./node_modules/.bin/istanbul
+TESTS = test/**/*.test.js
+
+test:
+	@NODE_ENV=test $(MOCHA) \
+		--ui exports \
+		--reporter $(REPORTER) \
+		--async-only \
+		$(TESTS)
+
+test-w:
+	@NODE_ENV=test $(MOCHA) \
+		--ui exports \
+		--reporter $(REPORTER) \
+		--async-only \
+		--growl \
+		--watch \
+        $(TESTS)
+
+coverage:
+	@test -d reports || mkdir reports
+	$(ISTANBUL) cover --report html --dir ./reports $(_MOCHA) -- -A -u exports -R spec $(TESTS)
+
+.PHONY: test test-w

README.md

@@ -0,0 +1,54 @@
+### hapi-auth-bearer
+
+[![Build Status](https://travis-ci.org/j/hapi-auth-bearer.png?branch=master)](https://travis-ci.org/j/hapi-auth-bearer)
+
+#### Bearer authentication
+
+This scheme requires the following options:
+
+- `validateFunc` - Function with signature `function(secretOrToken, callback)` where:
+    - `secretOrToken` - the `secret` if option `base64: true` is set, otherwise the raw token value is passed in.
+    - `callback` - the callback function with signature `function(err, credentials)` where:
+        - `err` - an internal error.
+        - `credentials` - a credentials object that gets passed back to the application in `request.auth.credentials`.
+          Return `null` or `undefined` to when the credentials are unknown (and not an error).  Also, credentials
+          object MUST contain a key `token` when using `base64: true` option so that we can validate the header
+          token from the token stored in the database. (This makes it so that you only need to index `secret` instead
+          of both `secret` and `token` for smaller storage.  Just simply do a find on secret, and pass back the token
+          value.
+
+- `base64` - Boolean value (defaults to `false` aka just accepts a raw token value).  This gives you the ability to pass
+ back a base64 encoded authorization header: base64(SECRET:TOKEN)
+    - i.e.) Bearer NTJlYjRmZmRmM2M3MjNmZjA1MTEwYmYxOjk5ZWQyZjdmMWRiNjBiZDBlNGY1ZjQ4ZjRhMWVhNWVjMmE4NzU2ZmU=
+
+
+```javascript
+var Hapi = require('hapi');
+var server = new Hapi.Server();
+
+var credentials = {
+  // without base64
+  someSuperSecureToken: {
+    user: { /** ... */ }
+  },
+  // for base64
+  shhImASecret: {
+    token: 'someSuperSecureToken',
+    user: { /** ... */ }
+  }
+};
+
+var validateFunc = function (id, callback) {
+  return callback(null, credentials[id]);
+};
+
+server.pack.require('hapi-auth-bearer', function (err) {
+  server.auth.strategy('bearer', 'bearer', { validateFunc: validateFunc });
+
+  server.auth.strategy('bearer-base64', 'bearer', {
+    base64: true,
+    validateFunc: validateFunc
+  });
+});
+
+```

index.js

@@ -0,0 +1 @@
+module.exports = require('./lib');

lib/index.js

@@ -0,0 +1,78 @@
+var boom = require('boom');
+var hoek = require('hoek');
+
+/**
+ * Simple Bearer auth token strategy.
+ *
+ * If `options.base64` is set to `true`, then it expects a base64 encoded value of SECRET:TOKEN, otherwise
+ * it expects the Bearer value to just be the token.
+ *    i.e.) Bearer NTJlYjRmZmRmM2M3MjNmZjA1MTEwYmYxOjk5ZWQyZjdmMWRiNjBiZDBlNGY1ZjQ4ZjRhMWVhNWVjMmE4NzU2ZmU=
+ *
+ *
+ * @param server
+ * @param {Object} options
+ *
+ * @returns {{authenticate: Function}}
+ */
+var bearerScheme = function bearerScheme(server, options) {
+  hoek.assert(options && 'object' === typeof options, 'Missing Bearer auth strategy options');
+
+  hoek.assert(
+    options && 'function' === typeof options.validateFunc,
+    'options.validateFunc must be a valid function in Bearer scheme'
+  );
+
+  options.base64 = options.base64 || false;
+
+  return {
+    authenticate: function (request, reply) {
+      var req = request.raw.req;
+      var authorization = req.headers.authorization;
+
+      if (!authorization) {
+        return reply(boom.unauthorized(null, 'Bearer'));
+      }
+
+      var parts = authorization.split(/\s+/);
+
+      if (parts.length !== 2) {
+        return reply(boom.badRequest('Bad HTTP authentication header format'));
+      }
+
+      if (parts[0] && parts[0].toLowerCase() !== 'bearer') {
+        return reply(boom.unauthorized(null, 'Bearer'));
+      }
+
+      var createCallback = function(secret, token) {
+        return function (err, credentials) {
+          if (err) {
+            return reply(err, { credentials: credentials, log: { tags: ['auth', 'bearer-auth'], data: err } });
+          }
+
+          if (!credentials || (token && (!credentials.token || credentials.token !== token))) {
+            return reply(boom.unauthorized('Invalid token', 'Bearer'), { credentials: credentials });
+          }
+
+          return reply(null, { credentials: credentials });
+        }
+      };
+
+      if (options.base64) {
+        var tokenParts = new Buffer(parts[1] || '', 'base64').toString('utf8').split(':');
+        if (tokenParts.length !== 2) {
+          return reply(boom.badRequest('Bad HTTP authentication token value format'));
+        }
+
+        return options.validateFunc(tokenParts[0], createCallback(tokenParts[0], tokenParts[1]));
+      } else {
+        return options.validateFunc(parts[1], createCallback(null, parts[1]));
+      }
+    }
+  };
+};
+
+
+exports.register = function (plugin, options, next) {
+  plugin.auth.scheme('bearer', bearerScheme);
+  next();
+};