Skip to content
This repository has been archived by the owner on Apr 5, 2024. It is now read-only.

Commit

Permalink
Merge pull request #275 from mozilla/issue272
Browse files Browse the repository at this point in the history
remove Hapi plugin
  • Loading branch information
djmitche authored Oct 23, 2020
2 parents 764c97e + 86d68ec commit 58ba9c8
Show file tree
Hide file tree
Showing 5 changed files with 1 addition and 1,174 deletions.
144 changes: 0 additions & 144 deletions API.md
Original file line number Diff line number Diff line change
Expand Up @@ -329,150 +329,6 @@ Hawk client from authenticating the requests.You can read more about the why and
[article](http://www.html5rocks.com/en/tutorials/cors/#toc-adding-cors-support-to-the-server)


## hapi Plugin

**hawk** includes an authentication plugin for **hapi** which registers two authentication schemes.

### hawk Strategy

The scheme supports payload authentication. The scheme requires the following options:

- `getCredentialsFunc` - credential lookup function with the signature `[async] function(id)` where:
- `id` - the Hawk credentials identifier.
- _throws_ an internal error.
- _returns_ `{ credentials }` object where:
- `credentials` a credentials object passed back to the application in `request.auth.credentials`. Set to be `null` or `undefined` to
indicate unknown credentials (which is not considered an error state).
- `hawk` - optional protocol options passed to `Hawk.server.authenticate()`.

```js
const Hapi = require('@hapi/hapi');
const Hawk = require('@hapi/hawk');

const credentials = {
d74s3nz2873n: {
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
algorithm: 'sha256'
}
};

const getCredentialsFunc = function (id) {

return credentials[id];
};

const start = async () => {

const server = Hapi.server({ port: 4000 });

await server.register(Hawk);

server.auth.strategy('default', 'hawk', { getCredentialsFunc });
server.auth.default('default');

server.route({
method: 'GET',
path: '/',
handler: function (request, h) {

return 'welcome';
}
});

await server.start();

console.log('Server started listening on %s', server.info.uri);
};

start();

// Ensure process exits on unhandled rejection

process.on('unhandledRejection', (err) => {

throw err;
});

```

### bewit Strategy

The scheme can only be used with 'GET' requests and requires the following options:

- `getCredentialsFunc` - credential lookup function with the signature `async function(id)` where:
- `id` - the Hawk credentials identifier.
- _throws_ an internal error.
- _returns_ `{ credentials }` object where:
- `credentials` a credentials object passed back to the application in `request.auth.credentials`. Set to be `null` or `undefined` to
indicate unknown credentials (which is not considered an error state).
- `hawk` - optional protocol options passed to `Hawk.server.authenticateBewit()`.

```js
const Hapi = require('@hapi/hapi');
const Hawk = require('@hapi/hawk');

const credentials = {
d74s3nz2873n: {
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
algorithm: 'sha256'
}
};

const getCredentialsFunc = function (id) {

return credentials[id];
};

const start = async () => {

const server = Hapi.server({ port: 4000 });

await server.register(Hawk);

server.auth.strategy('default', 'bewit', { getCredentialsFunc });
server.auth.default('default');

server.route({
method: 'GET',
path: '/',
handler: function (request, h) {

return 'welcome';
}
});

await server.start();

console.log('Server started listening on %s', server.info.uri);
};

start();

// Ensure process exits on unhandled rejection

process.on('unhandledRejection', (err) => {

throw err;
});
```

To send an authenticated Bewit request, the URI must contain the `'bewit'` query parameter which can be generated using the Hawk module:

```js
const Hawk = require('@hapi/hawk');

const credentials = {
id: 'd74s3nz2873n',
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
algorithm: 'sha256'
};

let uri = 'http://example.com:8080/endpoint';
const bewit = Hawk.client.getBewit(uri, { credentials: credentials, ttlSec: 60 });
uri += '?bewit=' + bewit;
```


# Single URI Authorization

There are cases in which limited and short-term access to a protected resource is granted to a third party which does not
Expand Down
2 changes: 0 additions & 2 deletions lib/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ exports.crypto = require('./crypto');

exports.utils = require('./utils');

exports.plugin = require('./plugin');

exports.uri = {
authenticate: exports.server.authenticateBewit,
getBewit: exports.client.getBewit
Expand Down
134 changes: 0 additions & 134 deletions lib/plugin.js

This file was deleted.

3 changes: 1 addition & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,14 @@
"hawk"
],
"dependencies": {
"@hapi/hoek": "9.x.x",
"@hapi/b64": "5.x.x",
"@hapi/boom": "9.x.x",
"@hapi/cryptiles": "5.x.x",
"@hapi/hoek": "9.x.x",
"@hapi/sntp": "4.x.x"
},
"devDependencies": {
"@hapi/code": "8.x.x",
"@hapi/hapi": "19.x.x",
"@hapi/lab": "22.x.x"
},
"scripts": {
Expand Down
Loading

0 comments on commit 58ba9c8

Please sign in to comment.