Skip to content
This repository has been archived by the owner on Apr 16, 2019. It is now read-only.

Commit

Permalink
Full API doc
Browse files Browse the repository at this point in the history
  • Loading branch information
@hueniverse
hueniverse committed Sep 19, 2015
1 parent cba904f commit 49d2f43
Show file tree
Hide file tree
Showing 7 changed files with 317 additions and 215 deletions.
376 changes: 238 additions & 138 deletions README.md
View file

Large diffs are not rendered by default.

15 changes: 5 additions & 10 deletions lib/endpoints.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ exports.app = function (req, payload, options, callback) {

// Issue application ticket

Ticket.issue(credentials, options.encryptionPassword, options.ticket || {}, callback);
Ticket.issue(credentials, null, options.encryptionPassword, options.ticket || {}, callback);
});
};

Expand Down Expand Up @@ -115,10 +115,6 @@ exports.reissue = function (req, payload, options, callback) {

var ticketOptions = Hoek.shallow(options.ticket || {});

if (grant) {
ticketOptions.grant = grant;
}

if (ext) {
ticketOptions.ext = ext;
}
Expand All @@ -131,7 +127,7 @@ exports.reissue = function (req, payload, options, callback) {
ticketOptions.scope = payload.scope;
}

Ticket.reissue(ticket, options.encryptionPassword, ticketOptions, callback);
Ticket.reissue(ticket, grant, options.encryptionPassword, ticketOptions, callback);
};

validate();
Expand Down Expand Up @@ -195,14 +191,13 @@ exports.rsvp = function (req, payload, options, callback) {
return callback(Boom.forbidden('Invalid application'));
}

var ticketOptions = Hoek.shallow(ticketOptions || {});
ticketOptions.grant = grant;

var ticketOptions = ticketOptions || {};
if (ext) {
ticketOptions = Hoek.shallow(ticketOptions);
ticketOptions.ext = ext;
}

Ticket.issue(app, options.encryptionPassword, ticketOptions, callback);
Ticket.issue(app, grant, options.encryptionPassword, ticketOptions, callback);
});
});
});
Expand Down
8 changes: 3 additions & 5 deletions lib/index.js
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
// Export sub-modules

exports.hawk = require('hawk');
exports.server = require('./server');
exports.client = require('./client');
exports.endpoints = require('./endpoints');
exports.ticket = require('./ticket');
exports.hawk = require('hawk');
exports.scope = require('./scope');


exports.server = require('./server');
exports.ticket = require('./ticket');
4 changes: 2 additions & 2 deletions lib/server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ var internals = {};

exports.authenticate = function (req, encryptionPassword, options, callback) {

Hawk.server.authenticate(req, exports.credentialsFunc(encryptionPassword, options), options.hawk || {}, function (err, credentials, artifacts) {
Hawk.server.authenticate(req, internals.credentialsFunc(encryptionPassword, options), options.hawk || {}, function (err, credentials, artifacts) {

if (err) {
return callback(err);
Expand All @@ -42,7 +42,7 @@ exports.authenticate = function (req, encryptionPassword, options, callback) {

// Hawk credentialsFunc generator

exports.credentialsFunc = function (encryptionPassword, options) {
internals.credentialsFunc = function (encryptionPassword, options) {

Hoek.assert(encryptionPassword, 'Invalid encryption password');

Expand Down
105 changes: 58 additions & 47 deletions lib/ticket.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,15 @@ internals.defaults = {
scope: ['a', 'b'] // Application scope
};
var grant = {
id: 'd832d9283hd9823dh', // Persistent identifier used to issue additional tickets or revoke access
user: '456', // User id
exp: 1352535473414, // Grant expiration
scope: ['b'] // Grant scope
};
var options = {
ttl: 60 * 1000, // 1 min
grant: {
id: 'd832d9283hd9823dh', // Persistent identifier used to issue additional tickets or revoke access
user: '456', // User id
exp: 1352535473414, // Grant expiration
scope: ['b'] // Grant scope
},
ext: { // Server-specific extension data
public: { // Included in the plain ticket
tos: '0.0.1'
Expand All @@ -49,37 +50,38 @@ internals.defaults = {
};
*/

exports.issue = function (app, encryptionPassword, options, next) {
exports.issue = function (app, grant, encryptionPassword, options, callback) {

var fail = Hoek.nextTick(callback);

if (!app || !app.id) {
return next(Boom.internal('Invalid application object'));
return fail(Boom.internal('Invalid application object'));
}

var grant = options.grant;
if (grant && (!grant.id || !grant.user || !grant.exp)) {
return next(Boom.internal('Invalid grant object'));
return fail(Boom.internal('Invalid grant object'));
}

if (!encryptionPassword) {
return next(Boom.internal('Invalid encryption password'));
return fail(Boom.internal('Invalid encryption password'));
}

if (!options) {
return next(Boom.internal('Invalid options object'));
return fail(Boom.internal('Invalid options object'));
}

var scope = (grant && grant.scope) || app.scope || [];
var error = Scope.validate(scope);
if (error) {
return next(error);
return fail(error);
}

if (grant &&
grant.scope &&
app.scope &&
!Scope.isSubset(app.scope, grant.scope)) {

return next(Boom.internal('Grant scope is not a subset of the application scope'));
return fail(Boom.internal('Grant scope is not a subset of the application scope'));
}

// Construct ticket
Expand All @@ -100,21 +102,23 @@ exports.issue = function (app, encryptionPassword, options, next) {
ticket.user = grant.user;
}

exports.generate(ticket, encryptionPassword, options, next);
exports.generate(ticket, encryptionPassword, options, callback);
};


// Reissue ticket

/*
var grant = {
id: 'd832d9283hd9823dh', // Persistent identifier used to issue additional tickets or revoke access
user: '456', // User id
exp: 1352535473414, // Grant expiration
scope: ['b'] // Grant scope
};
var options = {
ttl: 60 * 1000, // 1 min
scope: ['b'], // Ticket scope (must be equal or lesser than parent)
grant: {
id: 'd832d9283hd9823dh', // Persistent identifier used to issue additional tickets or revoke access
user: '456', // User id
exp: 1352535473414 // Grant expiration
},
issueTo: '123', // Delegated to application id
ext: { // Server-specific extension data
public: { // Included in the plain ticket
Expand All @@ -130,43 +134,44 @@ exports.issue = function (app, encryptionPassword, options, next) {
};
*/

exports.reissue = function (parentTicket, encryptionPassword, options, next) {
exports.reissue = function (parentTicket, grant, encryptionPassword, options, callback) {

var fail = Hoek.nextTick(callback);

if (!parentTicket) {
return next(Boom.internal('Invalid parent ticket object'));
return fail(Boom.internal('Invalid parent ticket object'));
}

if (!encryptionPassword) {
return next(Boom.internal('Invalid encryption password'));
return fail(Boom.internal('Invalid encryption password'));
}

if (!options) {
return next(Boom.internal('Invalid options object'));
return fail(Boom.internal('Invalid options object'));
}

if (options.scope &&
!Scope.isSubset(parentTicket.scope, options.scope)) {

return next(Boom.forbidden('New scope is not a subset of the parent ticket scope'));
return fail(Boom.forbidden('New scope is not a subset of the parent ticket scope'));
}

if (options.issueTo &&
parentTicket.dlg) {

return next(Boom.badRequest('Cannot re-delegate'));
return fail(Boom.badRequest('Cannot re-delegate'));
}

var grant = options.grant;
if (grant && (!grant.id || !grant.user || !grant.exp)) {
return next(Boom.internal('Invalid grant object'));
return fail(Boom.internal('Invalid grant object'));
}

if (grant || parentTicket.grant) {
if (!grant ||
!parentTicket.grant ||
parentTicket.grant !== grant.id) {

return next(Boom.internal('Parent ticket grant does not match options.grant'));
return fail(Boom.internal('Parent ticket grant does not match options.grant'));
}
}

Expand Down Expand Up @@ -202,7 +207,7 @@ exports.reissue = function (parentTicket, encryptionPassword, options, next) {
ticket.dlg = parentTicket.dlg;
}

exports.generate(ticket, encryptionPassword, options, next);
exports.generate(ticket, encryptionPassword, options, callback);
};


Expand All @@ -225,22 +230,24 @@ exports.reissue = function (parentTicket, encryptionPassword, options, next) {
};
*/

exports.rsvp = function (app, grant, encryptionPassword, options, next) {
exports.rsvp = function (app, grant, encryptionPassword, options, callback) {

var fail = Hoek.nextTick(callback);

if (!app || !app.id) {
return next(Boom.internal('Invalid application object'));
return fail(Boom.internal('Invalid application object'));
}

if (!grant || !grant.id) {
return next(Boom.internal('Invalid grant object'));
return fail(Boom.internal('Invalid grant object'));
}

if (!encryptionPassword) {
return next(Boom.internal('Invalid encryption password'));
return fail(Boom.internal('Invalid encryption password'));
}

if (!options) {
return next(Boom.internal('Invalid options object'));
return fail(Boom.internal('Invalid options object'));
}

options.ttl = options.ttl || internals.defaults.rsvpTTL;
Expand All @@ -258,11 +265,11 @@ exports.rsvp = function (app, grant, encryptionPassword, options, next) {
Iron.seal(envelope, encryptionPassword, options.iron || Iron.defaults, function (err, sealed) {

if (err) {
return next(err);
return callback(err);
}

var rsvp = sealed;
return next(null, rsvp);
return callback(null, rsvp);
});
};

Expand All @@ -275,7 +282,6 @@ exports.rsvp = function (app, grant, encryptionPassword, options, next) {
exp: time in msec
app: app id ticket is issued to
scope: ticket scope
ext: application data { public, private }
grant: grant id
user: user id
dlg: app id of the delegating party
Expand All @@ -285,6 +291,7 @@ exports.rsvp = function (app, grant, encryptionPassword, options, next) {
key: ticket secret key (Hawk)
algorithm: ticket hmac algorithm (Hawk)
id: ticket key id (Hawk)
ext: application data { public, private }
};
var options = {
Expand All @@ -294,13 +301,15 @@ exports.rsvp = function (app, grant, encryptionPassword, options, next) {
};
*/

exports.generate = function (ticket, encryptionPassword, options, next) {
exports.generate = function (ticket, encryptionPassword, options, callback) {

var fail = Hoek.nextTick(callback);

// Generate ticket secret

var random = Cryptiles.randomString(options.keyBytes || internals.defaults.keyBytes);
if (random instanceof Error) {
return next(random);
return fail(random);
}

ticket.key = random;
Expand All @@ -327,7 +336,7 @@ exports.generate = function (ticket, encryptionPassword, options, next) {
Iron.seal(ticket, encryptionPassword, options.iron || Iron.defaults, function (err, sealed) {

if (err) {
return next(err);
return callback(err);
}

ticket.id = sealed;
Expand All @@ -343,7 +352,7 @@ exports.generate = function (ticket, encryptionPassword, options, next) {
}
}

return next(null, ticket);
return callback(null, ticket);
});
};

Expand All @@ -356,24 +365,26 @@ exports.generate = function (ticket, encryptionPassword, options, next) {
};
*/

exports.parse = function (id, encryptionPassword, options, next) {
exports.parse = function (id, encryptionPassword, options, callback) {

var fail = Hoek.nextTick(callback);

if (!encryptionPassword) {
return next(Boom.internal('Invalid encryption password'));
return fail(Boom.internal('Invalid encryption password'));
}

if (!options) {
return next(Boom.internal('Invalid options object'));
return fail(Boom.internal('Invalid options object'));
}

Iron.unseal(id, encryptionPassword, options.iron || Iron.defaults, function (err, object) {

if (err) {
return next(err);
return callback(err);
}

var ticket = object;
ticket.id = id;
return next(null, ticket);
return callback(null, ticket);
});
};
Loading

0 comments on commit 49d2f43

Please sign in to comment.