How to use the hawk.server function in hawk
To help you get started, we’ve selected a few hawk examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
vightel / FloodMapsWorkshop / node / server.js View on Github 
function hawk_restrict(req, res, next) {
if( req.session.user ) return next()
console.log("hawk_restrict client check...")
Hawk.server.authenticate(req, FindCredentialsFunc, {}, function(err, credentials, artifacts) {
SetSessionCredential( req, res, err, credentials, artifacts, next )
})
}
// Home page -> appreturn function(req, res, next) {
// Restore originalUrl as needed by hawk for authentication
req.url = req.originalUrl;
if (options.scopes == undefined) {
next();
} else {
hawk.server.authenticate(req, findClient, {
//payload: JSON.stringify(req.body),
nonceFunc: _nonceManager
}, function(err, credentials, artifacts) {
if (err) {
var incidentId = uuid.v4();
var message = "Ask administrator to lookup incidentId in log-file";
if (err.output && err.output.payload && err.output.payload.error) {
message = err.output.payload.error;
}
debug(
"Error occurred authenticating, err: %s, %j, incidentId: %s",
err, err, incidentId, err.stack
);
return res.json(401, {
message: "Internal Server Error",
error: {return function(req, res, next) {
// Restore originalUrl as needed by hawk for authentication
req.url = req.originalUrl;
// Technically, we always perform authentication, but we don't consider
// the result of `deferAuth` is true or `scopes` is undefined.
hawk.server.authenticate(req, getCredentials, {
// Not sure if JSON stringify is not deterministic by specification.
// I suspect not, so we'll postpone this till we're sure we want to do
// payload validation and how we want to do it.
//payload: JSON.stringify(req.body),
nonceFunc: nonceManager
}, function(err, credentials, artifacts) {
// Keep reference to set of authorized scopes, which will be extended
// by authenticate()
var authorizedScopes = [];
// Make function that will authenticate and return an error if one
// occurred and otherwise do nothing. This allows us to ignore
// authentication errors in case authentication is deferred
var authenticated = false;
var authenticate = function() {
// Don't authenticate twice// Check expiration
if (checkExpiration &&
ticket.exp <= Hawk.utils.now()) {
const error = Hawk.utils.unauthorized('Expired ticket');
error.output.payload.expired = true;
throw error;
}
return ticket;
};
// Hawk authentication
const { credentials, artifacts } = await Hawk.server.authenticate(req, credentialsFunc, options.hawk);
// Check application
if (credentials.app !== artifacts.app) {
throw Hawk.utils.unauthorized('Mismatching application id');
}
if ((credentials.dlg || artifacts.dlg) &&
credentials.dlg !== artifacts.dlg) {
throw Hawk.utils.unauthorized('Mismatching delegated application id');
}
// Return result
return { ticket: credentials, artifacts };Strategy.prototype.authenticate = function(req) {
//express change req.url when mounting with app.use
//this creates a new request object with url = originalUrl
req = xtend({}, req, { url: req.originalUrl || req.url });
if(this.bewit){
hawk.uri.authenticate(req, this.verify, {}, function (err, credentials, ext) {
if (err && err.isMissing) return this.fail('Missing authentication tokens');
if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
if (err) return this.error(new Error(err.message)); // Return hawk error
this.success(credentials.user, ext);
}.bind(this));
}else{
hawk.server.authenticate(req, this.verify, {}, function (err, credentials, ext) {
if (err && err.isMissing) return this.fail('Missing authentication tokens');
if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
if (err && err.message) return this.error(new Error(err.message)); // Return hawk error
this.success(credentials.user, ext);
}.bind(this));
}
};internals.Scheme.prototype.authenticate = function (request, reply) {
Hawk.server.authenticateBewit(request.raw.req, this.settings.getCredentialsFunc, this.settings.hawk, function (err, credentials, bewit) {
return reply(err, { credentials: credentials, artifacts: bewit });
});
};internals.Scheme.prototype.authenticatePayload = function (request, callback) {
var isValid = Hawk.server.authenticatePayload(request.rawBody, request.auth.credentials, request.auth.artifacts, request.raw.req.headers['content-type']);
return callback(isValid ? null : Boom.unauthorized('Payload is invalid'));
};headers,
queryStringParameters: params,
requestContext: { path, requestId },
} = event;
log.verbose("event", { headers, params, path, requestId });
const {
Host: host,
Authorization: authorization,
"X-Forwarded-Port": port = 80,
} = headers;
let authArtifacts;
try {
({ artifacts: authArtifacts } = await Hawk.server.authenticate(
{
method: "POST",
url: path,
params,
host,
port,
authorization,
},
lookupCredentials
));
log.commonFields.uid = authArtifacts.id;
} catch (err) {
Raven.captureException(err);
log.error("authInvalid", { authorization, error: err.message });
return response(
401,internals.Scheme.prototype.authenticatePayload = function (request, callback) {
callback = Utils.nextTick(callback);
var isValid = Hawk.server.authenticatePayload(request.rawPayload, request.auth.credentials, request.auth.artifacts, request.headers['content-type']);
return callback(isValid ? null : Boom.unauthorized('Payload is invalid'));
};var handler = function (req, res) {
Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {
var payload = (!err ? 'Hello ' + credentials.user + ' ' + artifacts.ext : 'Shoosh!');
var serverAuth = Hawk.server.header(credentials, artifacts, { payload: payload, contentType: 'text/plain' });
var headers = {
'Content-Type': 'text/plain',
'Server-Authorization': serverAuth
};
res.writeHead(!err ? 200 : 401, headers);
res.end(payload);
});
};
