How to use the hawk.server function in hawk

To help you get started, we’ve selected a few hawk examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github vightel / FloodMapsWorkshop / node / server.js View on Github external
function hawk_restrict(req, res, next) {
	if( req.session.user ) return next()
	console.log("hawk_restrict client check...")
	Hawk.server.authenticate(req, FindCredentialsFunc, {}, function(err, credentials, artifacts) {
		SetSessionCredential( req, res, err, credentials, artifacts, next )
	})
}
// Home page -> app
github taskcluster / taskcluster / services / auth / routes / api / utils.js View on Github external
return function(req, res, next) {
    // Restore originalUrl as needed by hawk for authentication
    req.url = req.originalUrl;
    if (options.scopes == undefined) {
      next();
    } else {
      hawk.server.authenticate(req, findClient, {
        //payload:      JSON.stringify(req.body),
        nonceFunc:    _nonceManager
      }, function(err, credentials, artifacts) {
        if (err) {
          var incidentId = uuid.v4();
          var message = "Ask administrator to lookup incidentId in log-file";
          if (err.output && err.output.payload && err.output.payload.error) {
            message = err.output.payload.error;
          }
          debug(
            "Error occurred authenticating, err: %s, %j, incidentId: %s",
            err, err, incidentId, err.stack
          );
          return res.json(401, {
            message:        "Internal Server Error",
            error: {
github taskcluster / taskcluster / services / auth / node_modules / taskcluster-base / api.js View on Github external
return function(req, res, next) {
    // Restore originalUrl as needed by hawk for authentication
    req.url = req.originalUrl;
    // Technically, we always perform authentication, but we don't consider
    // the result of `deferAuth` is true or `scopes` is undefined.
    hawk.server.authenticate(req, getCredentials, {
      // Not sure if JSON stringify is not deterministic by specification.
      // I suspect not, so we'll postpone this till we're sure we want to do
      // payload validation and how we want to do it.
      //payload:      JSON.stringify(req.body),
      nonceFunc:    nonceManager
    }, function(err, credentials, artifacts) {
      // Keep reference to set of authorized scopes, which will be extended
      // by authenticate()
      var authorizedScopes = [];

      // Make function that will authenticate and return an error if one
      // occurred and otherwise do nothing. This allows us to ignore
      // authentication errors in case authentication is deferred
      var authenticated = false;
      var authenticate = function()  {
        // Don't authenticate twice
github outmoded / oz / lib / server.js View on Github external
// Check expiration

        if (checkExpiration &&
            ticket.exp <= Hawk.utils.now()) {

            const error = Hawk.utils.unauthorized('Expired ticket');
            error.output.payload.expired = true;
            throw error;
        }

        return ticket;
    };

    // Hawk authentication

    const { credentials, artifacts } = await Hawk.server.authenticate(req, credentialsFunc, options.hawk);

    // Check application

    if (credentials.app !== artifacts.app) {
        throw Hawk.utils.unauthorized('Mismatching application id');
    }

    if ((credentials.dlg || artifacts.dlg) &&
        credentials.dlg !== artifacts.dlg) {

        throw Hawk.utils.unauthorized('Mismatching delegated application id');
    }

    // Return result

    return { ticket: credentials, artifacts };
github jfromaniello / passport-hawk / lib / strategy.js View on Github external
Strategy.prototype.authenticate = function(req) {
  //express change req.url when mounting with app.use
  //this creates a new request object with url = originalUrl
  req = xtend({}, req, { url: req.originalUrl || req.url });

  if(this.bewit){
    hawk.uri.authenticate(req, this.verify, {}, function (err, credentials, ext) {
      if (err && err.isMissing) return this.fail('Missing authentication tokens');
      if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
      if (err) return this.error(new Error(err.message)); // Return hawk error
      this.success(credentials.user, ext);
    }.bind(this));
  }else{
    hawk.server.authenticate(req, this.verify, {}, function (err, credentials, ext) {
      if (err && err.isMissing) return this.fail('Missing authentication tokens');
      if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
      if (err && err.message) return this.error(new Error(err.message)); // Return hawk error
      this.success(credentials.user, ext);
    }.bind(this));
  }
};
github hapijs / hapi / lib / auth / bewit.js View on Github external
internals.Scheme.prototype.authenticate = function (request, reply) {

    Hawk.server.authenticateBewit(request.raw.req, this.settings.getCredentialsFunc, this.settings.hawk, function (err, credentials, bewit) {

        return reply(err, { credentials: credentials, artifacts: bewit });
    });
};
github perborgen / data_hub / node_modules / hapi / lib / auth / hawk.js View on Github external
internals.Scheme.prototype.authenticatePayload = function (request, callback) {

    var isValid = Hawk.server.authenticatePayload(request.rawBody, request.auth.credentials, request.auth.artifacts, request.raw.req.headers['content-type']);

    return callback(isValid ? null : Boom.unauthorized('Payload is invalid'));
};
github mozilla / watchdog-proxy / functions / accept.js View on Github external
headers,
    queryStringParameters: params,
    requestContext: { path, requestId },
  } = event;

  log.verbose("event", { headers, params, path, requestId });

  const {
    Host: host,
    Authorization: authorization,
    "X-Forwarded-Port": port = 80,
  } = headers;

  let authArtifacts;
  try {
    ({ artifacts: authArtifacts } = await Hawk.server.authenticate(
      {
        method: "POST",
        url: path,
        params,
        host,
        port,
        authorization,
      },
      lookupCredentials
    ));
    log.commonFields.uid = authArtifacts.id;
  } catch (err) {
    Raven.captureException(err);
    log.error("authInvalid", { authorization, error: err.message });
    return response(
      401,
github hapijs / hapi / lib / auth / hawk.js View on Github external
internals.Scheme.prototype.authenticatePayload = function (request, callback) {

    callback = Utils.nextTick(callback);

    var isValid = Hawk.server.authenticatePayload(request.rawPayload, request.auth.credentials, request.auth.artifacts, request.headers['content-type']);

    return callback(isValid ? null : Boom.unauthorized('Payload is invalid'));
};
github mozilla / PyHawk / compatibility / nodejs / server.js View on Github external
var handler = function (req, res) {

    Hawk.server.authenticate(req, credentialsFunc, {}, function (err, credentials, artifacts) {

        var payload = (!err ? 'Hello ' + credentials.user + ' ' + artifacts.ext : 'Shoosh!');
        var serverAuth = Hawk.server.header(credentials, artifacts, { payload: payload, contentType: 'text/plain' });

        var headers = {
            'Content-Type': 'text/plain',
            'Server-Authorization': serverAuth
        };

        res.writeHead(!err ? 200 : 401, headers);
        res.end(payload);
    });
};

hawk

HTTP Hawk Authentication Scheme

BSD-3-Clause
Latest version published 6 months ago

Package Health Score

43 / 100
Full package analysis