Package Exports
- koa-devstack-security
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (koa-devstack-security) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
DevStack token JWT validation
Koa middleware that propagates and validates JSON web tokens (JWT).
Usage
Our architecture, is validate with the use of a JWT token, so is mandatory propagate and validate the JWT token.
Configuration
Before use the koa-devstack-security is necessary configurate the file configuration.json, this file needs to:
Url to get the public key.
The key of identifier in our case sts_SHA1withRSA.
The delay between calls to public server key.
The attempts number when fail the public server key.
When do the library return an 401, Bad Authorization?
- If the token has bad format.
- If the date has expired.
- If the token is not authorization.
- If the header is bad formatted.
Retrieving the token
The token is normally provided in a HTTP header in our case ( Authorization ), so we can get the token with 'ctx.request.header.authorization'.
Example
var koaDevSec = require('koa-devstack-security');
var Koa = require('koa');
var app = new Koa();
app.use(koaDevSec());Additional Information
If you want to use this library, you need at least node v.6.9.2 and Harmony or Babel.
How do I pass source quality?
If you have passed istanbul, the 'coverage' folder has been created.
We use 'sonar-project.properties' and 'sonar-scanner' for analyze this project with SonarQube.
This SonarQube must have installed http://docs.sonarqube.org/display/PLUG/JavaScript+Plugin[*javascript plugin*].
Install http://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner[*sonar-scanner*]:
Config 'sonar.host.url' with the SonarQube server url.
'sonar-runner -Dsonar.host.url=sonarUrl'