cas-secure
Secure Express/connect APIs against a CAS server
Install
npm install --save cas-secureHow to use
Require Package
var secure = require('cas-secure').set(options);Where options is one of the following:
- String: The base url of CAS (For example: http://my.cas-server.com/cas).
- Object: An object with the following properties:
- base_ur [Mandaory]: The base url of CAS (For example: http://my.cas-server.com/cas).
- version [Optional]: CAS protocol version. Posible values are 1, 2 or 3. Default 3.
-
action [Optional]: Default action that cas_secure should take with failed authentication (Default block):
- block: Returns a 401 (Unauthorized) status code.
- pass: Pass the error to next, to be handled by express/connect error handler.
- ignore: call next middleware, but don't write info about user.
-
validateUrl [Optional]: Url for proxy/ticket validation:
- Default for protocol version 1: /validate
- Default for protocol version 2: /proxyValidate
- Default for protocol version 3: /p3/proxyValidate
- service [Optional]: this service identification. Defaults to the value of the Host header.
Use middleware
/*
secure.validate expects the ticket to be found in "ticket" query parameter (req.query.ticket),
or in "Authorization" header (req.headers.authorization) of Bearer type .
*/
app.use(secure.validate(action), function SecuredMiddleware(req, res, next){
/*
Your code goes here
If user got authenticated:
* req.cas.user will have user id
* req.cas.attributes will have user attributes released by cas.
*/
})action can be one of block, pass or ignore, and will override the configured default action.
If no action is provided, will use the default one.