tdp-ah-auth

A simple user authentication system for the ActionHeroJS API framework.

npm install tdp-ah-auth
2 downloads in the last week
4 downloads in the last month

TDPAHAuth

image

Status

DO NOT USE! This module is in heavy development and thus will not work and/or is subject to large-scale changes.

Overview

TDPAHAuth is designed to be a simple and fast user authentication module written in NodeJS, built specifically for use with the awesome ActionHeroJS API server.

Prerequisites/dependencies

TDPAHAuth is designed to run under ActionHeroJS only and thus you'll encounter problems if you run it any other way (although modification to makle it more generalised would not be too much work).

Currently TDPAHAuth is tested against ActionHeroJS 6.1.0+.

This also means that TDPAHAuth effectively has the same dependencies as ActionHeroJS.

Database backends

TDPAHAuth uses the JugglingDB ORM to provide database abstraction and thus can easily accomodate a wide range of database engines such as:

  • MySQL
  • SQLite3
  • Postgres
  • Redis
  • MongoDB
  • CouchDB/nano
  • Firebird

Some backends have functional restrictions so it's best to check those via their JugglingDB module documentation as some of these restrictions may be significant depending on your requirements.

Security

Security is a key focus of TDPAHAuth and care has been taken to implement good practice however it should be noted that this is both free/open software and also work in progress - thus the code may not be perfect in (at least) security terms. Since the source code is open, it is strongly recommended that all (and particularly security-conscious users) read the source code - please highlight any concerns or issues found via a github issue [INSERT LINK].

A perennial recommendation of TDPAHAuth is to implement secure access to the system itself, typically this includes SSL-based access (HTTPS:// and/or WSS:// protocols) alongside strong access restrictions in your firewall configuration and operating system and applications.

ACL

TDPAHAuth is strictly an authentication module but has a sister module named TDPAHACL [INSERT LINK] which is a complimentary ACL (Access Control List) system, again design to run under ActionHeroJS.

Installation

Installation is relatively simpleā€¦
TODO: Publish the NPM and write proper instructions here. Which parts are automated/manual?

Configuration

TDPAHAuth is configured via the included TDPAHAuthConfig.js file which is a simple JSON file containing all options. The configuration options in TDPAHAuthConfig.js can be partially or completely overridden by passing in a JS object of the same structure to the TDPAHAuth.init() function.

Usage

TDPAHAuth is relatively easy to set up and use, the various available methods along with examples can be found here:

Performance

Something here about performance with various backends/user tables etc. Example perf data would be very useful (maybe vs ZF?).

Testing

Show how to run tests

To do

  • Update to AH 6.2.5
  • Think about caching and TTLs
  • Consider how best to handle roles - need to be able to indicate admin/SU roles
  • Complete docs
    • Denote mandatory params in function calls
  • Complete code
  • Complete config - should have default/example props/objects
  • Write tests
  • Post install scripts to move files to relevant locations in ActionHeroJS
  • Publish to NPMJS.org
  • Potential new features:
    • A
    • B
  • FOR ACL: SHOULD WE ALLOW SETTING ACL CONFIG IN ACTION FILE? WOULD BE MORE LOGICAL BUT WOULD POTENTIALLY CREATE MESSY AND HARD TO UNDERSTAND CONFIGS

License

npm loves you