Code Monkey home page Code Monkey logo

access's Introduction

@signalnerve/access

(very alpha!) tooling for authenticating using cloudflare access, inside of a worker

usage:

npm install @signalnerve/access
// put this in config.js and gitignore it, or post-february 2020, use
// workers secrets to set these as AUD and CERTIFICATE_URL constants
// in your script
const config = {
  AUD: "1234abcdef",
  CERTIFICATE_URL: "https://yourdomain.com/cdn-cgi/access/certs",
}

// in your workers script, usually index.js

const access = new Access({
  debug: true,
  verification: {
    aud: config.AUD,
    certificateUrl: config.CERTIFICATE_URL,
  },
})

addEventListener('fetch', handleRequest)

const handleRequest = async evt => {
  // Verifies the provided JWT in the request, ensuring that it's signed
  // by the Cloudflare Access public keys
  const { authorized } = await access.try(evt)
  if (authorized) {
    const resp = await fetch(evt.request)
    const emailHeader = 'cf-access-authenticated-user-email'
    resp.headers.set(emailHeader, evt.request.headers.get(emailHeader))
    return resp
  } else {
    // Return 401 unauthorized - depending on the situation, you may want 
    // to clear the JWT and re-authenticate through Access instead
    return new Response("Unauthorized", { status: 401 })
  }
}

this package is very beta! i've been using it to drive user authentication inside of a worker, by providing the user email as a header to the client. the api for this is extremely likely to change, as this work is super related to a bunch of util-style tooling i'm writing for cloudflare workers apps right now.

todos:

  • determine if a unique user id is available inside of the jwt (e.g. the sub field of the JWT)
  • use html rewriter magic to embed the user auth info directly into the DOM, so that you can make auth'd requests from the client
  • what happens when the JWT expires? does access catch that first, or does there need to be a refresh token process here?
  • API is subject to change as i continue to explore middleware as a primitive in workers applications (probably via a light framework or something similar)

access's People

Contributors

kristianfreeman avatar

Watchers

avatar avatar

Forkers

douglas-saylor-killoughlaw

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.