@drmhse/authos-node 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +248 -0
  2. package/package.json +1 -1
package/README.md ADDED
@@ -0,0 +1,248 @@
1
+ # @drmhse/authos-node
2
+
3
+ [![npm version](https://img.shields.io/npm/v/@drmhse/authos-node)](https://www.npmjs.com/package/@drmhse/authos-node)
4
+ [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
5
+
6
+ Node.js server adapter for [AuthOS](https://authos.dev) - the multi-tenant authentication platform. Provides JWT verification, webhook signature validation, and Express middleware.
7
+
8
+ ## Installation
9
+
10
+ ```bash
11
+ npm install @drmhse/authos-node
12
+ ```
13
+
14
+ For Express middleware:
15
+ ```bash
16
+ npm install @drmhse/authos-node express
17
+ ```
18
+
19
+ ## Quick Start
20
+
21
+ ### JWT Token Verification
22
+
23
+ Verify JWT tokens issued by AuthOS:
24
+
25
+ ```ts
26
+ import { createTokenVerifier } from '@drmhse/authos-node';
27
+
28
+ const verifier = createTokenVerifier({
29
+ baseURL: 'https://sso.example.com'
30
+ });
31
+
32
+ // Verify a token
33
+ const verified = await verifier.verifyToken(token);
34
+
35
+ console.log(verified.claims);
36
+ // {
37
+ // sub: 'user_123',
38
+ // email: 'user@example.com',
39
+ // is_platform_owner: false,
40
+ // org: 'acme-corp',
41
+ // permissions: ['users:read', 'users:write']
42
+ // }
43
+ ```
44
+
45
+ ### Express Middleware
46
+
47
+ Protect your Express routes with AuthOS authentication:
48
+
49
+ ```ts
50
+ import { createAuthMiddleware } from '@drmhse/authos-node/express';
51
+ import express from 'express';
52
+
53
+ const app = express();
54
+
55
+ const { requireAuth, requirePermission } = createAuthMiddleware({
56
+ baseURL: process.env.AUTHOS_URL!
57
+ });
58
+
59
+ // Public route
60
+ app.get('/', (req, res) => {
61
+ res.json({ message: 'Hello world' });
62
+ });
63
+
64
+ // Protected route - requires valid JWT
65
+ app.get('/profile', requireAuth(), (req, res) => {
66
+ // req.auth contains verified token info
67
+ res.json({ user: req.auth?.claims });
68
+ });
69
+
70
+ // Protected route - requires specific permission
71
+ app.delete('/users/:id',
72
+ requireAuth(),
73
+ requirePermission('users:delete'),
74
+ (req, res) => {
75
+ res.json({ message: 'User deleted' });
76
+ }
77
+ );
78
+
79
+ app.listen(3000);
80
+ ```
81
+
82
+ The middleware looks for a Bearer token in the `Authorization` header:
83
+
84
+ ```
85
+ Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
86
+ ```
87
+
88
+ ## Middleware Reference
89
+
90
+ ### requireAuth(options?)
91
+
92
+ Requires a valid JWT token. Adds `req.auth` with verified token info.
93
+
94
+ ```ts
95
+ app.get('/protected', requireAuth(), (req, res) => {
96
+ const userId = req.auth?.claims.sub;
97
+ res.json({ userId });
98
+ });
99
+ ```
100
+
101
+ **Options:**
102
+ | Option | Type | Description |
103
+ |--------|------|-------------|
104
+ | `getToken` | `(req) => string` | Custom token extractor |
105
+
106
+ ### requirePermission(permission, options?)
107
+
108
+ Requires the user to have a specific permission.
109
+
110
+ ```ts
111
+ app.post('/admin/users',
112
+ requireAuth(),
113
+ requirePermission('users:create'),
114
+ (req, res) => { ... }
115
+ );
116
+ ```
117
+
118
+ **Options:**
119
+ | Option | Type | Default | Description |
120
+ |--------|------|---------|-------------|
121
+ | `message` | `string` | "Insufficient permissions" | Custom error message |
122
+
123
+ ### requireAnyPermission(permissions, options?)
124
+
125
+ Requires the user to have at least one of the specified permissions.
126
+
127
+ ```ts
128
+ app.get('/reports',
129
+ requireAuth(),
130
+ requireAnyPermission(['reports:read', 'reports:admin']),
131
+ (req, res) => { ... }
132
+ );
133
+ ```
134
+
135
+ ### requireAllPermissions(permissions, options?)
136
+
137
+ Requires the user to have all of the specified permissions.
138
+
139
+ ```ts
140
+ app.post('/admin/settings',
141
+ requireAuth(),
142
+ requireAllPermissions(['admin:access', 'settings:write']),
143
+ (req, res) => { ... }
144
+ );
145
+ ```
146
+
147
+ ### requirePlatformOwner(options?)
148
+
149
+ Requires the user to be a platform owner.
150
+
151
+ ```ts
152
+ app.get('/platform/settings',
153
+ requireAuth(),
154
+ requirePlatformOwner(),
155
+ (req, res) => { ... }
156
+ );
157
+ ```
158
+
159
+ ### requireOrganization(slug, options?)
160
+
161
+ Requires the user to belong to a specific organization.
162
+
163
+ ```ts
164
+ app.get('/org/:slug/data',
165
+ requireAuth(),
166
+ requireOrganization((req) => req.params.slug),
167
+ (req, res) => { ... }
168
+ );
169
+ ```
170
+
171
+ ## Webhook Verification
172
+
173
+ Verify webhooks from AuthOS:
174
+
175
+ ```ts
176
+ import { verifyWebhookSignature } from '@drmhse/authos-node';
177
+
178
+ app.post('/webhooks/authos', (req, res) => {
179
+ const signature = req.headers['x-authos-signature'];
180
+ const payload = JSON.stringify(req.body);
181
+
182
+ try {
183
+ const isValid = verifyWebhookSignature(payload, signature, {
184
+ secret: process.env.WEBHOOK_SECRET!
185
+ });
186
+
187
+ if (!isValid) {
188
+ return res.status(401).json({ error: 'Invalid signature' });
189
+ }
190
+
191
+ // Process webhook
192
+ res.json({ received: true });
193
+ } catch (err) {
194
+ res.status(400).json({ error: 'Webhook verification failed' });
195
+ }
196
+ });
197
+ ```
198
+
199
+ ### Creating Webhook Signatures
200
+
201
+ If you need to verify webhooks from your own services:
202
+
203
+ ```ts
204
+ import { createWebhookSignature } from '@drmhse/authos-node';
205
+
206
+ const payload = JSON.stringify({ event: 'user.created' });
207
+ const signature = createWebhookSignature(payload, 'your_secret');
208
+ ```
209
+
210
+ ## API Reference
211
+
212
+ ### createTokenVerifier(options)
213
+
214
+ Creates a JWT token verifier that fetches JWKS from AuthOS.
215
+
216
+ ```ts
217
+ import { createTokenVerifier, clearJWKSCache } from '@drmhse/authos-node';
218
+
219
+ const verifier = createTokenVerifier({
220
+ baseURL: 'https://sso.example.com',
221
+ // Optional: cache time in seconds
222
+ cacheTimeSeconds: 300
223
+ });
224
+
225
+ const verified = await verifier.verifyToken(token);
226
+
227
+ // Clear cache to force JWKS refresh
228
+ clearJWKSCache();
229
+ ```
230
+
231
+ **Returns:**
232
+ - `verifyToken(token)` - Verifies a JWT and returns claims
233
+ - Claims include: `sub`, `email`, `is_platform_owner`, `org`, `permissions`
234
+
235
+ ## Error Codes
236
+
237
+ | Code | Description |
238
+ |------|-------------|
239
+ | `MISSING_TOKEN` | No Bearer token provided |
240
+ | `INVALID_TOKEN` | Token is malformed or expired |
241
+ | `NOT_AUTHENTICATED` | No auth info on request |
242
+ | `PERMISSION_DENIED` | User lacks required permission |
243
+ | `NOT_PLATFORM_OWNER` | User is not a platform owner |
244
+ | `WRONG_ORGANIZATION` | User is not in required organization |
245
+
246
+ ## License
247
+
248
+ MIT © DRM HSE
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@drmhse/authos-node",
3
- "version": "0.1.0",
3
+ "version": "0.1.1",
4
4
  "description": "Node.js server adapter for AuthOS authentication - Express middleware and token verification",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.mjs",