@acastellon/auth 中文文档教程

发布于 4年前 浏览 21 项目主页 更新于 3年前

auth

使用组合的微服务的身份验证控制系统 NTLM + LDAP + JWT 检查安全

使用

module.exports = {
    url: 'ldap://<address>:389'
    ,DOMAIN : '<domain>'
    ,baseDN: '<baseDN>'
    ,username: '<user-ldap>'
    ,password: '<password>'
    ,NTLM_DEBUG: false // to activate log messages 

    ,CNAME: 'dev.example.com'

    ,passToken: '<passphrase-optional>'  /* if doesn't exists the module generates ones automatically */
    ,EXPIRES: 86400                     /* JWT expires in 24 hours */

    ,MOCKUP_USERS : ['acastellon','lskywalker']
    ,MOCKUP_ROLES : ['User','Admin']
    ,ROLES : {
        'User': 'GI RD USER '
        , 'Admin': 'GI RD  ADMINISTRATOR '
        , 'Viewer': 'GI RD  VIEWER '
    }
}


const auth      = require('@acastellon/auth')(def_auth);

情况如果基于 NTLM 的身份验证(通常与服务器 Web 前端相关),请使用:。

 auth.setNTLMAuth(app);

如果使用基于 JWT 的身份验证:

 auth.validateToken(app);

使用内部缓存来避免继续查询 LDAP 服务器。

@TODO: update the cache when throws the expiration of the token.      

Values in Header created:

  x-access-token        - JWT generated 
  is-authenticated      - a flag if it was validated already for ldap 
  auth-user             - name of the user validated

注意:为了增加安全性(如果需要),我们可以使用以下技术:

  • reduce the expiration time for the tokens
  • create a hash with : < users >: < passwordToken-autogenerated >

所有这些都是为了几乎每个请求都包含一个新令牌(但这种技术会降低性能)

auth

Authentication Control System for microservices that uses a combination of NTLM + LDAP + JWT to check the security

usage

module.exports = {
    url: 'ldap://<address>:389'
    ,DOMAIN : '<domain>'
    ,baseDN: '<baseDN>'
    ,username: '<user-ldap>'
    ,password: '<password>'
    ,NTLM_DEBUG: false // to activate log messages 

    ,CNAME: 'dev.example.com'

    ,passToken: '<passphrase-optional>'  /* if doesn't exists the module generates ones automatically */
    ,EXPIRES: 86400                     /* JWT expires in 24 hours */

    ,MOCKUP_USERS : ['acastellon','lskywalker']
    ,MOCKUP_ROLES : ['User','Admin']
    ,ROLES : {
        'User': 'GI RD USER '
        , 'Admin': 'GI RD  ADMINISTRATOR '
        , 'Viewer': 'GI RD  VIEWER '
    }
}


const auth      = require('@acastellon/auth')(def_auth);

In case of Authentication based in NTLM (normally is related to the Server Web FrontEnd), use:.

 auth.setNTLMAuth(app);

In case of Authentication based in JWT use:

 auth.validateToken(app);

Uses an internal cache to avoid continues queries to the LDAP server.

@TODO: update the cache when throws the expiration of the token.      

Values in Header created:

  x-access-token        - JWT generated 
  is-authenticated      - a flag if it was validated already for ldap 
  auth-user             - name of the user validated

Note: In order to increase the Security (if it's required) we could use the following techniques:

  • reduce the expiration time for the tokens
  • create a hash with : < users >: < passwordToken-autogenerated >

all in order that practically every request contain a new token (but this tech. decrease the performance)

更多

友情链接

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文