How to use hawk - 10 common examples
To help you get started, we’ve selected a few hawk examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
kidtronnix / toothache / test / access.js View on Github 
config: {
auth: 'web',
handler: Resource.update
}
});
var options = {
method: "PUT",
url: "http://localhost.com/resource/1",
payload: JSON.stringify({uId:'user2'}),
headers: {}
};
// Add auth
var header = Hawk.client.header(options.url, options.method, { credentials: credentials.normal });
options.headers.Authorization = header.field;
server.inject(options, function(response) {
var result = response.result;
expect(response.statusCode).to.equal(401);
expect(result).to.be.instanceof(Object);
expect(result.message).to.equal("You do not have update access");
done();
});
})function hawk_restrict(req, res, next) {
if( req.session.user ) return next()
console.log("hawk_restrict client check...")
Hawk.server.authenticate(req, FindCredentialsFunc, {}, function(err, credentials, artifacts) {
SetSessionCredential( req, res, err, credentials, artifacts, next )
})
}
// Home page -> apprequest(reqOpt, function(error, response, body) {
if (error) {
metrics.apkSigningFailed(path);
logError(log, 'apk signer request error ', error);
return cb(new Error('SIGNER_REQUEST_FAILED'));
}
// Make sure that the signer thinks *our* request is valid.
if (response.statusCode !== 200) {
metrics.apkSigningFailed(path);
log.error('signer system error response: ' +
response.statusCode + ' ' + response.body);
return cb(new Error('SIGNER_REFUSED_REQUEST'));
}
var isValid = hawk.client.authenticate(response,
config.hawk,
hdr.artifacts, {
payload: body,
require: true
});
if (isValid) {
metrics.apkSigningFinished(path, new Date() - start);
return cb(null, body);
} else {
metrics.apkSigningFailed(path);
return cb(new Error('INVALID_SIGNER_RESPONSE'));
}
});
});return function(req, res, next) {
// Restore originalUrl as needed by hawk for authentication
req.url = req.originalUrl;
if (options.scopes == undefined) {
next();
} else {
hawk.server.authenticate(req, findClient, {
//payload: JSON.stringify(req.body),
nonceFunc: _nonceManager
}, function(err, credentials, artifacts) {
if (err) {
var incidentId = uuid.v4();
var message = "Ask administrator to lookup incidentId in log-file";
if (err.output && err.output.payload && err.output.payload.error) {
message = err.output.payload.error;
}
debug(
"Error occurred authenticating, err: %s, %j, incidentId: %s",
err, err, incidentId, err.stack
);
return res.json(401, {
message: "Internal Server Error",
error: {return function(req, res, next) {
// Restore originalUrl as needed by hawk for authentication
req.url = req.originalUrl;
// Technically, we always perform authentication, but we don't consider
// the result of `deferAuth` is true or `scopes` is undefined.
hawk.server.authenticate(req, getCredentials, {
// Not sure if JSON stringify is not deterministic by specification.
// I suspect not, so we'll postpone this till we're sure we want to do
// payload validation and how we want to do it.
//payload: JSON.stringify(req.body),
nonceFunc: nonceManager
}, function(err, credentials, artifacts) {
// Keep reference to set of authorized scopes, which will be extended
// by authenticate()
var authorizedScopes = [];
// Make function that will authenticate and return an error if one
// occurred and otherwise do nothing. This allows us to ignore
// authentication errors in case authentication is deferred
var authenticated = false;
var authenticate = function() {
// Don't authenticate twice// Check expiration
if (checkExpiration &&
ticket.exp <= Hawk.utils.now()) {
const error = Hawk.utils.unauthorized('Expired ticket');
error.output.payload.expired = true;
throw error;
}
return ticket;
};
// Hawk authentication
const { credentials, artifacts } = await Hawk.server.authenticate(req, credentialsFunc, options.hawk);
// Check application
if (credentials.app !== artifacts.app) {
throw Hawk.utils.unauthorized('Mismatching application id');
}
if ((credentials.dlg || artifacts.dlg) &&
credentials.dlg !== artifacts.dlg) {
throw Hawk.utils.unauthorized('Mismatching delegated application id');
}
// Return result
return { ticket: credentials, artifacts };Strategy.prototype.authenticate = function(req) {
//express change req.url when mounting with app.use
//this creates a new request object with url = originalUrl
req = xtend({}, req, { url: req.originalUrl || req.url });
if(this.bewit){
hawk.uri.authenticate(req, this.verify, {}, function (err, credentials, ext) {
if (err && err.isMissing) return this.fail('Missing authentication tokens');
if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
if (err) return this.error(new Error(err.message)); // Return hawk error
this.success(credentials.user, ext);
}.bind(this));
}else{
hawk.server.authenticate(req, this.verify, {}, function (err, credentials, ext) {
if (err && err.isMissing) return this.fail('Missing authentication tokens');
if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
if (err && err.message) return this.error(new Error(err.message)); // Return hawk error
this.success(credentials.user, ext);
}.bind(this));
}
};Strategy.prototype.authenticate = function(req) {
//express change req.url when mounting with app.use
//this creates a new request object with url = originalUrl
req = xtend({}, req, { url: req.originalUrl || req.url });
if(this.bewit){
hawk.uri.authenticate(req, this.verify, {}, function (err, credentials, ext) {
if (err && err.isMissing) return this.fail('Missing authentication tokens');
if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
if (err) return this.error(new Error(err.message)); // Return hawk error
this.success(credentials.user, ext);
}.bind(this));
}else{
hawk.server.authenticate(req, this.verify, {}, function (err, credentials, ext) {
if (err && err.isMissing) return this.fail('Missing authentication tokens');
if (err && err.message === 'Missing credentials') return this.fail('Invalid authentication tokens');
if (err && err.message) return this.error(new Error(err.message)); // Return hawk error
this.success(credentials.user, ext);
}.bind(this));
}
};if (!ticket.grant) {
return reissue();
}
// User ticket
const { grant, ext } = await options.loadGrantFunc(ticket.grant);
if (!grant ||
(grant.app !== ticket.app && grant.app !== ticket.dlg) ||
grant.user !== ticket.user ||
!grant.exp ||
grant.exp <= Hawk.utils.now()) {
throw Hawk.utils.unauthorized('Invalid grant');
}
return reissue(grant, ext);
};}, async (clientId) => {
let ext = undefined;
// Parse authorization header for ext
let attrs = hawk.utils.parseAuthorizationHeader(
req.authorization
);
// Extra ext
if (!(attrs instanceof Error)) {
ext = attrs.ext;
}
// Get credentials with ext
return loadCredentials(clientId, ext);
}, {
// Not sure if JSON stringify is not deterministic by specification.
