This koa middleware allows you to restrict access to pages with Escher authentication.
The middlewares will work only in the following order:
- A bodyparser defining rawBody on the request (e.g. koa-bodyparser)
- Authenticator middleware (lib/koa-authenticator)
const Koa = require('koa');
const bodyParser = require('koa-bodyparser');
const escherAuth = require('koa-escher-auth');
let escherConfig = {
credentialScope: 'eu/app-id/ems_request',
keyPool: JSON.stringify([
{ 'keyId': 'app-id_suite_v1', 'secret': 'app-id-secret', acceptOnly: 0 }
])
};
let app = new Koa();
app.use(bodyParser());
app.use(escherAuth.authenticator(escherConfig));
app.use(function(ctx) {
ctx.body = `Hello world, ${ctx.escherAccessKeyId}!`;
});The access key id used to authenticate the request will be available on the context as escherAccessKeyId
If you define SUITE_ESCHER_CREDENTIAL_SCOPE and SUITE_ESCHER_KEY_POOL as environment variables the setup becomes even more easier.
SUITE_ESCHER_CREDENTIAL_SCOPE='eu/app-id/ems_request'
SUITE_ESCHER_KEY_POOL='[{"keyId": "app-id_suite_v1", "secret": "app-id-secret", "acceptOnly": 0}]'
const Koa = require('koa');
const bodyParser = require('koa-bodyparser');
const escherAuth = require('koa-escher-auth');
let app = new Koa();
app.use(bodyParser());
app.use(escherAuth.authenticator());
app.use(function(ctx) {
ctx.body = 'Hello world';
});The keypool always has to be a valid JSON string.
You are able to add other middlewares between bodyparser and authenticator if you want.