There's not many examples out there for hapi and its auth-cookie plugin but here's what I have so far in an attempt to secure a route. Note, most of the examples I've seen are using an older version of hapi which doesn't seem to quite apply to this situation and im hoping im just missing something simple:
var Hapi = require('hapi');
var Mongoose = require('mongoose');
Mongoose.connect('mongodb://localhost/rfmproducetogo');
var server = new Hapi.Server(8080, "localhost");
server.pack.register([{
plugin: require("lout")
}, {
plugin: require('hapi-auth-cookie')
}, {
plugin: require("./plugins/togo")
}, {
plugin: require("./plugins/auth")
}], function(err) {
if (err) throw err;
server.auth.strategy('session', 'cookie', {
password: 'shhasecret',
cookie: 'wtfisthisfor',
isSecure: false,
redirectTo: false
});
server.start(function() {
console.log("hapi server started # " + server.info.uri);
});
});
And in my togo plugin I have this route setup to use the session
exports.create = function(plugin) {
plugin.route({
method: 'POST',
path: '/togo/add',
handler: function(request, reply) {
produce = new Produce();
produce.label = request.payload.label;
produce.price = request.payload.price;
produce.uom = request.payload.uom;
produce.category = request.payload.category;
produce.save(function(err) {
if (!err) {
reply(produce).created('/togo/' + produce._id);
} else {
reply(err);
}
});
},
config: {
auth: 'session'
}
});
};
The error im seeing is this:
/home/adam/Projects/bushhog/node_modules/hapi/node_modules/hoek/lib/index.js:421
throw new Error(msgs.join(' ') || 'Unknown error');
^
Error: Unknown authentication strategy: session in path: /togo/add
at Object.exports.assert (/home/adam/Projects/bushhog/node_modules/hapi/node_modules/hoek/lib/index.js:421:11)
at /home/adam/Projects/bushhog/node_modules/hapi/lib/auth.js:123:14
at Array.forEach (native)
at internals.Auth._setupRoute (/home/adam/Projects/bushhog/node_modules/hapi/lib/auth.js:121:24)
at new module.exports.internals.Route (/home/adam/Projects/bushhog/node_modules/hapi/lib/route.js:118:43)
at /home/adam/Projects/bushhog/node_modules/hapi/lib/router.js:110:25
at Array.forEach (native)
at /home/adam/Projects/bushhog/node_modules/hapi/lib/router.js:107:17
at Array.forEach (native)
at internals.Router.add (/home/adam/Projects/bushhog/node_modules/hapi/lib/router.js:104:13)
Running node 0.10.28, hapijs 6.x, hapi-auth-cookie 1.02
this issue occurs when you try to use an authentication strategy before it's actually available.
You're already following a good application setup by splitting the functionality into individual, small plugins with a given scope.
UPDATE: here's a dedicated tutorial for that problem, how to fix „unknown authentication strategy“
A good way to set up authentication and your plugins that rely on authentication is to create an extra "auth plugin" that adds your desired strategies and can be used as a dependency in your other plugins.
hapi auth plugin example
exports.register = function (server, options, next) {
// declare/register dependencies
server.register(require('hapi-auth-cookie'), err => {
/**
* Register authentication strategies to hapi server
*
* We’re using hapi-auth-cookie plugin to store user information on
* client side to remember user data on every website visit
*
* For sure, we could and will add more authentication strategies.
* What’s next: JWT (we highly welcome pull requests to add JWT functionality!)
*/
server.auth.strategy('session', 'cookie', {
password: 'ThisIsASecretPasswordThisIsASecretPassword',
cookie: 'hapi-rethink-dash',
redirectTo: '/login',
isSecure: false
});
server.log('info', 'Plugin registered: cookie authentication with strategy »session«')
next()
})
}
exports.register.attributes = {
name: 'authentication',
version: '1.0.0'
}
In your /plugins/togo you set the authentication plugin as a dependency (with server.dependency([array-of-deps])) which means hapi registers the auth plugin first and the depending ones afterwards.
You register your plugins like this:
server.register([{
plugin: require('./plugins/authentication')
}, {
plugin: require("./plugins/togo")
}], function(err) {
// handle callback
})
Check hapi-rethinkdb-dash for a detailed example.
Hope that helps!
keep in mind if you use server.dependency inside a plugin like Marcus Poehls did, you also need to register that dependency
server.register([{
plugin: require('hapi-auth-cookie')
},{
plugin: require('./plugins/authentication')
}, {
plugin: require("./plugins/togo")
}], function(err) {
// handle callback
})
Related
In tedious config, using process.env.(database details) fails. However if I put the same values by hand, the connect is successful.
I would like to use process.env instead of hard coding my database details.
Database is being hosted on azure.
Here's my code:
const { Connection, Request } = require("tedious");
const dotenv = require("dotenv");
dotenv.config();
// Create connection to database
const config = {
authentication: {
options: {
userName: "process.env.databaseUser",
password: "process.env.databasePassword",
},
type: "default",
},
server: "process.env.databaseUrl",
options: {
database: "process.env.databaseName",
encrypt: true,
},
};
const connection = new Connection(config);
// Attempt to connect and execute queries if connection goes through
connection.on("connect", (err) => {
if (err) {
console.error(err.message);
} else {
queryDatabase();
}
});
async function queryDatabase(query) {
const request = new Request(query, (err, rowCount) => {
if (err) {
console.error(err.message);
} else {
console.log(`${rowCount} row(s) returned`);
}
});
request.on("row", (columns) => {
columns.forEach((column) => {
console.log("%s\t%s", column.metadata.colName, column.value);
});
});
connection.execSql(request);
}
module.exports = {
queryDatabase,
};
terminal output:
Worker 09d76af8-01c2-4cdb-a2c1-d84de5ccfb89 connecting on 127.0.0.1:41165
[5/2/20 7:12:06 AM] Sat, 02 May 2020 07:12:06 GMT tedious deprecated The default value for `config.options.trustServerCertificate` will change from `true` to `false` in the next major version of `tedious`. Set the value to `true` or `false` explicitly to silence this message. at shared/my-db-helper.js:22:20
[5/2/20 7:12:06 AM] Sat, 02 May 2020 07:12:06 GMT tedious deprecated In the next major version of `tedious`, creating a new `Connection` instance will no longer establish a connection to the server automatically. Please use the new `connect` helper function or call the `.connect` method on the newly created `Connection` object to silence this message. at internal/process/next_tick.js:131:7
[5/2/20 7:12:06 AM] Failed to connect to process.env.databaseUrl:1433 - getaddrinfo ENOTFOUND process.env.databaseUrl
[5/2/20 7:12:07 AM] (node:21327) [DEP0064] DeprecationWarning: tls.createSecurePair() is deprecated. Please use tls.Socket instead.
.env file:
NODE_ENV=development
databaseUser=dataReader
databasePassword=***
databaseUrl=***.database.windows.net
databaseName=website
WRITE_FAILED_QUERY_TO_FILE=true
Replacing process.env variables with hard coded strings containing the same info is successful and returns the intended output.
I was putting process.env.(databasedata) in quotes!
process.env is an object.
removed the quotes and everything works.
#MaazSyedAdeeb. ty. Such a blind mistake. It works.
I'm using express-winston and winston-mongodb to log express requests to mongodb.
express-winston config:
expressWinston.logger({
meta: true,
//...other unrelated config
})
winston-mongodb config:
new MongoDB({
//...other unrelated config
})
Logging to mongodb works, but meta field is null. Logging to file/console works perfectly.
The mongo plugin doesn't recognize the express plugin's log format.
How can I get them to play nice?
When you look at the express-winston and winston-mongodb codes, you can easily see the difference.
winston-mongodb writes the value that matches the metaKey field to the specified collection.
Therefore, if you define it as follows, the meta field will not be null.
...
transports: [
new winston.transports.Console({
format: winston.format.json({
space: 2
})
}),
new winston.transports.MongoDB({
db: config.db.mongooseURI,
options: config.db.options,
collection:'logs',
capped:true,
metaKey:'meta'
}),
],
meta: true,
...
This is what finally worked for me: v6.12.1 Noticed later that while this works for db logging, the meta is empty for the file transport. Not sure why.
const winston = require('winston');
module.exports = function(err, req, res, next) {
winston.error(err.message, {metadata: { prop: err } });
res.status(500).send('Something failed.');
};
If you want to log to File and MongoDB then:
winston.add(
new winston.transports.MongoDB({
db: process.env.CONNECTIONSTRING,
options: { useUnifiedTopology: true },
metaKey: 'meta'
})
)
module.exports = function (err, req, res, next) {
// Log the exception
winston.error({message: err.message, level: err.level, stack: err.stack, meta: err})
res.status(500).send("Something failed..Cannot connect to Server");
};
import * as AuthCookie from 'hapi-auth-cookie';
import * as Bell from 'bell';
export function init(configs: IServerConfigurations, database: IDatabase):
Promise<Hapi.Server> {
const oauthConfiguration = OAuthConfiguration.getOAuthConfigs();
return new Promise<Hapi.Server>(resolve => {
// Setup Hapi Plugins
const plugins: string[] = configs.plugins;
const pluginOptions = {
database,
serverConfigs: configs
};
const attribute = {
name: 'authentication',
version: '1.0.0'
};
const authCookieOptions = {
password: 'cookie-encryption-password',
cookie: 'my-auth', // Name of cookie to set
redirectTo: '/login',
isSecure: false,
};
const pluginPromises = [];
pluginPromises.push(server.register(Inert));
pluginPromises.push(server.register(Bell));
//getting error while registering auth cookie
pluginPromises.push(server.register(AuthCookie));
});
}
I am registering hapi auth cookie in my node js hapi js application. I am able to register inert and bell packages but while registering Hapi auth cookie it is throwing an error.
The error, [1] "attributes" is required, indicates that the plugin is compatible with Hapi v17 but an earlier Hapi version is used. To resolve this, you can explicitly install an earlier version of hapi-auth-cookie.
Is there a way to enable / disable
depends on the enviroment in good ?
For instance I'd like to run this
only when NODE_ENV is equal to develepement
var goodOptions = {
opsInterval: 1000,
reporters: [{
reporter: require('good-console'),
events: {log: '*', response: '*' , error: '*' , request: '*'}
}]
};
server.register({
register: require('good'),
options: goodOptions
},
function(err) {
if (err) {
throw err;
}
}
);
no ternary operator :)
You could just add:
if (process.env.NODE_ENV !== 'development') {
goodOptions.reporters = [];
}
If you start getting into complex configuration then you should take a look at hapijs/confidence which is a really powerful configuration tool. It would be overkill just for this though.
I'm just starting to learn Hapijs
following getting started tutorial
with this example:
var Hapi = require('hapi');
var Good = require('good');
var server = new Hapi.Server();
server.connection({ port: 3000 });
server.route({
method: 'GET',
path: '/',
handler: function (request, reply) {
reply('Hello, world!');
}
});
server.route({
method: 'GET',
path: '/{name}',
handler: function (request, reply) {
reply('Hello, ' + encodeURIComponent(request.params.name) + '!');
}
});
server.register({
register: Good,
options: {
reporters: [{
reporter: require('good-console'),
args:[{ log: '*', response: '*' }]
}]
}
}, function (err) {
if (err) {
throw err; // something bad happened loading the plugin
}
server.start(function () {
server.log('info', 'Server running at: ' + server.info.uri);
});
});
when I run
node server
I've got
/home/user/hapi/node_modules/good/node_modules/hoek/lib/index.js:683
throw new Error(msgs.join(' ') || 'Unknown error');
^
Error: reporter must specify events to filter on
Can you help me, please ?
The documentation is outdated. There were some breaking changes in good 6.0.0. The module good-console has a new version, however it is not published on npm yet. You can use the master branch though by specifying the GitHub repository in package.json:
"good-console": "hapijs/good-console"
You will also need to change the configuration to:
options: {
reporters: [{
reporter: require('good-console'),
events: {
response: '*',
log: '*'
}
}]
}
EDIT: Version 5.0.0 of good-console has been released. The documentation was also updated.