UNPKG

@types/hawk/lib/server.d.ts

Version:

4.58 kBTypeScriptView Raw

1import * as http from 'http';
2import * as request from 'request';
3
4import * as Crypto from './crypto';
5import * as Utils from './utils';
6import { Message } from './client';
7
8export type CredentialsFunc = (id: string) => Promise<Credentials> | Credentials;
9export type NonceFunc = (key: string, nonce: string, ts: string) => Promise<void> | void;
10
11export interface AuthenticateOptions {
12    /**
13     * optional header field name, used to override the default 'Host' header when used
14     * behind a cache of a proxy. Apache2 changes the value of the 'Host' header while preserving
15     * the original (which is what the module must verify) in the 'x-forwarded-host' header field.
16     * Only used when passed a node `http.ServerRequest` object.
17     */
18    hostHeaderName?: string | undefined;
19    /**
20     * optional nonce validation function. The function signature is `async function(key, nonce, ts)`
21     * and it must return no value for success or throw an error for invalid state.
22     */
23    nonceFunc?: NonceFunc | undefined;
24    /**
25     * optional number of seconds of permitted clock skew for incoming timestamps. Defaults to 60 seconds.
26     * Provides a +/- skew which means actual allowed window is double the number of seconds.
27     */
28    timestampSkewSec?: number | undefined;
29    /**
30     * Optional local clock time offset express in a number of milliseconds (positive or negative).
31     * Defaults to 0.
32     */
33    localtimeOffsetMsec?: number | undefined;
34    /**
35     * optional payload for validation. The client calculates the hash value and includes it via the 'hash'
36     * header attribute. The server always ensures the value provided has been included in the request
37     * MAC. When this option is provided, it validates the hash value itself. Validation is done by calculating
38     * a hash value over the entire payload (assuming it has already be normalized to the same format and
39     * encoding used by the client to calculate the hash on request). If the payload is not available at the time
40     * of authentication, the `authenticatePayload()` method can be used by passing it the credentials and
41     * `attributes.hash` returned from `authenticate()`.
42     */
43    payload?: string | undefined;
44    /**
45     * optional host name override. Only used when passed a node request object.
46     */
47    host?: string | undefined;
48    /**
49     * optional port override. Only used when passed a node request object.
50     */
51    port?: number | undefined;
52}
53
54export interface Credentials {
55    algorithm: 'sha1' | 'sha256';
56    key: string;
57    user: string;
58}
59
60export interface Authentication {
61    artifacts: Crypto.Artifacts;
62    credentials: Credentials;
63}
64
65export interface HeaderOptions {
66    /** Payload content-type (ignored if hash provided) */
67    contentType?: string | undefined;
68    /** Application specific data sent via the ext attribute */
69    ext?: string | undefined;
70    /** Pre-calculated payload hash */
71    hash?: string | undefined;
72    /** UTF-8 encoded string for body hash generation (ignored if hash provided) */
73    payload?: string | undefined;
74}
75
76export type AuthenticateBewitOptions = Pick<
77    AuthenticateOptions,
78    'hostHeaderName' | 'localtimeOffsetMsec' | 'host' | 'port'
79>;
80
81export interface Bewit {
82    id: string;
83    exp: string;
84    mac: string;
85    ext: string;
86}
87
88export interface AuthenticatedBewit extends AuthenticatedMessage {
89    bewit: Bewit;
90}
91
92export interface AuthenticatedMessage {
93    credentials: Credentials;
94}
95
96export type AuthenticateMessageOptions = Pick<
97    AuthenticateOptions,
98    'nonceFunc' | 'timestampSkewSec' | 'localtimeOffsetMsec'
99>;
100
101export function authenticate(
102    req: http.IncomingMessage,
103    credentialsFunc: CredentialsFunc,
104    options?: AuthenticateOptions,
105): Promise<Authentication>;
106
107export function authenticateBewit(
108    req: http.IncomingMessage,
109    credentialsFunc: CredentialsFunc,
110    options?: AuthenticateBewitOptions,
111): Promise<AuthenticatedBewit>;
112
113export function authenticateMessage(
114    host: string,
115    port: number,
116    message: string,
117    authorization: Message,
118    credentialsFunc: CredentialsFunc,
119    options: AuthenticateMessageOptions,
120): Promise<AuthenticatedMessage>;
121
122export function authenticatePayload(
123    payload: string,
124    credentials: Credentials,
125    artifacts: Crypto.Artifacts,
126    contentType: string,
127): void;
128
129export function authenticatePayloadHash(calculatedHash: string, artifacts: Crypto.Artifacts): void;
130
131export function header(credentials: Credentials, artifacts: Crypto.Artifacts, options?: HeaderOptions): string;

1	`import * as http from 'http';`
2	`import * as request from 'request';`
3
4	`import * as Crypto from './crypto';`
5	`import * as Utils from './utils';`
6	`import { Message } from './client';`
7
8	`export type CredentialsFunc = (id: string) => Promise<Credentials> \| Credentials;`
9	`export type NonceFunc = (key: string, nonce: string, ts: string) => Promise<void> \| void;`
10
11	`export interface AuthenticateOptions {`
12	`/**`
13	`* optional header field name, used to override the default 'Host' header when used`
14	`* behind a cache of a proxy. Apache2 changes the value of the 'Host' header while preserving`
15	`* the original (which is what the module must verify) in the 'x-forwarded-host' header field.`
16	* Only used when passed a node `http.ServerRequest` object.
17	`*/`
18	`hostHeaderName?: string \| undefined;`
19	`/**`
20	* optional nonce validation function. The function signature is `async function(key, nonce, ts)`
21	`* and it must return no value for success or throw an error for invalid state.`
22	`*/`
23	`nonceFunc?: NonceFunc \| undefined;`
24	`/**`
25	`* optional number of seconds of permitted clock skew for incoming timestamps. Defaults to 60 seconds.`
26	`* Provides a +/- skew which means actual allowed window is double the number of seconds.`
27	`*/`
28	`timestampSkewSec?: number \| undefined;`
29	`/**`
30	`* Optional local clock time offset express in a number of milliseconds (positive or negative).`
31	`* Defaults to 0.`
32	`*/`
33	`localtimeOffsetMsec?: number \| undefined;`
34	`/**`
35	`* optional payload for validation. The client calculates the hash value and includes it via the 'hash'`
36	`* header attribute. The server always ensures the value provided has been included in the request`
37	`* MAC. When this option is provided, it validates the hash value itself. Validation is done by calculating`
38	`* a hash value over the entire payload (assuming it has already be normalized to the same format and`
39	`* encoding used by the client to calculate the hash on request). If the payload is not available at the time`
40	* of authentication, the `authenticatePayload()` method can be used by passing it the credentials and
41	* `attributes.hash` returned from `authenticate()`.
42	`*/`
43	`payload?: string \| undefined;`
44	`/**`
45	`* optional host name override. Only used when passed a node request object.`
46	`*/`
47	`host?: string \| undefined;`
48	`/**`
49	`* optional port override. Only used when passed a node request object.`
50	`*/`
51	`port?: number \| undefined;`
52	`}`
53
54	`export interface Credentials {`
55	`algorithm: 'sha1' \| 'sha256';`
56	`key: string;`
57	`user: string;`
58	`}`
59
60	`export interface Authentication {`
61	`artifacts: Crypto.Artifacts;`
62	`credentials: Credentials;`
63	`}`
64
65	`export interface HeaderOptions {`
66	`/** Payload content-type (ignored if hash provided) */`
67	`contentType?: string \| undefined;`
68	`/** Application specific data sent via the ext attribute */`
69	`ext?: string \| undefined;`
70	`/** Pre-calculated payload hash */`
71	`hash?: string \| undefined;`
72	`/** UTF-8 encoded string for body hash generation (ignored if hash provided) */`
73	`payload?: string \| undefined;`
74	`}`
75
76	`export type AuthenticateBewitOptions = Pick<`
77	`AuthenticateOptions,`
78	`'hostHeaderName' \| 'localtimeOffsetMsec' \| 'host' \| 'port'`
79	`>;`
80
81	`export interface Bewit {`
82	`id: string;`
83	`exp: string;`
84	`mac: string;`
85	`ext: string;`
86	`}`
87
88	`export interface AuthenticatedBewit extends AuthenticatedMessage {`
89	`bewit: Bewit;`
90	`}`
91
92	`export interface AuthenticatedMessage {`
93	`credentials: Credentials;`
94	`}`
95
96	`export type AuthenticateMessageOptions = Pick<`
97	`AuthenticateOptions,`
98	`'nonceFunc' \| 'timestampSkewSec' \| 'localtimeOffsetMsec'`
99	`>;`
100
101	`export function authenticate(`
102	`req: http.IncomingMessage,`
103	`credentialsFunc: CredentialsFunc,`
104	`options?: AuthenticateOptions,`
105	`): Promise<Authentication>;`
106
107	`export function authenticateBewit(`
108	`req: http.IncomingMessage,`
109	`credentialsFunc: CredentialsFunc,`
110	`options?: AuthenticateBewitOptions,`
111	`): Promise<AuthenticatedBewit>;`
112
113	`export function authenticateMessage(`
114	`host: string,`
115	`port: number,`
116	`message: string,`
117	`authorization: Message,`
118	`credentialsFunc: CredentialsFunc,`
119	`options: AuthenticateMessageOptions,`
120	`): Promise<AuthenticatedMessage>;`
121
122	`export function authenticatePayload(`
123	`payload: string,`
124	`credentials: Credentials,`
125	`artifacts: Crypto.Artifacts,`
126	`contentType: string,`
127	`): void;`
128
129	`export function authenticatePayloadHash(calculatedHash: string, artifacts: Crypto.Artifacts): void;`
130
131	`export function header(credentials: Credentials, artifacts: Crypto.Artifacts, options?: HeaderOptions): string;`