UNPKG

@types/hawk/lib/server.d.ts

Version:

4.52 kBTypeScriptView Raw

1import * as http from 'http';
2
3import * as Crypto from './crypto';
4import { Message } from './client';
5
6export type CredentialsFunc = (id: string) => Promise<Credentials> | Credentials;
7export type NonceFunc = (key: string, nonce: string, ts: string) => Promise<void> | void;
8
9export interface AuthenticateOptions {
10    /**
11     * optional header field name, used to override the default 'Host' header when used
12     * behind a cache of a proxy. Apache2 changes the value of the 'Host' header while preserving
13     * the original (which is what the module must verify) in the 'x-forwarded-host' header field.
14     * Only used when passed a node `http.ServerRequest` object.
15     */
16    hostHeaderName?: string | undefined;
17    /**
18     * optional nonce validation function. The function signature is `async function(key, nonce, ts)`
19     * and it must return no value for success or throw an error for invalid state.
20     */
21    nonceFunc?: NonceFunc | undefined;
22    /**
23     * optional number of seconds of permitted clock skew for incoming timestamps. Defaults to 60 seconds.
24     * Provides a +/- skew which means actual allowed window is double the number of seconds.
25     */
26    timestampSkewSec?: number | undefined;
27    /**
28     * Optional local clock time offset express in a number of milliseconds (positive or negative).
29     * Defaults to 0.
30     */
31    localtimeOffsetMsec?: number | undefined;
32    /**
33     * optional payload for validation. The client calculates the hash value and includes it via the 'hash'
34     * header attribute. The server always ensures the value provided has been included in the request
35     * MAC. When this option is provided, it validates the hash value itself. Validation is done by calculating
36     * a hash value over the entire payload (assuming it has already be normalized to the same format and
37     * encoding used by the client to calculate the hash on request). If the payload is not available at the time
38     * of authentication, the `authenticatePayload()` method can be used by passing it the credentials and
39     * `attributes.hash` returned from `authenticate()`.
40     */
41    payload?: string | undefined;
42    /**
43     * optional host name override. Only used when passed a node request object.
44     */
45    host?: string | undefined;
46    /**
47     * optional port override. Only used when passed a node request object.
48     */
49    port?: number | undefined;
50}
51
52export interface Credentials {
53    algorithm: 'sha1' | 'sha256';
54    key: string;
55    user: string;
56}
57
58export interface Authentication {
59    artifacts: Crypto.Artifacts;
60    credentials: Credentials;
61}
62
63export interface HeaderOptions {
64    /** Payload content-type (ignored if hash provided) */
65    contentType?: string | string[] | undefined;
66    /** Application specific data sent via the ext attribute */
67    ext?: string | undefined;
68    /** Pre-calculated payload hash */
69    hash?: string | undefined;
70    /** UTF-8 encoded string for body hash generation (ignored if hash provided) */
71    payload?: string | undefined;
72}
73
74export type AuthenticateBewitOptions = Pick<
75    AuthenticateOptions,
76    'hostHeaderName' | 'localtimeOffsetMsec' | 'host' | 'port'
77>;
78
79export interface Bewit {
80    id: string;
81    exp: string;
82    mac: string;
83    ext: string;
84}
85
86export interface AuthenticatedBewit extends AuthenticatedMessage {
87    bewit: Bewit;
88}
89
90export interface AuthenticatedMessage {
91    credentials: Credentials;
92}
93
94export type AuthenticateMessageOptions = Pick<
95    AuthenticateOptions,
96    'nonceFunc' | 'timestampSkewSec' | 'localtimeOffsetMsec'
97>;
98
99export function authenticate(
100    req: http.IncomingMessage,
101    credentialsFunc: CredentialsFunc,
102    options?: AuthenticateOptions,
103): Promise<Authentication>;
104
105export function authenticateBewit(
106    req: http.IncomingMessage,
107    credentialsFunc: CredentialsFunc,
108    options?: AuthenticateBewitOptions,
109): Promise<AuthenticatedBewit>;
110
111export function authenticateMessage(
112    host: string,
113    port: number,
114    message: string,
115    authorization: Message,
116    credentialsFunc: CredentialsFunc,
117    options: AuthenticateMessageOptions,
118): Promise<AuthenticatedMessage>;
119
120export function authenticatePayload(
121    payload: string,
122    credentials: Credentials,
123    artifacts: Crypto.Artifacts,
124    contentType: string,
125): void;
126
127export function authenticatePayloadHash(calculatedHash: string, artifacts: Crypto.Artifacts): void;
128
129export function header(credentials: Credentials, artifacts: Crypto.Artifacts, options?: HeaderOptions): string;

1	`import * as http from 'http';`
2
3	`import * as Crypto from './crypto';`
4	`import { Message } from './client';`
5
6	`export type CredentialsFunc = (id: string) => Promise<Credentials> \| Credentials;`
7	`export type NonceFunc = (key: string, nonce: string, ts: string) => Promise<void> \| void;`
8
9	`export interface AuthenticateOptions {`
10	`/**`
11	`* optional header field name, used to override the default 'Host' header when used`
12	`* behind a cache of a proxy. Apache2 changes the value of the 'Host' header while preserving`
13	`* the original (which is what the module must verify) in the 'x-forwarded-host' header field.`
14	* Only used when passed a node `http.ServerRequest` object.
15	`*/`
16	`hostHeaderName?: string \| undefined;`
17	`/**`
18	* optional nonce validation function. The function signature is `async function(key, nonce, ts)`
19	`* and it must return no value for success or throw an error for invalid state.`
20	`*/`
21	`nonceFunc?: NonceFunc \| undefined;`
22	`/**`
23	`* optional number of seconds of permitted clock skew for incoming timestamps. Defaults to 60 seconds.`
24	`* Provides a +/- skew which means actual allowed window is double the number of seconds.`
25	`*/`
26	`timestampSkewSec?: number \| undefined;`
27	`/**`
28	`* Optional local clock time offset express in a number of milliseconds (positive or negative).`
29	`* Defaults to 0.`
30	`*/`
31	`localtimeOffsetMsec?: number \| undefined;`
32	`/**`
33	`* optional payload for validation. The client calculates the hash value and includes it via the 'hash'`
34	`* header attribute. The server always ensures the value provided has been included in the request`
35	`* MAC. When this option is provided, it validates the hash value itself. Validation is done by calculating`
36	`* a hash value over the entire payload (assuming it has already be normalized to the same format and`
37	`* encoding used by the client to calculate the hash on request). If the payload is not available at the time`
38	* of authentication, the `authenticatePayload()` method can be used by passing it the credentials and
39	* `attributes.hash` returned from `authenticate()`.
40	`*/`
41	`payload?: string \| undefined;`
42	`/**`
43	`* optional host name override. Only used when passed a node request object.`
44	`*/`
45	`host?: string \| undefined;`
46	`/**`
47	`* optional port override. Only used when passed a node request object.`
48	`*/`
49	`port?: number \| undefined;`
50	`}`
51
52	`export interface Credentials {`
53	`algorithm: 'sha1' \| 'sha256';`
54	`key: string;`
55	`user: string;`
56	`}`
57
58	`export interface Authentication {`
59	`artifacts: Crypto.Artifacts;`
60	`credentials: Credentials;`
61	`}`
62
63	`export interface HeaderOptions {`
64	`/** Payload content-type (ignored if hash provided) */`
65	`contentType?: string \| string[] \| undefined;`
66	`/** Application specific data sent via the ext attribute */`
67	`ext?: string \| undefined;`
68	`/** Pre-calculated payload hash */`
69	`hash?: string \| undefined;`
70	`/** UTF-8 encoded string for body hash generation (ignored if hash provided) */`
71	`payload?: string \| undefined;`
72	`}`
73
74	`export type AuthenticateBewitOptions = Pick<`
75	`AuthenticateOptions,`
76	`'hostHeaderName' \| 'localtimeOffsetMsec' \| 'host' \| 'port'`
77	`>;`
78
79	`export interface Bewit {`
80	`id: string;`
81	`exp: string;`
82	`mac: string;`
83	`ext: string;`
84	`}`
85
86	`export interface AuthenticatedBewit extends AuthenticatedMessage {`
87	`bewit: Bewit;`
88	`}`
89
90	`export interface AuthenticatedMessage {`
91	`credentials: Credentials;`
92	`}`
93
94	`export type AuthenticateMessageOptions = Pick<`
95	`AuthenticateOptions,`
96	`'nonceFunc' \| 'timestampSkewSec' \| 'localtimeOffsetMsec'`
97	`>;`
98
99	`export function authenticate(`
100	`req: http.IncomingMessage,`
101	`credentialsFunc: CredentialsFunc,`
102	`options?: AuthenticateOptions,`
103	`): Promise<Authentication>;`
104
105	`export function authenticateBewit(`
106	`req: http.IncomingMessage,`
107	`credentialsFunc: CredentialsFunc,`
108	`options?: AuthenticateBewitOptions,`
109	`): Promise<AuthenticatedBewit>;`
110
111	`export function authenticateMessage(`
112	`host: string,`
113	`port: number,`
114	`message: string,`
115	`authorization: Message,`
116	`credentialsFunc: CredentialsFunc,`
117	`options: AuthenticateMessageOptions,`
118	`): Promise<AuthenticatedMessage>;`
119
120	`export function authenticatePayload(`
121	`payload: string,`
122	`credentials: Credentials,`
123	`artifacts: Crypto.Artifacts,`
124	`contentType: string,`
125	`): void;`
126
127	`export function authenticatePayloadHash(calculatedHash: string, artifacts: Crypto.Artifacts): void;`
128
129	`export function header(credentials: Credentials, artifacts: Crypto.Artifacts, options?: HeaderOptions): string;`