DO NOT USE! This module is in heavy development and thus will not work and/or is subject to large-scale changes.
TDPAHAuth is designed to be a simple and fast user authentication module written in NodeJS, built specifically for use with the awesome ActionHeroJS API server.
TDPAHAuth is designed to run under ActionHeroJS only and thus you'll encounter problems if you run it any other way (although modification to makle it more generalised would not be too much work).
Currently TDPAHAuth is tested against ActionHeroJS 6.1.0+.
This also means that TDPAHAuth effectively has the same dependencies as ActionHeroJS.
Some backends have functional restrictions so it's best to check those via their JugglingDB module documentation as some of these restrictions may be significant depending on your requirements.
Security is a key focus of TDPAHAuth and care has been taken to implement good practice however it should be noted that this is both free/open software and also work in progress - thus the code may not be perfect in (at least) security terms. Since the source code is open, it is strongly recommended that all (and particularly security-conscious users) read the source code - please highlight any concerns or issues found via a github issue [INSERT LINK].
A perennial recommendation of TDPAHAuth is to implement secure access to the system itself, typically this includes SSL-based access (HTTPS:// and/or WSS:// protocols) alongside strong access restrictions in your firewall configuration and operating system and applications.
TDPAHAuth is strictly an authentication module but has a sister module named TDPAHACL [INSERT LINK] which is a complimentary ACL (Access Control List) system, again design to run under ActionHeroJS.
Installation is relatively simple…
TODO: Publish the NPM and write proper instructions here. Which parts are automated/manual?
TDPAHAuth is configured via the included TDPAHAuthConfig.js file which is a simple JSON file containing all options. The configuration options in TDPAHAuthConfig.js can be partially or completely overridden by passing in a JS object of the same structure to the TDPAHAuth.init() function.
TDPAHAuth is relatively easy to set up and use, the various available methods along with examples can be found here:
- Core methods
- User-specific methods
- Organisation-specific methods
- Role-specific methods
- Status codes (used in several returned/output objects)
Something here about performance with various backends/user tables etc. Example perf data would be very useful (maybe vs ZF?).
Show how to run tests
- Update to AH 6.2.5
- Think about caching and TTLs
- Consider how best to handle roles - need to be able to indicate admin/SU roles
- Complete docs
- Denote mandatory params in function calls
- Complete code
- Complete config - should have default/example props/objects
- Write tests
- Post install scripts to move files to relevant locations in ActionHeroJS
- Publish to NPMJS.org
- Potential new features:
- FOR ACL: SHOULD WE ALLOW SETTING ACL CONFIG IN ACTION FILE? WOULD BE MORE LOGICAL BUT WOULD POTENTIALLY CREATE MESSY AND HARD TO UNDERSTAND CONFIGS