carbond.security.ApiKeyAuthenticator

extends Authenticator

An abstract class for API key authentication

Instance Properties

apiKeyLocation
string
Default header
Description The loaction of the API key, either header or query.
apiKeyParameterName
string
Default Api-Key
Description The name of the API key parameter
idGenerator
IdGenerator
Default UUIDGenerator
Description The ID generator to generate API keys.
maskUserObjectKeys
string[]
Default undefined
Description An array of properties that should be masked on the user object in the logs. Used for masking sensitive information.

Abstract Methods

findUser  
Arguments
  • apiKey (string) – The API Key that was sent with this request
Returns A user object
Return type Object
Description An abstract method for finding the user from an API key. Should be implemented by subclasses. For example, MongoDBApiKeyAuthenticator

Methods

authenticate  
Arguments
  • req (Request) – The current request
Throws HttpErrors.Unauthorized If no user matching the API key is found
Throws HttpErrors.InternalServerError If apiKeyLocation is malformed, or if there is an error finding the user.
Returns An object representing the user
Return type Object
Description Authenticates the current request using an API key. Returns a user object that matches the API Key sent with the request. If no user matching the API key is found, throws a 401 Unauthorized error.
generateApiKey  
Returns A UUID (see [Wikipedia]undefined)
Return type string
Description Generates a UUID using idGenerator
getAuthenticationHeaders  
Returns An array containing the name of the header which contains the API key. An empty array if the location of the API key is in the querystring.
Return type string[]
Description Gets an array containing apiKeyParameterName
getService
Inherited fromAuthenticator
Returns The parent Service
Return type Service
Description A getter for the parent Service
initialize
Inherited fromAuthenticator
Arguments
  • service (Service) – The parent Service
Return type undefined
Description Initializes the authenticator. Called by start on the parent Service and sets this.service to the parent Service.
throwUnauthenticated
Inherited fromAuthenticator
Arguments
  • msg (string) – The message returned with the 401 error.
Throws HttpErrors.Unauthorized
Return type undefined
Description Throws a 401 Unauthorized Error.