cf-auth-middleware

3.1.0 verified Sat Apr 25 auth: no javascript

Express middleware for authenticating API requests using cf-auth-provider and request signing. Provides HMAC-based authentication via headers or query parameters, with custom TTL and per-request entity injection. Supports Node >=4. Designed for use with cf-signature for client-side signing. Configurable logger, request property, and query key filtering. Stable v3 series with minimal API changes.

Common errors

error TypeError: createAuthMiddleware is not a function ↓

cause Using ES6 import syntax with CommonJS package.

fix

Replace import with const createAuthMiddleware = require('cf-auth-middleware');

error Error: authentication failed - missing x-cf-date header ↓

cause Request missing required date header or query parameter.

fix

Ensure client includes x-cf-date in header or query string.

error TypeError: Cannot read property 'debug' of undefined ↓

cause options.logger is missing required methods (debug, info, warn, error).

fix

Provide a logger object with those methods or omit (defaults to console).

Warnings

gotcha Query string parameters must match exactly; extra keys like cachebusting params will cause signature mismatch unless ignored via options.ignoreQueryKeys. ↓

fix Add custom query keys to options.ignoreQueryKeys array.

breaking v2 deprecated; v3 changed default reqProperty from 'authedClient' to 'authedClient' (same) but removed some undocumented options. ↓

fix Update to v3 and review custom options.

gotcha Cannot be used without cf-auth-provider; signature verification requires a pre-configured provider instance. ↓

fix Initialize auth provider with your collection and hash function before creating middleware.

gotcha TTL is parsed as milliseconds; ensure client sends x-cf-ttl as integer string. ↓

fix Validate client sends x-cf-ttl as number in milliseconds.

Install

npm install cf-auth-middleware

yarn add cf-auth-middleware

pnpm add cf-auth-middleware

Imports

createAuthMiddleware

wrong

import createAuthMiddleware from 'cf-auth-middleware'

correct

const createAuthMiddleware = require('cf-auth-middleware')

Package is CommonJS-only; no default ESM export. Use require().

middleware (returned by createAuthMiddleware)

wrong

const authMiddleware = createAuthMiddleware()

correct

const authMiddleware = createAuthMiddleware(authProvider, options)

authProvider is mandatory; options is optional.

createAuthMiddleware (as named import attempt)
wrong
```
const { createAuthMiddleware } = require('cf-auth-middleware')
```
correct
```
const createAuthMiddleware = require('cf-auth-middleware')
```
Export is a single function directly, not an object with named property.

Quickstart

Shows basic setup: create auth middleware with provider and apply to a route.

var express = require('express');
var createAuthMiddleware = require('cf-auth-middleware');
var authProvider = require('cf-auth-provider')(myCollection, hashFn);
var app = express();
var authMiddleware = createAuthMiddleware(authProvider, {
  reqProperty: 'user',
  logger: console
});
app.get('/private', authMiddleware, function (req, res) {
  res.send(`Hello ${req.user || 'unknown'}`);
});
app.listen(3000);