{"library":"simple-hmac-auth-express","title":"Simple HMAC Authentication Express Middleware","description":"This package, `simple-hmac-auth-express`, provides an Express middleware designed for implementing HMAC-based authentication in API endpoints. It acts as a wrapper around the `simple-hmac-auth` core library, integrating its authentication logic seamlessly into the Express request-response cycle. The current stable version is v1.3.0, released in August 2022. Releases appear to be event-driven, primarily driven by updates to its core dependency or maintenance tasks. A key differentiator is its ability to handle request body parsing internally, which is crucial for HMAC signature verification that often requires access to the raw request body before other middleware might consume it. It requires `secretForKey` (a function returning a Promise for the secret) and `onRejected` handlers for failed authentication.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install simple-hmac-auth-express"],"cli":null},"imports":["import auth from 'simple-hmac-auth-express';","const auth = require('simple-hmac-auth-express');","import type { HmacAuthMiddlewareOptions } from 'simple-hmac-auth-express';"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import express from 'express';\nimport auth from 'simple-hmac-auth-express';\n\nconst app = express();\n\napp.use(auth({\n  // Required: Return a promise that resolves with the secret for the specified API key.\n  // This function is async since v1.3.0 and core library v4.0.0.\n  secretForKey: async (apiKey) => {\n    // In a real application, you would fetch the secret from a database or secure store\n    // based on the provided apiKey. For example purposes, we return a hardcoded secret.\n    if (apiKey === 'MY_API_KEY') {\n      return process.env.HMAC_SECRET_KEY ?? 'my-super-secret-key';\n    }\n    return null; // API key not found\n  },\n\n  // Required: Handle requests that have failed authentication.\n  onRejected: (error, request, response, next) => {\n    console.error(`Authentication failed for \"${request.apiKey}\": ${error.message} on ${request.method} ${request.url}`);\n    response.status(401).json({\n      error: {\n        message: error.message || 'Authentication Failed'\n      }\n    });\n  },\n  \n  // Optional: Handle requests that have passed authentication.\n  onAccepted: (request, response) => {\n    console.log(`\"${request.apiKey}\" authenticated request to ${request.method} ${request.url}`);\n  },\n\n  // Optional: Body-parser options. The middleware parses the body itself for signature verification.\n  // It should be placed before other body parsing middleware.\n  body: {\n    json: { strict: false, limit: '1mb' },\n    urlencoded: { extended: true, limit: '5mb' },\n    text: { type: 'application/octet-stream' }\n  }\n}));\n\napp.get('/protected', (req, res) => {\n  res.send(`Hello, authenticated user with API Key: ${req.apiKey}!`);\n});\n\napp.post('/protected-data', (req, res) => {\n  // Access parsed body if configured in 'body' options\n  res.json({ message: 'Data received and authenticated!', data: req.body });\n});\n\nconst PORT = process.env.PORT || 3000;\napp.listen(PORT, () => {\n  console.log(`Server running on port ${PORT}`);\n  console.log('Use MY_API_KEY and hmac signature for /protected and /protected-data');\n});","lang":"typescript","description":"This quickstart demonstrates how to set up `simple-hmac-auth-express` middleware in an Express application. It shows the basic configuration with `secretForKey` and `onRejected` functions, including optional body parsing settings. It provides an example of a protected route and how to access authenticated requests.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}