Oasis Auth Validate

The Oasis Auth Validate library is designed to validate security information, such as headers and data provided when invoking methods. It supports multiple validation types that can be enabled or disabled based on the user’s specific requirements.

Validation Types

1. Allowed Origins Validation:
   • This validation checks the referer header against a list of permitted origins. The allowed origins list is passed to the method, ensuring that the request originates from an authorized source.
   • Configurable: Can be activated or deactivated depending on the user's needs.
2. Time-Limit Validation:
   • Ensures the request is made within a specific time frame. The time limit is provided when invoking the method, and the request is validated against it.
   • Configurable: Can be enabled or disabled as needed.
3. Headers Validation:
   • Specific headers like SecFetchSite, SecFetchMode, and SecFetchDest are checked to verify that they originate from a trusted source.
   • Configurable: This validation can be toggled on or off according to the user’s preferences.
4. Allowed IPs Validation:
   • The request's IP address is checked against a range of allowed IPs. This ensures that dynamic IPs remain within a valid range without significant changes, preventing security risks.
   • Configurable: Can be enabled or disabled based on the user’s needs.
5. User-Specific IP Validation:
   • Each user is associated with a set of allowed IPs. The request IP is validated against this list to ensure it matches the user’s authorized IPs.
   • Configurable: This validation can also be enabled or disabled.

Installation and usage: oasis-auth-validate

Installation

npm install oasis-auth-validate

Import oasis-auth-validate

Now, go ahead import, and install the library in the main.js file of your project /src folder as follows:

const { validateInfoRedirect } = require('oasis-auth-validate');

const { isValidRedirect, errorCodes } = validateInfoRedirect(
      {
			  event,                  // (Object) Headers of the request.
			  timeStamp,              // (Number) Time when the request was created, in milliseconds.
			  ips: ip,                // (Array) Array of IP addresses allowed for the request.
			  validateSecurity,       // (Boolean) Flag to enable or disable the entire validation method.
			  limitTime,              // (Number) Time limit for request validation, in seconds.
			  allowedOrigins,         // (Array) List of allowed origins for cross-origin requests.
			  userIpsValidations: infoUser.ips  // (Array) User-specific IP validation, if any.
			},
      {
  validateAllowedIp: true,         // (Boolean) Enables or disables validation of allowed IPs.
  validateLimitTime: true,         // (Boolean) Enables or disables validation of the time limit.
  validateAllowOrigins: true,      // (Boolean) Enables or disables validation of allowed origins.
  validateHeadersRedirect: true,   // (Boolean) Enables or disables validation of security headers.
  validateUserIps: false           // (Boolean) Enables or disables validation of user-specific IPs.
}
    )

Explanation of fields:

• event: Contains the headers from the request, which are used to validate origins, security headers, and other parameters.
• timeStamp: The timestamp indicating when the request was created, used to validate time-limited requests.