Coder Social home page Coder Social logo

joergrech / verdaccio-mongodb Goto Github PK

View Code? Open in Web Editor NEW
4.0 1.0 0.0 570 KB

The MongoDB Authentication plugin for Verdaccio

License: MIT License

TypeScript 84.14% JavaScript 15.86%
auth authentication documentdb mongodb plugin verdaccio verdaccio-plugin

verdaccio-mongodb's Introduction

verdaccio-mongodb

The MongoDB Authentication plugin for Verdaccio

This plugin enables you to use a MongoDB or compatible database (e.g., AWS DocumentDB - currently, compatible to MongoDB 3.6 and 4.0) as the store for your user data. This is especially useful if you want to use an existing user database, if you have other registries beside npm/verdaccio with the same users, if you want to store additional information with the users, or if you want to create users from an external system.

NOTE: This plugin includes a basic counting mechanism for activities which might be used as a "weekly download" indicator (currently this data is only available in the MongoDB)

Installation

Install MongoDB auth plugin into Verdaccio

Add the MongoDB auth plugin to your Verdaccio installation like this:

npm install -g verdaccio-mongodb

Setup Database

  1. Create a MongoDB (or DocumentDB, etc.)
  2. Create "admin" user with correct roles, rights, and password
  3. Secure database with password, auth keys or secure VPN
  4. Create or identify collections
    • Create or identify a collection for the users (must include a field for unique username/email, password (currently, only bcrypt), and usergroups)
    • Optional: Create a collection for the packages (will store counts for activities such as access, publish and unpublish)
  5. Create indices as needed
    • The "users" collection could use a index on the field holding the "username"
    • The "packages" collection could use a index on the field holding the "packagename"

Configure Verdaccio to use MongoDB auth

Change the auth section in your config.yaml file to include the following. Replace the existing auth section or add it to an existing auth chain - but first replace placeholders with your specific values.

auth:
  mongodb:
    uri: "mongodb+srv://[username]:[password]@[host1][:port1]/[db]"
    db: "verdaccio"
    collections:
      users: "users"
      packages: "packages"
    encryption: "bcrypt"
    allowAddUser: true
    countActivity: true
    cacheTTL: 300000
    adminGroup: "&admin"
    fields:
      username:   "username"
      password:   "password"
      usergroups: "usergroups"
      packagename: "packagename"
    rights:
      access:     "user"
      publish:    "maintainer"
      unpublish:  "maintainer"

Configuration options

  • uri: The MongoDB-like URI including admin username, password and database holding the user collection. [REQUIRED]
  • database: The database in the MongoDB holding the user collection [REQUIRED]
  • collections: (name of the collections in the mongodb database)
    • users: Name of the user collection used to store the unique user with passwords and additional information (e.g., username, email, access, etc.). Defaults to users [REQUIRED]
    • packages: Name of the packages collection used to store information on the packages (e.g., name, access, versions, etc.). Defaults to packages [OPTIONAL]
  • encryption: The mechanism to encrypt the password (currently supported: none, bcrypt). Defaults to bcrypt [OPTIONAL]
  • allowAddUser: Switch to allow or disallow adding users. Defaults to false [OPTIONAL]
  • countActivity: Switch to enable or disable counting access, publish, or unpublish events. Defaults to false [OPTIONAL]
  • cacheTTL: Time an entry lives in the cache measured in ms. Defaults to 300000 (5 minutes) [OPTIONAL]
  • adminGroup: The name of the group of admins allowed to access, publish, or unpublish any package. Must be different from user or package names! Defaults to __admin__ [OPTIONAL]
  • fields: (name of the fields in the mongodb collection)
    • username: Name of the field used to store the unique username (e.g., user, username, email, etc.). Defaults to username [OPTIONAL]
    • password: Name of the field used to store the password (e.g., pass, password, token, etc.). Defaults to password [OPTIONAL]
    • usergroups: Name of the field used to store the array of usergroups (e.g., groups, usergroups, roles, etc.). Defaults to usergroups [OPTIONAL]
  • rights: (Definition of who is allowed to work with packages)
    • access: Name of people allowed to access a package (currently supported: maintainer, contributor, user). Defaults to user (if authenticated or anonymous user depends on 'packages' config) [OPTIONAL]
    • publish: Name of people allowed to publish a package (currently supported: maintainer, contributor, user). Defaults to user (if authenticated or anonymous user depends on 'packages' config) [OPTIONAL]
    • unpublish: Name of people allowed to unpublish a package (currently supported: maintainer, contributor, user). Defaults to user (if authenticated or anonymous user depends on 'packages' config) [OPTIONAL]

NOTES

An alternative verdaccio auth plugin exists called verdaccio-auth-mongo: see https://www.npmjs.com/package/verdaccio-auth-mongo and https://gitlab.com/stack-library-open/verdaccio-auth-mongo/-/blob/master/index.js

verdaccio-mongodb's People

Contributors

joergrech avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.