Skip to content

Commit

Permalink
Document how to secure client api #231
Browse files Browse the repository at this point in the history
  • Loading branch information
ivaosthu committed Jan 17, 2018
1 parent 04e94b2 commit 3ef6f0f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 1 addition & 2 deletions docs/securing-unleash.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ unleash.start({
}).then(unleash => {
console.log(`Unleash started on http://localhost:${unleash.app.get('port')}`);
});

```

Examples on custom authentication hooks:
Expand All @@ -42,7 +41,7 @@ UnleashConfig unleashConfig = UnleashConfig.builder()
.build();
```

On the unleash server side you need to implement a preRouterHook hook which verifies that all calls to `/api/client` includes this pre shared key in the defined header. This could look something like this:
On the unleash server side you need to implement a preRouter hook which verifies that all calls to `/api/client` includes this pre shared key in the defined header. This could look something like this:

```javascript
const unleash = require('unleash-server');
Expand Down
3 changes: 3 additions & 0 deletions examples/client-auth-unleash.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,10 @@ const sharedSecret = '12312Random';
unleash
.start({
databaseUrl: 'postgres://unleash_user:passord@localhost:5432/unleash',
<<<<<<< HEAD
enableLegacyRoutes: false,
=======
>>>>>>> 0681945... Document how to secure client api #231
preRouterHook: app => {
app.use('/api/client', (req, res, next) => {
if (req.headers.authorization === sharedSecret) {
Expand Down

0 comments on commit 3ef6f0f

Please sign in to comment.