Auth hooks
Auth hooks lets you override the default security behaviour on specific routes.
If an auth hook route matches a route hook, and no authentication token is present in the headers, the auth function is called as a last resort to allow or dismiss the request.
The auth hook function logic calls next() to allow, or response.end() to block a client request.
Use the auth hook to create public routes and custom rules and overrides to fit any use case.
Example auth hook
index.js
import app from 'codehooks-js'; // Standard JS lib for express style code
// REST API routes
app.get('/specialroute/frags', (req, res) => {
res.end('You have the correct secret header value');
});
// Auth hook
app.auth('/specialroute/*', (req, res, next) => {
// call some auth function here, e.g. myLookup
myLookup(req.headers['X-challenge'], (err, data) => {
if (err) {
res.status(401); // Unauthorized
res.end();
} else {
// allow API call
next();
}
});
});
function myLookup(challenge, callback) {
if (challenge === 'SOMESECRET') {
callback(null);
} else {
callback('Sorry');
}
}
export default app.init(); // Bind functions to the serverless runtime