Auth hooks

Auth hooks lets you override the default security behaviour on specific routes. If an auth hook route matches a route hook, and no authentication token is present in the headers, the auth function is called as a last resort to allow or dismiss the request. The auth hook function logic calls next() to allow, or response.end() to block a client request.

Use the auth hook to create public routes and custom rules and overrides to fit any use case.

Example auth hook

index.js
import app from 'codehooks-js' // Standard JS lib for express style code

// REST API routes
app.get('/specialroute/frags', (req, res) => {
    res.end('You have the correct secret header value');
})

// Auth hook
app.auth('/specialroute/*', (req, res, next) => {
    // call some auth function here, e.g. myLookup
    myLookup(req.headers['X-challenge'], (err, data) => {
        if (err) {
            res.status(401); // Unauthorized
            res.end();
        } else {
            // allow API call
            next();
        }
    })
})

function myLookup(challenge, callback) {
    if (challenge === 'SOMESECRET') {
        callback(null);
    } else {
        callback('Sorry');
    }
}

export default app.init(); // Bind functions to the serverless runtime

See docs for route matching

See docs for middleware functions and the next() function

Example auth hook​

Example auth hook