Secure Internal Tools with Github Login
Most developers have already a Github account. Secure access to your internal tools with it. Open sourced NodeJS Express middleware.
Published in
1 min readDec 14, 2017
We create many web-based tools to simplify the lives of developers. For example, our deployer tool allows developers to see & manage which services are deployed in which environment. These tools are powerful and should only be used by developers who know what they are doing. But how to secure them?
We found Github a great choice to control access. Github offers standard OAuth authentication, has a great API, and most developers have already a Github account.
As authentication with Github became a best practice for us, we open sourced a simple Express middleware that allows to easily secure the access to certain paths.
Using the middleware is as simple as:
const auth = require('github-oauth-middleware')({
githubClientId: '58923a7889c767899743',
githubClientSecret: '712453289412645349a498327r53287594397374',
githubRedirectUrl: 'http://localhost:8080/auth/github/callback',
githubSessionSecret: 'random-value',
whiteListedUsers: ['my_github_username']
});// Add middleware
app.use(auth.middleware);// Controls access to root path
app.use('/',
auth.isLoggedIn,
express.static(path.join(__dirname, 'public')));
You can find the github-oauth-middleware on Github.
Happy coding!
Photo: othree
