From e48cfb1d8681c6818d69c70ea25cc8f3966cc74b Mon Sep 17 00:00:00 2001 From: Leon Strauss Date: Tue, 11 Oct 2016 14:49:09 +0200 Subject: [PATCH] added todo --- .gitignore | 1 - README.md | 12 ++++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 70c04bf..eb03e3e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ node_modules *.log -server.js diff --git a/README.md b/README.md index f7db4d7..609b877 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ likely look up some data instead ;-) # Custom Async Authorization -Note that the `authorizer` function is expected to be synchronous here. This is +Note that the `authorizer` function above is expected to be synchronous. This is the default behavior, you can pass `authorizeAsync: true` in the options object to indicate that your authorizer is asynchronous. In this case it will be passed a callback as the third parameter, which is expected to be called by standard node convention @@ -90,7 +90,7 @@ on unauthorized responses: challenge: true })); -# Try it +## Try it The repository contains an `example.js` that you can run to play around and try the middleware. To use it just put it somewhere (or leave it where it is), run @@ -100,3 +100,11 @@ the middleware. To use it just put it somewhere (or leave it where it is), run This will start a small express server listening at port 8080. Just look at the file, try out the requests and play around with the options. + +## To Do + +- Allow customization of unauthorized response body +- Allow to set a realm for the challenge +- Some kind of automated testing with the example server +- Maybe add some optional callback to be called for unauthorized requests (for security logging) +- Decide wha should be included in `1.0.0`