Auth
Description
Auth is a library that provides helpers to manage user authorization via bearer token, with express routers. This library depends on @rexfng/db
Define Environment Variables
Define the follow environment variable. They are all required.
| Variable Name | Description |
|---|---|
| APP_NAME | App name for 2fa issuer |
| APP_URL | The website of the project |
| AUTH_SECRET | Server side static salts |
| EMAIL_PASS | Sendgrid email api credentials for emailresetpasswordtouser api routes |
| MONGODB_DATABASE_URL | Mongodb database url |
| SYSTEM_EMAIL | The email the emailresetpasswordtouser sent from |
| TWILIO_API_KEY | twilio api key for sms verifying code |
Initialize Express Middleware
Auth can be passed in as an express middleware to check for validity of bearer token. (The middleware looks for req.token which is provided by node module express-bearer-token)
const authCheck = require('@rexfng/auth').middleware.authCheck
const bearerToken = require('express-bearer-token');
app.use(bearerToken());
app.use(authCheck());
Creating Routes Exceptions for authchecks
const authCheck = require('@rexfng/auth').middleware.authCheck
const unless = require('express-unless');
app.use(authCheck().unless({
path: [
'/',
'/api/v1/token',
'/api/v1/register',
'/\/test*/',
'/ac'
]
}));SMS Get Code / Verification Helper
Options are accessible from the raw Twilio API
const smsgetcode = require('@rexfng/auth').helper.smsgetcode({
"phone_number": String, //"6047229494"
"country_code": String, //"1"
"code_length": Integer //4-10 default to 6
}) //returns a promise
const smsverifycode = require('@rexfng/auth').helper.smsverifycode({
"phone_number": String, //"6047229494"
"country_code": String, //"1"
"verification_code": String //"2421"
}) //returns a promiseRouter Helper
const Auth = require('@rexfng/auth')
const Register = Auth.routes.api.register
const Login = Auth.routes.api.login
const Logout = Auth.routes.api.logout
app.use('/', Register) // POST /register
app.use('/', Login) // POST /login
app.use('/', Logout) //POST /logoutRegister Endpoint
The endpoint takes in JSON Body in the following format http://localhost:3000/register POST
{
"username": String,
"password": String,
"udid": String //optional! unique device id so user can login and logout specifc device if this is provided
}
Response Code
| CODE | MESSAGE | Details |
|---|---|---|
| 201 | ACCEPTED | Return access_token |
| 406 | PASSWORD_COMPROMISED | Server checked with https://api.pwnedpasswords.com and found that the provided password had been previously compromised. |
| 409 | USERNAME_ALREADY_EXIST | Server checked with MONGODB and found the same username already exist |
| 422 | MISSING_KEYS | The provided body must have "username" and "password" and both should be strings. |
| 500 | INTERNAL_ERROR | Server side error |
Response
{
access_token: String, // JWT Token expires in 15 minutes
refresh_token: String // JWT Token expires in 60 days
}
Login Endpoint
The endpoint takes in JSON Body in the following format http://localhost:3000/login POST
{
"username": String,
"password": String
}
Response Code
| CODE | MESSAGE | Details |
|---|---|---|
| 201 | ACCEPTED | Return access_token |
| 401 | UNAUTHROIZED | Server checked with MONGODB and found the same username, but the password was not matching, therefore denying access. |
| 404 | USERNAME_NOT_FOUND | Cannot find provided username from the database. |
| 500 | INTERNAL_ERROR | Server side error |
Response
{
access_token: String, // JWT Token expires in 15 minutes
id_token: String, // JWT Token expires in 15 minutes
refresh_token: String // JWT Token expires in 60 days
}
Refresh Token Endpoint
The endpoint takes in JSON Body in the following format http://localhost:3000/token/refresh POST
{
refresh_token: String // JWT Token expires in 60 days
}
Response Code
| CODE | MESSAGE | Details |
|---|---|---|
| 201 | ACCEPTED | Return access_token |
| 401 | UNAUTHROIZED | Server found refresh_token invalid |
| 422 | MISSING_KEYS | Cannot find provided refresh_token from the request. |
| 500 | INTERNAL_ERROR | Server side error |
Response
{
access_token: String, // JWT Token expires in 15 minutes
id_token: String // JWT Token expires in 15 minutes
}
Has User Email Been Breached?
Pairing with Password Strength Endpoint, Your app can check wheather an email account had been breached in the pass via making a GET request to https://haveibeenpwned.com/api/v2/breachedaccount/bob@example.com
Password Strength Endpoint
The endpoint consider the password's strength and whether it had been compromised. It can be used to encourage end user to choose a strong password and avoid weak or compromised ones. The endpoint combines PasswordMeter Module and https://haveibeenpwned.com
The endpoint takes in JSON Body in the following format http://localhost:3000/passwordstrength POST
{
"password": String
}
Response Code
| CODE | MESSAGE | Details |
|---|---|---|
| 200 | ACCEPTED | Successfully submitted a request |
| 500 | INTERNAL_ERROR | Server side error |
Response
//Scores Table
{
"0": "compromised",
"40": "veryWeak", // 001 <= x < 040
"80": "weak", // 040 <= x < 080
"120": "medium", // 080 <= x < 120
"180": "strong", // 120 <= x < 180
"200": "veryStrong", // 180 <= x < 200
"_": "perfect" // x >= 200
}
{
"score": 0,
"status": "compromised",
"percent": 8.5
}
Password Change Endpoint
The endpoint takes in JSON Body in the following format http://localhost:3000/passwordchange POST
{
"oldpassword": String,
"newpassword": String
}
Response Code
| CODE | MESSAGE | Details |
|---|---|---|
| 204 | ACCEPTED | Successfully change password of a user |
| 401 | UNAUTHORIZED | The old password provided was incorrect |
| 500 | INTERNAL_ERROR | Server side error |
Response
//no content
Password Reset Endpoint
The endpoint takes in JSON Body in the following format
http://localhost:3000/email/resetpassword POST
{
"email": String,
"token": String,
"subject": String
}
Email Confirmation
http://localhost:3000/email/resetpassword_confirmation POST
{
"email": String,
"token": String,
"password": String
}
SMS
http://localhost:3000/sms/resetpassword POST
{
"phone_number": String,
"country_code": String
}
SMS Confirmation
http://localhost:3000/sms/resetpassword_confirmation POST
{
"phone_number": String, //"6047229494"
"country_code": String, //"1"
"verification_code": String //"2421"
"password": String
}
Voice
http://localhost:3000/voice/resetpassword POST
{
"from": String,
"to": String, // +16041234567
"url": String //Twixml Template - {{code}} will be replaced.
}
Voice Confirmation
http://localhost:3000/voice/resetpassword_confirmation POST
{
"label": String,
"token": String,
"to": String, // +16041234567
"password": String
}
Response Code
| CODE | MESSAGE | Details |
|---|---|---|
| 200 | SUCCESS | OK |
| 500 | INTERNAL_ERROR | Server side error |
Response
//no content