authorize-decorator
Validating JWT and implement your express API easily with decorators
Authorize decorator is a npm package for NodeJs to be used with express Web API server and let you use the decorator and validate the request using its default function for validation.
Features
- Use the @Authorize decorator as C# / Java annotation.
- Implement with express function as pre evaluating method.
- Store the JWT (default) on server request.
- New implementation of Request interface from express and with 'userData' property with the payload
authorize-decorator is a lightweight decorator and method to implement JWT easily.
Tech
authorize-decorator uses a number of open source projects to work properly:
- node.js - as default application (^14.15.4)
- jsonwebtoken - jsonwebtoken for validation of the header's Authorization Bearer token (^8.5.1)
- Express - fast node.js network app framework (^4.18.2)
- reflect-metadata - Reflect metadata to allow Decorators (^0.1.13)
- ts-node - Ts-node and ts-node-dev (because it's on TypeScript) (^10.9.1)
You can download the public repository here on GitHub.
Usage
Authorize-decorator requires node.js v14+ to run and is implemented using TypeScript and a Controller file implementing its router function.
Controller UserController.ts
//UserController.ts
import { Request, Response } from 'express';
import { Authorize, AuthRequest } from 'authorize-decorator';
class UserController {
PublicEndpoint(req: Request, res: Response) {
//do some task...
console.log('basic example without authorize decorator');
res.send({ message: 'Public endpoint was consummed', code: 200 });
}
@Authorize()
PrivateEndpoint(req: AuthRequest, res: Response) {
//do some task...
console.log('Private endpoint with private decorator');
console.log(req.userData);//console.log user data from JWT info
res.send({ message: 'Private endpoint was consummed', code: 200 });
}
}
export const PublicEndpoint = new UserController().PublicEndpoint;
export const PrivateEndpoint = new UserController().PrivateEndpoint;Main index.ts
//index.ts
import * as http from 'http';
import { Request, Response, NextFunction } from 'express';
const express = require('express');
const { JwtValidation } = require('authorize-decorator');
import { PublicEndpoint, PrivateEndpoint } from './UserController';
const app = express();
app.get('/basic', PublicEndpoint);
const signInKey = 'a940532f-c7e9-68a2-0b8d-7c97da19a21c';//example sign-in key for JWT
app.get('/auth', (req: Request, res: Response, next: NextFunction) => JwtValidation(signInKey, req, res, next),
PrivateEndpoint);
const server = http.createServer(app);
const PORT = process.env.NODE_EXPRESS_PORT || 3000;
server.listen(PORT, () => {
console.log(`Server listening on address http://localhost:${PORT}`);
});Development
Want to contribute? Great!
Authorize decorator uses Typescript for fast development.
Package exports
-
Authorize: Method decorator to use on protected endpoint methods of a class as @Authorize()
-
JwtValidation: Function that validates the JWT sent or rejects the request if the token is invalid or it is absent. This is used on the declaration of the definition of the app.( get | post | delete | put ) method as second parameter (check index.ts:13). It accepts 4 parameters:
-
signInKey : string => The key that was used to generate the token, could be as a good practices store on .env file and/or encrypt the string for security purposes.
-
req : Request => The express request property
-
res : Response => The express response property
-
next : NextFunction => The express next function that gives the chance to use next implementation (I.e. PrivateEndpoint).
-
-
AuthRequest: The authorized request property inherits from Request of express with the aditional property of the payload transformed into the 'userData' prop. This is meant to be used into @Authorized methods.
- userData: Property with the data of the payload transformed in JSON. Some properties of userData might be unique_name, role, iss (issuer of jwt), exp (expiration), email, aud (audience).
Test
To test te package from the source package, use npm test or npm run test:watch
npm testLicense
MIT
This implementation is free everywhere and forever
Contact developers
Collaboration:
- @ilix.moralez: Main developer
- No one else (yet)