express-jwt-enhanced

1.2.4 • Public • Published

Express JWT Enhanced

Features

  • It can be used as a authenticator & session data
  • It can be used as stateless or statefull(with redis for horizontal scaling)
  • with csrf & captcha protection ability

Install

    npm install --force express-jwt-enhanced

Usage

    const express = require('express')
    const cookieparser= require('cookie-parser') //necessary for web apps (by default it stored in cookie on client side)  . for mobile apps you can get token via json result
    const app = express()

    const options={
        expire: 3600,           // alive for seconds
        secret :`$eCr3T`,       // importat!!!! : change it
        sec_cookie: false,      // if true only pass on https. on develop dont set it to true

        use_redis : false,      // use redis or not
        redis_host:'localhost',
        redis_port:6379,
        redis_pass:'',
        
    }
    const ejwt  = require('express-jwt-enhanced')(options); 

    app.use(cookieparser())          //necessry for parsing token cookie
       .use(express.json())          //necessary for parsing application/json
       .use(express.urlencoded({}))  //necessary for parsing application/x-www-form-urlencoded
       .use(function(req,res,next){ejwt.req=req,ejwt.res=res,next()})    //necessary 
    

Examples

Login:

app.get('/login', async(req, res)=> {
  
  await ejwt.set({ 
      loggedin:true,
      user:{
         user:'aghae',
         rol:'admin' 
      })

  res.json({  succ: 'logined successfully',
              //bellow `token,csrf_token` required for mobile app clients but it no need in web apps
              token:ejwt.token,
              csrf_token: ejwt.data.csrf_token
  })

  /* 
    for `web app` everything is  ok.  
    But for `mobile app` you must post these token  & csrf_token for each requests
  */
})

Logout:

app.get('/logout', async(req, res)=> {
    await ejwt.unset()
    res.send('logouted.')
});

Auth Middleware:

//auth middleware
async function auth(req,res,next){
    var ret = await ejwt.get()
    ret && ret.loggedin ? next() : res.json({err:'auth failed'})
}

//using auth middleware
app.get('/is_authed',auth, async (req, res)=> {
    res.send('Authed. ;)')
});

CSRF Generate:

app.get('/csrfgen', async (req, res)=> {

    res.json(await ejwt.csrfgen())

    /* in real world:

      await ejwt.csrfgen()
      res.render('your-form.hrml')

    */
});

CSRF Check:

app.get('/csrfchk', async (req, res)=> {

    res.json(await ejwt.csrfchk())
    
    /* in real world

      var csrf_chk = await ejwt.csrfchk()
      if(csrf_chk.err) 
          res.send('csruf token error')
      else
          do somthing....

    */
});

Captcha:

app.get('/captcha', async function(req, res) {
    res.type('svg').send(await ejwt.captcha_gen())
});

app.get('/captcha-form', async function(req, res) {
    res.send(`
          <form method='POST' action='/captcha_chk' >
            <img src="/captcha" ><br>
            <input name='captcha' placeholder='Enter above text :'>
          </form>
    `,
    200,{'Content-Type':'text/html'})
});


app.post('/captcha_chk', async function(req, res) { //this must be post method
    res.send(await ejwt.captcha_chk())
});

API's

  • await set (payload,expire=3600) set payload json data  

  • await get ()
    get payload json data
     

  • await unset()
    unset payload json data  

  • await getkey (key) get specified payload key  

  • await setkey (key,val,expire = null) set payload key . nested key like user.profile accepted too

      example:
    
        await set({user:{}})
        await setkey('user.profile',{name:'a.',fam:'aghae',favs:['fav1','fav2']})
    
      result: 
        {
          user:{
            profile:{
              name:'a.',
              fam:'aghae',
              favs:['fav1','fav2']
            }
          }
        }
    
     
    
  • await unsetkey (key) unset specified payload key  

  • await csrfgen () Use it on route that render your form . check it out on above Eample  

  • await csrfchk () For mobile app you must post csrf_token to the route that use this method  

  • await captcha_gen (expire=0,captcha_name='captcha') For mobile app you must send captcha_name input as a posted data( by default captcha ) to the route that will call captcha_chk  

  • await captcha_chk (captcha_name='captcha') check input posted captcha_name ( by default is captcha )  

  • data decoded full data property  

  • token generared token property


That's it. good luck ;)

Dependents (1)

Package Sidebar

Install

npm i express-jwt-enhanced

Weekly Downloads

1

Version

1.2.4

License

ISC

Unpacked Size

18.1 kB

Total Files

5

Last publish

Collaborators

  • aghae