A token store for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means.
Tokens are stored in memory and are hashed and salted using bcryptjs.
Most of the project scaffolding is lifted from passwordless-memorystore, with modifications specific to using
First, install the module:
$ npm install cache-manager passwordless-cache-manager --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = ;var cacheManager = ;var CacheManagerStore = ;// Using the built-in memory store as an example. Swap this out with the specific cache-manager storage engine you needvar memoryStore = ;passwordless;passwordless;app;app;
var cacheManager = ;var CacheManagerStore = ;cacheManager;
Hash and salt
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-cache-manager uses bcryptjs with automatically created random salts. To generate the salt 10 rounds are used.
$ npm test
debug module is used to log debug statements. It can be enabled via the environment variable: