passwordless-cache-manager
A token store for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means.
This store implementation uses node-cache-manager, which supports multiple storage engines.
Tokens are stored in memory and are hashed and salted using bcryptjs.
Acknowledgements
Most of the project scaffolding is lifted from passwordless-memorystore, with modifications specific to using node-cache-manager.
Usage
First, install the module:
$ npm install cache-manager passwordless-cache-manager --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = ; var cacheManager = ;var CacheManagerStore = ; // Using the built-in memory store as an example. Swap this out with the specific cache-manager storage engine you needvar memoryStore = ; passwordless; passwordless; app;app;Initialization
var cacheManager = ;var CacheManagerStore = ; cacheManager;Hash and salt
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-cache-manager uses bcryptjs with automatically created random salts. To generate the salt 10 rounds are used.
Tests
$ npm test
Debugging
The debug module is used to log debug statements. It can be enabled via the environment variable:
DEBUG=passwordless-cache-manager