This module provides token storage for Passwordless -- a node.js module for express that allows website authentication without passwords. Visit the project's website https://passwordless.net for more details.
This module allows token to be stored in a LokiJS database. Tokens are hashed and salted using bcrypt.
First, install the module:
$ npm install passwordless-lokijsstore --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = ;
var LokiJSStore = ;
- file: (string) Name of the file to be saved to. Further documentation can be found on the LokiJS website
- [options]: (object) Optional. This can include LokiJS options as described in the docs as well as LokiJSStore-specific ones as described below. All options are combined in one object as shown in the example below:
- [lokijsstore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'
- [lokijsstore.disablesaveatwrite]: (boolean) Optional. Disables automatic write to disk whenever changes to the database occur. Recommended for more intense workloads. Should only be set to true when LokiJS's autosave is set to true. Default: false
Hash and salt
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected the same way. passwordless-lokijsstore uses bcryptjs with automatically created random salts (10 rounds).
$ npm test
Florian Heinemann @thesumofall