Nectar of the Programming Masses
Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

passwordless-lokijsstore

1.0.1 • Public • Published

Passwordless-LokiJSStore

This module provides token storage for Passwordless -- a node.js module for express that allows website authentication without passwords. Visit the project's website https://passwordless.net for more details.

This module allows token to be stored in a LokiJS database. Tokens are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-lokijsstore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var LokiJSStore = require('passwordless-lokijsstore');
 
passwordless.init(new LokiJSStore('tokens.json'));
 
passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });
    
app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

new LokiJSStore(file, [options]);
  • file: (string) Name of the file to be saved to. Further documentation can be found on the LokiJS website
  • [options]: (object) Optional. This can include LokiJS options as described in the docs as well as LokiJSStore-specific ones as described below. All options are combined in one object as shown in the example below:

Example:

passwordless.init(new LokiJSStore('tokens.json', {
    autosave: true,
    autosaveInterval: 5000,
    lokijsstore: {
        disablesaveatwrite: true
    }
}));

Options

  • [lokijsstore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'
  • [lokijsstore.disablesaveatwrite]: (boolean) Optional. Disables automatic write to disk whenever changes to the database occur. Recommended for more intense workloads. Should only be set to true when LokiJS's autosave is set to true. Default: false

Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected the same way. passwordless-lokijsstore uses bcryptjs with automatically created random salts (10 rounds).

Tests

$ npm test

License

MIT License

Author

Florian Heinemann @thesumofall

install

npm i passwordless-lokijsstore

Downloadsweekly downloads

3

version

1.0.1

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar