Passwordless-PostgreStore
This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website for more details.
Tokens are stored in a PostgreSQL database and are hashed and salted using bcrypt.
Usage
First, install the module:
$ npm install passwordless-postgrestore --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = ;var PostgreStore = ; passwordless; passwordless; app;app;
Initialization
connectionString options;
- connectionString: (String) Mandatory. PostgreSQL connection string
- [options]: (Object) Optional. Some configuration option. See below exemple
Example:
passwordless;
PostgreSQL table creation
You could use this SQL statement to create the token table, or you can customize it according to your needs :
CREATE TABLE passwordless ( id serial NOT NULL, uid character varying(160), token character varying(60) NOT NULL, origin text NOT NULL, ttl bigint, CONSTRAINT passwordless_pkey PRIMARY KEY (id), CONSTRAINT passwordless_token_key UNIQUE (token), CONSTRAINT passwordless_uid_key UNIQUE (uid) )
Hash and salt
As the tokens are equivalent to passwords (even though only for a limited time) they have to be protected in the same way. passwordless-postgrestore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.
Tests
$ npm test
License
Author
Bruno MARQUES (http://marques.io) (I just adapted code from Florian Heinemann @thesumofall)