Novelty Plastic Moustache
Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

sf-token

2.0.0 • Public • Published

sf-token

Service for creating and checking temporary tokens.

NPM version Build status Dependency Status devDependency Status Coverage Status Code Climate

Usage

import TokenService  from 'sf-token';
import createObjectId from 'mongodb/objectid';
 
// Create a token service instance
let tokenService = new TokenService({
  uniqueId: createObjectId,
  secret: 'mysecret',
});
 
// create a token: the content may be any JSON serializable data
let endOfLife = Date.now() + 36000;
let {hash, ...envelope} = Service.createToken({
  method: 'GET',
  uri: '/user/abbacacaabbacacaabbacaca/subscriptions/report_received',
}, endOfLife);
 
// `hash` is for the client, you'll need it and `_id` to check the token
// validity
 
// `envelope` contains the token id (`_id` key), its validity (`endOfLife` key)
// and the given contents (`contents` key), you can store it as is in your
// database
 
// when the user connect to a uri
myApp.get('/tokens/:_id?hash=:hash', (req, res, next) {
  getFromDb(req._id)
    .then((envelope) => {
      tokenService.checkToken(envelope, req.hash);
      // Accept access (redirection may be based on the `envelope` contents )
    }).catch((err) => {
      // Refuse access
    });
});
 

Note that this only verify the hash and its validity regarding to the current time. You'll have to manage persistence yourself.

Modules

sf-token
## Classes
TokenService
## sf-token **Api**: public ## TokenService **Kind**: global class **Api**: public

### new TokenService() Create a new TokenService instance

Returns: Object - A TokenService instance
Throws:

  • YError(E_BAD_SECRET) If there is no secret given
  • YError(E_NO_ID_GENERATOR) If there is no id generator available
  • YError(E_BAD_TIME) If the given time function is not right
  • YError(E_BAD_ALGORITHM) If the given algorithm is not supported
Param Type Description
options.secret String Some salt for hash
options.uniqueId function A unique id generator
options.time function A time function (defaults to Date.now())
options.algorithm String Algorithm to use (default to 'sha256')

Example

let tk = new TokenService({
    secret: 'mysecret',
    uniqueId: createObjectId,
    time: Date.now.bind(Date),
    algorithm: 'md5',
  });

### tokenService.createToken ⇒ Object Create a new token and return it envelope

Kind: instance property of TokenService
Returns: Object - The token envelope.
Throws:

  • YError(E_NO_CONTENT) If there is no content
  • YError(E_NO_END_OF_LIFE) If there is no end of life
  • YError(E_PAST_END_OF_LIFE) If the end of life is past

Api: public

Param Type Description
contents Object Some JSON serializable content.
endOfLife Number The time when the token is outdated.

Example

tk.createToken({
  uri: '/plop'
}, Date.now() + 3600000);
// {
//   _id: 'abbacacaabbacacaabbacaca',
//   endOfLife: 1441981754461,
//   hash: '13371ee713371ee713371ee7',
//   contents: { uri: '/plop' },
// }

### tokenService.checkToken ⇒ void Check a token envelope against a given hash

Kind: instance property of TokenService
Throws:

  • YError(E_NO_HASH) If there is no hash
  • YError(E_NO_ID) If there is no id
  • YError(E_NO_CONTENT) If there is no content
  • YError(E_NO_END_OF_LIFE) If there is no end of life
  • YError(E_BAD_HASH) If the hash do not match
  • YError(E_PAST_END_OF_LIFE) If the end of life is past

Api: public

Param Type Description
envelope._id String The token id
envelope.endOfLife Number The token validity
envelope.contents Object The token contents
hash String The given hash to check against

Example

tk.checkToken({
//   _id: 'abbacacaabbacacaabbacaca',
//   endOfLife: 1441981754461,
//   contents: { uri: '/plop' },
}, '13371ee713371ee713371ee7');

### tokenService.createHash ⇒ String Create a hash from the given envelope

Kind: instance property of TokenService
Returns: String - The resulting hash
Api: private

Param Type Description
envelope._id String The token id
envelope.endOfLife Number The token validity
envelope.contents Object The token contents

install

npm i sf-token

Downloadsweekly downloads

138

version

2.0.0

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
  • avatar
  • avatar
  • avatar
  • avatar