sf-token
Service for creating and checking temporary tokens.
Usage
;; // Create a token service instancelet tokenService = uniqueId: createObjectId secret: 'mysecret'; // create a token: the content may be any JSON serializable datalet endOfLife = Date + 36000;let hash ...envelope = Service; // `hash` is for the client, you'll need it and `_id` to check the token// validity // `envelope` contains the token id (`_id` key), its validity (`endOfLife` key)// and the given contents (`contents` key), you can store it as is in your// database // when the user connect to a urimyApp;
Note that this only verify the hash and its validity regarding to the current time. You'll have to manage persistence yourself.
Modules ## Classes ## sf-token **Api**: public ## TokenService **Kind**: global class **Api**: public
- TokenService
- new TokenService()
- .createToken ⇒
Object
- .checkToken ⇒
void
- .createHash ⇒
String
### new TokenService() Create a new TokenService instance
Returns: Object
- A TokenService instance
Throws:
YError(E_BAD_SECRET)
If there is no secret givenYError(E_NO_ID_GENERATOR)
If there is no id generator availableYError(E_BAD_TIME)
If the given time function is not rightYError(E_BAD_ALGORITHM)
If the given algorithm is not supported
Param | Type | Description |
---|---|---|
options.secret | String |
Some salt for hash |
options.uniqueId | function |
A unique id generator |
options.time | function |
A time function (defaults to Date.now()) |
options.algorithm | String |
Algorithm to use (default to 'sha256') |
Example
let tk = secret: 'mysecret' uniqueId: createObjectId time: Datenow algorithm: 'md5' ;
### tokenService.createToken ⇒ Object
Create a new token and return it envelope
Kind: instance property of TokenService
Returns: Object
- The token envelope.
Throws:
YError(E_NO_CONTENT)
If there is no contentYError(E_NO_END_OF_LIFE)
If there is no end of lifeYError(E_PAST_END_OF_LIFE)
If the end of life is past
Api: public
Param | Type | Description |
---|---|---|
contents | Object |
Some JSON serializable content. |
endOfLife | Number |
The time when the token is outdated. |
Example
tk;// {// _id: 'abbacacaabbacacaabbacaca',// endOfLife: 1441981754461,// hash: '13371ee713371ee713371ee7',// contents: { uri: '/plop' },// }
### tokenService.checkToken ⇒ void
Check a token envelope against a given hash
Kind: instance property of TokenService
Throws:
YError(E_NO_HASH)
If there is no hashYError(E_NO_ID)
If there is no idYError(E_NO_CONTENT)
If there is no contentYError(E_NO_END_OF_LIFE)
If there is no end of lifeYError(E_BAD_HASH)
If the hash do not matchYError(E_PAST_END_OF_LIFE)
If the end of life is past
Api: public
Param | Type | Description |
---|---|---|
envelope._id | String |
The token id |
envelope.endOfLife | Number |
The token validity |
envelope.contents | Object |
The token contents |
hash | String |
The given hash to check against |
Example
tk;
### tokenService.createHash ⇒ String
Create a hash from the given envelope
Kind: instance property of TokenService
Returns: String
- The resulting hash
Api: private
Param | Type | Description |
---|---|---|
envelope._id | String |
The token id |
envelope.endOfLife | Number |
The token validity |
envelope.contents | Object |
The token contents |