npm
Sign UpSign In

x-auth-plugin

0.3.4 • Public • Published

X-Auth

X-Auth is a plugin built for the Dynamic Route Generator that gives you a fully fledged login system for your web applications. This is a plug and play plugin with a few lines of configuration setup.

Features

  • Login (Complete)
  • Register (Complete)
  • Two Factor Login (In progress)
  • Forgot Password (Complete)
  • Change Password (Complete)
  • Email Verifications (Complete)
  • SMS Integration for two factor authentication (Optional, will need to pay; current client configured is Text Magic)

This plugin is in beta and SHOULD NOT be used in a production environment as of yet. There is a lot of work and testing that needs to be carried out to prove this system is secure

Example Setup

const app = require('express')()
const mongoose = require('mongoose')

const { RouteGenerator } = require('dynamic-route-generator')

const { XAuth, CheckAuthentication } = require('x-auth')

const GameModel = require('./game.model')

mongoose.connect('mongo_uri')

XAuth.setupProps({
  appName: 'Application Name',
  authSecretKey: process.env.AUTH_SECRET_KEY,
  authSecretKeyForgottenPassword: process.env.AUTH_SECRET_KEY_FORGOTTEN_PASSWORD,
  cookieName: 'cookie-name',
  cookieNameForgottenPassword: 'cookie-forgotten-password-name',
  domainEmail: 'hello@youremail.com',
  baseUri: 'api',
  jwtTokenExpiration: 120000, // 2 minutes
  saltWorkFactor: 10,
  databaseUri: 'mongo_uri',
  themeColour: '#449DD1',
  emailVerification: true,
  passwordStrength: '1', // 1 includes special chracters and 0 does not
  refreshTokenExpiration: 3600000, // 1 hour
  refreshTokenSecretKey: process.env.REFRESH_TOKEN_SECRET_KEY,
  refreshTokenCookieName: 'cookie-refresh-name'
})

new RouteGenerator({
  routes: [{
    uri: '/list/games',
    model: GameModel,
    handlers: [CheckAuthentication],
    methods: [{
      name: 'get'
    }]
  }],
  app,
  plugins: {
    pre: [XAuth],
    post: []
  }
})

app.listen(process.env.PORT || 8080)

Access Api

The example above will be hosted on port 8080. The endpoints are as follows:

/auth/login - Used for the login process

When a user logs in, an access token is generated and set as a cookie on the client machine with the name specified in the XAuth options above cookieName. Your application will need to get the values from this cookie and send them with every request. Make sure you are using an SSL encryption otherwise these values will be transferred over the wire in plain text, SSL will make sure to serialize the values so if anyone is sniffing the traffic, it will make it a lot harder for them to gain access to the users account

{
  "username": "admin",
  "password": "password"
}

/auth/login/authenticate - Handles two factor authentication

For this, you must provide the username as a query param that you are trying to authenticate and the token is part of the POST request. The token code will be sent to the users mobile

/auth/login/authenticate?q=username=admin

{
  "token": "5135"
}

/auth/register - Used for the registration process

This request is made when adding a user to the service. If you wish to add any custom values to the user object you can populate the property, properties with any custom values you like. Be mindful that this data is stored as part of the JWT so refrain from storing any personal data here

{
  "username": "admin",
  "password": "password",
  "email": "hello@email.com",
  "phoneNumber": "00112233445",
  "twoFactorAuthEnabled": false // Optional,
  "properties": {} // Custom properties you may want store for the user for example home address, age etc (Optional)
}

/auth/reset-password-request - Used for an initial reset password request

If a valid email is supplied, the user will recieve an email with a link that points to /auth/forgotten-password. You must create a page which lives on this url and has both an email and new password input and makes a call to the /auth/update-password endpoint

{
  "email": "hello@email.com"
}

/auth/update-password - Used to reset a password

When a call is made to this endpoint a check will be made to make sure the password strength matches the services rules. If successful, the password will be changed and the user will be redirected to the login page

{
  "email": "hello@email.com",
  "password": "newPassword"
}

/auth/change-password - Used for changing a password

{
  "email": "hello@email.com",
  "password": "password",
  "newPassword": "Passw0rD"
}

Readme

Keywords

Package Sidebar

Install

npm i x-auth-plugin

Repository

github.com/Jackthomsonn/X-Auth

Homepage

github.com/Jackthomsonn/X-Auth#readme

Weekly Downloads

7

Version

0.3.4

License

ISC

Unpacked Size

75.7 kB

Total Files

22

Last publish

Collaborators

  • jackthomsonn
Try on RunKit
Report malware