npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@chewbank/ioa-auth

v9.6.0

Published

基于jsonwebtoken包装的ioa签名与解签模块

Downloads

10

Readme

ioa-auth

基于jsonwebtoken包装的ioa签名、验签、角色、权限控制组件

特性

  • 支持动态生成多个密钥,不再需要人工设置密钥

  • 为每个密钥建立关联id,而不是尝试匹配多个密钥

  • 支持动态密钥过期删除

  • 支持用户级签名,为每个用户混入私有密钥

  • 支持签名黑名单

  • 支持单路由、多路由角色、权限管理

Install

npm install ioa-auth

配置项

  • authKey String 签名密钥,默认值:root

输出依赖

  • app Object

    • sign(data, options) Function

      • data Object 需要签名的数据

      • options Object 签名配置项

    • middleware Object

      • auth Function 验签中间件(严格模式,authorization参数不能为空)

        • loose Function 验签中间件(宽松模式,authorization参数允许为空)
      • role Function 集成角色、签名验签的中间件

  • ctx Object

    • auth Object 解签后的对象

角色

角色的本质是一种权限分组,每个分组拥有独立的权限配置项。

权限

ioa-auth中的权限按控制目标可分为路由权限和数据模型权限两类,按分配方式可分为静态分配和动态分配两种。

ioa-auth目前采用静态配置方案

单路由权限(静态)

路由权限即针对特定url匹配式的访问权限,是一种最小化、不可再分隔的权限。

静态方式简单、直接,但过于粗暴、缺乏动态性,修改配置需要重启服务。

在静态模式下,路由权限在路由配置中间件中通过静态配置项定义,模型角色权限直接在模型实例上通过静态配置项定义。

多路由权限(动态分组)

由于在实际应用中的权限分配通常是按功能模块进行划分的,因此对路由权限的管理主要是针对开发者,而非后台管理者。

功能权限可以视为对路由的分组,它的控制粒度位于角色和路由之间,在最终运行时自动转为路由权限。

由于功能权限对应的路由具有多样性,因此无法使用全自动规则进行匹配,通过人工搭配GUI来构建分组是一个不错的选择。

模型权限

数据模型权限是客户端通过通用模型接口直接操作数据库时对应的字段级约束条件,它允许客户端在受限、安全的条件下对数据库进行常规的增删改查操作。