npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@frappy/node-authentication

v1.5.0

Published

Express endpoints for Authentication and User Management

Downloads

4

Readme

NodeJS Authentication

NodeJS Endpoints and Functionality For Authentication and User Management

  • authMiddleware - Express middleware to facilitate authentication and permission checks
  • registerEndpoints - Express endpoints to handle login, authentication check and user management

Usage

import { registerEndpoints, authMiddleware } from "@frappy/node-authentication"
import express from "express"
import bodyParser from "body-parser"

const app = express()  // create your express app
app.use(bodyParser.json({ limit: "10mb" }))  // provide JSON parser with 10 MB payload limit

// entirely optional userOptions (see README for defaults)
const options = {
    tokenExpiration: 24 * 60 * 60,  // session expires after one day
    defaultPermissions: ["view"],  // new users (first login) will receive this permission
    apiKeys: true, // use API keys in this app
}

// cache to hold authentication token (will be populated by auth endpoints)
const tokenCache = {}

// register module
registerEndpoints(app, userStore, userTokenStore, tokenCache, options)

// provide some custom endpoint with authentication and permission check
app.get("/my/custom/endpoint", authMiddleware(["view", "manage"], tokenCache), (req, res) => {
    // only enter this, if the user is authenticated and has "manage" and "view" permissions
    res.send({ foo: "bar" })
})

registerEndpoints(app, userStore, userTokenStore, tokenCache, options)

  • app - your express app
  • userStore a MongoDB or MySQL store providing functions: login, getAll, get, delete, getByUid, count, getByUsername, create and updatePermissions
  • userTokenStore optional, a Mongo or MySQL store providing functions: removeExpired, storeToken and getAll. If this is not provided, all tokens will be invalidated on server restart.
  • tokenCache a JSON object that will hold auth tokens and their respective owners (users), required for authMiddleware
  • options optional, a JSON object that provides the options (see Options)

authMiddleware(requiredPermissions, tokenCache, allowApiKey = false)

  • requiredPermissions - optional a single string representing a permission the user has to fulfill or a list of permissions that all have to be fulfilled.
  • tokenCache a JSON object holding the authentication tokens. This is the same object that is passed into the registerEndpoints function.
  • allowApiKey a boolean flag indicating whether the current endpoint can be accessed using an API key instead of a regular auth header token. The API key needs to be provided as Authorization header with value Token $KEY (replacing $KEY with the actual key generated by the system).

Options

The registerEndpoint function has a parameter to pass options. All options are optional. The following options are supported:

  • apiPrefix (default: /api/user) - a prefix for all endpoints provided, this will generate:
    • POST /api/user/login - to log in (using username, password as JSON payload)
    • GET /api/user - general login check, has to provide Authorization header
    • GET|POST|DELETE /api/user/users[/:userId|/permissions] - a set of endpoints for user management
  • tokenExpiration (default: 1209600 = 14 days) - the lifetime of a login session before the token gets invalidated in seconds
  • userAdminPermission (default: admin) - the label for the admin privilege that allows to manage users
  • defaultPermissions (default: [] - none) - a list of user permissions newly created users will receive
  • noUserManagement (default false) - a flag indicating whether to register user management endpoints (get all users, update permissions, delete user and create user)
  • apiKeys (default false) - a flag indicating whether API keys are available in the system for creating and revoking keys as well as recognising API keys during login.
  • allowOwnProfileEdit (default false) - a flag that when set to true allows any logged in user to update their own profile information (user.profile).
  • pageSize (default 25) - the maximum number of users to return with the /users endpoint.