@maon/extract-authentication-middleware
v1.1.0
Published
Checks the Authorization header and decodes any JWT Tokens
Downloads
386
Readme
extract-authentication-middleware
Overview
extract-authentication-middleware is an express middleware for getting the authorization header of a request and its embeded JWT Token and decoding its content.
Usage
Just like above:
import checkAuthentication from '@private/extract-authentication-middleware'
import express from 'express';
const app = express();
app.use(checkAuthentication({
secret: process.env.AUTHENTICATION_SECRET,
error: pino.error,
});
Import the module, pass it the secret for verifying the token and use it. It works with CJS require
as well.
Configuration
secret
The secret for verifying the tokens signatureerror
A error logging function for logging any non expected errors [default: pino.error]
Data
If the authentication is successfull the middleware will create a few properties on the requets object:
// request
{
// ...
scope: String, // The scope of the authication token
user: {}, // The encoded user object
auth: {
isAuthenticated: true // false
scope: String, // The scope like above
}
// ...
}
If the authentication fails, because the token is faulty, not signing properly or if there's any other error, the middleware terminates the request and returns either one of the following three responses:
- If the token was used past its expiration:
// Status 401
{
name: 'TokenExpired',
message: 'The token cannot be used past its expiration',
}
- If the decoding of the token resulted in any errors, like untrusted signatures, malformed tokens or by providing an empty string as the token:
// Status 401
{
name: 'BadCredentials',
message: 'The provided token could not be verified.',
}
- And if any other error occured, it will be logged using the provided logger or pino and the response is the following:
// Status 400
{
name: 'BadRequest',
message: 'BadRequest',
}