npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@plumek/jwt-auth-express

v2.0.3

Published

Security middleware for checking jwt auth status

Downloads

29

Readme

@plumek/jwt-auth-express

Package Description

The jwt-auth-express package provides a middleware function that can be used to authenticate and authorize incoming requests based on a JSON Web Token authentication mechanism. This middleware ensures that only authenticated users with valid tokens are granted access to protected routes.

Installation

To install the package, you can use npm or yarn:

npm install @plumek/jwt-auth-express

or

yarn add @plumek/jwt-auth-express

Usage/Examples

To use the jwt-auth-express package, follow these steps:

  1. Import the middleware:
const auth = require('@plumek/jwt-auth-express');
  1. Apply the middleware function to the routes that require authentication. This can be done using the app.use or router.use method depending on your application's framework. For example, in an Express.js application:
const express = require('express');
const app = express();

app.use(auth(secretName));

app.get('/protected', (req, res, next) => {
  //...
});
  1. Ensure that the incoming requests include an Authorization header with a valid JWT token. The JWT token should be sent in the following format:
Authorization: Bearer <JWT token>
  1. The middleware function will validate the token and attach the userId and isAuth properties from the decoded token to the req object. You can access these values in subsequent middleware functions or route handlers.
app.get('/protected-route', (req, res) => {
  const userId = req.userId;
  const isAuthenticated = req.isAuth;
  // Use the userId and isAuthenticated for further actions
});

Documentation

authenticateToken(secretName)

The authenticateToken function takes a secretName parameter and returns a middleware function that can be used to authenticate and authorize requests.

Parameters:

  • secretName (string): The name of the secret used to sign and verify the JWT token.

Middleware Function

The middleware function returned by authenticateToken expects three parameters: req, res, and next. It should be used as middleware in the request processing pipeline.

The middleware function performs the following steps:

  1. Retrieves the Authorization header from the req object.

  2. If the Authorization header is missing, it sets req.isAuth to false and calls next() to proceed to the next middleware or route handler.

  3. Extracts the JWT token from the Authorization header.

  4. Verifies the token using the provided secretName and stores the decoded token in the decodedToken variable.

  5. If the token cannot be verified, it sets req.isAuth to false, throws an error with a status code of 500 (Internal Server Error), and calls next().

  6. If the decoded token is empty, it sets req.isAuth to false, throws an error with a status code of 401 (Unauthorized), and calls next().

  7. Sets the userId property of the req object to the userId value from the decoded token.

  8. Sets the isAuth property of the req object to true.

  9. Calls next() to proceed to the next middleware or route handler.

const auth = require('@plumek/jwt-auth-express');

app.use(auth('mySecret'));

// Protected routes can now access the authenticated user's ID through req.userId
// and the authentication status through req.isAuth
app.get('/protected-route', (req, res) => {
  const userId = req.userId;
  const isAuthenticated = req.isAuth;
  //...
});

Visit the package page on npm:

npm link

Visit the package repo on github:

git link