npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@rexfng/auth

v9.24.0

Published

Auth is a library that provides helpers to manage user authorization via bearer token, with express routers. This library depends on @rexfng/db

Downloads

48

Readme

Auth

Description

Auth is a library that provides helpers to manage user authorization via bearer token, with express routers. This library depends on @rexfng/db

Define Environment Variables

Define the follow environment variable. They are all required. | Variable Name | Description | |---------------|-------------| | APP_NAME | App name for 2fa issuer | | APP_URL | The website of the project| | AUTH_SECRET | Server side static salts | | EMAIL_PASS | Sendgrid email api credentials for emailresetpasswordtouser api routes| | MONGODB_DATABASE_URL | Mongodb database url | | SYSTEM_EMAIL | The email the emailresetpasswordtouser sent from| | TWILIO_API_KEY | twilio api key for sms verifying code |

Initialize Express Middleware

Auth can be passed in as an express middleware to check for validity of bearer token. (The middleware looks for req.token which is provided by node module express-bearer-token)

const authCheck = require('@rexfng/auth').middleware.authCheck
const bearerToken = require('express-bearer-token'); 

app.use(bearerToken());
app.use(authCheck());

Creating Routes Exceptions for authchecks

const authCheck = require('@rexfng/auth').middleware.authCheck
const unless = require('express-unless');
app.use(authCheck().unless({ 
	path: [
		'/', 
		'/api/v1/token',
		'/api/v1/register', 
		'/\/test*/',
		'/ac'
	]
}));

SMS Get Code / Verification Helper

Options are accessible from the raw Twilio API

const smsgetcode = require('@rexfng/auth').helper.smsgetcode({
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"code_length": Integer //4-10 default to 6
}) //returns a promise
const smsverifycode = require('@rexfng/auth').helper.smsverifycode({
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"verification_code": String //"2421"
}) //returns a promise

Router Helper

const Auth = require('@rexfng/auth')
const Register = Auth.routes.api.register
const Login = Auth.routes.api.login
const Logout = Auth.routes.api.logout
app.use('/', Register) // POST /register
app.use('/', Login) // POST /login
app.use('/', Logout) //POST /logout

Register Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/register POST

{
	"username": String,
	"password": String,
	"udid": String //optional! unique device id so user can login and logout specifc device if this is provided
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 201 | ACCEPTED | Return access_token | | 406 | PASSWORD_COMPROMISED | Server checked with https://api.pwnedpasswords.com and found that the provided password had been previously compromised. | | 409 | USERNAME_ALREADY_EXIST | Server checked with MONGODB and found the same username already exist | | 422 | MISSING_KEYS | The provided body must have "username" and "password" and both should be strings. | | 500 | INTERNAL_ERROR | Server side error |

Response

{
	access_token: String, // JWT Token expires in 15 minutes
	refresh_token: String // JWT Token expires in 60 days
}

Login Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/login POST

{
	"username": String,
	"password": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 201 | ACCEPTED | Return access_token | | 401 | UNAUTHROIZED | Server checked with MONGODB and found the same username, but the password was not matching, therefore denying access. | | 404 | USERNAME_NOT_FOUND | Cannot find provided username from the database. | | 500 | INTERNAL_ERROR | Server side error |

Response

{
	access_token: String, // JWT Token expires in 15 minutes
	id_token: String, // JWT Token expires in 15 minutes
	refresh_token: String // JWT Token expires in 60 days
}

Refresh Token Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/token/refresh POST

{
	refresh_token: String // JWT Token expires in 60 days
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 201 | ACCEPTED | Return access_token | | 401 | UNAUTHROIZED | Server found refresh_token invalid | | 422 | MISSING_KEYS | Cannot find provided refresh_token from the request. | | 500 | INTERNAL_ERROR | Server side error |

Response

{
	access_token: String, // JWT Token expires in 15 minutes
	id_token: String // JWT Token expires in 15 minutes
}

Has User Email Been Breached?

Pairing with Password Strength Endpoint, Your app can check wheather an email account had been breached in the pass via making a GET request to https://haveibeenpwned.com/api/v2/breachedaccount/[email protected]

Password Strength Endpoint

The endpoint consider the password's strength and whether it had been compromised. It can be used to encourage end user to choose a strong password and avoid weak or compromised ones. The endpoint combines PasswordMeter Module and https://haveibeenpwned.com

The endpoint takes in JSON Body in the following format http://localhost:3000/passwordstrength POST

{
	"password": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 200 | ACCEPTED | Successfully submitted a request | | 500 | INTERNAL_ERROR | Server side error |

Response

//Scores Table
{
	"0": "compromised",
    "40": "veryWeak",    // 001 <= x <  040
    "80": "weak",        // 040 <= x <  080
    "120": "medium",     // 080 <= x <  120
    "180": "strong",     // 120 <= x <  180
    "200": "veryStrong", // 180 <= x <  200
    "_": "perfect"       //        x >= 200
}

{
    "score": 0,
    "status": "compromised",
    "percent": 8.5
}

Password Change Endpoint

The endpoint takes in JSON Body in the following format http://localhost:3000/passwordchange POST

{
	"oldpassword": String,
	"newpassword": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 204 | ACCEPTED | Successfully change password of a user | | 401 | UNAUTHORIZED | The old password provided was incorrect | | 500 | INTERNAL_ERROR | Server side error |

Response

//no content

Password Reset Endpoint

The endpoint takes in JSON Body in the following format

Email

http://localhost:3000/email/resetpassword POST

{
	"email": String,
	"token": String,
	"subject": String
}

Email Confirmation

http://localhost:3000/email/resetpassword_confirmation POST

{
	"email": String,
	"token": String,
	"password": String
}

SMS

http://localhost:3000/sms/resetpassword POST

{
	"phone_number": String, 
	"country_code": String
}

SMS Confirmation

http://localhost:3000/sms/resetpassword_confirmation POST

{
	"phone_number": String, //"6047229494"
	"country_code": String, //"1"
	"verification_code": String //"2421"
	"password": String
}

Voice

http://localhost:3000/voice/resetpassword POST

{
	"from": String,
	"to": String, // +16041234567
	"url": String //Twixml Template - {{code}} will be replaced.
}

Voice Confirmation

http://localhost:3000/voice/resetpassword_confirmation POST

{
	"label": String,
	"token": String,
	"to": String, // +16041234567
	"password": String
}

Response Code | CODE| MESSAGE | Details | |-----|----------------------|---| | 200 | SUCCESS | OK | | 500 | INTERNAL_ERROR | Server side error |

Response

//no content