npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@serverless/passwordless

v0.2.0

Published

This [Serverless Component](https://github.com/serverless/components) enables your existing user system to identify users with just a phone number, then verify and authenticate the user with a 6-digit SMS code. It runs on serverless infrastructure, so it

Downloads

16

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ac360ac360serverless-mainserverless-main

Keywords

Readme

passwordless

This Serverless Component enables your existing user system to identify users with just a phone number, then verify and authenticate the user with a 6-digit SMS code. It runs on serverless infrastructure, so it can run with minimal overhead.

Features

  • Zero configuration: You can spin up the entire service with just a single components command
  • Customizable time-to-live option: Verification codes expire by default after 5 mins, which is completely customizable with component inputs.
  • Brute-force resilient: Verification codes come with a unique uuid, making it practically impossible to brute-force within the expiration period.
  • Database cleanup: All verified codes are automatically deleted from the database to minimize the costs.

 

  1. Install
  2. Create
  3. Configure
  4. Deploy
  5. Consume
  6. Pricing

 

1. Install

$ npm install -g @serverless/components

2. Create

Just create a serverless.yml file

$ touch serverless.yml
$ touch .env      # your development AWS api keys
$ touch .env.prod # your production AWS api keys

the .env files are not required if you have the aws keys set globally and you want to use a single stage, but they should look like this.

AWS_ACCESS_KEY_ID=XXX
AWS_SECRET_ACCESS_KEY=XXX

3. Configure

# serverless.yml

name: my-app

passwordless:
  component: "@serverless/passwordless"
  inputs:
  
    # set an optional name
    name: passwordless-service
    
    # set an optional time-to-live setting for verification codes in seconds.
    # 300 seconds is the default setting.
    ttl: 60

4. Deploy

passwordless$ components

  passwordless › outputs:
  send:  'POST https://aq7lmtvug9.execute-api.us-east-1.amazonaws.com/dev/send'
  verify:  'POST https://aq7lmtvug9.execute-api.us-east-1.amazonaws.com/dev/verify'


  38s › dev › passwordless › done

passwordless$

5. Consume

Once deployed, the service exposes the following 2 endpoints, which you could integrate with your existing users backend to authenticate a user (e.g. generate an JWT after verification):

/send

Sends an sms with a login code to the provided phone number.

$ curl https://aq7lmtvug9.execute-api.us-east-1.amazonaws.com/dev/send \
  -X POST \
  -H "Content-Type: application/json" \
  -d "{ "number": "+1234567890" }"

Returns an object with id, number and expiresAt properties that you could use during verification below.

/verify

Verifies the 6-digit code that was sent by SMS to the provided phone number. It requires the number and the id properties returned from the /send call above, along with the code that was sent to the user's phone number.

$ curl https://aq7lmtvug9.execute-api.us-east-1.amazonaws.com/dev/verify \
  -X POST \
  -H "Content-Type: application/json" \
  -d "{ "number": "+1234567890", "code": 123456, "id": "xxx-xxx-xxx-xxx" }"

If the id, number & code properties match, and the code hasn't expired, you'll get an object with verified: true property. Otherwise, verified: false is returned.

6. Pricing

The pricing of using this component is based on the pricing for AWS Lambda, AWS Api Gateway, AWS DynamoDB & AWS SNS/SMS services. However, the majority of the costs would likely come from the SMS feature. Click here for more info on AWS SMS pricing

 

New to Components?

Checkout the Serverless Components repo for more information.