auth-api
v1.0.10
Published
generate auth api for you
Downloads
20
Readme
Purpose
Reuse authentication part code of REST server, easily and flexibly.
Thanks to express.Router
.
Features
- jwt to verify user;
- nodemailer to send verification emails;
- mongoose to drive mongodb (user model: https://github.com/timqian/auth-api/blob/master/src/models/User.js);
- axios to test RESTful api(axios can be used both on browser and node, that means the test code can be reused in your web app);
Sample usage:
- Install
auth-api
and his peerDependencies:
npm install auth-api express body-parser mongoose --save
- Run the sample code below and boom~~ the auth server will be listening at
http://localhost:3000
var authApi = require('auth-api');
var express = require('express');
var bodyParser = require('body-parser');
var mongoose = require('mongoose');
mongoose.connect('mongodb://localhost/database'); // connect to database
var userConfig = {
APP_NAME: 'STOCK APP',
SECRET: 'ilovetim', // jwt secret
CLIENT_TOKEN_EXPIRES_IN: 60 * 24 * 60 * 60, // client token expires time(60day)
EMAIL_TOKEN_EXPIRES_IN: 24 * 60 * 60, // email token expires time(24h)
EMAIL_SENDER: { // used to send mail by nodemailer
service: 'Gmail',
auth: {
user: '[email protected]',
pass: '321qianqian',
}
},
USER_MESSAGE: { // message sent to client
MAIL_SENT: 'mail sent',
NAME_TAKEN: 'Name or email has been taken',
USER_NOT_FOUND: 'User not found',
WRONG_PASSWORD: 'wrong password',
LOGIN_SUCCESS: 'Enjoy your token!',
NEED_EMAIL_VERIFICATION: 'You need to verify your email first',
},
API_URL: 'http://localhost:3000' // to be used in the mail
};
authApi.init(userConfig);
var app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use('/', authApi.authRouter);
// protecting api
app.get('/needingToken', authApi.verifyToken, (req, res) => {
// send back the jwt claim directly
var claim = req.decoded;
res.status(200).json(claim);
});
app.get('/needingTokenAndEmailVerified', authApi.verifyToken, (req, res) => {
if (req.decoded.verified) {
res.status(200).json(req.decoded);
} else {
res.status(400).json({
success: false,
message: 'Please verify your email before doing this!'
});
}
});
app.listen(3000);
console.log('API magic happens at http://localhost:3000');
// handle unhandled promise rejection
// https://nodejs.org/api/process.html#process_event_unhandledrejection
process.on('unhandledRejection', function(reason, p) {
console.log('Unhandled Rejection at: Promise ', p, ' reason: ', reason);
// application specific logging, throwing an error, or other logic here
});
(es6 sample: https://github.com/timqian/auth-api/blob/master/testServer.js)
What does the above code do for you
- Generate the following auth api for you at
http://localhost:3000
|Method| url | data(if needed) | server action(if request is good) | | ---- |---------------------| ---------------------------------------------| -------------| | POST | /signup | {name: ..., email: ..., password: ...} |create a user in mongodb and send verification email | | POST | /login | {name/email: ..., password: ...} |check user and return jwt token| | POST | /password_reset | {email: ..., password(the new password): ...}| send verification link to email | | GET | /email_verification | | verify token and change password |
(more details in the code)
Module api
authApi.init(config)
: configure the moduleauthApi.authRouter
: an express router I wrote for youauthApi.verifyToken
: an express middleware used to verify token sent by client
TODOS
- [ ] better http status code
- [ ] better config params
- [ ] docs
- [ ] new feature
license
MIT