npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hoplitejs

v0.2.1

Published

Easy to Implement Authorization and Authentication Library

Downloads

4

Readme

Welcome to hopLiteJS! hopLiteJS is a developer friendly, lightweight middleware library for Node.js. hopLiteJS can be imported and used in any Express-based web application. It has multiple developer interfaces for customizing authentication and authorization. With hopLiteJS, developers no longer have to dread authentication, authorization and hashing.

COOKIES The developer is able to add custom cookies by first utilizing the createRulesetCookie method. This method can be used alongside any other ruleset-creating methods in hopLiteJS (eg. createRulesetCookieJWT). The parameters of the method are cookies (object) and optional cookieOptions (object). The developer is required to first create the data for these parameters. Each key-value pair in the cookies object are individual cookies where the keys are cookie names and values are cookie data. Each key-value pair in the optional cookie options object consists optional security measures such as domain, encode, etc. (shown below). If the option parameter is not inputted, default options will be applied.

Default Options for Cookies are as follows:

const hopLiteJSDefaultOptions = {
  httpOnly: true,
  secure: true,
  maxAge: 1209600000,
  sameSite: "lax"
};

REMEMBER: These defaults are applied to every cookie unless the user provides options for their cookies.

Cookie:

Options: domain (string), encode (function), expires (date), maxAge (number), httponly (boolean), path (string), secure (boolean), signed (boolean), sameSite (boolean or string)

Example Code:

The developer may create an object to store unique cookie options:

const cookieOptions = {
  secure: true,
  httponly: true,
  signed: true,
  expires: new Date(Date.now() + 900000),
  domain: 'hopliteJS.com',
  path: '/hopliteJS'
}

Create an object to store cookie name and value:

const cookies = {
  cookieName1: 'cookie value 1',
  cookieName2: 'cookie value 2',
  foo: 'bar'
}

Invoke createRulesetCookie with cookie object and optional cookie option object const cookieRuleset = hoplite.createRulesetCookie(cookies [, cookieOptions])

COOKIE-JWTs The developer is able to add custom JWTs to cookies by first utilizing the createRulesetCookieJWT method. This method can be used alongside any other ruleset-creating methods in hopLiteJS (eg. createRulesetCookie). This method takes in a CookieJWTList parameter, where a developer defines the names of the cookies, their secrets, and options. Each key-value pair in the CookieJWTList object are individual cookies where the keys are cookie names and their values are objects with a secret key, and the optional cookie options object consisting of optional security measures such as domain, encode, etc. (shown below). If the option parameter is not inputted, hopLiteJS default options will be applied.

const cookieJWTList = {
  cookieName1: {
    secret: "kljashdflkjshadf",
    options: {
      httpOnly: true,
    }
  },
  cookieName2: {
    secret: "hello",
  }
}
const myPayload = {
  cookieName1: h3bv3h3hg3g,
  cookieName2: 'L2'
}

OPTIONS: domain (string), encode (function), expires (date), maxAge (number), httponly (boolean), path (string), secure (boolean), signed (boolean), sameSite (boolean or string)

Example Code:

Create a secret string:

const mySecret = 'password123';

Create a payload object

const myPayload = {
  cookieName1: h3bv3h3hg3g,
  cookieName2: 'L2'
}

Create an optional options object:

const cookieOptions = {
  secure: true,
  httponly: true,
  signed: true,
  expires: new Date(Date.now() + 400000),
  domain: 'hopliteIsAwesome.com',
  path: '/hopliteAwesome'
}

Create a cookie-JWT object:

const cookieJWTObj = {
  token1 = JWT
}

Invoke createRuleset method with cookieJWTObj as an argument: const cookieJWTRuleset = hoplite.createRulesetCookieJWT(cookieJWTObject)

USING THE GLOBAL RULESET CREATOR:

After the developer decides which security methods (eg. cookie, cookieJWT, etc.) to use, they must invoke the createRuleset method with each of these creation methods as arguments. The first argument must be a message which will be used as the res.send at the end of the middleware.

Example Code:

Create a message which will be used as the res.send:

const message = 'Cookie and Cookie-JWTs have been set successfully'

createRuleset with parameters:

hoplite.createRuleset(message, ...args)

Invoke createRuleset with appropriate arguments:

const ruleset = hoplite.createRuleset(message, cookieRuleset, cookieJWTRuleset)

AUTHENTICATION: After creating the global ruleset, the developer is able to authenticate their clients by invoking the authenticate method. The parameters are the global ruleset, payload(represents list of cookies, OR JWT payload) and the response object, provided by express.

Example Code:

app.post('/authn', async (req, res) => {
  const result = await authenticate(ruleset, payload, res); 
})

AUTHORIZATION: After creating the global ruleset, defining unique payloads, and authenticating, the developer is able to authorize their clients by invoking the authorization middleware method. The parameters are the global ruleset, and the unique key-value pairs required to access the next resource.

Example:

const requiredClaims = {
  role: "admin",
  bonusKey: "Only I may access this resource"
}

Example Code:
app.post('/authz', authorize(myRuleset, requiredClaims), (req, res) => {
  res.status(200).send("Authorization Successful");
})

HASHING:

A. Hashing using bcrypt The developer is required to provide inputPassword (string) and cost (number) as parameters. The inputPassword refers to the password input by the client and cost refers to the number of salt rounds in bcrypt. By default the cost is set to 10 rounds. The output of this function is a hashed string.

Example Code:

const inputPassword = 'password123';
const cost = 10;

const hashedPassword = hoplite.bcryptHash(inputPassword, cost);
console.log(hashedPassword) //prints hashed string

B. Comparing input password with hashed string using bcrypt The developer is required to provide inputPassword (string) and hashedPassword (string) as parameters. The inputPassword refers to the password input by the client and hashedPassword refers to the hashed password that is stored. A developer can store the hashed password in a database and query for it using the id that is associated with it. The output of this function is a boolean.

Example Code:

const inputPassword = 'password123';
const hashedPassword = 'Hashed Database Password';

const samePassword = hoplite.bcryptCompare(inputPassword, hashedPassword);
console.log(samePassword) //prints true or false

C. Hashing using argon2 The developer is required to provide inputPassword (string) as a parameter. The inputPassword refers to the password input by the client. The output of this function is a hashed string.

Example Code:

const inputPassword = 'password123';
const hashedPassword = hoplite.argonHash(inputPassword);
console.log(hashedPassword) //prints hashed string

D. Comparing input password with hashed string using argon2 The developer is required to provide inputPassword (string) and hashedPassword (string) as parameters. The inputPassword refers to the password input by the client and hashedPassword refers to the hashed password that is stored. A developer can store the hashed password in a database and query for it using the id that is associated with it. The output of this function is a boolean.

Example Code:

const inputPassword = 'qwerty123';
const hashedPassword = 'Hashed Database Password';

const samePassword  = hoplite.argonCompare(inputPassword, hashedPassword);
console.log(samePassword) //prints true or false

CURRENTLY DEVELOPING: -oAuth -user privilege