npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jwt_auth

v1.0.1

Published

Extremely simple middleware for use with express and restify to enable authentication using JSON Web Tokens.

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

csolarcsolar

Keywords

jwtauthenticationcryptographysecuritymiddlewareexpressrestify

Readme

JWT_AUTH [1.0.0]

It's an extremely simple middleware for use with express and restify to enable authentication using JSON Web Tokens.

Installation

npm install jwt_auth

Usage

jwt_auth can be used on a per-route basis for those routes that require authenticated access.

It requires you to supply a function that actually authenticates the issuer. jwt_auth will pass your function the issuer that was extracted from the token and an object. This object implements a deferred semantic so that your issuer-checking function can be asynchronous: if the issuer is legit, you may call the object's resolve() function, otherwise, you will call its reject() function.

If the request is legit, jwt_auth will put the token data in the request object so that it can be used by other middleware or your application code.

For example in express:

  var express = require('express'),
      app = express(),
      jwtAuth = require('jwt_auth'),
      secret = 'secret-used-to-sign-and-verify-jwt-hashes';

  var check_user_from_database = function(id, deferred)
  {
    //find user by id in the database asynchronously
    db.findById(id, function(err, data){
      if(!data)
        //user not found! do not authenticate request!
        deferred.reject();
      else
        //whohoo!!
        deferred.resolve();
    });
  }

  //---- routes ----

  //anybody can access this route
  app.get('/', function(req, res){
    // do something here..
  });

  //only requests with a jwt token in the headers and that
  //are authenticated can access this resource
  app.get('/top_secret', jwtAuth(check_user_from_database, secret), function(req, res){
    // this is how you retrieve the authenticated issuer
    var user_id = req.jwtauth.iss;
    // list all the documents about the alien invasion....
  });

Configuration

jwt_auth needs four pieces of information:

  1. the issuer-checking function - required!
  2. the secret to use for signing and verifying the tokens - required!
  3. the name of the header where the token is to be found - optional, it defaults to x-access-token
  4. an optional boolean indicating whether or not to perform a token expiration check. If not specified, jwt_auth default is to not perform the expiry check.