npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jwtr

v0.5.0

Published

It's a little wrapper over Json Web Tokens and Redis for Node.js is based on promises.

Downloads

25

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

iklosterikloster

Keywords

node.jsnodejsjwtjsonwebtokenredisjwtr

Readme

JWTR

It's a little wrapper over Json Web Tokens and Redis for Node.js is based on promises.

Install

npm package

$ npm install jwtr --save

yarn package

$ yarn add jwtr

Usage

const JWTR = require('jwtr')
const token = JWTR.sign({ foo: 'bar' }, 'secret', { expiresIn: '1h' })
const decoded = JWTR.verify(token, 'secret')
const completeDecoded = JWTR.decode(token, {complete: true})

JWTR provides full Json Web Tokens's interface with exceptions. See more details.

Also JWTR provides redis's client interface via property client.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
jwtr.client.on('connect', () => {
    console.log('Connected!')
})

See more details.

For JWT via Redis was implemented next methods:

Returns true if token was successfully stored in redis.

token is the JsonWebToken string

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
const token = JWTR.sign({ foo: 'bar' }, 'secret', { expiresIn: '1h' })
const result = await jwtr.invalidate(token) // true

(Asynchronous) If a callback is supplied, function acts asynchronously. The callback is called with the decoded payload if the signature is valid and optional expiration, audience, or issuer are valid. If not, it will be called with the error.

(Synchronous) If a callback is not supplied, function acts synchronously. Returns the payload decoded if the signature is valid and optional expiration, audience, or issuer are valid. If not, it will throw the error.

token is the JsonWebToken string

secretOrPublicKey is a string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.

options

  • algorithms: List of strings with the names of the allowed algorithms. For instance, ["HS256", "HS384"].
  • audience: if you want to check audience (aud), provide a value here. The audience can be checked against a string, a regular expression or a list of strings and/or regular expressions.

    Eg: "urn:foo", /urn:f[o]{2}/, [/urn:f[o]{2}/, "urn:bar"]

  • issuer (optional): string or array of strings of valid values for the iss field.
  • ignoreExpiration: if true do not validate the expiration of the token.
  • ignoreNotBefore...
  • subject: if you want to check subject (sub), provide a value here
  • clockTolerance: number of seconds to tolerate when checking the nbf and exp claims, to deal with small clock differences among different servers
  • maxAge: the maximum allowed age for tokens to still be valid. It is expressed in seconds or a string describing a time span zeit/ms.

    Eg: 1000, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").

  • clockTimestamp: the time in seconds that should be used as the current time for all necessary comparisons.
  • nonce: if you want to check nonce claim, provide a string value here. It is used on Open ID for the ID Tokens. (Open ID implementation notes)

jwtr.validate and jwt.verify is the same, but also validate's method checks redis's store for invalid tokens.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
const token = JWTR.sign({ foo: 'bar' }, 'secret', { expiresIn: '1h' })
const decoded = await jwtr.validate(token, 'secret', { algorithms: ['HS256'] })

Returns new access and refresh tokens beforehand making old tokens not valid.

tokens:

  • accessToken is the JsonWebToken string
  • refreshToken is the JsonWebToken string

secretOrPrivateKey is a string, buffer, or object containing either the secret for HMAC algorithms or the PEM encoded private key for RSA and ECDSA. In case of a private key with passphrase an object { key, passphrase } can be used (based on crypto documentation), in this case be sure you pass the algorithm option.

options:

  • access_payload (optional) could be an object literal, buffer or string representing valid JSON.
  • refresh_payload (optional) could be an object literal, buffer or string representing valid JSON.
  • access_options (optional):
    • algorithm (default: HS256)
    • expiresIn: expressed in seconds or a string describing a time span zeit/ms.

      Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").

    • notBefore: expressed in seconds or a string describing a time span zeit/ms.

      Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").

    • audience
    • issuer
    • jwtid
    • subject
    • noTimestamp
    • header
    • keyid
    • mutatePayload: if true, the sign function will modify the payload object directly. This is useful if you need a raw reference to the payload after claims have been applied to it but before it has been encoded into a token.
  • refresh_options (optional)
    • algorithm (default: HS256)
    • expiresIn: expressed in seconds or a string describing a time span zeit/ms.

      Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").

    • notBefore: expressed in seconds or a string describing a time span zeit/ms.

      Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").

    • audience
    • issuer
    • jwtid
    • subject
    • noTimestamp
    • header
    • keyid
    • mutatePayload: if true, the sign function will modify the payload object directly. This is useful if you need a raw reference to the payload after claims have been applied to it but before it has been encoded into a token.
const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
const accessToken = JWTR.sign({ foo: 'bar' }, 'secret', { expiresIn: '15m' })
const refreshToken = JWTR.sign({ foo: 'bar' }, 'secret', { expiresIn: '2h' })
let { access_token, refresh_token } = await jwtr.refresh(
    { accessToken, refreshToken },
    'secret',
    {
        access_payload: { foo: 'bar' },
        refresh_payload: { foo: 'bar' }
    }
)

Also functions to clear tokens from redis

Clear all expired tokens from redis.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
await jwtr.clear()

Clear all tokens from redis.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
await jwtr.clearAll()

And helpers functions

Set object by key in redis.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
await jwtr.set('token', { foo: 'bar'})

Get object by key from redis.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
await jwtr.get('token')

Method provides access to keys from redis and performs callback with keys.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
await jwtr.keys(keys => {
    console.log(keys)
})

Method executes a provided function once for each array of the keys item.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
await jwtr.forEachKey(key => {
    console.log(key)
})

Delete all the keys. See more details.

const JWTR = require('jwtr')
const jwtr = JWTR.createJWTR({
    prefix: 'token_'
})
await jwtr.flush()

Dependencies

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section.

ToDo

Show project JWTR

Contact me

CHANGELOG

LICENSE

Copyright (c) 2019 Ivan Monastyrev [email protected]. Licensed under the MIT license.