konstapel
v1.2.0
Published
Authorization middleware for node.js
Downloads
2
Readme
konstapel
Authorization middleware for node.js
Features
- A complete flow for login and signup
- Protects resources on the server via tokens encrypted with the
aes-256-ctralgorithm - Depends on miffo for middleware functions that manipulate data
- Very homemade and tailored to my needs. Probably not suitable for production.
Install
$ npm install konstapel [miffo]Usage
var Konstapel = require('konstapel'),
klang = new Konstapel(<tokenKey>, <signupKey>), // signupKey optional
Miffo = require('miffo'),
db = new Miffo(<url>, <collections>);
db.start();
function defaultResponse(req, res) {
res.status(200).json(req.data); // req.data = {token, username}
}
app.use('/items',
klang.verifyToken.bind(klang),
klang.findUserById.bind(db)
);
// signup flow
app.post('/signup',
klang.checkSignupKey.bind(klang),
klang.findUsers.bind(db),
klang.usernameNotTaken,
klang.insertUser.bind(db),
klang.createToken.bind(klang),
defaultResponse
);
// login flow
app.post('/login',
klang.findUserByUsername.bind(db),
klang.usernameIsValid,
klang.pwdIsValid.bind(db),
klang.createToken.bind(klang),
defaultResponse
); Data
//signup flow
checkSignupKey // IN req.body.key OUT null
findUsers // IN null OUT req.temp.usernames
usernameNotTaken // IN req.temp.usernames OUT null
insertUser // IN req.body.user && req.body.pwd OUT req.user
createToken // IN req.user._id OUT req.data
// login flow
findUserByUsername // IN req.body.user OUT req.user
usernameIsValid // IN req.user OUT null
pwdIsValid // IN req.body.pwd && req.user.pwd OUT null
createToken // IN req.user._id OUT req.data
// token
verifyToken // IN req.headers.token || req.body.token || req.query.token OUT req.temp.id
findUserById // IN req.temp.id OUT req.userTest
$ npm testTodo
- add test for invalid token in verifyToken
license
MIT