npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

lets-mfa-express

v0.1.89

Published

LetsMFA bindings for ExpressJS

Downloads

185

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

dreamingwelldreamingwell

Keywords

Readme

#Lets MFA Express Bindings

A simple way to add MFA to your Express app.

Use Case

Use this library to add MFA protection to your Express app. This library will add the necessary routes to your Express app to handle the MFA flow. It will also add a middleware to your app that will check for a valid id_token on the request. If the id_token is not valid, the middleware will allow you to redirect the user.

Installation

npm install --save lets-mfa-express

Generate Keys

Before you can use the library, you must generate a public/private key pair. This can be done with the following command. The keys will be written to the current directory. The private key is a secret and should be stored securely.

npx lets-mfa-express generate-keys

Usage

The following is a simple example of how to use the library. This will add MFA protection for the coveredPaths.

const express = require("express");
const app = express();
const letsMfa = require("lets-mfa-express");
const { existsSync, readFileSync } = require("fs");

// Read the keys from the file system
// Better yet, you should store these in a secrets manager
const publicKeyPath = "public-key.json";
const privateKeyPath = "private-key.json";
if (!existsSync(publicKeyPath) || !existsSync(privateKeyPath))
  throw new Error("Must generate keys first");

const keys = {
  publicKey: readFileSync(publicKeyPath).toString(),
  privateKey: readFileSync(privateKeyPath).toString(),
};

// This adds LetsMFA bindings to your express server
// It should be called before any other routes are added
new LetsMFAExpress(app, {
  // The paths that will be protected by MFA
  coveredPaths: ["/protected"],

  // The domain for the user account
  domain: "example.com",

  // The base URL for your express app
  // The hostname must be part of the domain above
  baseUrl: RESPONSE_URL_BASE,

  // The keys from above
  keys: {
    publicKey: keys.publicKey,
    privateKey: keys.privateKey,
  },

  // The URL to the logo that will be displayed on the MFA page
  logoUrl: "http://localhost:4000/static/logo.png",

  // Called after successful authentication
  authResponseHandler: async (req, res, response) => {
    // Get the User object from the database by username
    let user = getUserFromDB(response.sub);

    // Update the user's "accountVault" with the response
    user.accountVault = response.accountVault;

    // Save the user back to the database
    saveUserToDB(user);

    // Send the user to wherever they need to go after completing MFA
    res.redirect(301, "/");
  },

  // Called when a user visits a 'coveredPath' without having
  // a valid LetsMFA id_token
  invalidAccessHandler: async ({
    req,
    res,
    next,
    client,
    idTokens,
    validation,
  }) => {
    // If the user is not authenticated, respond or redirect
    // the user appropriately
    res.status(401).send("Not Authorized");
  },
});