npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

mongodb-simple-auth-express

v1.0.2

Published

Simple http authorization middleware for express using mongoDB

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sploders101sploders101

Keywords

Readme

MongoDB Auth

Description

Coming Soon!

Documentation

Initialization

Prerequisites

In order to authenticate properly, it is recommended to have a custom login page at /login, with a form that submits POST data to the same path (omit action="...") with username, password, and optional referrer (to redirect the user where they came from)

Automated

Because the module needs the ability to use certain pre-processors, as well as injecting login middleware for authentication processing you must initialize the module first before using it.

// Setup express
let express = require("express");
let app = express();

// Setup auth
let auth = require("auth")({
	dbUrl: "mongodb://127.0.0.1:27017",
	dbName: "userdb",
	collectionName: "users",
	userExpire: 1 /*hour*/*60*60*1000,
	anonData: {
		access: 1
	}
});
// These are the default values for the options property, but any of these can be either omitted or changed
auth.init(app,/*optional boolean, default: true*/ addLoginHandlers);

Manual

If you would prefer to setup the environment manually, the following code can be used.

// Parsers (required)
app.use(require("cookie-parser")());
app.use(express.json());
app.use(express.urlencoded({extended:true}));
app.use(auth.userMiddleware());

// USER MANAGEMENT PAGES (this is optional, but HIGHLY recommended)
// You must manually authenticate your clients without these, rendering this module mostly useless
app.use("/login",auth.loginMiddleware);
app.use("/logout",auth.logoutMiddleware);

Middleware

Restrict page

In order to restrict a page, put this function before the handler for the page you would like to restrict

app.use(pageLocation,auth.restrict(restrictionLevel));
app.use(pageLocation,/*Your listener (works with express.static as well)*/);

Regular functions

Manage Users

auth.createUser(username,password,{
	// User Data
	access: 2 //access level of the user (required field)
});
auth.updateUserData(username,{
	// User Data (uses update, so doesn't delete anything)
});
auth.updateUserPassword(username,newPassword);
auth.removeUser(username);

Testing user access

auth.checkAccess(username).then((accessLevel) => {
	//Do stuff with accessLevels
});

Classes

UserClient

An instance of this class is created every time a user logs in, and is deleted either when they log out or after an hour of inactivity. (This is configurable in the constants at the top of index.js) It is also returned in every request under req.user.

  • ToDo:
    • setData(newData)
  • UserClient
    • constructor: takes username,password and logs the user into the server, assigning them a temporary UUID
    • getter data: returns a promise that resolves with userData, which includes the access property in the top level
    • setter data: updates user data with the new value. This will not delete any unspecified properties, nor is it synchronous. This is an easy solution for setting a user's data, if it does not need to be updated instantaneously. Use setData(newData) for anything time-sensitive.
    • setData(newData): Updates user data with newData, and returns a promise, resolving when it is finished, and rejecting in the case of an error.
    • renew(): trashes the user's current UUID, and generates a new one, resetting their timeout
    • deAuth(): deauthorizes the user, trashing their UUID and removing all references to their class, allowing it to be GC'd.

Properties

These are not meant to be used, but exposed anyway just in case you need to do something with them.

users

The auth.users property is a map with the user's uuid as the key, and their UserClient object as the property.