npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

opensesame

v1.3.2

Published

[![Build Status](https://travis-ci.org/EikosPartners/opensesame.svg?branch=master)](https://travis-ci.org/EikosPartners/opensesame)

Downloads

8

Readme

OpenSesame

Build Status

OpenSesame is a authentication system that provides authentication through the use of Json Web Tokens (JWT) and secure, httpOnly cookies. It provides a login page and a register page but allows for custom login and register pages as well.

It provides the following routes for authentication purposes:

API

  • POST /auth/login - Authenticates a user using the value of req.body which is passed to the user-provided config.checkUser function. Sets a cookie with the JWT on the client on sucess and redirects to config.redirectUrl
  • POST /auth/register - Registers a user using the value of req.body and the user-provided config.registerUser function. On success it logs the user in the same way /auth/login does.
  • GET /auth/logout - Clears the cookie on the client and redirects to / effectively logging the user out.
  • GET /auth/verify - Returns 200 when the user is authenticated.
  • GET /auth/refresh - Generates a new JWT for an already authenticated user and sets their cookie to it.

Views

  • GET /login - Shows a default login page
  • GET /register - Shows a default registration page

Configuration options

The following are options that can be passed to opensesame:

Required

  • secret - A string which is used by the JWT library to crpytographically sign and verify JWTs.
  • checkUser - A function that takes the object that the login page sends to the server and calls a callback with either an error or the user object that will be stored on the JWT. Should check that the username and password are correct. function checkUser(userObject, callback)
  • registerUser - A function that takes the object that the registration page sends to the server and calls a callback with either an error or the user object that will be stored on the JWT. Should store the user credentials somewhere for later lookup by the checkUser function. function registerUser(userObject, callback)
  • refreshUser - A function that gets an already authenticated user based on the value of the JWT. Should return an up to date user object that will be stored on the JWT. function refreshUser(userObject, callback)

Optional

  • redirectUrl - A string specifying a route of where to redirect the user after authenticating. / by default.
  • httpsOnly - Specifies whether the cookie should use the secure flag. If true then authentication only works over HTTPS. true by default.
  • cookieKey - The name of the key that is set on the client browser's cookie. auth by default.
  • useCookieParser - A flag specifying whether to use cookie parser middleware or not. OpenSesame will not work properly if cookie parser middleware is not used. true by default
  • tokenExpiration - Specifies how long the JWT should remain valid for. Follows the rauchg/ms convention. 24h by default.
  • loginUrl - The url that renders the login page. Users will be redirected here when they try to view a protected resource. /login by default.
  • registerUrl - The url that renders the registration page. /register by default.
  • customLoginPage - A flag that tells OpenSesame whether to set up its own login page. If true then OpenSesame will not set up the /login route and login page. false by default.
  • customRegisterPage - A flag that tells OpenSesame whether to set up its own register page. If true then OpenSesame will not set up the /register route and register page. false by default.

Example

Check the example folder for a running example of how to use opensesame.

var openSesame = require('opensesame');
//you can give opensesame an express app object
openSesame({
    secret: 'testSecret',
    checkUser: function (userObject, callback) {
        if(userObject.user === 'peter' && userObject.pass === 'test1234') {
            callback(null, {username: 'peter'});
        } else {
            callback('Incorrect credentials');
        }
    },
    registerUser: function (userObject, callback) {
        callback(null, {username: 'peter'});
    },
    refreshUser: function (userObject, callback) {
        callback(null, userObject);
    },
    redirectUrl: '/app',
    httpsOnly: false
}, app);
//or have it generate one for you
var app = openSesame({
    secret: 'testSecret',
    checkUser: function (userObject, callback) {
        if(userObject.user === 'peter' && userObject.pass === 'test1234') {
            callback(null, {username: 'peter'});
        } else {
            callback('Incorrect credentials');
        }
    },
    registerUser: function (userObject, callback) {
        callback(null, {username: 'peter'});
    },
    refreshUser: function (userObject, callback) {
        callback(null, userObject);
    },
    redirectUrl: '/app',
    httpsOnly: false
});

Note: OpenSesame uses the cookieParser and the bodyParser.urlEncoded middleware.